Changeset 1275 for pjproject/trunk/pjnath/src/pjnath/stun_session.c
- Timestamp:
- May 15, 2007 10:42:56 AM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
pjproject/trunk/pjnath/src/pjnath/stun_session.c
r1239 r1275 212 212 } 213 213 214 static pj_st r_t *get_passwd(pj_stun_session *sess, pj_pool_t *pool,215 const pj_stun_msg *msg)214 static pj_status_t get_key(pj_stun_session *sess, pj_pool_t *pool, 215 const pj_stun_msg *msg, pj_str_t *auth_key) 216 216 { 217 217 if (sess->cred == NULL) { 218 return NULL; 218 auth_key->slen = 0; 219 return PJ_SUCCESS; 219 220 } else if (sess->cred->type == PJ_STUN_AUTH_CRED_STATIC) { 220 return &sess->cred->data.static_cred.data; 221 pj_stun_create_key(pool, auth_key, 222 &sess->cred->data.static_cred.realm, 223 &sess->cred->data.static_cred.username, 224 &sess->cred->data.static_cred.data); 225 return PJ_SUCCESS; 221 226 } else if (sess->cred->type == PJ_STUN_AUTH_CRED_DYNAMIC) { 222 227 pj_str_t realm, username, nonce; … … 232 237 &nonce, &data_type, 233 238 password); 234 return password; 239 if (status != PJ_SUCCESS) 240 return status; 241 242 pj_stun_create_key(pool, auth_key, 243 &realm, &username, password); 244 245 return PJ_SUCCESS; 235 246 236 247 } else { 237 return NULL; 248 pj_assert(!"Unknown credential type"); 249 return PJ_EBUG; 238 250 } 239 251 } … … 244 256 { 245 257 pj_status_t status = 0; 258 pj_bool_t need_auth; 246 259 pj_str_t realm, username, nonce, password; 247 260 int data_type = 0; … … 250 263 251 264 /* The server SHOULD include a SERVER attribute in all responses */ 252 if (sess->srv_name.slen && (PJ_STUN_IS_SUCCESS_RESPONSE(msg->hdr.type) || 253 PJ_STUN_IS_ERROR_RESPONSE(msg->hdr.type))) 254 { 265 if (sess->srv_name.slen && PJ_STUN_IS_RESPONSE(msg->hdr.type)) { 255 266 pj_stun_msg_add_string_attr(pool, msg, PJ_STUN_ATTR_SERVER, 256 267 &sess->srv_name); 257 268 } 258 269 259 /* From draft-ietf-behave-rfc3489bis-05.txt 260 * Section 8.3.1. Formulating the Request Message 261 * 262 * Note: only put MESSAGE-INTEGRITY in non error response. 263 */ 270 need_auth = PJ_STUN_IS_REQUEST(msg->hdr.type) || 271 PJ_STUN_IS_SUCCESS_RESPONSE(msg->hdr.type); 272 264 273 if (sess->cred && sess->cred->type == PJ_STUN_AUTH_CRED_STATIC && 265 !PJ_STUN_IS_ERROR_RESPONSE(msg->hdr.type))274 need_auth) 266 275 { 267 276 realm = sess->cred->data.static_cred.realm; … … 272 281 273 282 } else if (sess->cred && sess->cred->type == PJ_STUN_AUTH_CRED_DYNAMIC && 274 !PJ_STUN_IS_ERROR_RESPONSE(msg->hdr.type))283 need_auth) 275 284 { 276 285 void *user_data = sess->cred->data.dyn_cred.user_data; … … 285 294 286 295 287 /* Create and add USERNAME attribute */288 if (username.slen ) {296 /* Create and add USERNAME attribute for */ 297 if (username.slen && PJ_STUN_IS_REQUEST(msg->hdr.type)) { 289 298 status = pj_stun_msg_add_string_attr(pool, msg, 290 299 PJ_STUN_ATTR_USERNAME, … … 294 303 295 304 /* Add REALM only when long term credential is used */ 296 if (realm.slen ) {305 if (realm.slen && PJ_STUN_IS_REQUEST(msg->hdr.type)) { 297 306 status = pj_stun_msg_add_string_attr(pool, msg, 298 307 PJ_STUN_ATTR_REALM, … … 302 311 303 312 /* Add NONCE when desired */ 304 if (nonce.slen) { 313 if (nonce.slen && 314 (PJ_STUN_IS_REQUEST(msg->hdr.type) || 315 PJ_STUN_IS_ERROR_RESPONSE(msg->hdr.type))) 316 { 305 317 status = pj_stun_msg_add_string_attr(pool, msg, 306 318 PJ_STUN_ATTR_NONCE, … … 309 321 310 322 /* Add MESSAGE-INTEGRITY attribute */ 311 if (username.slen ) {323 if (username.slen && need_auth) { 312 324 status = pj_stun_msg_add_msgint_attr(pool, msg); 313 325 PJ_ASSERT_RETURN(status==PJ_SUCCESS, status); … … 509 521 * Create a STUN response message. 510 522 */ 511 PJ_DEF(pj_status_t) pj_stun_session_create_res ponse( pj_stun_session *sess,512 513 514 515 523 PJ_DEF(pj_status_t) pj_stun_session_create_res( pj_stun_session *sess, 524 const pj_stun_msg *req, 525 unsigned err_code, 526 const pj_str_t *err_msg, 527 pj_stun_tx_data **p_tdata) 516 528 { 517 529 pj_status_t status; … … 598 610 } 599 611 612 status = get_key(sess, tdata->pool, tdata->msg, &tdata->auth_key); 613 if (status != PJ_SUCCESS) { 614 pj_stun_msg_destroy_tdata(sess, tdata); 615 pj_mutex_unlock(sess->mutex); 616 LOG_ERR_(sess, "Error getting creadential's key", status); 617 return status; 618 } 619 600 620 /* Encode message */ 601 621 status = pj_stun_msg_encode(tdata->msg, (pj_uint8_t*)tdata->pkt, 602 622 tdata->max_len, 0, 603 get_passwd(sess, tdata->pool, tdata->msg),623 &tdata->auth_key, 604 624 &tdata->pkt_size); 605 625 if (status != PJ_SUCCESS) { … … 738 758 static pj_status_t send_response(pj_stun_session *sess, 739 759 pj_pool_t *pool, pj_stun_msg *response, 760 const pj_str_t *auth_key, 740 761 pj_bool_t retransmission, 741 762 const pj_sockaddr_t *addr, unsigned addr_len) … … 758 779 /* Encode */ 759 780 status = pj_stun_msg_encode(response, out_pkt, out_max_len, 0, 760 get_passwd(sess, pool, response), 761 &out_len); 781 auth_key, &out_len); 762 782 if (status != PJ_SUCCESS) { 763 783 LOG_ERR_(sess, "Error encoding message", status); … … 775 795 776 796 /* Authenticate incoming message */ 777 static pj_status_t authenticate_ msg(pj_stun_session *sess,797 static pj_status_t authenticate_req(pj_stun_session *sess, 778 798 const pj_uint8_t *pkt, 779 799 unsigned pkt_len, … … 789 809 return PJ_SUCCESS; 790 810 791 status = pj_stun_ verify_credential(pkt, pkt_len, msg, sess->cred,792 tmp_pool, &response);811 status = pj_stun_authenticate_request(pkt, pkt_len, msg, sess->cred, 812 tmp_pool, &response); 793 813 if (status != PJ_SUCCESS && response != NULL) { 794 814 PJ_LOG(5,(SNAME(sess), "Message authentication failed")); 795 send_response(sess, tmp_pool, response, PJ_FALSE,815 send_response(sess, tmp_pool, response, NULL, PJ_FALSE, 796 816 src_addr, src_addr_len); 797 817 } … … 803 823 /* Handle incoming response */ 804 824 static pj_status_t on_incoming_response(pj_stun_session *sess, 825 unsigned options, 826 const pj_uint8_t *pkt, 827 unsigned pkt_len, 805 828 pj_stun_msg *msg, 806 829 const pj_sockaddr_t *src_addr, … … 816 839 "Transaction not found, response silently discarded")); 817 840 return PJ_SUCCESS; 841 } 842 843 /* Authenticate the message, unless PJ_STUN_NO_AUTHENTICATE 844 * is specified in the option. 