Error 401 Unauthorized when using ffmpeg with authorization on version 1.6.0, works fine on 1.4.2

carlo161 commented 3 months ago

Which version are you using?

v1.6.0

Which operating system are you using?

[ ] Linux amd64 standard
[x] Linux amd64 Docker
[ ] Linux arm64 standard
[ ] Linux arm64 Docker
[ ] Linux arm7 standard
[ ] Linux arm7 Docker
[ ] Linux arm6 standard
[ ] Linux arm6 Docker
[ ] Windows amd64 standard
[ ] Windows amd64 Docker (WSL backend)
[ ] macOS amd64 standard
[ ] macOS amd64 Docker
[ ] Other (please describe)

Describe the issue

I am using mediamtx to acquire the data from a USB webcam and make them available via RTSP. With the same configuration files:

pathDefaults:
  readUser: sha256:WxKL6/7ES5Lndtry/HwZhGkWdy+Hyw7deUTqC0k7mpA=
  readPass: sha256:7b1vYRZRne5tsKw9czWjSTlVpQgeWB+05Zie3fVj8ic=

paths:
  cam:
    runOnInit: ffmpeg -f v4l2 -i /dev/video0 -pix_fmt yuv420p -c:v libx264 -preset ultrafast -vf "drawtext=fontfile=/usr/share/fonts/truetype/dejavu/DejaVuSansMono-Bold.ttf:text='%{localtime}':fontcolor=white@0.8:x=5:y=5" -b:v 600k -f rtsp rtsp://localhost:8554/cam
    runOnInitRestart: yes

If I use version 1.4.2 everything works fine and I could read the data with a client, using username and password. I f I use version 1.6.0 the container crashes and signals a 401 error.

Describe how to replicate the issue

start the server
publish with ...
read with ...

Did you attach the server logs?

yes

Logs with version 1.6.0:

2024/04/03 16:23:33 INF MediaMTX v1.6.0
2024/04/03 16:23:33 INF configuration loaded from /mediamtx.yml
2024/04/03 16:23:33 INF [path cam] runOnInit command started
2024/04/03 16:23:33 INF [RTSP] listener opened on :8554 (TCP)
2024/04/03 16:23:33 INF [RTMP] listener opened on :1935
2024/04/03 16:23:33 INF [HLS] listener opened on :8888
2024/04/03 16:23:33 INF [WebRTC] listener opened on :8889 (HTTP), :8189 (ICE/UDP)
2024/04/03 16:23:33 INF [SRT] listener opened on :8890 (UDP)
ffmpeg version 6.1.1 Copyright (c) 2000-2023 the FFmpeg developers
  built with gcc 13.2.1 (Alpine 13.2.1_git20231014) 20231014
  configuration: --prefix=/usr --disable-librtmp --disable-lzma --disable-static --disable-stripping --enable-avfilter --enable-gpl --enable-ladspa --enable-libaom --enable-libass --enable-libbluray --enable-libdav1d --enable-libdrm --enable-libfontconfig --enable-libfreetype --enable-libfribidi --enable-libharfbuzz --enable-libmp3lame --enable-libopenmpt --enable-libopus --enable-libplacebo --enable-libpulse --enable-librav1e --enable-librist --enable-libsoxr --enable-libsrt --enable-libssh --enable-libtheora --enable-libv4l2 --enable-libvidstab --enable-libvorbis --enable-libvpx --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxcb --enable-libxml2 --enable-libxvid --enable-libzimg --enable-libzmq --enable-lto=auto --enable-lv2 --enable-openssl --enable-pic --enable-postproc --enable-pthreads --enable-shared --enable-vaapi --enable-vdpau --enable-version3 --enable-vulkan --optflags=-O3 --enable-libjxl --enable-libsvtav1 --enable-libvpl
  libavutil      58. 29.100 / 58. 29.100
  libavcodec     60. 31.102 / 60. 31.102
  libavformat    60. 16.100 / 60. 16.100
  libavdevice    60.  3.100 / 60.  3.100
  libavfilter     9. 12.100 /  9. 12.100
  libswscale      7.  5.100 /  7.  5.100
  libswresample   5.  0.100 /  5.  0.100
  libpostproc    57.  3.100 / 57.  3.100
Input #0, video4linux2,v4l2, from '/dev/video0':
  Duration: N/A, start: 13366.360656, bitrate: 147456 kb/s
  Stream #0:0: Video: rawvideo (YUY2 / 0x32595559), yuyv422, 640x480, 147456 kb/s, 30 fps, 30 tbr, 1000k tbn
Stream mapping:
  Stream #0:0 -> #0:0 (rawvideo (native) -> h264 (libx264))
Press [q] to stop, [?] for help
[libx264 @ 0x7f4b13fa8900] using cpu capabilities: MMX2 SSE2Fast SSSE3 SSE4.2 AVX FMA3 BMI2 AVX2
[libx264 @ 0x7f4b13fa8900] profile Constrained Baseline, level 3.0, 4:2:0, 8-bit
[libx264 @ 0x7f4b13fa8900] 264 - core 164 - H.264/MPEG-4 AVC codec - Copyleft 2003-2023 - http://www.videolan.org/x264.html - options: cabac=0 ref=1 deblock=0:0:0 analyse=0:0 me=dia subme=0 psy=1 psy_rd=1.00:0.00 mixed_ref=0 me_range=16 chroma_me=1 trellis=0 8x8dct=0 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=0 threads=6 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=0 weightp=0 keyint=250 keyint_min=25 scenecut=0 intra_refresh=0 rc=abr mbtree=0 bitrate=600 ratetol=1.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=0
2024/04/03 16:23:35 INF [RTSP] [conn [::1]:41966] opened
2024/04/03 16:23:35 INF [RTSP] [session 941cf90c] created by [::1]:41966
[rtsp @ 0x7f4b13e30140] method ANNOUNCE failed: 401 Unauthorized
[out#0/rtsp @ 0x7f4b13fa8680] Could not write header (incorrect codec parameters ?): Server returned 401 Unauthorized (authorization failed)
Error while filtering: Server returned 401 Unauthorized (authorization failed)
[out#0/rtsp @ 0x7f4b13fa8680] Nothing was written into output file, because at least one of its streams received no packets.
frame=    0 fps=0.0 q=0.0 Lsize=       0kB time=N/A bitrate=N/A speed=N/A
2024/04/03 16:23:35 INF [RTSP] [conn [::1]:41966] closed: EOF
2024/04/03 16:23:35 INF [RTSP] [session 941cf90c] destroyed: not in use
[libx264 @ 0x7f4b13fa8900] final ratefactor: 28.13
Conversion failed!
2024/04/03 16:23:35 INF [path cam] runOnInit command exited: command exited with code 0
2024/04/03 16:23:36 INF [RTSP] [conn 172.20.0.3:55114] opened
2024/04/03 16:23:36 INF [RTSP] [conn 172.20.0.3:55114] closed: no one is publishing to path 'cam'

