rtsp authentication

[H]

I have setup crtmpserver to stream over rtsp feeded by ffmpeg. I would like to add authentication (I prefer feeding only from local host and access only with a password) so I uncommented the entries in the user file and flvplayback. Now both feeding and connecting to the stream give me an error. When I now try to feed with ffmpeg with 'http://user1:password1@localhost:8554/live' then I get the error below. I probably am missing something obvious..... all suggestions welcome.


/build/buildd/crtmpserver-1.0~dfsg/thelib/src/netio/epoll/tcpacceptor.cpp:154 Client connected: 127.0.0.1:56785 -> 0.0.0.0:8554
/build/buildd/crtmpserver-1.0~dfsg/thelib/src/netio/epoll/iohandlermanager.cpp:100 Handlers count changed: 2->3 IOHT_TCP_CARRIER
/build/buildd/crtmpserver-1.0~dfsg/thelib/src/protocols/rtp/rtspprotocol.cpp:709 Not enough data. Wanted: 291; got: 0
/build/buildd/crtmpserver-1.0~dfsg/thelib/src/protocols/rtp/rtspprotocol.cpp:709 Not enough data. Wanted: 291; got: 0
/build/buildd/crtmpserver-1.0~dfsg/thelib/src/protocols/http/httpauthhelper.cpp:229 Invalid character detected
/build/buildd/crtmpserver-1.0~dfsg/thelib/src/protocols/http/httpauthhelper.cpp:80 Unable to parse response: Digest username="user1",realm="My realm...",nonce="be61670412c275e87ad917c1e2bd36c0",uri="rtsp://localhost:8554/live",response="fff062142471dfe054aa640bcb993476",algorithm=MD5
/build/buildd/crtmpserver-1.0~dfsg/thelib/src/protocols/rtp/basertspappprotocolhandler.cpp:319 Authorization failed: challenge: Digest realm="My realm...", nonce="be61670412c275e87ad917c1e2bd36c0", algorithm="MD5"; response: Digest username="user1",realm="My realm...",nonce="be61670412c275e87ad917c1e2bd36c0",uri="rtsp://localhost:8554/live",response="fff062142471dfe054aa640bcb993476",algorithm=MD5
/build/buildd/crtmpserver-1.0~dfsg/thelib/src/netio/epoll/tcpcarrier.cpp:78 Unable to read data. 127.0.0.1:56785 -> 127.0.0.1:8554
/build/buildd/crtmpserver-1.0~dfsg/thelib/src/netio/epoll/iohandlermanager.cpp:109 Handlers count changed: 3->2 IOHT_TCP_CARRIER
/build/buildd/crtmpserver-1.0~dfsg/thelib/src/protocols/protocolmanager.cpp:44 Enqueue for delete for protocol [RTSP(8)]
/build/buildd/crtmpserver-1.0~dfsg/thelib/src/application/baseclientapplication.cpp:216 Protocol [RTSP(8)] unregistered from application: flvplayback



# cat applications/flvplayback.lua
application=
{
        description="FLV Playback Sample",
        name="flvplayback",
        protocol="dynamiclinklibrary",
        mediaFolder="/var/lib/crtmpserver/mediaFolder",
        aliases=
        {
                "simpleLive",
                "vod",
                "live",
                "WeeklyQuest",
                "SOSample",
                "oflaDemo",
        },
        acceptors =
        {
                {
                        ip="0.0.0.0",
                        port=554,
                        protocol="inboundRtsp"
                },
                {
                        ip="0.0.0.0",
                        port=8554,
                        protocol="inboundRtsp"
                },
},
        externalStreams =
        {

        },
        validateHandshake=true,
        keyframeSeek=true,
        seekGranularity=1.5, --in seconds, between 0.1 and 600
        clientSideBuffer=12, --in seconds, between 5 and 30
        --generateMetaFiles=true, --this will generate seek/meta files on application startup
        --renameBadFiles=false,
        --enableCheckBandwidth=true,
        authentication=
        {
                rtmp={
                        type="adobe",
                        encoderAgents=
                        {
                                "FMLE/3.0 (compatible; FMSc/1.0)",
                                "My user agent",
                        },
                        usersFile="/etc/crtmpserver/conf.d/users.lua"
                },
                rtsp={
                        usersFile="/etc/crtmpserver/conf.d/users.lua"
                }
        },
}


# cat conf.d/users.lua
users=
{
        broadcast="vbrick",
        user1="password1",
        user2="password2",
        user3="password3",
        gigi="spaima",
        a="a",
}

realms=
{
        {
                name="My realm...",
                method="Digest",
                users={
                        "user1",
                        "user3"
                },
        },
        {
                name="My second realm...",
                method="Basic",
                users={
                        "user2",
                        "broadcast",
                        "user1",
                        "gigi"
                },
        }
}

[C++ RTMP Server]

Hi,

The URI is wrong. It should be rtsp://.…

Second, can you trap the 8554 traffic into a pcap file?

