GstRTSPAuth

GstRTSPAuth — Authentication and authorization

Synopsis

struct              GstRTSPAuth;
struct              GstRTSPAuthClass;
GstRTSPAuth *       gst_rtsp_auth_new                   (void);
GTlsCertificate *   gst_rtsp_auth_get_tls_certificate   (GstRTSPAuth *auth);
void                gst_rtsp_auth_set_tls_certificate   (GstRTSPAuth *auth,
                                                         GTlsCertificate *cert);
gchar *             gst_rtsp_auth_make_basic            (const gchar *user,
                                                         const gchar *pass);
void                gst_rtsp_auth_add_basic             (GstRTSPAuth *auth,
                                                         const gchar *basic,
                                                         GstRTSPToken *token);
void                gst_rtsp_auth_remove_basic          (GstRTSPAuth *auth,
                                                         const gchar *basic);
gboolean            gst_rtsp_auth_check                 (const gchar *check);
GstRTSPToken *      gst_rtsp_auth_get_default_token     (GstRTSPAuth *auth);
void                gst_rtsp_auth_set_default_token     (GstRTSPAuth *auth,
                                                         GstRTSPToken *token);

#define             GST_RTSP_AUTH_CHECK_CONNECT
#define             GST_RTSP_AUTH_CHECK_URL
#define             GST_RTSP_AUTH_CHECK_MEDIA_FACTORY_ACCESS
#define             GST_RTSP_AUTH_CHECK_MEDIA_FACTORY_CONSTRUCT
#define             GST_RTSP_AUTH_CHECK_TRANSPORT_CLIENT_SETTINGS

#define             GST_RTSP_TOKEN_MEDIA_FACTORY_ROLE
#define             GST_RTSP_TOKEN_TRANSPORT_CLIENT_SETTINGS

#define             GST_RTSP_PERM_MEDIA_FACTORY_ACCESS
#define             GST_RTSP_PERM_MEDIA_FACTORY_CONSTRUCT

Object Hierarchy

  GObject
   +----GstRTSPAuth

Description

The GstRTSPAuth object is responsible for checking if the current user is allowed to perform requested actions. The default implementation has some reasonable checks but subclasses can implement custom security policies.

A new auth object is made with gst_rtsp_auth_new(). It is usually configured on the GstRTSPServer object.

The RTSP server will call gst_rtsp_auth_check() with a string describing the check to perform. The possible checks are prefixed with GST_RTSP_AUTH_CHECK_*. Depending on the check, the default implementation will use the current GstRTSPToken, GstRTSPContext and GstRTSPPermissions on the object to check if an operation is allowed.

The default GstRTSPAuth object has support for basic authentication. With gst_rtsp_auth_add_basic() you can add a basic authentication string together with the GstRTSPToken that will become active when successfully authenticated.

When a TLS certificate has been set with gst_rtsp_auth_set_tls_certificate(), the default auth object will require the client to connect with a TLS connection.

Last reviewed on 2013-07-16 (1.0.0)

Details

struct GstRTSPAuth

struct GstRTSPAuth;

The authentication structure.


struct GstRTSPAuthClass

struct GstRTSPAuthClass {
  GObjectClass  parent_class;

  gboolean           (*authenticate) (GstRTSPAuth *auth, GstRTSPContext *ctx);
  gboolean           (*check)        (GstRTSPAuth *auth, GstRTSPContext *ctx,
                                      const gchar *check);
};

The authentication class.

GObjectClass parent_class;

authenticate ()

check the authentication of a client. The default implementation checks if the authentication in the header matches one of the basic authentication tokens. This function should set the authgroup field in the context.

check ()

check if a resource can be accessed. this function should call authenticate to authenticate the client when needed. The method should also construct and send an appropriate response message on error.

gst_rtsp_auth_new ()

GstRTSPAuth *       gst_rtsp_auth_new                   (void);

Create a new GstRTSPAuth instance.

Returns :

a new GstRTSPAuth. [transfer full]

gst_rtsp_auth_get_tls_certificate ()

GTlsCertificate *   gst_rtsp_auth_get_tls_certificate   (GstRTSPAuth *auth);

Get the GTlsCertificate used for negotiating TLS auth.

auth :

a GstRTSPAuth

Returns :

the GTlsCertificate of auth. g_object_unref() after usage. [transfer full]

gst_rtsp_auth_set_tls_certificate ()

void                gst_rtsp_auth_set_tls_certificate   (GstRTSPAuth *auth,
                                                         GTlsCertificate *cert);

Set the TLS certificate for the auth. Client connections will only be accepted when TLS is negotiated.

