Commit 1aa657f1 authored by Karl Heyes's avatar Karl Heyes

changes applied from feedback. make option names and action settings more

consistent.  Add changes to docs for listener auth via url

svn path=/icecast/trunk/icecast/; revision=9768
parent 3b899944
......@@ -108,6 +108,17 @@
<on-connect>/home/icecast/bin/stream-start</on-connect>
<on-disconnect>/home/icecast/bin/stream-stop</on-disconnect>
</mount>
<mount>
<mount-name>/auth_example.ogg</mount-name>
<authentication type="url">
<option name="mount_add" value="http://myauthserver.net/notify_mount.php"/>
<option name="mount_remove" value="http://myauthserver.net/notify_mount.php"/>
<option name="listener_add" value="http://myauthserver.net/notify_listener.php"/>
<option name="listener_remove" value="http://myauthserver.net/notify_listener.php"/>
</authentication>
</mount>
-->
<fileserve>1</fileserve>
......
......@@ -100,7 +100,6 @@ XIPH_PATH_SPEEX(
[ AC_MSG_WARN([Speex support disabled!])
])
ACX_PTHREAD(, AC_MSG_ERROR([POSIX threads missing]))
XIPH_VAR_APPEND([XIPH_CFLAGS],[$PTHREAD_CFLAGS])
XIPH_VAR_APPEND([XIPH_CPPFLAGS],[$PTHREAD_CPPFLAGS])
......@@ -113,7 +112,7 @@ XIPH_PATH_CURL([
enable_curl="yes"
XIPH_VAR_APPEND([XIPH_CPPFLAGS],[$CURL_CFLAGS])
XIPH_VAR_PREPEND([XIPH_LIBS],[$CURL_LIBS])
], [ AC_MSG_NOTICE([Your curl dev files are too old (7.10 or above required), YP disabled])
], [ AC_MSG_NOTICE([Your curl dev files are too old (7.10 or above required)])
], [#include <curl/curl.h>
])
],[ AC_MSG_NOTICE([libcurl not found])
......
......@@ -13,17 +13,30 @@
<br />
<br />
<h2>Listener Authentication</h2>
<p>Listener authentication is a feature of icecast which allows you to secure certain mountpoint so that in order to listen, a listener must provide a username and password. With this feature a simple pay-for-play operation can be setup. This section will show you the basics of setting up and maintaining this component.</p>
<br />
<p>Listener authentication is a feature of icecast which allows you to secure a certain
mountpoint such that in order to listen, a listener must pass some verification test. With
this feature, a simple pay-for-play operation (eg user/pass), or some filtering based on the
listener connection can be performed. This section will show you the basics of setting up
and maintaining this component.</p>
<p>To define listener authentication, a group of tags are specified in the &lt;mount&gt;
group relating to the mountpoint. This means that authentication can apply to listeners of
source clients or relays.</p>
<br />
<p>The following authentication mechanisms can apply to listeners</p>
<ul>
<li>HTPASSWD - lookup a named file for a matching username and password</li>
<li>URL - issue web requests (eg PHP) to match authentication</li>
</ul>
<p>The listener authentication within a specified mount in the icecast XML configuration
can apply to either to a stream from a source client, relay or a webroot based file. They
do apply to intro files or fallback streams.
