int cbparse_entry_devtype(void *pArg, const char *p) {
int rc = 0;
PARSE_ENTRY_DATA_T *pEntryData = (PARSE_ENTRY_DATA_T *) pArg;
//fprintf(stderr, "entry '%s'\n", p);
if(!strncasecmp(p, DEVFILE_KEY_DEVICE, strlen(DEVFILE_KEY_DEVICE))) {
if((p = strutil_skip_key(p, strlen(DEVFILE_KEY_DEVICE)))) {
p = avc_dequote(p, NULL, 0);
strncpy(pEntryData->devname, p, sizeof(pEntryData->devname) - 1);
pEntryData->flags |= PARSE_FLAG_HAVE_DEVNAME;
}
} else if(!strncasecmp(p, DEVFILE_KEY_METHODS, strlen(DEVFILE_KEY_METHODS))) {
if((p = strutil_skip_key(p, strlen(DEVFILE_KEY_METHODS)))) {
p = avc_dequote(p, NULL, 0);
if(strutil_parse_csv(cbparse_entry_devtype_method, pEntryData, p) < 0) {
LOG(X_WARNING("Failed to parse device type method(s) '%s'"), p);
}
//fprintf(stderr, "%s %d %d %d %d\n", pEntryData->devname, pEntryData->methods[0], pEntryData->methods[1], pEntryData->methods[2], pEntryData->methods[3]);
pEntryData->flags |= PARSE_FLAG_HAVE_METHOD;
}
} else if(!strncasecmp(p, DEVFILE_KEY_METHOD, strlen(DEVFILE_KEY_METHOD))) {
if((p = strutil_skip_key(p, strlen(DEVFILE_KEY_METHOD)))) {
p = avc_dequote(p, NULL, 0);
pEntryData->methods[0] = devtype_methodfromstr(p);
pEntryData->flags |= PARSE_FLAG_HAVE_METHOD;
}
} else if(!strncasecmp(p, DEVFILE_KEY_TYPE, strlen(DEVFILE_KEY_TYPE))) {
if((p = strutil_skip_key(p, strlen(DEVFILE_KEY_TYPE)))) {
p = avc_dequote(p, NULL, 0);
pEntryData->devtype = devtype_typefromstr(p);
pEntryData->flags |= PARSE_FLAG_HAVE_DEVTYPE;
}
} else if(!strncasecmp(p, DEVFILE_KEY_MATCH, strlen(DEVFILE_KEY_MATCH))) {
if((p = strutil_skip_key(p, strlen(DEVFILE_KEY_MATCH)))) {
p = avc_dequote(p, NULL, 0);
strncpy(pEntryData->strmatch, p, sizeof(pEntryData->strmatch) - 1);
pEntryData->flags |= PARSE_FLAG_HAVE_MATCH;
}
}
return rc;
}
static const char *store_parse_entry(const char *p,
const char *key,
int *pflags,
int flag,
char *buf,
unsigned int bufsz) {
if((p = strutil_skip_key(p, strlen(key))) && (p = avc_dequote(p, NULL, 0))) {
if(buf && bufsz > 0) {
strncpy(buf, p, bufsz - 1);
}
if(pflags && flag != 0) {
*pflags |= flag;
}
}
return p;
}
static int cbparse_entry_rtspua(void *pArg, const char *p) {
STREAM_RTSP_SESSIONS_T *pRtsp = (STREAM_RTSP_SESSIONS_T *) pArg;
size_t sz;
int rc = 0;
if(pRtsp->rtspForceTcpUAList.count >= RTSP_FORCE_TCP_UA_LIST_MAX) {
return 0;
}
if((p = avc_dequote(p, NULL, 0))) {
sz = strlen(p);
if(!(pRtsp->rtspForceTcpUAList.arr[pRtsp->rtspForceTcpUAList.count] = (char *) avc_calloc(1, sz + 1))) {
return -1;
}
memcpy(pRtsp->rtspForceTcpUAList.arr[pRtsp->rtspForceTcpUAList.count++], p, sz);
}
return rc;
}
int srvauth_authenticate(const AUTH_CREDENTIALS_STORE_T *pAuthStore, const HTTP_REQ_T *pReq,
const char *nonce_srv, const char *opaque_srv, const char *realm_srv,
char *bufAuthHdr, unsigned int bufOutSz) {
int rc = 0;
int ok_auth = 0;
int do_basic = 0;
char bufAuth[1024];
char tmpH1[KEYVAL_MAXLEN];
char tmpH2[KEYVAL_MAXLEN];
char tmpDigest[KEYVAL_MAXLEN];
char tmps[6][KEYVAL_MAXLEN];
