[Live-devel] RTSP server extending

[Gustaf Räntilä]

Igor Bukanov wrote:
> On 24/04/07, Gustaf Räntilä <opera at kth.se> wrote:
>   
>> Igor Bukanov wrote:
>>     
>>> The question: is client supposed to call DESCRIBE before calling any
>>> other commands within the same TCP session? If so the authentication
>>> bug is that the RTSPServer.cpp does not check for that.
>>>
>>>       
>> What? I just wrote, that it's not enough to trust that clients won't
>> send PLAY after an "unauthorized" DESCRIBE. That's why I fixed it in the
>> patch also. And obviously some clients _don't_ give a wuzz about
>> DESCRIBE at all, so putting any trust in that is nuts. In my patch, the
>> authorization function (with my session callback, or with the current
>> user/pass class) is called from the other (critical) command functions.
>>     
>
> Right, one really needs to check for allowed ip address before
> starting a session as your patch is doing. The only problem with the
> patch is that incomingConnectionHandler1 needs to close the
> clientSocket when sessionAccept fails.
>
> Regards, Igor
>   

Correct. I used to have function pointers as callbacks, so my patch was 
rewritten (into virtual functions) and this got lost. A close() is 
needed as you say. I'm sorry for this.

But Ross is satisfied with your solution, even though you can't track 
connections, what they're doing, when they're disconnecting, or 
disallowing a client to "PLAY" (which at least I consider pretty 
serious), and controlling authorization for individual resources and 
commands.
I have what I need, and I shared it here. Hopefully more people than me 
and Vlad will find it useful.

Cheers,
Gustaf