rtsp: fix authentication when algorithm field is not supported (#3116)

go.mod

@@ -9,7 +9,7 @@ require (
 	github.com/abema/go-mp4 v1.2.0
 	github.com/alecthomas/kong v0.9.0
 	github.com/bluenviron/gohlslib v1.3.2
-	github.com/bluenviron/gortsplib/v4 v4.9.0
+	github.com/bluenviron/gortsplib/v4 v4.9.1-0.20240515082130-f283abc2e7cd
 	github.com/bluenviron/mediacommon v1.10.0
 	github.com/datarhei/gosrt v0.6.0
 	github.com/fsnotify/fsnotify v1.7.0

go.sum

@@ -22,8 +22,8 @@ github.com/benburkert/openpgp v0.0.0-20160410205803-c2471f86866c h1:8XZeJrs4+ZYh
 github.com/benburkert/openpgp v0.0.0-20160410205803-c2471f86866c/go.mod h1:x1vxHcL/9AVzuk5HOloOEPrtJY0MaalYr78afXZ+pWI=
 github.com/bluenviron/gohlslib v1.3.2 h1:xRiPfMIeYCkspL6jYa7Qrl4pIY+1w7IvFjx49CsyfKY=
 github.com/bluenviron/gohlslib v1.3.2/go.mod h1:1/m7A2o5IWyBdZeauXe2bViu2l1mL2l8DMQl9302A2U=
-github.com/bluenviron/gortsplib/v4 v4.9.0 h1:Zm/XuKDBQrU0Hcm4wqBhGX0U3hUAVh0Wm7cvJpbJWyU=
-github.com/bluenviron/gortsplib/v4 v4.9.0/go.mod h1:0XtUPbNFHNpMz4Sa70PmSelvclWTTJujHfSKkhuLpxg=
+github.com/bluenviron/gortsplib/v4 v4.9.1-0.20240515082130-f283abc2e7cd h1:w1Uml4bXdixu7cArQ3JyiZTpaKzZ31eP9+bWoPPkWcY=
+github.com/bluenviron/gortsplib/v4 v4.9.1-0.20240515082130-f283abc2e7cd/go.mod h1:iLJ1tmwGMbaN04ZYh/KRlAHsCbz9Rycn7cPAvdR+Vkc=
 github.com/bluenviron/mediacommon v1.10.0 h1:ffIWaS+1vYpPLV6QOt4VEvIlb/OKtodzagzsY6EDOnw=
 github.com/bluenviron/mediacommon v1.10.0/go.mod h1:HDyW2CzjvhYJXtdxstdFPio3G0qSocPhqkhUt/qffec=
 github.com/bytedance/sonic v1.11.6 h1:oUp34TzMlL+OY1OUWxHqsdkgC/Zfc85zGqw9siXjrc0=

internal/auth/manager.go

@@ -110,7 +110,7 @@ type Manager struct {
 	HTTPExclude     []conf.AuthInternalUserPermission
 	JWTJWKS         string
 	ReadTimeout     time.Duration
-	RTSPAuthMethods []headers.AuthMethod
+	RTSPAuthMethods []auth.ValidateMethod
 
 	mutex          sync.RWMutex
 	jwtHTTPClient  *http.Client
@@ -137,19 +137,15 @@ func (m *Manager) Authenticate(req *Request) error {
 func (m *Manager) authenticateInner(req *Request) error {
 	// if this is a RTSP request, fill username and password
 	var rtspAuthHeader headers.Authorization
+
 	if req.RTSPRequest != nil {
 		err := rtspAuthHeader.Unmarshal(req.RTSPRequest.Header["Authorization"])
 		if err == nil {
-			switch rtspAuthHeader.Method {
-			case headers.AuthBasic:
+			if rtspAuthHeader.Method == headers.AuthMethodBasic {
 				req.User = rtspAuthHeader.BasicUser
 				req.Pass = rtspAuthHeader.BasicPass
-
-			case headers.AuthDigestMD5:
+			} else { // digest
 				req.User = rtspAuthHeader.Username
-
-			default:
-				return fmt.Errorf("unsupported RTSP authentication method")
 			}
 		}
 	}
@@ -197,7 +193,7 @@ func (m *Manager) authenticateWithUser(
 	}
 
