Over the last couple years I have played around with several DLNA servers and other media servers on my own network. I like to eliminate the physical media and make it as simple as possible to listen to my favorite music or watch a video from anywhere in my dwelling. Since I have kids and a wife, I need to make it simple for everyone.
However, based on my research the solutions for protected content have always been very lacking using straight DLNA. The only solution I've seen to date using DLNA is setting up Access Groups based on the device playing the media. However, this solution is very lacking in that their is no way to know who is actually using that device. The only other choice I have seen is to not use DLNA, but instead use a custom front and back end to protect the content. This isn't a horrible option if the front end is available for ALL your devices.
Up until now; neither option was a good fit for me. So, about a month ago I figured out TWO ways to attack this problem. The first option I really liked the best; but unfortunately after doing some research and playing with a couple DLNA clients -- I discovered not all DLNA players support searching. So, my first idea of using the search system to allow input of password was nixed. I needed whatever I was going to do to be fully universal and several of my devices just didn't support searching.
So my second "ingenious" idea became the actual final working implementation. Basically, I add a new "virtual folder" (a DLNA Container Object) to the top level folders called "Password". The rest of the folders remain the same. In the Password folders; I put in 10 folders; labeled 0 through 9. In those folders are another 10 folders (again 0 through 9), until you have the number of digits you need. So if you had a password of 1234, you would navigate to "Password", "1", "2", "3", "4" and then either use the "Back" or "Top" button to return to the top level. The DLNA server, saw that you hit a 4 digits, and so it then saves this as a entered password. Now any content that is marked with that password now actually shows up in the list of available media. Pretty simple and a very ingenious method to allow password entries! Their is no reason that I couldn't do 0-9 and a-z; other than it makes navigation a lot larger when you are having to scroll through 36 (or more) different options rather than a simple 10 items.
I have release my modified source code to minidlna on my own github.com account http://github.com/nathanaela/minidlna -- I will be sending a patch to the author Justin; but their are no guarantees that these changes will be accepted in the mainline as I do have a couple potential issues outlined below.
A couple notes:
You can enter as many passwords as you want; each time you enter a new password it remembers it for your entire session. This way you can actually have multiple passwords for different content. Entering all Zeros for a password will clear all passwords you have entered during that session. When a DLNA client disconnects from the server; the server will also forget any passwords that the client has entered for that session. Each client has its own list of passwords; so entering the password on Device 1; does not make the content show up on any other devices.
2. New minidlna.conf configuration option:
- password_length = 1-10 (defaults to 4); this allows you to set how long you want your passwords to be.
3. New file for password configuration
You need to create a .password file in any directories you want protected. This directory and ALL sub-directories under it will be protected then. This is a simple text file. At this point it is NOT encrypted or hashed. It is raw text; so "technically" this is not very secure. However if I already have access to the folder to read your .password file; then I can already read the media in the folder -- so you already have a insecure setup. I would recommend you change the permissions on this file to only allow the minidlna server to read it for better security. Again, the only content in the .password file is the password you want to use. (ex: echo 1111>.password would create a .password file with 1111 as the password for accessing this folder and all sub-folders). You can also add another .password file to a sub-folder of a already password protected folder and then that sub-folder (and any of its sub-folders) would use the new password.
Gotchas:
1. Changing a password in a .password currently requires you to rebuild the database; as minidlna has to do a full scan to pick up the new password.
2. If you attempt to use a password (of a different length ie. like 123 or 12345) and have the password length set to 4; you won't be able to enter either of those as the required length is 4.
Thanks to Justin Maggard for all his hard work on minidlna, without it I wouldn't have had a base to implement the password code.
Was there ever any traction in getting this implemented in the main minidlna code? I'm going to try and patch this work into the 1.1.2 version of minidlna shipping with Debian Jessie tonight but thought I'd check and see if it ever got integrated downstream somewhere.
I submitted the patches; but to my knowledge it never was accepted. If you create later version of this patch I would love to see it. I just haven't had time to maintain it.
Great work, thanks! now my GF can hide her porn folder
This is really a great solution, best I have seen so far. I don't understand why this is not going into the main stream. The problem all families have is to control access to the content allowed for minors (kids).
Not sure why I couldn't get it added to mainstream; I need to update it to the latest version (which is on my todo list). I wish I had more time, I really think I could add a lot of features to this project to make it really shine even better. 😉
Hi Nathan
Thank you, I found this really useful for my family.
One caveat: Had to enter the password without the line ending, i.e. supply the -n argument to echo:
echo -n 1234 > /some/folder/.password
Without that the log would say:
Password has a non-digit character, replacing with a 0
Would be really great if you could get this upstream 🙂
Mentioned the wrong log message - it was this instead:
scanner.c:747: warn: Password size 5 does not match configuration password_length of 4
This should now be fixed in the brand new 1.2.1P version. I finally updated it from 1.1.6 to 1.2.1 and fixed several annoyances. 🙂
I have actually tried to get it upstream. No comments, and it never went anywhere... Ah well, it works really well for my use (and gladly for others). That is really good to know about the "echo -n"; I'll have to see if I can add some code to ignore the cr/lf characters in the future so that it isn't required...
I have actually tried to get it upstream. No comments, and it never went anywhere... Ah well, it works really well for my use (and gladly for others). I added some code to the my new v1.2.1P version (released today) that fixes this issue. (And several other annoyances I had with it)...