int
nr_stun_client_reset(nr_stun_client_ctx *ctx)
{
/* Cancel the timer firing */
if (ctx->timer_handle){
NR_async_timer_cancel(ctx->timer_handle);
ctx->timer_handle=0;
}
nr_stun_message_destroy(&ctx->request);
ctx->request = 0;
nr_stun_message_destroy(&ctx->response);
ctx->response = 0;
memset(&ctx->results, 0, sizeof(ctx->results));
ctx->mode = 0;
ctx->finished_cb = 0;
ctx->cb_arg = 0;
ctx->request_ct = 0;
ctx->timeout_ms = 0;
ctx->state = NR_STUN_CLIENT_STATE_INITTED;
return 0;
}
int
nr_stun_build_allocate_request(nr_stun_client_auth_params *auth, nr_stun_client_allocate_request_params *params, nr_stun_message **msg)
{
int r,_status;
nr_stun_message *req = 0;
if ((r=nr_stun_form_request_or_indication(NR_STUN_MODE_STUN, NR_STUN_MSG_ALLOCATE_REQUEST, &req)))
ABORT(r);
if ((r=nr_stun_message_add_requested_transport_attribute(req, NR_STUN_ATTR_REQUESTED_TRANSPORT_UDP)))
ABORT(r);
if ((r=nr_stun_message_add_lifetime_attribute(req, params->lifetime_secs)))
ABORT(r);
/* TODO([email protected]): Add the SOFTWARE attribute (Firefox bug 857666) */
if ((r=nr_stun_build_auth_params(auth, req)))
ABORT(r);
*msg = req;
_status=0;
abort:
if (_status) nr_stun_message_destroy(&req);
return _status;
}
int
nr_stun_build_use_candidate(nr_stun_client_ice_use_candidate_params *params, nr_stun_message **msg)
{
int r,_status;
nr_stun_message *req = 0;
if ((r=nr_stun_form_request_or_indication(NR_STUN_MODE_STUN, NR_STUN_MSG_BINDING_REQUEST, &req)))
ABORT(r);
if ((r=nr_stun_message_add_username_attribute(req, params->username)))
ABORT(r);
if ((r=nr_stun_message_add_message_integrity_attribute(req, ¶ms->password)))
ABORT(r);
if ((r=nr_stun_message_add_use_candidate_attribute(req)))
ABORT(r);
if ((r=nr_stun_message_add_priority_attribute(req, params->priority)))
ABORT(r);
if ((r=nr_stun_message_add_ice_controlling_attribute(req, params->tiebreaker)))
ABORT(r);
*msg = req;
_status=0;
abort:
if (_status) nr_stun_message_destroy(&req);
return _status;
}
int
nr_stun_build_req_lt_auth(nr_stun_client_stun_binding_request_params *params, nr_stun_message **msg)
{
int r,_status;
nr_stun_message *req = 0;
if ((r=nr_stun_form_request_or_indication(NR_STUN_MODE_STUN, NR_STUN_MSG_BINDING_REQUEST, &req)))
ABORT(r);
if ((r=nr_stun_message_add_username_attribute(req, params->username)))
ABORT(r);
if (params->realm && params->nonce) {
if ((r=nr_stun_message_add_realm_attribute(req, params->realm)))
ABORT(r);
if ((r=nr_stun_message_add_nonce_attribute(req, params->nonce)))
ABORT(r);
if ((r=nr_stun_message_add_message_integrity_attribute(req, params->password)))
ABORT(r);
}
*msg = req;
_status=0;
abort:
if (_status) nr_stun_message_destroy(&req);
return _status;
}
