[Icecast] Send admin kill request to server

Philipp Schafft phschafft at de.loewenfelsen.net
Mon Feb 27 10:14:32 UTC 2023 

Good morning,

On Mon, 2023-02-27 at 10:50 +0100, HGAlt wrote:
> Good Morning Philipp,
> 
> I think it is not that simple, that you maybe believe.
> In the standard, you are mentioned, are described the possibilities,
> which are possible.
> 
> The Icecast documentation should define, which one is implemented by
> the Icecast server und this part is missing.

Why? Icecast is a HTTP server. It speaks HTTP.

What you ask for is like having a contract with your energy provider
that tells you that they will only ever allow one specific type of
lightbulb. Never ever will they do anything but this type. Even if that
type at some point becomes unavailable.

This is the same kind of thing. HTTP specifies how negotiation of many
of it's options work (not just auth related options). And it does that
for good reasons. Often those reasons are discussed in the standards.
(Everyone have a look! Reading those parts can be very fun and
educational :)

Also there is completely no need: Your HTTP implementation will negotia
te with the server and they will find a common set of options that
works for them. As a user of the HTTP implementation you don't need nor
should worry about that. This is why you use such an implementation in
the first place: it abstracts those protocols and standards to some API
for you.

So if you want to pass username+password, then pass that to your
library and it will do the rest for you automagically. If you want to
use something else then do that via the API.

If the server is configured to let you access with a specific
username+password combination than it will do that. How it does it,
really doesn't nor shouldn't matter to you. You just pass those to the
implementation and that's it.


