1362
Comment:
|
2829
|
Deletions are marked like this. | Additions are marked like this. |
Line 3: | Line 3: |
---- ''Background info, not necessary for testing:<<BR>> |
|
Line 4: | Line 6: |
When summa requests to play a file, they send two parameters 1. rmtp://iapetus/doms?skldfhskdfhdskjhfgskd 2. flv:filename.flv Now, the doms plugins decode the right filename from 1, but if the doms plugin is not on the classpath, the execution just contiues onto the flvplayer. The flv player just reads the value of 2, and attempts to play it. If it is configured to request files from the correct folder, it will play. The simple workaround is to have the wowza config point to a wrong folder (so that flvplayer cannot play on it's own) but to have the domsplugins be able to decode the correct location of the video file. Thus, the video should not be played unless the domsplugin is actually run.'' ---- |
|
Line 5: | Line 12: |
When summa requests to play a file, they send to parameters | 1. Find a shard pid of a recording that has already been trancoded. 1. Open a simple-flash-player (that came with Wowza). 1. {{{POST http://alhena:7980/authchecker/issueTicket?username=172.18.243.211&url=http://www.statsbiblioteket.dk/doms/shard/uuid:f39fa734-f78b-412a-aa81-23e08e18e1af }}} 1. Enter in the simple-flash-player (first field) : {{{rmtp://iapetus:<PORTNUMBER>/doms?shard=http://www.statsbiblioteket.dk/doms/shard/<INSERT_UUID_HERE>&ticket=<INSERT_TICKET_HERE>}}} 1. Enter in the simple-flash-player (second field) : {{{flv:<INSERT_UUID_HERE>.flv}}} 1. Verify that the video is played. 1. Go into the {{{services/doms_wowza_vhost}}} folder of {{{iapetus}}} 1. {{{mv applications/lib .}}} 1. Restart wowza Now 1. Open a simple-flash-player (that came with Wowza). 1. {{{POST http://alhena:7980/authchecker/issueTicket?username=172.18.243.211&url=http://www.statsbiblioteket.dk/doms/shard/uuid:f39fa734-f78b-412a-aa81-23e08e18e1af }}} 1. Enter in the simple-flash-player (first field) : {{{rmtp://iapetus:<PORTNUMBER>/doms?shard=http://www.statsbiblioteket.dk/doms/shard/<INSERT_UUID_HERE>&ticket=<INSERT_TICKET_HERE>}}} 1. Enter in the simple-flash-player (second field) : {{{flv:<INSERT_UUID_HERE>.flv}}} 1. You should get "unable to find stream" error or something similar. |
Line 7: | Line 28: |
1. rmtp://iapetus/doms?skldfhskdfhdskjhfgskd 2. flv:filename.flv |
|
Line 10: | Line 29: |
Now, the doms plugins decode the right filename from 1, but if the doms plugin is not on the classpath, the execution just contiues onto the flvplayer. The flv player just reads the value of 2, and attempts to play it. If it is configured to request files from the correct folder, it will play. The simple workaround is to have the wowza config point to a wrong folder (so that flvplayer cannot play on it's own) but to have the domsplugin be able to decode the correct location of the video file. Thus, the video should not be played unless the domsplugin is actually run. To test this, ensure that you have a test environment as identical as possible to stage. 1. Access the doms search interface, that is configured to use the test instance of wowza 1. Attempt to play a video 1. The video should play 1. go into the services/doms_wowza_vhost folder 1. mv applications/lib . 1. restart wowza 1. Access the doms search interface, that is configured to use the test instance of wowza 1. Attempt to play a video 1. You should get "unable to find stream" error or something similar. |
## Older way to test this: ## ## To test this, ensure that you have a test environment as identical as possible to stage. ## ## 1. Access the doms search interface, that is configured to use the test instance of wowza ## 1. Attempt to play a video ## 1. The video should play ## 1. go into the services/doms_wowza_vhost folder ## 1. mv applications/lib . ## 1. restart wowza ## 1. Access the doms search interface, that is configured to use the test instance of wowza ## 1. Attempt to play a video ## 1. You should get "unable to find stream" error or something similar. ## |
Radio TV Stage Test Wowza Backdoor
Background info, not necessary for testing: Now, the doms plugins decode the right filename from 1, but if the doms plugin is not on the classpath, the execution just contiues onto the flvplayer. The flv player just reads the value of 2, and attempts to play it. If it is configured to request files from the correct folder, it will play. The simple workaround is to have the wowza config point to a wrong folder (so that flvplayer cannot play on it's own) but to have the domsplugins be able to decode the correct location of the video file. Thus, the video should not be played unless the domsplugin is actually run.
We discovered an unfortunate backdoor in the wowza plugin. The problem goes as follows When summa requests to play a file, they send two parameters
- Find a shard pid of a recording that has already been trancoded.
- Open a simple-flash-player (that came with Wowza).
POST http://alhena:7980/authchecker/issueTicket?username=172.18.243.211&url=http://www.statsbiblioteket.dk/doms/shard/uuid:f39fa734-f78b-412a-aa81-23e08e18e1af
Enter in the simple-flash-player (first field) : rmtp://iapetus:<PORTNUMBER>/doms?shard=http://www.statsbiblioteket.dk/doms/shard/<INSERT_UUID_HERE>&ticket=<INSERT_TICKET_HERE>
Enter in the simple-flash-player (second field) : flv:<INSERT_UUID_HERE>.flv
- Verify that the video is played.
Go into the services/doms_wowza_vhost folder of iapetus
mv applications/lib .
- Restart wowza
Now
- Open a simple-flash-player (that came with Wowza).
POST http://alhena:7980/authchecker/issueTicket?username=172.18.243.211&url=http://www.statsbiblioteket.dk/doms/shard/uuid:f39fa734-f78b-412a-aa81-23e08e18e1af
Enter in the simple-flash-player (first field) : rmtp://iapetus:<PORTNUMBER>/doms?shard=http://www.statsbiblioteket.dk/doms/shard/<INSERT_UUID_HERE>&ticket=<INSERT_TICKET_HERE>
Enter in the simple-flash-player (second field) : flv:<INSERT_UUID_HERE>.flv
- You should get "unable to find stream" error or something similar.