[rtmpdump] [PATCH] Publisher authentication
Steve McFarlin
steve at stevemcfarlin.com
Thu Feb 3 02:01:16 CET 2011
On Feb 2, 2011, at 4:05 PM, Steve McFarlin wrote:
>
> On Feb 2, 2011, at 1:33 PM, Steve McFarlin wrote:
>
>>
>> On Feb 2, 2011, at 1:08 PM, Howard Chu wrote:
>>
>>> Steve McFarlin wrote:
>>>>
>>>> On Feb 2, 2011, at 12:03 PM, Steve McFarlin wrote:
>>>>
>>>>> The attached adobe auth patch has an infinite recursion in it. I believe it is the one from Sergiy.
>>>>>
>>>>> Stack Trace:
>>>>> ..
>>>>> ...
>>>>> #743 0x0047a818 in RTMP_ConnectStream at rtmp.c:1047
>>>>> #744 0x0047c2c6 in HandleInvoke at rtmp.c:2765
>>>>> #745 0x0047ae92 in RTMP_ClientPacket at rtmp.c:1248
>>>>> #746 0x0047a818 in RTMP_ConnectStream at rtmp.c:1047
>>>>> #747 0x0047c2c6 in HandleInvoke at rtmp.c:2765
>>>>> #748 0x0047ae92 in RTMP_ClientPacket at rtmp.c:1248
>>>>> #749 0x0047a818 in RTMP_ConnectStream at rtmp.c:1047
>>>>> #750 0x0047c2c6 in HandleInvoke at rtmp.c:2765
>>>>> #751 0x0047ae92 in RTMP_ClientPacket at rtmp.c:1248
>>>>> #752 0x0047a818 in RTMP_ConnectStream at rtmp.c:1047
>>>>>
>>>>> The above file offsets may be different then a auto patched librtmp. I had to manually patch.
>>>>>
>>>>> This occurs when connecting to a Wowza Media Server using an invalid application for publishing. The server rejects the connection and then the following block in HandleInvoke initiates the infinite recursion. Specifically the call to RTMP_ConnectStream. I have not had a chance to fix this. If I patch the patch I will post it.
>>>>>
>>>>> else if (AVMATCH(&method,&av_close))
>>>>> {
>>>>> RTMP_Log(RTMP_LOGERROR, "rtmp server requested close");
>>>>> RTMP_Close(r);
>>>>> #ifdef CRYPTO
>>>>> if ((r->Link.protocol& RTMP_FEATURE_WRITE)&&
>>>>> !(r->Link.pFlags& RTMP_PUB_CLEAN)&&
>>>>> ( !(r->Link.pFlags& RTMP_PUB_NAME) ||
>>>>> !(r->Link.pFlags& RTMP_PUB_RESP) ||
>>>>> (r->Link.pFlags& RTMP_PUB_CLATE) ) )
>>>>> {
>>>>> /* clean later */
>>>>> if(r->Link.pFlags& RTMP_PUB_CLATE)
>>>>> r->Link.pFlags |= RTMP_PUB_CLEAN;
>>>>> RTMP_Log(RTMP_LOGERROR, "authenticating publisher");
>>>>>
>>>>> if (!RTMP_Connect(r, NULL) || !RTMP_ConnectStream(r, 0))
>>>>> goto leave;
>>>>> }
>>>>> #endif
>>>>> }
>>>>>
>>>>
>>>> The quick and easy fix without understanding the implications is to just 'goto leave;' after the RTMP_Close(r) call. You could optionally remove the CRYPTO code all together. The issue is RTMP_Connect will return true as long as a connection can be made. And as mentioned above RTMP_ConnectStream will end up calling back into HandleInvoke.
>>>>
>>>> Again, I did not mentally trace this code. I don't know the implications of my suggestion. All I know is that it works in the few tests I preformed.
>>>
>>> This piece of your patch was almost certainly applied wrong. There's no way you should be trying to connect after receiving a close request.
>>>
>>
>> This is a definite possibility as patch had issues applying to the sources, so I had to manually apply a portion of it. However, it does not look like it . Here is the relevant code from the patch
>>
>> }
>> else if (AVMATCH(&method, &av_close))
>> {
>> RTMP_Log(RTMP_LOGERROR, "rtmp server requested close");
>> RTMP_Close(r);
>> +#ifdef CRYPTO
>> + if ((r->Link.protocol & RTMP_FEATURE_WRITE) &&
>> + !(r->Link.pFlags & RTMP_PUB_CLEAN) &&
>> + ( !(r->Link.pFlags & RTMP_PUB_NAME) ||
>> + !(r->Link.pFlags & RTMP_PUB_RESP) ||
>> + (r->Link.pFlags & RTMP_PUB_CLATE) ) )
>> + {
>> + /* clean later */
>> + if(r->Link.pFlags & RTMP_PUB_CLATE)
>> + r->Link.pFlags |= RTMP_PUB_CLEAN;
>> + RTMP_Log(RTMP_LOGERROR, "authenticating publisher");
>> +
>> + if (!RTMP_Connect(r, NULL) || !RTMP_ConnectStream(r, 0))
>> + goto leave;
>> + }
>> +#endif
>> }
>> else if (AVMATCH(&method, &av_onStatus))
>>
>>
>> I do not see another "else if (AVMATCH(&method, &av_close))" anywhere in the code. It could be possible I am using a early patch. I did notice there were a few floating around from Sergiy.
>
> The above code is required for the authentication to work. It looks like it takes a few attempts for the authentication to be accepted. I have no idea why. Maybe I will look into it later.
>
> steve
It may very well be my lack of understanding of how patch works. I believe I patched correctly. Anyway, it looks like the proper place for the code between the CRYPTO tags is in the clause just above it. The patch code has these lines:
/* if PublisherAuth returns 1, then reconnect */
PublisherAuth(r, &description);
But does nothing after this. Putting the above code between the CRYPTO define solves the issue.
if (PublisherAuth(r, &description)) {
RTMP_Log(RTMP_LOGERROR, "RTMP SERVER REQUESTED CLOSE");
RTMP_Close(r);
if ((r->Link.protocol & RTMP_FEATURE_WRITE) &&
!(r->Link.pFlags & RTMP_PUB_CLEAN) &&
( !(r->Link.pFlags & RTMP_PUB_NAME) ||
!(r->Link.pFlags & RTMP_PUB_RESP) ||
(r->Link.pFlags & RTMP_PUB_CLATE) ) )
{
/* clean later */
if(r->Link.pFlags & RTMP_PUB_CLATE)
r->Link.pFlags |= RTMP_PUB_CLEAN;
RTMP_Log(RTMP_LOGERROR, "AUTHENTICATING USER");
if (!RTMP_Connect(r, NULL) || !RTMP_ConnectStream(r, 0))
goto leave;
}
}
Given this is executed a few times before a successful connect I am going to assume I have introduced a leak. If I am in fact using an old patch, could someone point me to the latest. I did not find anything new about this patch in the archives.
steve
More information about the rtmpdump
mailing list