diff --git a/src/account_schema.h b/src/account_schema.h
index 3d4ae2153263236571142b922c8917e2cbd4add0..5a1bfd4d40ba145ceb9bb91d04f8f188d28fef43 100644
--- a/src/account_schema.h
+++ b/src/account_schema.h
@@ -82,6 +82,9 @@ static const char *const CONFIG_STUN_SERVER = "STUN.server";
static const char *const CONFIG_STUN_ENABLE = "STUN.enable";
static const char *const CONFIG_TURN_SERVER = "TURN.server";
static const char *const CONFIG_TURN_ENABLE = "TURN.enable";
+static const char *const CONFIG_TURN_SERVER_UNAME = "TURN.username";
+static const char *const CONFIG_TURN_SERVER_PWD = "TURN.password";
+static const char *const CONFIG_TURN_SERVER_REALM = "TURN.realm";
// SRTP specific parameters
static const char *const CONFIG_SRTP_ENABLE = "SRTP.enable";
diff --git a/src/ice_transport.cpp b/src/ice_transport.cpp
index d054b22c5e14383af9991cf411f8025ce816a9c8..54ec08376515d9de95204b73ed739b79a54ae6c7 100644
--- a/src/ice_transport.cpp
+++ b/src/ice_transport.cpp
@@ -150,8 +150,14 @@ IceTransport::IceTransport(const char* name, int component_count, bool master,
config_.turn.port = PJ_STUN_PORT;
}
- // No authorization yet
- //config_.turn.auth_cred.type = PJ_STUN_AUTH_STATIC;
+ // Authorization (only static plain password supported yet)
+ if (not options.turnServerPwd.empty()) {
+ config_.turn.auth_cred.type = PJ_STUN_AUTH_CRED_STATIC;
+ config_.turn.auth_cred.data.static_cred.data_type = PJ_STUN_PASSWD_PLAIN;
+ pj_cstr(&config_.turn.auth_cred.data.static_cred.realm, options.turnServerRealm.c_str());
+ pj_cstr(&config_.turn.auth_cred.data.static_cred.username, options.turnServerUserName.c_str());
+ pj_cstr(&config_.turn.auth_cred.data.static_cred.data, options.turnServerPwd.c_str());
+ }
// Only UDP yet
config_.turn.conn_type = PJ_TURN_TP_UDP;
diff --git a/src/ice_transport.h b/src/ice_transport.h
index c11d070e0238ac96ecc2a5cb49617bd6ea508dc1..2aa66a69008602d89e36e4a90a1f077880dbfba2 100644
--- a/src/ice_transport.h
+++ b/src/ice_transport.h
@@ -60,11 +60,14 @@ using IceRecvCb = std::function<ssize_t(unsigned char* buf, size_t len)>;
using IceCandidate = pj_ice_sess_cand;
struct IceTransportOptions {
- bool upnpEnable {false};
- IceTransportCompleteCb onInitDone {};
- IceTransportCompleteCb onNegoDone {};
- std::string stunServer {};
- std::string turnServer {};
+ bool upnpEnable {false};
+ IceTransportCompleteCb onInitDone {};
+ IceTransportCompleteCb onNegoDone {};
+ std::string stunServer {};
+ std::string turnServer {};
+ std::string turnServerUserName {}; //!< credential username
+ std::string turnServerPwd {}; //!< credential password
+ std::string turnServerRealm {}; //!< non-empty for long-term credential
};
class IceTransport {
diff --git a/src/sip/sipaccountbase.cpp b/src/sip/sipaccountbase.cpp
index 09c122d102d12a75ac9af870d53d3cba9e4e2aa4..744bfb6bb2b8cddb4ec91cc557aafa164d22d098 100644
--- a/src/sip/sipaccountbase.cpp
+++ b/src/sip/sipaccountbase.cpp
@@ -121,6 +121,9 @@ void SIPAccountBase::serialize(YAML::Emitter &out)
out << YAML::Key << Conf::STUN_SERVER_KEY << YAML::Value << stunServer_;
out << YAML::Key << Conf::TURN_ENABLED_KEY << YAML::Value << turnEnabled_;
out << YAML::Key << Conf::TURN_SERVER_KEY << YAML::Value << turnServer_;
+ out << YAML::Key << Conf::TURN_SERVER_UNAME_KEY << YAML::Value << turnServerUserName_;
+ out << YAML::Key << Conf::TURN_SERVER_PWD_KEY << YAML::Value << turnServerPwd_;
+ out << YAML::Key << Conf::TURN_SERVER_REALM_KEY << YAML::Value << turnServerRealm_;
}
