mirror of
https://github.com/ZLMediaKit/ZLMediaKit.git
synced 2024-11-22 10:40:05 +08:00
修复rtsp basic鉴权相关bug: #2087
This commit is contained in:
parent
87353534af
commit
034e29b25a
@ -245,23 +245,19 @@ public:
|
||||
_printer << "a=rtpmap:" << payload_type << " " << getCodecName() << "/" << 90000 << "\r\n";
|
||||
_printer << "a=fmtp:" << payload_type << " packetization-mode=1; profile-level-id=";
|
||||
|
||||
char strTemp[1024];
|
||||
uint32_t profile_level_id = 0;
|
||||
if (strSPS.length() >= 4) { // sanity check
|
||||
profile_level_id = (uint8_t(strSPS[1]) << 16) |
|
||||
(uint8_t(strSPS[2]) << 8) |
|
||||
(uint8_t(strSPS[3])); // profile_idc|constraint_setN_flag|level_idc
|
||||
}
|
||||
memset(strTemp, 0, sizeof(strTemp));
|
||||
snprintf(strTemp, sizeof(strTemp), "%06X", profile_level_id);
|
||||
_printer << strTemp;
|
||||
|
||||
char profile[8];
|
||||
snprintf(profile, sizeof(profile), "%06X", profile_level_id);
|
||||
_printer << profile;
|
||||
_printer << "; sprop-parameter-sets=";
|
||||
memset(strTemp, 0, sizeof(strTemp));
|
||||
av_base64_encode(strTemp, sizeof(strTemp), (uint8_t *)strSPS.data(), (int)strSPS.size());
|
||||
_printer << strTemp << ",";
|
||||
memset(strTemp, 0, sizeof(strTemp));
|
||||
av_base64_encode(strTemp, sizeof(strTemp), (uint8_t *)strPPS.data(), (int)strPPS.size());
|
||||
_printer << strTemp << "\r\n";
|
||||
_printer << encodeBase64(strSPS) << ",";
|
||||
_printer << encodeBase64(strPPS) << "\r\n";
|
||||
_printer << "a=control:trackID=" << (int)TrackVideo << "\r\n";
|
||||
}
|
||||
|
||||
|
@ -580,16 +580,16 @@ void RtspPlayer::sendRtspRequest(const string &cmd, const string &url, const std
|
||||
|
||||
void RtspPlayer::sendRtspRequest(const string &cmd, const string &url,const StrCaseMap &header_const) {
|
||||
auto header = header_const;
|
||||
header.emplace("CSeq",StrPrinter << _cseq_send++);
|
||||
header.emplace("User-Agent",kServerName);
|
||||
header.emplace("CSeq", StrPrinter << _cseq_send++);
|
||||
header.emplace("User-Agent", kServerName);
|
||||
|
||||
if(!_session_id.empty()){
|
||||
if (!_session_id.empty()) {
|
||||
header.emplace("Session", _session_id);
|
||||
}
|
||||
|
||||
if(!_realm.empty() && !(*this)[Client::kRtspUser].empty()){
|
||||
if(!_md5_nonce.empty()){
|
||||
//MD5认证
|
||||
if (!_realm.empty() && !(*this)[Client::kRtspUser].empty()) {
|
||||
if (!_md5_nonce.empty()) {
|
||||
// MD5认证
|
||||
/*
|
||||
response计算方法如下:
|
||||
RTSP客户端应该使用username + password并计算response如下:
|
||||
@ -599,7 +599,7 @@ void RtspPlayer::sendRtspRequest(const string &cmd, const string &url,const StrC
|
||||
response= md5( md5(username:realm:password):nonce:md5(public_method:url) );
|
||||
*/
|
||||
string encrypted_pwd = (*this)[Client::kRtspPwd];
|
||||
if(!(*this)[Client::kRtspPwdIsMD5].as<bool>()){
|
||||
if (!(*this)[Client::kRtspPwdIsMD5].as<bool>()) {
|
||||
encrypted_pwd = MD5((*this)[Client::kRtspUser] + ":" + _realm + ":" + encrypted_pwd).hexdigest();
|
||||
}
|
||||
auto response = MD5(encrypted_pwd + ":" + _md5_nonce + ":" + MD5(cmd + ":" + url).hexdigest()).hexdigest();
|
||||
@ -610,13 +610,11 @@ void RtspPlayer::sendRtspRequest(const string &cmd, const string &url,const StrC
|
||||
printer << "nonce=\"" << _md5_nonce << "\", ";
|
||||
printer << "uri=\"" << url << "\", ";
|
||||
printer << "response=\"" << response << "\"";
|
||||
header.emplace("Authorization",printer);
|
||||
}else if(!(*this)[Client::kRtspPwdIsMD5].as<bool>()){
|
||||
//base64认证
|
||||
