X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=modules%2Faccess%2Fhttp.c;h=4fac39cacca1d62b367910410513b7d5cf2fa689;hb=410a3de5b3690091f267f344f4c1fb182bfaed06;hp=79073bf9bb36de41ff68a4cb10ed3946373d0129;hpb=acd55c477e4c12311b8b276947f3b8bf06fb4103;p=vlc diff --git a/modules/access/http.c b/modules/access/http.c index 79073bf9bb..4fac39cacc 100644 --- a/modules/access/http.c +++ b/modules/access/http.c @@ -37,7 +37,7 @@ #include -#include +#include #include #include #include @@ -46,6 +46,7 @@ #include #include #include +#include #ifdef HAVE_ZLIB_H # include @@ -53,8 +54,8 @@ #include -#ifdef HAVE_PROXY_H -# include "proxy.h" +#ifdef HAVE_LIBPROXY +# include #endif /***************************************************************************** * Module descriptor @@ -93,57 +94,51 @@ static void Close( vlc_object_t * ); "types of HTTP streams." ) #define FORWARD_COOKIES_TEXT N_("Forward Cookies") -#define FORWARD_COOKIES_LONGTEXT N_("Forward Cookies across http redirections ") +#define FORWARD_COOKIES_LONGTEXT N_("Forward Cookies across http redirections.") -vlc_module_begin(); - set_description( N_("HTTP input") ); - set_capability( "access", 0 ); - set_shortname( N_( "HTTP(S)" ) ); - set_category( CAT_INPUT ); - set_subcategory( SUBCAT_INPUT_ACCESS ); +#define MAX_REDIRECT_TEXT N_("Max number of redirection") +#define MAX_REDIRECT_LONGTEXT N_("Limit the number of redirection to follow.") + +vlc_module_begin () + set_description( N_("HTTP input") ) + set_capability( "access", 0 ) + set_shortname( N_( "HTTP(S)" ) ) + set_category( CAT_INPUT ) + set_subcategory( SUBCAT_INPUT_ACCESS ) add_string( "http-proxy", NULL, NULL, PROXY_TEXT, PROXY_LONGTEXT, - false ); + false ) add_password( "http-proxy-pwd", NULL, NULL, - PROXY_PASS_TEXT, PROXY_PASS_LONGTEXT, false ); + PROXY_PASS_TEXT, PROXY_PASS_LONGTEXT, false ) add_integer( "http-caching", 4 * DEFAULT_PTS_DELAY / 1000, NULL, - CACHING_TEXT, CACHING_LONGTEXT, true ); + CACHING_TEXT, CACHING_LONGTEXT, true ) + change_safe() add_string( "http-user-agent", COPYRIGHT_MESSAGE , NULL, AGENT_TEXT, - AGENT_LONGTEXT, true ); - add_bool( "http-reconnect", 0, NULL, RECONNECT_TEXT, - RECONNECT_LONGTEXT, true ); - add_bool( "http-continuous", 0, NULL, CONTINUOUS_TEXT, - CONTINUOUS_LONGTEXT, true ); - add_bool( "http-forward-cookies", 0, NULL, FORWARD_COOKIES_TEXT, - FORWARD_COOKIES_LONGTEXT, true ); - add_obsolete_string("http-user"); - add_obsolete_string("http-pwd"); - add_shortcut( "http" ); - add_shortcut( "https" ); - add_shortcut( "unsv" ); - add_shortcut( "itpc" ); /* iTunes Podcast */ - set_callbacks( Open, Close ); -vlc_module_end(); + AGENT_LONGTEXT, true ) + change_safe() + add_bool( "http-reconnect", false, NULL, RECONNECT_TEXT, + RECONNECT_LONGTEXT, true ) + add_bool( "http-continuous", false, NULL, CONTINUOUS_TEXT, + CONTINUOUS_LONGTEXT, true ) + change_safe() + add_bool( "http-forward-cookies", true, NULL, FORWARD_COOKIES_TEXT, + FORWARD_COOKIES_LONGTEXT, true ) + add_integer( "http-max-redirect", 5, NULL, MAX_REDIRECT_TEXT, + MAX_REDIRECT_LONGTEXT, true ) + add_obsolete_string("http-user") + add_obsolete_string("http-pwd") + add_shortcut( "http" ) + add_shortcut( "https" ) + add_shortcut( "unsv" ) + add_shortcut( "itpc" ) /* iTunes Podcast */ + add_shortcut( "icyx" ) + set_callbacks( Open, Close ) +vlc_module_end () /***************************************************************************** * Local prototypes *****************************************************************************/ -/* RFC 2617: Basic and Digest Access Authentication */ -typedef struct http_auth_t -{ - char *psz_realm; - char *psz_domain; - char *psz_nonce; - char *psz_opaque; - char *psz_stale; - char *psz_algorithm; - char *psz_qop; - int i_nonce; - char *psz_cnonce; - char *psz_HA1; /* stored H(A1) value if algorithm = "MD5-sess" */ -} http_auth_t; - struct access_sys_t { int fd; @@ -202,7 +197,9 @@ struct access_sys_t }; /* */ -static int OpenWithCookies( vlc_object_t *p_this, vlc_array_t *cookies ); +static int OpenWithCookies( vlc_object_t *p_this, const char *psz_access, + int i_nb_redirect, int i_max_redirect, + vlc_array_t *cookies ); /* */ static ssize_t Read( access_t *, uint8_t *, size_t ); @@ -222,30 +219,42 @@ static char * cookie_get_name( const char * cookie ); static void cookie_append( vlc_array_t * cookies, char * cookie ); -static void AuthParseHeader( access_t *p_access, const char *psz_header, - http_auth_t *p_auth ); static void AuthReply( access_t *p_acces, const char *psz_prefix, vlc_url_t *p_url, http_auth_t *p_auth ); static int AuthCheckReply( access_t *p_access, const char *psz_header, vlc_url_t *p_url, http_auth_t *p_auth ); -static void AuthReset( http_auth_t *p_auth ); /***************************************************************************** * Open: *****************************************************************************/ static int Open( vlc_object_t *p_this ) { - return OpenWithCookies( p_this, NULL ); + access_t *p_access = (access_t*)p_this; + return OpenWithCookies( p_this, p_access->psz_access, 0, + var_CreateGetInteger( p_access, "http-max-redirect" ), NULL ); } -static int OpenWithCookies( vlc_object_t *p_this, vlc_array_t *cookies ) +/** + * Open the given url using the given cookies + * @param p_this: the vlc object + * @psz_access: the acces to use (http, https, ...) (this value must be used + * instead of p_access->psz_access) + * @i_nb_redirect: the number of redirection already done + * @i_max_redirect: limit to the number of redirection to follow + * @cookies: the available cookies + * @return vlc error codes + */ +static int OpenWithCookies( vlc_object_t *p_this, const char *psz_access, + int i_nb_redirect, int i_max_redirect, + vlc_array_t *cookies ) { access_t *p_access = (access_t*)p_this; access_sys_t *p_sys; char *psz, *p; + /* Only forward an store cookies if the corresponding option is activated */ bool b_forward_cookies = var_CreateGetBool( p_access, "http-forward-cookies" ); - vlc_array_t * saved_cookies = b_forward_cookies ? (cookies ?: vlc_array_new()) : NULL; + vlc_array_t * saved_cookies = b_forward_cookies ? (cookies ? cookies : vlc_array_new()) : NULL; /* Set up p_access */ STANDARD_READ_ACCESS_INIT; @@ -290,6 +299,9 @@ static int OpenWithCookies( vlc_object_t *p_this, vlc_array_t *cookies ) p_sys->cookies = saved_cookies; + http_auth_Init( &p_sys->auth ); + http_auth_Init( &p_sys->proxy_auth ); + /* Parse URI - remove spaces */ p = psz = strdup( p_access->psz_path ); while( (p = strchr( p, ' ' )) != NULL ) @@ -302,7 +314,7 @@ static int OpenWithCookies( vlc_object_t *p_this, vlc_array_t *cookies ) msg_Warn( p_access, "invalid host" ); goto error; } - if( !strncmp( p_access->psz_access, "https", 5 ) ) + if( !strncmp( psz_access, "https", 5 ) ) { /* HTTP over SSL */ p_sys->b_ssl = true; @@ -326,7 +338,7 @@ static int OpenWithCookies( vlc_object_t *p_this, vlc_array_t *cookies ) vlc_UrlParse( &p_sys->proxy, psz, 0 ); free( psz ); } -#ifdef HAVE_PROXY_H +#ifdef HAVE_LIBPROXY else { pxProxyFactory *pf = px_proxy_factory_new(); @@ -334,7 +346,7 @@ static int OpenWithCookies( vlc_object_t *p_this, vlc_array_t *cookies ) { char *buf; int i; - i=asprintf(&buf, "%s://%s", p_access->psz_access, p_access->psz_path); + i=asprintf(&buf, "%s://%s", psz_access, p_access->psz_path); if (i >= 0) { msg_Dbg(p_access, "asking libproxy about url '%s'", buf); @@ -433,30 +445,26 @@ connect: if( p_sys->i_code == 401 ) { - char *psz_login = NULL, *psz_password = NULL; - char psz_msg[250]; - int