Best regards,
Andrei
------
C++ RTMP Server
Web: http://www.rtmpd.com

> --
> You received this message because you are subscribed to "C++ RTMP Server" mailing list.
> To post to this group, send email to c-rtmp...@googlegroups.com
> To unsubscribe from this group, send email to
> c-rtmp-serve...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/c-rtmp-server?hl=en
>
> ---
> You received this message because you are subscribed to the Google Groups "C++ RTMP Server" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to c-rtmp-serve...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

[C++ RTMP Server]

Oh, and another thing:

Please read the forum description here:
https://groups.google.com/forum/#!forum/c-rtmp-server

Best regards,
Andrei

------
C++ RTMP Server
Web: http://www.rtmpd.com

On Jul 10, 2013, at 12:28 PM, H <haa...@gmail.com> wrote:

[H]

On Wednesday, 10 July 2013 13:02:58 UTC+2, Eugen-Andrei Gavriloaie wrote:

Hi,

The URI is wrong. It should be rtsp://.…

the full command line I use is:
~/bin/ffmpeg -vn -f pulse -i default -c:a libfdk_aac -b:a 24k -ar 16000 -ac 1 -f rtsp -metadata title=desktop http://user1:password1@localhost:8554/live
 
should it be rtsp:// instead if http://? without authentication this line works fine

Second, can you trap the 8554 traffic into a pcap file?

I have no experience with that. I used:
tcpdump -i lo -w crtmpserver.tcpdump 'port 8554'
and attached the output for the above mentioned commandline with both http as well as rtsp

thx.

[C++ RTMP Server]

Hi,

Looking at the pcap file I saw this request from ffmpeg:

Authorization: Digest username="user1",realm="My realm...",nonce="...",uri="rtsp://localhost:8554/live",response="...",algorithm=MD5

(I have replaced some values for brevity)

algorithm=MD5 is incorrect.

It should be:
algorithm="MD5"

I know this current version should also be "tolerated", but is essentially against the RFC2069.
http://tools.ietf.org/html/rfc2069

Chapter 2.1.1 The WWW-Authenticate Response Header:
algorithm = "algorithm" "=" ( "MD5" | token )


crtmpserver tries to adhere to that RFC and doesn't try to tolerate mistakes/errors because it will overcomplicate the code and leave room for other issues

Best regards,
Andrei

------
C++ RTMP Server
Web: http://www.rtmpd.com

> --
> You received this message because you are subscribed to "C++ RTMP Server" mailing list.
> To post to this group, send email to c-rtmp...@googlegroups.com
> To unsubscribe from this group, send email to
> c-rtmp-serve...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/c-rtmp-server?hl=en
>
> ---
> You received this message because you are subscribed to the Google Groups "C++ RTMP Server" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to c-rtmp-serve...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

> <crtmpserver-ffmpeg-rtsp-http-auth.tcpdump><crtmpserver-ffmpeg-rtsp-rtsp-auth.tcpdump>

[Haarman]

it's very nice to have a proper implementation but if ffmpeg does not support it how can I feed the server?

I actually don't care about authentication for the feed if I could set it to only accept from local host and then set authentication for clients. Is that possible? However then the clients must support it and the first client I tried a dump of does also send the MD5 without the ".

If the programs one uses are not supported what is the use of staying so strict with the implementation?

Regards,

[C++ RTMP Server]

Hi,

I agree with your "staying so strict " observation, it will definitely cause troubles. But staying strict is easier to implement. Besides, on ffmpeg part, fixing this bug is just a matter of concatenating the " marks, while for me to fix crtmpserver, is way more work to do.

As for your root question, here is a link that, at some point, I have to copy it over a wiki or something. Made the mistake to write it there instead of here:
http://stackoverflow.com/questions/7628060/re-stream-a-mpeg2-ts-pal-stream-with-crtmpserver

Best regards,
Andrei

------
C++ RTMP Server
Web: http://www.rtmpd.com

[Haarman]

Andrei,

thank you for your fast reply. I do not however see what new info your reply on stackoverflow adds to our discussion. I already am feeding crtmpserver with the feed via ffmpeg and playing it on a client. All works fine. I just wanted to make sure others could not use my server to stream content and control the use of the streaming by having authenticated users. I did see neither of those on the explanation there.

Regards,
Jordi

[C++ RTMP Server]

Hi,

You have the following options:

1. RTMP with Adobe authentication. Currently known by FMLE
2. RTSP announce with authentication, just like you have tried. But fix ffmpeg/avconv. I believe is easy as well
3. Use EvoStream (the commercial version). This one has "ingest points".

Best regards,
Andrei

------
C++ RTMP Server
Web: http://www.rtmpd.com