Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
vlc
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
videolan
vlc
Commits
4981062b
Commit
4981062b
authored
Apr 09, 2008
by
Antoine Cellerier
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Simplify the HTTP Digest Access Authentification code.
parent
ee8a709f
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
105 additions
and
118 deletions
+105
-118
modules/access/http.c
modules/access/http.c
+105
-118
No files found.
modules/access/http.c
View file @
4981062b
...
@@ -127,7 +127,7 @@ typedef struct http_auth_t
...
@@ -127,7 +127,7 @@ typedef struct http_auth_t
char
*
psz_qop
;
char
*
psz_qop
;
int
i_nonce
;
int
i_nonce
;
char
*
psz_cnonce
;
char
*
psz_cnonce
;
char
*
psz_
A1
;
/* stored A1
value if algorithm = "MD5-sess" */
char
*
psz_
HA1
;
/* stored H(A1)
value if algorithm = "MD5-sess" */
}
http_auth_t
;
}
http_auth_t
;
struct
access_sys_t
struct
access_sys_t
...
@@ -1511,11 +1511,8 @@ static char *AuthGetParam( const char *psz_header, const char *psz_param )
...
@@ -1511,11 +1511,8 @@ static char *AuthGetParam( const char *psz_header, const char *psz_param )
const
char
*
psz_end
;
const
char
*
psz_end
;
psz_header
+=
strlen
(
psz_what
);
psz_header
+=
strlen
(
psz_what
);
psz_end
=
strchr
(
psz_header
,
'"'
);
psz_end
=
strchr
(
psz_header
,
'"'
);
if
(
!
psz_end
)
if
(
!
psz_end
)
/* Invalid since we should have a closing quote */
{
return
strdup
(
psz_header
);
psz_end
=
psz_header
;
while
(
*
psz_end
)
psz_end
++
;
}
return
strndup
(
psz_header
,
psz_end
-
psz_header
);
return
strndup
(
psz_header
,
psz_end
-
psz_header
);
}
}
else
else
...
@@ -1526,7 +1523,7 @@ static char *AuthGetParam( const char *psz_header, const char *psz_param )
...
@@ -1526,7 +1523,7 @@ static char *AuthGetParam( const char *psz_header, const char *psz_param )
static
char
*
AuthGetParamNoQuotes
(
const
char
*
psz_header
,
const
char
*
psz_param
)
static
char
*
AuthGetParamNoQuotes
(
const
char
*
psz_header
,
const
char
*
psz_param
)
{
{
char
psz_what
[
strlen
(
psz_param
)
+
3
];
char
psz_what
[
strlen
(
psz_param
)
+
2
];
sprintf
(
psz_what
,
"%s="
,
psz_param
);
sprintf
(
psz_what
,
"%s="
,
psz_param
);
psz_header
=
strstr
(
psz_header
,
psz_what
);
psz_header
=
strstr
(
psz_header
,
psz_what
);
if
(
psz_header
)
if
(
psz_header
)
...
@@ -1534,11 +1531,10 @@ static char *AuthGetParamNoQuotes( const char *psz_header, const char *psz_param
...
@@ -1534,11 +1531,10 @@ static char *AuthGetParamNoQuotes( const char *psz_header, const char *psz_param
const
char
*
psz_end
;
const
char
*
psz_end
;
psz_header
+=
strlen
(
psz_what
);
psz_header
+=
strlen
(
psz_what
);
psz_end
=
strchr
(
psz_header
,
','
);
psz_end
=
strchr
(
psz_header
,
','
);
if
(
!
psz_end
)
/* XXX: Do we need to filter out trailing space between the value and
{
* the comma/end of line? */
psz_end
=
psz_header
;
if
(
!
psz_end
)
/* Can be valid if this is the last parameter */
while
(
*
psz_end
)
psz_end
++
;
return
strdup
(
psz_header
);
}
return
strndup
(
psz_header
,
psz_end
-
psz_header
);
return
strndup
(
psz_header
,
psz_end
-
psz_header
);
}
}
else
else
...
@@ -1576,14 +1572,18 @@ static void AuthParseHeader( access_t *p_access, const char *psz_header,
...
