diff --git a/pkg/auth/package_test.go b/pkg/auth/package_test.go index 9f4463f0..7ec78342 100644 --- a/pkg/auth/package_test.go +++ b/pkg/auth/package_test.go @@ -64,7 +64,7 @@ func TestAuth(t *testing.T) { }())) err = va.ValidateHeader(authorization, base.Announce, - base.MustParseURL("rtsp://myhost/mypath")) + base.MustParseURL("rtsp://myhost/mypath"), nil) if conf != "nofail" { require.Error(t, err) @@ -99,7 +99,7 @@ func TestAuthVLC(t *testing.T) { base.MustParseURL(ca.clientURL)) err = va.ValidateHeader(authorization, base.Announce, - base.MustParseURL(ca.serverURL)) + base.MustParseURL(ca.serverURL), base.MustParseURL(ca.clientURL)) require.NoError(t, err) } } @@ -133,7 +133,7 @@ func TestAuthHashed(t *testing.T) { base.MustParseURL("rtsp://myhost/mypath")) err = se.ValidateHeader(authorization, base.Announce, - base.MustParseURL("rtsp://myhost/mypath")) + base.MustParseURL("rtsp://myhost/mypath"), nil) if conf != "nofail" { require.Error(t, err) diff --git a/pkg/auth/validator.go b/pkg/auth/validator.go index 539403f2..45513d6b 100644 --- a/pkg/auth/validator.go +++ b/pkg/auth/validator.go @@ -90,7 +90,8 @@ func (va *Validator) GenerateHeader() base.HeaderValue { // ValidateHeader validates the Authorization header sent by a client after receiving the // WWW-Authenticate header. -func (va *Validator) ValidateHeader(v base.HeaderValue, method base.Method, ur *base.URL) error { +func (va *Validator) ValidateHeader(v base.HeaderValue, method base.Method, ur *base.URL, + altUrl *base.URL) error { if len(v) == 0 { return fmt.Errorf("authorization header not provided") } @@ -171,21 +172,21 @@ func (va *Validator) ValidateHeader(v base.HeaderValue, method base.Method, ur * return fmt.Errorf("wrong username") } - uri := ur.String() + urlString := ur.String() - if *auth.URI != uri { - // VLC strips the control attribute; do another try without the control attribute - ur = ur.Clone() - ur.RemoveControlAttribute() - uri = ur.String() + if *auth.URI != urlString { + // do another try with the alternative URL + if altUrl != nil { + urlString = altUrl.String() + } - if *auth.URI != uri { + if *auth.URI != urlString { return fmt.Errorf("wrong url") } } response := md5Hex(md5Hex(va.user+":"+va.realm+":"+va.pass) + - ":" + va.nonce + ":" + md5Hex(string(method)+":"+uri)) + ":" + va.nonce + ":" + md5Hex(string(method)+":"+urlString)) if *auth.Response != response { return fmt.Errorf("wrong response") diff --git a/pkg/base/url.go b/pkg/base/url.go index 5f98ebbe..58a3ac50 100644 --- a/pkg/base/url.go +++ b/pkg/base/url.go @@ -151,16 +151,3 @@ func (u *URL) AddControlAttribute(controlPath string) { nu, _ := ParseURL(u.String() + controlPath) *u = *nu } - -// RemoveControlAttribute removes a control attribute from an URL. -// We assume that the base path and control attribute are divided with a slash. -func (u *URL) RemoveControlAttribute() { - _, controlPath, ok := u.BasePathControlAttr() - if !ok { - return - } - - urStr := u.String() - nu, _ := ParseURL(urStr[:len(urStr)-len(controlPath)]) - *u = *nu -} diff --git a/serverconn.go b/serverconn.go index c4bc329e..ae4b0649 100644 --- a/serverconn.go +++ b/serverconn.go @@ -461,7 +461,7 @@ func (sc *ServerConn) handleRequest(req *base.Request) (*base.Response, error) { if !ok { return &base.Response{ StatusCode: base.StatusBadRequest, - }, fmt.Errorf("unable to find control attribute (%s)", req.URL) + }, fmt.Errorf("invalid path (%s)", req.URL) } th, err := headers.ReadTransport(req.Header["Transport"])