GstRTSPAuth

GstRTSPAuth — Authentication and authorization

Functions

Types and Values

Object Hierarchy

    GObject
    ╰── GstRTSPAuth

Description

The GstRTSPAuth object is responsible for checking if the current user is allowed to perform requested actions. The default implementation has some reasonable checks but subclasses can implement custom security policies.

A new auth object is made with gst_rtsp_auth_new(). It is usually configured on the GstRTSPServer object.

The RTSP server will call gst_rtsp_auth_check() with a string describing the check to perform. The possible checks are prefixed with GST_RTSP_AUTH_CHECK_*. Depending on the check, the default implementation will use the current GstRTSPToken, GstRTSPContext and GstRTSPPermissions on the object to check if an operation is allowed.

The default GstRTSPAuth object has support for basic authentication. With gst_rtsp_auth_add_basic() you can add a basic authentication string together with the GstRTSPToken that will become active when successfully authenticated.

When a TLS certificate has been set with gst_rtsp_auth_set_tls_certificate(), the default auth object will require the client to connect with a TLS connection.

Last reviewed on 2013-07-16 (1.0.0)

Functions

gst_rtsp_auth_new ()

GstRTSPAuth *
gst_rtsp_auth_new (void);

Create a new GstRTSPAuth instance.

Returns

a new GstRTSPAuth.

[transfer full]


gst_rtsp_auth_get_tls_certificate ()

GTlsCertificate *
gst_rtsp_auth_get_tls_certificate (GstRTSPAuth *auth);

Get the GTlsCertificate used for negotiating TLS auth .

Parameters

auth

a GstRTSPAuth

 

Returns

the GTlsCertificate of auth . g_object_unref() after usage.

[transfer full]


gst_rtsp_auth_set_tls_certificate ()

void
gst_rtsp_auth_set_tls_certificate (GstRTSPAuth *auth,
                                   GTlsCertificate *cert);

Set the TLS certificate for the auth. Client connections will only be accepted when TLS is negotiated.

Parameters

auth

a GstRTSPAuth

 

cert

a GTlsCertificate.

[transfer none][allow-none]

gst_rtsp_auth_make_basic ()

gchar *
gst_rtsp_auth_make_basic (const gchar *user,
                          const gchar *pass);

Construct a Basic authorisation token from user and pass .

Parameters

user

a userid

 

pass

a password

 

Returns

the base64 encoding of the string user :pass . g_free() after usage.

[transfer full]


gst_rtsp_auth_add_basic ()

void
gst_rtsp_auth_add_basic (GstRTSPAuth *auth,
                         const gchar *basic,
                         GstRTSPToken *token);

Add a basic token for the default authentication algorithm that enables the client with privileges listed in token .

Parameters

auth

a GstRTSPAuth

 

basic

the basic token

 

token

authorisation token.

[transfer none]

gst_rtsp_auth_remove_basic ()

void
gst_rtsp_auth_remove_basic (GstRTSPAuth *auth,
                            const gchar *basic);

Add a basic token for the default authentication algorithm that enables the client with privileges from authgroup .

Parameters

auth

a GstRTSPAuth

 

basic

the basic token.

[transfer none]

gst_rtsp_auth_check ()

gboolean
gst_rtsp_auth_check (const gchar *check);

Check if check is allowed in the current context.

Parameters

check

the item to check

 

Returns

FALSE if check failed.


gst_rtsp_auth_get_default_token ()

GstRTSPToken *
gst_rtsp_auth_get_default_token (GstRTSPAuth *auth);

Get the default token for auth . This token will be used for unauthenticated users.

Parameters

auth

a GstRTSPAuth

 

Returns

the GstRTSPToken of auth . gst_rtsp_token_unref() after usage.

[transfer full]


gst_rtsp_auth_set_default_token ()

void
gst_rtsp_auth_set_default_token (GstRTSPAuth *auth,
                                 GstRTSPToken *token);

Set the default GstRTSPToken to token in auth . The default token will be used for unauthenticated users.

Parameters

auth

a GstRTSPAuth

 

token

a GstRTSPToken.

[transfer none][allow-none]

Types and Values

struct GstRTSPAuth

struct GstRTSPAuth;

The authentication structure.


struct GstRTSPAuthClass

struct GstRTSPAuthClass {
  GObjectClass  parent_class;

  gboolean           (*authenticate) (GstRTSPAuth *auth, GstRTSPContext *ctx);
  gboolean           (*check)        (GstRTSPAuth *auth, GstRTSPContext *ctx,
                                      const gchar *check);
};

The authentication class.

Members

GObjectClass parent_class;

   

authenticate ()

check the authentication of a client. The default implementation checks if the authentication in the header matches one of the basic authentication tokens. This function should set the authgroup field in the context.

 

check ()

check if a resource can be accessed. this function should call authenticate to authenticate the client when needed. The method should also construct and send an appropriate response message on error.

 

GST_RTSP_AUTH_CHECK_CONNECT

#define GST_RTSP_AUTH_CHECK_CONNECT                  "auth.check.connect"

Check a new connection


GST_RTSP_AUTH_CHECK_URL

#define GST_RTSP_AUTH_CHECK_URL                      "auth.check.url"

Check the URL and methods


GST_RTSP_AUTH_CHECK_MEDIA_FACTORY_ACCESS

#define GST_RTSP_AUTH_CHECK_MEDIA_FACTORY_ACCESS     "auth.check.media.factory.access"

Check if access is allowed to a factory. When access is not allowed an 404 Not Found is sent in the response.


GST_RTSP_AUTH_CHECK_MEDIA_FACTORY_CONSTRUCT

#define GST_RTSP_AUTH_CHECK_MEDIA_FACTORY_CONSTRUCT  "auth.check.media.factory.construct"

Check if media can be constructed from a media factory A response should be sent on error.


GST_RTSP_AUTH_CHECK_TRANSPORT_CLIENT_SETTINGS

#define GST_RTSP_AUTH_CHECK_TRANSPORT_CLIENT_SETTINGS  "auth.check.transport.client-settings"

Check if the client can specify TTL, destination and port pair in multicast. No response is sent when the check returns FALSE.


GST_RTSP_TOKEN_MEDIA_FACTORY_ROLE

#define GST_RTSP_TOKEN_MEDIA_FACTORY_ROLE      "media.factory.role"

G_TYPE_STRING, the role to use when dealing with media factories

The default GstRTSPAuth object uses this string in the token to find the role of the media factory. It will then retrieve the GstRTSPPermissions of the media factory and retrieve the role with the same name.


GST_RTSP_TOKEN_TRANSPORT_CLIENT_SETTINGS

#define GST_RTSP_TOKEN_TRANSPORT_CLIENT_SETTINGS   "transport.client-settings"

G_TYPE_BOOLEAN, TRUE if the client can specify TTL, destination and port pair in multicast.


GST_RTSP_PERM_MEDIA_FACTORY_ACCESS

#define GST_RTSP_PERM_MEDIA_FACTORY_ACCESS      "media.factory.access"

G_TYPE_BOOLEAN, TRUE if the media can be accessed, FALSE will return a 404 Not Found error when trying to access the media.


GST_RTSP_PERM_MEDIA_FACTORY_CONSTRUCT

#define GST_RTSP_PERM_MEDIA_FACTORY_CONSTRUCT   "media.factory.construct"

G_TYPE_BOOLEAN, TRUE if the media can be constructed, FALSE will return a 404 Not Found error when trying to access the media.

See Also

GstRTSPPermissions, GstRTSPToken