Imported Upstream version 4.0.0.2

2026-05-06 11:16:09 +02:00 · 2014-05-23 23:17:14 -07:00 · 2014-05-23 23:17:14 -07:00 · a6dea31013
commit a6dea31013
parent e505cbab05
13 changed files with 141 additions and 74 deletions
--- a/4
+++ b/4
@ -1,3 +1,7 @@
+05/18/2014 Oleg Moskalenko <mom040267@gmail.com>
+Version 4.0.0.2 'Threetrees':
+	- Code cleaning.
+	
 05/07/2014 Oleg Moskalenko <mom040267@gmail.com>
 Version 4.0.0.1 'Threetrees':
 	- Kernel channel placeholder definitions.
--- a/40
+++ b/40
@ -22,6 +22,33 @@ In the new Debian "jessie", and in the related Ubuntu and Mint, you will
 be able to just select rfc5766-turn-server from the packages list and 
 install it through Synaptic or through the package manager.

+If you are using the Debian package from the project download site, then follow these instructions:
+
+Unpack the archive:
+
+ $ tar xvfz turnserver-<...>.tar.gz
+ 
+Read the INSTALl file:
+
+ $ cat INSTALL
+ 
+Install the *.deb file:
+
+  $ sudo apt-get install gdebi-core
+  $ sudo gdebi coturn*.deb
+
+(to install the bare package without any dependencies, type:
+
+  $ sudo dpkg -i coturn_*_*.deb)
+
+After the install, read the documentation in /usr/share/doc/coturn directory.
+
+All binaries will be installed in /usr/bin/ directory. 
+The turn*.conf config files are in /etc directory. 
+
+The service start-up control scripts will be in /etc/init.d/coturn and
+in /etc/defaults/coturn files.
+
 3) ArchLinux has alse the predecessor of the TURN server package:

 https://aur.archlinux.org/packages/rfc5766-turn-server/
@ -208,15 +235,16 @@ The following platforms have been used in the development:
 	- Linux CentOS / Red Hat Enterprise Edition 6.4, x86_32 (i386)
 	- Linux Debian 'Squeeze', i386
 	- Linux Mint 14.1 'Nadia', i386
+	- Linux Mint 16 'Petra', i386
 	- Linux Debian 'Wheezy', x86_64 
 	- Cygwin 1.7.20
-	- NetBSD 6.0.1
-	- OpenBSD 5.3
-	- Amazon Linux
+	- NetBSD 6.0.1, i386
+	- OpenBSD 5.3, i386
+	- Amazon Linux, x86_64
 	- Mac OS X Mountain Lion
-	- ArchLinux
-	- Fedora 19
-	- OpenSUSE 12.3 x86_64
+	- ArchLinux, x86_64
+	- Fedora 19 and 20, x86_64
+	- OpenSUSE 12.3, x86_64

 It must work on many other *NIXes, as well. The configure script and/or 
 Makefile may need adjustments for other *NIXes not mentioned above.
--- a/Makefile.in
+++ b/Makefile.in
@ -7,7 +7,7 @@ CFLAGS += ${INCFLAGS}

 MAKE_DEPS = Makefile

-LIBCLIENTTURN_HEADERS = src/ns_turn_defs.h src/client++/TurnMsgLib.h src/client/ns_turn_ioaddr.h src/client/ns_turn_msg.h src/client/ns_turn_msg_defs.h src/client/ns_turn_msg_addr.h
+LIBCLIENTTURN_HEADERS = src/ns_turn_defs.h src/client++/TurnMsgLib.h src/client/ns_turn_ioaddr.h src/client/ns_turn_msg.h src/client/ns_turn_msg_defs.h src/client/ns_turn_msg_defs_new.h src/client/ns_turn_msg_addr.h
 LIBCLIENTTURN_MODS = src/client/ns_turn_ioaddr.c src/client/ns_turn_msg_addr.c src/client/ns_turn_msg.c 
 LIBCLIENTTURN_DEPS = ${LIBCLIENTTURN_HEADERS} ${MAKE_DEPS} 
 LIBCLIENTTURN_OBJS = build/obj/ns_turn_ioaddr.o build/obj/ns_turn_msg_addr.o build/obj/ns_turn_msg.o 
--- a/26
+++ b/26
@ -27,7 +27,7 @@

 ==================================================================

-1) Exclusive IP addresses for relay
+1) Kernel module for data channels.

