Over the last couple years I have played around with several DLNA servers and other media servers on my own network. I like to eliminate the physical media and make it as simple as possible to listen to my favorite music or watch a video from anywhere in my dwelling. Since I have kids and a wife, I need to make it simple for everyone.
However, based on my research the solutions for protected content have always been very lacking using straight DLNA. The only solution I've seen to date using DLNA is setting up Access Groups based on the device playing the media. However, this solution is very lacking in that their is no way to know who is actually using that device. The only other choice I have seen is to not use DLNA, but instead use a custom front and back end to protect the content. This isn't a horrible option if the front end is available for ALL your devices.
Up until now; neither option was a good fit for me. So, about a month ago I figured out TWO ways to attack this problem. The first option I really liked the best; but unfortunately after doing some research and playing with a couple DLNA clients -- I discovered not all DLNA players support searching. So, my first idea of using the search system to allow input of password was nixed. I needed whatever I was going to do to be fully universal and several of my devices just didn't support searching.
So my second "ingenious" idea became the actual final working implementation. Basically, I add a new "virtual folder" (a DLNA Container Object) to the top level folders called "Password". The rest of the folders remain the same. In the Password folders; I put in 10 folders; labeled 0 through 9. In those folders are another 10 folders (again 0 through 9), until you have the number of digits you need. So if you had a password of 1234, you would navigate to "Password", "1", "2", "3", "4" and then either use the "Back" or "Top" button to return to the top level. The DLNA server, saw that you hit a 4 digits, and so it then saves this as a entered password. Now any content that is marked with that password now actually shows up in the list of available media. Pretty simple and a very ingenious method to allow password entries! Their is no reason that I couldn't do 0-9 and a-z; other than it makes navigation a lot larger when you are having to scroll through 36 (or more) different options rather than a simple 10 items.
I have release my modified source code to minidlna on my own github.com account http://github.com/nathanaela/minidlna -- I will be sending a patch to the author Justin; but their are no guarantees that these changes will be accepted in the mainline as I do have a couple potential issues outlined below.
A couple notes:
You can enter as many passwords as you want; each time you enter a new password it remembers it for your entire session. This way you can actually have multiple passwords for different content. Entering all Zeros for a password will clear all passwords you have entered during that session. When a DLNA client disconnects from the server; the server will also forget any passwords that the client has entered for that session. Each client has its own list of passwords; so entering the password on Device 1; does not make the content show up on any other devices.
2. New minidlna.conf configuration option:
- password_length = 1-10 (defaults to 4); this allows you to set how long you want your passwords to be.
3. New file for password configuration
You need to create a .password file in any directories you want protected. This directory and ALL sub-directories under it will be protected then. This is a simple text file. At this point it is NOT encrypted or hashed. It is raw text; so "technically" this is not very secure. However if I already have access to the folder to read your .password file; then I can already read the media in the folder -- so you already have a insecure setup. I would recommend you change the permissions on this file to only allow the minidlna server to read it for better security. Again, the only content in the .password file is the password you want to use. (ex: echo 1111>.password would create a .password file with 1111 as the password for accessing this folder and all sub-folders). You can also add another .password file to a sub-folder of a already password protected folder and then that sub-folder (and any of its sub-folders) would use the new password.
1. Changing a password in a .password currently requires you to rebuild the database; as minidlna has to do a full scan to pick up the new password.
2. If you attempt to use a password (of a different length ie. like 123 or 12345) and have the password length set to 4; you won't be able to enter either of those as the required length is 4.
Thanks to Justin Maggard for all his hard work on minidlna, without it I wouldn't have had a base to implement the password code.