Enable RTSP Digest Authentication With Gstreamer

Dwight Kulkarni dwight at realtime-7.com
Tue Aug 31 18:20:45 UTC 2021 

Hi All,

I was able to get it working and VLC now asks me for a username and
password when accessing the stream. Awesome !!

Not sure what is the difference between *GST_RTSP_PERM_MEDIA_FACTORY_ACCESS*
and  *GST_RTSP_PERM_MEDIA_FACTORY_CONSTRUCT*, however VLC doesn't work
without both.



The code for the permissions section is as follows, let me know if you see
anything wrong. Thanks !

GstRTSPMediaFactory *gst_rtsp_factory_var;
GstRTSPAuth *gst_rtsp_auth_var;
GstRTSPMountPoints *gst_rtsp_mounts_var;
//setup authentication
gst_rtsp_auth_var = gst_rtsp_auth_new();
gst_rtsp_auth_set_supported_methods(gst_rtsp_auth_var,GST_RTSP_AUTH_DIGEST);
gst_rtsp_server_set_auth(p_rtsp_server,gst_rtsp_auth_var);

//add user
void add_rtsp_user(string user_name, string password){
debug_log log("rtsp_thread", "rtsp_users");
log.msg("Adding User " + user_name);

//remove the role if it already exists
remove_rtsp_user(user_name);

//add the role with factory and construct access;
gst_rtsp_media_factory_add_role(gst_rtsp_factory_var, user_name.c_str(),
GST_RTSP_PERM_MEDIA_FACTORY_ACCESS, G_TYPE_BOOLEAN, TRUE,
GST_RTSP_PERM_MEDIA_FACTORY_CONSTRUCT, G_TYPE_BOOLEAN, TRUE, NULL);

//make user token
GstRTSPToken* token = gst_rtsp_token_new(GST_RTSP_TOKEN_MEDIA_FACTORY_ROLE,
G_TYPE_STRING, user_name.c_str(), NULL);
gst_rtsp_auth_add_digest(gst_rtsp_auth_var, user_name.c_str(), password.
c_str(), token);
gst_rtsp_token_unref(token);

}

//remove user
void remove_rtsp_user(string user_name){
debug_log log("rtsp_thread", "rtsp_users");
log.msg("Removing Users");
GstRTSPPermissions* perms = gst_rtsp_media_factory_get_permissions(
gst_rtsp_factory_var);
if(perms){
log.msg("Permissions Found");
gst_rtsp_auth_remove_digest(gst_rtsp_auth_var, user_name.c_str());
gst_rtsp_permissions_remove_role(perms, user_name.c_str());

}else{
log.msg("No Permissions Yet. Nothing to remove.");
}

}

On Tue, Aug 31, 2021 at 10:19 AM Dwight Kulkarni <dwight at realtime-7.com>
wrote:

> Hi Michael and everyone,
>
> Thank you for that info. When reviewing the referenced code snippet, I had
> two questions
>
> 1) *gst_rtsp_media_factory_add_role* (this->factory, user_name,
>       GST_RTSP_PERM_MEDIA_FACTORY_ACCESS, G_TYPE_BOOLEAN, TRUE,
>       GST_RTSP_PERM_MEDIA_FACTORY_CONSTRUCT, G_TYPE_BOOLEAN, TRUE, NULL);
>
> What is the difference between: *GST_RTSP_PERM_MEDIA_FACTORY_ACCESS*
> and  *GST_RTSP_PERM_MEDIA_FACTORY_CONSTRUCT*
>
> When I checked the docs, both said FALSE will return a 404 error when
> trying to access the media. In the code, it appears to setup some users
> only with MEDIA_FACTORY_ACCESS and not MEDIA_FACTORY_CONSTRUCT.
>
>
> 2)  After the roles are added if the user access changes. For example a
> user is removed or their password updated, I could not find a way to remove
> the user.
>
> For example the code calls two functions to create the user and set the
> password, I wanted the opposite to undo this.
>
> //set the user
> *gst_rtsp_media_factory_add_role( ... )*  ->  *gst_rtsp_media_factory_remove_role(
> .. )*
> *gst_rtsp_auth_add_digest  ( ... ) *->   *gst_rtsp_auth_remove_digest (
> .. )*
>
>
> Thank you !
>
>
>
>
> On Mon, Aug 30, 2021 at 6:33 PM Michael Gruner <
> michael.gruner at ridgerun.com> wrote:
>
>> Hello Dwight
>>
>> Here's a working example from the server repo itself:
>>
>>
>> https://github.com/GStreamer/gst-rtsp-server/blob/master/examples/test-auth-digest.c
>>
>> Michael
>> www.ridgerun.com
>>
>>
>> On 30 Aug 2021, at 14:09, Dwight Kulkarni via gstreamer-devel <
>> gstreamer-devel at lists.freedesktop.org> wrote:
>>
>> Hi All,
>>
>> I have got Gstreamer working with my C++ program and I am using the RTSP
>> server in Gstreamer to work with my pipeline.
>>
>> When I visit the network address: rtsp://192.168.0.20/myserviceurl
>>
>> It is showing the network stream correctly in VLC Client.
>>
>> However, now I want to turn on digest authentication so that we can
>> secure the stream, and it can only be seen when the username and password
>> is supplied in VLC like so:
>>
>> rtsp://username:password@192.168.0.20/myserviceurl
>>
>> If my program has a list of users and passwords, how can I register them
>> with the Gstreamer RTSP server and require digest authentication?
>>
>> --
>> Sincerely,
>>
>> Dwight Kulkarni
>>
>>
>>
>
> --
> Sincerely,
>
> Dwight Kulkarni
>
>

-- 
Sincerely,

Dwight Kulkarni
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/gstreamer-devel/attachments/20210831/29c7d016/attachment.htm>

More information about the gstreamer-devel mailing list