Changeset 1924


Ignore:
Timestamp:
Apr 13, 2008 9:48:44 PM (16 years ago)
Author:
bennylp
Message:

More ticket #485: fixed TURN server permission not allowing peer with the same IP to get through, and added option to disable FINGERPRINT verification in TURN server since it is currently broken when TURN is used with ICE (which has a FINGERPRINT in its Binding Request)

Location:
pjproject/trunk/pjnath
Files:
6 edited

Legend:

Unmodified
Added
Removed

  • pjproject/trunk/pjnath/include/pjnath/stun_msg.h

    r1923 r1924  
    11591159     * message. 
    11601160     */ 
    1161     PJ_STUN_NO_AUTHENTICATE = 4 
     1161    PJ_STUN_NO_AUTHENTICATE = 4, 
     1162 
     1163    /** 
     1164     * Disable FINGERPRINT verification. This option can be used when calling 
     1165     * #pj_stun_msg_check() and #pj_stun_msg_decode() to disable the  
     1166     * verification of FINGERPRINT, for example when the STUN usage says when 
     1167     * FINGERPRINT mechanism shall not * be used. 
     1168     */ 
     1169    PJ_STUN_NO_FINGERPRINT_CHECK = 8 
    11621170}; 
    11631171 

  • pjproject/trunk/pjnath/src/pjnath/stun_msg.c

    r1877 r1924  
    18691869 
    18701870        /* Check if FINGERPRINT attribute is present */ 
    1871         if (GETVAL16H(pdu, msg_len + 20 - 8) == PJ_STUN_ATTR_FINGERPRINT) { 
     1871        if ((options & PJ_STUN_NO_FINGERPRINT_CHECK )==0 &&  
     1872            GETVAL16H(pdu, msg_len + 20 - 8) == PJ_STUN_ATTR_FINGERPRINT)  
     1873        { 
    18721874            pj_uint16_t attr_len = GETVAL16H(pdu, msg_len + 20 - 8 + 2); 
    18731875            pj_uint32_t fingerprint = GETVAL32H(pdu, msg_len + 20 - 8 + 4); 

  • pjproject/trunk/pjnath/src/pjturn-srv/allocation.c

    r1913 r1924  
    826826    perm->expiry.sec += PJ_TURN_PERM_TIMEOUT; 
    827827 
    828     /* Register to hash table */ 
    829     pj_hash_set(alloc->pool, alloc->peer_table, &perm->hkey.peer_addr,  
    830                 pj_sockaddr_get_len(&perm->hkey.peer_addr), 0, perm); 
     828    /* Register to hash table (only the address part!) */ 
     829    pj_hash_set(alloc->pool, alloc->peer_table,  
     830                pj_sockaddr_get_addr(&perm->hkey.peer_addr),  
     831                pj_sockaddr_get_addr_len(&perm->hkey.peer_addr), 0, perm); 
    831832 
    832833    return perm; 
     
    846847 
    847848    /* Remove from permission hash table */ 
    848     pj_hash_set(NULL, alloc->peer_table, &perm->hkey.peer_addr,  
    849                 pj_sockaddr_get_len(&perm->hkey.peer_addr), 0, NULL); 
     849    pj_hash_set(NULL, alloc->peer_table,  
     850                pj_sockaddr_get_addr(&perm->hkey.peer_addr),  
     851                pj_sockaddr_get_addr_len(&perm->hkey.peer_addr), 0, NULL); 
    850852 
    851853    /* Remove from channel hash table, if assigned a channel number */ 
     
    866868    pj_turn_permission *perm; 
    867869 
     870    PJ_UNUSED_ARG(addr_len); 
     871 
    868872    /* Lookup in peer hash table */ 
    869     perm = (pj_turn_permission*) pj_hash_get(alloc->peer_table, peer_addr, 
    870                                              addr_len, NULL); 
     873    perm = (pj_turn_permission*)  
     874           pj_hash_get(alloc->peer_table,  
     875                       pj_sockaddr_get_addr(peer_addr), 
     876                       pj_sockaddr_get_addr_len(peer_addr),  
     877                       NULL); 
    871878    return perm ? check_permission_expiry(perm) : NULL; 
    872879} 
     
    921928         * our stun_on_rx_request() or stun_on_rx_indication() 
    922929         * callbacks. 
     930         * 
     931         * Note: currently it is necessary to specify the  
     932         * PJ_STUN_NO_FINGERPRINT_CHECK otherwise the FINGERPRINT 
     933         * attribute inside STUN Send Indication message will mess up 
     934         * with fingerprint checking. 
    923935         */ 
    924         unsigned options = PJ_STUN_CHECK_PACKET; 
     936        unsigned options = PJ_STUN_CHECK_PACKET | PJ_STUN_NO_FINGERPRINT_CHECK; 
    925937        unsigned parsed_len = 0; 
    926938 

  • pjproject/trunk/pjnath/src/pjturn-srv/auth.c

    r1882 r1924  
    3434} g_cred[] =  
    3535{ 
    36     { "user", "passwd" }, 
     36    { "100", "100" }, 
     37    { "700", "700" }, 
     38    { "701", "701" }, 
     39    { "702", "702" } 
    3740}; 
    3841 

  • pjproject/trunk/pjnath/src/pjturn-srv/main.c

    r1913 r1924  
    2020#include "auth.h" 
    2121 
    22 #define REALM   "pjsip.org" 
     22#define REALM           "pjsip.org" 
     23#define TURN_PORT       PJ_STUN_TURN_PORT 
     24//#define TURN_PORT     34780 
     25 
    2326 
    2427static pj_caching_pool g_cp; 
     
    139142 
    140143    status = pj_turn_listener_create_udp(srv, pj_AF_INET(), NULL,  
    141                                          PJ_STUN_PORT, 1, 0, &listener); 
     144                                         TURN_PORT, 1, 0, &listener); 
    142145    if (status != PJ_SUCCESS) 
    143146        return err("Error creating UDP listener", status); 
    144147 
    145148    status = pj_turn_listener_create_tcp(srv, pj_AF_INET(), NULL,  
    146                                          PJ_STUN_PORT, 1, 0, &listener); 
     149                                         TURN_PORT, 1, 0, &listener); 
    147150    if (status != PJ_SUCCESS) 
    148151        return err("Error creating listener", status); 

  • pjproject/trunk/pjnath/src/pjturn-srv/server.c

    r1913 r1924  
    582582 
    583583        /* Check that this is a STUN message */ 
    584         options = PJ_STUN_CHECK_PACKET; 
     584        options = PJ_STUN_CHECK_PACKET | PJ_STUN_NO_FINGERPRINT_CHECK; 
    585585        if (pkt->transport->listener->tp_type == PJ_TURN_TP_UDP) 
    586586            options |= PJ_STUN_IS_DATAGRAM; 
Note: See TracChangeset for help on using the changeset viewer.