auth :

a GstRTSPAuth

cert :

a GTlsCertificate. [transfer none][allow-none]

gst_rtsp_auth_make_basic ()

gchar *             gst_rtsp_auth_make_basic            (const gchar *user,
                                                         const gchar *pass);

Construct a Basic authorisation token from user and pass.

user :

a userid

pass :

a password

Returns :

the base64 encoding of the string user:pass. g_free() after usage. [transfer full]

gst_rtsp_auth_add_basic ()

void                gst_rtsp_auth_add_basic             (GstRTSPAuth *auth,
                                                         const gchar *basic,
                                                         GstRTSPToken *token);

Add a basic token for the default authentication algorithm that enables the client with privileges listed in token.

auth :

a GstRTSPAuth

basic :

the basic token

token :

authorisation token. [transfer none]

gst_rtsp_auth_remove_basic ()

void                gst_rtsp_auth_remove_basic          (GstRTSPAuth *auth,
                                                         const gchar *basic);

Add a basic token for the default authentication algorithm that enables the client with privileges from authgroup.

auth :

a GstRTSPAuth

basic :

the basic token. [transfer none]

gst_rtsp_auth_check ()

gboolean            gst_rtsp_auth_check                 (const gchar *check);

Check if check is allowed in the current context.

check :

the item to check

Returns :

FALSE if check failed.

gst_rtsp_auth_get_default_token ()

GstRTSPToken *      gst_rtsp_auth_get_default_token     (GstRTSPAuth *auth);

Get the default token for auth. This token will be used for unauthenticated users.

auth :

a GstRTSPAuth

Returns :

the GstRTSPToken of auth. gst_rtsp_token_unref() after usage. [transfer full]

gst_rtsp_auth_set_default_token ()

void                gst_rtsp_auth_set_default_token     (GstRTSPAuth *auth,
                                                         GstRTSPToken *token);

Set the default GstRTSPToken to token in auth. The default token will be used for unauthenticated users.

auth :

a GstRTSPAuth

token :

a GstRTSPToken. [transfer none][allow-none]

GST_RTSP_AUTH_CHECK_CONNECT

#define GST_RTSP_AUTH_CHECK_CONNECT                  "auth.check.connect"

Check a new connection


GST_RTSP_AUTH_CHECK_URL

#define GST_RTSP_AUTH_CHECK_URL                      "auth.check.url"

Check the URL and methods


GST_RTSP_AUTH_CHECK_MEDIA_FACTORY_ACCESS

#define GST_RTSP_AUTH_CHECK_MEDIA_FACTORY_ACCESS     "auth.check.media.factory.access"

Check if access is allowed to a factory. When access is not allowed an 404 Not Found is sent in the response.


GST_RTSP_AUTH_CHECK_MEDIA_FACTORY_CONSTRUCT

#define GST_RTSP_AUTH_CHECK_MEDIA_FACTORY_CONSTRUCT  "auth.check.media.factory.construct"

Check if media can be constructed from a media factory A response should be sent on error.


GST_RTSP_AUTH_CHECK_TRANSPORT_CLIENT_SETTINGS

#define GST_RTSP_AUTH_CHECK_TRANSPORT_CLIENT_SETTINGS  "auth.check.transport.client-settings"

Check if the client can specify TTL, destination and port pair in multicast. No response is sent when the check returns FALSE.


GST_RTSP_TOKEN_MEDIA_FACTORY_ROLE

#define GST_RTSP_TOKEN_MEDIA_FACTORY_ROLE      "media.factory.role"

G_TYPE_STRING, the role to use when dealing with media factories

The default GstRTSPAuth object uses this string in the token to find the role of the media factory. It will then retrieve the GstRTSPPermissions of the media factory and retrieve the role with the same name.


GST_RTSP_TOKEN_TRANSPORT_CLIENT_SETTINGS

#define GST_RTSP_TOKEN_TRANSPORT_CLIENT_SETTINGS   "transport.client-settings"

G_TYPE_BOOLEAN, TRUE if the client can specify TTL, destination and port pair in multicast.


GST_RTSP_PERM_MEDIA_FACTORY_ACCESS

#define GST_RTSP_PERM_MEDIA_FACTORY_ACCESS      "media.factory.access"

G_TYPE_BOOLEAN, TRUE if the media can be accessed, FALSE will return a 404 Not Found error when trying to access the media.


GST_RTSP_PERM_MEDIA_FACTORY_CONSTRUCT

#define GST_RTSP_PERM_MEDIA_FACTORY_CONSTRUCT   "media.factory.construct"

G_TYPE_BOOLEAN, TRUE if the media can be constructed, FALSE will return a 404 Not Found error when trying to access the media.

See Also

GstRTSPPermissions, GstRTSPToken