Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

/admin/listclients with URL authentication returns 403 Forbidden Mountpoint in use #430

Open
TheRealMattLear opened this issue Aug 11, 2023 · 0 comments · May be fixed by #431
Open

/admin/listclients with URL authentication returns 403 Forbidden Mountpoint in use #430

TheRealMattLear opened this issue Aug 11, 2023 · 0 comments · May be fixed by #431

Comments

@TheRealMattLear
Copy link

Normally the /admin/listclients?mountpoint=/stream URL is accessible by authenticating with the <source-password> (when not using Mountpoint Authentication. However when specifying <authentication type="url"> with the stream_auth option the end-point returns 403 Forbidden with "Mountpoint in use".

A similar issue has been created 3 years ago at xiph.org and i've logged an issue directly at Icecast-Server GH.

This end-point is specifically used by RadioCaster (possibly other encoders) to present the listeners on the connected mount.

In our testing:

  • The header icecast-auth-user: 1 is purposely always returned regardless of provided username/password
  • Source client encoder connects and broadcasts successfully
  • Authentication with is always successful, even when returning icecast-auth-user: 0
  • On connect to /admin/listclients we can see through nginx logs and wireshark that the endpoint is being hit successfully and the correct header being sent back to icecast service

Example configuration where "Mountpoint in use" error is presented (auth.php always returning header icecast-auth-user: 1), even if using authentication of source:source-password

<icecast>
    <limits>
        ...
    </limits>

    <authentication>
        <source-password>source-password</source-password>
        <admin-user>admin</admin-user>
        <admin-password>admin-password</admin-password>
    </authentication>
    <mount>
      <mount-name>/stream</mount-name>
      <charset>UTF-8</charset>
      <bitrate>128</bitrate>
      <authentication type="url">
        <option name="stream_auth" value="http://localhost/auth.php"/>
      </authentication>
    </mount>
    ...
</icecast>

Example configuration that works successfully with source:source-password

<icecast>
    <limits>
        ...
    </limits>

    <authentication>
        <source-password>source-password</source-password>
        <admin-user>admin</admin-user>
        <admin-password>admin-password</admin-password>
    </authentication>
    <mount>
      <mount-name>/stream</mount-name>
      <charset>UTF-8</charset>
      <bitrate>128</bitrate>
    </mount>
    ...
</icecast>
TheRealMattLear added a commit to TheRealMattLear/icecast-kh that referenced this issue Aug 12, 2023
@TheRealMattLear
Fixes karlheyes#430 /admin/listclients with URL auth
305b847 
Normally the /admin/listclients?mountpoint=/stream URL is accessible by authenticating with the <source-password> (when not using Mountpoint Authentication. However when specifying <authentication type="url"> with the stream_auth option the end-point returns 403 Forbidden with "Mountpoint in use".

This PR correctly detects /admin/listclients as a source admin request and fixes karlheyes#430
@TheRealMattLear TheRealMattLear linked a pull request Aug 12, 2023 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes #430 /admin/listclients with URL auth TheRealMattLear/icecast-kh
1 participant
@TheRealMattLear