rn5auth.cpp

linux下的一款播放器

	while (res == HXR_OK)
	{
	    (*ppParms)->SetPropertyCString(pName, pBuffer);
	    
	    pBuffer->Release();
	    res = pChallengeHeaders->GetNextPropertyCString(pName, pBuffer);
	}
    }

    return Ret;
}

// IHXServerAuthConversation
STDMETHODIMP 
CRN5Authenticator::MakeChallenge
(
    IHXServerAuthResponse* pServerRespondee,
    IHXRequest*            pServerRequest
)
{
    if(!pServerRespondee || !pServerRequest)
    {
	HX_ASSERT(0);
	return HXR_UNEXPECTED;
    }

    m_pServerRequest = pServerRequest;
    m_pServerRequest->AddRef();
    m_pServerRequest->QueryInterface(IID_IHXRequestContext,
	(void **)&m_pRequestContext);

    m_pServerRespondee = pServerRespondee;
    m_pServerRespondee->AddRef();

    if(!m_pRequestContext)
    {
	m_pServerRespondee->ChallengeReady(HXR_UNEXPECTED, pServerRequest);
	HX_ASSERT(0);
	HX_RELEASE(m_pServerRequest);
	HX_RELEASE(m_pServerRespondee);
	return HXR_UNEXPECTED;
    }

    IHXValues* pResponseHeaders = NULL;

    pServerRequest->GetRequestHeaders(pResponseHeaders);

    if(!pResponseHeaders)
    {
	m_pServerRespondee->ChallengeReady(HXR_UNEXPECTED, pServerRequest);
	HX_ASSERT(0);
	HX_RELEASE(m_pServerRequest);
	HX_RELEASE(m_pRequestContext);
	HX_RELEASE(m_pServerRespondee);
	return HXR_UNEXPECTED;
    }

    IHXBuffer* pAuthBuf = NULL;

    pResponseHeaders->GetPropertyCString("Authorization", pAuthBuf);

    HX_RELEASE(pResponseHeaders);

    if (pAuthBuf && !strncasecmp((char*)pAuthBuf->GetBuffer(), "RN5", 3))
    {
	HX_RELEASE(m_pCredentials);
	HX_RELEASE(m_pPrincipalID);
	_HeaderToCredentials(pAuthBuf, &m_pCredentials);
	m_pCredentials->GetPropertyCString("Username", m_pPrincipalID);

	HX_RESULT Ret = HXR_OK;

	if (m_pAuthDBAccess)
	{
	    Ret = m_pAuthDBAccess->GetCredentials(this, m_pPrincipalID);
	    // Flow continues in GetCredentialsDone()
	}

	HX_RELEASE(pAuthBuf);
	return Ret;
    }
    else
    {
	// no Authorization header yet, we have to challenge for it
	HX_RELEASE(pAuthBuf); // just in case
        return _SendChallengeResponse();
    }
}

HX_RESULT
CRN5Authenticator::_SendChallengeResponse()
{
    if (!m_bAuthenticated && m_pRealm)
    {
	CHXString str;
	str = "RN5 realm=\"";
	str += m_pRealm->GetBuffer();
	str += "\"";
	str += ", nonce=\"";

	IHXScheduler* pSchedulerContext = NULL;
	m_pContext->QueryInterface(IID_IHXScheduler, (void**)&pSchedulerContext);
	if (pSchedulerContext)
	{
	    HXTimeval TimeNow;
	    TimeNow = pSchedulerContext->GetCurrentSchedulerTime();
	    str.AppendULONG(TimeNow.tv_sec);
	    str.AppendULONG(TimeNow.tv_usec);
	}
	else
	{
	    HX_ASSERT(0);  // Crappy Nonce?? I'm just porting it as I see it. -- SSH
	    str += "Crappy_Nonce";
	}

	str += "\"";
 
	IHXValues* pChallengeHeaders = _GetResponseHeaders();
	if (!pChallengeHeaders)
	{
	    HX_ASSERT(0);
	    return HXR_UNEXPECTED;
	}
	else
	{
	    if (m_bIsProxyAuthentication)
	    {
		_SetPropertyFromCharArray(pChallengeHeaders, "Proxy-Authenticate", 
			(const char*) str);
	    }
	    else
	    {
		_SetPropertyFromCharArray(pChallengeHeaders, "WWW-Authenticate", 
			(const char*) str);
	    }
	    HX_RELEASE(pChallengeHeaders);
	}

	HX_RELEASE(pSchedulerContext);
    }

    m_pServerRespondee->ChallengeReady(HXR_OK, m_pServerRequest);

    HX_RELEASE(m_pServerRequest);
    HX_RELEASE(m_pRequestContext);
    HX_RELEASE(m_pServerRespondee);

    return HXR_OK;
}

STDMETHODIMP_(BOOL) 
CRN5Authenticator::IsAuthenticated()
{
    return m_bAuthenticated;
}

STDMETHODIMP 
CRN5Authenticator::GetUserContext(REF(IUnknown*) pIUnknownUser)
{
    pIUnknownUser = (IUnknown*)(IHXObjectConfiguration*)(CHashAuthenticatorBase*)this;
    pIUnknownUser->AddRef();

    return HXR_OK;
}

// IHXAuthenticationDBAccessResponse
STDMETHODIMP
CRN5Authenticator::ExistenceCheckDone
(
    HX_RESULT		ResultStatus,
    IHXBuffer*		pBufferPrincipalID
)
{
    // XXXSSH - why not implemented?
    return HXR_NOTIMPL;
}

STDMETHODIMP
CRN5Authenticator::GetCredentialsDone
(
    HX_RESULT		ResultStatus,
    IHXBuffer*		pBufferPrincipalID,
    IHXBuffer*		pBufferCredentials
)
{
    m_bAuthenticated = FALSE; // till we know better

    if (SUCCEEDED(ResultStatus)	&& pBufferCredentials)
    {
	IHXBuffer* pServerToken = NULL;
	IHXBuffer* pClientToken = NULL;

	// We run MD5 against password, nonce, etc. on server side, should
	// get same result as what client sent us.
	_StorageToToken(m_pCredentials, pBufferCredentials, &pServerToken);
	m_pCredentials->GetPropertyCString("Response", pClientToken);

	if (pClientToken && pServerToken &&
	    !strcasecmp((char*) pServerToken->GetBuffer(), 
			(char*) pClientToken->GetBuffer()))
	{
	    m_bAuthenticated = TRUE;
	    m_pRequestContext->SetUserContext((IUnknown*)(IHXObjectConfiguration*)(CHashAuthenticatorBase*)this);  
	}
	HX_RELEASE(pClientToken);
	HX_RELEASE(pServerToken);
    }

    if (!m_bAuthenticated)
    {
	HX_RELEASE(m_pPrincipalID);  
    }

    _SendChallengeResponse();

    return HXR_OK;
}

HX_RESULT
CRN5Authenticator::_MungeUserRealmPassFromValues
(
    IHXValues* pCredentials,
    IHXBuffer** ppStorageKey
)
{
    IHXBuffer*  pUserName = NULL;
    IHXBuffer*  pRealm = NULL;
    IHXBuffer*  pPassword = NULL;
    HX_RESULT    Ret = HXR_OK;  

    if (SUCCEEDED(pCredentials->GetPropertyCString("UserName", pUserName)) &&
	SUCCEEDED(pCredentials->GetPropertyCString("Realm", pRealm)) &&
	SUCCEEDED(pCredentials->GetPropertyCString("Password", pPassword)))
    {
	_MungeUserRealmPass(pUserName, pRealm, pPassword, ppStorageKey);
    }
    else
    {
	Ret = HXR_INVALID_PARAMETER;
    }

    HX_RELEASE(pUserName);
    HX_RELEASE(pRealm);
    HX_RELEASE(pPassword);

    return Ret;
}


HX_RESULT
CRN5Authenticator::_StorageToToken
(
    IHXValues* pCredentials,
    IHXBuffer* pStoredPassword,
    IHXBuffer** ppToken
)
{
    HX_RESULT Ret = HXR_FAIL;
    IHXBuffer* pNonce = NULL;
    IHXBuffer* pGUID  = NULL;

    *ppToken = NULL;

    if (pStoredPassword &&
	SUCCEEDED(pCredentials->GetPropertyCString("GUID", pGUID)) &&
	SUCCEEDED(pCredentials->GetPropertyCString("Nonce", pNonce)))
    {
	char resbuf[1024]; /* Flawfinder: ignore */

	sprintf(resbuf, /* Flawfinder: ignore */
	    "%-.200s%-.200s%-.200sCopyright (C) 1995,1996,1997 RealNetworks, Inc.",
	    (char*)pStoredPassword->GetBuffer(), 
	    (char*)pNonce->GetBuffer(),
	    (char*)pGUID->GetBuffer());

	*ppToken = new CHXBuffer;
	(*ppToken)->AddRef();
	(*ppToken)->SetSize(64);

	char* sToken = (char*)(*ppToken)->GetBuffer();

	MD5Data(sToken, (const UCHAR*)resbuf, strlen(resbuf));

	Ret = HXR_OK;
    }

    HX_RELEASE(pNonce);
    HX_RELEASE(pGUID);
    return Ret;
}

HX_RESULT
CRN5Authenticator::_CreateQuotedHeader
(
    IHXValues*  pCredentials,
    IHXBuffer*  pStoredPassword,
    IHXValues** ppResponseHeaders
)
{
    IHXBuffer* pUser = NULL;
    IHXBuffer* pNonce = NULL;
    IHXBuffer* pGUID = NULL;
    IHXBuffer* pRealm = NULL;
    IHXBuffer* pToken = NULL;
    HX_RESULT   Ret = HXR_FAIL;

    *ppResponseHeaders = NULL;

    if (SUCCEEDED(_StorageToToken(pCredentials, pStoredPassword, &pToken)) &&
	SUCCEEDED(pCredentials->GetPropertyCString("GUID", pGUID)) &&
	SUCCEEDED(pCredentials->GetPropertyCString("Nonce", pNonce)))

    {
	IHXBuffer* pHeader = new CHXBuffer;

	pHeader->AddRef();
	pHeader->SetSize(1024);

	char* sHeader = (char*) pHeader->GetBuffer();

	*ppResponseHeaders = new CHXHeader;
	(*ppResponseHeaders)->AddRef();

	INT32 lBytes = SafeSprintf(sHeader, 1024,"RN5 ");

	if (SUCCEEDED(pCredentials->GetPropertyCString("UserName", pUser)))
	{
	    lBytes += SafeSprintf(sHeader+lBytes,1024-lBytes,"username=\"%-.200s\",", pUser->GetBuffer());
	}

	lBytes += SafeSprintf(sHeader+lBytes,1024-lBytes, " GUID=\"%s\",", pGUID->GetBuffer());

	if (SUCCEEDED(pCredentials->GetPropertyCString("Realm", pRealm)))
	{
	    lBytes += SafeSprintf(sHeader+lBytes,1024-lBytes, "realm=\"%-.200s\",", pRealm->GetBuffer());
	}

	lBytes += SafeSprintf(sHeader+lBytes,1024-lBytes, "nonce=\"%s\",", pNonce->GetBuffer());

	lBytes += SafeSprintf(sHeader+lBytes,1024-lBytes, "response=\"%-.200s\"", pToken->GetBuffer());

	if (m_bIsProxyAuthentication)
	{
	    Ret = (*ppResponseHeaders)->SetPropertyCString("Proxy-Authorization", pHeader);
	}
	else
	{
	    Ret = (*ppResponseHeaders)->SetPropertyCString("Authorization", pHeader);
	}
	
	HX_RELEASE(pHeader);
    }

    HX_RELEASE(pUser);
    HX_RELEASE(pNonce);
    HX_RELEASE(pGUID);
    HX_RELEASE(pRealm);
    HX_RELEASE(pToken);

    return Ret;
}

HX_RESULT
CRN5Authenticator::_ChallengeToCredentials
(
    IHXValues* pChallengeHeaders, 
    IHXValues** ppCredentials
)
{
    IHXBuffer* pChallengeBuf = NULL;

    if (m_bIsProxyAuthentication)
    {
	pChallengeHeaders->GetPropertyCString("Proxy-Authenticate", pChallengeBuf);
    }
    else
    {
	pChallengeHeaders->GetPropertyCString("WWW-Authenticate", pChallengeBuf);
    }

    if (!pChallengeBuf)
    {
	return HXR_FAIL;
    }

    HX_RESULT Ret = _HeaderToCredentials(pChallengeBuf, ppCredentials);

    HX_RELEASE(pChallengeBuf);

    return Ret;
}

HX_RESULT
CRN5Authenticator::_HeaderToCredentials
(
    IHXBuffer* pHeader,
    IHXValues** ppCredentials
)
{
    char* sChallenge = (char*) pHeader->GetBuffer();

    if(strncasecmp(sChallenge, "RN5", 3) == 0)
    {
	(*ppCredentials) = new CHXHeader;
	(*ppCredentials)->AddRef();

	IHXBuffer* pCipheredGUID = NULL;
	char* sGUID = NULL;

	if (m_pPreferencesCore &&
	    m_pPreferencesCore->ReadPref(CLIENT_GUID_REGNAME, pCipheredGUID) == HXR_OK)
	{
	    sGUID = DeCipher((char*)pCipheredGUID->GetBuffer());

	    _SetPropertyFromCharArray(*ppCredentials, "GUID", sGUID);
	}
	else
	{
	    _SetPropertyFromCharArray(*ppCredentials, "GUID", "GUIDLESS_CLIENT");
	}

	HX_RELEASE(pCipheredGUID);
	HX_VECTOR_DELETE(sGUID);

	sChallenge += 3;

	_GetQuotedFields(sChallenge, *ppCredentials);
	return HXR_OK;
    }

    return HXR_FAIL;
}

HX_RESULT STDAPICALLTYPE CRN5Authenticator::HXCreateInstance
(
    IUnknown**  /*OUT*/	ppIUnknown
)
{
    *ppIUnknown = (IUnknown*)(IHXPlugin*)new CRN5Authenticator();
    if (*ppIUnknown)
    {
        (*ppIUnknown)->AddRef();
        return HXR_OK;
    }
    return HXR_OUTOFMEMORY;    
}