i_ret; + char *psz_login, *psz_password; /* FIXME ? */ if( p_sys->url.psz_username && p_sys->url.psz_password && p_sys->auth.psz_nonce && p_sys->auth.i_nonce == 0 ) { + Disconnect( p_access ); goto connect; } - snprintf( psz_msg, 250, - _("Please enter a valid login name and a password for realm %s."), - p_sys->auth.psz_realm ); msg_Dbg( p_access, "authentication failed for realm %s", - p_sys->auth.psz_realm ); - i_ret = intf_UserLoginPassword( p_access, _("HTTP authentication"), - psz_msg, &psz_login, &psz_password ); - if( i_ret == DIALOG_OK_YES ) + p_sys->auth.psz_realm ); + dialog_Login( p_access, &psz_login, &psz_password, + _("HTTP authentication"), + _("Please enter a valid login name and a password for realm %s."), + p_sys->auth.psz_realm ); + if( psz_login != NULL && psz_password != NULL ) { - msg_Dbg( p_access, "retrying with user=%s, pwd=%s", - psz_login, psz_password ); - if( psz_login ) p_sys->url.psz_username = strdup( psz_login ); - if( psz_password ) p_sys->url.psz_password = strdup( psz_password ); - free( psz_login ); - free( psz_password ); + msg_Dbg( p_access, "retrying with user=%s", psz_login ); + p_sys->url.psz_username = psz_login; + p_sys->url.psz_password = psz_password; + Disconnect( p_access ); goto connect; } else @@ -473,10 +481,22 @@ connect: { msg_Dbg( p_access, "redirection to %s", p_sys->psz_location ); + /* Check the number of redirection already done */ + if( i_nb_redirect >= i_max_redirect ) + { + msg_Err( p_access, "Too many redirection: break potential infinite" + "loop" ); + goto error; + } + + /* Do not accept redirection outside of HTTP works */ - if( strncmp( p_sys->psz_location, "http", 4 ) - || ( ( p_sys->psz_location[4] != ':' ) /* HTTP */ - && strncmp( p_sys->psz_location + 4, "s:", 2 ) /* HTTP/SSL */ ) ) + const char *psz_protocol; + if( !strncmp( p_sys->psz_location, "http:", 5 ) ) + psz_protocol = "http"; + else if( !strncmp( p_sys->psz_location, "https:", 6 ) ) + psz_protocol = "https"; + else { msg_Err( p_access, "insecure redirection ignored" ); goto error; @@ -485,10 +505,10 @@ connect: p_access->psz_path = strdup( p_sys->psz_location ); /* Clean up current Open() run */ vlc_UrlClean( &p_sys->url ); - AuthReset( &p_sys->auth ); + http_auth_Reset( &p_sys->auth ); vlc_UrlClean( &p_sys->proxy ); free( p_sys->psz_proxy_passbuf ); - AuthReset( &p_sys->proxy_auth ); + http_auth_Reset( &p_sys->proxy_auth ); free( p_sys->psz_mime ); free( p_sys->psz_pragma ); free( p_sys->psz_location ); @@ -496,10 +516,14 @@ connect: Disconnect( p_access ); cookies = p_sys->cookies; +#ifdef HAVE_ZLIB_H + inflateEnd( &p_sys->inflate.stream ); +#endif free( p_sys ); /* Do new Open() run with new data */ - return OpenWithCookies( p_this, cookies ); + return OpenWithCookies( p_this, psz_protocol, i_nb_redirect + 1, + i_max_redirect, cookies ); } if( p_sys->b_mms ) @@ -547,7 +571,7 @@ connect: } /* else probably Ogg Vorbis */ } - else if( !strcasecmp( p_access->psz_access, "unsv" ) && + else if( !strcasecmp( psz_access, "unsv" ) && p_sys->psz_mime && !strcasecmp( p_sys->psz_mime, "misc/ultravox" ) ) { @@ -555,7 +579,7 @@ connect: /* Grrrr! detect ultravox server and force NSV demuxer */ p_access->psz_demux = strdup( "nsv" ); } - else if( !strcmp( p_access->psz_access, "itpc" ) ) + else if( !strcmp( psz_access, "itpc" ) ) { free( p_access->psz_demux ); p_access->psz_demux = strdup( "podcast" ); @@ -585,6 +609,18 @@ error: free( p_sys->psz_user_agent ); Disconnect( p_access ); + + if( p_sys->cookies ) + { + int i; + for( i = 0; i < vlc_array_count( p_sys->cookies ); i++ ) + free(vlc_array_item_at_index( p_sys->cookies, i )); + vlc_array_destroy( p_sys->cookies ); + } + +#ifdef HAVE_ZLIB_H + inflateEnd( &p_sys->inflate.stream ); +#endif free( p_sys ); return