Skip to content

Commit 3e9ca21

Browse files
aler9aler9
authored
rtsp: fix reading with RTSP and hashed credentials (#4698) (#4700)
1 parent 00b5702 commit 3e9ca21

File tree

2 files changed

+23
-9
lines changed

2 files changed

+23
-9
lines changed

internal/servers/rtsp/server_test.go

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -75,6 +75,8 @@ func TestServerPublish(t *testing.T) {
7575
pathManager := &test.PathManager{
7676
AddPublisherImpl: func(req defs.PathAddPublisherReq) (defs.Path, error) {
7777
if ca == "basic" {
78+
require.Nil(t, req.AccessRequest.CustomVerifyFunc)
79+
7880
if req.AccessRequest.Credentials.User == "" && req.AccessRequest.Credentials.Pass == "" {
7981
return nil, auth.Error{Message: "", AskCredentials: true}
8082
}
@@ -91,6 +93,7 @@ func TestServerPublish(t *testing.T) {
9193
}
9294
require.True(t, ok)
9395
}
96+
9497
return path, nil
9598
},
9699
}
@@ -191,6 +194,8 @@ func TestServerRead(t *testing.T) {
191194
pathManager := &test.PathManager{
192195
DescribeImpl: func(req defs.PathDescribeReq) defs.PathDescribeRes {
193196
if ca == "basic" {
197+
require.Nil(t, req.AccessRequest.CustomVerifyFunc)
198+
194199
if req.AccessRequest.Credentials.User == "" && req.AccessRequest.Credentials.Pass == "" {
195200
return defs.PathDescribeRes{Err: auth.Error{Message: "", AskCredentials: true}}
196201
}
@@ -216,6 +221,8 @@ func TestServerRead(t *testing.T) {
216221
},
217222
AddReaderImpl: func(req defs.PathAddReaderReq) (defs.Path, *stream.Stream, error) {
218223
if ca == "basic" {
224+
require.Nil(t, req.AccessRequest.CustomVerifyFunc)
225+
219226
require.Equal(t, "teststream", req.AccessRequest.Name)
220227
require.Equal(t, "param=value", req.AccessRequest.Query)
221228
require.Equal(t, "myuser", req.AccessRequest.Credentials.User)

internal/servers/rtsp/session.go

Lines changed: 16 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -215,18 +215,25 @@ func (s *session) onSetup(c *conn, ctx *gortsplib.ServerHandlerOnSetupCtx,
215215
}
216216
}
217217

218+
// CustomVerifyFunc prevents hashed credentials from working.
219+
// Use it only when strictly needed.
220+
var customVerifyFunc func(expectedUser, expectedPass string) bool
221+
if contains(c.authMethods, rtspauth.VerifyMethodDigestMD5) {
222+
customVerifyFunc = func(expectedUser, expectedPass string) bool {
223+
return c.rconn.VerifyCredentials(ctx.Request, expectedUser, expectedPass)
224+
}
225+
}
226+
218227
switch s.rsession.State() {
219228
case gortsplib.ServerSessionStateInitial, gortsplib.ServerSessionStatePrePlay: // play
220229
req := defs.PathAccessRequest{
221-
Name: ctx.Path,
222-
Query: ctx.Query,
223-
Proto: auth.ProtocolRTSP,
224-
ID: &c.uuid,
225-
Credentials: rtsp.Credentials(ctx.Request),
226-
IP: c.ip(),
227-
CustomVerifyFunc: func(expectedUser, expectedPass string) bool {
228-
return c.rconn.VerifyCredentials(ctx.Request, expectedUser, expectedPass)
229-
},
230+
Name: ctx.Path,
231+
Query: ctx.Query,
232+
Proto: auth.ProtocolRTSP,
233+
ID: &c.uuid,
234+
Credentials: rtsp.Credentials(ctx.Request),
235+
IP: c.ip(),
236+
CustomVerifyFunc: customVerifyFunc,
230237
}
231238

232239
path, stream, err := s.pathManager.AddReader(defs.PathAddReaderReq{

0 commit comments

Comments
 (0)