int
nr_stun_request( StunAddress4* dest, int testNum, StunAddress4* sAddr )
{
int r,_status;
Data password2;
int port;
UINT4 interfaceIp=0;
nr_stun_message *resp;
Socket myFd;
StunAtrString username;
StunAtrString password;
char msg[NR_STUN_MAX_MESSAGE_SIZE];
int msgLen = NR_STUN_MAX_MESSAGE_SIZE;
StunAddress4 from;
nr_stun_message_attribute *attr;
assert( dest->addr != 0 );
assert( dest->port != 0 );
if ((r=nr_stun_randomPort(&port)))
ABORT(r);
if (sAddr)
{
interfaceIp = sAddr->addr;
if ( sAddr->port != 0 )
{
port = sAddr->port;
}
}
myFd = openPort(port,interfaceIp);
assert(myFd != -1);
strcpy(username.value,"hello");
strcpy(password.value,"hello");
username.sizeValue=5;
password.sizeValue=5;
nr_stun_send_test( myFd, dest, &username, &password, testNum);
getMessage( myFd,
msg,
&msgLen,
&from.addr,
&from.port);
r_log(NR_LOG_STUN, LOG_DEBUG, "Got a response");
if ((r=nr_stun_message_create2(&resp, (UCHAR*)msg, msgLen)))
ABORT(r);
password2.data = (UCHAR*)password.value;
password2.len = password.sizeValue;
if ((r=nr_stun_decode_message(resp, returnpassword, &password2))) {
r_log(NR_LOG_STUN, LOG_DEBUG, "Failed to parse message");
ABORT(r);
}
if (nr_stun_message_has_attribute(resp, NR_STUN_ATTR_ERROR_CODE, &attr)) {
r_log(NR_LOG_STUN, LOG_DEBUG, "Received error response");
if (attr->u.error_code.number == 300) {
if (!nr_stun_message_has_attribute(resp, NR_STUN_ATTR_ALTERNATE_SERVER, &attr)) {
r_log(NR_LOG_STUN, LOG_DEBUG, "Missing Alternate Server");
ABORT(R_FAILED);
}
dest->addr = ntohl(attr->u.alternate_server.u.addr4.sin_addr.s_addr);
dest->port = ntohs(attr->u.alternate_server.u.addr4.sin_port);
if ((r=nr_stun_request(dest, testNum, sAddr)))
ABORT(r);
return 0;
}
}
if ((r=nr_stun_process_response(resp, resp, &password2))) {
r_log(NR_LOG_STUN, LOG_DEBUG, "Failed to process message");
ABORT(r);
}
if (nr_stun_message_has_attribute(resp, NR_STUN_ATTR_FINGERPRINT, &attr)) {
r_log(NR_LOG_STUN, LOG_DEBUG, "Validating Fingerprint");
if (!attr->u.fingerprint.valid) {
r_log(NR_LOG_STUN, LOG_WARNING, "Fingerprint is bad");
ABORT(R_FAILED);
}
}
else if (resp->header.magic_cookie != MAGIC_COOKIE
&& resp->header.magic_cookie != MAGIC_COOKIE2) {
r_log(NR_LOG_STUN, LOG_WARNING, "Missing Magic Cookie");
ABORT(R_FAILED);
}
if (1) {
if (nr_stun_message_has_attribute(resp, NR_STUN_ATTR_MAPPED_ADDRESS, &attr)) {
r_log(NR_LOG_STUN, LOG_DEBUG, " MappedAddr=%s", attr->u.mapped_address.as_string);
}
if (nr_stun_message_has_attribute(resp, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, &attr)) {
r_log(NR_LOG_STUN, LOG_DEBUG, " XorMappedAddr=%s", attr->u.xor_mapped_address.unmasked.as_string);
}
}
_status=0;
abort:
return _status;
}
int nr_stun_client_process_response(nr_stun_client_ctx *ctx, UCHAR *msg, int len, nr_transport_addr *peer_addr)
{
int r,_status;
char string[256];
char *username = 0;
Data *password = 0;
nr_stun_message_attribute *attr;
nr_transport_addr *mapped_addr = 0;
int fail_on_error = 0;
UCHAR hmac_key_d[16];
Data hmac_key;
int compute_lt_key=0;
/* TODO([email protected]): Bug 1023619, refactor this. */
int response_matched=0;
ATTACH_DATA(hmac_key, hmac_key_d);
if ((ctx->state != NR_STUN_CLIENT_STATE_RUNNING) &&
(ctx->state != NR_STUN_CLIENT_STATE_WAITING))
ABORT(R_REJECTED);
r_log(NR_LOG_STUN,LOG_DEBUG,"STUN-CLIENT(%s): Inspecting STUN response (my_addr=%s, peer_addr=%s)",ctx->label,ctx->my_addr.as_string,peer_addr->as_string);
