Fork me on GitHub
Functions
auth.c File Reference

Requests authentication. More...

#include <string.h>
#include <openssl/hmac.h>
#include "auth.h"
#include "debug.h"
#include "mutex.h"
#include "utils.h"
Include dependency graph for auth.c:

Functions

void janus_auth_init (gboolean enabled, const char *secret)
 Method to initializing the token based authentication. More...
 
gboolean janus_auth_is_enabled (void)
 Method to check whether the mechanism is enabled or not. More...
 
gboolean janus_auth_is_stored_mode (void)
 Method to check whether the mechanism is in stored-token mode or not. More...
 
void janus_auth_deinit (void)
 Method to de-initialize the mechanism. More...
 
gboolean janus_auth_check_signature (const char *token, const char *realm)
 Method to check whether a signed token is valid. More...
 
gboolean janus_auth_check_signature_contains (const char *token, const char *realm, const char *desc)
 Method to verify a signed token contains a descriptor. More...
 
gboolean janus_auth_add_token (const char *token)
 Method to add a new valid token for authenticating. More...
 
gboolean janus_auth_check_token (const char *token)
 Method to check whether a provided token is valid or not. More...
 
GList * janus_auth_list_tokens (void)
 Method to return a list of the tokens. More...
 
gboolean janus_auth_remove_token (const char *token)
 Method to invalidate an existing token. More...
 
gboolean janus_auth_allow_plugin (const char *token, janus_plugin *plugin)
 Method to allow a token to use a plugin. More...
 
gboolean janus_auth_check_plugin (const char *token, janus_plugin *plugin)
 Method to check whether a provided token can access a specified plugin. More...
 
GList * janus_auth_list_plugins (const char *token)
 Method to return a list of the plugins a specific token has access to. More...
 
gboolean janus_auth_disallow_plugin (const char *token, janus_plugin *plugin)
 Method to disallow a token to use a plugin. More...
 

Detailed Description

Requests authentication.

Author
Lorenzo Miniero loren.nosp@m.zo@m.nosp@m.eetec.nosp@m.ho.c.nosp@m.om

If enabled (it's disabled by default), each request must contain a valid token string, * or otherwise the request is rejected with an error.

When no token_auth_secret is set, Stored-token mode is active. In this mode the Janus admin API can be used to specify valid string tokens. Whether tokens should be shared across users or not is completely up to the controlling application: these tokens are completely opaque to Janus, and treated as strings, which means Janus will only check if the token exists or not when asked.

However, if a secret is set, the Signed-token mode is used. In this mode, no direct communication between the controlling application and Janus is necessary. Instead, the application signs tokens that Janus can verify using the secret key.

Core

Function Documentation

◆ janus_auth_add_token()

gboolean janus_auth_add_token ( const char *  token)

Method to add a new valid token for authenticating.

Parameters
[in]tokenThe new valid token
Returns
TRUE if the operation was successful, FALSE otherwise

◆ janus_auth_allow_plugin()

gboolean janus_auth_allow_plugin ( const char *  token,
janus_plugin plugin 
)

Method to allow a token to use a plugin.

Parameters
[in]tokenThe token that can now access this plugin
[in]pluginOpaque pointer to the janus_plugin instance this token can access
Returns
TRUE if the operation was successful, FALSE otherwise

◆ janus_auth_check_plugin()

gboolean janus_auth_check_plugin ( const char *  token,
janus_plugin plugin 
)

Method to check whether a provided token can access a specified plugin.

Note
verifies both token signatures and against stored tokens
Parameters
[in]tokenThe token to check
[in]pluginThe plugin to check as an opaque pointer to a janus_plugin instance
Returns
TRUE if the token is allowed to access the plugin, FALSE otherwise

◆ janus_auth_check_signature()

gboolean janus_auth_check_signature ( const char *  token,
const char *  realm 
)

Method to check whether a signed token is valid.

Parameters
[in]tokenThe token to validate
[in]realmThe token realm
Returns
TRUE if the signature is valid and not expired, FALSE otherwise

◆ janus_auth_check_signature_contains()

gboolean janus_auth_check_signature_contains ( const char *  token,
const char *  realm,
const char *  desc 
)

Method to verify a signed token contains a descriptor.

Parameters
[in]tokenThe token to validate
[in]realmThe token realm
[in]descThe descriptor to search for
Returns
TRUE if the token is valid, not expired and contains the descriptor, FALSE otherwise

◆ janus_auth_check_token()

gboolean janus_auth_check_token ( const char *  token)

Method to check whether a provided token is valid or not.

Note
verifies both token signatures and against stored tokens
Parameters
[in]tokenThe token to validate
Returns
TRUE if the token is valid, FALSE otherwise

◆ janus_auth_deinit()

void janus_auth_deinit ( void  )

Method to de-initialize the mechanism.

◆ janus_auth_disallow_plugin()

gboolean janus_auth_disallow_plugin ( const char *  token,
janus_plugin plugin 
)

Method to disallow a token to use a plugin.

Parameters
[in]tokenThe token this operation refers to
[in]pluginOpaque pointer to the janus_plugin instance this token can not access anymore
Returns
TRUE if the operation was successful, FALSE otherwise

◆ janus_auth_init()

void janus_auth_init ( gboolean  enabled,
const char *  secret 
)

Method to initializing the token based authentication.

Parameters
[in]enabledWhether the authentication mechanism should be enabled or not
[in]secretthe secret to validate signed tokens against, or NULL to use stored tokens

◆ janus_auth_is_enabled()

gboolean janus_auth_is_enabled ( void  )

Method to check whether the mechanism is enabled or not.

◆ janus_auth_is_stored_mode()

gboolean janus_auth_is_stored_mode ( void  )

Method to check whether the mechanism is in stored-token mode or not.

◆ janus_auth_list_plugins()

GList* janus_auth_list_plugins ( const char *  token)

Method to return a list of the plugins a specific token has access to.

Note
It's the caller responsibility to free the list (but NOT the values)
Parameters
[in]tokenThe token to get the list for
Returns
A pointer to a GList instance containing the liist

◆ janus_auth_list_tokens()

GList* janus_auth_list_tokens ( void  )

Method to return a list of the tokens.

Note
It's the caller responsibility to free the list and its values
Returns
A pointer to a GList instance containing the tokens

◆ janus_auth_remove_token()

gboolean janus_auth_remove_token ( const char *  token)

Method to invalidate an existing token.

Parameters
[in]tokenThe valid to invalidate
Returns
TRUE if the operation was successful, FALSE otherwise