char bufnonce[AUTH_NONCE_MAXLEN];
const char *pAuthHdr = NULL;
const char *enc = NULL;
const char *realm = NULL;
const char *uri_cli = NULL;
const char *qop_cli = NULL;
const char *nc_cli = NULL;
const char *cnonce_cli = NULL;
const char *nonce_cli = NULL;
const char *resp_cli = NULL;
AUTH_LIST_T authList;
AUTH_CREDENTIALS_STORE_T authStore;
if(!pAuthStore || !pReq) {
return -1;
}
if(!IS_AUTH_CREDENTIALS_SET(pAuthStore)) {
//
// No username and password has been set
//
return 0;
}
if(!(realm = realm_srv)) {
realm = pAuthStore->realm;
}
if(!realm || realm[0] == '\0') {
realm = VSX_BINARY;
}
if(pAuthStore->authtype == HTTP_AUTH_TYPE_FORCE_BASIC) {
do_basic = 1;
}
if(ok_auth >= 0 &&
!(pAuthHdr = conf_find_keyval((const KEYVAL_PAIR_T *) &pReq->reqPairs, HTTP_HDR_AUTHORIZATION))) {
LOG(X_WARNING("Client request doest not include "HTTP_HDR_AUTHORIZATION" header for %s %s"),
pReq->method, pReq->url);
ok_auth = -1;
}
if(ok_auth >= 0) {
enc = pAuthHdr;
MOVE_WHILE_SPACE(enc);
if(!strncasecmp(AUTH_STR_BASIC, enc, strlen(AUTH_STR_BASIC))) {
enc += strlen(AUTH_STR_BASIC);
MOVE_WHILE_SPACE(enc);
if(pAuthStore->authtype == HTTP_AUTH_TYPE_ALLOW_BASIC || pAuthStore->authtype == HTTP_AUTH_TYPE_FORCE_BASIC) {
do_basic = 1;
} else {
LOG(X_WARNING("Client wants disabled Basic authentication for %s %s"), pReq->method, pReq->url);
ok_auth = -1;
}
} else if(!strncasecmp(AUTH_STR_DIGEST, enc, strlen(AUTH_STR_DIGEST))) {
enc += strlen(AUTH_STR_DIGEST);
MOVE_WHILE_SPACE(enc);
} else {
LOG(X_WARNING("Client request contains unsupported "HTTP_HDR_AUTHORIZATION
" header type '%s' for %s %s"), pAuthHdr, pReq->method, pReq->url);
ok_auth = -1;
}
}
if(ok_auth >= 0 && do_basic) {
//
// Basic Auth
//
memset(&authStore, 0, sizeof(authStore));
//
// Parse the header Authorization: Basic <Base64(username:password)>
//
if(ok_auth >= 0 &&
auth_basic_decode(enc, authStore.username, sizeof(authStore.username),
authStore.pass, sizeof(authStore.pass)) < 0) {
LOG(X_WARNING("Client "HTTP_HDR_AUTHORIZATION" Basic Auth decode failed for '%s' for %s %s"),
enc, pReq->method, pReq->url);
ok_auth = -1;
}
//
// Verify the username and password
//
if(ok_auth >= 0) {
if(((pAuthStore->username[0] != '\0' && !strcmp(pAuthStore->username, authStore.username)) &&
(pAuthStore->pass[0] != '\0' && !strcmp(pAuthStore->pass, authStore.pass)))) {
ok_auth = 1;
} else {
LOG(X_WARNING("Client "HTTP_HDR_AUTHORIZATION" incorrect Basic auth credentials for "
"'%s' for %s %s username: %s"), pAuthHdr, pReq->method, pReq->url, pAuthStore->username);
ok_auth = -1;
}
}
} else if(ok_auth >= 0) {
//
// Parse the Digest Authorization header
//
if(ok_auth >= 0 && auth_digest_parse(enc, &authList) < 0) {
LOG(X_WARNING("Failed to parse client "HTTP_HDR_AUTHORIZATION" '%s' for %s %s"),
pAuthHdr, pReq->method, pReq->url);
ok_auth = -1;
} else if(ok_auth >= 0) {
uri_cli = avc_dequote(conf_find_keyval(&authList.list[0], "uri"), tmps[0], sizeof(tmps[0]));
qop_cli = avc_dequote(conf_find_keyval(&authList.list[0], "qop"), tmps[1], sizeof(tmps[1]));
nc_cli = avc_dequote(conf_find_keyval(&authList.list[0], "nc"), tmps[2], sizeof(tmps[2]));
cnonce_cli = avc_dequote(conf_find_keyval(&authList.list[0], "cnonce"), tmps[3], sizeof(tmps[3]));
nonce_cli = avc_dequote(conf_find_keyval(&authList.list[0], "nonce"), tmps[4], sizeof(tmps[4]));
resp_cli = avc_dequote(conf_find_keyval(&authList.list[0], "response"), tmps[5], sizeof(tmps[5]));
//
// If nonce_srv is supplied, we try to do nonce validation
// (prior generated nonce should not be stored per-connection but globally with matching
// client IP and creation time
//
if(ok_auth >= 0 && (!nonce_cli || (nonce_srv && strcmp(nonce_cli, nonce_srv)))) {
LOG(X_WARNING("Invalid nonce from client: '%s', expected: '%s' for %s %s"),
nonce_cli, nonce_srv, pReq->method, pReq->url);
ok_auth = -1;
}
if(ok_auth >= 0 &&
(rc = auth_digest_getH1(pAuthStore->username, realm, pAuthStore->pass, tmpH1, sizeof(tmpH1))) < 0) {
ok_auth = -1;
}
if(ok_auth >= 0 && (rc = auth_digest_getH2(pReq->method, uri_cli, tmpH2, sizeof(tmpH2))) < 0) {
ok_auth = -1;
}
if(ok_auth >= 0 &&
(rc = auth_digest_getDigest(tmpH1, nonce_srv ? nonce_srv : nonce_cli, tmpH2, nc_cli, cnonce_cli,
qop_cli, tmpDigest, sizeof(tmpDigest))) < 0) {
ok_auth = -1;
}
if(ok_auth >= 0 && resp_cli && !strcmp(tmpDigest, resp_cli)) {
ok_auth = 1;
} else {
LOG(X_WARNING("Client "HTTP_HDR_AUTHORIZATION" incorrect Digest auth credentials for '%s' "
"for %s %s username: %s"), pAuthHdr, pReq->method, pReq->url, pAuthStore->username);
ok_auth = -1;
}
}
}
if(ok_auth > 0) {
LOG(X_DEBUG("Succesful %s authentication for %s %s username: %s"),
do_basic ? "Basic" : "Digest", pReq->method, pReq->url, pAuthStore->username);
} else if(ok_auth <= 0 && bufAuthHdr && bufOutSz > 0) {
if(do_basic == 1) {
//
// Basic Auth unauthorized resposne
//
if((rc = snprintf(bufAuthHdr, bufOutSz, "%s: %s realm=\"%s\"\r\n",
HTTP_HDR_WWW_AUTHENTICATE, AUTH_STR_BASIC, realm)) < 0) {
return -1;
}
} else {
//
// Digest Auth RFC 2069 / RFC 2617 unauthorized response
//
memset(&authList, 0, sizeof(authList));
if(nonce_srv && nonce_srv[0] == '\0') {
auth_digest_gethexrandom(16, (char *) nonce_srv, AUTH_NONCE_MAXLEN);
} else {
auth_digest_gethexrandom(16, (char *) bufnonce, AUTH_NONCE_MAXLEN);
}
if(opaque_srv && opaque_srv[0] == '\0') {
auth_digest_gethexrandom(16, (char *) opaque_srv, AUTH_OPAQUE_MAXLEN);
}
//auth_digest_additem(&authList, "qop", "auth", 1);
auth_digest_additem(&authList, "realm", realm, 1);
auth_digest_additem(&authList, "nonce", nonce_srv ? nonce_srv : bufnonce, 1);
if(opaque_srv) {
auth_digest_additem(&authList, "opaque", opaque_srv, 1);
}
if((rc = auth_digest_write(&authList, bufAuth, sizeof(bufAuth))) < 0) {
return -1;
}
if((rc = snprintf(bufAuthHdr, bufOutSz, "%s: %s\r\n", HTTP_HDR_WWW_AUTHENTICATE, bufAuth)) < 0) {
return -1;
}
}
//if(rtsp_resp_sendhdr(pRtsp->pSd, statusCode, pReq->cseq,
// pRtsp->pSession, 0, NULL, bufAuthHdr) < 0) {
// rc = -1;
//}
}
return ok_auth > 0 ? 0 : -1;
}
