diff options
| author | Benny Prijono <bennylp@teluu.com> | 2008-04-13 21:48:44 +0000 |
|---|---|---|
| committer | Benny Prijono <bennylp@teluu.com> | 2008-04-13 21:48:44 +0000 |
| commit | 4a8f891d8fafd8dec50620ce45076dbe112f9f3e (patch) | |
| tree | d40dc7094548ee80099ca845c0b01f34cd70a596 /pjnath | |
| parent | 848e880ca8c2811caeccceba3f325d28c63adec0 (diff) | |
More ticket #485: fixed TURN server permission not allowing peer with the same IP to get through, and added option to disable FINGERPRINT verification in TURN server since it is currently broken when TURN is used with ICE (which has a FINGERPRINT in its Binding Request)
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@1924 74dad513-b988-da41-8d7b-12977e46ad98
Diffstat (limited to 'pjnath')
| -rw-r--r-- | pjnath/include/pjnath/stun_msg.h | 10 | ||||
| -rw-r--r-- | pjnath/src/pjnath/stun_msg.c | 4 | ||||
| -rw-r--r-- | pjnath/src/pjturn-srv/allocation.c | 28 | ||||
| -rw-r--r-- | pjnath/src/pjturn-srv/auth.c | 5 | ||||
| -rw-r--r-- | pjnath/src/pjturn-srv/main.c | 9 | ||||
| -rw-r--r-- | pjnath/src/pjturn-srv/server.c | 2 |
6 files changed, 43 insertions, 15 deletions
diff --git a/pjnath/include/pjnath/stun_msg.h b/pjnath/include/pjnath/stun_msg.h index c88397bc..7c3805ea 100644 --- a/pjnath/include/pjnath/stun_msg.h +++ b/pjnath/include/pjnath/stun_msg.h @@ -1158,7 +1158,15 @@ enum pj_stun_decode_options * When specified, it tells the session NOT to authenticate the * message. */ - PJ_STUN_NO_AUTHENTICATE = 4 + PJ_STUN_NO_AUTHENTICATE = 4, + + /** + * Disable FINGERPRINT verification. This option can be used when calling + * #pj_stun_msg_check() and #pj_stun_msg_decode() to disable the + * verification of FINGERPRINT, for example when the STUN usage says when + * FINGERPRINT mechanism shall not * be used. + */ + PJ_STUN_NO_FINGERPRINT_CHECK = 8 }; diff --git a/pjnath/src/pjnath/stun_msg.c b/pjnath/src/pjnath/stun_msg.c index 716683fb..21315f3b 100644 --- a/pjnath/src/pjnath/stun_msg.c +++ b/pjnath/src/pjnath/stun_msg.c @@ -1868,7 +1868,9 @@ PJ_DEF(pj_status_t) pj_stun_msg_check(const pj_uint8_t *pdu, unsigned pdu_len, if (GETVAL32H(pdu, 4) == PJ_STUN_MAGIC) { /* Check if FINGERPRINT attribute is present */ - if (GETVAL16H(pdu, msg_len + 20 - 8) == PJ_STUN_ATTR_FINGERPRINT) { + if ((options & PJ_STUN_NO_FINGERPRINT_CHECK )==0 && + GETVAL16H(pdu, msg_len + 20 - 8) == PJ_STUN_ATTR_FINGERPRINT) + { pj_uint16_t attr_len = GETVAL16H(pdu, msg_len + 20 - 8 + 2); pj_uint32_t fingerprint = GETVAL32H(pdu, msg_len + 20 - 8 + 4); pj_uint32_t crc; diff --git a/pjnath/src/pjturn-srv/allocation.c b/pjnath/src/pjturn-srv/allocation.c index b552bc45..b2215e0d 100644 --- a/pjnath/src/pjturn-srv/allocation.c +++ b/pjnath/src/pjturn-srv/allocation.c @@ -825,9 +825,10 @@ static pj_turn_permission *create_permission(pj_turn_allocation *alloc, pj_gettimeofday(&perm->expiry); perm->expiry.sec += PJ_TURN_PERM_TIMEOUT; - /* Register to hash table */ - pj_hash_set(alloc->pool, alloc->peer_table, &perm->hkey.peer_addr, - pj_sockaddr_get_len(&perm->hkey.peer_addr), 0, perm); + /* Register to hash table (only the address part!) */ + pj_hash_set(alloc->pool, alloc->peer_table, + pj_sockaddr_get_addr(&perm->hkey.peer_addr), + pj_sockaddr_get_addr_len(&perm->hkey.peer_addr), 0, perm); return perm; } @@ -845,8 +846,9 @@ static