/* TODO([email protected]): We currently don't support channels. We might in the future. Mozilla bug 857736 */ int nr_turn_client_send_indication(nr_turn_client_ctx *ctx, const UCHAR *msg, size_t len, int flags, nr_transport_addr *remote_addr) { int r,_status; nr_stun_client_send_indication_params params = { { 0 } }; nr_stun_message *ind = 0; if (ctx->state != NR_TURN_CLIENT_STATE_ALLOCATED) ABORT(R_FAILED); r_log(NR_LOG_TURN, LOG_DEBUG, "TURN(%s): Send indication len=%zu", ctx->label, len); if ((r=nr_turn_client_ensure_perm(ctx, remote_addr))) ABORT(r); if ((r=nr_transport_addr_copy(¶ms.remote_addr, remote_addr))) ABORT(r); params.data.data = (UCHAR*)msg; params.data.len = len; if ((r=nr_stun_build_send_indication(¶ms, &ind))) ABORT(r); if ((r=nr_turn_client_send_stun_request(ctx, ind, flags))) ABORT(r); _status=0; abort: nr_stun_message_destroy(&ind); return(_status); }
int
nr_stun_build_keepalive(nr_stun_client_stun_keepalive_params *params, nr_stun_message **msg)
{
int r,_status;
nr_stun_message *ind = 0;
if ((r=nr_stun_form_request_or_indication(NR_STUN_MODE_STUN, NR_STUN_MSG_BINDING_INDICATION, &ind)))
ABORT(r);
*msg = ind;
_status=0;
abort:
if (_status) nr_stun_message_destroy(&ind);
return _status;
}
int
nr_stun_build_req_no_auth(nr_stun_client_stun_binding_request_params *params, nr_stun_message **msg)
{
int r,_status;
nr_stun_message *req = 0;
if ((r=nr_stun_form_request_or_indication(NR_STUN_MODE_STUN, NR_STUN_MSG_BINDING_REQUEST, &req)))
ABORT(r);
*msg = req;
_status=0;
abort:
if (_status) nr_stun_message_destroy(&req);
return _status;
}
int nr_stun_build_permission_request(nr_stun_client_auth_params *auth, nr_stun_client_permission_request_params *params, nr_stun_message **msg)
{
int r,_status;
nr_stun_message *req = 0;
if ((r=nr_stun_form_request_or_indication(NR_STUN_MODE_STUN, NR_STUN_MSG_PERMISSION_REQUEST, &req)))
ABORT(r);
if ((r=nr_stun_message_add_xor_peer_address_attribute(req, ¶ms->remote_addr)))
ABORT(r);
if ((r=nr_stun_build_auth_params(auth, req)))
ABORT(r);
*msg = req;
_status=0;
abort:
if (_status) nr_stun_message_destroy(&req);
return _status;
}
int
nr_stun_build_data_indication(nr_stun_client_data_indication_params *params, nr_stun_message **msg)
{
int r,_status;
nr_stun_message *ind = 0;
if ((r=nr_stun_form_request_or_indication(NR_STUN_MODE_STUN, NR_STUN_MSG_DATA_INDICATION, &ind)))
ABORT(r);
if ((r=nr_stun_message_add_xor_peer_address_attribute(ind, ¶ms->remote_addr)))
ABORT(r);
if ((r=nr_stun_message_add_data_attribute(ind, params->data.data, params->data.len)))
ABORT(r);
*msg = ind;
_status=0;
abort:
if (_status) nr_stun_message_destroy(&ind);
return _status;
}
int
nr_stun_build_req_ice(nr_stun_client_ice_binding_request_params *params, nr_stun_message **msg)
{
int r,_status;
nr_stun_message *req = 0;
if ((r=nr_stun_form_request_or_indication(NR_STUN_MODE_STUN, NR_STUN_MSG_BINDING_REQUEST, &req)))
ABORT(r);
if ((r=nr_stun_message_add_username_attribute(req, params->username)))
ABORT(r);
if ((r=nr_stun_message_add_message_integrity_attribute(req, ¶ms->password)))
ABORT(r);
if ((r=nr_stun_message_add_priority_attribute(req, params->priority)))
ABORT(r);
switch (params->control) {
case NR_ICE_CONTROLLING:
if ((r=nr_stun_message_add_ice_controlling_attribute(req, params->tiebreaker)))
ABORT(r);
break;
case NR_ICE_CONTROLLED:
if ((r=nr_stun_message_add_ice_controlled_attribute(req, params->tiebreaker)))