VLC_EGENERIC; } @@ -598,9 +634,9 @@ static void Close( vlc_object_t *p_this ) access_sys_t *p_sys = p_access->p_sys; vlc_UrlClean( &p_sys->url ); - AuthReset( &p_sys->auth ); + http_auth_Reset( &p_sys->auth ); vlc_UrlClean( &p_sys->proxy ); - AuthReset( &p_sys->proxy_auth ); + http_auth_Reset( &p_sys->proxy_auth ); free( p_sys->psz_mime ); free( p_sys->psz_pragma ); @@ -640,7 +676,7 @@ static ssize_t Read( access_t *p_access, uint8_t *p_buffer, size_t i_len ) access_sys_t *p_sys = p_access->p_sys; int i_read; - if( p_sys->fd < 0 ) + if( p_sys->fd == -1 ) { p_access->info.b_eof = true; return 0; @@ -666,7 +702,7 @@ static ssize_t Read( access_t *p_access, uint8_t *p_buffer, size_t i_len ) if( p_sys->i_chunk <= 0 ) { - char *psz = net_Gets( VLC_OBJECT(p_access), p_sys->fd, p_sys->p_vs ); + char *psz = net_Gets( p_access, p_sys->fd, p_sys->p_vs ); /* read the chunk header */ if( psz == NULL ) { @@ -729,12 +765,12 @@ static ssize_t Read( access_t *p_access, uint8_t *p_buffer, size_t i_len ) if( p_sys->i_chunk <= 0 ) { /* read the empty line */ - char *psz = net_Gets( VLC_OBJECT(p_access), p_sys->fd, p_sys->p_vs ); + char *psz = net_Gets( p_access, p_sys->fd, p_sys->p_vs ); free( psz ); } } } - else if( i_read == 0 ) + else if( i_read <= 0 ) { /* * I very much doubt that this will work. @@ -750,7 +786,7 @@ static ssize_t Read( access_t *p_access, uint8_t *p_buffer, size_t i_len ) p_sys->b_continuous = true; } Disconnect( p_access ); - if( p_sys->b_reconnect ) + if( p_sys->b_reconnect && vlc_object_alive( p_access ) ) { msg_Dbg( p_access, "got disconnected, trying to reconnect" ); if( Connect( p_access, p_access->info.i_pos ) ) @@ -765,7 +801,10 @@ static ssize_t Read( access_t *p_access, uint8_t *p_buffer, size_t i_len ) } } - if( i_read == 0 ) p_access->info.b_eof = true; + if( i_read == 0 ) + p_access->info.b_eof = true; + else if( i_read < 0 ) + p_access->b_error = true; } if( p_access->info.i_size != -1 ) @@ -798,7 +837,10 @@ static int ReadICYMeta( access_t *p_access ) psz_meta = malloc( i_read + 1 ); if( net_Read( p_access, p_sys->fd, p_sys->p_vs, (uint8_t *)psz_meta, i_read, true ) != i_read ) + { + free( psz_meta ); return VLC_EGENERIC; + } psz_meta[i_read] = '\0'; /* Just in case */ @@ -829,7 +871,10 @@ static int ReadICYMeta( access_t *p_access ) strcmp( p_sys->psz_icy_title, &p[1] ) ) { free( p_sys->psz_icy_title ); - p_sys->psz_icy_title = EnsureUTF8( strdup( &p[1] )); + char *psz_tmp = strdup( &p[1] ); + p_sys->psz_icy_title = EnsureUTF8( psz_tmp ); + if( !p_sys->psz_icy_title ) + free( psz_tmp ); p_access->info.i_update |= INPUT_UPDATE_META; msg_Dbg( p_access, "New Title=%s", p_sys->psz_icy_title ); @@ -911,10 +956,9 @@ static int Seek( access_t *p_access, int64_t i_pos ) static int Control( access_t *p_access, int i_query, va_list args ) { access_sys_t *p_sys = p_access->p_sys; - bool *pb_bool; - int *pi_int; - int64_t *pi_64; - vlc_meta_t *p_meta; + bool *pb_bool; + int64_t *pi_64; + vlc_meta_t *p_meta; switch( i_query ) { @@ -939,11 +983,6 @@ static int Control( access_t *p_access, int i_query, va_list args ) break; /* */ - case ACCESS_GET_MTU: - pi_int = (int*)va_arg( args, int * ); - *pi_int = 0; - break; - case ACCESS_GET_PTS_DELAY: pi_64 = (int64_t*)va_arg( args, int64_t * ); *pi_64 = (int64_t)var_GetInteger( p_access, "http-caching" ) * 1000; @@ -1019,14 +1058,15 @@ static int Connect( access_t *p_access, int64_t i_tell ) p_access->info.i_pos = i_tell; p_access->info.b_eof = false; - /* Open connection */ + assert( p_sys->fd == -1 ); /* No open sockets (leaking fds is BAD) */ p_sys->fd = net_ConnectTCP( p_access, srv.psz_host, srv.i_port ); if( p_sys->fd == -1 ) { msg_Err( p_access, "cannot connect to %s:%d", srv.psz_host, srv.i_port ); return -1; } + setsockopt (p_sys->fd, SOL_SOCKET, SO_KEEPALIVE, &(int){ 1 }, sizeof (int)); /* Initialize TLS/SSL session */ if( p_sys->b_ssl == true ) @@ -1050,7 +1090,7 @@ static int Connect( access_t *p_access, int64_t i_tell ) p_sys->i_version, p_sys->url.psz_host, p_sys->url.i_port); - psz = net_Gets( VLC_OBJECT(p_access), p_sys->fd, NULL ); + psz = net_Gets( p_access, p_sys->fd, NULL ); if( psz == NULL ) { msg_Err( p_access, "cannot establish HTTP/TLS tunnel" ); @@ -1070,7 +1110,7 @@ static int Connect( access_t *p_access, int64_t i_tell ) do { - psz = net_Gets( VLC_OBJECT(p_access), p_sys->fd, NULL ); + psz = net_Gets( p_access, p_sys->fd, NULL ); if( psz == NULL ) { msg_Err( p_access, "HTTP proxy connection failed" ); @@ -1094,7 +1134,7 @@ static int Connect( access_t *p_access, int64_t i_tell ) /* TLS/SSL handshake */ p_sys->p_tls = tls_ClientCreate( VLC_OBJECT(p_access), p_sys->fd, - srv.psz_host ); + p_sys->url.psz_host ); if( p_sys->p_tls == NULL ) { msg_Err( p_access, "cannot establish HTTP/TLS session" ); @@ -1211,7 +1251,7 @@ static int Request( access_t *p_access, int64_t i_tell ) } /* Read Answer */ - if( ( psz = net_Gets( VLC_OBJECT(p_access), p_sys->fd, pvs ) ) == NULL ) + if( ( psz = net_Gets( p_access, p_sys->fd, pvs ) ) == NULL ) { msg_Err( p_access, "failed to read answer" ); goto error; @@ -1259,7 +1299,7 @@ static int Request( access_t *p_access, int64_t i_tell ) for( ;; ) { - char *psz = net_Gets( VLC_OBJECT(p_access), p_sys->fd, pvs ); + char *psz = net_Gets( p_access, p_sys->fd, pvs ); char *p; if( psz == NULL ) @@ -1408,13 +1448,18 @@ static int Request( access_t *p_access, int64_t i_tell ) p_sys->i_icy_meta = atoi( p ); if( p_sys->i_icy_meta < 0 ) p_sys->i_icy_meta = 0; + if( p_sys->i_icy_meta > 0 ) + p_sys->b_icecast = true; msg_Warn( p_access, "ICY metaint=%d", p_sys->i_icy_meta ); } else if( !strcasecmp( psz, "Icy-Name" ) ) { free( p_sys->psz_icy_name ); - p_sys->psz_icy_name = EnsureUTF8( strdup( p )); + char *psz_tmp = strdup( p ); + p_sys->psz_icy_name = EnsureUTF8( psz_tmp ); + if( !p_sys->psz_icy_name ) + free( psz_tmp ); msg_Dbg( p_access, "Icy-Name: %s", p_sys->psz_icy_name ); p_sys->b_icecast = true; /* be on the safeside. set it here as well. */ @@ -1424,7 +1469,10 @@ static int Request( access_t *p_access, int64_t i_tell ) else if( !strcasecmp( psz, "Icy-Genre" ) ) { free( p_sys->psz_icy_genre ); - p_sys->psz_icy_genre = EnsureUTF8( strdup( p )); + char *psz_tmp = strdup( p ); + p_sys->psz_icy_genre = EnsureUTF8( psz_tmp ); + if( !p_sys->psz_icy_genre ) + free( psz_tmp ); msg_Dbg( p_access, "Icy-Genre: %s", p_sys->psz_icy_genre ); } else if( !strncasecmp( psz, "Icy-Notice", 10 ) ) @@ -1450,12 +1498,14 @@ static int Request( access_t *p_access, int64_t i_tell ) else if( !strcasecmp( psz, "www-authenticate" ) ) { msg_Dbg( p_access, "Authentication header: %s", p ); - AuthParseHeader( p_access, p, &p_sys->auth ); + http_auth_ParseWwwAuthenticateHeader( VLC_OBJECT(p_access), + &p_sys->auth, p ); } else if( !strcasecmp( psz, "proxy-authenticate" ) ) { msg_Dbg( p_access, "Proxy authentication header: %s", p ); - AuthParseHeader( p_access, p, &p_sys->proxy_auth ); + http_auth_ParseWwwAuthenticateHeader( VLC_OBJECT(p_access), + &p_sys->proxy_auth, p ); } else if( !strcasecmp( psz, "authentication-info" ) ) { @@ -1610,384 +1660,37 @@ static void cookie_append( vlc_array_t * cookies, char * cookie ) vlc_array_append( cookies, cookie ); } + /***************************************************************************** - * "RFC 2617: Basic and Digest Access Authentication" header parsing + * HTTP authentication *****************************************************************************/ -static char *AuthGetParam( const char *psz_header, const char *psz_param ) -{ - char psz_what[strlen(psz_param)+3]; - sprintf( psz_what, "%s=\"", psz_param ); - psz_header = strstr( psz_header, psz_what ); - if( psz_header ) - { - const char *psz_end; - psz_header += strlen( psz_what ); - psz_end = strchr( psz_header, '"' ); - if( !psz_end ) /* Invalid since we should have a closing quote */ - return strdup( psz_header ); - return strndup( psz_header, psz_end - psz_header ); - } - else - { - return NULL; - } -} - -static char *AuthGetParamNoQuotes( const char *psz_header, const char *psz_param ) -{ - char psz_what[strlen(psz_param)+2]; - sprintf( psz_what, "%s=", psz_param ); - psz_header = strstr( psz_header, psz_what ); - if( psz_header ) - { - const char *psz_end; - psz_header += strlen( psz_what ); - psz_end = strchr( psz_header, ',' ); - /* XXX: Do we need to filter out trailing space between the value and - * the comma/end of line? */ - if( !psz_end ) /* Can be valid if this is the last parameter */ - return strdup( psz_header ); - return strndup( psz_header, psz_end - psz_header ); - } - else - { - return NULL; - } -} - -static void AuthParseHeader( access_t *p_access, const char *psz_header, - http_auth_t *p_auth ) -{ - /* FIXME: multiple auth methods can be listed (comma seperated) */ - - /* 2 Basic Authentication Scheme */ - if( !strncasecmp( psz_header, "Basic ", strlen( "Basic " ) ) ) - { - msg_Dbg( p_access, "Using Basic Authentication" ); - psz_header += strlen( "Basic " ); - p_auth->psz_realm = AuthGetParam( psz_header, "realm" ); - if( !p_auth->psz_realm ) - msg_Warn( p_access, "Basic Authentication: " - "Mandatory 'realm' parameter is missing" ); - } - /* 3 Digest Access Authentication Scheme */ - else if( !strncasecmp( psz_header, "Digest ", strlen( "Digest " ) ) ) - { - msg_Dbg( p_access, "Using Digest Access Authentication" ); - if( p_auth->psz_nonce ) return; /* FIXME */ - psz_header += strlen( "Digest " ); - p_auth->psz_realm = AuthGetParam( psz_header, "realm" ); - p_auth->psz_domain = AuthGetParam( psz_header, "domain" ); - p_auth->psz_nonce = AuthGetParam( psz_header, "nonce" ); - p_auth->psz_opaque = AuthGetParam( psz_header, "opaque" ); - p_auth->psz_stale = AuthGetParamNoQuotes( psz_header, "stale" ); - p_auth->psz_algorithm = AuthGetParamNoQuotes( psz_header, "algorithm" ); - p_auth->psz_qop = AuthGetParam( psz_header, "qop" ); - p_auth->i_nonce = 0; - /* printf("realm: |%s|\ndomain: |%s|\nnonce: |%s|\nopaque: |%s|\n" - "stale: |%s|\nalgorithm: |%s|\nqop: |%s|\n", - p_auth->psz_realm,p_auth->psz_domain,p_auth->psz_nonce, - p_auth->psz_opaque,p_auth->psz_stale,p_auth->psz_algorithm, - p_auth->psz_qop); */ - if( !p_auth->psz_realm ) - msg_Warn( p_access, "Digest Access Authentication: " - "Mandatory 'realm' parameter is missing" ); - if( !p_auth->psz_nonce ) - msg_Warn( p_access, "Digest Access Authentication: " - "Mandatory 'nonce' parameter is missing" ); - if( p_auth->psz_qop ) /* FIXME: parse the qop list */ - { - char *psz_tmp = strchr( p_auth->psz_qop, ',' ); - if( psz_tmp ) *psz_tmp = '\0'; - } - } - else - { - const char *psz_end = strchr( psz_header, ' ' ); - if( psz_end ) - msg_Warn( p_access, "Unknown authentication scheme: '%*s'", - psz_end - psz_header, psz_header ); - else - msg_Warn( p_access, "Unknown authentication scheme: '%s'", - psz_header ); - } -} - -static char *AuthDigest( access_t *p_access, vlc_url_t *p_url, - http_auth_t *p_auth, const char *psz_method ) -{ - (void)p_access; - const char *psz_username = p_url->psz_username ?: ""; - const char *psz_password = p_url->psz_password ?: ""; - - char *psz_HA1 = NULL; - char *psz_HA2 = NULL; - char *psz_response = NULL; - struct md5_s md5; - - /* H(A1) */ - if( p_auth->psz_HA1 ) - { - psz_HA1 = strdup( p_auth->psz_HA1 ); - if( !psz_HA1 ) goto error; - } - else - { - InitMD5( &md5 ); - AddMD5( &md5, psz_username, strlen( psz_username ) ); - AddMD5( &md5, ":", 1 ); - AddMD5( &md5, p_auth->psz_realm, strlen( p_auth->psz_realm ) ); - AddMD5( &md5, ":", 1 ); - AddMD5( &md5, psz_password, strlen( psz_password ) ); - EndMD5( &md5 ); - - psz_HA1 = psz_md5_hash( &md5 ); - if( !psz_HA1 ) goto error; - - if( p_auth->psz_algorithm - && !strcmp( p_auth->psz_algorithm, "MD5-sess" ) ) - { - InitMD5( &md5 ); - AddMD5( &md5, psz_HA1, 32 ); - free( psz_HA1 ); - AddMD5( &md5, ":", 1 ); - AddMD5( &md5, p_auth->psz_nonce, strlen( p_auth->psz_nonce ) ); - AddMD5( &md5, ":", 1 ); - AddMD5( &md5, p_auth->psz_cnonce, strlen( p_auth->psz_cnonce ) ); - EndMD5( &md5 ); - - psz_HA1 = psz_md5_hash( &md5 ); - if( !psz_HA1 ) goto error; - p_auth->psz_HA1 = strdup( psz_HA1 ); - if( !p_auth->psz_HA1 ) goto error; - } - } - - /* H(A2) */ - InitMD5( &md5 ); - if( *psz_method ) - AddMD5( &md5, psz_method, strlen( psz_method ) ); - AddMD5( &md5, ":", 1 ); - if( p_url->psz_path ) - AddMD5( &md5, p_url->psz_path, strlen( p_url->psz_path ) ); - else - AddMD5( &md5, "/", 1 ); - if( p_auth->psz_qop && !strcmp( p_auth->psz_qop, "auth-int" ) ) - { - char *psz_ent; - struct md5_s ent; - InitMD5( &ent ); - AddMD5( &ent, "", 0 ); /* XXX: entity-body. should be ok for GET */ - EndMD5( &ent ); - psz_ent = psz_md5_hash( &ent ); - if( !psz_ent ) goto error; - AddMD5( &md5, ":", 1 ); - AddMD5( &md5, psz_ent, 32 ); - free( psz_ent ); - } - EndMD5( &md5 ); - psz_HA2 = psz_md5_hash( &md5 ); - if( !psz_HA2 ) goto error; - - /* Request digest */ - InitMD5( &md5 ); - AddMD5( &md5, psz_HA1, 32 ); - AddMD5( &md5, ":", 1 ); - AddMD5( &md5, p_auth->psz_nonce, strlen( p_auth->psz_nonce ) ); - AddMD5( &md5, ":", 1 ); - if( p_auth->psz_qop - && ( !strcmp( p_auth->psz_qop, "auth" ) - || !strcmp( p_auth->psz_qop, "auth-int" ) ) ) - { - char psz_inonce[9]; - snprintf( psz_inonce, 9, "%08x", p_auth->i_nonce ); - AddMD5( &md5, psz_inonce, 8 ); - AddMD5( &md5, ":", 1 ); - AddMD5( &md5, p_auth->psz_cnonce, strlen( p_auth->psz_cnonce ) ); - AddMD5( &md5, ":", 1 ); - AddMD5( &md5, p_auth->psz_qop, strlen( p_auth->psz_qop ) ); - AddMD5( &md5, ":", 1 ); - } - AddMD5( &md5, psz_HA2, 32 ); - EndMD5( &md5 ); - psz_response = psz_md5_hash( &md5 ); - - error: - free( psz_HA1 ); - free( psz_HA2 ); - return psz_response; -} - static void AuthReply( access_t *p_access, const char *psz_prefix, vlc_url_t *p_url, http_auth_t *p_auth ) { access_sys_t *p_sys = p_access->p_sys; - v_socket_t *pvs = p_sys->p_vs; - - const char *psz_username = p_url->psz_username ?: ""; - const char *psz_password = p_url->psz_password ?: ""; - - if( p_auth->psz_nonce ) - { - /* Digest Access Authentication */ - char *psz_response; - - if( p_auth->psz_algorithm - && strcmp( p_auth->psz_algorithm, "MD5" ) - && strcmp( p_auth->psz_algorithm, "MD5-sess" ) ) - { - msg_Err( p_access, "Digest Access Authentication: " - "Unknown algorithm '%s'", p_auth->psz_algorithm ); - return; - } - - if( p_auth->psz_qop || !p_auth->psz_cnonce ) - { - /* FIXME: needs to be really random to prevent man in the middle - * attacks */ - free( p_auth->psz_cnonce ); - p_auth->psz_cnonce = strdup( "Some random string FIXME" ); - } - p_auth->i_nonce ++; - - psz_response = AuthDigest( p_access, p_url, p_auth, "GET" ); - if( !psz_response ) return; - - net_Printf( VLC_OBJECT(p_access), p_sys->fd, pvs, - "%sAuthorization: Digest " - /* Mandatory parameters */ - "username=\"%s\", " - "realm=\"%s\", " - "nonce=\"%s\", " - "uri=\"%s\", " - "response=\"%s\", " - /* Optional parameters */ - "%s%s%s" /* algorithm */ - "%s%s%s" /* cnonce */ - "%s%s%s" /* opaque */ - "%s%s%s" /* message qop */ - "%s%08x%s" /* nonce count */ - "\r\n", - /* Mandatory parameters */ - psz_prefix, - psz_username, - p_auth->psz_realm, - p_auth->psz_nonce, - p_url->psz_path ?: "/", - psz_response, - /* Optional parameters */ - p_auth->psz_algorithm ? "algorithm=\"" : "", - p_auth->psz_algorithm ?: "", - p_auth->psz_algorithm ? "\", " : "", - p_auth->psz_cnonce ? "cnonce=\"" : "", - p_auth->psz_cnonce ?: "", - p_auth->psz_cnonce ? "\", " : "", - p_auth->psz_opaque ? "opaque=\"" : "", - p_auth->psz_opaque ?: "", - p_auth->psz_opaque ? "\", " : "", - p_auth->psz_qop ? "qop=\"" : "", - p_auth->psz_qop ?: "", - p_auth->psz_qop ? "\", " : "", - p_auth->i_nonce ? "nc=\"" : "uglyhack=\"", /* Will be parsed as an unhandled extension */ - p_auth->i_nonce, - p_auth->i_nonce ? "\"" : "\"" - ); - - free( psz_response ); - } - else - { - /* Basic Access Authentication */ - char buf[strlen( psz_username ) + strlen( psz_password ) + 2]; - char *b64; - - snprintf( buf, sizeof( buf ), "%s:%s", psz_username, psz_password ); - b64 = vlc_b64_encode( buf ); + char *psz_value; + + psz_value = + http_auth_FormatAuthorizationHeader( VLC_OBJECT(p_access), p_auth, + "GET", p_url->psz_path, + p_url->psz_username, + p_url->psz_password ); + if ( psz_value == NULL ) + return; - if( b64 != NULL ) - { - net_Printf( VLC_OBJECT(p_access), p_sys->fd, pvs, - "%sAuthorization: Basic %s\r\n", psz_prefix, b64 ); - free( b64 ); - } - } + net_Printf( VLC_OBJECT(p_access), p_sys->fd, p_sys->p_vs, + "%sAuthorization: %s\r\n", psz_prefix, psz_value ); + free( psz_value ); } static int AuthCheckReply( access_t *p_access, const char *psz_header, vlc_url_t *p_url, http_auth_t *p_auth ) { - int i_ret = VLC_EGENERIC; - char *psz_nextnonce = AuthGetParam( psz_header, "nextnonce" ); - char *psz_qop = AuthGetParamNoQuotes( psz_header, "qop" ); - char *psz_rspauth = AuthGetParam( psz_header, "rspauth" ); - char *psz_cnonce = AuthGetParam( psz_header, "cnonce" ); - char *psz_nc = AuthGetParamNoQuotes( psz_header, "nc" ); - - if( psz_cnonce ) - { - char *psz_digest; - - if( strcmp( psz_cnonce, p_auth->psz_cnonce ) ) - { - msg_Err( p_access, "HTTP Digest Access Authentication: server replied with a different client nonce value." ); - goto error; - } - - if( psz_nc ) - { - int i_nonce; - i_nonce = strtol( psz_nc, NULL, 16 ); - if( i_nonce != p_auth->i_nonce ) - { - msg_Err( p_access, "HTTP Digest Access Authentication: server replied with a different nonce count value." ); - goto error; - } - } - - if( psz_qop && p_auth->psz_qop && strcmp( psz_qop, p_auth->psz_qop ) ) - msg_Warn( p_access, "HTTP Digest Access Authentication: server replied using a different 'quality of protection' option" ); - - /* All the clear text values match, let's now check the response - * digest */ - psz_digest = AuthDigest( p_access, p_url, p_auth, "" ); - if( strcmp( psz_digest, psz_rspauth ) ) - { - msg_Err( p_access, "HTTP Digest Access Authentication: server replied with an invalid response digest (expected value: %s).", psz_digest ); - free( psz_digest ); - goto error; - } - free( psz_digest ); - } - - if( psz_nextnonce ) - { - free( p_auth->psz_nonce ); - p_auth->psz_nonce = psz_nextnonce; - psz_nextnonce = NULL; - } - - i_ret = VLC_SUCCESS; - error: - free( psz_nextnonce ); - free( psz_qop ); - free( psz_rspauth ); - free( psz_cnonce ); - free( psz_nc ); - - return i_ret; -} - -static void AuthReset( http_auth_t *p_auth ) -{ - FREENULL( p_auth->psz_realm ); - FREENULL( p_auth->psz_domain ); - FREENULL( p_auth->psz_nonce ); - FREENULL( p_auth->psz_opaque ); - FREENULL( p_auth->psz_stale ); - FREENULL( p_auth->psz_algorithm ); - FREENULL( p_auth->psz_qop ); - p_auth->i_nonce = 0; - FREENULL( p_auth->psz_cnonce ); - FREENULL( p_auth->psz_HA1 ); + return + http_auth_ParseAuthenticationInfoHeader( VLC_OBJECT(p_access), p_auth, + psz_header, "", + p_url->psz_path, + p_url->psz_username, + p_url->psz_password ); }