diff options
| author | Wim Taymans <wim.taymans@collabora.co.uk> | 2013-07-15 11:56:06 +0200 |
|---|---|---|
| committer | Wim Taymans <wim.taymans@collabora.co.uk> | 2013-07-15 11:56:06 +0200 |
| commit | 7db2f9f3cf84f8eaf82d156b1f4425a8ce81864c (patch) | |
| tree | 509dbb19cdcb09f674389bcdd581ed11bd6bafa2 /gst/rtsp-server/rtsp-auth.c | |
| parent | 692cbc1364dcd6cd5a342a9445cec9219d410088 (diff) | |
auth: don't auth on methods
Don't authorize on methods anymore but on the resources that we
try to access, this is more flexible.
Move the authorization checks to where they are needed and let the
check return the response on error.
Diffstat (limited to 'gst/rtsp-server/rtsp-auth.c')
| -rw-r--r-- | gst/rtsp-server/rtsp-auth.c | 46 |
1 files changed, 24 insertions, 22 deletions
diff --git a/gst/rtsp-server/rtsp-auth.c b/gst/rtsp-server/rtsp-auth.c index 091b0ef..deea3eb 100644 --- a/gst/rtsp-server/rtsp-auth.c +++ b/gst/rtsp-server/rtsp-auth.c @@ -95,12 +95,7 @@ gst_rtsp_auth_init (GstRTSPAuth * auth) (GDestroyNotify) gst_rtsp_token_unref); /* bitwise or of all methods that need authentication */ - priv->methods = GST_RTSP_DESCRIBE | - GST_RTSP_ANNOUNCE | - GST_RTSP_GET_PARAMETER | - GST_RTSP_SET_PARAMETER | - GST_RTSP_PAUSE | - GST_RTSP_PLAY | GST_RTSP_RECORD | GST_RTSP_SETUP | GST_RTSP_TEARDOWN; + priv->methods = 0; } static void @@ -303,6 +298,21 @@ no_auth: } } +static void +send_response (GstRTSPAuth * auth, GstRTSPStatusCode code, + GstRTSPClientState * state) +{ + gst_rtsp_message_init_response (state->response, code, + gst_rtsp_status_as_text (code), state->request); + + if (code == GST_RTSP_STS_UNAUTHORIZED) { + /* we only have Basic for now */ + gst_rtsp_message_add_header (state->response, GST_RTSP_HDR_WWW_AUTHENTICATE, + "Basic realm=\"GStreamer RTSP Server\""); + } + gst_rtsp_client_send_message (state->client, state->session, state->response); +} + static gboolean ensure_authenticated (GstRTSPAuth * auth, GstRTSPClientState * state) { @@ -326,30 +336,17 @@ ensure_authenticated (GstRTSPAuth * auth, GstRTSPClientState * state) authenticate_failed: { GST_DEBUG_OBJECT (auth, "authenticate failed"); + send_response (auth, GST_RTSP_STS_UNAUTHORIZED, state); return FALSE; } no_auth: { GST_DEBUG_OBJECT (auth, "no authorization token found"); + send_response (auth, GST_RTSP_STS_UNAUTHORIZED, state); return FALSE; } } -static void -send_response (GstRTSPAuth * auth, GstRTSPStatusCode code, - GstRTSPClientState * state) -{ - gst_rtsp_message_init_response (state->response, code, - gst_rtsp_status_as_text (code), state->request); - - if (code == GST_RTSP_STS_UNAUTHORIZED) { - /* we only have Basic for now */ - gst_rtsp_message_add_header (state->response, GST_RTSP_HDR_WWW_AUTHENTICATE, - "Basic realm=\"GStreamer RTSP Server\""); - } - gst_rtsp_client_send_message (state->client, state->session, state->response); -} - /* new connection */ static gboolean check_connect (GstRTSPAuth * auth, GstRTSPClientState * state, @@ -382,7 +379,6 @@ check_url (GstRTSPAuth * auth, GstRTSPClientState * state, const gchar * check) /* ERRORS */ not_authenticated: { - send_response (auth, GST_RTSP_STS_UNAUTHORIZED, state); return FALSE; } } @@ -395,6 +391,9 @@ check_factory (GstRTSPAuth * auth, GstRTSPClientState * state, const gchar *role; GstRTSPPermissions *perms; + if (!ensure_authenticated (auth, state)) + return FALSE; + if (!(role = gst_rtsp_token_get_string (state->token, GST_RTSP_MEDIA_FACTORY_ROLE))) goto no_media_role; @@ -443,6 +442,9 @@ static gboolean check_client_settings (GstRTSPAuth * auth, GstRTSPClientState * state, const gchar * check) { + if (!ensure_authenticated (auth, state)) + return FALSE; + return gst_rtsp_token_is_allowed (state->token, GST_RTSP_TRANSPORT_PERM_CLIENT_SETTINGS); } |