<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head></head><body><div style="font-size: 12pt; font-family: Calibri,sans-serif;"><div>Hello.</div><div><br></div><div>HTTPS passwords should obviously never be used for HTTP. To answer your question, the specs (RFC2617, RFC723x) also forbid the other direction for less obvious reasons. So the code should forbid using HTTP credentials for HTTPS.</div><div><br></div><div>I believe existing implementations behave that way.</div><div><br></div><div>-- </div><div>Rémi Denis-Courmont</div><div>Sent from my NVIDIA Tegra-powered device</div><br><div id="htc_header">----- Reply message -----<br>De : "Steve Lhomme" <robux4@gmail.com><br>Pour : "Mailing list for VLC media player developers" <vlc-devel@videolan.org><br>Objet : [vlc-devel] [PATCH 4/4] http: add keystore<br>Date : jeu., nov. 26, 2015 11:09</div></div><br><pre style="word-wrap: break-word; white-space: pre-wrap;">On Wed, Nov 25, 2015 at 7:14 PM, Thomas Guillem <thomas@gllm.fr> wrote:
> ---
> modules/access/http.c | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 70 insertions(+)
>
> diff --git a/modules/access/http.c b/modules/access/http.c
> index b62f92e..69cfb65 100644
> --- a/modules/access/http.c
> +++ b/modules/access/http.c
> @@ -46,6 +46,7 @@
> #include <vlc_input.h>
> #include <vlc_http.h>
> #include <vlc_interrupt.h>
> +#include <vlc_keystore.h>
>
> #ifdef HAVE_ZLIB_H
> # include <zlib.h>
> @@ -214,6 +215,8 @@ static int Open( vlc_object_t *p_this )
> access_t *p_access = (access_t*)p_this;
> const char *psz_url = p_access->psz_url;
> char *psz;
> + bool b_store_passwd = false;
> + vlc_keystore *p_keystore = NULL;
>
> access_sys_t *p_sys = malloc( sizeof(*p_sys) );
> if( unlikely(p_sys == NULL) )
> @@ -287,6 +290,8 @@ static int Open( vlc_object_t *p_this )
> if( p_sys->url.i_port <= 0 )
> p_sys->url.i_port = 80;
> }
> + char psz_port[sizeof(unsigned) * 3];
> + sprintf(psz_port, "%u", p_sys->url.i_port);
>
> /* Determine the HTTP user agent */
> /* See RFC2616 §2.2 token and comment definition, and §3.8 and
> @@ -418,6 +423,53 @@ connect:
> }
> msg_Dbg( p_access, "authentication failed for realm %s",
> p_sys->auth.psz_realm );
> +
> + /* Only one try */
> + if( !p_keystore && ( p_keystore = vlc_keystore_get( p_access ) ) )
> + {
> + vlc_keystore_entry *p_entries;
> + unsigned int i_count =
> + vlc_keystore_find( p_keystore, &p_entries,
> + KEY_USER, p_sys->url.psz_username,
> + KEY_REALM, p_sys->auth.psz_realm,
> + KEY_SERVER, p_sys->url.psz_host,
> + KEY_PORT, psz_port,
> + KEY_PROTOCOL, p_sys->url.psz_protocol,
Does it mean passwords for HTTP won't work for HTTPS ?
> + NULL );
> + if (i_count > 0)
> + {
> + vlc_keystore_entry *p_entry;
> +
> + if (i_count > 1)
> + {
> + /* TODO: a dialog to choose the user ? */
> + msg_Warn( p_access, "more than one item matching in keystore!" );
> + p_entry = NULL;
> + }
> + else
> + p_entry = &p_entries[0];
> +
> + if( p_entry )
> + {
> + const char *psz_val =
> + vlc_keystore_entry_get_value( p_entry, "user" );
> + const char *psz_secret =
> + vlc_keystore_entry_load_secret(p_keystore, p_entry);
> + if( psz_val && psz_secret )
> + {
> + p_sys->url.psz_username = strdup(psz_val);
> + p_sys->url.psz_password = strdup(psz_secret);
> + }
> + }
> + vlc_keystore_release_entries(p_keystore, p_entries, i_count);
> + if( p_sys->url.psz_username && p_sys->url.psz_password )
> + {
> + Disconnect( p_access );
> + goto connect;
> + }
> + }
> + }
> +
> dialog_Login( p_access, &psz_login, &psz_password,
> _("HTTP authentication"),
> _("Please enter a valid login name and a password for realm %s."),
> @@ -427,6 +479,7 @@ connect:
> msg_Dbg( p_access, "retrying with user=%s", psz_login );
> p_sys->url.psz_username = psz_login;
> p_sys->url.psz_password = psz_password;
> + b_store_passwd = true; /* TODO: ask for user */
> Disconnect( p_access );
> goto connect;
> }
> @@ -437,6 +490,18 @@ connect:
> goto error;
> }
> }
> + else if( b_store_passwd )
> + {
> + int i_ret = vlc_keystore_store( p_keystore, p_sys->url.psz_password,
> + KEY_USER, p_sys->url.psz_username,
> + KEY_REALM, p_sys->auth.psz_realm,
> + KEY_SERVER, p_sys->url.psz_host,
> + KEY_PORT, psz_port,
> + KEY_PROTOCOL, p_sys->url.psz_protocol,
> + NULL );
> + if( i_ret != VLC_SUCCESS )
> + msg_Warn( p_access, "couldn't store secret" );
> + }
>
> if( ( p_sys->i_code == 301 || p_sys->i_code == 302 ||
> p_sys->i_code == 303 || p_sys->i_code == 307 ) &&
> @@ -482,9 +547,14 @@ connect:
> p_access->pf_control = Control;
> p_access->pf_seek = Seek;
>
> + if( p_keystore )
> + vlc_keystore_release( p_keystore );
> +
> return VLC_SUCCESS;
>
> error:
> + if( p_keystore )
> + vlc_keystore_release( p_keystore );
> vlc_UrlClean( &p_sys->url );
> if( p_sys->b_proxy )
> vlc_UrlClean( &p_sys->proxy );
> --
> 2.1.4
>
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> <a href="https://mailman.videolan.org/listinfo/vlc-devel">https://mailman.videolan.org/listinfo/vlc-devel</a>
_______________________________________________
vlc-devel mailing list
To unsubscribe or modify your subscription options:
<a href="https://mailman.videolan.org/listinfo/vlc-devel">https://mailman.videolan.org/listinfo/vlc-devel</a>
</pre></body></html>