char* SIPClient::inviteWithPassword(char const* url, char const* username,
char const* password) {
delete[] (char*)fUserName; fUserName = strDup(username);
fUserNameSize = strlen(fUserName);
Authenticator authenticator;
authenticator.setUsernameAndPassword(username, password);
char* inviteResult = invite(url, &authenticator);
if (inviteResult != NULL) {
// We are already authorized
return inviteResult;
}
// The "realm" and "nonce" fields should have been filled in:
if (authenticator.realm() == NULL || authenticator.nonce() == NULL) {
// We haven't been given enough information to try again, so fail:
return NULL;
}
// Try again (but with the same CallId):
inviteResult = invite1(&authenticator);
if (inviteResult != NULL) {
// The authenticator worked, so use it in future requests:
fValidAuthenticator = authenticator;
}
return inviteResult;
}
void Connection::send_initial_auth_response() {
Authenticator* auth = config_.auth_provider()->new_authenticator(address_);
if (auth == NULL) {
auth_error_ = "Authentication required but no auth provider set";
notify_error(auth_error_);
} else {
AuthResponseRequest* auth_response
= new AuthResponseRequest(auth->initial_response(), auth);
write(new StartupHandler(this, auth_response));
}
}
int sendBeepSound(const char* rtspURL, const char* username, const char* password) {
FILE* fp = fopen(WAVE_FILE, "r");
if ( fp == NULL )
{
LOG("wave file not exists : %s", WAVE_FILE);
return -1;
}
else
{
fclose(fp);
}
// Begin by setting up our usage environment:
TaskScheduler* scheduler = BasicTaskScheduler::createNew();
UsageEnvironment* env = BasicUsageEnvironment::createNew(*scheduler);
// Begin by creating a "RTSPClient" object. Note that there is a separate "RTSPClient" object for each stream that we wish
// to receive (even if more than stream uses the same "rtsp://" URL).
ourRTSPClient* rtspClient = ourRTSPClient::createNew(*env, rtspURL, RTSP_CLIENT_VERBOSITY_LEVEL, "SCBT BackChannel");
if (rtspClient == NULL) {
*env << "Failed to create a RTSP client for URL \"" << rtspURL << "\": " << env->getResultMsg() << "\n";
env->reclaim(); env = NULL;
delete scheduler; scheduler = NULL;
return -2;
}
rtspClient->bRequireBackChannel = bEnableBackChannel;
// Next, send a RTSP "DESCRIBE" command, to get a SDP description for the stream.
// Note that this command - like all RTSP commands - is sent asynchronously; we do not block, waiting for a response.
// Instead, the following function call returns immediately, and we handle the RTSP response later, from within the event loop:
Authenticator auth;
auth.setUsernameAndPassword(username, password);
rtspClient->sendDescribeCommand(continueAfterDESCRIBE, &auth);
//continueAfterSETUP(rtspClient, 0, new char[2]);
//startPlay(rtspClient);
// All subsequent activity takes place within the event loop:
env->taskScheduler().doEventLoop(&(rtspClient->scs.eventLoopWatchVariable));
// This function call does not return, unless, at some point in time, "eventLoopWatchVariable" gets set to something non-zero.
