Skip to content

V
vlc-2-2
Commit 7c88ee37 authored by Francois Cartegnie's avatar Francois Cartegnie
Browse files
Options

access: ftp: add TLS support (fix #137)

parent 01caa671
Hide whitespace changes
Inline Side-by-side
Showing with 235 additions and 61 deletions
modules/access/ftp.c
View file @ 7c88ee37
......@@ -40,6 +40,7 @@
#include <vlc_network.h>
#include <vlc_url.h>
#include <vlc_tls.h>
#include <vlc_sout.h>
#include <vlc_charset.h>
......@@ -47,6 +48,10 @@
# define IPPORT_FTP 21u
#endif
#ifndef IPPORT_FTPS
# define IPPORT_FTPS 990u
#endif
/*****************************************************************************
* Module descriptor
*****************************************************************************/
......@@ -79,7 +84,7 @@ vlc_module_begin ()
PASS_LONGTEXT, false )
add_string( "ftp-account", "anonymous", ACCOUNT_TEXT,
ACCOUNT_LONGTEXT, false )
add_shortcut( "ftp" )
add_shortcut( "ftp", "ftps", "ftpes" )
set_callbacks( InOpen, InClose )
#ifdef ENABLE_SOUT
......@@ -89,7 +94,7 @@ vlc_module_begin ()
set_capability( "sout access", 0 )
set_category( CAT_SOUT )
set_subcategory( SUBCAT_SOUT_ACO )
add_shortcut( "ftp" )
add_shortcut( "ftp", "ftps", "ftpes" )
set_callbacks( OutOpen, OutClose )
#endif
vlc_module_end ()
......@@ -105,12 +110,34 @@ static int OutSeek( sout_access_out_t *, off_t );
static ssize_t Write( sout_access_out_t *, block_t * );
#endif
static void FeaturesCheck( void *, const char * );
typedef struct ftp_features_t
{
bool b_unicode;
bool b_authtls;
} ftp_features_t;
enum tls_mode_e
{
NONE = 0,
IMPLICIT,/* ftps */
EXPLICIT /* ftpes */
};
struct access_sys_t
{
vlc_url_t url;
int fd_cmd;
int fd_data;
ftp_features_t features;
vlc_tls_creds_t *p_creds;
enum tls_mode_e tlsmode;
struct
{
vlc_tls_t *p_tls;
v_socket_t *p_vs;
int fd;
} cmd, data;
char sz_epsv_ip[NI_MAXNUMERICHOST];
bool out;
......@@ -140,7 +167,7 @@ static int ftp_SendCommand( vlc_object_t *obj, access_sys_t *sys,
return -1;
msg_Dbg( obj, "sending request: \"%.*s\" (%d bytes)", val - 2, cmd, val );
if( net_Write( obj, sys->fd_cmd, NULL, cmd, val ) != val )
if( net_Write( obj, sys->cmd.fd, sys->cmd.p_vs, cmd, val ) != val )
{
msg_Err( obj, "request failure" );
val = -1;
......@@ -175,7 +202,7 @@ static int ftp_RecvAnswer( vlc_object_t *obj, access_sys_t *sys,
if( strp != NULL )
*strp = NULL;
char *resp = net_Gets( obj, sys->fd_cmd, NULL );
char *resp = net_Gets( obj, sys->cmd.fd, sys->cmd.p_vs );
if( resp == NULL )
{
msg_Err( obj, "response failure" );
......@@ -198,7 +225,7 @@ static int ftp_RecvAnswer( vlc_object_t *obj, access_sys_t *sys,
*end = ' ';
do
{
char *line = net_Gets( obj, sys->fd_cmd, NULL );
char *line = net_Gets( obj, sys->cmd.fd, sys->cmd.p_vs );
if( line == NULL )
{
msg_Err( obj, "response failure" );
......@@ -239,13 +266,53 @@ static int ftp_RecvCommand( vlc_object_t *obj, access_sys_t *sys,
