![]() |
![]() |
![]() |
GStreamer RTSP Server Reference Manual | ![]() |
---|---|---|---|---|
Top | Description | Object Hierarchy | Signals |
struct GstRTSPAuth; struct GstRTSPAuthClass; GstRTSPAuth * gst_rtsp_auth_new (void
); GTlsCertificate * gst_rtsp_auth_get_tls_certificate (GstRTSPAuth *auth
); void gst_rtsp_auth_set_tls_certificate (GstRTSPAuth *auth
,GTlsCertificate *cert
); GTlsDatabase * gst_rtsp_auth_get_tls_database (GstRTSPAuth *auth
); void gst_rtsp_auth_set_tls_database (GstRTSPAuth *auth
,GTlsDatabase *database
); GTlsAuthenticationMode gst_rtsp_auth_get_tls_authentication_mode (GstRTSPAuth *auth
); void gst_rtsp_auth_set_tls_authentication_mode (GstRTSPAuth *auth
,GTlsAuthenticationMode mode
); gchar * gst_rtsp_auth_make_basic (const gchar *user
,const gchar *pass
); void gst_rtsp_auth_add_basic (GstRTSPAuth *auth
,const gchar *basic
,GstRTSPToken *token
); void gst_rtsp_auth_remove_basic (GstRTSPAuth *auth
,const gchar *basic
); gboolean gst_rtsp_auth_check (const gchar *check
); GstRTSPToken * gst_rtsp_auth_get_default_token (GstRTSPAuth *auth
); void gst_rtsp_auth_set_default_token (GstRTSPAuth *auth
,GstRTSPToken *token
); #define GST_RTSP_AUTH_CHECK_CONNECT #define GST_RTSP_AUTH_CHECK_URL #define GST_RTSP_AUTH_CHECK_MEDIA_FACTORY_ACCESS #define GST_RTSP_AUTH_CHECK_MEDIA_FACTORY_CONSTRUCT #define GST_RTSP_AUTH_CHECK_TRANSPORT_CLIENT_SETTINGS #define GST_RTSP_TOKEN_MEDIA_FACTORY_ROLE #define GST_RTSP_TOKEN_TRANSPORT_CLIENT_SETTINGS #define GST_RTSP_PERM_MEDIA_FACTORY_ACCESS #define GST_RTSP_PERM_MEDIA_FACTORY_CONSTRUCT
The GstRTSPAuth object is responsible for checking if the current user is allowed to perform requested actions. The default implementation has some reasonable checks but subclasses can implement custom security policies.
A new auth object is made with gst_rtsp_auth_new()
. It is usually configured
on the GstRTSPServer object.
The RTSP server will call gst_rtsp_auth_check()
with a string describing the
check to perform. The possible checks are prefixed with
GST_RTSP_AUTH_CHECK_*. Depending on the check, the default implementation
will use the current GstRTSPToken, GstRTSPContext and
GstRTSPPermissions on the object to check if an operation is allowed.
The default GstRTSPAuth object has support for basic authentication. With
gst_rtsp_auth_add_basic()
you can add a basic authentication string together
with the GstRTSPToken that will become active when successfully
authenticated.
When a TLS certificate has been set with gst_rtsp_auth_set_tls_certificate()
,
the default auth object will require the client to connect with a TLS
connection.
Last reviewed on 2013-07-16 (1.0.0)
struct GstRTSPAuthClass { GObjectClass parent_class; gboolean (*authenticate) (GstRTSPAuth *auth, GstRTSPContext *ctx); gboolean (*check) (GstRTSPAuth *auth, GstRTSPContext *ctx, const gchar *check); gboolean (*accept_certificate) (GstRTSPAuth *auth, GTlsConnection *connection, GTlsCertificate *peer_cert, GTlsCertificateFlags errors); };
The authentication class.
check the authentication of a client. The default implementation checks if the authentication in the header matches one of the basic authentication tokens. This function should set the authgroup field in the context. | |
check if a resource can be accessed. this function should call authenticate to authenticate the client when needed. The method should also construct and send an appropriate response message on error. | |
GstRTSPAuth * gst_rtsp_auth_new (void
);
Create a new GstRTSPAuth instance.
Returns : |
a new GstRTSPAuth. [transfer full] |
GTlsCertificate * gst_rtsp_auth_get_tls_certificate (GstRTSPAuth *auth
);
Get the GTlsCertificate used for negotiating TLS auth
.
|
a GstRTSPAuth |
Returns : |
the GTlsCertificate of auth . g_object_unref() after
usage. [transfer full]
|
void gst_rtsp_auth_set_tls_certificate (GstRTSPAuth *auth
,GTlsCertificate *cert
);
Set the TLS certificate for the auth. Client connections will only be accepted when TLS is negotiated.
|
a GstRTSPAuth |
|
a GTlsCertificate. [transfer none][allow-none] |
GTlsDatabase * gst_rtsp_auth_get_tls_database (GstRTSPAuth *auth
);
Get the GTlsDatabase used for verifying client certificate.
|
a GstRTSPAuth |
Returns : |
the GTlsDatabase of auth . g_object_unref() after
usage. [transfer full]
|
Since 1.6
void gst_rtsp_auth_set_tls_database (GstRTSPAuth *auth
,GTlsDatabase *database
);
Sets the certificate database that is used to verify peer certificates.
If set to NULL
(the default), then peer certificate validation will always
set the G_TLS_CERTIFICATE_UNKNOWN_CA
error.
Since 1.6
|
a GstRTSPAuth |
|
a GTlsDatabase. [transfer none][allow-none] |
GTlsAuthenticationMode gst_rtsp_auth_get_tls_authentication_mode
(GstRTSPAuth *auth
);
Get the GTlsAuthenticationMode.
|
a GstRTSPAuth |
Returns : |
the GTlsAuthenticationMode. [transfer full] |
void gst_rtsp_auth_set_tls_authentication_mode (GstRTSPAuth *auth
,GTlsAuthenticationMode mode
);
The GTlsAuthenticationMode to set on the underlying GTlsServerConnection.
When set to another value than G_TLS_AUTHENTICATION_NONE
,
"accept-certificate" signal will be emitted and must be handled.
|
a GstRTSPAuth |
|
a GTlsAuthenticationMode. [transfer none][allow-none] |
Since 1.6
gchar * gst_rtsp_auth_make_basic (const gchar *user
,const gchar *pass
);
Construct a Basic authorisation token from user
and pass
.
|
a userid |
|
a password |
Returns : |
the base64 encoding of the string user :pass .
g_free() after usage. [transfer full]
|
void gst_rtsp_auth_add_basic (GstRTSPAuth *auth
,const gchar *basic
,GstRTSPToken *token
);
Add a basic token for the default authentication algorithm that
enables the client with privileges listed in token
.
|
a GstRTSPAuth |
|
the basic token |
|
authorisation token. [transfer none] |
void gst_rtsp_auth_remove_basic (GstRTSPAuth *auth
,const gchar *basic
);
Add a basic token for the default authentication algorithm that
enables the client with privileges from authgroup
.
|
a GstRTSPAuth |
|
the basic token. [transfer none] |
gboolean gst_rtsp_auth_check (const gchar *check
);
Check if check
is allowed in the current context.
|
the item to check |
Returns : |
FALSE if check failed. |
GstRTSPToken * gst_rtsp_auth_get_default_token (GstRTSPAuth *auth
);
Get the default token for auth
. This token will be used for unauthenticated
users.
|
a GstRTSPAuth |
Returns : |
the GstRTSPToken of auth . gst_rtsp_token_unref() after
usage. [transfer full]
|
void gst_rtsp_auth_set_default_token (GstRTSPAuth *auth
,GstRTSPToken *token
);
Set the default GstRTSPToken to token
in auth
. The default token will
be used for unauthenticated users.
|
a GstRTSPAuth |
|
a GstRTSPToken. [transfer none][allow-none] |
#define GST_RTSP_AUTH_CHECK_CONNECT "auth.check.connect"
Check a new connection
#define GST_RTSP_AUTH_CHECK_MEDIA_FACTORY_ACCESS "auth.check.media.factory.access"
Check if access is allowed to a factory. When access is not allowed an 404 Not Found is sent in the response.
#define GST_RTSP_AUTH_CHECK_MEDIA_FACTORY_CONSTRUCT "auth.check.media.factory.construct"
Check if media can be constructed from a media factory A response should be sent on error.
#define GST_RTSP_AUTH_CHECK_TRANSPORT_CLIENT_SETTINGS "auth.check.transport.client-settings"
Check if the client can specify TTL, destination and
port pair in multicast. No response is sent when the check returns
FALSE
.
#define GST_RTSP_TOKEN_MEDIA_FACTORY_ROLE "media.factory.role"
G_TYPE_STRING, the role to use when dealing with media factories
The default GstRTSPAuth object uses this string in the token to find the role of the media factory. It will then retrieve the GstRTSPPermissions of the media factory and retrieve the role with the same name.
#define GST_RTSP_TOKEN_TRANSPORT_CLIENT_SETTINGS "transport.client-settings"
G_TYPE_BOOLEAN, TRUE
if the client can specify TTL, destination and
port pair in multicast.
#define GST_RTSP_PERM_MEDIA_FACTORY_ACCESS "media.factory.access"
G_TYPE_BOOLEAN, TRUE
if the media can be accessed, FALSE
will
return a 404 Not Found error when trying to access the media.
"accept-certificate"
signalgboolean user_function (GstRTSPAuth *auth,
GTlsConnection *connection,
GTlsCertificate *peer_cert,
GTlsCertificateFlags errors,
gpointer user_data) : Run Last
Emitted during the TLS handshake after the client certificate has
been received. See also gst_rtsp_auth_set_tls_authentication_mode()
.
|
a GstRTSPAuth |
|
a GTlsConnection |
|
the peer's GTlsCertificate |
|
the problems with peer_cert . |
|
user data set when the signal handler was connected. |
Returns : |
TRUE to accept peer_cert (which will also
immediately end the signal emission). FALSE to allow the signal
emission to continue, which will cause the handshake to fail if
no one else overrides it. |
Since 1.6