Gitiles
Code Review Sign In
review.jami.net / pjproject / 319c8173be1a45fdc6830fe6c8637d82403802d4 / . / pjnath / src / pjturn-srv / auth.c
blob: 769aee7f8908fe58b54b98aae2d04956cf14f07c [file] [log] [blame]
/* $Id$ */
/*
* Copyright (C) 2008-2009 Teluu Inc. (http://www.teluu.com)
* Copyright (C) 2003-2008 Benny Prijono <benny@prijono.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include "auth.h"
#include <pjlib.h>
#define MAX_REALM 80
#define MAX_USERNAME 32
#define MAX_PASSWORD 32
#define MAX_NONCE 32
static char g_realm[MAX_REALM];
static struct cred_t
{
char username[MAX_USERNAME];
char passwd[MAX_PASSWORD];
} g_cred[] =
{
{ "100", "100" },
{ "700", "700" },
{ "701", "701" }
};
#define THIS_FILE "auth.c"
#define THE_NONCE "pjnath"
#define LOG(expr) PJ_LOG(3,expr)
/*
* Initialize TURN authentication subsystem.
*/
PJ_DEF(pj_status_t) pj_turn_auth_init(const char *realm)
{
PJ_ASSERT_RETURN(pj_ansi_strlen(realm) < MAX_REALM, PJ_ENAMETOOLONG);
pj_ansi_strcpy(g_realm, realm);
return PJ_SUCCESS;
}
/*
* Shutdown TURN authentication subsystem.
*/
PJ_DEF(void) pj_turn_auth_dinit(void)
{
/* Nothing to do */
}
/*
* This function is called by pj_stun_verify_credential() when
* server needs to challenge the request with 401 response.
*/
PJ_DEF(pj_status_t) pj_turn_get_auth(void *user_data,
pj_pool_t *pool,
pj_str_t *realm,
pj_str_t *nonce)
{
PJ_UNUSED_ARG(user_data);
PJ_UNUSED_ARG(pool);
*realm = pj_str(g_realm);
*nonce = pj_str(THE_NONCE);
return PJ_SUCCESS;
}
/*
* This function is called to get the password for the specified username.
* This function is also used to check whether the username is valid.
*/
PJ_DEF(pj_status_t) pj_turn_get_password(const pj_stun_msg *msg,
void *user_data,
const pj_str_t *realm,
const pj_str_t *username,
pj_pool_t *pool,
pj_stun_passwd_type *data_type,
pj_str_t *data)
{
unsigned i;
PJ_UNUSED_ARG(msg);
PJ_UNUSED_ARG(user_data);
PJ_UNUSED_ARG(pool);
if (pj_stricmp2(realm, g_realm)) {
LOG((THIS_FILE, "auth error: invalid realm '%.*s'",
(int)realm->slen, realm->ptr));
return PJ_EINVAL;
}
for (i=0; i<PJ_ARRAY_SIZE(g_cred); ++i) {
if (pj_stricmp2(username, g_cred[i].username) == 0) {
*data_type = PJ_STUN_PASSWD_PLAIN;
*data = pj_str(g_cred[i].passwd);
return PJ_SUCCESS;
}
}
LOG((THIS_FILE, "auth error: user '%.*s' not found",
(int)username->slen, username->ptr));
return PJ_ENOTFOUND;
}
/*
* This function will be called to verify that the NONCE given
* in the message can be accepted. If this callback returns
* PJ_FALSE, 438 (Stale Nonce) response will be created.
*/
PJ_DEF(pj_bool_t) pj_turn_verify_nonce(const pj_stun_msg *msg,
void *user_data,
const pj_str_t *realm,
const pj_str_t *username,
const pj_str_t *nonce)
{
PJ_UNUSED_ARG(msg);
PJ_UNUSED_ARG(user_data);
PJ_UNUSED_ARG(realm);
PJ_UNUSED_ARG(username);
if (pj_stricmp2(nonce, THE_NONCE)) {
LOG((THIS_FILE, "auth error: invalid nonce '%.*s'",
(int)nonce->slen, nonce->ptr));
return PJ_FALSE;
}
return PJ_TRUE;
}