spektr/niom-turn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add: Workaround to accept short-term-style password.

Browse Source
This commit is contained in:
ghost 2025-12-28 22:21:37 +01:00
parent 0a2b21962b
commit f000ef6a76
1 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/auth.rs
View File

@ -180,16 +180,27 @@ impl<S: CredentialStore + Clone> AuthManager<S> {
}; };
let key = self.derive_long_term_key(&username, &password); let key = self.derive_long_term_key(&username, &password);
if !validate_message_integrity(msg, &key) { // Primary: long-term (MD5(username:realm:password))
let key_hex = hex::encode(&key); if validate_message_integrity(msg, &key) {
warn!("auth reject: bad credentials username={} realm={} peer={} a1_md5={} (debug)", username, realm, peer, key_hex); return AuthStatus::Granted { username, key };
return AuthStatus::Reject { }
code: 401,
reason: "Bad Credentials", // Workaround: also accept short-term style (raw password as key) for test clients like turnutils_uclient.
let short_key = password.as_bytes();
if validate_message_integrity(msg, short_key) {
warn!("auth accept via short-term key username={} realm={} peer={} (workaround)", username, realm, peer);
return AuthStatus::Granted {
username,
key: short_key.to_vec(),
}; };
} }
AuthStatus::Granted { username, key } let key_hex = hex::encode(&key);
warn!("auth reject: bad credentials username={} realm={} peer={} a1_md5={} (debug)", username, realm, peer, key_hex);
AuthStatus::Reject {
code: 401,
reason: "Bad Credentials",
}
} }
fn attribute_utf8(&self, msg: &StunMessage, attr_type: u16) -> Option<String> { fn attribute_utf8(&self, msg: &StunMessage, attr_type: u16) -> Option<String> {