// If you choose to continue the application past this point (i.e., if you comment out the "return 0;" statement above),
// and if you don't intend to do anything more with the "TaskScheduler" and "UsageEnvironment" objects,
// then you can also reclaim the (small) memory used by these objects by uncommenting the following code:
env->reclaim(); env = NULL;
delete scheduler; scheduler = NULL;
return 0;
}
/**
* \brief Function to check user on database
* \return true if the user is authenticated else false
*/
bool
UserServer::isAuthenticate(bool flagForChangePwd) {
bool existUser = false;
AuthenticatorFactory authFactory;
Authenticator *authenticatorInstance = authFactory.getAuthenticatorInstance();
existUser = authenticatorInstance->authenticate(muser);
if (existUser) {
CheckUserState(flagForChangePwd);
}
return existUser;
}
void MessageWorker::kudosMessage(QString messageId, QString authorId)
{
Authenticator* auth = Authenticator::Instance();
if (auth->authenticated() && authorId.contains(auth->userId(), Qt::CaseInsensitive))
{
emit postComplete(false, tr("You cannot like your own posts."));
}
else
{
const QString kudosUrl = URLProvider::getForumURL() + QString::fromLatin1("messages/id/%1/kudos/give").arg(messageId);
mForumRequest->makeRequest(kudosUrl, true);
}
}
void Searcher::findUsersPosts(QString pageNo)
{
Authenticator* auth = Authenticator::Instance();
if (auth->authenticated())
{
mSearchData->clear();
QString queryUrl =
URLProvider::getForumURL() + QString::fromLatin1("users/%1/posts/messages?message_viewer.message_sort_order=thread_descending&page_size=10&page=%2").arg(auth->userId(), pageNo);
mForumRequest->makeRequest(queryUrl);
}
else
{
emit searchRequestFailed(tr("You must be logged into view your posts. Swipe down from the top of the screen and choose Settings to log in."));
}
}
// NOTE: This method represents a theoretical way to use a U2F-compliant token
// to produce the result of the WebAuthn GetAssertion method. The exact mapping
// of U2F data fields to WebAuthn data fields is still a matter of ongoing
// discussion, and this should not be taken as anything but a point-in- time
// possibility.
void
WebAuthentication::U2FAuthGetAssertion(const RefPtr<AssertionRequest>& aRequest,
const Authenticator& aToken, CryptoBuffer& aRpIdHash,
const nsACString& aClientData, CryptoBuffer& aClientDataHash,
nsTArray<CryptoBuffer>& aAllowList,
const WebAuthnExtensions& aExtensions)
{
MOZ_LOG(gWebauthLog, LogLevel::Debug, ("U2FAuthGetAssertion"));
// 4.1.2.7.e Add an entry to issuedRequests, corresponding to this request.
aRequest->AddActiveToken(__func__);
// 4.1.2.8 While issuedRequests is not empty, perform the following actions
// depending upon the adjustedTimeout timer and responses from the
// authenticators:
// 4.1.2.8.a If the timer for adjustedTimeout expires, then for each entry
// in issuedRequests invoke the authenticatorCancel operation on that
// authenticator and remove its entry from the list.
for (CryptoBuffer& allowedCredential : aAllowList) {
bool isRegistered = false;
nsresult rv = aToken->IsRegistered(allowedCredential.Elements(),
allowedCredential.Length(),
&isRegistered);
// 4.1.2.8.b If any authenticator returns a status indicating that the user
// cancelled the operation, delete that authenticator’s entry from
// issuedRequests. For each remaining entry in issuedRequests invoke the
// authenticatorCancel operation on that authenticator, and remove its entry
// from the list.
// 4.1.2.8.c If any authenticator returns an error status, delete the
// corresponding entry from issuedRequests.
if (NS_WARN_IF(NS_FAILED(rv))) {
aRequest->SetFailure(rv);
return;
}
if (!isRegistered) {
continue;
}
// Sign
uint8_t* buffer;
uint32_t bufferlen;
rv = aToken->Sign(aRpIdHash.Elements(), aRpIdHash.Length(),
aClientDataHash.Elements(), aClientDataHash.Length(),
allowedCredential.Elements(), allowedCredential.Length(),
&buffer, &bufferlen);
if (NS_WARN_IF(NS_FAILED(rv))) {
aRequest->SetFailure(rv);
return;
}
MOZ_ASSERT(buffer);
CryptoBuffer signatureData;
if (NS_WARN_IF(!signatureData.Assign(buffer, bufferlen))) {
free(buffer);
aRequest->SetFailure(NS_ERROR_OUT_OF_MEMORY);
return;
}
free(buffer);
// 4.1.2.8.d If any authenticator returns success:
// 4.1.2.8.d.1 Remove this authenticator’s entry from issuedRequests.
// 4.1.2.8.d.2 Create a new WebAuthnAssertion object named value and
// populate its fields with the values returned from the authenticator as
// well as the clientDataJSON computed earlier.
