diff options
author | Benny Prijono <bennylp@teluu.com> | 2007-03-03 19:35:34 +0000 |
---|---|---|
committer | Benny Prijono <bennylp@teluu.com> | 2007-03-03 19:35:34 +0000 |
commit | 22cd9e119ff9917e83012e5d90a19d4aee27f5d7 (patch) | |
tree | 182ca12da2401174df4f7be50810481d24a96140 /pjlib-util | |
parent | fd91e3e6c398d5965e85a38bdf197af70ad86f75 (diff) |
Fixed STUN client/server authentication
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@1038 74dad513-b988-da41-8d7b-12977e46ad98
Diffstat (limited to 'pjlib-util')
-rw-r--r-- | pjlib-util/src/pjlib-util/stun_msg.c | 28 | ||||
-rw-r--r-- | pjlib-util/src/pjlib-util/stun_msg_dump.c | 40 | ||||
-rw-r--r-- | pjlib-util/src/pjlib-util/stun_session.c | 6 |
3 files changed, 71 insertions, 3 deletions
diff --git a/pjlib-util/src/pjlib-util/stun_msg.c b/pjlib-util/src/pjlib-util/stun_msg.c index 7c623ad4..e5accd82 100644 --- a/pjlib-util/src/pjlib-util/stun_msg.c +++ b/pjlib-util/src/pjlib-util/stun_msg.c @@ -1841,6 +1841,32 @@ void pj_stun_calc_md5_key(pj_uint8_t digest[16], /* +static char *print_binary(const pj_uint8_t *data, unsigned data_len) +{ + static char static_buffer[1024]; + char *buffer = static_buffer; + unsigned length=sizeof(static_buffer), i; + + if (length < data_len * 2 + 8) + return ""; + + pj_ansi_sprintf(buffer, ", data="); + buffer += 7; + + for (i=0; i<data_len; ++i) { + pj_ansi_sprintf(buffer, "%02x", (*data) & 0xFF); + buffer += 2; + data++; + } + + pj_ansi_sprintf(buffer, "\n"); + buffer++; + + return static_buffer; +} +*/ + +/* * Print the message structure to a buffer. */ PJ_DEF(pj_status_t) pj_stun_msg_encode(pj_stun_msg *msg, @@ -2001,7 +2027,7 @@ PJ_DEF(pj_status_t) pj_stun_msg_encode(pj_stun_msg *msg, } /* Calculate HMAC-SHA1 digest */ - pj_hmac_sha1((pj_uint8_t*)buf, buf-start, + pj_hmac_sha1((pj_uint8_t*)start, buf-start, (pj_uint8_t*)key.ptr, key.slen, amsgint->hmac); diff --git a/pjlib-util/src/pjlib-util/stun_msg_dump.c b/pjlib-util/src/pjlib-util/stun_msg_dump.c index 1c9ccc2e..28e7a02c 100644 --- a/pjlib-util/src/pjlib-util/stun_msg_dump.c +++ b/pjlib-util/src/pjlib-util/stun_msg_dump.c @@ -26,6 +26,29 @@ goto on_return; \ p += len +static int print_binary(char *buffer, unsigned length, + const pj_uint8_t *data, unsigned data_len) +{ + unsigned i; + + if (length < data_len * 2 + 8) + return -1; + + pj_ansi_sprintf(buffer, ", data="); + buffer += 7; + + for (i=0; i<data_len; ++i) { + pj_ansi_sprintf(buffer, "%02x", (*data) & 0xFF); + buffer += 2; + data++; + } + + pj_ansi_sprintf(buffer, "\n"); + buffer++; + + return data_len * 2 + 8; +} + static int print_attr(char *buffer, unsigned length, const pj_stun_attr_hdr *ahdr) { @@ -144,7 +167,24 @@ static int print_attr(char *buffer, unsigned length, break; case PJ_STUN_ATTR_MESSAGE_INTEGRITY: + { + const pj_stun_msgint_attr *attr; + + attr = (const pj_stun_msgint_attr*) ahdr; + len = print_binary(p, end-p, attr->hmac, 20); + APPLY(); + } + break; + case PJ_STUN_ATTR_DATA: + { + const pj_stun_binary_attr *attr; + + attr = (const pj_stun_binary_attr*) ahdr; + len = print_binary(p, end-p, attr->data, attr->length); + APPLY(); + } + break; case PJ_STUN_ATTR_USE_CANDIDATE: default: len = pj_ansi_snprintf(p, end-p, "\n"); diff --git a/pjlib-util/src/pjlib-util/stun_session.c b/pjlib-util/src/pjlib-util/stun_session.c index 7ec9d333..ce30c0bb 100644 --- a/pjlib-util/src/pjlib-util/stun_session.c +++ b/pjlib-util/src/pjlib-util/stun_session.c @@ -699,6 +699,7 @@ static pj_status_t authenticate_msg(pj_stun_session *sess, status = pj_stun_verify_credential(pkt, pkt_len, msg, sess->cred, tmp_pool, &response); if (status != PJ_SUCCESS && response != NULL) { + PJ_LOG(5,(SNAME(sess), "Message authentication failed")); send_response(sess, tmp_pool, response, PJ_FALSE, src_addr, src_addr_len); } @@ -865,7 +866,7 @@ PJ_DEF(pj_status_t) pj_stun_session_on_rx_pkt(pj_stun_session *sess, dump = pj_pool_alloc(tmp_pool, PJ_STUN_MAX_PKT_LEN); - PJ_LOG(4,(SNAME(sess), + PJ_LOG(5,(SNAME(sess), "RX STUN message:\n" "--- begin STUN message ---\n" "%s" @@ -884,8 +885,9 @@ PJ_DEF(pj_status_t) pj_stun_session_on_rx_pkt(pj_stun_session *sess, /* Authenticate the message */ status = authenticate_msg(sess, packet, pkt_size, msg, tmp_pool, src_addr, src_addr_len); - if (status != PJ_SUCCESS) + if (status != PJ_SUCCESS) { goto on_return; + } /* Handle message */ if (PJ_STUN_IS_RESPONSE(msg->hdr.type) || |