zishuo/rtsp-simple-server
1
0
Fork 0
mirror of https://github.com/aler9/rtsp-simple-server synced 2025-09-26 19:51:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

rtsp: fix reading with RTSP and hashed credentials (#4698) (#4700)

Browse Source
This commit is contained in:
Alessandro Ros
2025-07-07 10:42:39 +02:00
committed by GitHub
parent 00b570297a
commit 3e9ca21448
2 changed files with 23 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
internal/servers/rtsp/server_test.go
View File

@@ -75,6 +75,8 @@ func TestServerPublish(t *testing.T) {
pathManager := &test.PathManager{
AddPublisherImpl: func(req defs.PathAddPublisherReq) (defs.Path, error) {
if ca == "basic" {
require.Nil(t, req.AccessRequest.CustomVerifyFunc)
if req.AccessRequest.Credentials.User == "" && req.AccessRequest.Credentials.Pass == "" {
return nil, auth.Error{Message: "", AskCredentials: true}
}
@@ -91,6 +93,7 @@ func TestServerPublish(t *testing.T) {
}
require.True(t, ok)
}
return path, nil
},
}
@@ -191,6 +194,8 @@ func TestServerRead(t *testing.T) {
pathManager := &test.PathManager{
DescribeImpl: func(req defs.PathDescribeReq) defs.PathDescribeRes {
if ca == "basic" {
require.Nil(t, req.AccessRequest.CustomVerifyFunc)
if req.AccessRequest.Credentials.User == "" && req.AccessRequest.Credentials.Pass == "" {
return defs.PathDescribeRes{Err: auth.Error{Message: "", AskCredentials: true}}
}
@@ -216,6 +221,8 @@ func TestServerRead(t *testing.T) {
},
AddReaderImpl: func(req defs.PathAddReaderReq) (defs.Path, *stream.Stream, error) {
if ca == "basic" {
require.Nil(t, req.AccessRequest.CustomVerifyFunc)
require.Equal(t, "teststream", req.AccessRequest.Name)
require.Equal(t, "param=value", req.AccessRequest.Query)
require.Equal(t, "myuser", req.AccessRequest.Credentials.User)

25
internal/servers/rtsp/session.go
View File

@@ -215,18 +215,25 @@ func (s *session) onSetup(c *conn, ctx *gortsplib.ServerHandlerOnSetupCtx,
}
}
// CustomVerifyFunc prevents hashed credentials from working.
// Use it only when strictly needed.
var customVerifyFunc func(expectedUser, expectedPass string) bool
if contains(c.authMethods, rtspauth.VerifyMethodDigestMD5) {
customVerifyFunc = func(expectedUser, expectedPass string) bool {
return c.rconn.VerifyCredentials(ctx.Request, expectedUser, expectedPass)
}
}
switch s.rsession.State() {
case gortsplib.ServerSessionStateInitial, gortsplib.ServerSessionStatePrePlay: // play
req := defs.PathAccessRequest{
Name: ctx.Path,
Query: ctx.Query,
Proto: auth.ProtocolRTSP,
ID: &c.uuid,
Credentials: rtsp.Credentials(ctx.Request),
IP: c.ip(),
CustomVerifyFunc: func(expectedUser, expectedPass string) bool {
return c.rconn.VerifyCredentials(ctx.Request, expectedUser, expectedPass)
},
Name: ctx.Path,
Query: ctx.Query,
Proto: auth.ProtocolRTSP,
ID: &c.uuid,
Credentials: rtsp.Credentials(ctx.Request),
IP: c.ip(),
CustomVerifyFunc: customVerifyFunc,
}
path, stream, err := s.pathManager.AddReader(defs.PathAddReaderReq{