srs icon indicating copy to clipboard operation
srs copied to clipboard

Published 20 hours ago verified publisher icon ossrs

SRT: Support SRTO_PASSPHRASE without streamid.

Open winlinvip opened this issue 3 years ago • 1 comments

有些SRT的设备,不支持streamid,但是有密码选项。

具体参考:Access Control

int SrtTestListenCallback(void* opaq, SRTSOCKET ns, int hsversion,
    const struct sockaddr* peeraddr, const char* streamid)
{
    using namespace std;

    // opaq is used to pass some further chained callbacks

    // To reject a connection attempt, return -1.

    static const map<string, string> passwd {
        {"admin", "thelocalmanager"},
        {"user", "verylongpassword"}
    };

    // Try the "standard interpretation" with username at key u
    string username;

    static const char stdhdr [] = "#!::";
    uint32_t* pattern = (uint32_t*)stdhdr;
    bool found = -1;

    // Extract a username from the StreamID:
    if (strlen(streamid) > 4 && *(uint32_t*)streamid == *pattern)
    {
        vector<string> items;
        Split(streamid+4, ',', back_inserter(items));
        for (auto& i: items)
        {
            vector<string> kv;
            Split(i, '=', back_inserter(kv));
            if (kv.size() == 2 && kv[0] == "u")
            {
                username = kv[1];
                found = true;
            }
        }

        if (!found)
        {
            cerr << "TEST: USER NOT FOUND, returning false.\n";
            return -1;
        }
    }
    else
    {
        // By default the whole streamid is username
        username = streamid;
    }

    // When the username of the client is known, the passphrase can be set
    // on the socket being accepted (SRTSOCKET ns).
    // The remaining part of the SRT handshaking process will check the
    // passphrase of the client and accept or reject the connection.

    // When not found, it will throw an exception
    cerr << "TEST: Accessing user '" << username << "', might throw if not found\n";
    string exp_pw = passwd.at(username);

    cerr << "TEST: Setting password '" << exp_pw << "' as per user '" << username << "'\n";
    srt_setsockflag(ns, SRTO_PASSPHRASE, exp_pw.c_str(), exp_pw.size());
    return 0;
}

winlinvip avatar Mar 19 '22 13:03 winlinvip

OBS supports passphrase, URL examples: srt://IP:port?mode=caller&port=17001&latency=2000000&passphrase=vrslcopmdacrpxdq&pbkeylen=16&inputbw=0&oheadbw=10&maxbw=0

  • The port parameter should be set to the Listener port (= the same port as the first part of the URL)

  • The latency parameter is best set to (2000000 = 2 seconds)

  • passphrase and pbkeylen should be configured according to the server.

  • https://github.com/Haivision/srt/blob/master/docs/API/API-socket-options.md#srto_pbkeylen Possible values: 0 =PBKEYLEN (default value) 16 = AES-128 (effective value) 24 = AES-192 32 = AES-256

  • The inputbw=0&oheadbw=10&maxbw=0 parameters are set to limit the overhead bandwidth. If these are not set, SRT's built-in error correction mechanism may cause the bitrate to suddenly peak, which could increase transmission errors (depending on your available upstream bandwidth).

TRANS_BY_GPT3

zglloo avatar Mar 19 '22 13:03 zglloo

Fixed in SRS 5.0

winlinvip avatar Mar 15 '23 09:03 winlinvip