Commit f8426ce2 authored by Youness Alaoui's avatar Youness Alaoui
Browse files

Add compatiblity to gtalk on inbound username checking

darcs-hash:20080423205841-4f0f6-9e93de5c579e6c0d5fbfc983e7db790d863e3608.gz
parent 5dd2daa0
......@@ -98,7 +98,7 @@ typedef enum
typedef enum
{
NICE_COMPATIBILITY_ID19,
NICE_COMPATIBILITY_ID19 = 0,
NICE_COMPATIBILITY_GOOGLE,
NICE_COMPATIBILITY_MSN,
NICE_COMPATIBILITY_LAST = NICE_COMPATIBILITY_MSN
......
......@@ -1565,7 +1565,7 @@ gboolean conn_check_handle_inbound_stun (NiceAgent *agent, Stream *stream, Compo
res = stun_conncheck_reply (rbuf, &rbuf_len, (const uint8_t*)buf, &sockaddr, sizeof (sockaddr),
stream->local_ufrag, stream->local_password,
&control, agent->tie_breaker);
&control, agent->tie_breaker, agent->compatibility);
if (res == EACCES)
priv_check_for_role_conflict (agent, control);
......
......@@ -80,7 +80,7 @@ stun_conncheck_reply (uint8_t *restrict buf, size_t *restrict plen,
const uint8_t *msg,
const struct sockaddr *restrict src, socklen_t srclen,
const char *local_ufrag, const char *pass,
bool *restrict control, uint64_t tie)
bool *restrict control, uint64_t tie, uint32_t compat)
{
size_t len = *plen;
uint64_t q;
......@@ -122,14 +122,14 @@ stun_conncheck_reply (uint8_t *restrict buf, size_t *restrict plen,
/* Short term credentials checking */
val = 0;
if (!stun_present (msg, STUN_MESSAGE_INTEGRITY)
|| !stun_present (msg, STUN_USERNAME))
|| (compat != 1 && !stun_present (msg, STUN_USERNAME)))
{
DBG (" Missing USERNAME or MESSAGE-INTEGRITY.\n");
val = STUN_BAD_REQUEST;
}
else
if (stun_verify_username (msg, local_ufrag)
|| stun_verify_password (msg, pass))
if (stun_verify_username (msg, local_ufrag, compat)
|| (compat != 1 && stun_verify_password (msg, pass)))
{
DBG (" Integrity check failed.\n");
val = STUN_UNAUTHORIZED;
......
......@@ -103,7 +103,7 @@ stun_conncheck_reply (uint8_t *restrict buf, size_t *restrict plen,
const uint8_t *msg,
const struct sockaddr *restrict src, socklen_t srclen,
const char *local_ufrag, const char *pass,
bool *restrict control, uint64_t tie);
bool *restrict control, uint64_t tie, uint32_t compat);
/**
* Extracts the priority from a STUN message.
......
......@@ -363,7 +363,7 @@ bool stun_match_messages (const uint8_t *restrict resp,
int *restrict error);
int stun_verify_key (const uint8_t *msg, const void *key, size_t keylen);
int stun_verify_password (const uint8_t *msg, const char *pw);
int stun_verify_username (const uint8_t *msg, const char *local_ufrag);
int stun_verify_username (const uint8_t *msg, const char *local_ufrag, uint32_t compat);
/**
* Looks for an attribute in a *valid* STUN message.
......
......@@ -496,10 +496,12 @@ int stun_verify_password (const uint8_t *msg, const char *pw)
* the local username fragment, EPERM if the username was incorrect,
* and ENOENT if there was no USERNAME attribute
*/
int stun_verify_username (const uint8_t *msg, const char *local_ufrag)
int stun_verify_username (const uint8_t *msg, const char *local_ufrag, uint32_t compat)
{
const char *username, *n;
uint16_t username_len;
uint16_t local_username_len;
assert (msg != NULL);
username = (const char *)stun_find (msg, STUN_USERNAME, &username_len);
if (username == NULL)
......@@ -507,15 +509,20 @@ int stun_verify_username (const uint8_t *msg, const char *local_ufrag)
DBG ("STUN auth error: no USERNAME attribute!\n");
return ENOENT;
}
n = strchr (username, ':');
if (n == NULL)
{
DBG ("STUN auth error: no colon in USERNAME!\n");
return EPERM;
if (compat == 1) {
local_username_len = strlen (local_ufrag);
} else {
n = strchr (username, ':');
if (n == NULL)
{
DBG ("STUN auth error: no colon in USERNAME!\n");
return EPERM;
}
local_username_len = n - username;
}
if (strncmp(username, local_ufrag, n - username) != 0)
if (strncmp(username, local_ufrag, local_username_len) != 0)
{
DBG ("STUN auth error: local ufrag doesn't match (uname:%s,ufrag:%s,msg:%s)!\n", username,local_ufrag, n);
DBG ("STUN auth error: local ufrag doesn't match (uname:%s,ufrag:%s)!\n", username,local_ufrag);
return EPERM;
}
......