string authStr = StrPrinter << (*this)[Client::kRtspUser] << ":" << (*this)[Client::kRtspPwd];
|
||||
char authStrBase64[1024] = {0};
|
||||
av_base64_encode(authStrBase64, sizeof(authStrBase64), (uint8_t *) authStr.data(), (int) authStr.size());
|
||||
header.emplace("Authorization",StrPrinter << "Basic " << authStrBase64 );
|
||||
header.emplace("Authorization", printer);
|
||||
} else if (!(*this)[Client::kRtspPwdIsMD5].as<bool>()) {
|
||||
// base64认证
|
||||
auto authStrBase64 = encodeBase64((*this)[Client::kRtspUser] + ":" + (*this)[Client::kRtspPwd]);
|
||||
header.emplace("Authorization", StrPrinter << "Basic " << authStrBase64);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -537,10 +537,8 @@ void RtspPusher::sendRtspRequest(const string &cmd, const string &url,const StrC
|
||||
printer << "response=\"" << response << "\"";
|
||||
header.emplace("Authorization", printer);
|
||||
} else if (!(*this)[Client::kRtspPwdIsMD5].as<bool>()) {
|
||||
//base64认证
|
||||
string authStr = StrPrinter << (*this)[Client::kRtspUser] << ":" << (*this)[Client::kRtspPwd];
|
||||
char authStrBase64[1024] = {0};
|
||||
av_base64_encode(authStrBase64, sizeof(authStrBase64), (uint8_t *) authStr.data(), (int)authStr.size());
|
||||
// base64认证
|
||||
auto authStrBase64 = encodeBase64((*this)[Client::kRtspUser] + ":" + (*this)[Client::kRtspPwd]);
|
||||
header.emplace("Authorization", StrPrinter << "Basic " << authStrBase64);
|
||||
}
|
||||
}
|
||||
|
@ -448,31 +448,26 @@ void RtspSession::onAuthSuccess() {
|
||||
}
|
||||
|
||||
void RtspSession::onAuthFailed(const string &realm,const string &why,bool close) {
|
||||
GET_CONFIG(bool,authBasic,Rtsp::kAuthBasic);
|
||||
GET_CONFIG(bool, authBasic, Rtsp::kAuthBasic);
|
||||
if (!authBasic) {
|
||||
//我们需要客户端优先以md5方式认证
|
||||
// 我们需要客户端优先以md5方式认证
|
||||
_auth_nonce = makeRandStr(32);
|
||||
sendRtspResponse("401 Unauthorized",
|
||||
{"WWW-Authenticate",
|
||||
StrPrinter << "Digest realm=\"" << realm << "\",nonce=\"" << _auth_nonce << "\"" });
|
||||
}else {
|
||||
//当然我们也支持base64认证,但是我们不建议这样做
|
||||
sendRtspResponse("401 Unauthorized",
|
||||
{"WWW-Authenticate",
|
||||
StrPrinter << "Basic realm=\"" << realm << "\"" });
|
||||
sendRtspResponse("401 Unauthorized", { "WWW-Authenticate", StrPrinter << "Digest realm=\"" << realm << "\",nonce=\"" << _auth_nonce << "\"" });
|
||||
} else {
|
||||
// 当然我们也支持base64认证,但是我们不建议这样做
|
||||
sendRtspResponse("401 Unauthorized", { "WWW-Authenticate", StrPrinter << "Basic realm=\"" << realm << "\"" });
|
||||
}
|
||||
if(close){
|
||||
shutdown(SockException(Err_shutdown,StrPrinter << "401 Unauthorized:" << why));
|
||||
if (close) {
|
||||
shutdown(SockException(Err_shutdown, StrPrinter << "401 Unauthorized:" << why));
|
||||
}
|
||||
}
|
||||
|
||||
void RtspSession::onAuthBasic(const string &realm,const string &auth_base64){
|
||||
void RtspSession::onAuthBasic(const string &realm, const string &auth_base64) {
|
||||
//base64认证
|
||||
char user_pwd_buf[512];
|
||||
av_base64_decode((uint8_t *) user_pwd_buf, auth_base64.data(), (int)auth_base64.size());
|
||||
auto user_pwd_vec = split(user_pwd_buf, ":");
|
||||
auto user_passwd = decodeBase64(auth_base64);
|
||||
auto user_pwd_vec = split(user_passwd, ":");
|
||||
if (user_pwd_vec.size() < 2) {
|
||||
//认证信息格式不合法,回复401 Unauthorized
|
||||
// 认证信息格式不合法,回复401 Unauthorized
|
||||
onAuthFailed(realm, "can not find user and passwd when basic64 auth");
|
||||
return;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user