Add compatiblity to gtalk on inbound username checking

darcs-hash:20080423205841-4f0f6-9e93de5c579e6c0d5fbfc983e7db790d863e3608.gz

Add compatiblity to gtalk on inbound username checking
darcs-hash:20080423205841-4f0f6-9e93de5c579e6c0d5fbfc983e7db790d863e3608.gz
f8426ce2 · Youness Alaoui · 5dd2daa0 · f8426ce2 · f8426ce2 · f8426ce2
Commit f8426ce2 authored Apr 23, 2008 by Youness Alaoui
7 changed files
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -98,7 +98,7 @@ typedef enum

 typedef enum
 {
-  NICE_COMPATIBILITY_ID19,
+  NICE_COMPATIBILITY_ID19 = 0,
  NICE_COMPATIBILITY_GOOGLE,
  NICE_COMPATIBILITY_MSN,
  NICE_COMPATIBILITY_LAST = NICE_COMPATIBILITY_MSN

--- a/agent/conncheck.c
+++ b/agent/conncheck.c
@@ -1565,7 +1565,7 @@ gboolean conn_check_handle_inbound_stun (NiceAgent *agent, Stream *stream, Compo

  res = stun_conncheck_reply (rbuf, &rbuf_len, (const uint8_t*)buf, &sockaddr, sizeof (sockaddr), 
                              stream->local_ufrag, stream->local_password,
-                              &control, agent->tie_breaker);
+                              &control, agent->tie_breaker, agent->compatibility);

  if (res == EACCES)
    priv_check_for_role_conflict (agent, control);

--- a/stun/stun-ice.c
+++ b/stun/stun-ice.c
@@ -80,7 +80,7 @@ stun_conncheck_reply (uint8_t *restrict buf, size_t *restrict plen,
                      const uint8_t *msg,
                      const struct sockaddr *restrict src, socklen_t srclen,
                      const char *local_ufrag, const char *pass,
-                      bool *restrict control, uint64_t tie)
+                      bool *restrict control, uint64_t tie, uint32_t compat)
 {
  size_t len = *plen;
  uint64_t q;
@@ -122,14 +122,14 @@ stun_conncheck_reply (uint8_t *restrict buf, size_t *restrict plen,
  /* Short term credentials checking */
  val = 0;
  if (!stun_present (msg, STUN_MESSAGE_INTEGRITY)
-   || !stun_present (msg, STUN_USERNAME))
+      || (compat != 1 && !stun_present (msg, STUN_USERNAME)))
  {
    DBG (" Missing USERNAME or MESSAGE-INTEGRITY.\n");
    val = STUN_BAD_REQUEST;
  }
  else
-  if (stun_verify_username (msg, local_ufrag)
-   || stun_verify_password (msg, pass))
+    if (stun_verify_username (msg, local_ufrag, compat)
+      || (compat != 1 && stun_verify_password (msg, pass)))
  {
    DBG (" Integrity check failed.\n");
    val = STUN_UNAUTHORIZED;

--- a/stun/stun-ice.h
+++ b/stun/stun-ice.h
@@ -103,7 +103,7 @@ stun_conncheck_reply (uint8_t *restrict buf, size_t *restrict plen,
                      const uint8_t *msg,
                      const struct sockaddr *restrict src, socklen_t srclen,
                      const char *local_ufrag, const char *pass,
-                      bool *restrict control, uint64_t tie);
+                      bool *restrict control, uint64_t tie, uint32_t compat);

 /**
 * Extracts the priority from a STUN message.

--- a/stun/stun-msg.h
+++ b/stun/stun-msg.h
@@ -363,7 +363,7 @@ bool stun_match_messages (const uint8_t *restrict resp,
                          int *restrict error);
 int stun_verify_key (const uint8_t *msg, const void *key, size_t keylen);
 int stun_verify_password (const uint8_t *msg, const char *pw);
-int stun_verify_username (const uint8_t *msg, const char *local_ufrag);
+  int stun_verify_username (const uint8_t *msg, const char *local_ufrag, uint32_t compat);

 /**
 * Looks for an attribute in a *valid* STUN message.

--- a/stun/stunrecv.c
+++ b/stun/stunrecv.c
@@ -496,10 +496,12 @@ int stun_verify_password (const uint8_t *msg, const char *pw)
 * the local username fragment, EPERM if the username was incorrect,
 * and ENOENT if there was no USERNAME attribute
 */
-int stun_verify_username (const uint8_t *msg, const char *local_ufrag)
+int stun_verify_username (const uint8_t *msg, const char *local_ufrag, uint32_t compat)
 {
  const char *username, *n;
  uint16_t username_len;
+  uint16_t local_username_len;
+
  assert (msg != NULL);
  username = (const char *)stun_find (msg, STUN_USERNAME, &username_len);
  if (username == NULL)
@@ -507,15 +509,20 @@ int stun_verify_username (const uint8_t *msg, const char *local_ufrag)
    DBG ("STUN auth error: no USERNAME attribute!\n");
    return ENOENT;
  }
-  n = strchr (username, ':');
-  if (n == NULL)
-  {
-    DBG ("STUN auth error: no colon in USERNAME!\n");
-    return EPERM;
+  if (compat == 1) {
+    local_username_len = strlen (local_ufrag);
+  } else {
+    n = strchr (username, ':');
+    if (n == NULL)
+    {
+      DBG ("STUN auth error: no colon in USERNAME!\n");
+      return EPERM;
+    }
+    local_username_len = n - username;
  }
-  if (strncmp(username, local_ufrag, n - username) != 0)
+  if (strncmp(username, local_ufrag, local_username_len) != 0)
  {
-    DBG ("STUN auth error: local ufrag doesn't match (uname:%s,ufrag:%s,msg:%s)!\n", username,local_ufrag, n);
+    DBG ("STUN auth error: local ufrag doesn't match (uname:%s,ufrag:%s)!\n", username,local_ufrag);
    return EPERM;
  }
  