static int ftp_StartStream( vlc_object_t *, access_sys_t *, uint64_t );
static int ftp_StopStream ( vlc_object_t *, access_sys_t * );
static void readTLSMode( access_sys_t *p_sys, const char * psz_access )
{
if ( !strncmp( psz_access, "ftps", 4 ) )
p_sys->tlsmode = IMPLICIT;
else
if ( !strncmp( psz_access, "ftpes", 5 ) )
p_sys->tlsmode = EXPLICIT;
else
p_sys->tlsmode = NONE;
}
static int createCmdTLS( vlc_object_t *p_access, access_sys_t *p_sys, int fd,
const char *psz_session_name )
{
p_sys->p_creds = vlc_tls_ClientCreate( p_access );
if( p_sys->p_creds == NULL ) return -1;
/* TLS/SSL handshake */
p_sys->cmd.p_tls = vlc_tls_ClientSessionCreate( p_sys->p_creds, fd,
p_sys->url.psz_host,
psz_session_name );
if( p_sys->cmd.p_tls == NULL )
{
msg_Err( p_access, "cannot establish FTP/TLS session on command channel" );
return -1;
}
p_sys->cmd.p_vs = &p_sys->cmd.p_tls->sock;
return 0;
}
static void clearCmdTLS( access_sys_t *p_sys )
{
if ( p_sys->cmd.p_tls ) vlc_tls_SessionDelete( p_sys->cmd.p_tls );
if ( p_sys->p_creds ) vlc_tls_Delete( p_sys->p_creds );
p_sys->cmd.p_tls = NULL;
p_sys->cmd.p_vs = NULL;
p_sys->p_creds = NULL;
}
static int Login( vlc_object_t *p_access, access_sys_t *p_sys )
{
int i_answer;
char *psz;
/* *** Open a TCP connection with server *** */
int fd = p_sys->fd_cmd = net_ConnectTCP( p_access, p_sys->url.psz_host,
int fd = p_sys->cmd.fd = net_ConnectTCP( p_access, p_sys->url.psz_host,
p_sys->url.i_port );
if( fd == -1 )
{
......@@ -255,6 +322,12 @@ static int Login( vlc_object_t *p_access, access_sys_t *p_sys )
return -1;
}
if ( p_sys->tlsmode == IMPLICIT ) /* FTPS Mode */
{
if ( createCmdTLS( p_access, p_sys, fd, "ftps") < 0 )
goto error;
}
while( ftp_RecvCommand( p_access, p_sys, &i_answer, NULL ) == 1 );
if( i_answer / 100 != 2 )
......@@ -274,18 +347,77 @@ static int Login( vlc_object_t *p_access, access_sys_t *p_sys )
if( !psz )
return -1;
/* Features check first */
if( ftp_SendCommand( p_access, p_sys, "FEAT" ) < 0
|| ftp_RecvAnswer( p_access, p_sys, NULL, NULL,
FeaturesCheck, &p_sys->features ) < 0 )
{
msg_Err( p_access, "cannot get server features" );
return -1;
}
/* Create TLS Session */
if( p_sys->tlsmode == EXPLICIT )
{
if ( ! p_sys->features.b_authtls )
{
msg_Err( p_access, "Server does not support TLS" );
return -1;
}
if( ftp_SendCommand( p_access, p_sys, "AUTH TLS" ) < 0
|| ftp_RecvCommand( p_access, p_sys, &i_answer, NULL ) < 0
|| i_answer != 234 )
{
msg_Err( p_access, "cannot switch to TLS: server replied with code %d",
i_answer );
return -1;
}
if ( createCmdTLS( p_access, p_sys, fd, "ftpes") < 0 )
{
goto error;
}
}
if( p_sys->tlsmode != NONE )
{
if( ftp_SendCommand( p_access, p_sys, "PBSZ 0" ) < 0 ||
ftp_RecvCommand( p_access, p_sys, &i_answer, NULL ) < 0 ||
i_answer != 200 )
{
msg_Err( p_access, "Can't truncate Protection buffer size for TLS" );
free( psz );
