Check the server's reply upon successful authentication and validate it (just...

Check the server's reply upon successful authentication and validate it (just to make sure that no one is spoofing the server's reply). This will probably fail if qop=auth-int (code needs to be fixed).

modules/access/http.c

@@ -209,6 +209,8 @@ static void AuthParseHeader( access_t *p_access, const char *psz_header,
                              http_auth_t *p_auth );
 static void AuthReply( access_t *p_acces, const char *psz_prefix,
                        vlc_url_t *p_url, http_auth_t *p_auth );
+static int AuthCheckReply( access_t *p_access, const char *psz_header,
+                           vlc_url_t *p_url, http_auth_t *p_auth );
 static void AuthReset( http_auth_t *p_auth );
 
 /*****************************************************************************
@@ -1360,8 +1362,15 @@ static int Request( access_t *p_access, int64_t i_tell )
         }
         else if( !strcasecmp( psz, "authentication-info" ) )
         {
-            msg_Dbg( p_access, "Authentication info: %s", p );
-            /* FIXME: use */
+            msg_Dbg( p_access, "Authentication Info header: %s", p );
+            if( AuthCheckReply( p_access, p, &p_sys->url, &p_sys->auth ) )
+                goto error;
+        }
+        else if( !strcasecmp( psz, "proxy-authentication-info" ) )
+        {
+            msg_Dbg( p_access, "Proxy Authentication Info header: %s", p );
+            if( AuthCheckReply( p_access, p, &p_sys->proxy, &p_sys->proxy_auth ) )
+                goto error;
         }
 
         free( psz );
@@ -1600,52 +1609,19 @@ static void AuthParseHeader( access_t *p_access, const char *psz_header,
                       psz_header );
     }
 }
-static char *AuthAlgoMD5( const char *psz_data )
-{
-    struct md5_s md5;
-    char *psz_md5;
-    InitMD5( &md5 );
-    AddMD5( &md5, psz_data, strlen( psz_data ) );
-    EndMD5( &md5 );
-    psz_md5 = psz_md5_hash( &md5 );
-    return psz_md5;
-}
 
-static void AuthReply( access_t *p_access, const char *psz_prefix,
-                       vlc_url_t *p_url, http_auth_t *p_auth )
+static char *AuthDigest( access_t *p_access, vlc_url_t *p_url,
+                         http_auth_t *p_auth, const char *psz_method )
 {
-    access_sys_t *p_sys = p_access->p_sys;
-    v_socket_t     *pvs = p_sys->p_vs;
-
+    (void)p_access;
     const char *psz_username = p_url->psz_username ?: "";
     const char *psz_password = p_url->psz_password ?: "";
 
-    if( p_auth->psz_nonce )
-    {
-        /* Digest Access Authentication */
     char *psz_HA1 = NULL;
     char *psz_HA2 = NULL;
     char *psz_response = NULL;
     struct md5_s md5;
 
-        if(    p_auth->psz_algorithm
-            && strcmp( p_auth->psz_algorithm, "MD5" )
-            && strcmp( p_auth->psz_algorithm, "MD5-sess" ) )
-        {
-            msg_Err( p_access, "Digest Access Authentication: "
-                     "Unknown algorithm '%s'", p_auth->psz_algorithm );
-            return;
-        }
-
-        if( p_auth->psz_qop || !p_auth->psz_cnonce )
-        {
-            /* FIXME: needs to be really random to prevent man in the middle
-             * attacks */
-            free( p_auth->psz_cnonce );
-            p_auth->psz_cnonce = strdup( "Some random string FIXME" );
-        }
-        p_auth->i_nonce ++;
-
     /* H(A1) */
     if( p_auth->psz_HA1 )
     {
@@ -1686,7 +1662,8 @@ static void AuthReply( access_t *p_access, const char *psz_prefix,
 
