11 éve · 2208dc60ab
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,7 +3,6 @@ Version 4.2.1.1 'Monza':
 
				 	- oAuth security implementation: 
			
 
				 		TODO:
			
 
				 		- token timeout;
			
 
				-		- kid timeout;
			
 
				 	- TLS renegotiation DoS attack prevention implemented;
			
 
				 	- FQDN as relay-ip and listener-ip parameters (issue 6)
			
 
				 	(patch provided by Iñaki Baz Castillo);
			
--- a/src/apps/relay/userdb.c
+++ b/src/apps/relay/userdb.c
@@ -427,6 +427,15 @@ int get_user_key(int in_oauth, int *out_oauth, u08bits *usname, u08bits *realm,
 
				 					if(gres<0)
			
 
				 						return ret;
			
 
				 
			
 
				+					if(!rawKey.kid[0])
			
 
				+						return ret;
			
 
				+
			
 
				+					if(rawKey.lifetime) {
			
 
				+						if(!turn_time_before(turn_time(),(turn_time_t)(rawKey.timestamp + rawKey.lifetime+OAUTH_TIME_DELTA))) {
			
 
				+							return ret;
			
 
				+						}
			
 
				+					}
			
 
				+
			
 
				 					oauth_key_data okd;
			
 
				 					ns_bzero(&okd,sizeof(okd));
			
 
				 
			
--- a/src/client/ns_turn_msg_defs_new.h
+++ b/src/client/ns_turn_msg_defs_new.h
@@ -115,6 +115,8 @@ typedef enum _AUTH_ALG AUTH_ALG;
 
				 #define OAUTH_DEFAULT_LIFETIME (0)
			
 
				 #define OAUTH_DEFAULT_TIMESTAMP (turn_time())
			
 
				 
			
 
				+#define OAUTH_TIME_DELTA (5)
			
 
				+
			
 
				 struct _oauth_key_data {
			
 
				 	char kid[OAUTH_KID_SIZE+1];
			
 
				 	char ikm_key[OAUTH_KEY_SIZE+1];