curl/curl
1
1
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-09-16 17:12:43 +03:00
Code Issues Packages Projects Releases Wiki Activity

rtsp: fix RTSP auth

Browse Source 
Verified with test 3100

Fixes #4750
Closes #9870
This commit is contained in:
Daniel Stenberg 2022-11-08 15:34:12 +01:00
parent e46d388c87
commit 2bc04d4980
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
3 changed files with 22 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/KNOWN_BUGS
View File

@ -67,7 +67,6 @@ problems may have been fixed or changed somewhat since this was written.
6.5 NTLM does not support password with § character 6.5 NTLM does not support password with § character
6.6 libcurl can fail to try alternatives with --proxy-any 6.6 libcurl can fail to try alternatives with --proxy-any
6.7 Do not clear digest for single realm 6.7 Do not clear digest for single realm
6.8 RTSP authentication breaks without redirect support
6.9 SHA-256 digest not supported in Windows SSPI builds 6.9 SHA-256 digest not supported in Windows SSPI builds
6.10 curl never completes Negotiate over HTTP 6.10 curl never completes Negotiate over HTTP
6.11 Negotiate on Windows fails 6.11 Negotiate on Windows fails
@ -564,15 +563,6 @@ problems may have been fixed or changed somewhat since this was written.
https://github.com/curl/curl/issues/3267 https://github.com/curl/curl/issues/3267
6.8 RTSP authentication breaks without redirect support
RTSP authentication broke in 7.66.0. A work-around is to enable RTSP in
CURLOPT_REDIR_PROTOCOLS. Authentication should however not be considered an
actual redirect so a "proper" fix needs to be different and not require users
to allow redirects to RTSP to work.
See https://github.com/curl/curl/pull/4750
6.9 SHA-256 digest not supported in Windows SSPI builds 6.9 SHA-256 digest not supported in Windows SSPI builds
Windows builds of curl that have SSPI enabled use the native Windows API calls Windows builds of curl that have SSPI enabled use the native Windows API calls

9
lib/http.c
View File

@ -696,6 +696,15 @@ CURLcode Curl_http_auth_act(struct Curl_easy *data)
data->req.newurl = strdup(data->state.url); /* clone URL */ data->req.newurl = strdup(data->state.url); /* clone URL */
if(!data->req.newurl) if(!data->req.newurl)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
#ifndef CURL_DISABLE_RTSP
/*
* Authentication is treated as a redirect in Curl_follow(), so if this is
* done using RTSP we make it allow these "redirects" to RTSP (only). A
* safe assumption as no other redirects should happen from RTSP.
*/
if(conn->handler->protocol & CURLPROTO_RTSP)
data->set.redir_protocols = CURLPROTO_RTSP;
#endif
} }
else if((data->req.httpcode < 300) && else if((data->req.httpcode < 300) &&
(!data->state.authhost.done) && (!data->state.authhost.done) &&

13
lib/rtsp.c
View File

@ -267,6 +267,19 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done)
rtsp->CSeq_sent = data->state.rtsp_next_client_CSeq; rtsp->CSeq_sent = data->state.rtsp_next_client_CSeq;
rtsp->CSeq_recv = 0; rtsp->CSeq_recv = 0;
/* Setup the first_* fields to allow auth details get sent
to this origin */
/* Free to avoid leaking memory on multiple requests */
free(data->state.first_host);
data->state.first_host = strdup(conn->host.name);
if(!data->state.first_host)
return CURLE_OUT_OF_MEMORY;
data->state.first_remote_port = conn->remote_port;
data->state.first_remote_protocol = conn->handler->protocol;
/* Setup the 'p_request' pointer to the proper p_request string /* Setup the 'p_request' pointer to the proper p_request string
* Since all RTSP requests are included here, there is no need to * Since all RTSP requests are included here, there is no need to
* support custom requests like HTTP. * support custom requests like HTTP.