CryptoBuffer clientDataBuf;
if (!clientDataBuf.Assign(aClientData)) {
aRequest->SetFailure(NS_ERROR_OUT_OF_MEMORY);
return;
}
CryptoBuffer authenticatorDataBuf;
rv = U2FAssembleAuthenticatorData(authenticatorDataBuf, aRpIdHash,
signatureData);
if (NS_WARN_IF(NS_FAILED(rv))) {
aRequest->SetFailure(rv);
return;
}
RefPtr<ScopedCredential> credential = new ScopedCredential(this);
credential->SetType(ScopedCredentialType::ScopedCred);
credential->SetId(allowedCredential);
AssertionPtr assertion = new WebAuthnAssertion(this);
assertion->SetCredential(credential);
assertion->SetClientData(clientDataBuf);
assertion->SetAuthenticatorData(authenticatorDataBuf);
assertion->SetSignature(signatureData);
// 4.1.2.8.d.3 For each remaining entry in issuedRequests invoke the
// authenticatorCancel operation on that authenticator and remove its entry
// from the list.
// 4.1.2.8.d.4 Resolve promise with value and terminate this algorithm.
aRequest->SetSuccess(assertion);
return;
}
// 4.1.2.9 Reject promise with a DOMException whose name is "NotAllowedError",
// and terminate this algorithm.
aRequest->SetFailure(NS_ERROR_DOM_NOT_ALLOWED_ERR);
}
// NOTE: This method represents a theoretical way to use a U2F-compliant token
// to produce the result of the WebAuthn MakeCredential method. The exact
// mapping of U2F data fields to WebAuthn data fields is still a matter of
// ongoing discussion, and this should not be taken as anything but a point-in-
// time possibility.
void
WebAuthentication::U2FAuthMakeCredential(
const RefPtr<CredentialRequest>& aRequest,
const Authenticator& aToken, CryptoBuffer& aRpIdHash,
const nsACString& aClientData, CryptoBuffer& aClientDataHash,
const Account& aAccount,
const nsTArray<ScopedCredentialParameters>& aNormalizedParams,
const Optional<Sequence<ScopedCredentialDescriptor>>& aExcludeList,
const WebAuthnExtensions& aExtensions)
{
MOZ_LOG(gWebauthLog, LogLevel::Debug, ("U2FAuthMakeCredential"));
aRequest->AddActiveToken(__func__);
// 5.1.1 When this operation is invoked, the authenticator must perform the
// following procedure:
// 5.1.1.a Check if all the supplied parameters are syntactically well-
// formed and of the correct length. If not, return an error code equivalent
// to UnknownError and terminate the operation.
if ((aRpIdHash.Length() != SHA256_LENGTH) ||
(aClientDataHash.Length() != SHA256_LENGTH)) {
aRequest->SetFailure(NS_ERROR_DOM_UNKNOWN_ERR);
return;
}
// 5.1.1.b Check if at least one of the specified combinations of
// ScopedCredentialType and cryptographic parameters is supported. If not,
// return an error code equivalent to NotSupportedError and terminate the
// operation.
bool isValidCombination = false;
for (size_t a = 0; a < aNormalizedParams.Length(); ++a) {
if (aNormalizedParams[a].mType == ScopedCredentialType::ScopedCred &&
aNormalizedParams[a].mAlgorithm.IsString() &&
aNormalizedParams[a].mAlgorithm.GetAsString().EqualsLiteral(
WEBCRYPTO_NAMED_CURVE_P256)) {
isValidCombination = true;
break;
}
}
if (!isValidCombination) {
aRequest->SetFailure(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
return;
}
// 5.1.1.c Check if a credential matching any of the supplied
// ScopedCredential identifiers is present on this authenticator. If so,
// return an error code equivalent to NotAllowedError and terminate the
// operation.
if (aExcludeList.WasPassed()) {
const Sequence<ScopedCredentialDescriptor>& list = aExcludeList.Value();
for (const ScopedCredentialDescriptor& scd : list) {
bool isRegistered = false;
uint8_t *data;
uint32_t len;
// data is owned by the Descriptor, do don't free it here.
