From 7db2f9f3cf84f8eaf82d156b1f4425a8ce81864c Mon Sep 17 00:00:00 2001 From: Wim Taymans Date: Mon, 15 Jul 2013 11:56:06 +0200 Subject: [PATCH] auth: don't auth on methods Don't authorize on methods anymore but on the resources that we try to access, this is more flexible. Move the authorization checks to where they are needed and let the check return the response on error. --- gst/rtsp-server/rtsp-auth.c | 46 +++++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 22 deletions(-) diff --git a/gst/rtsp-server/rtsp-auth.c b/gst/rtsp-server/rtsp-auth.c index 091b0ef..deea3eb 100644 --- a/gst/rtsp-server/rtsp-auth.c +++ b/gst/rtsp-server/rtsp-auth.c @@ -95,12 +95,7 @@ gst_rtsp_auth_init (GstRTSPAuth * auth) (GDestroyNotify) gst_rtsp_token_unref); /* bitwise or of all methods that need authentication */ - priv->methods = GST_RTSP_DESCRIBE | - GST_RTSP_ANNOUNCE | - GST_RTSP_GET_PARAMETER | - GST_RTSP_SET_PARAMETER | - GST_RTSP_PAUSE | - GST_RTSP_PLAY | GST_RTSP_RECORD | GST_RTSP_SETUP | GST_RTSP_TEARDOWN; + priv->methods = 0; } static void @@ -303,6 +298,21 @@ no_auth: } } +static void +send_response (GstRTSPAuth * auth, GstRTSPStatusCode code, + GstRTSPClientState * state) +{ + gst_rtsp_message_init_response (state->response, code, + gst_rtsp_status_as_text (code), state->request); + + if (code == GST_RTSP_STS_UNAUTHORIZED) { + /* we only have Basic for now */ + gst_rtsp_message_add_header (state->response, GST_RTSP_HDR_WWW_AUTHENTICATE, + "Basic realm=\"GStreamer RTSP Server\""); + } + gst_rtsp_client_send_message (state->client, state->session, state->response); +} + static gboolean ensure_authenticated (GstRTSPAuth * auth, GstRTSPClientState * state) { @@ -326,30 +336,17 @@ ensure_authenticated (GstRTSPAuth * auth, GstRTSPClientState * state) authenticate_failed: { GST_DEBUG_OBJECT (auth, "authenticate failed"); + send_response (auth, GST_RTSP_STS_UNAUTHORIZED, state); return FALSE; } no_auth: { GST_DEBUG_OBJECT (auth, "no authorization token found"); + send_response (auth, GST_RTSP_STS_UNAUTHORIZED, state); return FALSE; } } -static void -send_response (GstRTSPAuth * auth, GstRTSPStatusCode code, - GstRTSPClientState * state) -{ - gst_rtsp_message_init_response (state->response, code, - gst_rtsp_status_as_text (code), state->request); - - if (code == GST_RTSP_STS_UNAUTHORIZED) { - /* we only have Basic for now */ - gst_rtsp_message_add_header (state->response, GST_RTSP_HDR_WWW_AUTHENTICATE, - "Basic realm=\"GStreamer RTSP Server\""); - } - gst_rtsp_client_send_message (state->client, state->session, state->response); -} - /* new connection */ static gboolean check_connect (GstRTSPAuth * auth, GstRTSPClientState * state, @@ -382,7 +379,6 @@ check_url (GstRTSPAuth * auth, GstRTSPClientState * state, const gchar * check) /* ERRORS */ not_authenticated: { - send_response (auth, GST_RTSP_STS_UNAUTHORIZED, state); return FALSE; } } @@ -395,6 +391,9 @@ check_factory (GstRTSPAuth * auth, GstRTSPClientState * state, const gchar *role; GstRTSPPermissions *perms; + if (!ensure_authenticated (auth, state)) + return FALSE; + if (!(role = gst_rtsp_token_get_string (state->token, GST_RTSP_MEDIA_FACTORY_ROLE))) goto no_media_role; @@ -443,6 +442,9 @@ static gboolean check_client_settings (GstRTSPAuth * auth, GstRTSPClientState * state, const gchar * check) { + if (!ensure_authenticated (auth, state)) + return FALSE; + return gst_rtsp_token_is_allowed (state->token, GST_RTSP_TRANSPORT_PERM_CLIENT_SETTINGS); } -- 2.7.4