     /* H(A2) */
     InitMD5( &md5 );
-        AddMD5( &md5, "GET", 3 ); /* FIXME ? */
+    if( *psz_method )
+        AddMD5( &md5, psz_method, strlen( psz_method ) );
     AddMD5( &md5, ":", 1 );
     if( p_url->psz_path )
         AddMD5( &md5, p_url->psz_path, strlen( p_url->psz_path ) );
@@ -1731,7 +1708,48 @@ static void AuthReply( access_t *p_access, const char *psz_prefix,
     AddMD5( &md5, psz_HA2, 32 );
     EndMD5( &md5 );
     psz_response = psz_md5_hash( &md5 );
-        if( !psz_response ) goto error;
+
+    error:
+        free( psz_HA1 );
+        free( psz_HA2 );
+        return psz_response;
+}
+
+
+static void AuthReply( access_t *p_access, const char *psz_prefix,
+                       vlc_url_t *p_url, http_auth_t *p_auth )
+{
+    access_sys_t *p_sys = p_access->p_sys;
+    v_socket_t     *pvs = p_sys->p_vs;
+
+    const char *psz_username = p_url->psz_username ?: "";
+    const char *psz_password = p_url->psz_password ?: "";
+
+    if( p_auth->psz_nonce )
+    {
+        /* Digest Access Authentication */
+        char *psz_response;
+
+        if(    p_auth->psz_algorithm
+            && strcmp( p_auth->psz_algorithm, "MD5" )
+            && strcmp( p_auth->psz_algorithm, "MD5-sess" ) )
+        {
+            msg_Err( p_access, "Digest Access Authentication: "
+                     "Unknown algorithm '%s'", p_auth->psz_algorithm );
+            return;
+        }
+
+        if( p_auth->psz_qop || !p_auth->psz_cnonce )
+        {
+            /* FIXME: needs to be really random to prevent man in the middle
+             * attacks */
+            free( p_auth->psz_cnonce );
+            p_auth->psz_cnonce = strdup( "Some random string FIXME" );
+        }
+        p_auth->i_nonce ++;
+
+        psz_response = AuthDigest( p_access, p_url, p_auth, "GET" );
+        if( !psz_response ) return;
 
         net_Printf( VLC_OBJECT(p_access), p_sys->fd, pvs,
                     "%sAuthorization: Digest "
@@ -1773,10 +1791,6 @@ static void AuthReply( access_t *p_access, const char *psz_prefix,
                     p_auth->i_nonce ? "\"" : "\""
                   );
 
-
-    error:
-        free( psz_HA1 );
-        free( psz_HA2 );
         free( psz_response );
     }
     else
@@ -1797,6 +1811,69 @@ static void AuthReply( access_t *p_access, const char *psz_prefix,
     }
 }
 
+static int AuthCheckReply( access_t *p_access, const char *psz_header,
+                           vlc_url_t *p_url, http_auth_t *p_auth )
+{
+    int i_ret = VLC_EGENERIC;
+    char *psz_nextnonce = AuthGetParam( psz_header, "nextnonce" );
+    char *psz_qop = AuthGetParamNoQuotes( psz_header, "qop" );
+    char *psz_rspauth = AuthGetParam( psz_header, "rspauth" );
+    char *psz_cnonce = AuthGetParam( psz_header, "cnonce" );
+    char *psz_nc = AuthGetParamNoQuotes( psz_header, "nc" );
+
+    if( psz_cnonce )
+    {
+        char *psz_digest;
+
+        if( strcmp( psz_cnonce, p_auth->psz_cnonce ) )
+        {
+            msg_Err( p_access, "HTTP Digest Access Authentication: server replied with a different client nonce value." );
+            goto error;
+        }
+
+        if( psz_nc )
+        {
+            int i_nonce;
+            i_nonce = strtol( psz_nc, NULL, 16 );
+            if( i_nonce != p_auth->i_nonce )
+            {
+                msg_Err( p_access, "HTTP Digest Access Authentication: server replied with a different nonce count value." );
+                goto error;
+            }
+        }
+
+        if( psz_qop && p_auth->psz_qop && strcmp( psz_qop, p_auth->psz_qop ) )
+            msg_Warn( p_access, "HTTP Digest Access Authentication: server replied using a different 'quality of protection' option" );
+
+        /* All the clear text values match, let's now check the response
+         * digest */
+        psz_digest = AuthDigest( p_access, p_url, p_auth, "" );
+        if( strcmp( psz_digest, psz_rspauth ) )
+        {
+            msg_Err( p_access, "HTTP Digest Access Authentication: server replied with an invalid response digest (expected value: %s).", psz_digest );
+            free( psz_digest );
+            goto error;
+        }
+        free( psz_digest );
+    }
+
+    if( psz_nextnonce )
+    {
+        free( p_auth->psz_nonce );
+        p_auth->psz_nonce = psz_nextnonce;
+        psz_nextnonce = NULL;
+    }
+
+    i_ret = VLC_SUCCESS;
+    error:
+        free( psz_nextnonce );
+        free( psz_qop );
+        free( psz_rspauth );
+        free( psz_cnonce );
+
+    return i_ret;
+}
+
 static void AuthReset( http_auth_t *p_auth )
 {
     FREENULL( p_auth->psz_realm );