snprintf(string, sizeof(string)-1, "STUN-CLIENT(%s): Received ", ctx->label);
r_dump(NR_LOG_STUN, LOG_DEBUG, string, (char*)msg, len);
/* determine password */
switch (ctx->mode) {
case NR_STUN_CLIENT_MODE_BINDING_REQUEST_LONG_TERM_AUTH:
compute_lt_key = 1;
/* Fall through */
case NR_STUN_CLIENT_MODE_BINDING_REQUEST_SHORT_TERM_AUTH:
password = ctx->params.stun_binding_request.password;
break;
case NR_STUN_CLIENT_MODE_BINDING_REQUEST_NO_AUTH:
/* do nothing */
break;
case NR_STUN_CLIENT_MODE_BINDING_REQUEST_STUND_0_96:
/* do nothing */
break;
#ifdef USE_ICE
case NR_ICE_CLIENT_MODE_BINDING_REQUEST:
password = &ctx->params.ice_binding_request.password;
break;
case NR_ICE_CLIENT_MODE_USE_CANDIDATE:
password = &ctx->params.ice_binding_request.password;
break;
#endif /* USE_ICE */
#ifdef USE_TURN
case NR_TURN_CLIENT_MODE_ALLOCATE_REQUEST:
fail_on_error = 1;
compute_lt_key = 1;
username = ctx->auth_params.username;
password = &ctx->auth_params.password;
/* do nothing */
break;
case NR_TURN_CLIENT_MODE_REFRESH_REQUEST:
fail_on_error = 1;
compute_lt_key = 1;
username = ctx->auth_params.username;
password = &ctx->auth_params.password;
/* do nothing */
break;
case NR_TURN_CLIENT_MODE_PERMISSION_REQUEST:
fail_on_error = 1;
compute_lt_key = 1;
username = ctx->auth_params.username;
password = &ctx->auth_params.password;
/* do nothing */
break;
case NR_TURN_CLIENT_MODE_SEND_INDICATION:
/* do nothing -- we just got our DATA-INDICATION */
break;
#endif /* USE_TURN */
default:
assert(0);
ABORT(R_FAILED);
break;
}
if (compute_lt_key) {
if (!ctx->realm || !username) {
r_log(NR_LOG_STUN, LOG_DEBUG, "Long-term auth required but no realm/username specified. Randomizing key");
/* Fill the key with random bytes to guarantee non-match */
if (r=nr_crypto_random_bytes(hmac_key_d, sizeof(hmac_key_d)))
ABORT(r);
}
else {
if (r=nr_stun_compute_lt_message_integrity_password(username, ctx->realm,
password, &hmac_key))
ABORT(r);
}
password = &hmac_key;
}
if (ctx->response) {
nr_stun_message_destroy(&ctx->response);
}
/* TODO([email protected]): Bug 1023619, refactor this. */
if ((r=nr_stun_message_create2(&ctx->response, msg, len)))
ABORT(r);
if ((r=nr_stun_decode_message(ctx->response, nr_stun_client_get_password, password))) {
r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): error decoding response",ctx->label);
ABORT(r);
}
/* This will return an error if request and response don't match,
which is how we reject responses that match other contexts. */
if ((r=nr_stun_receive_message(ctx->request, ctx->response))) {
r_log(NR_LOG_STUN,LOG_DEBUG,"STUN-CLIENT(%s): Response is not for us",ctx->label);
ABORT(r);
}
r_log(NR_LOG_STUN,LOG_INFO,
"STUN-CLIENT(%s): Received response; processing",ctx->label);
response_matched=1;
/* TODO: !nn! currently using password!=0 to mean that auth is required,
* TODO: !nn! but we should probably pass that in explicitly via the
* TODO: !nn! usage (ctx->mode?) */
if (password) {
if (nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_NONCE, 0)) {
if ((r=nr_stun_receive_response_long_term_auth(ctx->response, ctx)))
ABORT(r);
}
else {
if ((r=nr_stun_receive_response_short_term_auth(ctx->response)))
ABORT(r);
}
}
if (NR_STUN_GET_TYPE_CLASS(ctx->response->header.type) == NR_CLASS_RESPONSE) {
if ((r=nr_stun_process_success_response(ctx->response)))
ABORT(r);
}
else {
if (fail_on_error) {
ctx->state = NR_STUN_CLIENT_STATE_FAILED;
}
/* Note: most times we call process_error_response, we get r != 0.
