remove URL.RemoveControlAttribute()

2025-10-07 16:10:59 +08:00 · 2021-01-17 21:26:29 +01:00
parent cc7afd6f35
commit 64422b391e
4 changed files with 14 additions and 26 deletions
--- a/pkg/auth/package_test.go
+++ b/pkg/auth/package_test.go
@@ -64,7 +64,7 @@ func TestAuth(t *testing.T) {
 					}()))
 				err = va.ValidateHeader(authorization, base.Announce,
-					base.MustParseURL("rtsp://myhost/mypath"))
+					base.MustParseURL("rtsp://myhost/mypath"), nil)
 				if conf != "nofail" {
 					require.Error(t, err)
@@ -99,7 +99,7 @@ func TestAuthVLC(t *testing.T) {
 			base.MustParseURL(ca.clientURL))
 		err = va.ValidateHeader(authorization, base.Announce,
-			base.MustParseURL(ca.serverURL))
+			base.MustParseURL(ca.serverURL), base.MustParseURL(ca.clientURL))
 		require.NoError(t, err)
 	}
 }
@@ -133,7 +133,7 @@ func TestAuthHashed(t *testing.T) {
 				base.MustParseURL("rtsp://myhost/mypath"))
 			err = se.ValidateHeader(authorization, base.Announce,
-				base.MustParseURL("rtsp://myhost/mypath"))
+				base.MustParseURL("rtsp://myhost/mypath"), nil)
 			if conf != "nofail" {
 				require.Error(t, err)
--- a/pkg/auth/validator.go
+++ b/pkg/auth/validator.go
@@ -90,7 +90,8 @@ func (va *Validator) GenerateHeader() base.HeaderValue {
 // ValidateHeader validates the Authorization header sent by a client after receiving the
 // WWW-Authenticate header.
-func (va *Validator) ValidateHeader(v base.HeaderValue, method base.Method, ur *base.URL) error {
+func (va *Validator) ValidateHeader(v base.HeaderValue, method base.Method, ur *base.URL,
 	altUrl *base.URL) error {
 	if len(v) == 0 {
 		return fmt.Errorf("authorization header not provided")
 	}
@@ -171,21 +172,21 @@ func (va *Validator) ValidateHeader(v base.HeaderValue, method base.Method, ur *
 			return fmt.Errorf("wrong username")
 		}
-		uri := ur.String()
+		urlString := ur.String()
-		if *auth.URI != uri {
+		if *auth.URI != urlString {
-			// VLC strips the control attribute; do another try without the control attribute
+			// do another try with the alternative URL
-			ur = ur.Clone()
+			if altUrl != nil {
-			ur.RemoveControlAttribute()
+				urlString = altUrl.String()
-			uri = ur.String()
+			}
-			if *auth.URI != uri {
+			if *auth.URI != urlString {
 				return fmt.Errorf("wrong url")
 			}
 		}
 		response := md5Hex(md5Hex(va.user+":"+va.realm+":"+va.pass) +
-			":" + va.nonce + ":" + md5Hex(string(method)+":"+uri))
+			":" + va.nonce + ":" + md5Hex(string(method)+":"+urlString))
 		if *auth.Response != response {
 			return fmt.Errorf("wrong response")
--- a/pkg/base/url.go
+++ b/pkg/base/url.go
@@ -151,16 +151,3 @@ func (u *URL) AddControlAttribute(controlPath string) {
 	nu, _ := ParseURL(u.String() + controlPath)
 	*u = *nu
 }
 // RemoveControlAttribute removes a control attribute from an URL.
 // We assume that the base path and control attribute are divided with a slash.
 func (u *URL) RemoveControlAttribute() {
 	_, controlPath, ok := u.BasePathControlAttr()
 	if !ok {
 		return
 	}
 	urStr := u.String()
 	nu, _ := ParseURL(urStr[:len(urStr)-len(controlPath)])
 	*u = *nu
 }
--- a/serverconn.go
+++ b/serverconn.go
@@ -461,7 +461,7 @@ func (sc *ServerConn) handleRequest(req *base.Request) (*base.Response, error) {
 			if !ok {
 				return &base.Response{
 					StatusCode: base.StatusBadRequest,
-				}, fmt.Errorf("unable to find control attribute (%s)", req.URL)
+				}, fmt.Errorf("invalid path (%s)", req.URL)
 			}
 			th, err := headers.ReadTransport(req.Header["Transport"])