From 2fbd4138de4a54e396e339da56735ba387c42e4b Mon Sep 17 00:00:00 2001
From: mom040267 <mom040267@users.noreply.github.com>
Date: Fri, 19 Sep 2014 07:04:53 +0000
Subject: [PATCH] working on oauth

---
 README.turnserver                 |  2 ++
 examples/etc/turnserver.conf      |  4 ++++
 man/man1/turnadmin.1              |  2 +-
 man/man1/turnserver.1             |  6 +++++-
 man/man1/turnutils.1              |  2 +-
 src/apps/relay/mainrelay.c        | 14 +++++++++++---
 src/apps/relay/mainrelay.h        |  1 +
 src/apps/relay/netengine.c        |  3 ++-
 src/client/ns_turn_msg_defs_new.h |  2 ++
 src/server/ns_turn_server.c       | 17 ++++++++++++++++-
 src/server/ns_turn_server.h       |  8 +++++++-
 11 files changed, 52 insertions(+), 9 deletions(-)

diff --git a/README.turnserver b/README.turnserver
index aba2478b..8ac4de46 100644
--- a/README.turnserver
+++ b/README.turnserver
@@ -190,6 +190,8 @@ Flags:
 			This option can be used with long-term credentials mechanisms only -
 			it does not make much sense with the short-term mechanism.
 			
+--oauth			Support oAuth authentication.
+			
 --dh566			Use 566 bits predefined DH TLS key. Default size of the key is 1066.
 
 --dh2066		Use 2066 bits predefined DH TLS key. Default size of the key is 1066.
diff --git a/examples/etc/turnserver.conf b/examples/etc/turnserver.conf
index 5d7c8ec1..f52b8e47 100644
--- a/examples/etc/turnserver.conf
+++ b/examples/etc/turnserver.conf
@@ -216,6 +216,10 @@
 #
 #server-name=blackdow.carleon.gov
 
+# Flag to support oAuth authentication.
+#
+#oauth
+
 # 'Static' user accounts for long term credentials mechanism, only.
 # This option cannot be used with TURN REST API or with short-term credentials
 # mechanism.
diff --git a/man/man1/turnadmin.1 b/man/man1/turnadmin.1
index 60c968e7..d47dae33 100644
--- a/man/man1/turnadmin.1
+++ b/man/man1/turnadmin.1
@@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "16 September 2014" "" ""
+.TH TURN 1 "18 September 2014" "" ""
 .SH GENERAL INFORMATION
 
 \fIturnadmin\fP is a TURN administration tool. This tool can be used to manage 
diff --git a/man/man1/turnserver.1 b/man/man1/turnserver.1
index 2a345d54..45bfc49f 100644
--- a/man/man1/turnserver.1
+++ b/man/man1/turnserver.1
@@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "16 September 2014" "" ""
+.TH TURN 1 "18 September 2014" "" ""
 .SH GENERAL INFORMATION
 
 The \fBTURN Server\fP project contains the source code of a TURN server and TURN client 
@@ -276,6 +276,10 @@ This option can be used with long\-term credentials mechanisms only \-
 it does not make much sense with the short\-term mechanism.
 .TP
 .B
+\fB\-\-oauth\fP
+Support oAuth authentication.
+.TP
+.B
 \fB\-\-dh566\fP
 Use 566 bits predefined DH TLS key. Default size of the key is 1066.
 .TP
diff --git a/man/man1/turnutils.1 b/man/man1/turnutils.1
index 9f7db2a0..90169288 100644
--- a/man/man1/turnutils.1
+++ b/man/man1/turnutils.1
@@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "16 September 2014" "" ""
+.TH TURN 1 "18 September 2014" "" ""
 .SH GENERAL INFORMATION
 
