mirror of
https://github.com/AlexxIT/go2rtc.git
synced 2025-09-26 20:31:11 +08:00
Merge pull request #1522 from subbyte/authlog
Improve RTSP server authentication handling and auditing
This commit is contained in:
Alex X
@@ -1,6 +1,7 @@
|
||||
package rtsp
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"io"
|
||||
"net"
|
||||
"net/url"
|
||||
@@ -237,7 +238,9 @@ func tcpHandler(conn *rtsp.Conn) {
|
||||
})
|
||||
|
||||
if err := conn.Accept(); err != nil {
|
||||
if err != io.EOF {
|
||||
if errors.Is(err, rtsp.FailedAuth) {
|
||||
log.Warn().Str("remote_addr", conn.Connection.RemoteAddr).Msg("[rtsp] failed authentication")
|
||||
} else if err != io.EOF {
|
||||
log.WithLevel(level).Err(err).Caller().Send()
|
||||
}
|
||||
if closer != nil {
|
||||
|
||||
@@ -13,6 +13,8 @@ import (
|
||||
"github.com/AlexxIT/go2rtc/pkg/tcp"
|
||||
)
|
||||
|
||||
var FailedAuth = errors.New("failed authentication")
|
||||
|
||||
func NewServer(conn net.Conn) *Conn {
|
||||
return &Conn{
|
||||
Connection: core.Connection{
|
||||
@@ -45,7 +47,7 @@ func (c *Conn) Accept() error {
|
||||
|
||||
c.Fire(req)
|
||||
|
||||
if !c.auth.Validate(req) {
|
||||
if valid, empty := c.auth.Validate(req); !valid {
|
||||
res := &tcp.Response{
|
||||
Status: "401 Unauthorized",
|
||||
Header: map[string][]string{"Www-Authenticate": {`Basic realm="go2rtc"`}},
|
||||
@@ -54,7 +56,12 @@ func (c *Conn) Accept() error {
|
||||
if err = c.WriteResponse(res); err != nil {
|
||||
return err
|
||||
}
|
||||
continue
|
||||
if empty {
|
||||
// eliminate false positive: ffmpeg sends first request without
|
||||
// authorization header even if the user provides credentials
|
||||
continue
|
||||
}
|
||||
return FailedAuth
|
||||
}
|
||||
|
||||
// Receiver: OPTIONS > DESCRIBE > SETUP... > PLAY > TEARDOWN
|
||||
|
||||
@@ -85,14 +85,14 @@ func (a *Auth) Write(req *Request) {
|
||||
}
|
||||
}
|
||||
|
||||
func (a *Auth) Validate(req *Request) bool {
|
||||
func (a *Auth) Validate(req *Request) (valid, empty bool) {
|
||||
if a == nil {
|
||||
return true
|
||||
return true, true
|
||||
}
|
||||
|
||||
header := req.Header.Get("Authorization")
|
||||
if header == "" {
|
||||
return false
|
||||
return false, true
|
||||
}
|
||||
|
||||
if a.Method == AuthUnknown {
|
||||
@@ -100,7 +100,7 @@ func (a *Auth) Validate(req *Request) bool {
|
||||
a.header = "Basic " + B64(a.user, a.pass)
|
||||
}
|
||||
|
||||
return header == a.header
|
||||
return header == a.header, false
|
||||
}
|
||||
|
||||
func (a *Auth) ReadNone(res *Response) bool {
|
||||
|
||||
Reference in New Issue
Block a user