 	if u.User != "any" {
-		if req.RTSPRequest != nil && rtspAuthHeader.Method == headers.AuthDigestMD5 {
+		if req.RTSPRequest != nil && rtspAuthHeader.Method == headers.AuthMethodDigest {
 			err := auth.Validate(
 				req.RTSPRequest,
 				string(u.User),

internal/auth/manager_test.go

@@ -13,7 +13,6 @@ import (
 	"github.com/MicahParks/jwkset"
 	"github.com/bluenviron/gortsplib/v4/pkg/auth"
 	"github.com/bluenviron/gortsplib/v4/pkg/base"
-	"github.com/bluenviron/gortsplib/v4/pkg/headers"
 	"github.com/bluenviron/mediamtx/internal/conf"
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/stretchr/testify/require"
@@ -157,14 +156,14 @@ func TestAuthInternalRTSPDigest(t *testing.T) {
 			},
 		},
 		HTTPAddress:     "",
-		RTSPAuthMethods: []headers.AuthMethod{headers.AuthDigestMD5},
+		RTSPAuthMethods: []auth.ValidateMethod{auth.ValidateMethodDigestMD5},
 	}
 
 	u, err := base.ParseURL("rtsp://127.0.0.1:8554/mypath")
 	require.NoError(t, err)
 
 	s, err := auth.NewSender(
-		auth.GenerateWWWAuthenticate([]headers.AuthMethod{headers.AuthDigestMD5}, "IPCAM", "mynonce"),
+		auth.GenerateWWWAuthenticate([]auth.ValidateMethod{auth.ValidateMethodDigestMD5}, "IPCAM", "mynonce"),
 		"myuser",
 		"mypass",
 	)

internal/conf/conf.go

@@ -15,7 +15,7 @@ import (
 
 	"github.com/bluenviron/gohlslib"
 	"github.com/bluenviron/gortsplib/v4"
-	"github.com/bluenviron/gortsplib/v4/pkg/headers"
+	"github.com/bluenviron/gortsplib/v4/pkg/auth"
 
 	"github.com/bluenviron/mediamtx/internal/conf/decrypt"
 	"github.com/bluenviron/mediamtx/internal/conf/env"
@@ -47,7 +47,7 @@ func firstThatExists(paths []string) string {
 	return ""
 }
 
-func contains(list []headers.AuthMethod, item headers.AuthMethod) bool {
+func contains(list []auth.ValidateMethod, item auth.ValidateMethod) bool {
 	for _, i := range list {
 		if i == item {
 			return true
@@ -359,7 +359,7 @@ func (conf *Conf) setDefaults() {
 	conf.MulticastRTCPPort = 8003
 	conf.ServerKey = "server.key"
 	conf.ServerCert = "server.crt"
-	conf.RTSPAuthMethods = RTSPAuthMethods{headers.AuthBasic}
+	conf.RTSPAuthMethods = RTSPAuthMethods{auth.ValidateMethodBasic}
 
 	// RTMP server
 	conf.RTMP = true
@@ -577,7 +577,7 @@ func (conf *Conf) Validate() error {
 	if conf.AuthMethods != nil {
 		conf.RTSPAuthMethods = *conf.AuthMethods
 	}
-	if contains(conf.RTSPAuthMethods, headers.AuthDigestMD5) {
+	if contains(conf.RTSPAuthMethods, auth.ValidateMethodDigestMD5) {
 		if conf.AuthMethod != AuthMethodInternal {
 			return fmt.Errorf("when RTSP digest is enabled, the only supported auth method is 'internal'")
 		}

internal/conf/rtsp_auth_methods.go

@@ -6,19 +6,19 @@
 	"sort"
 	"strings"
 
-	"github.com/bluenviron/gortsplib/v4/pkg/headers"
+	"github.com/bluenviron/gortsplib/v4/pkg/auth"
 )
 
 // RTSPAuthMethods is the rtspAuthMethods parameter.
-type RTSPAuthMethods []headers.AuthMethod
+type RTSPAuthMethods []auth.ValidateMethod
 