With best regards,

> -----Ursprüngliche Nachricht-----
> Von: Icecast [mailto:icecast-bounces at xiph.org] Im Auftrag von Philipp
> Schafft
> Gesendet: Freitag, 24. Februar 2023 14:48
> An: Icecast streaming server user discussions
> Betreff: Re: [Icecast] Send admin kill request to server
> 
> Good morning,
> 
> On Fri, 2023-02-24 at 13:40 +0100, HGAlt wrote:
> > Good Morning Philipp,
> > 
> > that make be a good point.
> > But it would be very helpful, if in the Icecast documentation would
> > be
> > very clear defined, which kind of authorization is required for
> > which
> > server version.
> > 
> > At least, I could not find anything!
> 
> it's very simple: Icecast is a HTTP server so the HTTP authentication
> as defined in the relevant standards applies (this includes TLS if
> TLS is used). Everything else are just options and variants of that
> and your HTTP library will happily handle that for you.
> 
> See e.g. RFC 9110 Section 11.
> 
> 
> Beside that it is hard to make a list of used sub options, if we
> would make a list that would only invite people to implement things
> against implementations not against the standard. A practice that has
> been proven problematic many times in the past. And there is really
> no need as all good HTTP libs do implement that for you.
> 
> 
> With best regards,
> 
> > -----Ursprüngliche Nachricht-----
> > Von: Icecast [mailto:icecast-bounces at xiph.org] Im Auftrag von
> > Philipp
> > Schafft
> > Gesendet: Samstag, 18. Februar 2023 20:53
> > An: Icecast streaming server user discussions
> > Betreff: Re: [Icecast] Send admin kill request to server
> > 
> > Good afternoon,
> > 
> > On Sat, 2023-02-18 at 13:23 +0100, HGAlt wrote:
> > > Hi everybody,
> > > 
> > > finally I found a solution!
> > > 
> > > First, Icecast requires a Basic Authorization, which has to
> > > provide
> > > via a header.
> > 
> > This is not fully correct. It depends on the configuration and may
> > change with different versions of the server.
> > 
> > An important note here, and to be honest the main reason why I
> > answer:
> > NEVER EVER just append a random Authorization:-header without
> > implementing all of the HTTP authorisation mechanism. If you do so
> > you
> > basically are broadcasting cleartext passwords to random peers, and
> > are likely to get in trouble with changes of software versions or
> > configurations. It is a big no-go. Always use the mechanism as
> > provided by your HTTP implementieren.
> > 
> > Please see the relevant standards for a full discussion on how and
> > why
> > this breaks security and interoperability.
> > 
> > 
> > > But this can’t be done via JavaScript or JQuery, due the security
> > > features of the browsers.
> > > For more detail information see
> > > https://stackoverflow.com/questions/75463305/difference-basic-author
> > > iz
> > > ation-between-postman-and-jquery-ajax/75493285#75493285
> > > .
> > 
> > If you adhere to CORS it works fine for me. A simple XHR request
> > with
> > credentials passed via open() worked.
> > 
> > Naturally you are bound to CORS. Icecast can announce any kind of
> > CORS
> > settings via it's config.
> > 
> > XHR also allows you direct access to the response Icecast gives you
> > as
> > it provides you with the response's DOM. So you can directly check
> > the
> > result. :)
> > 
> > 
> > With best regards,
> > 
> > > Von: Icecast [mailto:icecast-bounces at xiph.org] Im Auftrag von
> > > HGAlt
> > > Gesendet: Donnerstag, 16. Februar 2023 15:49
> > > An: 'Icecast streaming server user discussions'
> > > Betreff: Re: [Icecast] Send admin kill request to server
> > > 
> > > Hi Fred,
> > > 
> > > I am understand the requirements already a little bit better.
> > > 
> > > What I have to Do is a HTTP GET with a Basic Authorization in the
> > > header. I have tested it with ‘Postman’ and it works fine with
> > > Icecast.
> > > But I have to do it with Javascript or JQuery. Therefore curl
> > > doesn’t help me.
> > > 
> > > I try to use Ajax for that, but something goes wrong.
> > > If I do it without Autorization, I got a return message which
> > > says
> > > 'Authentication required'.
> > > If I enable the Autorization it tells me only readyState: 0.
> > > 
> > > If I will find a solution, I will post it here.
> > > 
> > > Cheers
> > > 
> > > Von: Icecast [mailto:icecast-bounces at xiph.org] Im Auftrag von
> > > Fred
> > > Gleason
> > > Gesendet: Mittwoch, 15. Februar 2023 16:57
> > > An: Icecast streaming server user discussions
> > > Betreff: Re: [Icecast] Send admin kill request to server
> > > 
> > > On Feb 14, 2023, at 13:24, HGAlt <hgalt at gmx.net> wrote:
> > > 
> > > > I am a little bit confused!
> > > > 
> > > > http://192.168.1.10:8000/admin/killclient?mount=/mystream.ogg&id=2
> > > > 1
> > > > 
> > > > This is an example of the Icecast documentation for kill a
> > > > client.
> > > > And this is a HTTP GET, which is send to the Icecast server.
> > > > You also wrote, that there are no user and pass for an API.
> > > > 
> > > > What I have to know, what does the Icecast server expect?
> > > > If there is no user and pass, how the server knows, that is a
> > > > valid request.
> > > 
> > > You should be able to send this with proper HTTP authentication
> > > parameters by using CURL. Something like:
> > > 
> > >             curl -u admin:hackme
> > > http://192.168.1.10:8000/admin/killclient?mount=/mystream.ogg&id=21
> > > 
> > > This is different from encoding the parameters as if they were
> > > part
> > > of an HTML form.


-- 
Philipp Schafft (CEO/Geschäftsführer)
Telephone:           +49.3535 490 17 92
Website:             https://www.loewenfelsen.net/
Follow us:           https://www.linkedin.com/company/loewenfelsen/
Geschäftsführer/CEO: Philipp Schafft

Löwenfelsen UG (haftungsbeschränkt)     Registration number:
Bickinger Straße 21                     HRB 12308 CB
04916 Herzberg (Elster)                 VATIN/USt-ID:
Germany                                 DE305133015
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20230227/2cc2d585/attachment.sig>

More information about the Icecast mailing list