| View previous topic :: View next topic |
| Author |
Message |
mimosinnet
l33t
Joined: 10 Aug 2006
Posts: 717
Location: Barcelona, Spain
|
 Posted: Sun Mar 06, 2011 6:43 pm Post subject: [SOLVED] ssh tunnel and mysql authentication to stream media |
 |
|
I need users in a drupal site to be able to stream to an icecast server authenticating with a drupal mysql database.
Icecast allows for a source authentication (you can stream if you provide the username and password), or you need to define individual mountpoints in an xml file. In this situation, it looked easier to have an authentication procedure independent of the icecast xml file using ssh and netcat.
Two users have been created:
- streamauth: it authenticates and opens listening port by calling to a script in the server side.
- streaming: it opens tunnel in the client side to send the data.
To call the script, this is included in the /etc/ssh/sshd_config:
| Code: | Match User streamauth
ForceCommand /usr/local/bin/streaming.sh |
/usr/local/bin/streaming.sh is a simple script that authenticates against the mysql database and opens the listening port with netcat:
| Code: | #!/bin/bash
recordar=`cat password`
port="4001"
echo -n "username: "
read usuaria
echo -n "password: "
read contrassenya1
contrassenya1=`echo -n $contrassenya1 | md5sum`
database="generatech_v3"
cerca="select pass from users where name='"$usuaria"'"
contrassenya2=`mysql -u root -p$recordar $database -e "$cerca" -ss -r`
caracters=${#contrassenya2}
if [[ $caracters == "0" ]]
then
exit
fi
contrassenya1=${contrassenya1:0:$caracters}
if [[ $contrassenya1 == $contrassenya2 ]]
then
echo "Authenticated"
echo "Opening port $port for receiving data"
nc6 -v -l -p $port | oggfwd -p localhost 8000 password /$usuaria.ogg
exit
else
echo "Wrong username/password"
exit
fi |
With this configuration, the streamauth authenticates the and starts netcat listening to the poart and sending the data to the icecast server with the source password:
| Code: | | ssh streamauth@mimosin |
After the authentication, it is possible to send the stream through a ssh tunnel:
| Code: | | ssh -f -L 58001:localhost:4001 streaming@mimosin sleep 10; cat delvjcorunha01.ogg | nc localhost 58001 |
Although it is now working, I need to have both terminals open (when I close the one with the streamauth user netcat stops listening to the port).
I was wondering if somebody could suggest some other solution or some improvement.
Thanks a lot!
Last edited by mimosinnet on Mon Mar 07, 2011 11:45 am; edited 1 time in total |
|
| Back to top |
|
 |
mimosinnet
l33t
Joined: 10 Aug 2006
Posts: 717
Location: Barcelona, Spain
|
| Posted: Mon Mar 07, 2011 11:44 am Post subject: |
|
|
After playing with ssh tunnels and netcat, I have discovered that some versions of icecast have stream_auth url authentication:
| Code: | stream_auth
This URL is for determining whether a source or admin request is allowed to proceed. This is only used for source client connections and admin requests which apply to sources. |
This is available in the icecast-kh branches. With the stream_auth option it is possible to use php to authenticate an icecast stream against a mysql database.
Nice play with ssh tunnels and netcat, though  .
Thanks for your reading! |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