</p>
<br />
<h2>HTPASSWD Listener Authentication</h2>
<h3>Config File Entries</h3>
<p>In order to use listener authentication, you MUST configure a mount specific option. This means that you have to provide a &lt;mount&gt; section in the main icecast config file. The following is an example :</p>
<pre>
&lt;mount&gt;
&lt;mount-name&gt;/example-complex.ogg&lt;/mount-name&gt;
&lt;mount-name&gt;/example.ogg&lt;/mount-name&gt;
&lt;authentication type="htpasswd"&gt;
&lt;option name="filename" value="myauth"/&gt;
&lt;option name="allow_duplicate_users" value="0"/&gt;
......@@ -35,7 +48,6 @@
<p>Icecast supports a mixture of streams that require listener authentication and those that do not. Only mounts that are named in the config file can be configured for listener authentication.</p>
<br />
<br />
<br />
<h3>Configuring Users and Passwords</h3>
<p>Once the appropriate entries are made to the config file, connect your source client (using the mountpoint you named in the config file). To configure users and passwords for this stream you must use the web-based admin interface. Navigate to http://server:ip/admin/stats.xsl to begin. If you have configured everything properly, you should see a screen like the following :</p>
<img src="listener_auth1.jpg" alt="Screenshot of http://server:ip/admin/stats.xsl" />
......@@ -52,9 +64,99 @@
<p>This page will serve a m3u with the username and password and in most cases should open the correct media player and begin playing your stream</p>
<br />
<br />
<h2>URL</h2>
<p>Authenticating listeners via the URL method involves icecast, when a listener connects,
issuing requests to a web server and checking the response headers. If a certain header is
sent back then the listener connecting is allowed to continue, if not, an error is sent back
to the listener.</p>
<p>The URLs specified will invoke some web server scripts like PHP to do any work that they
may choose to do. All that is required of the scripting language is that POST information can
be handled and response headers can be sent back. libcurl is used for the requesting so
https connections may be possible, but be aware of the extra overhead involved.</p>
<p>The useragent sent in each curl request will represent the icecast server version. The
response headers will depend on whether the listener is to be accepted. In the case of
rejection, a response header <pre>icecast-auth-message: reason </pre> should also be returned
for placing in the log files.
</p>
<p>In order to use URL based listener authentication, you MUST configure a mount specific
option. This means that you have to provide a &lt;mount&gt; section in the main icecast
config file. The following shows the list of options available :</p>
<pre>
&lt;mount&gt;
&lt;mount-name&gt;/example.ogg&lt;/mount-name&gt;
&lt;authentication type="url"&gt;
&lt;option name="mount_add" value="http://myauthserver.com/stream_start.php"/&gt;
&lt;option name="mount_remove" value="http://myauthserver.com/stream_end.php"/&gt;
&lt;option name="listener_add" value="http://myauthserver.com/listener_joined.php"/&gt;
&lt;option name="listener_remove" value="http://myauthserver.com/listener_left.php"/&gt;
&lt;option name="username" value="user"/&gt;
&lt;option name="password" value="pass"/&gt;
&lt;option name="auth_header" value="icecast-auth-user: 1"/&gt;
&lt;option name="timelimit_header" value="icecast-auth-timelimit:"/&gt;
&lt;/authentication&gt;
&lt;/mount&gt;
</pre>
<p>The options are described below in more detail, each of which is optional, but in each
case, within the POST data, the value for each setting is encoded.</p>
<h3>mount_add</h3>
<p>This URL is for informing the auth server of a stream starting. No listener information
is passed for this, but can be used to initialise any details the auth server may have.
</p>
<p>POST details are</p>
<pre>
action=mount_add&amp;mount=/live&amp;server=myserver.com&amp;port=8000
</pre>
<p>Here the details indicate the server name (&lt;hostname&gt;) and mountpoint starting up</p>
<h3>mount_remove</h3>
<p>This URL is for informing the auth server of a stream finishing, like the start option, no
listener details are passed.</p>
<p>POST details are</p>
<pre>
action=mount_remove&amp;mount=/live&amp;server=myserver.com&amp;port=8000
</pre>
<p>like the start option, server name and mountpoint are provided</p>
</p>
<h3>listener_add</h3>
<p>This is most likely to be used if anything. When a listener connects, before anything is
sent back to them, this request is processed. The default action is to reject a listener
unless the auth server sends back a response header which may be stated in the 'header' option
</p>
<p>POST details are</p>
<pre>
action=listener_add&amp;server=myserver.com&amp;port=8000&amp;client=1&amp;mount=/live&amp;user=&amp;pass=&amp;ip=127.0.0.1&amp;agent="My%20player"
</pre>
<p>There are more details with this, client is the unique ID for the client within icecast,
user and pass may be blank but come from the HTTP basic auth that the listener states, ip
is the listeners IP address and agent is the Useragent from the listeners player.</p>
<p>The mount here (unlike the start/end options) states the requested url including any
query parameters, so for instance the requested URL can be /stream.ogg&amp;session=xyz, but
note that each option data is escaped before being passed via POST
</p>
<h3>listener_remove</h3>
<p>This URL is for when a listener connection closes.</p>
<p>POST details are</p>
<pre>
action=listener_remove&amp;server=myserver.com&amp;port=8000&amp;client=1&amp;mount=/live&amp;user=&amp;pass=&amp;duration=3600
</pre>
<p>Again this is similar to the add option, the difference being that a duration is passed
reflecting the number of seconds the listener was connected for </p>
<h3>auth_header</h3>
<p>The expected response header to be returned that allows the authencation to take
place may be specified here. The default is
<pre>icecast-auth-user: 1</pre>
but it could can anything you like, for instance
<pre>HTTP 200 OK</pre>
<h3>timelimit_header</h3>
<p>Listeners could have a time limit imposed on them, and if this header is sent back with a
figure (which represents seconds) then that is how long the client will remain connected for.
