readUser: and readPass: being ignored?

[xevg]

Which version are you using?

v1.0.0

Which operating system are you using?

• [ ] Linux amd64 standard
• [ ] Linux amd64 Docker
• [ ] Linux arm64 standard
• [ ] Linux arm64 Docker
• [ ] Linux arm7 standard
• [ ] Linux arm7 Docker
• [ ] Linux arm6 standard
• [ ] Linux arm6 Docker
• [ ] Windows amd64 standard
• [ ] Windows amd64 Docker (WSL backend)
• [x] macOS amd64 standard
• [ ] macOS amd64 Docker
• [ ] Other (please describe)

Describe the issue

I have the mediamtx.yml file configured with:

paths:
  all:
    # Username required to read.
    # SHA256-hashed values can be inserted with the "sha256:" prefix.
    readUser: admin
    # password required to read.
    # SHA256-hashed values can be inserted with the "sha256:" prefix.
    readPass: testpassword

However whether I connect with no username/password, or a different one, it still lets me read the stream. Am I doing something wrong in the configuration, or is there some reason it is ignoring that?

Describe how to replicate the issue

mediamtx_config.txt

1. start the server
2. publish with the attached file, which connects to google to stream a nest camera
3. read with SecuritySpy
4. Configure the reader to not use a password, or use an arbitrary password that doesn't match the password in the configuration file
5. It is able to read the stream, even though the password is non-existent or incorrect.

Did you attach the server logs?

mediamtx.log

yes

Did you attach a network dump?

No

yes / no

[aler9]

Hello, the configuration file says:

Settings under the path "all" are applied to all paths that do not match another entry.

You're reading streams from a series of paths that don't correspond to "all" but have their specific settings.

Add readUser and readPass to each path configuration:

paths:
  all:
    readUser: admin
    readPass: hybha8-sYxzes-hakzup

    source: publisher

    # IPs or networks (x.x.x.x/24) allowed to read.
    readIPs: []

    sourceProtocol: automatic
    # support sources that don't provide server ports or use random server ports. This is a security issue
    # and must be used only when interacting with sources that require it.
    sourceAnyPortEnable: no

    ###############################################
    # Redirect path parameters (when source is "redirect")

    # RTSP URL which clients will be redirected to.
    sourceRedirect:

# NEST EDITS BELOW -- DO NOT EDIT THIS LINE OR BELOW

  150DiningRoom:
    source: rtsps://stream-us1-charlie.dropcam.com:443/sdm_live_stream/CiUA2vuxrwjU7R90NdcIB1tehdeKyLvC45UzjLADGVm0JcMKpemVEnEAEGF6ShNYopX0xR_AJfKXEH4bkDZcj3D3xeVNj4tJ8fyMZlCdyNHQOB60XyJAjTHFL5fNRMYwhx5z1CrxD8GjXeOZ9XVMe7fzJERolE3rITphF6zupJsphWbL_d2lvu5kGJ7DQyNB5dcwpSRodtksnw?auth=g.0.eyJraWQiOiIyMzhiNTUxZmMyM2EyM2Y4M2E2ZTE3MmJjZTg0YmU3ZjgxMzAzMmM4IiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJuZXN0LXNlY3VyaXR5LWF1dGhwcm94eSIsInN1YiI6Im5lc3RfaWQ6bmVzdC1waG9lbml4LXByb2Q6MTQxNDQwMSIsInBvbCI6IjNwLW9hdXRoLXNjb3BlLUFQSV9TRE1fU0VSVklDRS1jbGllbnQtMTA2NTg1OTY0NjQyNC1scG9mbWVkZDRqNm5lYzVwbW1tZ2dzM2R2MjNzcWN0OS5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsImV4cCI6MTY5MTg2MjIyN30.dzh6ToaztV3D4w1Skk-pb8N9g8MNJrXGEybdPsmXVHDXhcZEes5dOiW7avs3vbdPDqmYUWXlLTwquCLHJNCyIwnCVc86c8PQsqBIfvLASy1YvFk7_ftmei58pKCaxWZqM5fdgqXcV_Zglupz8MZ0BzGNoPJX7hArwoL8aunhc8SwGXwUc6p_VzHGZ3VlZ7tsCTfnGvjLAalLcxmIx8TCplWlQCQj3XIGtYRbq5tnsvy1Vj8TvLuTV3WgzhVwjZoT7kByzrOkEXhshN5WMtbrD7YsDnN1mNNuxf9PMWgR4Jp_uVCY3OFZGQCaWkaaBgSk-FDSPpYqvpYskxt-2JLHZA
    readUser: admin
    readPass: hybha8-sYxzes-hakzup

  150Kitchen:
    source: rtsps://stream-ue1-bravo.dropcam.com:443/sdm_live_stream/CiUA2vuxr5pXcNyd-ulHS7iOHj9QciXaiVWcqsnit5vDlfJYqScpEnEAEGF6Ss_fzM2jySVo8I9XnlimKOHeQL5uufaEm6O-qo6XX2G1tAMTq9yQaE069CddXvzFp0zEzWl_qmS7k0kfr1Cm8BQliTQs-JPj0eRtSfOlNWLLqScqvH5ZVzLTLVmsXsDmHfw-Q7-vTHYID4HDSg?auth=g.0.eyJraWQiOiIyMzhiNTUxZmMyM2EyM2Y4M2E2ZTE3MmJjZTg0YmU3ZjgxMzAzMmM4IiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJuZXN0LXNlY3VyaXR5LWF1dGhwcm94eSIsInN1YiI6Im5lc3RfaWQ6bmVzdC1waG9lbml4LXByb2Q6MTQxNDQwMSIsInBvbCI6IjNwLW9hdXRoLXNjb3BlLUFQSV9TRE1fU0VSVklDRS1jbGllbnQtMTA2NTg1OTY0NjQyNC1scG9mbWVkZDRqNm5lYzVwbW1tZ2dzM2R2MjNzcWN0OS5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsImV4cCI6MTY5MTg2MjIyMH0.i_Mz6vh7J5_7q1Er3SVr84g990LDfd3ao_mQHT8jS3SMFivRPpk8O7qIIAt14Qaku8vbPCs727auLAePtHy2SyrtpwVsOheWr62LoolrTLJOFMueVOM7uVPJp-3hPG2hCRQfpmB4go6QhVlzxAsgqzeekMSK98_VLELa2bJUqYzeDWsieirOSBEuiMTdiczSiP4ctQN9P6EXQPnjm-D9KLiFPGjsqtNg8c7NLLnsGerSMNzjjjE6RJxM3FdKj59FQiAiUuqwc3QCBhdA86l1cWIej-Eh_UxHqyUMUNr9f1LKux3kxHdCh_d36nDL6xwl-Snw0sFZtJGWRJSfs7-aow
    readUser: admin
    readPass: hybha8-sYxzes-hakzup

...

[github-actions[bot]]

This issue is being locked automatically because it has been closed for more than 6 months. Please open a new issue in case you encounter a similar problem.