pj_turn_permission *check_permission_expiry(pj_turn_permission *perm) } /* Remove from permission hash table */ - pj_hash_set(NULL, alloc->peer_table, &perm->hkey.peer_addr, - pj_sockaddr_get_len(&perm->hkey.peer_addr), 0, NULL); + pj_hash_set(NULL, alloc->peer_table, + pj_sockaddr_get_addr(&perm->hkey.peer_addr), + pj_sockaddr_get_addr_len(&perm->hkey.peer_addr), 0, NULL); /* Remove from channel hash table, if assigned a channel number */ if (perm->channel != PJ_TURN_INVALID_CHANNEL) { @@ -865,9 +867,14 @@ lookup_permission_by_addr(pj_turn_allocation *alloc, { pj_turn_permission *perm; + PJ_UNUSED_ARG(addr_len); + /* Lookup in peer hash table */ - perm = (pj_turn_permission*) pj_hash_get(alloc->peer_table, peer_addr, - addr_len, NULL); + perm = (pj_turn_permission*) + pj_hash_get(alloc->peer_table, + pj_sockaddr_get_addr(peer_addr), + pj_sockaddr_get_addr_len(peer_addr), + NULL); return perm ? check_permission_expiry(perm) : NULL; } @@ -920,8 +927,13 @@ PJ_DEF(void) pj_turn_allocation_on_rx_client_pkt(pj_turn_allocation *alloc, * Pass this through to the STUN session, which will call * our stun_on_rx_request() or stun_on_rx_indication() * callbacks. + * + * Note: currently it is necessary to specify the + * PJ_STUN_NO_FINGERPRINT_CHECK otherwise the FINGERPRINT + * attribute inside STUN Send Indication message will mess up + * with fingerprint checking. */ - unsigned options = PJ_STUN_CHECK_PACKET; + unsigned options = PJ_STUN_CHECK_PACKET | PJ_STUN_NO_FINGERPRINT_CHECK; unsigned parsed_len = 0; if (pkt->transport->listener->tp_type == PJ_TURN_TP_UDP) diff --git a/pjnath/src/pjturn-srv/auth.c b/pjnath/src/pjturn-srv/auth.c index e02079e4..0f7e6991 100644 --- a/pjnath/src/pjturn-srv/auth.c +++ b/pjnath/src/pjturn-srv/auth.c @@ -33,7 +33,10 @@ static struct cred_t char passwd[MAX_PASSWORD]; } g_cred[] = { - { "user", "passwd" }, + { "100", "100" }, + { "700", "700" }, + { "701", "701" }, + { "702", "702" } }; #define THE_NONCE "pjnath" diff --git a/pjnath/src/pjturn-srv/main.c b/pjnath/src/pjturn-srv/main.c index 4ebdcde8..26c1171d 100644 --- a/pjnath/src/pjturn-srv/main.c +++ b/pjnath/src/pjturn-srv/main.c @@ -19,7 +19,10 @@ #include "turn.h" #include "auth.h" -#define REALM "pjsip.org" +#define REALM "pjsip.org" +#define TURN_PORT PJ_STUN_TURN_PORT +//#define TURN_PORT 34780 + static pj_caching_pool g_cp; @@ -138,12 +141,12 @@ int main() return err("Error creating server", status); status = pj_turn_listener_create_udp(srv, pj_AF_INET(), NULL, - PJ_STUN_PORT, 1, 0, &listener); + TURN_PORT, 1, 0, &listener); if (status != PJ_SUCCESS) return err("Error creating UDP listener", status); status = pj_turn_listener_create_tcp(srv, pj_AF_INET(), NULL, - PJ_STUN_PORT, 1, 0, &listener); + TURN_PORT, 1, 0, &listener); if (status != PJ_SUCCESS) return err("Error creating listener", status); diff --git a/pjnath/src/pjturn-srv/server.c b/pjnath/src/pjturn-srv/server.c index 17ded7b0..79792b78 100644 --- a/pjnath/src/pjturn-srv/server.c +++ b/pjnath/src/pjturn-srv/server.c @@ -581,7 +581,7 @@ PJ_DEF(void) pj_turn_srv_on_rx_pkt(pj_turn_srv *srv, pj_status_t status; /* Check that this is a STUN message */ - options = PJ_STUN_CHECK_PACKET; + options = PJ_STUN_CHECK_PACKET | PJ_STUN_NO_FINGERPRINT_CHECK; if (pkt->transport->listener->tp_type == PJ_TURN_TP_UDP) options |= PJ_STUN_IS_DATAGRAM; |