 // MarshalJSON implements json.Marshaler.
 func (d RTSPAuthMethods) MarshalJSON() ([]byte, error) {
 	out := make([]string, len(d))
 
 	for i, v := range d {
 		switch v {
-		case headers.AuthBasic:
+		case auth.ValidateMethodBasic:
 			out[i] = "basic"
 
 		default:
@@ -43,10 +43,10 @@
 	for _, v := range in {
 		switch v {
 		case "basic":
-			*d = append(*d, headers.AuthBasic)
+			*d = append(*d, auth.ValidateMethodBasic)
 
 		case "digest":
-			*d = append(*d, headers.AuthDigestMD5)
+			*d = append(*d, auth.ValidateMethodDigestMD5)
 
 		default:
 			return fmt.Errorf("invalid authentication method: '%s'", v)

internal/servers/rtsp/conn.go

@@ -9,7 +9,6 @@ import (
 	"github.com/bluenviron/gortsplib/v4"
 	rtspauth "github.com/bluenviron/gortsplib/v4/pkg/auth"
 	"github.com/bluenviron/gortsplib/v4/pkg/base"
-	"github.com/bluenviron/gortsplib/v4/pkg/headers"
 	"github.com/google/uuid"
 
 	"github.com/bluenviron/mediamtx/internal/auth"
@@ -27,7 +26,7 @@ const (
 type conn struct {
 	isTLS               bool
 	rtspAddress         string
-	authMethods         []headers.AuthMethod
+	authMethods         []rtspauth.ValidateMethod
 	readTimeout         conf.StringDuration
 	runOnConnect        string
 	runOnConnectRestart bool

internal/servers/rtsp/server.go

@@ -12,8 +12,8 @@ import (
 	"time"
 
 	"github.com/bluenviron/gortsplib/v4"
+	"github.com/bluenviron/gortsplib/v4/pkg/auth"
 	"github.com/bluenviron/gortsplib/v4/pkg/base"
-	"github.com/bluenviron/gortsplib/v4/pkg/headers"
 	"github.com/bluenviron/gortsplib/v4/pkg/liberrors"
 	"github.com/google/uuid"
 
@@ -59,7 +59,7 @@ type serverParent interface {
 // Server is a RTSP server.
 type Server struct {
 	Address             string
-	AuthMethods         []headers.AuthMethod
+	AuthMethods         []auth.ValidateMethod
 	ReadTimeout         conf.StringDuration
 	WriteTimeout        conf.StringDuration
 	WriteQueueSize      int

internal/servers/rtsp/server_test.go

@@ -5,10 +5,10 @@ import (
 	"time"
 
 	"github.com/bluenviron/gortsplib/v4"
+	"github.com/bluenviron/gortsplib/v4/pkg/auth"
 	"github.com/bluenviron/gortsplib/v4/pkg/base"
 	"github.com/bluenviron/gortsplib/v4/pkg/description"
 	"github.com/bluenviron/gortsplib/v4/pkg/format"
-	"github.com/bluenviron/gortsplib/v4/pkg/headers"
 	"github.com/bluenviron/mediamtx/internal/asyncwriter"
 	"github.com/bluenviron/mediamtx/internal/conf"
 	"github.com/bluenviron/mediamtx/internal/defs"
@@ -93,7 +93,7 @@ func TestServerPublish(t *testing.T) {
 
 	s := &Server{
 		Address:             "127.0.0.1:8557",
-		AuthMethods:         []headers.AuthMethod{headers.AuthBasic},
+		AuthMethods:         []auth.ValidateMethod{auth.ValidateMethodBasic},
 		ReadTimeout:         conf.StringDuration(10 * time.Second),
 		WriteTimeout:        conf.StringDuration(10 * time.Second),
 		WriteQueueSize:      512,
@@ -184,7 +184,7 @@ func TestServerRead(t *testing.T) {
 
 	s := &Server{
 		Address:             "127.0.0.1:8557",
-		AuthMethods:         []headers.AuthMethod{headers.AuthBasic},
+		AuthMethods:         []auth.ValidateMethod{auth.ValidateMethodBasic},
 		ReadTimeout:         conf.StringDuration(10 * time.Second),
 		WriteTimeout:        conf.StringDuration(10 * time.Second),
 		WriteQueueSize:      512,