signalapp/coturn
signalapp/coturn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Disable integrity check for password
Some checks failed
clang-tidy / clang-tidy (Release) (push) Has been cancelled
Details
AmazonLinux / builds (amazonlinux:2) (push) Has been cancelled
Details
AmazonLinux / builds (amazonlinux:2023) (push) Has been cancelled
Details
CMake / build (push) Has been cancelled
Details
CodeQL / CodeQL Analyze (push) Has been cancelled
Details
compiler-sanitizers / compiler-sanitizers (address,pointer-compare,pointer-subtract) (push) Has been cancelled
Details
compiler-sanitizers / compiler-sanitizers (thread) (push) Has been cancelled
Details
Lint / build (push) Has been cancelled
Details
MacOS / builds (macos-12) (push) Has been cancelled
Details
MacOS / builds (macos-13) (push) Has been cancelled
Details
MacOS / builds (macos-14) (push) Has been cancelled
Details
mingw / build (OFF, Debug, windows-latest) (push) Has been cancelled
Details
mingw / build (OFF, Release, windows-latest) (push) Has been cancelled
Details
msvc-analyzer / msvc-analyzer (OFF, Release, x64, v143) (push) Has been cancelled
Details
msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Debug, Win32, v142, windows-latest, x86-windows) (push) Has been cancelled
Details
msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Debug, x64, v143, windows-latest, x64-windows) (push) Has been cancelled
Details
msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Release, Win32, v142, windows-latest, x86-windows) (push) Has been cancelled
Details
msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Release, x64, v143, windows-latest, x64-windows) (push) Has been cancelled
Details
msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Debug, Win32, v142, windows-latest, x86-windows) (push) Has been cancelled
Details
msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Debug, x64, v143, windows-latest, x64-windows) (push) Has been cancelled
Details
msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Release, Win32, v142, windows-latest, x86-windows) (push) Has been cancelled
Details
msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Release, x64, v143, windows-latest, x64-windows) (push) Has been cancelled
Details
Ubuntu / builds (ubuntu:16.04) (push) Has been cancelled
Details
Ubuntu / builds (ubuntu:18.04) (push) Has been cancelled
Details
Ubuntu / builds (ubuntu:20.04) (push) Has been cancelled
Details
Ubuntu / builds (ubuntu:22.04) (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Adel Lahlou 2024-10-02 14:04:27 -07:00
parent a2b6942f61
commit 03c97fe0b9
3 changed files with 39 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
run_server.sh Normal file
View File

22
src/client/ns_turn_msg.c
View File

@ -1934,6 +1934,7 @@ int stun_check_message_integrity_by_key_str(turn_credential_type ct, uint8_t *bu
int res = 0;
uint8_t new_hmac[MAXSHASIZE] = {0};
if (ct == TURN_CREDENTIALS_SHORT_TERM) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - integrity check for short term credential!\n");
if (!stun_calculate_hmac(buf, (size_t)new_len - 4 - shasize, pwd, strlen((char *)pwd), new_hmac, &shasize,
shatype)) {
res = -1;
@ -1941,12 +1942,22 @@ int stun_check_message_integrity_by_key_str(turn_credential_type ct, uint8_t *bu
res = 0;
}
} else {
// TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - integrity check for long term credential!\n");
const uint8_t *old_hmac = stun_attr_get_value(sar);
if (!old_hmac) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - no old hmac provided!\n");
return -1;
}
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - key before: %s, old hmac: %s\n", key, (char *) old_hmac);
if (!stun_calculate_hmac(buf, (size_t)new_len - 4 - shasize, key, get_hmackey_size(shatype), new_hmac, &shasize,
shatype)) {
res = -1;
} else {
res = 0;
}
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - key after: %s, new hmac: %s\n", key, (char *) new_hmac);
}
// res = -1;
// } else {
// res = 0;
// }
return +1;
}
stun_set_command_message_len_str(buf, orig_len);
@ -1954,12 +1965,15 @@ int stun_check_message_integrity_by_key_str(turn_credential_type ct, uint8_t *bu
return -1;
}
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - getting old hmac!\n");
const uint8_t *old_hmac = stun_attr_get_value(sar);
if (!old_hmac) {
return -1;
}
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - comparing old and new hmac!\n");
if (0 != memcmp(old_hmac, new_hmac, shasize)) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - failed integrity check!\n");
return 0;
}

33
src/server/ns_turn_server.c
View File

@ -3586,18 +3586,20 @@ static int check_stun_auth(turn_turnserver *server, ts_ur_super_session *ss, stu
/* Password */
if (!(ss->hmackey_set) && (ss->pwd[0] == 0)) {
if (can_resume) {
(server->userkeycb)(server->id, server->ct, server->oauth, &(ss->oauth), usname, realm,
resume_processing_after_username_check, in_buffer, ss->id, postpone_reply);
if (*postpone_reply) {
return 0;
}
}
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "session %018llu: %s: Cannot find credentials of user <%s>\n",
(unsigned long long)(ss->id), __FUNCTION__, (char *)usname);
*err_code = 401;
return create_challenge_response(ss, tid, resp_constructed, err_code, reason, nbh, method);
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - skipping password check!\n");
// if (can_resume) {
// TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - password checker can resume!\n");
// (server->userkeycb)(server->id, server->ct, server->oauth, &(ss->oauth), usname, realm,
// resume_processing_after_username_check, in_buffer, ss->id, postpone_reply);
// if (*postpone_reply) {
// return 0;
// }
// }
//
// TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "session %018llu: %s: Cannot find credentials of user <%s>\n",
// (unsigned long long)(ss->id), __FUNCTION__, (char *)usname);
// *err_code = 401;
// return create_challenge_response(ss, tid, resp_constructed, err_code, reason, nbh, method);
}
/* Check integrity */
@ -3621,6 +3623,7 @@ static int check_stun_auth(turn_turnserver *server, ts_ur_super_session *ss, stu
*message_integrity = 1;
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - finished auth!\n");
return 0;
}
@ -3833,6 +3836,8 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,
} else if (!(*(server->mobility)) || (method != STUN_METHOD_REFRESH) ||
is_allocation_valid(get_allocation_ss(ss))) {
int postpone_reply = 0;
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - handling turn command for method %d!\n", method);
check_stun_auth(server, ss, &tid, resp_constructed, &err_code, &reason, in_buffer, nbh, method,
&message_integrity, &postpone_reply, can_resume);
if (postpone_reply) {
@ -3849,6 +3854,7 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,
case STUN_METHOD_ALLOCATE:
{
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - handling turn command for ALLOCATE!\n");
handle_turn_allocate(server, ss, &tid, resp_constructed, &err_code, &reason, unknown_attrs, &ua_num, in_buffer,
nbh);
@ -3861,6 +3867,7 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,
case STUN_METHOD_CONNECT:
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - handling turn command for CONNECT!\n");
handle_turn_connect(server, ss, &tid, &err_code, &reason, unknown_attrs, &ua_num, in_buffer);
if (server->verbose) {
@ -3875,6 +3882,7 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,
case STUN_METHOD_CONNECTION_BIND:
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - handling turn command for BIND!\n");
handle_turn_connection_bind(server, ss, &tid, resp_constructed, &err_code, &reason, unknown_attrs, &ua_num,
in_buffer, nbh, message_integrity, can_resume);
@ -3886,6 +3894,7 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,
case STUN_METHOD_REFRESH:
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - handling turn command for REFRESH!\n");
handle_turn_refresh(server, ss, &tid, resp_constructed, &err_code, &reason, unknown_attrs, &ua_num, in_buffer,
nbh, message_integrity, &no_response, can_resume);