 A set of turnutils_* programs provides some utility functionality to be used
diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c
index 462646af..234e706c 100644
--- a/src/apps/relay/mainrelay.c
+++ b/src/apps/relay/mainrelay.c
@@ -85,7 +85,7 @@ LOW_DEFAULT_PORTS_BOUNDARY,HIGH_DEFAULT_PORTS_BOUNDARY,0,0,0,"",
 0,NULL,0,NULL,DEFAULT_GENERAL_RELAY_SERVERS_NUMBER,0,
 ////////////// Auth server /////////////////////////////////////
 {NULL,NULL,NULL,0,NULL},
-"","",
+"","",0,
 /////////////// AUX SERVERS ////////////////
 {NULL,0,{0,NULL}},0,
 /////////////// ALTERNATE SERVERS ////////////////
@@ -467,6 +467,7 @@ static char Usage[] = "Usage: turnserver [options]\n"
 " --server-name					Server name used (when necessary) for\n"
 "						the authentication purposes (oauth).\n"
 "						The default value is the FQDN of the host.\n"
+" --oauth					Support oAuth authentication.\n"
 " -n						Do not use configuration file, take all parameters from the command line only.\n"
 " --cert			<filename>		Certificate file, PEM format. Same file search rules\n"
 "						applied as for the configuration file.\n"
@@ -682,7 +683,8 @@ enum EXTRA_OPTS {
 	ADMIN_MAX_BPS_OPT,
 	ADMIN_TOTAL_QUOTA_OPT,
 	ADMIN_USER_QUOTA_OPT,
-	SERVER_NAME_OPT
+	SERVER_NAME_OPT,
+	OAUTH_OPT
 };
 
 struct myoption {
@@ -737,6 +739,7 @@ static const struct myoption long_options[] = {
 /* deprecated: */		{ "secret-ts-exp-time", optional_argument, NULL, AUTH_SECRET_TS_EXP },
 				{ "realm", required_argument, NULL, 'r' },
 				{ "server-name", required_argument, NULL, SERVER_NAME_OPT },
+				{ "oauth", optional_argument, NULL, OAUTH_OPT },
 				{ "user-quota", required_argument, NULL, 'q' },
 				{ "total-quota", required_argument, NULL, 'Q' },
 				{ "max-bps", required_argument, NULL, 's' },
@@ -868,6 +871,9 @@ static void set_option(int c, char *value)
   case SERVER_NAME_OPT:
 	  STRCPY(turn_params.oauth_server_name,value);
 	  break;
+  case OAUTH_OPT:
+	  turn_params.oauth = get_bool_value(value);
+	  break;
   case NO_SSLV2_OPT:
 	  turn_params.no_sslv2 = get_bool_value(value);
 	  break;
@@ -1834,7 +1840,9 @@ int main(int argc, char **argv)
 	init_oauth_server_name();
 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Domain name: %s\n",turn_params.domain);
 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Default realm: %s\n",get_realm(NULL)->options.name);
-	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Server name: %s\n",turn_params.oauth_server_name);
+	if(turn_params.oauth) {
+		TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "oAuth server name: %s\n",turn_params.oauth_server_name);
+	}
 
 	optind = 0;
 
diff --git a/src/apps/relay/mainrelay.h b/src/apps/relay/mainrelay.h
index da45b0d3..0b684c95 100644
--- a/src/apps/relay/mainrelay.h
+++ b/src/apps/relay/mainrelay.h
@@ -273,6 +273,7 @@ typedef struct _turn_params_ {
   struct auth_server authserver;
   char oauth_server_name[1025];
   char domain[1025];
+  int oauth;
 
 /////////////// AUX SERVERS ////////////////
 
diff --git a/src/apps/relay/netengine.c b/src/apps/relay/netengine.c
index 0e285045..a3311381 100644
--- a/src/apps/relay/netengine.c
+++ b/src/apps/relay/netengine.c
@@ -1594,7 +1594,8 @@ static void setup_relay_server(struct relay_server *rs, ioa_engine_handle e, int
 			 &turn_params.secure_stun, turn_params.shatype, &turn_params.mobility,
 			 turn_params.server_relay,
 			 send_turn_session_info,
-			 allocate_bps);
+			 allocate_bps,
+			 turn_params.oauth, turn_params.oauth_server_name);
 	