@@ -1576,14 +1572,18 @@ static void AuthParseHeader( access_t *p_access, const char *psz_header,
p_auth
->
psz_algorithm
=
AuthGetParamNoQuotes
(
psz_header
,
"algorithm"
);
p_auth
->
psz_algorithm
=
AuthGetParamNoQuotes
(
psz_header
,
"algorithm"
);
p_auth
->
psz_qop
=
AuthGetParam
(
psz_header
,
"qop"
);
p_auth
->
psz_qop
=
AuthGetParam
(
psz_header
,
"qop"
);
p_auth
->
i_nonce
=
0
;
p_auth
->
i_nonce
=
0
;
/* printf("realm: %s\ndomain: %s\nnonce: %s\nopaque: %s\nstale: %s\nalgorithm: %s\nqop: %s\n",p_auth->psz_realm,p_auth->psz_domain,p_auth->psz_nonce,p_auth->psz_opaque,p_auth->psz_stale,p_auth->psz_algorithm,p_auth->psz_qop); */
/* printf("realm: |%s|\ndomain: |%s|\nnonce: |%s|\nopaque: |%s|\n"
"stale: |%s|\nalgorithm: |%s|\nqop: |%s|\n",
p_auth->psz_realm,p_auth->psz_domain,p_auth->psz_nonce,
p_auth->psz_opaque,p_auth->psz_stale,p_auth->psz_algorithm,
p_auth->psz_qop); */
if
(
!
p_auth
->
psz_realm
)
if
(
!
p_auth
->
psz_realm
)
msg_Warn
(
p_access
,
"Digest Access Authentication: "
msg_Warn
(
p_access
,
"Digest Access Authentication: "
"Mandatory 'realm' parameter is missing"
);
"Mandatory 'realm' parameter is missing"
);
if
(
!
p_auth
->
psz_nonce
)
if
(
!
p_auth
->
psz_nonce
)
msg_Warn
(
p_access
,
"Digest Access Authentication: "
msg_Warn
(
p_access
,
"Digest Access Authentication: "
"Mandatory 'nonce' parameter is missing"
);
"Mandatory 'nonce' parameter is missing"
);
if
(
p_auth
->
psz_qop
)
/* FIXME */
if
(
p_auth
->
psz_qop
)
/* FIXME
: parse the qop list
*/
{
{
char
*
psz_tmp
=
strchr
(
p_auth
->
psz_qop
,
','
);
char
*
psz_tmp
=
strchr
(
p_auth
->
psz_qop
,
','
);
if
(
psz_tmp
)
*
psz_tmp
=
'\0'
;
if
(
psz_tmp
)
*
psz_tmp
=
'\0'
;
...
@@ -1592,16 +1592,14 @@ static void AuthParseHeader( access_t *p_access, const char *psz_header,
...
@@ -1592,16 +1592,14 @@ static void AuthParseHeader( access_t *p_access, const char *psz_header,
else
else
{
{
const
char
*
psz_end
=
strchr
(
psz_header
,
' '
);
const
char
*
psz_end
=
strchr
(
psz_header
,
' '
);
if
(
!
psz_end
)
if
(
psz_end
)
{
msg_Warn
(
p_access
,
"Unknown authentication scheme: '%*s'"
,
psz_end
=
psz_header
;
psz_end
-
psz_header
,
psz_header
);
while
(
*
psz_end
)
psz_end
++
;
else
}
msg_Warn
(
p_access
,
"Unknown authentication scheme: '%s'"
,
msg_Warn
(
p_access
,
"Unknown authentication scheme: '%*s'"
,
psz_header
);
psz_end
-
psz_header
,
psz_header
);
}
}
}
}
static
char
*
AuthAlgoMD5
(
const
char
*
psz_data
)
static
char
*
AuthAlgoMD5
(
const
char
*
psz_data
)
{
{
struct
md5_s
md5
;
struct
md5_s
md5
;
...
@@ -1625,27 +1623,21 @@ static void AuthReply( access_t *p_access, const char *psz_prefix,
...