However, if the error is to be discarded, we get r == 0, smash
the error code, and just keep going.
*/
if ((r=nr_stun_process_error_response(ctx->response, &ctx->error_code))) {
ABORT(r);
}
else {
ctx->error_code = 0xffff;
/* drop the error on the floor */
ABORT(R_FAILED);
}
}
r_log(NR_LOG_STUN,LOG_DEBUG,"STUN-CLIENT(%s): Successfully parsed mode=%d",ctx->label,ctx->mode);
/* TODO: !nn! this should be moved to individual message receive/processing sections */
switch (ctx->mode) {
case NR_STUN_CLIENT_MODE_BINDING_REQUEST_LONG_TERM_AUTH:
case NR_STUN_CLIENT_MODE_BINDING_REQUEST_SHORT_TERM_AUTH:
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, 0))
ABORT(R_BAD_DATA);
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0))
ABORT(R_BAD_DATA);
mapped_addr = &ctx->results.stun_binding_response.mapped_addr;
break;
case NR_STUN_CLIENT_MODE_BINDING_REQUEST_NO_AUTH:
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, 0)) {
if (nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MAPPED_ADDRESS, 0)) {
/* Compensate for a bug in Google's STUN servers where they always respond with MAPPED-ADDRESS */
r_log(NR_LOG_STUN,LOG_INFO,"STUN-CLIENT(%s): No XOR-MAPPED-ADDRESS but MAPPED-ADDRESS. Falling back (though server is wrong).", ctx->label);
}
else {
ABORT(R_BAD_DATA);
}
}
mapped_addr = &ctx->results.stun_binding_response.mapped_addr;
break;
case NR_STUN_CLIENT_MODE_BINDING_REQUEST_STUND_0_96:
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MAPPED_ADDRESS, 0) && ! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, 0))
ABORT(R_BAD_DATA);
mapped_addr = &ctx->results.stun_binding_response_stund_0_96.mapped_addr;
break;
#ifdef USE_ICE
case NR_ICE_CLIENT_MODE_BINDING_REQUEST:
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, 0))
ABORT(R_BAD_DATA);
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0))
ABORT(R_BAD_DATA);
mapped_addr = &ctx->results.stun_binding_response.mapped_addr;
break;
case NR_ICE_CLIENT_MODE_USE_CANDIDATE:
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, 0))
ABORT(R_BAD_DATA);
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0))
ABORT(R_BAD_DATA);
mapped_addr = &ctx->results.stun_binding_response.mapped_addr;
break;
#endif /* USE_ICE */
#ifdef USE_TURN
case NR_TURN_CLIENT_MODE_ALLOCATE_REQUEST:
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, 0))
ABORT(R_BAD_DATA);
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0))
ABORT(R_BAD_DATA);
if (!nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_RELAY_ADDRESS, &attr))
ABORT(R_BAD_DATA);
if ((r=nr_stun_transport_addr_check(&attr->u.relay_address.unmasked,
ctx->mapped_addr_check_mask)))
ABORT(r);
if ((r=nr_transport_addr_copy(
&ctx->results.allocate_response.relay_addr,
&attr->u.relay_address.unmasked)))
ABORT(r);
if (!nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_LIFETIME, &attr))
ABORT(R_BAD_DATA);
ctx->results.allocate_response.lifetime_secs=attr->u.lifetime_secs;
r_log(NR_LOG_STUN,LOG_DEBUG,"STUN-CLIENT(%s): Received relay address: %s", ctx->label, ctx->results.allocate_response.relay_addr.as_string);
mapped_addr = &ctx->results.allocate_response.mapped_addr;
