[Live-devel] authorizing users

Subhankar Saha Subhankar_Saha at mindtree.com
Sat Aug 17 08:37:09 PDT 2013 

Hi Ross,

We happen to have the same requirement. And I tried your recommendation of subclassing "RTSPServer".

In our case, each stream will have different set of username-passwd combination. In other words, username/passwd combination of "Stream-1" should not be allowed to access "Stream-2", and so on. In our case, username could be same across streams, as they are derived from the cameras whose streams are being proxy-ed.

But it appears we must create an "authDB", and add all username-passwd combinations of all streams first, while creating the RTSPServer. Only then, it seems to invoke the re-implemented virtual function 'specialClientUserAccessCheck'. Since we do not get the 'passwd' component of the 'username' in 'specialClientUserAccessCheck', how do we restrict an user of "Stream-1" from incorrectly accessing "Stream-2", when the username being same for both streams?

Will it be possible to include password as well for 'specialClientUserAccessCheck'?

Regards,
Subhankar.

From: live-devel-bounces at ns.live555.com [mailto:live-devel-bounces at ns.live555.com] On Behalf Of Ross Finlayson
Sent: Thursday, August 15, 2013 1:14 PM
To: LIVE555 Streaming Media - development & use
Subject: Re: [Live-devel] authorizing users

is it possible to change UserAuthenticationDatabase class so that it can be used to limit user access to specific streams?

Yes, you can do this; however, you don't need to make any changes to the "UserAuthenticationDatabase" code.  Instead, the way you would do this would be to subclass "RTSPServer", and reimplement the virtual function
            virtual Boolean specialClientUserAccessCheck(int clientSocket, struct sockaddr_in& clientAddr, char const* urlSuffix, char const *username);
(see "liveMedia/include/RTSPServer.hh")

You would use a (regular, unmodified) "UserAuthenticationDatabase" to first reject users who don't have *any* access to the server.  Then, your reimplemented "specialClientUserAccessCheck()" function would reject users who aren't allowed to access the specific stream (named by "urlSuffix") that's being named.

Ross Finlayson
Live Networks, Inc.
http://www.live555.com/


________________________________

http://www.mindtree.com/email/disclaimer.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.live555.com/pipermail/live-devel/attachments/20130817/65806a23/attachment.html>

More information about the live-devel mailing list