 ==================================================================

@ -41,20 +41,6 @@
 	the slave servers, currently it is only just a dumb 
 	round-robin load distributor.

-2) For a large enterprise, a user-space stack to be integrated.
-
-	An another socket abstraction to be implemented, 
-	the one that uses the user-space TCP/IP stack with 
-	zero memory copy. This is an ambitious goal that would 
-	increase the system scaleability, significantly. 
-	The stock TCP/IP stack in UNIX and in MS Windows do not 
-	scale gracefully. We are trying to suppress those issues 
-	in the TURN Server, by using an advanced synchronous 
-	I/O technique, but still the underlying stock TCP/IP stack 
-	is a limitation.  
-	
-3) Multiple authentication threads.
-
 ==================================================================

 ###   V. SECURITY   ###
@ -63,15 +49,13 @@

 1) RADIUS integration ?

-2) Watch new TURN security draft. oAuth integration.
-
 ==================================================================

 ###   VI. STANDARDS SUPPORT   ###

 ==================================================================

-1) Follow the draft ICE endpoint mobility standard and add changes 
+1) Follow the draft ICE endpoint mobility standard and apply changes 
 when necessary:

   https://ietf.org/doc/draft-wing-mmusic-ice-mobility/
@ -82,10 +66,14 @@ when necessary:

 4) Bandwidth draft.

-5) ALPN with TLS and DTLS.
+5) ALPN with TLS and DTLS (when OpenSSL 1.0.2 is available).

 6) Redirect draft.

+7) Dual allocation draft.
+
+8) New security oAuth draft.
+
 ==================================================================

 ###   VII. MISC FEATURES   ###
--- a/rpm/build.settings.sh
+++ b/rpm/build.settings.sh
@ -2,7 +2,7 @@

 # Common settings script.

-TURNVERSION=4.0.0.1
+TURNVERSION=4.0.0.2
 BUILDDIR=~/rpmbuild
 ARCH=`uname -p`
 TURNSERVER_SVN_URL=http://coturn.googlecode.com/svn
--- a/rpm/turnserver.spec
+++ b/rpm/turnserver.spec
@ -1,5 +1,5 @@
 Name:		turnserver
-Version:	4.0.0.1
+Version:	4.0.0.2
 Release:	0%{dist}
 Summary:	Coturn TURN Server

@ -284,10 +284,13 @@ fi
 %{_includedir}/turn/client/ns_turn_ioaddr.h
 %{_includedir}/turn/client/ns_turn_msg_addr.h
 %{_includedir}/turn/client/ns_turn_msg_defs.h
+%{_includedir}/turn/client/ns_turn_msg_defs_new.h
 %{_includedir}/turn/client/ns_turn_msg.h
 %{_includedir}/turn/client/TurnMsgLib.h

 %changelog
+* Sun May 18 2014 Oleg Moskalenko <mom040267@gmail.com>
+  - Sync to 4.0.0.2
 * Wed May 07 2014 Oleg Moskalenko <mom040267@gmail.com>
  - Sync to 4.0.0.1
 * Wed Apr 30 2014 Oleg Moskalenko <mom040267@gmail.com>
--- a/src/apps/uclient/startuclient.c
+++ b/src/apps/uclient/startuclient.c
@ -439,14 +439,14 @@ static int clnet_allocate(int verbose,
 					} else if (stun_is_challenge_response_str(message.buf, (size_t)message.len,
 									&err_code,err_msg,sizeof(err_msg),
 									clnet_info->realm,clnet_info->nonce)) {
-						if(err_code == SHA_TOO_WEAK && (clnet_info->shatype == SHATYPE_SHA1)) {
+						if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA1)) {
 							clnet_info->shatype = SHATYPE_SHA256;
 							recalculate_restapi_hmac();
 						}
 						goto beg_allocate;
 					} else if (stun_is_error_response(&message, &err_code,err_msg,sizeof(err_msg))) {

