Ignore:
Timestamp:
May 23, 2007 7:05:59 AM (12 years ago)
Author:
bennylp
Message:

Ticket #287: selectively disable authentication for several STUN error responses

File:
1 edited

Legend:

Unmodified
Added
Removed
  • pjproject/trunk/pjnath/src/pjnath/stun_auth.c

    r1275 r1290  
    2222#include <pjlib-util/sha1.h> 
    2323#include <pj/assert.h> 
     24#include <pj/log.h> 
    2425#include <pj/string.h> 
    2526 
     27#define THIS_FILE   "stun_auth.c" 
    2628 
    2729/* Duplicate credential */ 
     
    349351 
    350352 
     353/* Determine if STUN message can be authenticated */ 
     354PJ_DEF(pj_bool_t) pj_stun_auth_valid_for_msg(const pj_stun_msg *msg) 
     355{ 
     356    unsigned msg_type = msg->hdr.type; 
     357    const pj_stun_errcode_attr *err_attr; 
     358 
     359    /* STUN requests and success response can be authenticated */ 
     360    if (!PJ_STUN_IS_ERROR_RESPONSE(msg_type) &&  
     361        !PJ_STUN_IS_INDICATION(msg_type)) 
     362    { 
     363        return PJ_TRUE; 
     364    } 
     365 
     366    /* STUN Indication cannot be authenticated */ 
     367    if (PJ_STUN_IS_INDICATION(msg_type)) 
     368        return PJ_FALSE; 
     369 
     370    /* Authentication for STUN error responses depend on the error 
     371     * code. 
     372     */ 
     373    err_attr = (const pj_stun_errcode_attr*) 
     374               pj_stun_msg_find_attr(msg, PJ_STUN_ATTR_ERROR_CODE, 0); 
     375    if (err_attr == NULL) { 
     376        PJ_LOG(4,(THIS_FILE, "STUN error code attribute not present in " 
     377                             "error response")); 
     378        return PJ_TRUE; 
     379    } 
     380 
     381    switch (err_attr->err_code) { 
     382    case PJ_STUN_SC_UNAUTHORIZED: 
     383    case PJ_STUN_SC_MISSING_USERNAME: 
     384    case PJ_STUN_SC_MISSING_REALM: 
     385    case PJ_STUN_SC_UNKNOWN_USERNAME: 
     386    case PJ_STUN_SC_INTEGRITY_CHECK_FAILURE: 
     387        return PJ_FALSE; 
     388    default: 
     389        return PJ_TRUE; 
     390    } 
     391} 
     392 
     393 
    351394/* Authenticate MESSAGE-INTEGRITY in the response */ 
    352395PJ_DEF(pj_status_t) pj_stun_authenticate_response(const pj_uint8_t *pkt, 
Note: See TracChangeset for help on using the changeset viewer.