@@ -1625,27 +1623,21 @@ static void AuthReply( access_t *p_access, const char *psz_prefix,
if
(
p_auth
->
psz_nonce
)
if
(
p_auth
->
psz_nonce
)
{
{
/* Digest Access Authentication */
/* Digest Access Authentication */
char
*
psz_HA1
=
NULL
;
char
*
psz_HA2
=
NULL
;
char
*
psz_response
=
NULL
;
char
*
psz_response
=
NULL
;
char
*
psz_A1
=
NULL
;
struct
md5_s
md5
;
char
*
psz_A2
=
NULL
;
char
*
psz_secret
=
NULL
;
if
(
p_auth
->
psz_algorithm
char
*
psz_data
=
NULL
;
&&
strcmp
(
p_auth
->
psz_algorithm
,
"MD5"
)
char
*
(
*
pf_algo
)(
const
char
*
);
&&
strcmp
(
p_auth
->
psz_algorithm
,
"MD5-sess"
)
)
if
(
p_auth
->
psz_algorithm
==
NULL
||
!
strcmp
(
p_auth
->
psz_algorithm
,
"MD5"
)
||
!
strcmp
(
p_auth
->
psz_algorithm
,
"MD5-sess"
)
)
{
pf_algo
=
AuthAlgoMD5
;
}
else
{
{
msg_Err
(
p_access
,
"Digest Access Authentication: "
msg_Err
(
p_access
,
"Digest Access Authentication: "
"Unknown algorithm '%s'"
,
p_auth
->
psz_algorithm
);
"Unknown algorithm '%s'"
,
p_auth
->
psz_algorithm
);
return
;
}
}
if
(
!
pf_algo
)
return
;
if
(
p_auth
->
psz_qop
)
if
(
p_auth
->
psz_qop
||
!
p_auth
->
psz_cnonce
)
{
{
/* FIXME: needs to be really random to prevent man in the middle
/* FIXME: needs to be really random to prevent man in the middle
* attacks */
* attacks */
...
@@ -1654,96 +1646,92 @@ static void AuthReply( access_t *p_access, const char *psz_prefix,
...
@@ -1654,96 +1646,92 @@ static void AuthReply( access_t *p_access, const char *psz_prefix,
}
}
p_auth
->
i_nonce
++
;
p_auth
->
i_nonce
++
;
if
(
p_auth
->
psz_algorithm
&&
!
strcmp
(
p_auth
->
psz_algorithm
,
"MD5-sess"
)
)
/* H(A1) */
if
(
p_auth
->
psz_HA1
)
{
{
if
(
!
p_auth
->
psz_A1
)
psz_HA1
=
strdup
(
p_auth
->
psz_HA1
);
{
if
(
!
psz_HA1
)
goto
error
;
char
*
psz_tmp
=
NULL
;
if
(
asprintf
(
&
psz_A1
,
"%s:%s:%s"
,
psz_username
,
p_auth
->
psz_realm
,
psz_password
)
<
0
)
goto
error
;
psz_tmp
=
pf_algo
(
psz_A1
);
free
(
psz_A1
);
psz_A1
=
NULL
;
if
(
!
psz_tmp
)
goto
error
;
if
(
asprintf
(
&
psz_A1
,
"%s:%s:%s"
,
psz_tmp
,
p_auth
->
psz_nonce
,
p_auth
->
psz_cnonce
)
<
0
)
{
free
(
psz_tmp
);
goto
error
;
}
p_auth
->
psz_A1
=
strdup
(
psz_A1
);
}
else
{
psz_A1
=
strdup
(
p_auth
->
psz_A1
);
}
}
}
else
else
{
{
if
(
asprintf
(
&
psz_A1
,
"%s:%s:%s"
,
psz_username
,
p_auth
->
psz_realm
,
InitMD5
(
&
md5
);
psz_password
)
<
0
)
goto
error
;
AddMD5
(
&
md5
,
psz_username
,
strlen
(
psz_username
)
);
}
AddMD5
(
&
md5
,
":"
,
1
);
AddMD5
(
&
md5
,
p_auth
->
psz_realm
,
strlen
(
p_auth
->
psz_realm
)
);
AddMD5
(
&
md5
,
":"
,
1
);
AddMD5
(
&
md5
,
psz_password
,
strlen
(
psz_password
)
);
EndMD5
(
&
md5
);
if
(
!