if (NS_FAILED(ScopedCredentialGetData(scd, &data, &len))) {
aRequest->SetFailure(NS_ERROR_DOM_UNKNOWN_ERR);
return;
}
nsresult rv = aToken->IsRegistered(data, len, &isRegistered);
if (NS_WARN_IF(NS_FAILED(rv))) {
aRequest->SetFailure(rv);
return;
}
if (isRegistered) {
aRequest->SetFailure(NS_ERROR_DOM_NOT_ALLOWED_ERR);
return;
}
}
}
// 5.1.1.d Prompt the user for consent to create a new credential. The
// prompt for obtaining this consent is shown by the authenticator if it has
// its own output capability, or by the user agent otherwise. If the user
// denies consent, return an error code equivalent to NotAllowedError and
// terminate the operation.
// 5.1.1.d Once user consent has been obtained, generate a new credential
// object
// 5.1.1.e If any error occurred while creating the new credential object,
// return an error code equivalent to UnknownError and terminate the
// operation.
// 5.1.1.f Process all the supported extensions requested by the client, and
// generate an attestation statement. If no authority key is available to
// sign such an attestation statement, then the authenticator performs self
// attestation of the credential with its own private key. For more details
// on attestation, see §5.3 Credential Attestation Statements.
// No extensions are supported
// 4.1.1.11 While issuedRequests is not empty, perform the following actions
// depending upon the adjustedTimeout timer and responses from the
// authenticators:
// 4.1.1.11.a If the adjustedTimeout timer expires, then for each entry in
// issuedRequests invoke the authenticatorCancel operation on that
// authenticator and remove its entry from the list.
uint8_t* buffer;
uint32_t bufferlen;
nsresult rv = aToken->Register(aRpIdHash.Elements(), aRpIdHash.Length(),
aClientDataHash.Elements(),
aClientDataHash.Length(), &buffer, &bufferlen);
// 4.1.1.11.b If any authenticator returns a status indicating that the user
// cancelled the operation, delete that authenticator’s entry from
// issuedRequests. For each remaining entry in issuedRequests invoke the
// authenticatorCancel operation on that authenticator and remove its entry
// from the list.
// 4.1.1.11.c If any authenticator returns an error status, delete the
// corresponding entry from issuedRequests.
if (NS_WARN_IF(NS_FAILED(rv))) {
aRequest->SetFailure(NS_ERROR_DOM_UNKNOWN_ERR);
return;
}
MOZ_ASSERT(buffer);
CryptoBuffer regData;
if (NS_WARN_IF(!regData.Assign(buffer, bufferlen))) {
free(buffer);
aRequest->SetFailure(NS_ERROR_OUT_OF_MEMORY);
return;
}
free(buffer);
// Decompose the U2F registration packet
CryptoBuffer pubKeyBuf;
CryptoBuffer keyHandleBuf;
CryptoBuffer attestationCertBuf;
CryptoBuffer signatureBuf;
rv = U2FDecomposeRegistrationResponse(regData, pubKeyBuf, keyHandleBuf,
attestationCertBuf, signatureBuf);
if (NS_WARN_IF(NS_FAILED(rv))) {
aRequest->SetFailure(rv);
return;
}
// Sign the aClientDataHash explicitly to get the format needed for
// the AuthenticatorData parameter of WebAuthnAttestation. This might
// be temporary while the spec settles down how to incorporate U2F.
