On Fri, 21 Nov 2014, "Thomas B. R?cker" wrote:> On 11/21/2014 02:21 PM, Geoff Shang wrote: >> I would like to request that this be configurable somehow. I agree >> that this is undesirable under most circumstances, but there are >> situations where this is required. > > It has been requested before and the answer is still the same, we have > it on our radar and it will happen in the future. If someone wants to > make sure it's in the $next_release, then possible avenues are: > - sending a patch (after discussing how to approach this, see below) > - sponsoring development of a patch (I'd expect this to be in the 0.5-2h > range)How much money would be needed??> I'm partial to KISS and just put a big switch in (option 1). > Just to be clear, *anyone* with mountpoint credentials is then able to > mess with metadata from anywhere... We disabled this completely for a > good reason (leaving it open to the administrator account).Oh I didn't realise the admin account could override this. This makes it less pressing, though still nice to have. Geoff.
flum, developer here :) On Fri, 2014-11-21 at 17:06 +0200, Geoff Shang wrote:> On Fri, 21 Nov 2014, "Thomas B. R?cker" wrote: > > > On 11/21/2014 02:21 PM, Geoff Shang wrote: > >> I would like to request that this be configurable somehow. I agree > >> that this is undesirable under most circumstances, but there are > >> situations where this is required. > > > > It has been requested before and the answer is still the same, we have > > it on our radar and it will happen in the future. If someone wants to > > make sure it's in the $next_release, then possible avenues are: > > - sending a patch (after discussing how to approach this, see below) > > - sponsoring development of a patch (I'd expect this to be in the 0.5-2h > > range) > > How much money would be needed??I talked with Mr. R?cker about this one. We are going to have some other changes in the auth code soon^TM. This may be related. So we aren't exactly sure how your request fits in best. So best delay that question to when I know what to do.> > I'm partial to KISS and just put a big switch in (option 1). > > Just to be clear, *anyone* with mountpoint credentials is then able to > > mess with metadata from anywhere... We disabled this completely for a > > good reason (leaving it open to the administrator account). > > Oh I didn't realise the admin account could override this. This makes it > less pressing, though still nice to have.What is your schedule? How fast do you need it? Could we target a fix for in about a week? Also: would it be ok for you to have a global user that is allowed to do that or does it need to be the source user or does it need to be any source user (anyone allowed to stream to that mountpoint)? That is a very important question to answer the above! Thank you and have a good evening! -- Philipp. (Rah of PH2) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part Url : http://lists.xiph.org/pipermail/icecast/attachments/20141121/6dcb0d0b/attachment.pgp
On Fri, 21 Nov 2014, Philipp Schafft wrote:> What is your schedule? How fast do you need it? Could we target a fix > for in about a week?Sorry, I didn't mean to cause a panic. I don't have an immediate need for this feature. I know others do, or at least might, and have always felt this should be configurable ever since it was first implemented. I've never run an affected version in production so it has never affected me, but with the recent security fixes making me think about it and the metadata thing having been mentioned a few times lately, I finally spoke up. Geoff.
reflum, On Mon, 2014-12-01 at 22:28 +0000, Dean Sauer wrote:> On Fri, 21 Nov 2014 15:59:42 +0000, Philipp Schafft wrote: > > > Also: would it be ok for you to have a global user that is allowed to do > > that or does it need to be the source user or does it need to be any > > source user (anyone allowed to stream to that mountpoint)? > > Since I am likely the source case of this request... > > A global user, other than the existing one setup for sources?? > > NO. I don't wish to give out any more information to sources other than: > > server URL/IP > mountpoint name > > Setup darkice as follows... with the above... > > That's all they get. > > If I specify specific credentials per mountpoint then ONLY THOSE *AND* > ADMIN should be able to send metadata.As I told in the other mail on this thread with 2.4.2 you can set the right to do so on every role. This includes mount specific roles.> I actually like the idea of white listing IP's as well... > > > That is a very important question to answer the above! > > > > Thank you and have a good evening! > > I am in no rush, as 2.3.2 is the only version in the repos for my distro, > and I don't compile, ever, never, ever, never. (I have enough headaches > to deal with already without self inflicted ones.) > > We won't upgrade past 2.3.2 till this is resolved in our favor, or not at > all if a choice is made to forgo this option. This option is more > important than the security, and I am not giving out admin credentials to > any one.I'm sorry to say so, but if you don't care about security at all you can also just publish your admin password. Current trunk (that will be 2.4.2) contains what you need. I would be happy to see you on IRC or drop me a mail offering some help with testing the changes. Have a nice evening! -- Philipp. (Rah of PH2) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: <http://lists.xiph.org/pipermail/icecast/attachments/20141202/c6b52525/attachment.sig>
I been monitoring metadata and connections statistics by a polling the server and recording the information require. Including the current Metadata., I ended up polling on a min bases and the radion stations station that use use been happy with the information for past couple years. This is via the server status page. I like to present each of our customers with listeners counts, times listen, how long a listen has been listing, and how many unique listeners. And for other they need unique tags, I event per request set up means of putting out custom meta data that is diferent from the content stream that is blocked cause of DMC concerns. Its a real pain to present it in a useable form. But I also found out different stations have different needs .and its all based on the contracts they have. IT can be done without any modifications. :) On Mon, Dec 1, 2014 at 7:05 PM, Philipp Schafft <lion at lion.leolix.org> wrote:> reflum, > > On Mon, 2014-12-01 at 22:28 +0000, Dean Sauer wrote: > > On Fri, 21 Nov 2014 15:59:42 +0000, Philipp Schafft wrote: > > > > > Also: would it be ok for you to have a global user that is allowed to > do > > > that or does it need to be the source user or does it need to be any > > > source user (anyone allowed to stream to that mountpoint)? > > > > Since I am likely the source case of this request... > > > > A global user, other than the existing one setup for sources?? > > > > NO. I don't wish to give out any more information to sources other than: > > > > server URL/IP > > mountpoint name > > > > Setup darkice as follows... with the above... > > > > That's all they get. > > > > If I specify specific credentials per mountpoint then ONLY THOSE *AND* > > ADMIN should be able to send metadata. > > As I told in the other mail on this thread with 2.4.2 you can set the > right to do so on every role. This includes mount specific roles. > > > > I actually like the idea of white listing IP's as well... > > > > > That is a very important question to answer the above! > > > > > > Thank you and have a good evening! > > > > I am in no rush, as 2.3.2 is the only version in the repos for my distro, > > and I don't compile, ever, never, ever, never. (I have enough headaches > > to deal with already without self inflicted ones.) > > > > We won't upgrade past 2.3.2 till this is resolved in our favor, or not at > > all if a choice is made to forgo this option. This option is more > > important than the security, and I am not giving out admin credentials to > > any one. > > I'm sorry to say so, but if you don't care about security at all you can > also just publish your admin password. > > > Current trunk (that will be 2.4.2) contains what you need. I would be > happy to see you on IRC or drop me a mail offering some help with > testing the changes. > > Have a nice evening! > > -- > Philipp. > (Rah of PH2) > > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast > >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.xiph.org/pipermail/icecast/attachments/20141201/e7f9fabf/attachment.htm