goto error;
}
if( ftp_SendCommand( p_access, p_sys, "PROT P" ) < 0 ||
ftp_RecvCommand( p_access, p_sys, &i_answer, NULL ) < 0 ||
i_answer != 200 )
{
msg_Err( p_access, "Can't set Data channel protection" );
free( psz );
goto error;
}
}
/* Send credentials over channel */
if( ftp_SendCommand( p_access, p_sys, "USER %s", psz ) < 0 ||
ftp_RecvCommand( p_access, p_sys, &i_answer, NULL ) < 0 )
{
free( psz );
return -1;
goto error;
}
free( psz );
switch( i_answer / 100 )
{
case 2:
msg_Dbg( p_access, "user accepted" );
/* X.509 auth successful after AUTH TLS / RFC 2228 sec. 4 */
if ( i_answer == 232 )
msg_Dbg( p_access, "user accepted and authenticated" );
else
msg_Dbg( p_access, "user accepted" );
break;
case 3:
msg_Dbg( p_access, "password needed" );
......@@ -294,13 +426,13 @@ static int Login( vlc_object_t *p_access, access_sys_t *p_sys )
else
psz = var_InheritString( p_access, "ftp-pwd" );
if( !psz )
return -1;
goto error;
if( ftp_SendCommand( p_access, p_sys, "PASS %s", psz ) < 0 ||
ftp_RecvCommand( p_access, p_sys, &i_answer, NULL ) < 0 )
{
free( psz );
return -1;
goto error;
}
free( psz );
......@@ -317,7 +449,7 @@ static int Login( vlc_object_t *p_access, access_sys_t *p_sys )
ftp_RecvCommand( p_access, p_sys, &i_answer, NULL ) < 0 )
{
free( psz );
return -1;
goto error;
}
free( psz );
......@@ -327,7 +459,7 @@ static int Login( vlc_object_t *p_access, access_sys_t *p_sys )
dialog_Fatal( p_access,
_("Network interaction failed"),
"%s", _("Your account was rejected.") );
return -1;
goto error;
}
msg_Dbg( p_access, "account accepted" );
break;
......@@ -336,25 +468,32 @@ static int Login( vlc_object_t *p_access, access_sys_t *p_sys )
msg_Err( p_access, "password rejected" );
dialog_Fatal( p_access, _("Network interaction failed"),
"%s", _("Your password was rejected.") );
return -1;
goto error;
}
break;
default:
msg_Err( p_access, "user rejected" );
dialog_Fatal( p_access, _("Network interaction failed"), "%s",
_("Your connection attempt to the server was rejected.") );
return -1;
goto error;
}
return 0;
error:
clearCmdTLS( p_sys );
return -1;
}
static void FeaturesCheck( void *opaque, const char *feature )
{
bool *unicode = opaque;
ftp_features_t *features = opaque;
if( strcasestr( feature, "UTF8" ) != NULL )
*unicode = true;
features->b_unicode = true;
else
if( strcasestr( feature, "AUTH TLS" ) != NULL )
features->b_authtls = true;
}
static const char *IsASCII( const char *str )
......@@ -380,7 +519,7 @@ static int Connect( vlc_object_t *p_access, access_sys_t *p_sys )
if( ftp_RecvCommand( p_access, p_sys, NULL, NULL ) == 2 )
{
if( net_GetPeerAddress( p_sys->fd_cmd, p_sys->sz_epsv_ip, NULL ) )
if( net_GetPeerAddress( p_sys->cmd.fd, p_sys->sz_epsv_ip, NULL ) )
goto error;
}
else
......@@ -391,23 +530,14 @@ static int Connect( vlc_object_t *p_access, access_sys_t *p_sys )
* the initial connection.