ABORT(r);
break;
default:
assert(0);
ABORT(R_INTERNAL);
}
*msg = req;
_status=0;
abort:
if (_status) nr_stun_message_destroy(&req);
return _status;
}
int
nr_stun_build_req_stund_0_96(nr_stun_client_stun_binding_request_stund_0_96_params *params, nr_stun_message **msg)
{
int r,_status;
nr_stun_message *req = 0;
if ((r=nr_stun_form_request_or_indication(NR_STUN_MODE_STUND_0_96, NR_STUN_MSG_BINDING_REQUEST, &req)))
ABORT(r);
if ((r=nr_stun_message_add_change_request_attribute(req, 0)))
ABORT(r);
assert(! nr_stun_message_has_attribute(req, NR_STUN_ATTR_USERNAME, 0));
assert(! nr_stun_message_has_attribute(req, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0));
*msg = req;
_status=0;
abort:
if (_status) nr_stun_message_destroy(&req);
return _status;
}
int nr_turn_client_deallocate(nr_turn_client_ctx *ctx)
{
int r,_status;
nr_stun_message *aloc = 0;
nr_stun_client_auth_params auth;
nr_stun_client_refresh_request_params refresh;
if (ctx->state != NR_TURN_CLIENT_STATE_ALLOCATED)
return(0);
r_log(NR_LOG_TURN, LOG_INFO, "TURN(%s): deallocating", ctx->label);
refresh.lifetime_secs = 0;
auth.username = ctx->username;
INIT_DATA(auth.password, ctx->password->data, ctx->password->len);
auth.realm = ctx->realm;
auth.nonce = ctx->nonce;
auth.authenticate = 1;
if ((r=nr_stun_build_refresh_request(&auth, &refresh, &aloc)))
ABORT(r);
// We are only sending a single request here because we are in the process of
// shutting everything down. Theoretically we should probably start a seperate
// STUN transaction which outlives the TURN context.
if ((r=nr_turn_client_send_stun_request(ctx, aloc, 0)))
ABORT(r);
ctx->state = NR_TURN_CLIENT_STATE_DEALLOCATING;
_status=0;
abort:
nr_stun_message_destroy(&aloc);
return(_status);
}
int nr_stun_client_process_response(nr_stun_client_ctx *ctx, UCHAR *msg, int len, nr_transport_addr *peer_addr)
{
int r,_status;
char string[256];
char *username = 0;
Data *password = 0;
nr_stun_message_attribute *attr;
nr_transport_addr *mapped_addr = 0;
int fail_on_error = 0;
UCHAR hmac_key_d[16];
Data hmac_key;
int compute_lt_key=0;
/* TODO([email protected]): Bug 1023619, refactor this. */
int response_matched=0;
ATTACH_DATA(hmac_key, hmac_key_d);
if ((ctx->state != NR_STUN_CLIENT_STATE_RUNNING) &&
(ctx->state != NR_STUN_CLIENT_STATE_WAITING))
ABORT(R_REJECTED);
r_log(NR_LOG_STUN,LOG_DEBUG,"STUN-CLIENT(%s): Inspecting STUN response (my_addr=%s, peer_addr=%s)",ctx->label,ctx->my_addr.as_string,peer_addr->as_string);
snprintf(string, sizeof(string)-1, "STUN-CLIENT(%s): Received ", ctx->label);
r_dump(NR_LOG_STUN, LOG_DEBUG, string, (char*)msg, len);
/* determine password */
switch (ctx->mode) {
case NR_STUN_CLIENT_MODE_BINDING_REQUEST_LONG_TERM_AUTH:
compute_lt_key = 1;
/* Fall through */
case NR_STUN_CLIENT_MODE_BINDING_REQUEST_SHORT_TERM_AUTH:
password = ctx->params.stun_binding_request.password;
break;
case NR_STUN_CLIENT_MODE_BINDING_REQUEST_NO_AUTH:
/* do nothing */
break;
case NR_STUN_CLIENT_MODE_BINDING_REQUEST_STUND_0_96:
/* do nothing */
