From c0d282ab422d5b2dd07c2cd96f06ba9b49535c6d Mon Sep 17 00:00:00 2001
From: aler9 <46489434+aler9@users.noreply.github.com>
Date: Sat, 31 Oct 2020 13:06:39 +0100
Subject: [PATCH] support special characters in usernames and passwords

---
 conf/pathconf.go          | 20 ++++++++++++--------
 main_test.go              | 13 +++++++------
 testimages/vlc/Dockerfile |  4 ++++
 testimages/vlc/start.sh   |  6 +-----
 4 files changed, 24 insertions(+), 19 deletions(-)

diff --git a/conf/pathconf.go b/conf/pathconf.go
index 9b3a9d14..6affc489 100644
--- a/conf/pathconf.go
+++ b/conf/pathconf.go
@@ -10,6 +10,10 @@ import (
 	"github.com/aler9/gortsplib"
 )
 
+var reUserPass = regexp.MustCompile("^[a-zA-Z0-9!\\$\\(\\)\\*\\+\\.;<=>\\[\\]\\^_\\-\\{\\}]+$")
+
+const userPassSupportedChars = "A-Z,0-9,!,$,(,),*,+,.,;,<,=,>,[,],^,_,-,{,}"
+
 type PathConf struct {
 	Regexp               *regexp.Regexp           `yaml:"-" json:"-"`
 	Source               string                   `yaml:"source"`
@@ -130,14 +134,14 @@ func (pconf *PathConf) fillAndCheck(name string) error {
 	}
 
 	if pconf.PublishUser != "" {
-		if !regexp.MustCompile("^[a-zA-Z0-9]+$").MatchString(pconf.PublishUser) {
-			return fmt.Errorf("publish username must be alphanumeric")
+		if !reUserPass.MatchString(pconf.PublishUser) {
+			return fmt.Errorf("publish username contains unsupported characters (supported are %s)", userPassSupportedChars)
 		}
 	}
 
 	if pconf.PublishPass != "" {
-		if !regexp.MustCompile("^[a-zA-Z0-9]+$").MatchString(pconf.PublishPass) {
-			return fmt.Errorf("publish password must be alphanumeric")
+		if !reUserPass.MatchString(pconf.PublishPass) {
+			return fmt.Errorf("publish password contains unsupported characters (supported are %s)", userPassSupportedChars)
 		}
 	}
 
@@ -156,13 +160,13 @@ func (pconf *PathConf) fillAndCheck(name string) error {
 		return fmt.Errorf("read username and password must be both filled")
 	}
 	if pconf.ReadUser != "" {
-		if !regexp.MustCompile("^[a-zA-Z0-9]+$").MatchString(pconf.ReadUser) {
-			return fmt.Errorf("read username must be alphanumeric")
+		if !reUserPass.MatchString(pconf.ReadUser) {
+			return fmt.Errorf("read username contains unsupported characters (supported are %s)", userPassSupportedChars)
 		}
 	}
 	if pconf.ReadPass != "" {
-		if !regexp.MustCompile("^[a-zA-Z0-9]+$").MatchString(pconf.ReadPass) {
-			return fmt.Errorf("read password must be alphanumeric")
+		if !reUserPass.MatchString(pconf.ReadPass) {
+			return fmt.Errorf("read password contains unsupported characters (supported are %s)", userPassSupportedChars)
 		}
 	}
 	if pconf.ReadUser != "" && pconf.ReadPass == "" || pconf.ReadUser == "" && pconf.ReadPass != "" {
diff --git a/main_test.go b/main_test.go
index 26b2577a..ff029f9e 100644
--- a/main_test.go
+++ b/main_test.go
@@ -440,7 +440,7 @@ func TestAuth(t *testing.T) {
 		p, err := testProgram("paths:\n" +
 			"  all:\n" +
 			"    publishUser: testuser\n" +
-			"    publishPass: testpass\n" +
+			"    publishPass: test!$()*+.;<=>[]^_-{}\n" +
 			"    publishIps: [172.17.0.0/16]\n")
 		require.NoError(t, err)
 		defer p.close()
@@ -454,7 +454,7 @@ func TestAuth(t *testing.T) {
 			"-c", "copy",
 			"-f", "rtsp",
 			"-rtsp_transport", "udp",
-			"rtsp://testuser:testpass@" + ownDockerIp + ":8554/teststream",
+			"rtsp://testuser:test!$()*+.;<=>[]^_-{}@" + ownDockerIp + ":8554/teststream",
 		})
 		require.NoError(t, err)
 		defer cnt1.close()
@@ -483,7 +483,7 @@ func TestAuth(t *testing.T) {
 			p, err := testProgram("paths:\n" +
 				"  all:\n" +
 				"    readUser: testuser\n" +
-				"    readPass: testpass\n" +
+				"    readPass: test!$()*+.;<=>[]^_-{}\n" +
 				"    readIps: [172.17.0.0/16]\n")
 			require.NoError(t, err)
 			defer p.close()
@@ -507,7 +507,7 @@ func TestAuth(t *testing.T) {
 			if soft == "ffmpeg" {
 				cnt2, err := newContainer("ffmpeg", "dest", []string{
 					"-rtsp_transport", "udp",
-					"-i", "rtsp://testuser:testpass@" + ownDockerIp + ":8554/teststream",
+					"-i", "rtsp://testuser:test!$()*+.;<=>[]^_-{}@" + ownDockerIp + ":8554/teststream",
 					"-vframes", "1",
 					"-f", "image2",
 					"-y", "/dev/null",
@@ -519,8 +519,9 @@ func TestAuth(t *testing.T) {
 				require.Equal(t, 0, code)
 
 			} else {
-				cnt2, err := newContainer("vlc", "dest",
-					[]string{"rtsp://testuser:testpass@" + ownDockerIp + ":8554/teststream"})
+				cnt2, err := newContainer("vlc", "dest", []string{
+					"rtsp://testuser:test!$()*+.;<=>[]^_-{}@" + ownDockerIp + ":8554/teststream",
+				})
 				require.NoError(t, err)
 				defer cnt2.close()
 
diff --git a/testimages/vlc/Dockerfile b/testimages/vlc/Dockerfile
index a2fb511c..758e832d 100644
--- a/testimages/vlc/Dockerfile
+++ b/testimages/vlc/Dockerfile
@@ -8,4 +8,8 @@ RUN adduser -D -H -s /bin/sh -u 9337 user
 COPY start.sh /
 RUN chmod +x /start.sh
 
+RUN mkdir /out \
+    && chown user:user /out
+
+USER user
 ENTRYPOINT [ "/start.sh" ]
diff --git a/testimages/vlc/start.sh b/testimages/vlc/start.sh
index 612c343a..d30ec157 100644
--- a/testimages/vlc/start.sh
+++ b/testimages/vlc/start.sh
@@ -1,10 +1,6 @@
 #!/bin/sh -e
 
-mkdir /out
-chown user:user /out
-
-CMD="cvlc --play-and-exit --no-audio --no-video --sout file/ts:/out/stream.ts -vvv $@"
-su - user -c "$CMD" 2>&1 &
+cvlc --play-and-exit --no-audio --no-video --sout file/ts:/out/stream.ts -vvv $@ 2>&1 &
 
 COUNTER=0
 while true; do