*/
msg_Info( p_access, "FTP Extended passive mode disabled" );
net_Close( p_sys->fd_cmd );
clearCmdTLS( p_sys );
net_Close( p_sys->cmd.fd );
if( Login( p_access, p_sys ) )
goto error;
}
/* features check */
bool unicode = false;
if( ftp_SendCommand( p_access, p_sys, "FEAT" ) < 0
|| ftp_RecvAnswer( p_access, p_sys, NULL, NULL,
FeaturesCheck, &unicode ) < 0 )
{
msg_Err( p_access, "cannot get server features" );
goto error;
}
if( (unicode ? IsUTF8 : IsASCII)(p_sys->url.psz_path) == NULL )
if( (p_sys->features.b_unicode ? IsUTF8 : IsASCII)(p_sys->url.psz_path) == NULL )
{
msg_Err( p_access, "unsupported path: \"%s\"", p_sys->url.psz_path );
goto error;
......@@ -422,13 +552,15 @@ static int Connect( vlc_object_t *p_access, access_sys_t *p_sys )
}
return 0;
error:
net_Close( p_sys->fd_cmd );
clearCmdTLS( p_sys );
net_Close( p_sys->cmd.fd );
return -1;
}
static int parseURL( vlc_url_t *url, const char *path )
static int parseURL( vlc_url_t *url, const char *path, enum tls_mode_e mode )
{
if( path == NULL )
return VLC_EGENERIC;
......@@ -443,7 +575,12 @@ static int parseURL( vlc_url_t *url, const char *path )
return VLC_EGENERIC;
if( url->i_port <= 0 )
url->i_port = IPPORT_FTP; /* default port */
{
if( mode == IMPLICIT )
url->i_port = IPPORT_FTPS;
else
url->i_port = IPPORT_FTP; /* default port */
}
if( url->psz_path == NULL )
return VLC_SUCCESS;
......@@ -479,12 +616,13 @@ static int InOpen( vlc_object_t *p_this )
/* Init p_access */
STANDARD_READ_ACCESS_INIT
p_sys->fd_data = -1;
p_sys->data.fd = -1;
p_sys->out = false;
p_sys->directory = false;
p_sys->size = 0;
readTLSMode( p_sys, p_access->psz_access );
if( parseURL( &p_sys->url, p_access->psz_location ) )
if( parseURL( &p_sys->url, p_access->psz_location, p_sys->tlsmode ) )
goto exit_error;
if( Connect( p_this, p_sys ) )
......@@ -509,7 +647,7 @@ static int InOpen( vlc_object_t *p_this )
else
if( ftp_RecvCommand( p_this, p_sys, NULL, NULL ) != 2 )
{
msg_Err( p_access, "file or directory does not exist" );
msg_Err( p_this, "file or directory does not exist" );
goto error;
}
else
......@@ -518,15 +656,18 @@ static int InOpen( vlc_object_t *p_this )
/* Start the 'stream' */
if( ftp_StartStream( p_this, p_sys, 0 ) < 0 )
{
msg_Err( p_access, "cannot retrieve file" );
net_Close( p_sys->fd_cmd );
msg_Err( p_this, "cannot retrieve file" );
clearCmdTLS( p_sys );
net_Close( p_sys->cmd.fd );
goto exit_error;
}
return VLC_SUCCESS;
error:
net_Close( p_sys->fd_cmd );
clearCmdTLS( p_sys );
net_Close( p_sys->cmd.fd );
exit_error:
vlc_UrlClean( &p_sys->url );
free( p_sys );
......@@ -544,10 +685,11 @@ static int OutOpen( vlc_object_t *p_this )
return VLC_ENOMEM;
/* Init p_access */
p_sys->fd_data = -1;
p_sys->data.fd = -1;
p_sys->out = true;
