Requests authentication. More...

#include <string.h>
#include <openssl/hmac.h>
#include "auth.h"
#include "debug.h"
#include "mutex.h"
#include "utils.h"

Include dependency graph for auth.c:

Functions
void	janus_auth_init (gboolean enabled, const char *secret)
	Method to initializing the token based authentication.

gboolean	janus_auth_is_enabled (void)
	Method to check whether the mechanism is enabled or not.

gboolean	janus_auth_is_stored_mode (void)
	Method to check whether the mechanism is in stored-token mode or not.

gboolean	janus_auth_is_signed_mode (void)
	Method to check whether the mechanism is in signed-token mode or not.

void	janus_auth_deinit (void)
	Method to de-initialize the mechanism.

gboolean	janus_auth_check_signature (const char token, const char realm)
	Method to check whether a signed token is valid.

gboolean	janus_auth_check_signature_contains (const char token, const char realm, const char *desc)
	Method to verify a signed token contains a descriptor.

gboolean	janus_auth_add_token (const char *token)
	Method to add a new valid token for authenticating.

gboolean	janus_auth_check_token (const char *token)
	Method to check whether a provided token is valid or not.

GList *	janus_auth_list_tokens (void)
	Method to return a list of the tokens.

gboolean	janus_auth_remove_token (const char *token)
	Method to invalidate an existing token.

gboolean	janus_auth_allow_plugin (const char token, janus_plugin plugin)
	Method to allow a token to use a plugin.

gboolean	janus_auth_check_plugin (const char token, janus_plugin plugin)
	Method to check whether a provided token can access a specified plugin.

GList *	janus_auth_list_plugins (const char *token)
	Method to return a list of the plugins a specific token has access to.

gboolean	janus_auth_disallow_plugin (const char token, janus_plugin plugin)
	Method to disallow a token to use a plugin.

Detailed Description

Requests authentication.

Author: Lorenzo Miniero loren.nosp@m.zo@m.nosp@m.eetec.nosp@m.ho.c.nosp@m.om

Copyright: GNU General Public License v3

Implementation of simple mechanisms for authenticating requests.

If enabled (it's disabled by default), each request must contain a valid token string, * or otherwise the request is rejected with an error.

When no token_auth_secret is set, Stored-token mode is active. In this mode the Janus admin API can be used to specify valid string tokens. Whether tokens should be shared across users or not is completely up to the controlling application: these tokens are completely opaque to Janus, and treated as strings, which means Janus will only check if the token exists or not when asked.

However, if a secret is set, the Signed-token mode is used. In this mode, no direct communication between the controlling application and Janus is necessary. Instead, the application signs tokens that Janus can verify using the secret key.

Core

Function Documentation

◆ janus_auth_add_token()

gboolean janus_auth_add_token ( const char * token )

Method to add a new valid token for authenticating.

Parameters

[in] token The new valid token

Returns: TRUE if the operation was successful, FALSE otherwise

◆ janus_auth_allow_plugin()

gboolean janus_auth_allow_plugin	(	const char *	token,
		janus_plugin *	plugin
	)

Method to allow a token to use a plugin.

Parameters

[in]	token	The token that can now access this plugin
[in]	plugin	Opaque pointer to the janus_plugin instance this token can access

Returns: TRUE if the operation was successful, FALSE otherwise

◆ janus_auth_check_plugin()

gboolean janus_auth_check_plugin	(	const char *	token,
		janus_plugin *	plugin
	)

Method to check whether a provided token can access a specified plugin.

Note: verifies both token signatures and against stored tokens

Parameters

[in]	token	The token to check
[in]	plugin	The plugin to check as an opaque pointer to a janus_plugin instance

Returns: TRUE if the token is allowed to access the plugin, FALSE otherwise

◆ janus_auth_check_signature()

gboolean janus_auth_check_signature	(	const char *	token,
		const char *	realm
	)

Method to check whether a signed token is valid.

Parameters

[in]	token	The token to validate
[in]	realm	The token realm

Returns: TRUE if the signature is valid and not expired, FALSE otherwise

◆ janus_auth_check_signature_contains()

gboolean janus_auth_check_signature_contains	(	const char *	token,
		const char *	realm,
		const char *	desc
	)

Method to verify a signed token contains a descriptor.

Parameters

[in]	token	The token to validate
[in]	realm	The token realm
[in]	desc	The descriptor to search for

Returns: When the token based authentication is enabled: TRUE if the token is valid, not expired and contains the descriptor, FALSE otherwise. When the token based authentication is disabled: always TRUE.

◆ janus_auth_check_token()

gboolean janus_auth_check_token ( const char * token )

Method to check whether a provided token is valid or not.

Note: verifies both token signatures and against stored tokens

Parameters

[in] token The token to validate

Returns: TRUE if the token is valid, FALSE otherwise

◆ janus_auth_deinit()

void janus_auth_deinit ( void )

Method to de-initialize the mechanism.

◆ janus_auth_disallow_plugin()

gboolean janus_auth_disallow_plugin	(	const char *	token,
		janus_plugin *	plugin
	)

Method to disallow a token to use a plugin.

Parameters

[in]	token	The token this operation refers to
[in]	plugin	Opaque pointer to the janus_plugin instance this token can not access anymore

Returns: TRUE if the operation was successful, FALSE otherwise

◆ janus_auth_init()

void janus_auth_init	(	gboolean	enabled,
		const char *	secret
	)

Method to initializing the token based authentication.

Parameters

[in]	enabled	Whether the authentication mechanism should be enabled or not
[in]	secret	the secret to validate signed tokens against, or NULL to use stored tokens

◆ janus_auth_is_enabled()

gboolean janus_auth_is_enabled ( void )

Method to check whether the mechanism is enabled or not.

◆ janus_auth_is_signed_mode()

gboolean janus_auth_is_signed_mode ( void )

Method to check whether the mechanism is in signed-token mode or not.

◆ janus_auth_is_stored_mode()

gboolean janus_auth_is_stored_mode ( void )

Method to check whether the mechanism is in stored-token mode or not.

◆ janus_auth_list_plugins()

GList * janus_auth_list_plugins ( const char * token )

Method to return a list of the plugins a specific token has access to.

Note: It's the caller responsibility to free the list (but NOT the values)

Parameters

[in] token The token to get the list for

Returns: A pointer to a GList instance containing the liist

◆ janus_auth_list_tokens()

GList * janus_auth_list_tokens ( void )

Method to return a list of the tokens.

Note: It's the caller responsibility to free the list and its values

Returns: A pointer to a GList instance containing the tokens

◆ janus_auth_remove_token()

gboolean janus_auth_remove_token ( const char * token )

Method to invalidate an existing token.

Parameters

[in] token The valid to invalidate

Returns: TRUE if the operation was successful, FALSE otherwise

Functions

Detailed Description

Function Documentation

◆ janus_auth_add_token()

◆ janus_auth_allow_plugin()

◆ janus_auth_check_plugin()

◆ janus_auth_check_signature()

◆ janus_auth_check_signature_contains()

◆ janus_auth_check_token()

◆ janus_auth_deinit()

◆ janus_auth_disallow_plugin()

◆ janus_auth_init()

◆ janus_auth_is_enabled()

◆ janus_auth_is_signed_mode()

◆ janus_auth_is_stored_mode()

◆ janus_auth_list_plugins()

◆ janus_auth_list_tokens()

◆ janus_auth_remove_token()