Logs with version 1.4.2:

2024/04/03 15:31:32 INF MediaMTX v1.4.2
2024/04/03 15:31:32 INF configuration loaded from /mediamtx.yml
2024/04/03 15:31:32 INF [path cam] runOnInit command started
2024/04/03 15:31:32 INF [RTSP] listener opened on :8554 (TCP)
2024/04/03 15:31:32 INF [RTMP] listener opened on :1935
2024/04/03 15:31:32 INF [HLS] listener opened on :8888
2024/04/03 15:31:32 INF [WebRTC] listener opened on :8889 (HTTP), :8189 (ICE/UDP)
2024/04/03 15:31:32 INF [SRT] listener opened on :8890 (UDP)
ffmpeg version 6.0.1 Copyright (c) 2000-2023 the FFmpeg developers
  built with gcc 12.2.1 (Alpine 12.2.1_git20220924-r10) 20220924
  configuration: --prefix=/usr --disable-librtmp --disable-lzma --disable-static --disable-stripping --enable-avfilter --enable-gnutls --enable-gpl --enable-libaom --enable-libass --enable-libbluray --enable-libdav1d --enable-libdrm --enable-libfontconfig --enable-libfreetype --enable-libfribidi --enable-libmp3lame --enable-libopenmpt --enable-libopus --enable-libplacebo --enable-libpulse --enable-librist --enable-libsoxr --enable-libsrt --enable-libssh --enable-libtheora --enable-libv4l2 --enable-libvidstab --enable-libvorbis --enable-libvpx --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxcb --enable-libxml2 --enable-libxvid --enable-libzimg --enable-libzmq --enable-lto --enable-pic --enable-postproc --enable-pthreads --enable-shared --enable-vaapi --enable-vdpau --enable-vulkan --optflags=-O3 --enable-libjxl --enable-libsvtav1 --enable-libvpl
  libavutil      58.  2.100 / 58.  2.100
  libavcodec     60.  3.100 / 60.  3.100
  libavformat    60.  3.100 / 60.  3.100
  libavdevice    60.  1.100 / 60.  1.100
  libavfilter     9.  3.100 /  9.  3.100
  libswscale      7.  1.100 /  7.  1.100
  libswresample   5.  0.100 /  5.  0.100
  libpostproc    57.  1.100 / 57.  1.100
Input #0, video4linux2,v4l2, from '/dev/video0':
  Duration: N/A, start: 10245.564390, bitrate: 147456 kb/s
  Stream #0:0: Video: rawvideo (YUY2 / 0x32595559), yuyv422, 640x480, 147456 kb/s, 30 fps, 30 tbr, 1000k tbn
Stream mapping:
  Stream #0:0 -> #0:0 (rawvideo (native) -> h264 (libx264))
Press [q] to stop, [?] for help
[libx264 @ 0x7f98bd0a7880] using cpu capabilities: MMX2 SSE2Fast SSSE3 SSE4.2 AVX FMA3 BMI2 AVX2
[libx264 @ 0x7f98bd0a7880] profile Constrained Baseline, level 3.0, 4:2:0, 8-bit
[libx264 @ 0x7f98bd0a7880] 264 - core 164 - H.264/MPEG-4 AVC codec - Copyleft 2003-2022 - http://www.videolan.org/x264.html - options: cabac=0 ref=1 deblock=0:0:0 analyse=0:0 me=dia subme=0 psy=1 psy_rd=1.00:0.00 mixed_ref=0 me_range=16 chroma_me=1 trellis=0 8x8dct=0 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=0 threads=6 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=0 weightp=0 keyint=250 keyint_min=25 scenecut=0 intra_refresh=0 rc=abr mbtree=0 bitrate=600 ratetol=1.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=0
2024/04/03 15:31:34 INF [RTSP] [conn [::1]:38062] opened
2024/04/03 15:31:34 INF [RTSP] [session 61693653] created by [::1]:38062
