rtsp: fix authentication regression

since #4267 it was impossible to perform authentication when protocol
is RTSP and credentials are hashed

Author: aler9

internal/protocols/webrtc/peer_connection.go

@@ -102,7 +102,6 @@ type PeerConnection struct {
 	newLocalCandidate chan *webrtc.ICECandidateInit
 	connected         chan struct{}
 	failed            chan struct{}
-	done              chan struct{}
 	gatheringDone     chan struct{}
 	incomingTrack     chan trackRecvPair
 	ctx               context.Context
@@ -236,7 +235,6 @@ func (co *PeerConnection) Start() error {
 	co.newLocalCandidate = make(chan *webrtc.ICECandidateInit)
 	co.connected = make(chan struct{})
 	co.failed = make(chan struct{})
-	co.done = make(chan struct{})
 	co.gatheringDone = make(chan struct{})
 	co.incomingTrack = make(chan trackRecvPair)
 
@@ -280,7 +278,7 @@ func (co *PeerConnection) Start() error {
 		defer co.stateChangeMutex.Unlock()
 
 		select {
-		case <-co.done:
+		case <-co.failed:
 			return
 		default:
 		}
@@ -316,8 +314,6 @@ func (co *PeerConnection) Start() error {
 			default:
 				close(co.failed)
 			}
-
-			close(co.done)
 		}
 	})
 
@@ -347,9 +343,7 @@ func (co *PeerConnection) Close() {
 	}
 
 	co.ctxCancel()
-	co.wr.Close() //nolint:errcheck
-
-	<-co.done
+	co.wr.GracefulClose() //nolint:errcheck
 }
 
 // CreatePartialOffer creates a partial offer.

internal/servers/rtsp/conn.go

@@ -42,6 +42,15 @@ func credentialsProvided(req *base.Request) bool {
 	return err == nil && auth.Username != ""
 }
 
+func contains(list []rtspauth.VerifyMethod, item rtspauth.VerifyMethod) bool {
+	for _, i := range list {
+		if i == item {
+			return true
+		}
+	}
+	return false
+}
+
 type connParent interface {
 	logger.Writer
 	findSessionByRSessionUnsafe(rsession *gortsplib.ServerSession) *session
@@ -138,16 +147,23 @@ func (c *conn) onDescribe(ctx *gortsplib.ServerHandlerOnDescribeCtx,
 	}
 	ctx.Path = ctx.Path[1:]
 
-	req := defs.PathAccessRequest{
-		Name:        ctx.Path,
-		Query:       ctx.Query,
-		Proto:       auth.ProtocolRTSP,
-		ID:          &c.uuid,
-		Credentials: rtsp.Credentials(ctx.Request),
-		IP:          c.ip(),
-		CustomVerifyFunc: func(expectedUser, expectedPass string) bool {
+	// CustomVerifyFunc prevents hashed credentials from working.
+	// Use it only when strictly needed.
+	var customVerifyFunc func(expectedUser, expectedPass string) bool
+	if contains(c.authMethods, rtspauth.VerifyMethodDigestMD5) {
+		customVerifyFunc = func(expectedUser, expectedPass string) bool {
 			return c.rconn.VerifyCredentials(ctx.Request, expectedUser, expectedPass)
-		},
+		}
+	}
+
+	req := defs.PathAccessRequest{
+		Name:             ctx.Path,
+		Query:            ctx.Query,
+		Proto:            auth.ProtocolRTSP,
+		ID:               &c.uuid,
+		Credentials:      rtsp.Credentials(ctx.Request),
+		IP:               c.ip(),
+		CustomVerifyFunc: customVerifyFunc,
 	}
 
 	res := c.pathManager.Describe(defs.PathDescribeReq{