-						if(err_code == SHA_TOO_WEAK && (clnet_info->shatype == SHATYPE_SHA1) && use_short_term) {
+						if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA1) && use_short_term) {
 							clnet_info->shatype = SHATYPE_SHA256;
 							goto beg_allocate;
 						}
@ -627,7 +627,7 @@ static int clnet_allocate(int verbose,
 					} else if (stun_is_challenge_response_str(message.buf, (size_t)message.len,
 										&err_code,err_msg,sizeof(err_msg),
 										clnet_info->realm,clnet_info->nonce)) {
-						if(err_code == SHA_TOO_WEAK && (clnet_info->shatype == SHATYPE_SHA1)) {
+						if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA1)) {
 							clnet_info->shatype = SHATYPE_SHA256;
 							recalculate_restapi_hmac();
 						}
@ -728,7 +728,7 @@ static int turn_channel_bind(int verbose, uint16_t *chn,
 				} else if (stun_is_challenge_response_str(message.buf, (size_t)message.len,
 										&err_code,err_msg,sizeof(err_msg),
 										clnet_info->realm,clnet_info->nonce)) {
-					if(err_code == SHA_TOO_WEAK && (clnet_info->shatype == SHATYPE_SHA1)) {
+					if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA1)) {
 						clnet_info->shatype = SHATYPE_SHA256;
 						recalculate_restapi_hmac();
 					}
@ -839,7 +839,7 @@ static int turn_create_permission(int verbose, app_ur_conn_info *clnet_info,
 				} else if (stun_is_challenge_response_str(message.buf, (size_t)message.len,
 									&err_code,err_msg,sizeof(err_msg),
 									clnet_info->realm,clnet_info->nonce)) {
-					if(err_code == SHA_TOO_WEAK && (clnet_info->shatype == SHATYPE_SHA1)) {
+					if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA1)) {
 						clnet_info->shatype = SHATYPE_SHA256;
 						recalculate_restapi_hmac();
 					}
@ -1418,7 +1418,7 @@ static int turn_tcp_connection_bind(int verbose, app_ur_conn_info *clnet_info, a
 				} else if (stun_is_challenge_response_str(message.buf, (size_t)message.len,
 										&err_code,err_msg,sizeof(err_msg),
 										clnet_info->realm,clnet_info->nonce)) {
-					if(err_code == SHA_TOO_WEAK && (clnet_info->shatype == SHATYPE_SHA1)) {
+					if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA1)) {
 						clnet_info->shatype = SHATYPE_SHA256;
 						recalculate_restapi_hmac();
 					}
--- a/src/apps/uclient/uclient.c
+++ b/src/apps/uclient/uclient.c
@ -596,7 +596,7 @@ static int client_read(app_ur_session *elem, int is_tcp_data, app_tcp_conn_info
 		} else if (stun_is_challenge_response_str(elem->in_buffer.buf, (size_t)elem->in_buffer.len,
 							&err_code,err_msg,sizeof(err_msg),
 							clnet_info->realm,clnet_info->nonce)) {
-			if(err_code == SHA_TOO_WEAK && (elem->pinfo.shatype == SHATYPE_SHA1)) {
+			if(err_code == SHA_TOO_WEAK_ERROR_CODE && (elem->pinfo.shatype == SHATYPE_SHA1)) {
 				elem->pinfo.shatype = SHATYPE_SHA256;
 				recalculate_restapi_hmac();
 			}
--- a/src/client/ns_turn_msg.c
+++ b/src/client/ns_turn_msg.c
@ -281,7 +281,7 @@ int stun_is_challenge_response_str(const u08bits* buf, size_t len, int *err_code
 {
 	int ret = stun_is_error_response_str(buf, len, err_code, err_msg, err_msg_size);