break;
#ifdef USE_ICE
case NR_ICE_CLIENT_MODE_BINDING_REQUEST:
password = &ctx->params.ice_binding_request.password;
break;
case NR_ICE_CLIENT_MODE_USE_CANDIDATE:
password = &ctx->params.ice_binding_request.password;
break;
#endif /* USE_ICE */
#ifdef USE_TURN
case NR_TURN_CLIENT_MODE_ALLOCATE_REQUEST:
fail_on_error = 1;
compute_lt_key = 1;
username = ctx->auth_params.username;
password = &ctx->auth_params.password;
/* do nothing */
break;
case NR_TURN_CLIENT_MODE_REFRESH_REQUEST:
fail_on_error = 1;
compute_lt_key = 1;
username = ctx->auth_params.username;
password = &ctx->auth_params.password;
/* do nothing */
break;
case NR_TURN_CLIENT_MODE_PERMISSION_REQUEST:
fail_on_error = 1;
compute_lt_key = 1;
username = ctx->auth_params.username;
password = &ctx->auth_params.password;
/* do nothing */
break;
case NR_TURN_CLIENT_MODE_SEND_INDICATION:
/* do nothing -- we just got our DATA-INDICATION */
break;
#endif /* USE_TURN */
default:
assert(0);
ABORT(R_FAILED);
break;
}
if (compute_lt_key) {
if (!ctx->realm || !username) {
r_log(NR_LOG_STUN, LOG_DEBUG, "Long-term auth required but no realm/username specified. Randomizing key");
/* Fill the key with random bytes to guarantee non-match */
if (r=nr_crypto_random_bytes(hmac_key_d, sizeof(hmac_key_d)))
ABORT(r);
}
else {
if (r=nr_stun_compute_lt_message_integrity_password(username, ctx->realm,
password, &hmac_key))
ABORT(r);
}
password = &hmac_key;
}
if (ctx->response) {
nr_stun_message_destroy(&ctx->response);
}
/* TODO([email protected]): Bug 1023619, refactor this. */
if ((r=nr_stun_message_create2(&ctx->response, msg, len)))
ABORT(r);
if ((r=nr_stun_decode_message(ctx->response, nr_stun_client_get_password, password))) {
r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): error decoding response",ctx->label);
ABORT(r);
}
/* This will return an error if request and response don't match,
which is how we reject responses that match other contexts. */
if ((r=nr_stun_receive_message(ctx->request, ctx->response))) {
r_log(NR_LOG_STUN,LOG_DEBUG,"STUN-CLIENT(%s): Response is not for us",ctx->label);
ABORT(r);
}
r_log(NR_LOG_STUN,LOG_INFO,
"STUN-CLIENT(%s): Received response; processing",ctx->label);
response_matched=1;
/* TODO: !nn! currently using password!=0 to mean that auth is required,
* TODO: !nn! but we should probably pass that in explicitly via the
* TODO: !nn! usage (ctx->mode?) */
if (password) {
if (nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_NONCE, 0)) {
if ((r=nr_stun_receive_response_long_term_auth(ctx->response, ctx)))
ABORT(r);
}
else {
if ((r=nr_stun_receive_response_short_term_auth(ctx->response)))
ABORT(r);
}
}
if (NR_STUN_GET_TYPE_CLASS(ctx->response->header.type) == NR_CLASS_RESPONSE) {
if ((r=nr_stun_process_success_response(ctx->response)))
ABORT(r);
}
else {
if (fail_on_error) {
ctx->state = NR_STUN_CLIENT_STATE_FAILED;
}
/* Note: most times we call process_error_response, we get r != 0.
However, if the error is to be discarded, we get r == 0, smash
the error code, and just keep going.