......@@ -82,7 +82,7 @@ int main (void)
len = sizeof (resp);
val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
sizeof (ip4), ufrag, pass, &control, tie);
sizeof (ip4), ufrag, pass, &control, tie, 0);
assert (val == EINVAL);
assert (len == 0);
......@@ -94,7 +94,7 @@ int main (void)
len = sizeof (resp);
val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
sizeof (ip4), ufrag, pass, &control, tie);
sizeof (ip4), ufrag, pass, &control, tie, 0);
assert (val == EPROTO);
assert (len > 0);
......@@ -109,7 +109,7 @@ int main (void)
len = sizeof (resp);
val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
sizeof (ip4), username, pass, &control, tie);
sizeof (ip4), username, pass, &control, tie, 0);
assert (val == EPROTO);
assert (len > 0);
......@@ -121,7 +121,7 @@ int main (void)
len = sizeof (resp);
val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
sizeof (ip4), ufrag, pass, &control, tie);
sizeof (ip4), ufrag, pass, &control, tie, 0);
assert (val == EPERM);
assert (len > 0);
assert (stun_match_messages (resp, req, NULL, 0, &code)
......@@ -135,7 +135,7 @@ int main (void)
len = sizeof (resp);
val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
sizeof (ip4), ufrag, pass, &control, tie);
sizeof (ip4), ufrag, pass, &control, tie, 0);
assert (val == EPERM);
assert (len > 0);
assert (stun_match_messages (resp, req, NULL, 0, &code)
......@@ -155,7 +155,7 @@ int main (void)
len = sizeof (resp);
val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
sizeof (ip4), ufrag, pass, &control, tie);
sizeof (ip4), ufrag, pass, &control, tie, 0);
assert (val == 0);
assert (len > 0);
assert (stun_match_messages (resp, req, (uint8_t *)pass,
......@@ -167,7 +167,7 @@ int main (void)
/* Bad username */
len = sizeof (resp);
val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
sizeof (ip4), "bad", pass, &control, tie);
sizeof (ip4), "bad", pass, &control, tie, 0);
assert (val == EPERM);
assert (len > 0);
assert (stun_match_messages (resp, req, NULL, 0, &code)
......@@ -176,7 +176,7 @@ int main (void)
/* Bad integrity (bad password) */
len = sizeof (resp);
val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
sizeof (ip4), ufrag, "bad", &control, tie);
sizeof (ip4), ufrag, "bad", &control, tie, 0);
assert (val == EPERM);
assert (len > 0);
assert (stun_match_messages (resp, req, NULL, 0, &code)
......@@ -187,7 +187,7 @@ int main (void)
ip4.sin_family = AF_UNSPEC;
len = sizeof (resp);
val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
sizeof (ip4), ufrag, pass, &control, tie);
sizeof (ip4), ufrag, pass, &control, tie, 0);
assert (val == EAFNOSUPPORT);
ip4.sin_family = AF_INET;
......@@ -201,7 +201,7 @@ int main (void)
len = sizeof (resp);
val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
sizeof (ip4), ufrag, pass, &control, tie);
sizeof (ip4), ufrag, pass, &control, tie, 0);
assert (val == EINVAL);
assert (len == 0);
......@@ -216,7 +216,7 @@ int main (void)
len = sizeof (resp);
control = true;
val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
sizeof (ip4), ufrag, pass, &control, tie);
sizeof (ip4), ufrag, pass, &control, tie, 0);
assert (val == EACCES);
assert (len > 0);
assert (control == false);
......@@ -235,7 +235,7 @@ int main (void)
len = sizeof (resp);
control = false;
val = stun_conncheck_reply (resp, &len, req, (struct sockaddr *)&ip4,
sizeof (ip4), ufrag, pass, &control, tie);
sizeof (ip4), ufrag, pass, &control, tie, 0);
assert (val == 0);
assert (len > 0);
assert (control == false);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment