working on oauth

src/apps/relay/netengine.c

@@ -386,7 +386,7 @@ static void auth_server_receive_message(struct bufferevent *bev, void *ptr)
       }
     } else {
       hmackey_t key;
-      if(get_user_key(am.username,am.realm,key,am.in_buffer.nbh)<0) {
+      if(get_user_key(&(am.oauth),am.username,am.realm,key,am.in_buffer.nbh)<0) {
     	  am.success = 0;
       } else {
     	  ns_bcopy(key,am.key,sizeof(hmackey_t));
@@ -768,7 +768,7 @@ static int handle_relay_message(relay_server_handle rs, struct message_to_relay
 
 static void handle_relay_auth_message(struct relay_server *rs, struct auth_message *am)
 {
-	am->resume_func(am->success, am->key, am->pwd,
+	am->resume_func(am->success, am->oauth, am->key, am->pwd,
 				&(rs->server), am->ctxkey, &(am->in_buffer));
 	if (am->in_buffer.nbh) {
 		ioa_network_buffer_delete(rs->ioa_eng, am->in_buffer.nbh);

src/apps/relay/userdb.c

@@ -396,10 +396,12 @@ static char *get_real_username(char *usname)
 }
 
 /*
- * Long-term mechanism password retrieval
+ * Password retrieval
  */
-int get_user_key(u08bits *usname, u08bits *realm, hmackey_t key, ioa_network_buffer_handle nbh)
+int get_user_key(int *oauth, u08bits *usname, u08bits *realm, hmackey_t key, ioa_network_buffer_handle nbh)
 {
+	UNUSED_ARG(oauth);
+
 	int ret = -1;
 
 	if(turn_params.use_auth_secret_with_timestamp) {
@@ -529,7 +531,7 @@ int get_user_pwd(u08bits *usname, st_password_t pwd)
   return ret;
 }
 
-u08bits *start_user_check(turnserver_id id, turn_credential_type ct, u08bits *usname, u08bits *realm, get_username_resume_cb resume, ioa_net_data *in_buffer, u64bits ctxkey, int *postpone_reply)
+u08bits *start_user_check(turnserver_id id, turn_credential_type ct, int oauth, u08bits *usname, u08bits *realm, get_username_resume_cb resume, ioa_net_data *in_buffer, u64bits ctxkey, int *postpone_reply)
 {
 	*postpone_reply = 1;
 
@@ -537,6 +539,7 @@ u08bits *start_user_check(turnserver_id id, turn_credential_type ct, u08bits *us
 	ns_bzero(&am,sizeof(struct auth_message));
 	am.id = id;
 	am.ct = ct;
+	am.oauth = oauth;
 	STRCPY(am.username,usname);
 	STRCPY(am.realm,realm);
 	am.resume_func = resume;

src/apps/relay/userdb.h

@@ -86,6 +86,7 @@ void update_o_to_realm(ur_string_map * o_to_realm_new);
 struct auth_message {
 	turnserver_id id;
 	turn_credential_type ct;
+	int oauth;
 	u08bits username[STUN_MAX_USERNAME_SIZE + 1];
 	u08bits realm[STUN_MAX_REALM_SIZE + 1];
 	hmackey_t key;
@@ -187,9 +188,9 @@ void add_to_secrets_list(secrets_list_t *sl, const char* elem);
 
 /////////// USER DB CHECK //////////////////
 
-int get_user_key(u08bits *uname, u08bits *realm, hmackey_t key, ioa_network_buffer_handle nbh);
+int get_user_key(int *oauth, u08bits *uname, u08bits *realm, hmackey_t key, ioa_network_buffer_handle nbh);
 int get_user_pwd(u08bits *uname, st_password_t pwd);
-u08bits *start_user_check(turnserver_id id, turn_credential_type ct, u08bits *uname, u08bits *realm, get_username_resume_cb resume, ioa_net_data *in_buffer, u64bits ctxkey, int *postpone_reply);
+u08bits *start_user_check(turnserver_id id, turn_credential_type ct, int oauth, u08bits *uname, u08bits *realm, get_username_resume_cb resume, ioa_net_data *in_buffer, u64bits ctxkey, int *postpone_reply);
 int check_new_allocation_quota(u08bits *username, u08bits *realm);
 void release_allocation_quota(u08bits *username, u08bits *realm);
 

src/server/ns_turn_server.c

@@ -3094,7 +3094,7 @@ static int create_challenge_response(ts_ur_super_session *ss, stun_tid *tid, int
 #define min(a,b) ((a)<=(b) ? (a) : (b))
 #endif
 
-static void resume_processing_after_username_check(int success,  hmackey_t hmackey, st_password_t pwd, turn_turnserver *server, u64bits ctxkey, ioa_net_data *in_buffer)
+static void resume_processing_after_username_check(int success,  int oauth, hmackey_t hmackey, st_password_t pwd, turn_turnserver *server, u64bits ctxkey, ioa_net_data *in_buffer)
 {
 
 	if(server && in_buffer && in_buffer->nbh) {
@@ -3106,6 +3106,7 @@ static void resume_processing_after_username_check(int success,  hmackey_t hmack
 			if(success) {
 				ns_bcopy(hmackey,ss->hmackey,sizeof(hmackey_t));
 				ss->hmackey_set = 1;
+				ss->oauth = oauth;
 				ns_bcopy(pwd,ss->pwd,sizeof(st_password_t));
 			}
 
@@ -3260,14 +3261,19 @@ static int check_stun_auth(turn_turnserver *server,
 
 	if(ss->username[0]) {
 		if(strcmp((char*)ss->username,(char*)usname)) {
-			if(method == STUN_METHOD_ALLOCATE) {
-				*err_code = 437;
-				*reason = (const u08bits*)"Allocation mismatch: wrong credentials";
+			if(ss->oauth) {
+				STRCPY(ss->username,usname);
+				set_username_hash(ss->client_socket,ss->username,(u08bits*)ss->realm_options.name);
 			} else {
-				*err_code = 441;
-				*reason = (const u08bits*)"Wrong credentials";
+				if(method == STUN_METHOD_ALLOCATE) {
+					*err_code = 437;
+					*reason = (const u08bits*)"Allocation mismatch: wrong credentials";
+				} else {
+					*err_code = 441;
+					*reason = (const u08bits*)"Wrong credentials";
+				}
+				return -1;
 			}
-			return -1;
 		}
 	} else {
 		STRCPY(ss->username,usname);
@@ -3309,7 +3315,7 @@ static int check_stun_auth(turn_turnserver *server,
 	/* Password */
 	if(!(ss->hmackey_set) && (ss->pwd[0] == 0)) {
 		if(can_resume) {
-			(server->userkeycb)(server->id, server->ct, usname, realm, resume_processing_after_username_check, in_buffer, ss->id, postpone_reply);
+			(server->userkeycb)(server->id, server->ct, server->oauth, usname, realm, resume_processing_after_username_check, in_buffer, ss->id, postpone_reply);
 			if(*postpone_reply) {
 				return 0;
 			}
@@ -3351,7 +3357,7 @@ static int check_stun_auth(turn_turnserver *server,
 		}
 
 		if(can_resume) {
-			(server->userkeycb)(server->id, server->ct, usname, realm, resume_processing_after_username_check, in_buffer, ss->id, postpone_reply);
+			(server->userkeycb)(server->id, server->ct, server->oauth, usname, realm, resume_processing_after_username_check, in_buffer, ss->id, postpone_reply);
 			if(*postpone_reply) {
 				return 0;
 			}

src/server/ns_turn_server.h

@@ -90,8 +90,8 @@ typedef enum {
 struct _turn_turnserver;
 typedef struct _turn_turnserver turn_turnserver;
 
-typedef void (*get_username_resume_cb)(int success, hmackey_t hmackey, st_password_t pwd, turn_turnserver *server, u64bits ctxkey, ioa_net_data *in_buffer);
-typedef u08bits *(*get_user_key_cb)(turnserver_id id, turn_credential_type ct, u08bits *uname, u08bits *realm, get_username_resume_cb resume, ioa_net_data *in_buffer, u64bits ctxkey, int *postpone_reply);
+typedef void (*get_username_resume_cb)(int success, int oauth, hmackey_t hmackey, st_password_t pwd, turn_turnserver *server, u64bits ctxkey, ioa_net_data *in_buffer);
+typedef u08bits *(*get_user_key_cb)(turnserver_id id, turn_credential_type ct, int oauth, u08bits *uname, u08bits *realm, get_username_resume_cb resume, ioa_net_data *in_buffer, u64bits ctxkey, int *postpone_reply);
 typedef int (*check_new_allocation_quota_cb)(u08bits *username, u08bits *realm);
 typedef void (*release_allocation_quota_cb)(u08bits *username, u08bits *realm);
 typedef int (*send_socket_to_relay_cb)(turnserver_id id, u64bits cid, stun_tid *tid, ioa_socket_handle s, int message_integrity, MESSAGE_TO_RELAY_TYPE rmt, ioa_net_data *nd, int can_resume);

src/server/ns_turn_session.h

@@ -72,16 +72,22 @@ struct _ts_ur_super_session {
   ioa_socket_handle client_socket;
   allocation alloc;
   ioa_timer_handle to_be_allocated_timeout_ev;
+  int enforce_fingerprints;
+  int is_tcp_relay;
+  int to_be_closed;
+  /* Auth */
   u08bits nonce[NONCE_MAX_SIZE];
   turn_time_t nonce_expiration_time;
   u08bits username[STUN_MAX_USERNAME_SIZE+1];
   hmackey_t hmackey;
   int hmackey_set;
   st_password_t pwd;
-  int enforce_fingerprints;
-  int is_tcp_relay;
-  int to_be_closed;
   int quota_used;
+  int oauth;
+  /* Realm */
+  realm_options_t realm_options;
+  int origin_set;
+  s08bits origin[STUN_MAX_ORIGIN_SIZE + 1];
   /* Stats */
   u32bits received_packets;
   u32bits sent_packets;
@@ -99,10 +105,6 @@ struct _ts_ur_super_session {
   mobile_id_t mobile_id;
   mobile_id_t old_mobile_id;
   char s_mobile_id[33];
-  /* Realm */
-  realm_options_t realm_options;
-  int origin_set;
-  s08bits origin[STUN_MAX_ORIGIN_SIZE + 1];
   /* Bandwidth */
   band_limit_t bps;
 };