Mailing Lists: Apple Mailing Lists
 Image of Mac OS face in stamp
Re: Problem with Digest Authentication in DSS 4.0
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problem with Digest Authentication in DSS 4.0

At 11:06 AM 5/24/02, Mythili Devineni wrote:
The server doesn't keep the RTSPSession around once an error was sent back in the RTSP response. There is no need for it to keep the first RTSPSession around when it gets the second RTSP request (this time with the authentication headers).

A consequence of this, however, is that - as I noted in my previous message - the 'nonce' in the second ANNOUNCE request gets flagged as 'stale', even though it's the same as the one that was sent in the first request. (So this is one situation in which it would have been useful to keep around the state of the first request.) Because of this, at the end of "RTSPSession::CheckAuthentication()", "qtssUserName" gets set to NULL, which later causes authentication to fail - as I explain in more detail below.

Your qtaccess file is set up incorrectly. The limit end tag is </Limit>, and not </Limit READ> or </Limit WRITE> 

OK, thanks.  However, if I change the "qtaccess" file to
<Limit WRITE>
        require valid-user
</Limit>
require valid-user

I find that authentication still fails. Here's what is happening (I know this for a fact, by debugging the running DSS code):

When processing the second ANNOUNCE request, "RTSPSession::CheckAuthentication()" gets called. In this routine (as I noted in my previous message), the line
fRequest->SetStale(true);
gets executed. Later, because of this, the test
if((!authenticated) || (authenticated && (fRequest->GetStale()))) {
succeeds, and so the statement
(void)profile->SetValue(qtssUserName, 0, sEmptyStr.Ptr, sEmptyStr.Len, QTSSDictionary::kDontObeyReadOnly);
gets executed.

Later (still while processing the second ANNOUNCE request), "QTAccessFile::AuthorizeRequest()" gets called. This routine sets the "username" variable by doing:
char* username = QTSSModuleUtils::GetUserName_Copy(theUserProfile);
This sets "username" to NULL. Later, "QTAccessFile::AccessAllowed()" is called, with a "userName" parameter of NULL.

Because of this, the following test - done while processing the "require valid-user" line - does not succeed:
if (haveUserName && word.Equal("valid-user") )
{ return true;
}
and so "QTAccessFile::AccessAllowed()" eventually returns false.


Digest authentication works in DSS 4.0. 

Not in this case.

        Ross.
_______________________________________________
streaming-server-developers mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/streaming-server-developers
Do not post admin requests to the list. They will be ignored.
References: 
 >Problem with Digest Authentication in DSS 4.0 (From: Ross Finlayson <email@hidden>)
 >Re: Problem with Digest Authentication in DSS 4.0 (From: Mythili Devineni <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.