onetime or session password for streaming with authentication

[anudanan]

I´ve tested some things around streaming with authentication and I´ve seen OWIF generates onetime or session passwords for that. In the created m3u8 file it is included with the user -sid: That works with streaming over OWIF directly but not with streamproxy or similar trancoding processes. Today the streamproxy only check the user with /etc/passwd. It doesn´t also work with the port 8001 from enigma if enigma has streaming with auth set to true.

I think the idea behind this streaming auth is nice because then there is no need to use normal users from /etc/pass for that and the passwd is only a short time valid. It would be nice from my point of view if also streamproxy can use those random password from OWIF. An idea may be to write these valid random passwords to a /tmp/openwebifpasswd file to streamproxy can use that vor validation. Do you think that is a good idea or do you have other ideas to give streamproxy the chance to validate those password?

How is the ides behing those user/pw if streaming goes to the enigma 8001 port for direct streaming without transcoding?

[jbleyel]

Please note!!! The streamproxy from erik is not available on all distros. You should think about that. I don't like such single solutions for specific distros or box models.

[anudanan]

yes I know, But today the -sid:pw doesn´t work with streamproxy and I think also with other proxies and also not with the solutions which can handle transcode over port 8001 from enigma. I assume direct streaming over 8001 from a live channel doesn´t also work with -sid:pw

Or I´m wrong?

From my point of view there are two options;

• no -sid:pw if streaming goes to transcoding oder enigma port
• a methode for external processes to validate the -sid:pw, but which one is a useful interface for that

It may be a possibility to arrange that with /etc/passwd file. There you can leave this user/password. But is it a good idea to manipulate /etc/passwd?

Today it is a problem. It works from my point of view only if OWIF servs the streaming

The dreamdroid APP for example filters the -sid:pw out and use its own credential and that is the reason for working successfully.

[Schimmelreiter]

Please don't confuse streamproxy and transtreamproxy with Erik's streamproxy. streamproxy is an inetd service listening on port 8001 and handling non-transcoded streaming. transtreamproxy is also an inetd service, but listening on port 8002 and handling transcoded streaming on Vu+ and Gigablue boxes.

The original streamproxy (Working on any E2 box) and transtreamproxy (On Vu+ and Gigablue) auth through the Webif (No matter if it's the old Dream webif or OWIF) and both work with those transient logins.

OpenPLi has removed streamproxy from their distro and has built non-transcoded streaming on port 8001 into E2 itself, but without keeping compatibility with Webif or OWIF auth. All other open distros have merged these changes, but all OE-A distros also still have streamproxy on their feed in order to fix the auth problem.

Some boxes (Non-Vu+ and non-Gigablue) however use port 8001 for non-transcoded and transcoded streaming, using URL parameters. On such boxes, the original streamproxy would still fix the auth problem, but break the transcoding option (because streamproxy ignores the parameters) in trade. On such boxes, you have to chose: Support auth by installing streamproxy or support transcoding by leaving it away.

Now what Erik's streamproxy does is: It resembles the capability to stream transcoded and non-transcoded on one port only by using URL parameters, although as far as I remember it defaults to work on both ports, 8001 and 8002, for compatibility reasons, however it also breaks auth.

Sadly PLi refuses any cooperation on the auth issue.

[anudanan]

thx for explanations

what is the way for external processes to use the transient logins through OWIF? Hopefully openpli can use that is they want

[Schimmelreiter]

They don't want to, so needless to explain. If they would, they would also know how.

If there was some C/C++ coder willing to do this however ...