p_auth
->
psz_qop
||
!
strcmp
(
p_auth
->
psz_qop
,
"auth"
)
)
psz_HA1
=
psz_md5_hash
(
&
md5
);
{
if
(
!
psz_HA1
)
goto
error
;
if
(
asprintf
(
&
psz_A2
,
"%s:%s"
,
"GET"
,
p_url
->
psz_path
?:
"/"
)
<
0
)
goto
error
;
if
(
p_auth
->
psz_algorithm
}
&&
!
strcmp
(
p_auth
->
psz_algorithm
,
"MD5-sess"
)
)
else
{
char
*
psz_tmp
=
pf_algo
(
"FIXME entity-body"
);
/* FIXME */
if
(
asprintf
(
&
psz_A2
,
"%s:%s:%s"
,
"GET"
,
p_url
->
psz_path
?:
"/"
,
psz_tmp
)
<
0
)
{
{
free
(
psz_tmp
);
InitMD5
(
&
md5
);
goto
error
;
AddMD5
(
&
md5
,
psz_HA1
,
32
);
free
(
psz_HA1
);
AddMD5
(
&
md5
,
":"
,
1
);
AddMD5
(
&
md5
,
p_auth
->
psz_nonce
,
strlen
(
p_auth
->
psz_nonce
)
);
AddMD5
(
&
md5
,
":"
,
1
);
AddMD5
(
&
md5
,
p_auth
->
psz_cnonce
,
strlen
(
p_auth
->
psz_cnonce
)
);
EndMD5
(
&
md5
);
psz_HA1
=
psz_md5_hash
(
&
md5
);
if
(
!
psz_HA1
)
goto
error
;
p_auth
->
psz_HA1
=
strdup
(
psz_HA1
);
if
(
!
p_auth
->
psz_HA1
)
goto
error
;
}
}
free
(
psz_tmp
);
}
}
psz_secret
=
pf_algo
(
psz_A1
);
/* H(A2) */
InitMD5
(
&
md5
);
AddMD5
(
&
md5
,
"GET"
,
3
);
/* FIXME ? */
AddMD5
(
&
md5
,
":"
,
1
);
if
(
p_url
->
psz_path
)
AddMD5
(
&
md5
,
p_url
->
psz_path
,
strlen
(
p_url
->
psz_path
)
);
else
AddMD5
(
&
md5
,
"/"
,
1
);
if
(
p_auth
->
psz_qop
&&
!
strcmp
(
p_auth
->
psz_qop
,
"auth-int"
)
)
{
char
*
psz_ent
;
struct
md5_s
ent
;
InitMD5
(
&
ent
);
AddMD5
(
&
ent
,
""
,
0
);
/* XXX: entity-body. should be ok for GET */
EndMD5
(
&
ent
);
psz_ent
=
psz_md5_hash
(
&
ent
);
if
(
!
psz_ent
)
goto
error
;
AddMD5
(
&
md5
,
":"
,
1
);
AddMD5
(
&
md5
,
psz_ent
,
32
);
free
(
psz_ent
);
}
EndMD5
(
&
md5
);
psz_HA2
=
psz_md5_hash
(
&
md5
);
if
(
!
psz_HA2
)
goto
error
;
/* Request digest */
InitMD5
(
&
md5
);
AddMD5
(
&
md5
,
psz_HA1
,
32
);
AddMD5
(
&
md5
,
":"
,
1
);
AddMD5
(
&
md5
,
p_auth
->
psz_nonce
,
strlen
(
p_auth
->
psz_nonce
)
);
AddMD5
(
&
md5
,
":"
,
1
);
if
(
p_auth
->
psz_qop
if
(
p_auth
->
psz_qop
&&
(
!
strcmp
(
p_auth
->
psz_qop
,
"auth"
)
&&
(
!
strcmp
(
p_auth
->
psz_qop
,
"auth"
)
||
!
