diff options
Diffstat (limited to 'libavformat')
| -rw-r--r-- | libavformat/http.c | 22 | ||||
| -rw-r--r-- | libavformat/httpauth.c | 10 | ||||
| -rw-r--r-- | libavformat/httpauth.h | 7 | ||||
| -rw-r--r-- | libavformat/rtsp.c | 8 | ||||
| -rw-r--r-- | libavformat/rtspdec.c | 7 |
5 files changed, 43 insertions, 11 deletions
diff --git a/libavformat/http.c b/libavformat/http.c index 8922a74441..2589a8ffb9 100644 --- a/libavformat/http.c +++ b/libavformat/http.c @@ -96,7 +96,7 @@ static int http_open_cnx(URLContext *h) char auth[1024], proxyauth[1024] = ""; char path1[1024]; char buf[1024], urlbuf[1024]; - int port, use_proxy, err, location_changed = 0, redirects = 0; + int port, use_proxy, err, location_changed = 0, redirects = 0, attempts = 0; HTTPAuthType cur_auth_type, cur_proxy_auth_type; HTTPContext *s = h->priv_data; URLContext *hd = NULL; @@ -148,16 +148,18 @@ static int http_open_cnx(URLContext *h) cur_proxy_auth_type = s->auth_state.auth_type; if (http_connect(h, path, local_path, hoststr, auth, proxyauth, &location_changed) < 0) goto fail; + attempts++; if (s->http_code == 401) { - if (cur_auth_type == HTTP_AUTH_NONE && s->auth_state.auth_type != HTTP_AUTH_NONE) { + if ((cur_auth_type == HTTP_AUTH_NONE || s->auth_state.stale) && + s->auth_state.auth_type != HTTP_AUTH_NONE && attempts < 4) { ffurl_close(hd); goto redo; } else goto fail; } if (s->http_code == 407) { - if (cur_proxy_auth_type == HTTP_AUTH_NONE && - s->proxy_auth_state.auth_type != HTTP_AUTH_NONE) { + if ((cur_proxy_auth_type == HTTP_AUTH_NONE || s->proxy_auth_state.stale) && + s->proxy_auth_state.auth_type != HTTP_AUTH_NONE && attempts < 4) { ffurl_close(hd); goto redo; } else @@ -169,6 +171,10 @@ static int http_open_cnx(URLContext *h) ffurl_close(hd); if (redirects++ >= MAX_REDIRECTS) return AVERROR(EIO); + /* Restart the authentication process with the new target, which + * might use a different auth mechanism. */ + memset(&s->auth_state, 0, sizeof(s->auth_state)); + attempts = 0; location_changed = 0; goto redo; } @@ -602,7 +608,7 @@ static int http_proxy_open(URLContext *h, const char *uri, int flags) char hostname[1024], hoststr[1024]; char auth[1024], pathbuf[1024], *path; char line[1024], lower_url[100]; - int port, ret = 0; + int port, ret = 0, attempts = 0; HTTPAuthType cur_auth_type; char *authstr; @@ -669,8 +675,10 @@ redo: break; s->line_count++; } - if (s->http_code == 407 && cur_auth_type == HTTP_AUTH_NONE && - s->proxy_auth_state.auth_type != HTTP_AUTH_NONE) { + attempts++; + if (s->http_code == 407 && + (cur_auth_type == HTTP_AUTH_NONE || s->proxy_auth_state.stale) && + s->proxy_auth_state.auth_type != HTTP_AUTH_NONE && attempts < 2) { ffurl_close(s->hd); s->hd = NULL; goto redo; diff --git a/libavformat/httpauth.c b/libavformat/httpauth.c index ba31c1a9aa..86cdac7f07 100644 --- a/libavformat/httpauth.c +++ b/libavformat/httpauth.c @@ -57,6 +57,9 @@ static void handle_digest_params(HTTPAuthState *state, const char *key, } else if (!strncmp(key, "qop=", key_len)) { *dest = digest->qop; *dest_len = sizeof(digest->qop); + } else if (!strncmp(key, "stale=", key_len)) { + *dest = digest->stale; + *dest_len = sizeof(digest->stale); } } @@ -93,6 +96,7 @@ void ff_http_auth_handle_header(HTTPAuthState *state, const char *key, state->auth_type <= HTTP_AUTH_BASIC) { state->auth_type = HTTP_AUTH_BASIC; state->realm[0] = 0; + state->stale = 0; ff_parse_key_value(p, (ff_parse_key_val_cb) handle_basic_params, state); } else if (av_stristart(value, "Digest ", &p) && @@ -100,10 +104,13 @@ void ff_http_auth_handle_header(HTTPAuthState *state, const char *key, state->auth_type = HTTP_AUTH_DIGEST; memset(&state->digest_params, 0, sizeof(DigestParams)); state->realm[0] = 0; + state->stale = 0; ff_parse_key_value(p, (ff_parse_key_val_cb) handle_digest_params, state); choose_qop(state->digest_params.qop, sizeof(state->digest_params.qop)); + if (!av_strcasecmp(state->digest_params.stale, "true")) + state->stale = 1; } } else if (!strcmp(key, "Authentication-Info")) { ff_parse_key_value(value, (ff_parse_key_val_cb) handle_digest_update, @@ -237,6 +244,9 @@ char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth, { char *authstr = NULL; + /* Clear the stale flag, we assume the auth is ok now. It is reset + * by the server headers if there's a new issue. */ + state->stale = 0; if (!auth || !strchr(auth, ':')) return NULL; diff --git a/libavformat/httpauth.h b/libavformat/httpauth.h index ebab3fca29..62dd25e637 100644 --- a/libavformat/httpauth.h +++ b/libavformat/httpauth.h @@ -41,6 +41,9 @@ typedef struct { char opaque[300]; /**< A server-specified string that should be * included in authentication responses, not * included in the actual digest calculation. */ + char stale[10]; /**< The server indicated that the auth was ok, + * but needs to be redone with a new, non-stale + * nonce. */ int nc; /**< Nonce count, the number of earlier replies * where this particular nonce has been used. */ } DigestParams; @@ -62,6 +65,10 @@ typedef struct { * The parameters specifiec to digest authentication. */ DigestParams digest_params; + /** + * Auth ok, but needs to be resent with a new nonce. + */ + int stale; } HTTPAuthState; void ff_http_auth_handle_header(HTTPAuthState *state, const char *key, diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c index ac2196a925..b28fb519cb 100644 --- a/libavformat/rtsp.c +++ b/libavformat/rtsp.c @@ -1122,7 +1122,7 @@ int ff_rtsp_send_cmd_with_content(AVFormatContext *s, { RTSPState *rt = s->priv_data; HTTPAuthType cur_auth_type; - int ret; + int ret, attempts = 0; retry: cur_auth_type = rt->auth_state.auth_type; @@ -1133,9 +1133,11 @@ retry: if ((ret = ff_rtsp_read_reply(s, reply, content_ptr, 0, method) ) < 0) return ret; + attempts++; - if (reply->status_code == 401 && cur_auth_type == HTTP_AUTH_NONE && - rt->auth_state.auth_type != HTTP_AUTH_NONE) + if (reply->status_code == 401 && + (cur_auth_type == HTTP_AUTH_NONE || rt->auth_state.stale) && + rt->auth_state.auth_type != HTTP_AUTH_NONE && attempts < 2) goto retry; if (reply->status_code > 400){ diff --git a/libavformat/rtspdec.c b/libavformat/rtspdec.c index f95cf8cc93..15005bb9be 100644 --- a/libavformat/rtspdec.c +++ b/libavformat/rtspdec.c @@ -335,7 +335,8 @@ retry: rt->packets++; /* send dummy request to keep TCP connection alive */ - if ((av_gettime() - rt->last_cmd_time) / 1000000 >= rt->timeout / 2) { + if ((av_gettime() - rt->last_cmd_time) / 1000000 >= rt->timeout / 2 || + rt->auth_state.stale) { if (rt->server_type == RTSP_SERVER_WMS || (rt->server_type != RTSP_SERVER_REAL && rt->get_parameter_supported)) { @@ -343,6 +344,10 @@ retry: } else { ff_rtsp_send_cmd_async(s, "OPTIONS", "*", NULL); } + /* The stale flag should be reset when creating the auth response in + * ff_rtsp_send_cmd_async, but reset it here just in case we never + * called the auth code (if we didn't have any credentials set). */ + rt->auth_state.stale = 0; } return 0; |