[Nice] [nice/master] Add compatiblity to gtalk on inbound username checking
Youness Alaoui
youness.alaoui at collabora.co.uk
Wed Nov 5 14:01:02 PST 2008
darcs-hash:20080423205841-4f0f6-9e93de5c579e6c0d5fbfc983e7db790d863e3608.gz
---
agent/agent.h | 2 +-
agent/conncheck.c | 2 +-
stun/stun-ice.c | 8 ++++----
stun/stun-ice.h | 2 +-
stun/stun-msg.h | 2 +-
stun/stunrecv.c | 23 +++++++++++++++--------
stun/tests/test-conncheck.c | 24 ++++++++++++------------
7 files changed, 35 insertions(+), 28 deletions(-)
diff --git a/agent/agent.h b/agent/agent.h
index 254434f..3c29373 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -98,7 +98,7 @@ typedef enum
typedef enum
{
- NICE_COMPATIBILITY_ID19,
+ NICE_COMPATIBILITY_ID19 = 0,
NICE_COMPATIBILITY_GOOGLE,
NICE_COMPATIBILITY_MSN,
NICE_COMPATIBILITY_LAST = NICE_COMPATIBILITY_MSN
diff --git a/agent/conncheck.c b/agent/conncheck.c
index 00d6998..3f10a0a 100644
--- a/agent/conncheck.c
+++ b/agent/conncheck.c
@@ -1565,7 +1565,7 @@ gboolean conn_check_handle_inbound_stun (NiceAgent *agent, Stream *stream, Compo
res = stun_conncheck_reply (rbuf, &rbuf_len, (const uint8_t*)buf, &sockaddr, sizeof (sockaddr),
stream->local_ufrag, stream->local_password,
- &control, agent->tie_breaker);
+ &control, agent->tie_breaker, agent->compatibility);
if (res == EACCES)
priv_check_for_role_conflict (agent, control);
diff --git a/stun/stun-ice.c b/stun/stun-ice.c
index 2f5d174..ab651c9 100644
--- a/stun/stun-ice.c
+++ b/stun/stun-ice.c
@@ -80,7 +80,7 @@ stun_conncheck_reply (uint8_t *restrict buf, size_t *restrict plen,
const uint8_t *msg,
const struct sockaddr *restrict src, socklen_t srclen,
const char *local_ufrag, const char *pass,
- bool *restrict control, uint64_t tie)
+ bool *restrict control, uint64_t tie, uint32_t compat)
{
size_t len = *plen;
uint64_t q;
@@ -122,14 +122,14 @@ stun_conncheck_reply (uint8_t *restrict buf, size_t *restrict plen,
/* Short term credentials checking */
val = 0;
if (!stun_present (msg, STUN_MESSAGE_INTEGRITY)
- || !stun_present (msg, STUN_USERNAME))
+ || (compat != 1 && !stun_present (msg, STUN_USERNAME)))
{
DBG (" Missing USERNAME or MESSAGE-INTEGRITY.\n");
val = STUN_BAD_REQUEST;
}
else
- if (stun_verify_username (msg, local_ufrag)
- || stun_verify_password (msg, pass))
+ if (stun_verify_username (msg, local_ufrag, compat)
+ || (compat != 1 && stun_verify_password (msg, pass)))
{
DBG (" Integrity check failed.\n");
val = STUN_UNAUTHORIZED;
diff --git a/stun/stun-ice.h b/stun/stun-ice.h
index 5a9fd32..512ccb0 100644
--- a/stun/stun-ice.h
+++ b/stun/stun-ice.h
@@ -103,7 +103,7 @@ stun_conncheck_reply (uint8_t *restrict buf, size_t *restrict plen,
const uint8_t *msg,
const struct sockaddr *restrict src, socklen_t srclen,
const char *local_ufrag, const char *pass,
- bool *restrict control, uint64_t tie);
+ bool *restrict control, uint64_t tie, uint32_t compat);
/**
* Extracts the priority from a STUN message.
diff --git a/stun/stun-msg.h b/stun/stun-msg.h
index 2ff908f..0961b42 100644
--- a/stun/stun-msg.h
+++ b/stun/stun-msg.h
@@ -363,7 +363,7 @@ bool stun_match_messages (const uint8_t *restrict resp,
int *restrict error);
int stun_verify_key (const uint8_t *msg, const void *key, size_t keylen);
int stun_verify_password (const uint8_t *msg, const char *pw);
-int stun_verify_username (const uint8_t *msg, const char *local_ufrag);
+ int stun_verify_username (const uint8_t *msg, const char *local_ufrag, uint32_t compat);
/**
* Looks for an attribute in a *valid* STUN message.