readTLSMode( p_sys, p_access->psz_access );
if( parseURL( &p_sys->url, p_access->psz_path ) )
if( parseURL( &p_sys->url, p_access->psz_path, p_sys->tlsmode ) )
goto exit_error;
if( p_sys->url.psz_path == NULL )
{
......@@ -562,7 +704,8 @@ static int OutOpen( vlc_object_t *p_this )
if( ftp_StartStream( p_this, p_sys, 0 ) < 0 )
{
msg_Err( p_access, "cannot store file" );
net_Close( p_sys->fd_cmd );
clearCmdTLS( p_sys );
net_Close( p_sys->cmd.fd );
goto exit_error;
}
......@@ -595,7 +738,9 @@ static void Close( vlc_object_t *p_access, access_sys_t *p_sys )
{
ftp_RecvCommand( p_access, p_sys, NULL, NULL );
}
net_Close( p_sys->fd_cmd );
clearCmdTLS( p_sys );
net_Close( p_sys->cmd.fd );
/* free memory */
vlc_UrlClean( &p_sys->url );
......@@ -655,7 +800,7 @@ static ssize_t Read( access_t *p_access, uint8_t *p_buffer, size_t i_len )
{
access_sys_t *p_sys = p_access->p_sys;
assert( p_sys->fd_data != -1 );
assert( p_sys->data.fd != -1 );
assert( !p_sys->out );
if( p_access->info.b_eof )
......@@ -663,7 +808,7 @@ static ssize_t Read( access_t *p_access, uint8_t *p_buffer, size_t i_len )
if( p_sys->directory )
{
char *psz_line = net_Gets( p_access, p_sys->fd_data, NULL );
char *psz_line = net_Gets( p_access, p_sys->data.fd, p_sys->data.p_vs );
if( !psz_line )
{
p_access->info.b_eof = true;
......@@ -671,7 +816,9 @@ static ssize_t Read( access_t *p_access, uint8_t *p_buffer, size_t i_len )
}
else
{
snprintf( (char*)p_buffer, i_len, "ftp://%s:%d/%s/%s\n",
snprintf( (char*)p_buffer, i_len, "%s://%s:%d/%s/%s\n",
( p_sys->tlsmode == NONE ) ? "ftp" :
( ( p_sys->tlsmode == IMPLICIT ) ? "ftps" : "ftpes" ),
p_sys->url.psz_host, p_sys->url.i_port,
p_sys->url.psz_path, psz_line );
free( psz_line );
......@@ -680,7 +827,7 @@ static ssize_t Read( access_t *p_access, uint8_t *p_buffer, size_t i_len )
}
else
{
int i_read = net_Read( p_access, p_sys->fd_data, NULL,
int i_read = net_Read( p_access, p_sys->data.fd, p_sys->data.p_vs,
p_buffer, i_len, false );
if( i_read == 0 )
p_access->info.b_eof = true;
......@@ -700,13 +847,13 @@ static ssize_t Write( sout_access_out_t *p_access, block_t *p_buffer )
access_sys_t *p_sys = GET_OUT_SYS(p_access);
size_t i_write = 0;
assert( p_sys->fd_data != -1 );
assert( p_sys->data.fd != -1 );
while( p_buffer != NULL )
{
block_t *p_next = p_buffer->p_next;;
i_write += net_Write( p_access, p_sys->fd_data, NULL,
i_write += net_Write( p_access, p_sys->data.fd, p_sys->data.p_vs,
p_buffer->p_buffer, p_buffer->i_buffer );
block_Release( p_buffer );
......@@ -786,7 +933,7 @@ static int ftp_StartStream( vlc_object_t *p_access, access_sys_t *p_sys,
char *psz_arg, *psz_parser;
int i_port;
assert( p_sys->fd_data == -1 );
assert( p_sys->data.fd == -1 );