*/
if ((r=nr_stun_process_error_response(ctx->response, &ctx->error_code))) {
ABORT(r);
}
else {
ctx->error_code = 0xffff;
/* drop the error on the floor */
ABORT(R_FAILED);
}
}
r_log(NR_LOG_STUN,LOG_DEBUG,"STUN-CLIENT(%s): Successfully parsed mode=%d",ctx->label,ctx->mode);
/* TODO: !nn! this should be moved to individual message receive/processing sections */
switch (ctx->mode) {
case NR_STUN_CLIENT_MODE_BINDING_REQUEST_LONG_TERM_AUTH:
case NR_STUN_CLIENT_MODE_BINDING_REQUEST_SHORT_TERM_AUTH:
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, 0))
ABORT(R_BAD_DATA);
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0))
ABORT(R_BAD_DATA);
mapped_addr = &ctx->results.stun_binding_response.mapped_addr;
break;
case NR_STUN_CLIENT_MODE_BINDING_REQUEST_NO_AUTH:
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, 0)) {
if (nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MAPPED_ADDRESS, 0)) {
/* Compensate for a bug in Google's STUN servers where they always respond with MAPPED-ADDRESS */
r_log(NR_LOG_STUN,LOG_INFO,"STUN-CLIENT(%s): No XOR-MAPPED-ADDRESS but MAPPED-ADDRESS. Falling back (though server is wrong).", ctx->label);
}
else {
ABORT(R_BAD_DATA);
}
}
mapped_addr = &ctx->results.stun_binding_response.mapped_addr;
break;
case NR_STUN_CLIENT_MODE_BINDING_REQUEST_STUND_0_96:
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MAPPED_ADDRESS, 0) && ! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, 0))
ABORT(R_BAD_DATA);
mapped_addr = &ctx->results.stun_binding_response_stund_0_96.mapped_addr;
break;
#ifdef USE_ICE
case NR_ICE_CLIENT_MODE_BINDING_REQUEST:
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, 0))
ABORT(R_BAD_DATA);
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0))
ABORT(R_BAD_DATA);
mapped_addr = &ctx->results.stun_binding_response.mapped_addr;
break;
case NR_ICE_CLIENT_MODE_USE_CANDIDATE:
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, 0))
ABORT(R_BAD_DATA);
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0))
ABORT(R_BAD_DATA);
mapped_addr = &ctx->results.stun_binding_response.mapped_addr;
break;
#endif /* USE_ICE */
#ifdef USE_TURN
case NR_TURN_CLIENT_MODE_ALLOCATE_REQUEST:
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, 0))
ABORT(R_BAD_DATA);
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0))
ABORT(R_BAD_DATA);
if (!nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_RELAY_ADDRESS, &attr))
ABORT(R_BAD_DATA);
if ((r=nr_stun_transport_addr_check(&attr->u.relay_address.unmasked,
ctx->mapped_addr_check_mask)))
ABORT(r);
if ((r=nr_transport_addr_copy(
&ctx->results.allocate_response.relay_addr,
&attr->u.relay_address.unmasked)))
ABORT(r);
if (!nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_LIFETIME, &attr))
ABORT(R_BAD_DATA);
ctx->results.allocate_response.lifetime_secs=attr->u.lifetime_secs;
r_log(NR_LOG_STUN,LOG_DEBUG,"STUN-CLIENT(%s): Received relay address: %s", ctx->label, ctx->results.allocate_response.relay_addr.as_string);
mapped_addr = &ctx->results.allocate_response.mapped_addr;
break;
case NR_TURN_CLIENT_MODE_REFRESH_REQUEST:
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0))
ABORT(R_BAD_DATA);
if (!nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_LIFETIME, &attr))
ABORT(R_BAD_DATA);
ctx->results.refresh_response.lifetime_secs=attr->u.lifetime_secs;
break;
case NR_TURN_CLIENT_MODE_PERMISSION_REQUEST:
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0))
ABORT(R_BAD_DATA);
break;
#endif /* USE_TURN */
default:
assert(0);
ABORT(R_FAILED);
break;
}
