Add: Workaround to accept short-term-style password.

2025-12-28 22:21:37 +01:00 · 2025-12-28 22:21:37 +01:00 · f000ef6a76
commit f000ef6a76
parent 0a2b21962b
1 changed files with 18 additions and 7 deletions
--- a/src/auth.rs
+++ b/src/auth.rs
@ -180,16 +180,27 @@ impl<S: CredentialStore + Clone> AuthManager<S> {
        };

        let key = self.derive_long_term_key(&username, &password);
-        if !validate_message_integrity(msg, &key) {
-            let key_hex = hex::encode(&key);
-            warn!("auth reject: bad credentials username={} realm={} peer={} a1_md5={} (debug)", username, realm, peer, key_hex);
-            return AuthStatus::Reject {
-                code: 401,
-                reason: "Bad Credentials",
+        // Primary: long-term (MD5(username:realm:password))
+        if validate_message_integrity(msg, &key) {
+            return AuthStatus::Granted { username, key };
+        }
+
+        // Workaround: also accept short-term style (raw password as key) for test clients like turnutils_uclient.
+        let short_key = password.as_bytes();
+        if validate_message_integrity(msg, short_key) {
+            warn!("auth accept via short-term key username={} realm={} peer={} (workaround)", username, realm, peer);
+            return AuthStatus::Granted {
+                username,
+                key: short_key.to_vec(),
            };
        }

-        AuthStatus::Granted { username, key }
+        let key_hex = hex::encode(&key);
+        warn!("auth reject: bad credentials username={} realm={} peer={} a1_md5={} (debug)", username, realm, peer, key_hex);
+        AuthStatus::Reject {
+            code: 401,
+            reason: "Bad Credentials",
+        }
    }

    fn attribute_utf8(&self, msg: &StunMessage, attr_type: u16) -> Option<String> {