 	if(to_set_rfc5780) {
 		set_rfc5780(&(rs->server), get_alt_addr, send_message_from_listener_to_client);
diff --git a/src/client/ns_turn_msg_defs_new.h b/src/client/ns_turn_msg_defs_new.h
index 9da460d3..b5f9b9b4 100644
--- a/src/client/ns_turn_msg_defs_new.h
+++ b/src/client/ns_turn_msg_defs_new.h
@@ -103,6 +103,8 @@ typedef enum _AUTH_ALG AUTH_ALG;
  * oAuth struct
  */
 
+#define STUN_ATTRIBUTE_THIRD_PARTY_AUTHORIZATION (0x8030)
+
 #define OAUTH_KID_SIZE (128)
 #define OAUTH_HASH_FUNC_SIZE (64)
 #define OAUTH_ALG_SIZE (64)
diff --git a/src/server/ns_turn_server.c b/src/server/ns_turn_server.c
index b80a321b..51a4663c 100644
--- a/src/server/ns_turn_server.c
+++ b/src/server/ns_turn_server.c
@@ -3075,6 +3075,17 @@ static int create_challenge_response(ts_ur_super_session *ss, stun_tid *tid, int
 	char *realm = ss->realm_options.name;
 	stun_attr_add_str(ioa_network_buffer_data(nbh), &len, STUN_ATTRIBUTE_REALM,
 					(u08bits*)realm, (int)(strlen((s08bits*)(realm))));
+
+	if(ss->server) {
+		turn_turnserver* server = (turn_turnserver*)ss->server;
+		if(server->oauth && (server->oauth_server_name)&&(server->oauth_server_name[0])) {
+    	stun_attr_add_str(ioa_network_buffer_data(nbh), &len,
+    			STUN_ATTRIBUTE_THIRD_PARTY_AUTHORIZATION,
+    			(const u08bits*)(server->oauth_server_name),
+    			strlen(server->oauth_server_name));
+		}
+    }
+
 	ioa_network_buffer_set_size(nbh,len);
 	return 0;
 }
@@ -4702,7 +4713,8 @@ void init_turn_server(turn_turnserver* server,
 		send_socket_to_relay_cb send_socket_to_relay,
 		vintp secure_stun, SHATYPE shatype, vintp mobility, int server_relay,
 		send_turn_session_info_cb send_turn_session_info,
-		allocate_bps_cb allocate_bps_func) {
+		allocate_bps_cb allocate_bps_func,
+		int oauth, const char* oauth_server_name) {
 
 	if (!server)
 		return;
@@ -4726,6 +4738,9 @@ void init_turn_server(turn_turnserver* server,
 	server->mobility = mobility;
 	server->server_relay = server_relay;
 	server->send_turn_session_info = send_turn_session_info;
+	server->oauth = oauth;
+	if(oauth)
+		server->oauth_server_name = oauth_server_name;
 	if(mobility)
 		server->mobile_connections_map = ur_map_create();
 
diff --git a/src/server/ns_turn_server.h b/src/server/ns_turn_server.h
index 1aba589e..360d0eac 100644
--- a/src/server/ns_turn_server.h
+++ b/src/server/ns_turn_server.h
@@ -160,6 +160,10 @@ struct _turn_turnserver {
 
 	/* Bandwidth draft: */
 	allocate_bps_cb allocate_bps_func;
+
+	/* oAuth: */
+	int oauth;
+	const char* oauth_server_name;
 };
 
 ///////////////////////////////////////////
@@ -195,7 +199,9 @@ void init_turn_server(turn_turnserver* server,
 				    vintp mobility,
 				    int server_relay,
 				    send_turn_session_info_cb send_turn_session_info,
-				    allocate_bps_cb allocate_bps_func);
+				    allocate_bps_cb allocate_bps_func,
+				    int oauth,
+				    const char* oauth_server_name);
 
 ioa_engine_handle turn_server_get_engine(turn_turnserver *s);