--- a/stun/tests/test-conncheck.c
+++ b/stun/tests/test-conncheck.c
@@ -82,7 +82,7 @@ int main (void)

  len = sizeof (resp);
  val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
-                              sizeof (ip4), ufrag, pass, &control, tie);
+                              sizeof (ip4), ufrag, pass, &control, tie, 0);
  assert (val == EINVAL);
  assert (len == 0);

@@ -94,7 +94,7 @@ int main (void)

  len = sizeof (resp);
  val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
-                              sizeof (ip4), ufrag, pass, &control, tie);
+                              sizeof (ip4), ufrag, pass, &control, tie, 0);
  assert (val == EPROTO);
  assert (len > 0);

@@ -109,7 +109,7 @@ int main (void)

  len = sizeof (resp);
  val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
-                              sizeof (ip4), username, pass, &control, tie);
+                              sizeof (ip4), username, pass, &control, tie, 0);
  assert (val == EPROTO);
  assert (len > 0);

@@ -121,7 +121,7 @@ int main (void)

  len = sizeof (resp);
  val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
-                              sizeof (ip4), ufrag, pass, &control, tie);
+                              sizeof (ip4), ufrag, pass, &control, tie, 0);
  assert (val == EPERM);
  assert (len > 0);
  assert (stun_match_messages (resp, req, NULL, 0, &code)
@@ -135,7 +135,7 @@ int main (void)

  len = sizeof (resp);
  val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
-                              sizeof (ip4), ufrag, pass, &control, tie);
+                              sizeof (ip4), ufrag, pass, &control, tie, 0);
  assert (val == EPERM);
  assert (len > 0);
  assert (stun_match_messages (resp, req, NULL, 0, &code)
@@ -155,7 +155,7 @@ int main (void)

  len = sizeof (resp);
  val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
-                              sizeof (ip4), ufrag, pass, &control, tie);
+                              sizeof (ip4), ufrag, pass, &control, tie, 0);
  assert (val == 0);
  assert (len > 0);
  assert (stun_match_messages (resp, req, (uint8_t *)pass,
@@ -167,7 +167,7 @@ int main (void)
  /* Bad username */
  len = sizeof (resp);
  val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
-                              sizeof (ip4), "bad", pass, &control, tie);
+                              sizeof (ip4), "bad", pass, &control, tie, 0);
  assert (val == EPERM);
  assert (len > 0);
  assert (stun_match_messages (resp, req, NULL, 0, &code)
@@ -176,7 +176,7 @@ int main (void)
  /* Bad integrity (bad password) */
  len = sizeof (resp);
  val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
-                              sizeof (ip4), ufrag, "bad", &control, tie);
+                              sizeof (ip4), ufrag, "bad", &control, tie, 0);
  assert (val == EPERM);
  assert (len > 0);
  assert (stun_match_messages (resp, req, NULL, 0, &code)
@@ -187,7 +187,7 @@ int main (void)
  ip4.sin_family = AF_UNSPEC;
  len = sizeof (resp);
  val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
-                              sizeof (ip4), ufrag, pass, &control, tie);
+                              sizeof (ip4), ufrag, pass, &control, tie, 0);
  assert (val == EAFNOSUPPORT);

  ip4.sin_family = AF_INET;
@@ -201,7 +201,7 @@ int main (void)

  len = sizeof (resp);
  val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
-                              sizeof (ip4), ufrag, pass, &control, tie);
+                              sizeof (ip4), ufrag, pass, &control, tie, 0);
  assert (val == EINVAL);
  assert (len == 0);

@@ -216,7 +216,7 @@ int main (void)
  len = sizeof (resp);
  control = true;
  val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
-                              sizeof (ip4), ufrag, pass, &control, tie);
+                              sizeof (ip4), ufrag, pass, &control, tie, 0);
  assert (val == EACCES);
  assert (len > 0);
  assert (control == false);
@@ -235,7 +235,7 @@ int main (void)
  len = sizeof (resp);
  control = false;
  val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
-                              sizeof (ip4), ufrag, pass, &control, tie);
+                              sizeof (ip4), ufrag, pass, &control, tie, 0);
  assert (val == 0);
  assert (len > 0);
  assert (control == false);