search

paullouisageneau / libjuice

JUICE is a UDP Interactive Connectivity Establishment library
Mozilla Public License 2.0
426 stars 80 forks source link

juice_server_add_credentials How to use it correctly? It has no effect #184

Closed fengshangren closed 2 years ago

fengshangren commented 2 years ago

I have two ways of writing, but the results are invalid, this is the first way of writing

int test_server() {
    juice_set_log_level(JUICE_LOG_LEVEL_DEBUG);

    // Create server
    juice_server_config_t server_config;
    memset(&server_config, 0, sizeof(server_config));
    server_config.port = 3478;
    server_config.credentials = NULL;
    server_config.credentials_count = 0;
    server_config.max_allocations = 0;
    server_config.realm = "Juice test server";
    server = juice_server_create(&server_config);

    if (juice_server_get_port(server) != 3478) {
        printf("juice_server_get_port failed\n");
        juice_server_destroy(server);
        return -1;
    }

    juice_server_credentials_t credentials[1];
    memset(&credentials, 0, sizeof(credentials));
    credentials[0].username = TURN_USERNAME;
    credentials[0].password = TURN_PASSWORD;
    credentials[0].allocations_quota = 1024;
    juice_server_add_credentials(server, credentials,300000);
}
fengshangren commented 2 years ago

This is the second way of writing, the newly added certificate cannot be used

int test_server() {
    juice_set_log_level(JUICE_LOG_LEVEL_DEBUG);

    // Create server
    juice_server_credentials_t credentials[1];
    memset(&credentials, 0, sizeof(credentials));
    credentials[0].username = TURN_USERNAME;
    credentials[0].password = TURN_PASSWORD;
    credentials[0].allocations_quota = 1024;

    juice_server_config_t server_config;
    memset(&server_config, 0, sizeof(server_config));
    server_config.port = 3478;
    server_config.credentials = credentials;
    server_config.credentials_count = 1;
    server_config.max_allocations = 0;
    server_config.realm = "Juice test server";
    server = juice_server_create(&server_config);

    if (juice_server_get_port(server) != 3478) {
        printf("juice_server_get_port failed\n");
        juice_server_destroy(server);
        return -1;
    }

    juice_server_credentials_t credentials_;
    memset(&credentials_, 0, sizeof(credentials_));
    credentials_.username = "test";
    credentials_.password = "test";
    credentials_.allocations_quota = 1024;
    juice_server_add_credentials(server, &credentials_,300000);
}
fengshangren commented 2 years ago 
21:26:40 DEBUG   server.c:809: Answering STUN error response with code 401
21:26:40 DEBUG   server.c:538: Received STUN datagram from 13.11.159.168:14130
21:26:40 DEBUG   server.c:693: Answering STUN unauthorized error response
21:26:40 DEBUG   server.c:809: Answering STUN error response with code 401
21:26:40 DEBUG   server.c:538: Received STUN datagram from 13.11.159.168:14130
21:26:40 INFO    server.c:829: Got STUN binding from client 13.11.159.168:14130
21:26:40 DEBUG   server.c:782: Answering STUN Binding request
21:26:40 DEBUG   server.c:538: Received STUN datagram from 13.11.159.168:14130
21:26:40 WARN    server.c:725: No credentials for userhash
21:26:40 DEBUG   server.c:809: Answering STUN error response with code 401
21:26:55 DEBUG   server.c:538: Received STUN datagram from 13.11.159.168:14129
21:26:55 INFO    server.c:829: Got STUN binding from client 13.11.159.168:14129
21:26:55 DEBUG   server.c:782: Answering STUN Binding request
21:26:55 DEBUG   server.c:538: Received STUN datagram from 13.11.159.168:14130
21:26:55 INFO    server.c:829: Got STUN binding from client 13.11.159.168:14130
21:26:55 DEBUG   server.c:782: Answering STUN Binding request
paullouisageneau commented 2 years ago

Indeed, it looks like there is a bug with juice_server_add_credentials() causing credentials with non-zero lifetimes to be ignored (zero means unlimited lifetime here). Credentials with a limited lifetime are a very niche use case, even the violet server does not use it, so they were not tested properly.

Thank you for reporting, it is fixed by https://github.com/paullouisageneau/libjuice/pull/185.

fengshangren commented 2 years ago

The default life cycle of juice is 600000MS, which means that 600000MS releases this quota without data interaction

paullouisageneau commented 2 years ago

The default life cycle of juice is 600000MS, which means that 600000MS releases this quota without data interaction

No, you are confusing with allocation lifetime: an allocation will timeout if it's not refreshed by the client, irrelevant of data traffic, to clean up when a client does away.

The last parameter in juice_server_add_credentials() is the credentials lifetime. It means the username and password are temporary, they are only valid for that duration, then they expire and can't be used anymore. A credentials lifetime of 0 disables the behavior and prevents expiration.