[rtsp @ 0x7f98bf1df540] method SETUP failed: 461 Unsupported Transport
2024/04/03 15:31:34 INF [RTSP] [session 61693653] is publishing to path 'cam', 1 track (H264)
Output #0, rtsp, to 'rtsp://localhost:8554/cam':
  Metadata:
    encoder         : Lavf60.3.100
  Stream #0:0: Video: h264, yuv420p(tv, progressive), 640x480, q=2-31, 600 kb/s, 30 fps, 90k tbn
    Metadata:
      encoder         : Lavc60.3.100 libx264
    Side data:
      cpb: bitrate max/min/avg: 0/0/600000 buffer size: 0 vbv_delay: N/A
2024/04/03 15:31:35 INF [RTSP] [conn 172.20.0.3:50848] opened
2024/04/03 15:31:35 INF [RTSP] [session 1caedb83] created by 172.20.0.3:50848
2024/04/03 15:31:35 INF [RTSP] [session 1caedb83] is reading from path 'cam', with TCP, 1 track (H264)
2024/04/03 15:31:49 INF [RTSP] [conn 172.20.0.3:42892] opened
2024/04/03 15:31:49 INF [RTSP] [session 1d65144f] created by 172.20.0.3:42892
2024/04/03 15:31:49 INF [RTSP] [session 1d65144f] is reading from path 'cam', with TCP, 1 track (H264)
2024/04/03 15:31:56 INF [RTSP] [session 1d65144f] destroyed: torn down by 172.20.0.3:42892
2024/04/03 15:31:56 INF [RTSP] [conn 172.20.0.3:42892] closed: EOF
[vost#0:0/libx264 @ 0x7f98bd0df8c0] More than 1000 frames duplicated=991 drop=0 speed=1.04x
[vost#0:0/libx264 @ 0x7f98bd0df8c0] More than 10000 frames duplicated10000 drop=0 speed=   1x

Did you attach a network dump?

no

timerlan commented 2 months ago

I have same problem. In version 1.5.1 working correctly.

geeuk commented 2 months ago

Thank you @timerlan I had revert to 1.5.1..

aler9 commented 2 months ago

Hello, readUser and readPass were deprecated in v1.6.0, now there's a global authentication system that you can tune by editing the authInternalUsers key in the configuration.

More informations are in the configuration file.

carlo161 commented 2 months ago

Hello, thanks @aler9, I tried to configure it but I cannot authenticate, my settings are:

authInternalUsers:
- user: any
  pass:
  permissions:
  - action: publish
- user: carlo
  pass: carlo
  permissions:
  - action: read

I can publish but every read attempt failed. I also tried with sha256 with the same outcome.

aler9 commented 2 months ago

@carlo161 after some investigation with the configuration you provided, it turned out that when ips is not set explicitly, the default value from the default configuration is loaded, which in case of your second entry is 127.0.0.1, and this prevents access to any machine other than localhost.

This is fixed by https://github.com/bluenviron/mediamtx/pull/3316.

In the meanwhile you can fix your issue by using explicit ips in the configuration:

authInternalUsers:
- user: any
  pass:
  ips: []
  permissions:
  - action: publish
- user: carlo
  pass: carlo
  ips: []
  permissions:
  - action: read

Next time open a dedicated issue.

carlo161 commented 2 months ago

Thanks, I installed version 1.8.1 with the https://github.com/bluenviron/mediamtx/pull/3316 and I specify explicitly the ips in the yaml file.

bluenviron / mediamtx