strcmp
(
p_auth
->
psz_qop
,
"auth-int"
)
)
)
||
!
strcmp
(
p_auth
->
psz_qop
,
"auth-int"
)
)
)
{
{
char
*
psz_tmp
=
pf_algo
(
psz_A2
);
char
psz_inonce
[
9
];
if
(
!
psz_tmp
)
goto
error
;
snprintf
(
psz_inonce
,
9
,
"%08x"
,
p_auth
->
i_nonce
);
if
(
asprintf
(
&
psz_data
,
"%s:%08x:%s:%s:%s"
,
AddMD5
(
&
md5
,
psz_inonce
,
8
);
p_auth
->
psz_nonce
,
p_auth
->
i_nonce
,
AddMD5
(
&
md5
,
":"
,
1
);
p_auth
->
psz_cnonce
,
p_auth
->
psz_qop
,
psz_tmp
)
<
0
)
AddMD5
(
&
md5
,
p_auth
->
psz_cnonce
,
strlen
(
p_auth
->
psz_cnonce
)
);
{
AddMD5
(
&
md5
,
":"
,
1
);
free
(
psz_tmp
);
AddMD5
(
&
md5
,
p_auth
->
psz_qop
,
strlen
(
p_auth
->
psz_qop
)
);
goto
error
;
AddMD5
(
&
md5
,
":"
,
1
);
}
free
(
psz_tmp
);
}
else
{
char
*
psz_tmp
=
pf_algo
(
psz_A2
);
if
(
!
psz_tmp
)
goto
error
;
if
(
asprintf
(
&
psz_data
,
"%s:%s"
,
p_auth
->
psz_nonce
,
psz_tmp
)
<
0
)
{
free
(
psz_tmp
);
goto
error
;
}
free
(
psz_tmp
);
}
if
(
psz_secret
&&
psz_data
)
{
char
*
psz_tmp
=
NULL
;
if
(
asprintf
(
&
psz_tmp
,
"%s:%s"
,
psz_secret
,
psz_data
)
<
0
)
goto
error
;
psz_response
=
pf_algo
(
psz_tmp
);
free
(
psz_tmp
);
if
(
!
psz_response
)
goto
error
;
}
else
{
goto
error
;
}
}
AddMD5
(
&
md5
,
psz_HA2
,
32
);
EndMD5
(
&
md5
);
psz_response
=
psz_md5_hash
(
&
md5
);
if
(
!
psz_response
)
goto
error
;
net_Printf
(
VLC_OBJECT
(
p_access
),
p_sys
->
fd
,
pvs
,
net_Printf
(
VLC_OBJECT
(
p_access
),
p_sys
->
fd
,
pvs
,
"%sAuthorization: Digest "
"%sAuthorization: Digest "
...
@@ -1785,12 +1773,11 @@ static void AuthReply( access_t *p_access, const char *psz_prefix,
...
@@ -1785,12 +1773,11 @@ static void AuthReply( access_t *p_access, const char *psz_prefix,
p_auth
->
i_nonce
?
"
\"
"
:
"
\"
"
p_auth
->
i_nonce
?
"
\"
"
:
"
\"
"
);
);
error:
error:
free
(
psz_HA1
);
free
(
psz_HA2
);
free
(
psz_response
);
free
(
psz_response
);
free
(
psz_A1
);
free
(
psz_A2
);
free
(
psz_secret
);
free
(
psz_data
);
}
}
else
else
{
{
...
@@ -1821,5 +1808,5 @@ static void AuthReset( http_auth_t *p_auth )
...
@@ -1821,5 +1808,5 @@ static void AuthReset( http_auth_t *p_auth )
FREENULL
(
p_auth
->
psz_qop
);
FREENULL
(
p_auth
->
psz_qop
);
p_auth
->
i_nonce
=
0
;
p_auth
->
i_nonce
=
0
;
FREENULL
(
p_auth
->
psz_cnonce
);
FREENULL
(
p_auth
->
psz_cnonce
);
FREENULL
(
p_auth
->
psz_A1
);
FREENULL
(
p_auth
->
psz_
H
A1
);
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment