Fixed STUN client/server authentication

git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@1038 74dad513-b988-da41-8d7b-12977e46ad98

3 files changed, 71 insertions, 3 deletions

diff --git a/pjlib-util/src/pjlib-util/stun_msg.c b/pjlib-util/src/pjlib-util/stun_msg.c
index 7c623ad4..e5accd82 100644
--- a/pjlib-util/src/pjlib-util/stun_msg.c
+++ b/pjlib-util/src/pjlib-util/stun_msg.c
@@ -1841,6 +1841,32 @@ void pj_stun_calc_md5_key(pj_uint8_t digest[16],
 
 
 /*
+static char *print_binary(const pj_uint8_t *data, unsigned data_len)
+{
+    static char static_buffer[1024];
+    char *buffer = static_buffer;
+    unsigned length=sizeof(static_buffer), i;
+
+    if (length < data_len * 2 + 8)
+	return "";
+
+    pj_ansi_sprintf(buffer, ", data=");
+    buffer += 7;
+
+    for (i=0; i<data_len; ++i) {
+	pj_ansi_sprintf(buffer, "%02x", (*data) & 0xFF);
+	buffer += 2;
+	data++;
+    }
+
+    pj_ansi_sprintf(buffer, "\n");
+    buffer++;
+
+    return static_buffer;
+}
+*/
+
+/*
  * Print the message structure to a buffer.
  */
 PJ_DEF(pj_status_t) pj_stun_msg_encode(pj_stun_msg *msg,
@@ -2001,7 +2027,7 @@ PJ_DEF(pj_status_t) pj_stun_msg_encode(pj_stun_msg *msg,
 	}
 
 	/* Calculate HMAC-SHA1 digest */
-	pj_hmac_sha1((pj_uint8_t*)buf, buf-start, 
+	pj_hmac_sha1((pj_uint8_t*)start, buf-start, 
 		     (pj_uint8_t*)key.ptr, key.slen,
 		     amsgint->hmac);
 
diff --git a/pjlib-util/src/pjlib-util/stun_msg_dump.c b/pjlib-util/src/pjlib-util/stun_msg_dump.c
index 1c9ccc2e..28e7a02c 100644
--- a/pjlib-util/src/pjlib-util/stun_msg_dump.c
+++ b/pjlib-util/src/pjlib-util/stun_msg_dump.c
@@ -26,6 +26,29 @@
 			    goto on_return; \
 			p += len
 
+static int print_binary(char *buffer, unsigned length,
+			const pj_uint8_t *data, unsigned data_len)
+{
+    unsigned i;
+
+    if (length < data_len * 2 + 8)
+	return -1;
+
+    pj_ansi_sprintf(buffer, ", data=");
+    buffer += 7;
+
+    for (i=0; i<data_len; ++i) {
+	pj_ansi_sprintf(buffer, "%02x", (*data) & 0xFF);
+	buffer += 2;
+	data++;
+    }
+
+    pj_ansi_sprintf(buffer, "\n");
+    buffer++;
+
+    return data_len * 2 + 8;
+}
+
 static int print_attr(char *buffer, unsigned length,
 		      const pj_stun_attr_hdr *ahdr)
 {
@@ -144,7 +167,24 @@ static int print_attr(char *buffer, unsigned length,
 	break;
 
     case PJ_STUN_ATTR_MESSAGE_INTEGRITY:
+	{
+	    const pj_stun_msgint_attr *attr;
+
+	    attr = (const pj_stun_msgint_attr*) ahdr;
+	    len = print_binary(p, end-p, attr->hmac, 20);
+	    APPLY();
+	}
+	break;
+
     case PJ_STUN_ATTR_DATA:
+	{
+	    const pj_stun_binary_attr *attr;
+
+	    attr = (const pj_stun_binary_attr*) ahdr;
+	    len = print_binary(p, end-p, attr->data, attr->length);
+	    APPLY();
+	}
+	break;
     case PJ_STUN_ATTR_USE_CANDIDATE:
     default:
 	len = pj_ansi_snprintf(p, end-p, "\n");
diff --git a/pjlib-util/src/pjlib-util/stun_session.c b/pjlib-util/src/pjlib-util/stun_session.c
index 7ec9d333..ce30c0bb 100644
--- a/pjlib-util/src/pjlib-util/stun_session.c
+++ b/pjlib-util/src/pjlib-util/stun_session.c
@@ -699,6 +699,7 @@ static pj_status_t authenticate_msg(pj_stun_session *sess,
     status = pj_stun_verify_credential(pkt, pkt_len, msg, sess->cred,
 				       tmp_pool, &response);
     if (status != PJ_SUCCESS && response != NULL) {
+	PJ_LOG(5,(SNAME(sess), "Message authentication failed"));
 	send_response(sess, tmp_pool, response, PJ_FALSE, 
 		      src_addr, src_addr_len);
     }
@@ -865,7 +866,7 @@ PJ_DEF(pj_status_t) pj_stun_session_on_rx_pkt(pj_stun_session *sess,
 
     dump = pj_pool_alloc(tmp_pool, PJ_STUN_MAX_PKT_LEN);
 
-    PJ_LOG(4,(SNAME(sess),
+    PJ_LOG(5,(SNAME(sess),
 	      "RX STUN message:\n"
 	      "--- begin STUN message ---\n"
 	      "%s"
@@ -884,8 +885,9 @@ PJ_DEF(pj_status_t) pj_stun_session_on_rx_pkt(pj_stun_session *sess,
     /* Authenticate the message */
     status = authenticate_msg(sess, packet, pkt_size, msg, tmp_pool, 
 			      src_addr, src_addr_len);
-    if (status != PJ_SUCCESS)
+    if (status != PJ_SUCCESS) {
 	goto on_return;
+    }
 
     /* Handle message */
     if (PJ_STUN_IS_RESPONSE(msg->hdr.type) ||