rv = aToken->Sign(aRpIdHash.Elements(), aRpIdHash.Length(),
aClientDataHash.Elements(), aClientDataHash.Length(),
keyHandleBuf.Elements(), keyHandleBuf.Length(), &buffer,
&bufferlen);
if (NS_WARN_IF(NS_FAILED(rv))) {
aRequest->SetFailure(rv);
return;
}
MOZ_ASSERT(buffer);
CryptoBuffer signatureData;
if (NS_WARN_IF(!signatureData.Assign(buffer, bufferlen))) {
free(buffer);
aRequest->SetFailure(NS_ERROR_OUT_OF_MEMORY);
return;
}
free(buffer);
CryptoBuffer clientDataBuf;
if (!clientDataBuf.Assign(aClientData)) {
aRequest->SetFailure(NS_ERROR_OUT_OF_MEMORY);
return;
}
CryptoBuffer authenticatorDataBuf;
rv = U2FAssembleAuthenticatorData(authenticatorDataBuf, aRpIdHash,
signatureData);
if (NS_WARN_IF(NS_FAILED(rv))) {
aRequest->SetFailure(rv);
return;
}
// 4.1.1.11.d If any authenticator indicates success:
// 4.1.1.11.d.1 Remove this authenticator’s entry from issuedRequests.
// 4.1.1.11.d.2 Create a new ScopedCredentialInfo object named value and
// populate its fields with the values returned from the authenticator as well
// as the clientDataJSON computed earlier.
RefPtr<ScopedCredential> credential = new ScopedCredential(this);
credential->SetType(ScopedCredentialType::ScopedCred);
credential->SetId(keyHandleBuf);
RefPtr<WebAuthnAttestation> attestation = new WebAuthnAttestation(this);
attestation->SetFormat(NS_LITERAL_STRING("u2f"));
attestation->SetClientData(clientDataBuf);
attestation->SetAuthenticatorData(authenticatorDataBuf);
attestation->SetAttestation(regData);
CredentialPtr info = new ScopedCredentialInfo(this);
info->SetCredential(credential);
info->SetAttestation(attestation);
// 4.1.1.11.d.3 For each remaining entry in issuedRequests invoke the
// authenticatorCancel operation on that authenticator and remove its entry
// from the list.
// 4.1.1.11.d.4 Resolve promise with value and terminate this algorithm.
aRequest->SetSuccess(info);
}
Authenticator::Authenticator(const Authenticator& orig) {
assign(orig.realm(), orig.nonce(), orig.username(), orig.password(), orig.fPasswordIsMD5);
}
Boolean DarwinInjector
::setDestination(char const* remoteRTSPServerNameOrAddress,
char const* remoteFileName,
char const* sessionName,
char const* sessionInfo,
portNumBits remoteRTSPServerPortNumber,
char const* remoteUserName,
char const* remotePassword,
char const* sessionAuthor,
char const* sessionCopyright,
int timeout) {
char* sdp = NULL;
char* url = NULL;
Boolean success = False; // until we learn otherwise
do {
// Construct a RTSP URL for the remote stream:
char const* const urlFmt = "rtsp://%s:%u/%s";
unsigned urlLen
= strlen(urlFmt) + strlen(remoteRTSPServerNameOrAddress) + 5 /* max short len */ + strlen(remoteFileName);
url = new char[urlLen];
sprintf(url, urlFmt, remoteRTSPServerNameOrAddress, remoteRTSPServerPortNumber, remoteFileName);
// Begin by creating our RTSP client object:
fRTSPClient = new RTSPClientForDarwinInjector(envir(), url, fVerbosityLevel, fApplicationName, this);
if (fRTSPClient == NULL) break;
// Get the remote RTSP server's IP address:
struct in_addr addr;
{
NetAddressList addresses(remoteRTSPServerNameOrAddress);
if (addresses.numAddresses() == 0) break;
NetAddress const* address = addresses.firstAddress();
addr.s_addr = *(unsigned*)(address->data());
}
AddressString remoteRTSPServerAddressStr(addr);
// Construct a SDP description for the session that we'll be streaming:
char const* const sdpFmt =
"v=0\r\n"
"o=- %u %u IN IP4 127.0.0.1\r\n"
"s=%s\r\n"
"i=%s\r\n"
