[vlc-devel] [PATCH 4/4] http: add keystore

Rémi Denis-Courmont remi at remlab.net
Thu Nov 26 15:02:29 CET 2015


Hello.

HTTPS passwords should obviously never be used for HTTP. To answer your question, the specs (RFC2617, RFC723x) also forbid the other direction for less obvious reasons. So the code should forbid using HTTP credentials for HTTPS.

I believe existing implementations behave that way.

-- 
Rémi Denis-Courmont
Sent from my NVIDIA Tegra-powered device

----- Reply message -----
De : "Steve Lhomme" <robux4 at gmail.com>
Pour : "Mailing list for VLC media player developers" <vlc-devel at videolan.org>
Objet : [vlc-devel] [PATCH 4/4] http: add keystore
Date : jeu., nov. 26, 2015 11:09

On Wed, Nov 25, 2015 at 7:14 PM, Thomas Guillem <thomas at gllm.fr> wrote:
> ---
>  modules/access/http.c | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 70 insertions(+)
>
> diff --git a/modules/access/http.c b/modules/access/http.c
> index b62f92e..69cfb65 100644
> --- a/modules/access/http.c
> +++ b/modules/access/http.c
> @@ -46,6 +46,7 @@
>  #include <vlc_input.h>
>  #include <vlc_http.h>
>  #include <vlc_interrupt.h>
> +#include <vlc_keystore.h>
>
>  #ifdef HAVE_ZLIB_H
>  #   include <zlib.h>
> @@ -214,6 +215,8 @@ static int Open( vlc_object_t *p_this )
>      access_t *p_access = (access_t*)p_this;
>      const char *psz_url = p_access->psz_url;
>      char *psz;
> +    bool b_store_passwd = false;
> +    vlc_keystore *p_keystore = NULL;
>
>      access_sys_t *p_sys = malloc( sizeof(*p_sys) );
>      if( unlikely(p_sys == NULL) )
> @@ -287,6 +290,8 @@ static int Open( vlc_object_t *p_this )
>          if( p_sys->url.i_port <= 0 )
>              p_sys->url.i_port = 80;
>      }
> +    char psz_port[sizeof(unsigned) * 3];
> +    sprintf(psz_port, "%u", p_sys->url.i_port);
>
>      /* Determine the HTTP user agent */
>      /* See RFC2616 §2.2 token and comment definition, and §3.8 and
> @@ -418,6 +423,53 @@ connect:
>          }
>          msg_Dbg( p_access, "authentication failed for realm %s",
>                   p_sys->auth.psz_realm );
> +
> +        /* Only one try */
> +        if( !p_keystore && ( p_keystore = vlc_keystore_get( p_access ) ) )
> +        {
> +            vlc_keystore_entry *p_entries;
> +            unsigned int i_count =
> +                vlc_keystore_find( p_keystore, &p_entries,
> +                                   KEY_USER, p_sys->url.psz_username,
> +                                   KEY_REALM, p_sys->auth.psz_realm,
> +                                   KEY_SERVER,  p_sys->url.psz_host,
> +                                   KEY_PORT, psz_port,
> +                                   KEY_PROTOCOL, p_sys->url.psz_protocol,

Does it mean passwords for HTTP won't work for HTTPS ?

> +                                   NULL );
> +            if (i_count > 0)
> +            {
> +                vlc_keystore_entry *p_entry;
> +
> +                if (i_count > 1)
> +                {
> +                    /* TODO: a dialog to choose the user ? */
> +                    msg_Warn( p_access, "more than one item matching in keystore!" );
> +                    p_entry = NULL;
> +                }
> +                else
> +                    p_entry = &p_entries[0];
> +
> +                if( p_entry )
> +                {
> +                    const char *psz_val =
> +                        vlc_keystore_entry_get_value( p_entry, "user" );
> +                    const char *psz_secret =
> +                        vlc_keystore_entry_load_secret(p_keystore, p_entry);
> +                    if( psz_val && psz_secret )
> +                    {
> +                        p_sys->url.psz_username = strdup(psz_val);
> +                        p_sys->url.psz_password = strdup(psz_secret);
> +                    }
> +                }
> +                vlc_keystore_release_entries(p_keystore, p_entries, i_count);
> +                if( p_sys->url.psz_username && p_sys->url.psz_password )
> +                {
> +                    Disconnect( p_access );
> +                    goto connect;
> +                }
> +            }
> +        }
> +
>          dialog_Login( p_access, &psz_login, &psz_password,
>                        _("HTTP authentication"),
>               _("Please enter a valid login name and a password for realm %s."),
> @@ -427,6 +479,7 @@ connect:
>              msg_Dbg( p_access, "retrying with user=%s", psz_login );
>              p_sys->url.psz_username = psz_login;
>              p_sys->url.psz_password = psz_password;
> +            b_store_passwd = true; /* TODO: ask for user */
>              Disconnect( p_access );
>              goto connect;
>          }
> @@ -437,6 +490,18 @@ connect:
>              goto error;
>          }
>      }
> +    else if( b_store_passwd )
> +    {
> +        int i_ret = vlc_keystore_store( p_keystore, p_sys->url.psz_password,
> +                                        KEY_USER, p_sys->url.psz_username,
> +                                        KEY_REALM, p_sys->auth.psz_realm,
> +                                        KEY_SERVER,  p_sys->url.psz_host,
> +                                        KEY_PORT, psz_port,
> +                                        KEY_PROTOCOL, p_sys->url.psz_protocol,
> +                                        NULL );
> +        if( i_ret != VLC_SUCCESS )
> +            msg_Warn( p_access, "couldn't store secret" );
> +    }
>
>      if( ( p_sys->i_code == 301 || p_sys->i_code == 302 ||
>            p_sys->i_code == 303 || p_sys->i_code == 307 ) &&
> @@ -482,9 +547,14 @@ connect:
>      p_access->pf_control = Control;
>      p_access->pf_seek = Seek;
>
> +    if( p_keystore )
> +        vlc_keystore_release( p_keystore );
> +
>      return VLC_SUCCESS;
>
>  error:
> +    if( p_keystore )
> +        vlc_keystore_release( p_keystore );
>      vlc_UrlClean( &p_sys->url );
>      if( p_sys->b_proxy )
>          vlc_UrlClean( &p_sys->proxy );
> --
> 2.1.4
>
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel
_______________________________________________
vlc-devel mailing list
To unsubscribe or modify your subscription options:
https://mailman.videolan.org/listinfo/vlc-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20151126/eaed4b05/attachment.html>


More information about the vlc-devel mailing list