Bool16 AuthenticateRequest(QTSS_StandardRTSP_Params* inParams,
const char* pathBuff,
const char* movieRootDir,
StrPtrLen* ioRealmName,
Bool16* foundUserPtr)
{
if (foundUserPtr)
*foundUserPtr = false;
if (ioRealmName) //Set Value to Empty for now use whatever is set by access file or the default
{
ioRealmName->Ptr[0] = '\0';
ioRealmName->Len = 0;
}
QTSS_Error theErr = QTSS_NoErr;
char passwordBuff[kBuffLen];
StrPtrLen passwordStr(passwordBuff, kBuffLen -1);
char nameBuff[kBuffLen];
StrPtrLen nameStr(nameBuff, kBuffLen -1);
theErr = QTSS_GetValue (inParams->inRTSPRequest,qtssRTSPReqUserName,0, (void *) nameStr.Ptr, &nameStr.Len);
if ( (QTSS_NoErr != theErr) || (nameStr.Len >= kBuffLen) )
{
debug_printf("QTSSDSAuthModule:AuthenticateRequest() Username Error - %"_S32BITARG_"\n", theErr);
return false;
}
theErr = QTSS_GetValue (inParams->inRTSPRequest,qtssRTSPReqUserPassword,0, (void *) passwordStr.Ptr, &passwordStr.Len);
if ( (QTSS_NoErr != theErr) || (passwordStr.Len >= kBuffLen) )
{
debug_printf("QTSSDSAuthModule:AuthenticateRequest() Password Error - %"_S32BITARG_"\n", theErr);
return false;
}
nameBuff[nameStr.Len] = '\0';
passwordBuff[passwordStr.Len] = '\0';
//
// Use the name and password to check access
DSAccessChecker accessChecker;
if ( !accessChecker.CheckPassword( nameBuff, passwordBuff) )
{
return false;
}
if (foundUserPtr)
*foundUserPtr = true;
return true;
}
Bool16 QTSSAuthorize(QTSS_StandardRTSP_Params* inParams, char* pathBuff)
{
QTSS_Error theErr = QTSS_NoErr;
Bool16 result = false;
const int kBuffLen = 256;
char passwordBuff[kBuffLen] = {};
char nameBuff[kBuffLen] = {};
StrPtrLen nameStr(nameBuff, kBuffLen -1);
StrPtrLen passwordStr(passwordBuff, kBuffLen -1);
Bool16 noUserName = false;
Bool16 noPassword = false;
Bool16 isSpecialGuest = false;
do
{
theErr = QTSS_GetValue (inParams->inRTSPRequest,qtssRTSPReqUserName,0, (void *) nameStr.Ptr, &nameStr.Len);
//qtss_printf("GetValue qtssRTSPReqUserName err =%"_S32BITARG_" \n",theErr);
if ( (theErr != QTSS_NoErr) || (nameStr.Len == 0) || (nameStr.Ptr == NULL) || (*nameStr.Ptr == '\0'))
{
//qtss_printf ("no user name\n");
noUserName = true;
}
//qtss_printf("RTSPRequest dictionary name =%s len = %"_S32BITARG_"\n",nameStr.Ptr, nameStr.Len);
theErr = QTSS_GetValue (inParams->inRTSPRequest,qtssRTSPReqUserPassword,0, (void *) passwordStr.Ptr, &passwordStr.Len);
//qtss_printf("GetValue qtssRTSPReqUserName err =%"_S32BITARG_" \n",theErr);
if ( (theErr != QTSS_NoErr) || (passwordStr.Len == 0) || (passwordStr.Ptr == NULL) || (*passwordStr.Ptr == '\0'))
{
//qtss_printf ("no Password\n");
noPassword = true;
}
//qtss_printf("RTSPRequest dictionary password =%s len = %"_S32BITARG_" \n",passwordStr.Ptr, passwordStr.Len);
if (noUserName && noPassword) isSpecialGuest = true;
if (isSpecialGuest) // no name and no password means guest
{
//qtss_printf ("User is guest check for access\n");
result = CheckWorldDirAccess(pathBuff);
if (true == result)
result = CheckWorldFileAccess(pathBuff);
break; // no further processing on guest
}
if (0 == strcasecmp(nameStr.Ptr, sRootUserPtr) )
{ //qtss_printf("user is root no root access to file =%s\n",pathBuff); // must log
result = false; // don't allow
break;
}
struct passwd *passwdStructPtr = getpwnam(nameStr.Ptr);
if (NULL == passwdStructPtr)
{
//qtss_printf("failed to find name =%s\n",passwordStr.Ptr);
break;
}
char *theCryptedPassword = crypt(passwordStr.Ptr, passwdStructPtr->pw_passwd);
if ( 0 != strcmp(passwdStructPtr->pw_passwd, theCryptedPassword ) )
{
//qtss_printf("failed to match name to password =%s\n",passwordStr.Ptr);
break;
}
result = CheckDirAccess(passwdStructPtr, &nameStr, pathBuff);
if (!result) break;
result = CheckFileAccess(passwdStructPtr, &nameStr, pathBuff);
if (!result) break;
//qtss_printf("QTSSAuthorize: user %s is authorized for %s\n",nameStr.Ptr,pathBuff);
} while (false);
if (!result)
{ //qtss_printf("QTSSAuthorize: user %s is un authorized for %s\n",nameStr.Ptr,pathBuff);
}
return result;
}
void __declspec(dllexport) Login(LoginCallback loginCallback, char* login, char* pass) {
std::string loginStr(login);
std::string passwordStr(pass);
g_callbackProxy.loginCallback = loginCallback;
g_messenger->Login(loginStr, passwordStr,sp,&g_callbackProxy);
}
