auth: add support for default token

The default token is used when the user is not authenticated and can be used to give minimal permissions.
2024-10-03 01:02:19 +00:00 · 2013-07-18 12:19:25 +02:00 · 2013-07-18 12:19:25 +02:00 · 25547176be
commit 25547176be
parent 1a307c707d
3 changed files with 74 additions and 0 deletions
--- a/examples/test-auth.c
+++ b/examples/test-auth.c
@ -124,6 +124,13 @@ main (int argc, char *argv[])
  /* make a new authentication manager */
  auth = gst_rtsp_auth_new ();

+  /* make default token, it has the same permissions as admin2 */
+  token =
+      gst_rtsp_token_new (GST_RTSP_TOKEN_MEDIA_FACTORY_ROLE, G_TYPE_STRING,
+      "admin2", NULL);
+  gst_rtsp_auth_set_default_token (auth, token);
+  gst_rtsp_token_unref (token);
+
  /* make user token */
  token =
      gst_rtsp_token_new (GST_RTSP_TOKEN_MEDIA_FACTORY_ROLE, G_TYPE_STRING,
--- a/gst/rtsp-server/rtsp-auth.c
+++ b/gst/rtsp-server/rtsp-auth.c
@ -60,6 +60,7 @@ struct _GstRTSPAuthPrivate
  /* the TLS certificate */
  GTlsCertificate *certificate;
  GHashTable *basic;            /* protected by lock */
+  GstRTSPToken *default_token;
  GstRTSPMethod methods;
 };

@ -230,6 +231,63 @@ gst_rtsp_auth_get_tls_certificate (GstRTSPAuth * auth)
  return result;
 }

+/**
+ * gst_rtsp_auth_set_default_token:
+ * @auth: a #GstRTSPAuth
+ * @token: (allow none): a #GstRTSPToken
+ *
+ * Set the default #GstRTSPToken to @token in @auth. The default token will
+ * be used for unauthenticated users.
+ */
+void
+gst_rtsp_auth_set_default_token (GstRTSPAuth * auth, GstRTSPToken * token)
+{
+  GstRTSPAuthPrivate *priv;
+  GstRTSPToken *old;
+
+  g_return_if_fail (GST_IS_RTSP_AUTH (auth));
+
+  priv = auth->priv;
+
+  if (token)
+    gst_rtsp_token_ref (token);
+
+  g_mutex_lock (&priv->lock);
+  old = priv->default_token;
+  priv->default_token = token;
+  g_mutex_unlock (&priv->lock);
+
+  if (old)
+    gst_rtsp_token_unref (old);
+}
+
+/**
+ * gst_rtsp_auth_get_default_token:
+ * @auth: a #GstRTSPAuth
+ *
+ * Get the default token for @auth. This token will be used for unauthorized
+ * users.
+ *
+ * Returns: (transfer full): the #GstRTSPToken of @auth. gst_rtsp_token_unref() after
+ * usage.
+ */
+GstRTSPToken *
+gst_rtsp_auth_get_default_token (GstRTSPAuth * auth)
+{
+  GstRTSPAuthPrivate *priv;
+  GstRTSPToken *result;
+
+  g_return_val_if_fail (GST_IS_RTSP_AUTH (auth), NULL);
+
+  priv = auth->priv;
+
+  g_mutex_lock (&priv->lock);
+  if ((result = priv->default_token))
+    gst_rtsp_token_ref (result);
+  g_mutex_unlock (&priv->lock);
+
+  return result;
+}

 /**
 * gst_rtsp_auth_add_basic:
@ -290,6 +348,12 @@ default_authenticate (GstRTSPAuth * auth, GstRTSPClientState * state)

  GST_DEBUG_OBJECT (auth, "authenticate");

+  g_mutex_lock (&priv->lock);
+  /* FIXME, need to ref but we have no way to unref when the state is
+   * popped */
+  state->token = priv->default_token;
+  g_mutex_unlock (&priv->lock);
+
  res =
      gst_rtsp_message_get_header (state->request, GST_RTSP_HDR_AUTHORIZATION,
      &authorization, 0);
--- a/gst/rtsp-server/rtsp-auth.h
+++ b/gst/rtsp-server/rtsp-auth.h
@ -79,6 +79,9 @@ GstRTSPAuth *       gst_rtsp_auth_new               (void);
 void                gst_rtsp_auth_set_tls_certificate (GstRTSPAuth *auth, GTlsCertificate *cert);
 GTlsCertificate *   gst_rtsp_auth_get_tls_certificate (GstRTSPAuth *auth);

+void                gst_rtsp_auth_set_default_token (GstRTSPAuth *auth, GstRTSPToken *token);
+GstRTSPToken *      gst_rtsp_auth_get_default_token (GstRTSPAuth *auth);
+
 void                gst_rtsp_auth_add_basic         (GstRTSPAuth *auth, const gchar * basic,
                                                     GstRTSPToken *token);
 void                gst_rtsp_auth_remove_basic      (GstRTSPAuth *auth, const gchar * basic);