</p>
<br />
<h2>A note about players and authentication</h2>
<p>We do not have an exaustive list of players that support listener authentication. We use standard HTTP basic authentication, and in general, many media players support this if they support anything at all. Winamp and Foobar2000 support HTTP basic authentication on windows, and XMMS supports it on unix platforms.</p>
<p>We do not have an exaustive list of players that support listener authentication. We use
standard HTTP basic authentication, and in general, many media players support this if they
support anything at all. Winamp and Foobar2000 support HTTP basic authentication on windows,
and XMMS supports it on unix platforms. Winamp/XMMS as least support the passing of query
parameters, other players may also do</p>
</div>
</body>
</html>
......@@ -17,7 +17,7 @@
* be handled. The request will have POST information about the request in
* the form of
*
* action=auth&client=1&server=host&port=8000&mount=/live&user=fred&pass=mypass&ip=127.0.0.1&agent=""
* action=listener_add&client=1&server=host&port=8000&mount=/live&user=fred&pass=mypass&ip=127.0.0.1&agent=""
*
* For a user to be accecpted the following HTTP header needs
* to be returned (the actual string can be specified in the xml file)
......@@ -33,7 +33,7 @@
* On client disconnection another request can be sent to a URL with the POST
* information of
*
* action=remove&server=host&port=8000&client=1&mount=/live&user=fred&pass=mypass&duration=3600
* action=listener_remove&server=host&port=8000&client=1&mount=/live&user=fred&pass=mypass&duration=3600
*
* client refers to the icecast client identification number. mount refers
* to the mountpoint (beginning with / and may contain query parameters eg ?&
......@@ -44,8 +44,8 @@
* info stored at the auth server. Useful for abnormal outage/termination
* cases.
*
* action=start&mount=/live&server=myserver.com&port=8000
* action=end&mount=/live&server=myserver.com&port=8000
* action=mount_add&mount=/live&server=myserver.com&port=8000
* action=mount_remove&mount=/live&server=myserver.com&port=8000
*/
#ifdef HAVE_CONFIG_H
......@@ -183,7 +183,7 @@ static auth_result url_remove_client (auth_client *auth_user)
mount = util_url_escape (mount);
snprintf (post, sizeof (post),
"action=remove&server=%s&port=%d&client=%lu&mount=%s"
"action=listener_remove&server=%s&port=%d&client=%lu&mount=%s"
"&user=%s&pass=%s&duration=%lu",
server, port, client->con->id, mount, username,
password, (long unsigned)duration);
......@@ -242,7 +242,7 @@ static auth_result url_add_client (auth_client *auth_user)
ipaddr = util_url_escape (client->con->ip);
snprintf (post, sizeof (post),
"action=auth&server=%s&port=%d&client=%lu&mount=%s"
"action=listener_add&server=%s&port=%d&client=%lu&mount=%s"
"&user=%s&pass=%s&ip=%s&agent=%s",
server, port, client->con->id, mount, username,
password, ipaddr, user_agent);
......@@ -302,7 +302,7 @@ static void url_stream_start (auth_client *auth_user)
mount = util_url_escape (auth_user->mount);
snprintf (post, sizeof (post),
"action=start&mount=%s&server=%s&port=%d", mount, server, port);
"action=mount_add&mount=%s&server=%s&port=%d", mount, server, port);
free (server);
free (mount);
......@@ -345,7 +345,7 @@ static void url_stream_end (auth_client *auth_user)
mount = util_url_escape (auth_user->mount);
snprintf (post, sizeof (post),
"action=end&mount=%s&server=%s&port=%d", mount, server, port);
"action=mount_remove&mount=%s&server=%s&port=%d", mount, server, port);
free (server);
free (mount);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment