auth: add support for default token

The default token is used when the user is not authenticated and can be used to
give minimal permissions.

diff --git a/examples/test-auth.c b/examples/test-auth.c
index 7d0b9d2..eff3c74 100644 (file)
--- a/examples/test-auth.c
+++ b/examples/test-auth.c
@@ -124,6 +124,13 @@ main (int argc, char *argv[])
   /* make a new authentication manager */
   auth = gst_rtsp_auth_new ();
 
+  /* make default token, it has the same permissions as admin2 */
+  token =
+      gst_rtsp_token_new (GST_RTSP_TOKEN_MEDIA_FACTORY_ROLE, G_TYPE_STRING,
+      "admin2", NULL);
+  gst_rtsp_auth_set_default_token (auth, token);
+  gst_rtsp_token_unref (token);
+
   /* make user token */
   token =
       gst_rtsp_token_new (GST_RTSP_TOKEN_MEDIA_FACTORY_ROLE, G_TYPE_STRING,

diff --git a/gst/rtsp-server/rtsp-auth.c b/gst/rtsp-server/rtsp-auth.c
index dfce784..68ab719 100644 (file)
--- a/gst/rtsp-server/rtsp-auth.c
+++ b/gst/rtsp-server/rtsp-auth.c
@@ -60,6 +60,7 @@ struct _GstRTSPAuthPrivate
   /* the TLS certificate */
   GTlsCertificate *certificate;
   GHashTable *basic;            /* protected by lock */
+  GstRTSPToken *default_token;
   GstRTSPMethod methods;
 };
 
@@ -230,6 +231,63 @@ gst_rtsp_auth_get_tls_certificate (GstRTSPAuth * auth)
   return result;
 }
 
+/**
+ * gst_rtsp_auth_set_default_token:
+ * @auth: a #GstRTSPAuth
+ * @token: (allow none): a #GstRTSPToken
+ *
+ * Set the default #GstRTSPToken to @token in @auth. The default token will
+ * be used for unauthenticated users.
+ */
+void
+gst_rtsp_auth_set_default_token (GstRTSPAuth * auth, GstRTSPToken * token)
+{
+  GstRTSPAuthPrivate *priv;
+  GstRTSPToken *old;
+
+  g_return_if_fail (GST_IS_RTSP_AUTH (auth));
+
+  priv = auth->priv;
+
+  if (token)
+    gst_rtsp_token_ref (token);
+
+  g_mutex_lock (&priv->lock);
+  old = priv->default_token;
+  priv->default_token = token;
+  g_mutex_unlock (&priv->lock);
+
+  if (old)
+    gst_rtsp_token_unref (old);
+}
+
+/**
+ * gst_rtsp_auth_get_default_token:
+ * @auth: a #GstRTSPAuth
+ *
+ * Get the default token for @auth. This token will be used for unauthorized
+ * users.
+ *
+ * Returns: (transfer full): the #GstRTSPToken of @auth. gst_rtsp_token_unref() after
+ * usage.
+ */
+GstRTSPToken *
+gst_rtsp_auth_get_default_token (GstRTSPAuth * auth)
+{
+  GstRTSPAuthPrivate *priv;
+  GstRTSPToken *result;
+
+  g_return_val_if_fail (GST_IS_RTSP_AUTH (auth), NULL);
+
+  priv = auth->priv;
+
+  g_mutex_lock (&priv->lock);
+  if ((result = priv->default_token))
+    gst_rtsp_token_ref (result);
+  g_mutex_unlock (&priv->lock);
+
+  return result;
+}
 
 /**
  * gst_rtsp_auth_add_basic:
@@ -290,6 +348,12 @@ default_authenticate (GstRTSPAuth * auth, GstRTSPClientState * state)
 
   GST_DEBUG_OBJECT (auth, "authenticate");
 
+  g_mutex_lock (&priv->lock);
+  /* FIXME, need to ref but we have no way to unref when the state is
+   * popped */
+  state->token = priv->default_token;
+  g_mutex_unlock (&priv->lock);
+
   res =
       gst_rtsp_message_get_header (state->request, GST_RTSP_HDR_AUTHORIZATION,
       &authorization, 0);

diff --git a/gst/rtsp-server/rtsp-auth.h b/gst/rtsp-server/rtsp-auth.h
index 54c268f..fd0da62 100644 (file)
--- a/gst/rtsp-server/rtsp-auth.h
+++ b/gst/rtsp-server/rtsp-auth.h
@@ -79,6 +79,9 @@ GstRTSPAuth *       gst_rtsp_auth_new               (void);
 void                gst_rtsp_auth_set_tls_certificate (GstRTSPAuth *auth, GTlsCertificate *cert);
 GTlsCertificate *   gst_rtsp_auth_get_tls_certificate (GstRTSPAuth *auth);
 
+void                gst_rtsp_auth_set_default_token (GstRTSPAuth *auth, GstRTSPToken *token);
+GstRTSPToken *      gst_rtsp_auth_get_default_token (GstRTSPAuth *auth);
+
 void                gst_rtsp_auth_add_basic         (GstRTSPAuth *auth, const gchar * basic,
                                                      GstRTSPToken *token);
 void                gst_rtsp_auth_remove_basic      (GstRTSPAuth *auth, const gchar * basic);