845 */ 846 if ((options & PJ_STUN_NO_AUTHENTICATE) == 0) { 847 status = pj_stun_authenticate_response(pkt, pkt_len, msg, &tdata->auth_key); 848 if (status != PJ_SUCCESS) { 849 PJ_LOG(5,(SNAME(sess), 850 "Response authentication failed")); 851 return status; 852 } 818 853 } 819 854 … … 867 902 "Request retransmission, sending cached response")); 868 903 869 send_response(sess, tmp_pool, t->msg, PJ_TRUE,904 send_response(sess, tmp_pool, t->msg, &t->auth_key, PJ_TRUE, 870 905 src_addr, src_addr_len); 871 906 return PJ_SUCCESS; … … 877 912 /* Handle incoming request */ 878 913 static pj_status_t on_incoming_request(pj_stun_session *sess, 914 unsigned options, 879 915 pj_pool_t *tmp_pool, 880 916 const pj_uint8_t *in_pkt, … … 886 922 pj_status_t status; 887 923 924 /* Authenticate the message, unless PJ_STUN_NO_AUTHENTICATE 925 * is specified in the option. 926 */ 927 if ((options & PJ_STUN_NO_AUTHENTICATE) == 0) { 928 status = authenticate_req(sess, (const pj_uint8_t*) in_pkt, in_pkt_len, 929 msg, tmp_pool, src_addr, src_addr_len); 930 if (status != PJ_SUCCESS) { 931 return status; 932 } 933 } 934 888 935 /* Distribute to handler, or respond with Bad Request */ 889 936 if (sess->cb.on_rx_request) { … … 898 945 if (status == PJ_SUCCESS && response) { 899 946 status = send_response(sess, tmp_pool, response, 900 PJ_FALSE, src_addr, src_addr_len);947 NULL, PJ_FALSE, src_addr, src_addr_len); 901 948 } 902 949 } … … 953 1000 LOG_ERR_(sess, "STUN msg_decode() error", status); 954 1001 if (response) { 955 send_response(sess, tmp_pool, response, 1002 send_response(sess, tmp_pool, response, NULL, 956 1003 PJ_FALSE, src_addr, src_addr_len); 957 1004 } … … 978 1025 } 979 1026 980 /* Authenticate the message, unless PJ_STUN_NO_AUTHENTICATE981 * is specified in the option.982 */983 if ((options & PJ_STUN_NO_AUTHENTICATE) == 0) {984 status = authenticate_msg(sess, (const pj_uint8_t*) packet, pkt_size,985 msg, tmp_pool, src_addr, src_addr_len);986 if (status != PJ_SUCCESS) {987 goto on_return;988 }989 }990 991 1027 /* Handle message */ 992 1028 if (PJ_STUN_IS_SUCCESS_RESPONSE(msg->hdr.type) || 993 1029 PJ_STUN_IS_ERROR_RESPONSE(msg->hdr.type)) 994 1030 { 995 status = on_incoming_response(sess, msg, src_addr, src_addr_len); 1031 status = on_incoming_response(sess, options, 1032 (const pj_uint8_t*) packet, pkt_size, 1033 msg, src_addr, src_addr_len); 996 1034 997 1035 } else if (PJ_STUN_IS_REQUEST(msg->hdr.type)) { 998 1036 999 status = on_incoming_request(sess, tmp_pool,1037 status = on_incoming_request(sess, options, tmp_pool, 1000 1038 (const pj_uint8_t*) packet, pkt_size, 1001 1039 msg, src_addr, src_addr_len);
Note: See TracChangeset
for help on using the changeset viewer.