Please add STUN server username and password support

[ndilieto]

This would be greatly appreciated, thanks.

[licaon-kter]

Wait...isn't the actual username and its password used?

[juha-h]

If stunuser and/or stunpass are not given, then looks like uri user (not auth user) and auth_pass are used:

	if (0 == msg_param_exists(&aor->params, "stunuser", &tmp))
		err |= param_dstr(&acc->stun_user, &aor->params, "stunuser");
	else
		err |= pl_strdup(&acc->stun_user, &aor->uri.user);

	if (0 == msg_param_exists(&aor->params, "stunpass", &tmp))
		err |= param_dstr(&acc->stun_pass, &aor->params, "stunpass");
	else if (acc->auth_pass)
		err |= str_dup(&acc->stun_pass, acc->auth_pass);

I can add stun user and stun pass when I get the time.

[ndilieto]

I've tried entering stunuser/stunpass but they get rejected. Maybe I am doing something wrong, but the help text (lines 82-84 of app/src/main/res/values/strings.xml) says they are not supported.

    <string name="stun_server_help">A STUN Server of form host[:port].
        Factory default value is \'stun.l.google.com:19302\', pointing to public Google STUN server.
        Username and password are currently not supported.

[juha-h]

Yes, they are not yet supported. It should work if you can configure your stun server to accept uri userpart as username and authentication password as password.

[ndilieto]

And would it also be possible to add "TURN" to media nat options? The turn module is already enabled so it probably is just a matter of adding turn/TURN to the arrays on lines 81-82 of app/src/main/kotlin/com/tutpro/baresip/AccountActivity.kt.

[juha-h]

I'll add TURN option too. New API functions need to be first added to baresip lib for setting STUN username and password (baresip/baresip#1015).

[ndilieto]

I'll add TURN option too.

Ok, many thanks. Watch out, the turn module needs the stun server uri to start with "turn:", not "stun:", see cherck on lines 188-189 of libbaresip-android/baresip/modules/turn/turn.c

        if (srv->scheme != STUN_SCHEME_TURN)
                return ENOTSUP;

Also ICE uses the scheme to decide whether to operate in STUN or TURN mode (lines 482-500 of libbaresip-android/baresip/modules/ice/ice.c)

        if (srv) {
                info("ice: new session with %s-server at %s (username=%s)\n",
                     srv->scheme == STUN_SCHEME_TURN ? "TURN" : "STUN",
                     srv->host, user);

                switch (srv->scheme) {

                case STUN_SCHEME_STUN:
                        usage = stun_usage_binding;
                        break;

                case STUN_SCHEME_TURN:
                        usage = stun_usage_relay;
                        break;

                default:
                        return ENOTSUP;
                }
        }

[juha-h]

I just pushed commit e7af96f to master that adds support for TURN server and STUN/TURN username/password.

New version that includes the commit is not in the stores yet, but if you @ndilieto are rolling your own baresip, please give it a try.

[ndilieto]

I've tried it and it works but the TURN module works only if I quit the application then restart it. I've traced it to the fact that when it starts up, account_alloc calls stunsrv_decode which calls stunuri_decode and therefore stunuri.scheme gets set correctly. When changing it from the gui without restarting instead, account_set_stun_host only calls stunuri_set_host which does not update stunuri.scheme. As a result the TURN module fails with ENOTSUP.

Perhaps account_set_stun_host needs to call stunuri_decode too?

[juha-h]

How about this (not tested)?

int account_set_stun_uri(struct account *acc, const char *uri)
{
	struct pl pl;
	int err;
	
	if (!acc)
		return EINVAL;

	acc->stun_host = mem_deref(acc->stun_host);

	if (!uri)
		return 0;

	pl_set_str(&pl, uri);
	err = stunuri_decode(&acc->stun_host, &pl);
	if (err)
		warning("account: decode '%r' failed: %m\n",
			&pl, err);
	
	return err;
}

[ndilieto]

How about this (not tested)?

It works but after the app is restarted, the STUN server in the gui loses the "turn:"/"stun:" prefix. I think this is because it gets populated by account_stun_host which only returns the host part after the prefix and it ignores the scheme.

[juha-h]

Yes, I noticed it too and I'm now in the process of adding two new API functions: account[_set]_stun_uri, since there is currently no way of getting the scheme of STUN server URI.

[juha-h]

Master branch is now using account[_set]_stun_uri API functions. Please try again.

[ndilieto]

It works. Many thanks for your very prompt reaction.

[juha-h]

Thanks for testing.