-	if(ret && (((*err_code) == 401) || ((*err_code) == 438) || ((*err_code) == SHA_TOO_WEAK))) {
+	if(ret && (((*err_code) == 401) || ((*err_code) == 438) || ((*err_code) == SHA_TOO_WEAK_ERROR_CODE))) {

 		stun_attr_ref sar = stun_attr_get_first_by_type_str(buf,len,STUN_ATTRIBUTE_REALM);
 		if(sar) {
--- a/src/client/ns_turn_msg_defs.h
+++ b/src/client/ns_turn_msg_defs.h
@ -31,6 +31,8 @@
 #ifndef __LIB_TURN_MSG_DEFS__
 #define __LIB_TURN_MSG_DEFS__

+#include "ns_turn_msg_defs_new.h"
+
 ///////////////////////////////////////////
 // http://www.iana.org/assignments/stun-parameters/stun-parameters.xhtml
 ///////////////////////////////////////////
@ -40,7 +42,6 @@

 #define STUN_MAX_USERNAME_SIZE (513)
 #define STUN_MAX_REALM_SIZE (127)
-#define STUN_MAX_ORIGIN_SIZE (127)
 #define STUN_MAX_NONCE_SIZE (127)
 #define STUN_MAX_PWD_SIZE (127)

@ -129,7 +130,7 @@

 #define STUN_VALID_CHANNEL(chn) ((chn)>=0x4000 && (chn)<=0x7FFF)

-///////// values //////////////////
+///////// extra values //////////////////

 /* RFC 6156 ==>> */
 #define STUN_ATTRIBUTE_REQUESTED_ADDRESS_FAMILY_VALUE_IPV4 (0x01)
@ -151,10 +152,6 @@
 #define STUN_ATTRIBUTE_MOBILITY_SUPPORT (0x8000)
 /* <<== Mobility */

-/* Origin ==>> */
-#define STUN_ATTRIBUTE_ORIGIN (0x802F)
-/* <<== Origin */
-
 ////////////////////////////////////////////////

 #endif //__LIB_TURN_MSG_DEFS__
--- a/src/client/ns_turn_msg_defs_new.h
+++ b/src/client/ns_turn_msg_defs_new.h
@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2011, 2012, 2013 Citrix Systems
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef __LIB_TURN_MSG_DEFS_NEW__
+#define __LIB_TURN_MSG_DEFS_NEW__
+
+/***** POST-RFC5766 FRESH SPECS ***********/
+
+/* Origin ==>> */
+#define STUN_MAX_ORIGIN_SIZE (127)
+#define STUN_ATTRIBUTE_ORIGIN (0x802F)
+/* <<== Origin */
+
+/* SHA AGILITY ==>> */
+
+#define SHA1SIZEBYTES (20)
+#define SHA256SIZEBYTES (32)
+
+#define MAXSHASIZE (128)
+
+enum _SHATYPE {
+	SHATYPE_SHA1 = 0,
+	SHATYPE_SHA256
+};
+
+typedef enum _SHATYPE SHATYPE;
+
+#define shatype_name(sht) ((sht == SHATYPE_SHA1) ? "SHA1" : ((sht == SHATYPE_SHA256) ? "SHA256" : "SHA UNKNOWN"))
+
+#define SHA_TOO_WEAK_ERROR_CODE (426)
+
+/* <<== SHA AGILITY */
+
+#endif //__LIB_TURN_MSG_DEFS_NEW__
--- a/src/ns_turn_defs.h
+++ b/src/ns_turn_defs.h
@ -31,7 +31,7 @@
 #ifndef __IOADEFS__
 #define __IOADEFS__

-#define TURN_SERVER_VERSION "4.0.0.1"
+#define TURN_SERVER_VERSION "4.0.0.2"
 #define TURN_SERVER_VERSION_NAME "Threetrees"
 #define TURN_SOFTWARE "Coturn-"TURN_SERVER_VERSION" '"TURN_SERVER_VERSION_NAME"'"

@ -156,24 +156,6 @@ typedef u32bits turn_time_t;
 		}\
 	} } while(0)