/* make sure we have the most up-to-date address from this peer */
if (nr_transport_addr_cmp(&ctx->peer_addr, peer_addr, NR_TRANSPORT_ADDR_CMP_MODE_ALL)) {
r_log(NR_LOG_STUN,LOG_INFO,"STUN-CLIENT(%s): Peer moved from %s to %s", ctx->label, ctx->peer_addr.as_string, peer_addr->as_string);
nr_transport_addr_copy(&ctx->peer_addr, peer_addr);
}
if (mapped_addr) {
if (nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, &attr)) {
if ((r=nr_stun_transport_addr_check(&attr->u.xor_mapped_address.unmasked,
ctx->mapped_addr_check_mask)))
ABORT(r);
if ((r=nr_transport_addr_copy(mapped_addr, &attr->u.xor_mapped_address.unmasked)))
ABORT(r);
}
else if (nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MAPPED_ADDRESS, &attr)) {
if ((r=nr_stun_transport_addr_check(&attr->u.mapped_address,
ctx->mapped_addr_check_mask)))
ABORT(r);
if ((r=nr_transport_addr_copy(mapped_addr, &attr->u.mapped_address)))
ABORT(r);
}
else
ABORT(R_BAD_DATA);
// STUN doesn't distinguish protocol in mapped address, therefore
// assign used protocol from peer_addr
if (mapped_addr->protocol!=peer_addr->protocol){
mapped_addr->protocol=peer_addr->protocol;
nr_transport_addr_fmt_addr_string(mapped_addr);
}
r_log(NR_LOG_STUN,LOG_DEBUG,"STUN-CLIENT(%s): Received mapped address: %s", ctx->label, mapped_addr->as_string);
}
ctx->state=NR_STUN_CLIENT_STATE_DONE;
_status=0;
abort:
if(_status && response_matched){
r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): Error processing response: %s, stun error code %d.", ctx->label, nr_strerror(_status), (int)ctx->error_code);
}
if ((ctx->state != NR_STUN_CLIENT_STATE_RUNNING) &&
(ctx->state != NR_STUN_CLIENT_STATE_WAITING)) {
/* Cancel the timer firing */
if (ctx->timer_handle) {
NR_async_timer_cancel(ctx->timer_handle);
ctx->timer_handle = 0;
}
nr_stun_client_fire_finished_cb(ctx);
}
return(_status);
}
int nr_turn_client_parse_data_indication(nr_turn_client_ctx *ctx,
nr_transport_addr *source_addr,
UCHAR *msg, size_t len,
UCHAR *newmsg, size_t *newlen,
size_t newsize,
nr_transport_addr *remote_addr)
{
int r,_status;
nr_stun_message *ind=0;
nr_stun_message_attribute *attr;
nr_turn_permission *perm;
if (nr_transport_addr_cmp(&ctx->turn_server_addr, source_addr,
NR_TRANSPORT_ADDR_CMP_MODE_ALL)) {
r_log(NR_LOG_TURN, LOG_WARNING,
"TURN(%s): Indication from unexpected source addr %s (expected %s)",
ctx->label, source_addr->as_string, ctx->turn_server_addr.as_string);
ABORT(R_REJECTED);
}
if ((r=nr_stun_message_create2(&ind, msg, len)))
ABORT(r);
if ((r=nr_stun_decode_message(ind, 0, 0)))
ABORT(r);
if (ind->header.type != NR_STUN_MSG_DATA_INDICATION)
ABORT(R_BAD_ARGS);
if (!nr_stun_message_has_attribute(ind, NR_STUN_ATTR_XOR_PEER_ADDRESS, &attr))
ABORT(R_BAD_ARGS);
if ((r=nr_turn_permission_find(ctx, &attr->u.xor_mapped_address.unmasked,
&perm))) {
if (r == R_NOT_FOUND) {
r_log(NR_LOG_TURN, LOG_WARNING,
"TURN(%s): Indication from peer addr %s with no permission",
ctx->label, attr->u.xor_mapped_address.unmasked.as_string);
}
ABORT(r);
}
if ((r=nr_transport_addr_copy(remote_addr,
&attr->u.xor_mapped_address.unmasked)))
ABORT(r);
#if REFRESH_RESERVATION_ON_RECV
if ((r=nr_turn_client_ensure_perm(ctx, remote_addr))) {
ABORT(r);
}
#endif
if (!nr_stun_message_has_attribute(ind, NR_STUN_ATTR_DATA, &attr)) {
ABORT(R_BAD_DATA);
}
assert(newsize >= attr->u.data.length);
if (newsize < attr->u.data.length)
ABORT(R_BAD_ARGS);
memcpy(newmsg, attr->u.data.data, attr->u.data.length);
*newlen = attr->u.data.length;
_status=0;
abort:
nr_stun_message_destroy(&ind);
return(_status);
}