QTSS_Error AuthenticateRTSPRequest(QTSS_RTSPAuth_Params* inParams)
{
OSMutexLocker locker(sAuthMutex);
QTSS_RTSPRequestObject theRTSPRequest = inParams->inRTSPRequest;
QTSS_AuthScheme authScheme = qtssAuthNone;
debug_printf("QTSSDSAuthModule:AuthenticateRTSPRequest start\n");
if ( (NULL == inParams) || (NULL == inParams->inRTSPRequest) )
{
debug_printf("QTSSDSAuthModule:AuthenticateRTSPRequest inParams NULL\n");
return QTSS_RequestFailed;
}
// Get the user profile object from the request object
QTSS_UserProfileObject theUserProfile = NULL;
UInt32 len = sizeof(QTSS_UserProfileObject);
QTSS_Error theErr = QTSS_GetValue(theRTSPRequest, qtssRTSPReqUserProfile, 0, (void*)&theUserProfile, &len);
Assert(len == sizeof(QTSS_UserProfileObject));
if (theErr != QTSS_NoErr)
{
debug_printf("QTSSDSAuthModule:AuthenticateRTSPRequest - username error is %"_S32BITARG_"\n", theErr);
return theErr;
}
char* nameBuff = NULL;
theErr = QTSS_GetValueAsString(theUserProfile, qtssUserName, 0, &nameBuff);
debug_printf("QTSSDSAuthModule:AuthenticateRTSPRequest - username is %s\n", nameBuff);
OSCharArrayDeleter usernameBufDeleter(nameBuff);
if (theErr != QTSS_NoErr)
{
debug_printf("QTSSDSAuthModule:AuthenticateRTSPRequest - theUserProfile nameBuff error is %"_S32BITARG_"\n", theErr);
}
len = sizeof(authScheme);
theErr = QTSS_GetValue(theRTSPRequest, qtssRTSPReqAuthScheme, 0, (void*)&authScheme, &len);
if (theErr != QTSS_NoErr)
return theErr;
DSAccessChecker accessChecker;
Bool16 allowed = true;
Bool16 foundUser = true;
Bool16 authHandled = true;
if ( authScheme == qtssAuthDigest)
{
debug_printf("QTSSDSAuthModule:AuthenticateRTSPRequest - authScheme = qtssAuthDigest\n");
char* challengeBuff = NULL;
(void) QTSS_GetValueAsString(theRTSPRequest, qtssRTSPReqDigestChallenge, 0, &challengeBuff);
OSCharArrayDeleter challengeDeleter(challengeBuff);
debug_printf("QTSSDSAuthModule:AuthenticateRTSPRequest - Server Challenge =%s\n",challengeBuff);
char* responseBuff = NULL;
(void) QTSS_GetValueAsString(theRTSPRequest, qtssRTSPReqDigestResponse, 0, &responseBuff);
OSCharArrayDeleter responseDeleter(responseBuff);
char* methodBuff = NULL;
(void) QTSS_GetValueAsString(theRTSPRequest, qtssRTSPReqMethodStr, 0, &methodBuff);
OSCharArrayDeleter methodDeleter(methodBuff);
debug_printf("QTSSDSAuthModule:AuthenticateRTSPRequest - Server Method =%s\n",methodBuff);
debug_printf("QTSSDSAuthModule:AuthenticateRTSPRequest - username is %s challenge=%s response=%s method=%s\n", nameBuff, challengeBuff, responseBuff, methodBuff);
if ( false == accessChecker.CheckDigest(nameBuff, challengeBuff, responseBuff, methodBuff) )
{ debug_printf("QTSSDSAuthModule CheckDigest returned false\n");
}
else
{ debug_printf("QTSSDSAuthModule CheckDigest returned true\n");
(void) QTSSModuleUtils::AuthorizeRequest(theRTSPRequest,&allowed,&foundUser,&authHandled);
}
}
if ( authScheme == qtssAuthBasic)
{
debug_printf("QTSSDSAuthModule:AuthenticateRTSPRequest - authScheme = qtssAuthBasic\n");
char passwordBuff[kBuffLen];
StrPtrLen passwordStr(passwordBuff, kBuffLen -1);
char nameBuff[kBuffLen];
StrPtrLen nameStr(nameBuff, kBuffLen -1);
theErr = QTSS_GetValue (inParams->inRTSPRequest,qtssRTSPReqUserName,0, (void *) nameStr.Ptr, &nameStr.Len);
if ( (QTSS_NoErr != theErr) || (nameStr.Len >= kBuffLen) )
{
debug_printf("QTSSDSAuthModule:AuthenticateRequest() Username Error - %"_S32BITARG_"\n", theErr);
return false;
}
theErr = QTSS_GetValue (inParams->inRTSPRequest,qtssRTSPReqUserPassword,0, (void *) passwordStr.Ptr, &passwordStr.Len);
if ( (QTSS_NoErr != theErr) || (passwordStr.Len >= kBuffLen) )
{
debug_printf("QTSSDSAuthModule:AuthenticateRequest() Password Error - %"_S32BITARG_"\n", theErr);
}
nameBuff[nameStr.Len] = '\0';
passwordBuff[passwordStr.Len] = '\0';
debug_printf("QTSSDSAuthModule:AuthenticateRTSPRequest - username is %s\n", nameBuff);
debug_printf("QTSSDSAuthModule:AuthenticateRTSPRequest - password is %s\n", passwordBuff);
if ( !accessChecker.CheckPassword(nameBuff, passwordBuff) )
{ debug_printf("QTSSDSAuthModule CheckPassword returned false\n");
}
else
{
debug_printf("QTSSDSAuthModule CheckPassword returned true\n");
(void) QTSSModuleUtils::AuthorizeRequest(theRTSPRequest,&allowed,&foundUser,&authHandled);
}
}
return QTSS_NoErr;
}