diff --git a/stun/stunrecv.c b/stun/stunrecv.c
index aff40bc..a535091 100644
--- a/stun/stunrecv.c
+++ b/stun/stunrecv.c
@@ -496,10 +496,12 @@ int stun_verify_password (const uint8_t *msg, const char *pw)
* the local username fragment, EPERM if the username was incorrect,
* and ENOENT if there was no USERNAME attribute
*/
-int stun_verify_username (const uint8_t *msg, const char *local_ufrag)
+int stun_verify_username (const uint8_t *msg, const char *local_ufrag, uint32_t compat)
{
const char *username, *n;
uint16_t username_len;
+ uint16_t local_username_len;
+
assert (msg != NULL);
username = (const char *)stun_find (msg, STUN_USERNAME, &username_len);
if (username == NULL)
@@ -507,15 +509,20 @@ int stun_verify_username (const uint8_t *msg, const char *local_ufrag)
DBG ("STUN auth error: no USERNAME attribute!\n");
return ENOENT;
}
- n = strchr (username, ':');
- if (n == NULL)
- {
- DBG ("STUN auth error: no colon in USERNAME!\n");
- return EPERM;
+ if (compat == 1) {
+ local_username_len = strlen (local_ufrag);
+ } else {
+ n = strchr (username, ':');
+ if (n == NULL)
+ {
+ DBG ("STUN auth error: no colon in USERNAME!\n");
+ return EPERM;
+ }
+ local_username_len = n - username;
}
- if (strncmp(username, local_ufrag, n - username) != 0)
+ if (strncmp(username, local_ufrag, local_username_len) != 0)
{
- DBG ("STUN auth error: local ufrag doesn't match (uname:%s,ufrag:%s,msg:%s)!\n", username,local_ufrag, n);
+ DBG ("STUN auth error: local ufrag doesn't match (uname:%s,ufrag:%s)!\n", username,local_ufrag);
return EPERM;
}
diff --git a/stun/tests/test-conncheck.c b/stun/tests/test-conncheck.c
index ccb7c01..00523d0 100644
--- a/stun/tests/test-conncheck.c
+++ b/stun/tests/test-conncheck.c
@@ -82,7 +82,7 @@ int main (void)
len = sizeof (resp);
val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
- sizeof (ip4), ufrag, pass, &control, tie);
+ sizeof (ip4), ufrag, pass, &control, tie, 0);
assert (val == EINVAL);
assert (len == 0);
@@ -94,7 +94,7 @@ int main (void)
len = sizeof (resp);
val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
- sizeof (ip4), ufrag, pass, &control, tie);
+ sizeof (ip4), ufrag, pass, &control, tie, 0);
assert (val == EPROTO);
assert (len > 0);
@@ -109,7 +109,7 @@ int main (void)
len = sizeof (resp);
val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
- sizeof (ip4), username, pass, &control, tie);
+ sizeof (ip4), username, pass, &control, tie, 0);
assert (val == EPROTO);
assert (len > 0);
@@ -121,7 +121,7 @@ int main (void)
len = sizeof (resp);
val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
- sizeof (ip4), ufrag, pass, &control, tie);
+ sizeof (ip4), ufrag, pass, &control, tie, 0);
assert (val == EPERM);
assert (len > 0);
assert (stun_match_messages (resp, req, NULL, 0, &code)
@@ -135,7 +135,7 @@ int main (void)
len = sizeof (resp);
val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
- sizeof (ip4), ufrag, pass, &control, tie);
+ sizeof (ip4), ufrag, pass, &control, tie, 0);
assert (val == EPERM);
assert (len > 0);
assert (stun_match_messages (resp, req, NULL, 0, &code)
@@ -155,7 +155,7 @@ int main (void)
len = sizeof (resp);
val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
- sizeof (ip4), ufrag, pass, &control, tie);
+ sizeof (ip4), ufrag, pass, &control, tie, 0);
assert (val == 0);
assert (len > 0);
assert (stun_match_messages (resp, req, (uint8_t *)pass,
@@ -167,7 +167,7 @@ int main (void)
/* Bad username */
len = sizeof (resp);
val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
- sizeof (ip4), "bad", pass, &control, tie);
+ sizeof (ip4), "bad", pass, &control, tie, 0);
assert (val == EPERM);
assert (len > 0);
assert (stun_match_messages (resp, req, NULL, 0, &code)
@@ -176,7 +176,7 @@ int main (void)
/* Bad integrity (bad password) */
len = sizeof (resp);
val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
- sizeof (ip4), ufrag, "bad", &control, tie);
+ sizeof (ip4), ufrag, "bad", &control, tie, 0);
assert (val == EPERM);
assert (len > 0);
assert (stun_match_messages (resp, req, NULL, 0, &code)
@@ -187,7 +187,7 @@ int main (void)
ip4.sin_family = AF_UNSPEC;
len = sizeof (resp);
val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
- sizeof (ip4), ufrag, pass, &control, tie);
+ sizeof (ip4), ufrag, pass, &control, tie, 0);
assert (val == EAFNOSUPPORT);
ip4.sin_family = AF_INET;
@@ -201,7 +201,7 @@ int main (void)
len = sizeof (resp);
val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
- sizeof (ip4), ufrag, pass, &control, tie);
+ sizeof (ip4), ufrag, pass, &control, tie, 0);
assert (val == EINVAL);
assert (len == 0);
@@ -216,7 +216,7 @@ int main (void)
len = sizeof (resp);
control = true;
val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
- sizeof (ip4), ufrag, pass, &control, tie);
+ sizeof (ip4), ufrag, pass, &control, tie, 0);
assert (val == EACCES);
assert (len > 0);
assert (control == false);
@@ -235,7 +235,7 @@ int main (void)
len = sizeof (resp);
control = false;
val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
- sizeof (ip4), ufrag, pass, &control, tie);
+ sizeof (ip4), ufrag, pass, &control, tie, 0);
assert (val == 0);
assert (len > 0);
assert (control == false);
--
1.5.6.5
More information about the Nice
mailing list