From: Daniel Stenberg Date: Tue, 8 Nov 2022 14:34:12 +0000 (+0100) Subject: rtsp: fix RTSP auth X-Git-Tag: curl-7_87_0~184 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2bc04d4980b0fa929b511fb35e41c42e16d44438;p=thirdparty%2Fcurl.git rtsp: fix RTSP auth Verified with test 3100 Fixes #4750 Closes #9870 --- diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS index 6180a57152..2f8e7e49b5 100644 --- a/docs/KNOWN_BUGS +++ b/docs/KNOWN_BUGS @@ -67,7 +67,6 @@ problems may have been fixed or changed somewhat since this was written. 6.5 NTLM does not support password with § character 6.6 libcurl can fail to try alternatives with --proxy-any 6.7 Do not clear digest for single realm - 6.8 RTSP authentication breaks without redirect support 6.9 SHA-256 digest not supported in Windows SSPI builds 6.10 curl never completes Negotiate over HTTP 6.11 Negotiate on Windows fails @@ -564,15 +563,6 @@ problems may have been fixed or changed somewhat since this was written. https://github.com/curl/curl/issues/3267 -6.8 RTSP authentication breaks without redirect support - - RTSP authentication broke in 7.66.0. A work-around is to enable RTSP in - CURLOPT_REDIR_PROTOCOLS. Authentication should however not be considered an - actual redirect so a "proper" fix needs to be different and not require users - to allow redirects to RTSP to work. - - See https://github.com/curl/curl/pull/4750 - 6.9 SHA-256 digest not supported in Windows SSPI builds Windows builds of curl that have SSPI enabled use the native Windows API calls diff --git a/lib/http.c b/lib/http.c index 6037b1737e..f5ccda8f67 100644 --- a/lib/http.c +++ b/lib/http.c @@ -696,6 +696,15 @@ CURLcode Curl_http_auth_act(struct Curl_easy *data) data->req.newurl = strdup(data->state.url); /* clone URL */ if(!data->req.newurl) return CURLE_OUT_OF_MEMORY; +#ifndef CURL_DISABLE_RTSP + /* + * Authentication is treated as a redirect in Curl_follow(), so if this is + * done using RTSP we make it allow these "redirects" to RTSP (only). A + * safe assumption as no other redirects should happen from RTSP. + */ + if(conn->handler->protocol & CURLPROTO_RTSP) + data->set.redir_protocols = CURLPROTO_RTSP; +#endif } else if((data->req.httpcode < 300) && (!data->state.authhost.done) && diff --git a/lib/rtsp.c b/lib/rtsp.c index 700479f29f..e32756fd87 100644 --- a/lib/rtsp.c +++ b/lib/rtsp.c @@ -267,6 +267,19 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) rtsp->CSeq_sent = data->state.rtsp_next_client_CSeq; rtsp->CSeq_recv = 0; + /* Setup the first_* fields to allow auth details get sent + to this origin */ + + /* Free to avoid leaking memory on multiple requests */ + free(data->state.first_host); + + data->state.first_host = strdup(conn->host.name); + if(!data->state.first_host) + return CURLE_OUT_OF_MEMORY; + + data->state.first_remote_port = conn->remote_port; + data->state.first_remote_protocol = conn->handler->protocol; + /* Setup the 'p_request' pointer to the proper p_request string * Since all RTSP requests are included here, there is no need to * support custom requests like HTTP.