diff --git a/ChangeLog b/ChangeLog index 78d391e..478ab56 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +05/18/2014 Oleg Moskalenko +Version 4.0.0.2 'Threetrees': + - Code cleaning. + 05/07/2014 Oleg Moskalenko Version 4.0.0.1 'Threetrees': - Kernel channel placeholder definitions. diff --git a/Makefile.in b/Makefile.in index 785d738..cea66b3 100755 --- a/Makefile.in +++ b/Makefile.in @@ -7,7 +7,7 @@ CFLAGS += ${INCFLAGS} MAKE_DEPS = Makefile -LIBCLIENTTURN_HEADERS = src/ns_turn_defs.h src/client++/TurnMsgLib.h src/client/ns_turn_ioaddr.h src/client/ns_turn_msg.h src/client/ns_turn_msg_defs.h src/client/ns_turn_msg_addr.h +LIBCLIENTTURN_HEADERS = src/ns_turn_defs.h src/client++/TurnMsgLib.h src/client/ns_turn_ioaddr.h src/client/ns_turn_msg.h src/client/ns_turn_msg_defs.h src/client/ns_turn_msg_defs_new.h src/client/ns_turn_msg_addr.h LIBCLIENTTURN_MODS = src/client/ns_turn_ioaddr.c src/client/ns_turn_msg_addr.c src/client/ns_turn_msg.c LIBCLIENTTURN_DEPS = ${LIBCLIENTTURN_HEADERS} ${MAKE_DEPS} LIBCLIENTTURN_OBJS = build/obj/ns_turn_ioaddr.o build/obj/ns_turn_msg_addr.o build/obj/ns_turn_msg.o diff --git a/rpm/build.settings.sh b/rpm/build.settings.sh index a85378f..c75808e 100755 --- a/rpm/build.settings.sh +++ b/rpm/build.settings.sh @@ -2,7 +2,7 @@ # Common settings script. -TURNVERSION=4.0.0.1 +TURNVERSION=4.0.0.2 BUILDDIR=~/rpmbuild ARCH=`uname -p` TURNSERVER_SVN_URL=http://coturn.googlecode.com/svn diff --git a/rpm/turnserver.spec b/rpm/turnserver.spec index 2b63720..fe0d9fb 100644 --- a/rpm/turnserver.spec +++ b/rpm/turnserver.spec @@ -1,5 +1,5 @@ Name: turnserver -Version: 4.0.0.1 +Version: 4.0.0.2 Release: 0%{dist} Summary: Coturn TURN Server @@ -284,10 +284,13 @@ fi %{_includedir}/turn/client/ns_turn_ioaddr.h %{_includedir}/turn/client/ns_turn_msg_addr.h %{_includedir}/turn/client/ns_turn_msg_defs.h +%{_includedir}/turn/client/ns_turn_msg_defs_new.h %{_includedir}/turn/client/ns_turn_msg.h %{_includedir}/turn/client/TurnMsgLib.h %changelog +* Sun May 18 2014 Oleg Moskalenko + - Sync to 4.0.0.2 * Wed May 07 2014 Oleg Moskalenko - Sync to 4.0.0.1 * Wed Apr 30 2014 Oleg Moskalenko diff --git a/src/apps/uclient/startuclient.c b/src/apps/uclient/startuclient.c index 35016c8..825478e 100644 --- a/src/apps/uclient/startuclient.c +++ b/src/apps/uclient/startuclient.c @@ -439,14 +439,14 @@ static int clnet_allocate(int verbose, } else if (stun_is_challenge_response_str(message.buf, (size_t)message.len, &err_code,err_msg,sizeof(err_msg), clnet_info->realm,clnet_info->nonce)) { - if(err_code == SHA_TOO_WEAK && (clnet_info->shatype == SHATYPE_SHA1)) { + if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA1)) { clnet_info->shatype = SHATYPE_SHA256; recalculate_restapi_hmac(); } goto beg_allocate; } else if (stun_is_error_response(&message, &err_code,err_msg,sizeof(err_msg))) { - if(err_code == SHA_TOO_WEAK && (clnet_info->shatype == SHATYPE_SHA1) && use_short_term) { + if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA1) && use_short_term) { clnet_info->shatype = SHATYPE_SHA256; goto beg_allocate; } @@ -627,7 +627,7 @@ static int clnet_allocate(int verbose, } else if (stun_is_challenge_response_str(message.buf, (size_t)message.len, &err_code,err_msg,sizeof(err_msg), clnet_info->realm,clnet_info->nonce)) { - if(err_code == SHA_TOO_WEAK && (clnet_info->shatype == SHATYPE_SHA1)) { + if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA1)) { clnet_info->shatype = SHATYPE_SHA256; recalculate_restapi_hmac(); } @@ -728,7 +728,7 @@ static int turn_channel_bind(int verbose, uint16_t *chn, } else if (stun_is_challenge_response_str(message.buf, (size_t)message.len, &err_code,err_msg,sizeof(err_msg), clnet_info->realm,clnet_info->nonce)) { - if(err_code == SHA_TOO_WEAK && (clnet_info->shatype == SHATYPE_SHA1)) { + if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA1)) { clnet_info->shatype = SHATYPE_SHA256; recalculate_restapi_hmac(); } @@ -839,7 +839,7 @@ static int turn_create_permission(int verbose, app_ur_conn_info *clnet_info, } else if (stun_is_challenge_response_str(message.buf, (size_t)message.len, &err_code,err_msg,sizeof(err_msg), clnet_info->realm,clnet_info->nonce)) { - if(err_code == SHA_TOO_WEAK && (clnet_info->shatype == SHATYPE_SHA1)) { + if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA1)) { clnet_info->shatype = SHATYPE_SHA256; recalculate_restapi_hmac(); } @@ -1418,7 +1418,7 @@ static int turn_tcp_connection_bind(int verbose, app_ur_conn_info *clnet_info, a } else if (stun_is_challenge_response_str(message.buf, (size_t)message.len, &err_code,err_msg,sizeof(err_msg), clnet_info->realm,clnet_info->nonce)) { - if(err_code == SHA_TOO_WEAK && (clnet_info->shatype == SHATYPE_SHA1)) { + if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA1)) { clnet_info->shatype = SHATYPE_SHA256; recalculate_restapi_hmac(); } diff --git a/src/apps/uclient/uclient.c b/src/apps/uclient/uclient.c index 75827a3..4180eb3 100644 --- a/src/apps/uclient/uclient.c +++ b/src/apps/uclient/uclient.c @@ -596,7 +596,7 @@ static int client_read(app_ur_session *elem, int is_tcp_data, app_tcp_conn_info } else if (stun_is_challenge_response_str(elem->in_buffer.buf, (size_t)elem->in_buffer.len, &err_code,err_msg,sizeof(err_msg), clnet_info->realm,clnet_info->nonce)) { - if(err_code == SHA_TOO_WEAK && (elem->pinfo.shatype == SHATYPE_SHA1)) { + if(err_code == SHA_TOO_WEAK_ERROR_CODE && (elem->pinfo.shatype == SHATYPE_SHA1)) { elem->pinfo.shatype = SHATYPE_SHA256; recalculate_restapi_hmac(); } diff --git a/src/client/ns_turn_msg.c b/src/client/ns_turn_msg.c index ceeada6..955a240 100644 --- a/src/client/ns_turn_msg.c +++ b/src/client/ns_turn_msg.c @@ -281,7 +281,7 @@ int stun_is_challenge_response_str(const u08bits* buf, size_t len, int *err_code { int ret = stun_is_error_response_str(buf, len, err_code, err_msg, err_msg_size); - if(ret && (((*err_code) == 401) || ((*err_code) == 438) || ((*err_code) == SHA_TOO_WEAK))) { + if(ret && (((*err_code) == 401) || ((*err_code) == 438) || ((*err_code) == SHA_TOO_WEAK_ERROR_CODE))) { stun_attr_ref sar = stun_attr_get_first_by_type_str(buf,len,STUN_ATTRIBUTE_REALM); if(sar) { diff --git a/src/client/ns_turn_msg_defs.h b/src/client/ns_turn_msg_defs.h index 431e1e8..1154845 100644 --- a/src/client/ns_turn_msg_defs.h +++ b/src/client/ns_turn_msg_defs.h @@ -31,6 +31,8 @@ #ifndef __LIB_TURN_MSG_DEFS__ #define __LIB_TURN_MSG_DEFS__ +#include "ns_turn_msg_defs_new.h" + /////////////////////////////////////////// // http://www.iana.org/assignments/stun-parameters/stun-parameters.xhtml /////////////////////////////////////////// @@ -40,7 +42,6 @@ #define STUN_MAX_USERNAME_SIZE (513) #define STUN_MAX_REALM_SIZE (127) -#define STUN_MAX_ORIGIN_SIZE (127) #define STUN_MAX_NONCE_SIZE (127) #define STUN_MAX_PWD_SIZE (127) @@ -129,7 +130,7 @@ #define STUN_VALID_CHANNEL(chn) ((chn)>=0x4000 && (chn)<=0x7FFF) -///////// values ////////////////// +///////// extra values ////////////////// /* RFC 6156 ==>> */ #define STUN_ATTRIBUTE_REQUESTED_ADDRESS_FAMILY_VALUE_IPV4 (0x01) @@ -151,10 +152,6 @@ #define STUN_ATTRIBUTE_MOBILITY_SUPPORT (0x8000) /* <<== Mobility */ -/* Origin ==>> */ -#define STUN_ATTRIBUTE_ORIGIN (0x802F) -/* <<== Origin */ - //////////////////////////////////////////////// #endif //__LIB_TURN_MSG_DEFS__ diff --git a/src/client/ns_turn_msg_defs_new.h b/src/client/ns_turn_msg_defs_new.h new file mode 100644 index 0000000..4ec2a16 --- /dev/null +++ b/src/client/ns_turn_msg_defs_new.h @@ -0,0 +1,61 @@ +/* + * Copyright (C) 2011, 2012, 2013 Citrix Systems + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the project nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef __LIB_TURN_MSG_DEFS_NEW__ +#define __LIB_TURN_MSG_DEFS_NEW__ + +/***** POST-RFC5766 FRESH SPECS ***********/ + +/* Origin ==>> */ +#define STUN_MAX_ORIGIN_SIZE (127) +#define STUN_ATTRIBUTE_ORIGIN (0x802F) +/* <<== Origin */ + +/* SHA AGILITY ==>> */ + +#define SHA1SIZEBYTES (20) +#define SHA256SIZEBYTES (32) + +#define MAXSHASIZE (128) + +enum _SHATYPE { + SHATYPE_SHA1 = 0, + SHATYPE_SHA256 +}; + +typedef enum _SHATYPE SHATYPE; + +#define shatype_name(sht) ((sht == SHATYPE_SHA1) ? "SHA1" : ((sht == SHATYPE_SHA256) ? "SHA256" : "SHA UNKNOWN")) + +#define SHA_TOO_WEAK_ERROR_CODE (426) + +/* <<== SHA AGILITY */ + +#endif //__LIB_TURN_MSG_DEFS_NEW__ diff --git a/src/ns_turn_defs.h b/src/ns_turn_defs.h index 05f602d..363c91b 100644 --- a/src/ns_turn_defs.h +++ b/src/ns_turn_defs.h @@ -31,7 +31,7 @@ #ifndef __IOADEFS__ #define __IOADEFS__ -#define TURN_SERVER_VERSION "4.0.0.1" +#define TURN_SERVER_VERSION "4.0.0.2" #define TURN_SERVER_VERSION_NAME "Threetrees" #define TURN_SOFTWARE "Coturn-"TURN_SERVER_VERSION" '"TURN_SERVER_VERSION_NAME"'" @@ -156,24 +156,6 @@ typedef u32bits turn_time_t; }\ } } while(0) -////////////////// Security //////////////////////////// - -#define SHA1SIZEBYTES (20) -#define SHA256SIZEBYTES (32) - -#define MAXSHASIZE (128) - -enum _SHATYPE { - SHATYPE_SHA1 = 0, - SHATYPE_SHA256 -}; - -typedef enum _SHATYPE SHATYPE; - -#define shatype_name(sht) ((sht == SHATYPE_SHA1) ? "SHA1" : ((sht == SHATYPE_SHA256) ? "SHA256" : "SHA UNKNOWN")) - -#define SHA_TOO_WEAK (426) - //////////////// KERNEL-LEVEL CHANNEL HANDLERS ///////// #if !defined(TURN_CHANNEL_HANDLER_KERNEL) diff --git a/src/server/ns_turn_server.c b/src/server/ns_turn_server.c index 42b3518..041a393 100644 --- a/src/server/ns_turn_server.c +++ b/src/server/ns_turn_server.c @@ -2866,7 +2866,7 @@ static int check_stun_auth(turn_turnserver *server, switch(sarlen) { case SHA1SIZEBYTES: if(server->shatype != SHATYPE_SHA1) { - *err_code = SHA_TOO_WEAK; + *err_code = SHA_TOO_WEAK_ERROR_CODE; return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method); } break; @@ -3010,7 +3010,7 @@ static int check_stun_auth(turn_turnserver *server, TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: user %s credentials are incorrect: SHA function is too weak\n", __FUNCTION__, (char*)usname); - *err_code = SHA_TOO_WEAK; + *err_code = SHA_TOO_WEAK_ERROR_CODE; *reason = (const u08bits*)"Unauthorised: weak SHA function is used"; if(server->ct != TURN_CREDENTIALS_SHORT_TERM) { return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);