"c=IN IP4 %s\r\n"
"t=0 0\r\n"
"a=x-qt-text-nam:%s\r\n"
"a=x-qt-text-inf:%s\r\n"
"a=x-qt-text-cmt:source application:%s\r\n"
"a=x-qt-text-aut:%s\r\n"
"a=x-qt-text-cpy:%s\r\n";
// plus, %s for each substream SDP
unsigned sdpLen = strlen(sdpFmt)
+ 20 /* max int len */ + 20 /* max int len */
+ strlen(sessionName)
+ strlen(sessionInfo)
+ strlen(remoteRTSPServerAddressStr.val())
+ strlen(sessionName)
+ strlen(sessionInfo)
+ strlen(fApplicationName)
+ strlen(sessionAuthor)
+ strlen(sessionCopyright)
+ fSubstreamSDPSizes;
unsigned const sdpSessionId = our_random32();
unsigned const sdpVersion = sdpSessionId;
sdp = new char[sdpLen];
sprintf(sdp, sdpFmt,
sdpSessionId, sdpVersion, // o= line
sessionName, // s= line
sessionInfo, // i= line
remoteRTSPServerAddressStr.val(), // c= line
sessionName, // a=x-qt-text-nam: line
sessionInfo, // a=x-qt-text-inf: line
fApplicationName, // a=x-qt-text-cmt: line
sessionAuthor, // a=x-qt-text-aut: line
sessionCopyright // a=x-qt-text-cpy: line
);
char* p = &sdp[strlen(sdp)];
SubstreamDescriptor* ss;
for (ss = fHeadSubstream; ss != NULL; ss = ss->next()) {
sprintf(p, "%s", ss->sdpLines());
p += strlen(p);
}
// Do a RTSP "ANNOUNCE" with this SDP description:
Authenticator auth;
Authenticator* authToUse = NULL;
if (remoteUserName[0] != '\0' || remotePassword[0] != '\0') {
auth.setUsernameAndPassword(remoteUserName, remotePassword);
authToUse = &auth;
}
fWatchVariable = 0;
(void)fRTSPClient->sendAnnounceCommand(sdp, genericResponseHandler, authToUse);
// Now block (but handling events) until we get a response:
envir().taskScheduler().doEventLoop(&fWatchVariable);
delete[] fResultString;
if (fResultCode != 0) break; // an error occurred with the RTSP "ANNOUNCE" command
// Next, tell the remote server to start receiving the stream from us.
// (To do this, we first create a "MediaSession" object from the SDP description.)
fSession = MediaSession::createNew(envir(), sdp);
if (fSession == NULL) break;
ss = fHeadSubstream;
MediaSubsessionIterator iter(*fSession);
MediaSubsession* subsession;
ss = fHeadSubstream;
unsigned streamChannelId = 0;
while ((subsession = iter.next()) != NULL) {
if (!subsession->initiate()) break;
fWatchVariable = 0;
(void)fRTSPClient->sendSetupCommand(*subsession, genericResponseHandler,
True /*streamOutgoing*/,
True /*streamUsingTCP*/);
// Now block (but handling events) until we get a response:
envir().taskScheduler().doEventLoop(&fWatchVariable);
delete[] fResultString;
if (fResultCode != 0) break; // an error occurred with the RTSP "SETUP" command
// Tell this subsession's RTPSink and RTCPInstance to use
// the RTSP TCP connection:
ss->rtpSink()->setStreamSocket(fRTSPClient->socketNum(), streamChannelId++);
if (ss->rtcpInstance() != NULL) {
ss->rtcpInstance()->setStreamSocket(fRTSPClient->socketNum(),
streamChannelId++);
}
ss = ss->next();
}
if (subsession != NULL) break; // an error occurred above
// Tell the RTSP server to start:
fWatchVariable = 0;
(void)fRTSPClient->sendPlayCommand(*fSession, genericResponseHandler);
// Now block (but handling events) until we get a response:
envir().taskScheduler().doEventLoop(&fWatchVariable);
delete[] fResultString;
if (fResultCode != 0) break; // an error occurred with the RTSP "PLAY" command
// Finally, make sure that the output TCP buffer is a reasonable size:
increaseSendBufferTo(envir(), fRTSPClient->socketNum(), 100*1024);
success = True;
} while (0);
delete[] sdp;
delete[] url;
return success;
}