if( ( ftp_SendCommand( p_access, p_sys, *psz_ip ? "EPSV" : "PASV" ) < 0 )
|| ( ftp_RecvCommand( p_access, p_sys, &i_answer, &psz_arg ) != 2 ) )
......@@ -854,8 +1001,8 @@ static int ftp_StartStream( vlc_object_t *p_access, access_sys_t *p_sys,
}
msg_Dbg( p_access, "waiting for data connection..." );
p_sys->fd_data = net_ConnectTCP( p_access, psz_ip, i_port );
if( p_sys->fd_data < 0 )
p_sys->data.fd = net_ConnectTCP( p_access, psz_ip, i_port );
if( p_sys->data.fd < 0 )
{
msg_Err( p_access, "failed to connect with server" );
return VLC_EGENERIC;
......@@ -886,7 +1033,24 @@ static int ftp_StartStream( vlc_object_t *p_access, access_sys_t *p_sys,
}
}
shutdown( p_sys->fd_data, p_sys->out ? SHUT_RD : SHUT_WR );
if( p_sys->tlsmode != NONE )
{
/* FIXME: Do Reuse TLS Session */
/* TLS/SSL handshake */
p_sys->data.p_tls = vlc_tls_ClientSessionCreate( p_sys->p_creds,
p_sys->data.fd, p_sys->url.psz_host,
( p_sys->tlsmode == EXPLICIT ) ? "ftpes-data"
: "ftps-data" );
if( p_sys->data.p_tls == NULL )
{
msg_Err( p_access, "cannot establish FTP/TLS session for data" \
": server not allowing new session ?" );
return VLC_EGENERIC;
}
p_sys->data.p_vs = &p_sys->data.p_tls->sock;
}
else
shutdown( p_sys->data.fd, p_sys->out ? SHUT_RD : SHUT_WR );
return VLC_SUCCESS;
}
......@@ -896,16 +1060,24 @@ static int ftp_StopStream ( vlc_object_t *p_access, access_sys_t *p_sys )
if( ftp_SendCommand( p_access, p_sys, "ABOR" ) < 0 )
{
msg_Warn( p_access, "cannot abort file" );
if( p_sys->fd_data > 0 )
net_Close( p_sys->fd_data );
p_sys->fd_data = -1;
if( p_sys->data.fd > 0 )
{
if ( p_sys->data.p_tls ) vlc_tls_SessionDelete( p_sys->data.p_tls );
net_Close( p_sys->data.fd );
}
p_sys->data.fd = -1;
p_sys->data.p_tls = NULL;
p_sys->data.p_vs = NULL;
return VLC_EGENERIC;
}
if( p_sys->fd_data != -1 )
if( p_sys->data.fd != -1 )
{
net_Close( p_sys->fd_data );
p_sys->fd_data = -1;
if ( p_sys->data.p_tls ) vlc_tls_SessionDelete( p_sys->data.p_tls );
net_Close( p_sys->data.fd );
p_sys->data.fd = -1;
p_sys->data.p_tls = NULL;
p_sys->data.p_vs = NULL;
/* Read the final response from RETR/STOR, i.e. 426 or 226 */
ftp_RecvCommand( p_access, p_sys, NULL, NULL );
}
......
modules/demux/playlist/m3u.c
View file @ 7c88ee37
......@@ -115,7 +115,9 @@ static bool ContainsURL( demux_t *p_demux )
!strncasecmp( (const char *)p_peek, "mms://", 6 ) ||
!strncasecmp( (const char *)p_peek, "rtsp://", 7 ) ||
!strncasecmp( (const char *)p_peek, "https://", 8 ) ||
!strncasecmp( (const char *)p_peek, "ftp://", 6 ) )
!strncasecmp( (const char *)p_peek, "ftp://", 6 ) ||
!strncasecmp( (const char *)p_peek, "ftps://", 7 ) ||
!strncasecmp( (const char *)p_peek, "ftpes://", 8 ) )
{
return true;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment