memset(&config, 0, sizeof(config));
config.idnode.in_class = &config_class;
config.ui_quicktips = 1;
- config.digest = 1;
+ config.http_auth = HTTP_AUTH_DIGEST;
config.proxy = 0;
config.realm = strdup("tvheadend");
config.info_area = strdup("login,storage,time");
return strtab2htsmsg(tab, 1, lang);
}
+static htsmsg_t *
+config_class_http_auth_list ( void *o, const char *lang )
+{
+ static const struct strtab tab[] = {
+ { N_("Plain (insecure)"), HTTP_AUTH_PLAIN },
+ { N_("Digest"), HTTP_AUTH_DIGEST },
+ { N_("Both plain and digest"), HTTP_AUTH_PLAIN_DIGEST },
+ };
+ return strtab2htsmsg(tab, 1, lang);
+}
+
#if ENABLE_MPEGTS_DVB
static void
config_muxconfpath_notify_cb(void *opaque, int disarmed)
.group = 5
},
{
- .type = PT_BOOL,
+ .type = PT_INT,
.id = "digest",
- .name = N_("Digest authentication"),
+ .name = N_("Authentication type"),
.desc = N_("Digest access authentication is intended as a security trade-off. "
"It is intended to replace unencrypted HTTP basic access authentication. "
"This option should be enabled for standard usage."),
- .off = offsetof(config_t, digest),
+ .list = config_class_http_auth_list,
+ .off = offsetof(config_t, http_auth),
.opts = PO_EXPERT,
.group = 5
},
int uilevel;
int uilevel_nochange;
int ui_quicktips;
- int digest;
+ int http_auth;
int proxy;
char *realm;
char *wizard;
if(rc == HTTP_STATUS_UNAUTHORIZED) {
const char *realm = tvh_str_default(config.realm, "tvheadend");
- if (config.digest) {
+ if (config.http_auth == HTTP_AUTH_DIGEST ||
+ config.http_auth == HTTP_AUTH_PLAIN_DIGEST) {
if (hc->hc_nonce == NULL)
hc->hc_nonce = http_get_nonce();
char *opaque = http_get_opaque(realm, hc->hc_nonce);
/* Extract authorization */
if((v = http_arg_get(&hc->hc_args, "Authorization")) != NULL) {
if((n = http_tokenize(v, argv, 2, -1)) == 2) {
- if (strcasecmp(argv[0], "basic") == 0) {
+ if ((config.http_auth == HTTP_AUTH_PLAIN ||
+ config.http_auth == HTTP_AUTH_PLAIN_DIGEST) &&
+ strcasecmp(argv[0], "basic") == 0) {
n = base64_decode((uint8_t *)authbuf, argv[1], sizeof(authbuf) - 1);
if (n < 0)
n = 0;
http_error(hc, HTTP_STATUS_UNAUTHORIZED);
return -1;
}
- } else if (strcasecmp(argv[0], "digest") == 0) {
+ } else if ((config.http_auth == HTTP_AUTH_DIGEST ||
+ config.http_auth == HTTP_AUTH_PLAIN_DIGEST) &&
+ strcasecmp(argv[0], "digest") == 0) {
v = http_get_header_value(argv[1], "nonce");
if (v == NULL || !http_nonce_exists(v)) {
free(v);
#define HTTP_STATUS_HTTP_VERSION 505
#define HTTP_STATUS_OP_NOT_SUPPRT 551
+#define HTTP_AUTH_PLAIN 0
+#define HTTP_AUTH_DIGEST 1
+#define HTTP_AUTH_PLAIN_DIGEST 2
+
typedef enum http_state {
HTTP_CON_WAIT_REQUEST,
HTTP_CON_READ_HEADER,
projects / thirdparty / tvheadend.git / commitdiff
