Merge pull request #64 from akatsukle/stale-nonce

Improve configurability: stale nonce
2025-10-24 20:41:03 +02:00 · 2016-09-24 21:09:25 -07:00 · 2016-09-24 21:09:25 -07:00 · 7f7820a3ee
commit 7f7820a3ee
parent 6650ce2a03 3d5140c995
4 changed files with 15 additions and 7 deletions
--- a/examples/etc/turnserver.conf
+++ b/examples/etc/turnserver.conf
@ -373,13 +373,14 @@
 #no-tcp-relay

 # Uncomment if extra security is desired,
-# with nonce value having limited lifetime (600 secs).
+# with nonce value having limited lifetime.
 # By default, the nonce value is unique for a session,
-# but it has unlimited lifetime. With this option,
-# the nonce lifetime is limited to 600 seconds, after that 
+# and has unlimited lifetime. 
+# Set this option to limit the nonce lifetime. 
+# It defaults to 600 secs (10 min) if no value is provided. After that delay, 
 # the client will get 438 error and will have to re-authenticate itself.
 #
-#stale-nonce
+#stale-nonce=600

 # Certificate file.
 # Use an absolute path or path relative to the 
--- a/src/apps/relay/mainrelay.c
+++ b/src/apps/relay/mainrelay.c
@ -878,6 +878,13 @@ static const struct myoption admin_long_options[] = {
 				{ NULL, no_argument, NULL, 0 }
 };

+static int get_int_value(const char* s, int default_value)
+{
+	if (!s || !(s[0]))
+		return default_value;
+	return atoi(s);
+}
+
 static int get_bool_value(const char* s)
 {
 	if(!s || !(s[0])) return 1;
@ -1039,7 +1046,7 @@ static void set_option(int c, char *value)
 		turn_params.no_loopback_peers = get_bool_value(value);
 		break;
 	case STALE_NONCE_OPT:
-		turn_params.stale_nonce = get_bool_value(value);
+		turn_params.stale_nonce = get_int_value(value, STUN_DEFAULT_NONCE_EXPIRATION_TIME);
 		break;
 	case MAX_ALLOCATE_TIMEOUT_OPT:
 		TURN_MAX_ALLOCATE_TIMEOUT = atoi(value);
--- a/src/client/ns_turn_msg_defs.h
+++ b/src/client/ns_turn_msg_defs.h
@ -65,7 +65,7 @@
 #define STUN_MAX_ALLOCATE_LIFETIME (3600)
 #define STUN_CHANNEL_LIFETIME (600)
 #define STUN_PERMISSION_LIFETIME (300)
-#define STUN_NONCE_EXPIRATION_TIME (600)
+#define STUN_DEFAULT_NONCE_EXPIRATION_TIME (600)
 /**/

 #define STUN_METHOD_BINDING (0x0001)
--- a/src/server/ns_turn_server.c
+++ b/src/server/ns_turn_server.c
@ -3271,7 +3271,7 @@ static int check_stun_auth(turn_turnserver *server,
 					snprintf((s08bits*)s, NONCE_MAX_SIZE-4*i, "%04x",(unsigned int)rand);
 				}
 			}
-			ss->nonce_expiration_time = server->ctime + STUN_NONCE_EXPIRATION_TIME;
+			ss->nonce_expiration_time = server->ctime + *(server->stale_nonce);
 		}
 	}