-////////////////// Security ////////////////////////////
-
-#define SHA1SIZEBYTES (20)
-#define SHA256SIZEBYTES (32)
-
-#define MAXSHASIZE (128)
-
-enum _SHATYPE {
-	SHATYPE_SHA1 = 0,
-	SHATYPE_SHA256
-};
-
-typedef enum _SHATYPE SHATYPE;
-
-#define shatype_name(sht) ((sht == SHATYPE_SHA1) ? "SHA1" : ((sht == SHATYPE_SHA256) ? "SHA256" : "SHA UNKNOWN"))
-
-#define SHA_TOO_WEAK (426)
-
 //////////////// KERNEL-LEVEL CHANNEL HANDLERS /////////

 #if !defined(TURN_CHANNEL_HANDLER_KERNEL)
--- a/src/server/ns_turn_server.c
+++ b/src/server/ns_turn_server.c
@ -2242,17 +2242,21 @@ static int handle_turn_channel_bind(turn_turnserver *server,
 				  ioa_network_buffer_set_size(nbh,len);
 				  *resp_constructed = 1;

-				  if(get_ioa_socket_type(ss->client_session.s) == UDP_SOCKET ||
-						  get_ioa_socket_type(ss->client_session.s) == TCP_SOCKET) {
-					  chn->kernel_channel = CREATE_TURN_CHANNEL_KERNEL(chn->chnum,
-						  get_ioa_socket_address_family(ss->client_session.s),
-						  get_ioa_socket_address_family(ss->alloc.relay_session.s),
-						  get_ioa_socket_type(ss->client_session.s)==UDP_SOCKET ? IPPROTO_UDP : IPPROTO_TCP,
-						  &(get_remote_addr_from_ioa_socket(ss->client_session.s)->ss),
-						  &(get_local_addr_from_ioa_socket(ss->client_session.s)->ss),
-						  &(get_local_addr_from_ioa_socket(ss->alloc.relay_session.s)),
-						  &(get_remote_addr_from_ioa_socket(ss->alloc.relay_session.s))
-						  );
+				  if(!(ss->is_mobile)) {
+					  if(get_ioa_socket_type(ss->client_session.s) == UDP_SOCKET ||
+							  get_ioa_socket_type(ss->client_session.s) == TCP_SOCKET) {
+						  if(get_ioa_socket_type(ss->alloc.relay_session.s) == UDP_SOCKET) {
+							  chn->kernel_channel = CREATE_TURN_CHANNEL_KERNEL(chn->chnum,
+								  get_ioa_socket_address_family(ss->client_session.s),
+								  get_ioa_socket_address_family(ss->alloc.relay_session.s),
+								  (get_ioa_socket_type(ss->client_session.s)==UDP_SOCKET ? IPPROTO_UDP : IPPROTO_TCP),
+								  &(get_remote_addr_from_ioa_socket(ss->client_session.s)->ss),
+								  &(get_local_addr_from_ioa_socket(ss->client_session.s)->ss),
+								  &(get_local_addr_from_ioa_socket(ss->alloc.relay_session.s)),
+								  &(get_remote_addr_from_ioa_socket(ss->alloc.relay_session.s))
+							  );
+						  }
+					  }
 				  }
 			  }
 			}
@ -2862,7 +2866,7 @@ static int check_stun_auth(turn_turnserver *server,
 		switch(sarlen) {
 		case SHA1SIZEBYTES:
 			if(server->shatype != SHATYPE_SHA1) {
-				*err_code = SHA_TOO_WEAK;
+				*err_code = SHA_TOO_WEAK_ERROR_CODE;
 				return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
 			}
 			break;
@ -3006,7 +3010,7 @@ static int check_stun_auth(turn_turnserver *server,
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR,
 							"%s: user %s credentials are incorrect: SHA function is too weak\n",
 									__FUNCTION__, (char*)usname);
-					*err_code = SHA_TOO_WEAK;
+					*err_code = SHA_TOO_WEAK_ERROR_CODE;
 					*reason = (const u08bits*)"Unauthorised: weak SHA function is used";
 					if(server->ct != TURN_CREDENTIALS_SHORT_TERM) {
 						return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);