void SIPAccountBase::serializeTls(YAML::Emitter &out)
@@ -170,6 +173,9 @@ void SIPAccountBase::unserialize(const YAML::Node &node)
parseValue(node, Conf::STUN_SERVER_KEY, stunServer_);
parseValue(node, Conf::TURN_ENABLED_KEY, turnEnabled_);
parseValue(node, Conf::TURN_SERVER_KEY, turnServer_);
+ parseValue(node, Conf::TURN_SERVER_UNAME_KEY, turnServerUserName_);
+ parseValue(node, Conf::TURN_SERVER_PWD_KEY, turnServerPwd_);
+ parseValue(node, Conf::TURN_SERVER_REALM_KEY, turnServerRealm_);
}
}
@@ -206,11 +212,16 @@ void SIPAccountBase::setAccountDetails(const std::map<std::string, std::string>
parseString(details, Conf::CONFIG_TLS_PRIVATE_KEY_FILE, tlsPrivateKeyFile_);
parseString(details, Conf::CONFIG_TLS_PASSWORD, tlsPassword_);
- // ICE - STUN/TURN
- parseString(details, Conf::CONFIG_STUN_SERVER, stunServer_);
+ // ICE - STUN
parseBool(details, Conf::CONFIG_STUN_ENABLE, stunEnabled_);
- parseString(details, Conf::CONFIG_TURN_SERVER, turnServer_);
+ parseString(details, Conf::CONFIG_STUN_SERVER, stunServer_);
+
+ // ICE - TURN
parseBool(details, Conf::CONFIG_TURN_ENABLE, turnEnabled_);
+ parseString(details, Conf::CONFIG_TURN_SERVER, turnServer_);
+ parseString(details, Conf::CONFIG_TURN_SERVER_UNAME, turnServerUserName_);
+ parseString(details, Conf::CONFIG_TURN_SERVER_PWD, turnServerPwd_);
+ parseString(details, Conf::CONFIG_TURN_SERVER_REALM, turnServerRealm_);
}
std::map<std::string, std::string>
@@ -234,6 +245,9 @@ SIPAccountBase::getAccountDetails() const
a.emplace(Conf::CONFIG_STUN_SERVER, stunServer_);
a.emplace(Conf::CONFIG_TURN_ENABLE, turnEnabled_ ? TRUE_STR : FALSE_STR);
a.emplace(Conf::CONFIG_TURN_SERVER, turnServer_);
+ a.emplace(Conf::CONFIG_TURN_SERVER_UNAME, turnServerUserName_);
+ a.emplace(Conf::CONFIG_TURN_SERVER_PWD, turnServerPwd_);
+ a.emplace(Conf::CONFIG_TURN_SERVER_REALM, turnServerRealm_);
a.emplace(Conf::CONFIG_TLS_CA_LIST_FILE, tlsCaListFile_);
a.emplace(Conf::CONFIG_TLS_CERTIFICATE_FILE, tlsCertificateFile_);
@@ -323,8 +337,12 @@ SIPAccountBase::getIceOptions() const noexcept
auto opts = Account::getIceOptions();
if (stunEnabled_)
opts.stunServer = stunServer_;
- if (turnEnabled_)
+ if (turnEnabled_) {
opts.turnServer = turnServer_;
+ opts.turnServerUserName = turnServerUserName_;
+ opts.turnServerPwd = turnServerPwd_;
+ opts.turnServerRealm = turnServerRealm_;
+ }
return opts;
}
diff --git a/src/sip/sipaccountbase.h b/src/sip/sipaccountbase.h
index 6728a3c9c1faa581b6cfb377b0a81cf9c7cfc51c..e4e4fd1f8ae037d48d8ac21b21cd59b992e07f5a 100644
--- a/src/sip/sipaccountbase.h
+++ b/src/sip/sipaccountbase.h
@@ -88,6 +88,9 @@ namespace Conf {
const char *const STUN_SERVER_KEY = "stunServer";
const char *const TURN_ENABLED_KEY = "turnEnabled";
const char *const TURN_SERVER_KEY = "turnServer";
+ const char *const TURN_SERVER_UNAME_KEY = "turnServerUserName";
+ const char *const TURN_SERVER_PWD_KEY = "turnServerPassword";
+ const char *const TURN_SERVER_REALM_KEY = "turnServerRealm";
const char *const CRED_KEY = "credential";
const char *const AUDIO_PORT_MIN_KEY = "audioPortMin";
const char *const AUDIO_PORT_MAX_KEY = "audioPortMax";
@@ -312,7 +315,10 @@ protected:
* The TURN server hostname (optional), used to provide the public IP address in case the softphone
* stay behind a NAT.
*/
- std::string turnServer_ {};
+ std::string turnServer_;
+ std::string turnServerUserName_;
+ std::string turnServerPwd_;
+ std::string turnServerRealm_;
std::string tlsCaListFile_;
std::string tlsCertificateFile_;