break;
case NR_TURN_CLIENT_MODE_REFRESH_REQUEST:
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0))
ABORT(R_BAD_DATA);
if (!nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_LIFETIME, &attr))
ABORT(R_BAD_DATA);
ctx->results.refresh_response.lifetime_secs=attr->u.lifetime_secs;
break;
case NR_TURN_CLIENT_MODE_PERMISSION_REQUEST:
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0))
ABORT(R_BAD_DATA);
break;
#endif /* USE_TURN */
default:
assert(0);
ABORT(R_FAILED);
break;
}
/* make sure we have the most up-to-date address from this peer */
if (nr_transport_addr_cmp(&ctx->peer_addr, peer_addr, NR_TRANSPORT_ADDR_CMP_MODE_ALL)) {
r_log(NR_LOG_STUN,LOG_INFO,"STUN-CLIENT(%s): Peer moved from %s to %s", ctx->label, ctx->peer_addr.as_string, peer_addr->as_string);
nr_transport_addr_copy(&ctx->peer_addr, peer_addr);
}
if (mapped_addr) {
if (nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, &attr)) {
if ((r=nr_stun_transport_addr_check(&attr->u.xor_mapped_address.unmasked,
ctx->mapped_addr_check_mask)))
ABORT(r);
if ((r=nr_transport_addr_copy(mapped_addr, &attr->u.xor_mapped_address.unmasked)))
ABORT(r);
}
else if (nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MAPPED_ADDRESS, &attr)) {
if ((r=nr_stun_transport_addr_check(&attr->u.mapped_address,
ctx->mapped_addr_check_mask)))
ABORT(r);
if ((r=nr_transport_addr_copy(mapped_addr, &attr->u.mapped_address)))
ABORT(r);
}
else
ABORT(R_BAD_DATA);
// STUN doesn't distinguish protocol in mapped address, therefore
// assign used protocol from peer_addr
if (mapped_addr->protocol!=peer_addr->protocol){
mapped_addr->protocol=peer_addr->protocol;
nr_transport_addr_fmt_addr_string(mapped_addr);
}
r_log(NR_LOG_STUN,LOG_DEBUG,"STUN-CLIENT(%s): Received mapped address: %s", ctx->label, mapped_addr->as_string);
}
ctx->state=NR_STUN_CLIENT_STATE_DONE;
_status=0;
abort:
if(_status && response_matched){
r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): Error processing response: %s, stun error code %d.", ctx->label, nr_strerror(_status), (int)ctx->error_code);
}
if ((ctx->state != NR_STUN_CLIENT_STATE_RUNNING) &&
(ctx->state != NR_STUN_CLIENT_STATE_WAITING)) {
/* Cancel the timer firing */
if (ctx->timer_handle) {
NR_async_timer_cancel(ctx->timer_handle);
ctx->timer_handle = 0;
}
nr_stun_client_fire_finished_cb(ctx);
}
return(_status);
}
int nr_stun_client_process_response(nr_stun_client_ctx *ctx, UCHAR *msg, int len, nr_transport_addr *peer_addr)
{
int r,_status;
char string[256];
Data *password = 0;
nr_stun_message_attribute *attr;
nr_transport_addr *mapped_addr = 0;
if(ctx->state==NR_STUN_CLIENT_STATE_CANCELLED)
ABORT(R_REJECTED);
if (ctx->state != NR_STUN_CLIENT_STATE_RUNNING)
ABORT(R_REJECTED);
r_log(NR_LOG_STUN,LOG_DEBUG,"STUN-CLIENT(%s): Received(my_addr=%s,peer_addr=%s)",ctx->label,ctx->my_addr.as_string,peer_addr->as_string);
snprintf(string, sizeof(string)-1, "STUN-CLIENT(%s): Received ", ctx->label);
r_dump(NR_LOG_STUN, LOG_DEBUG, string, (char*)msg, len);
/* determine password */
switch (ctx->mode) {
case NR_STUN_CLIENT_MODE_BINDING_REQUEST_LONG_TERM_AUTH:
case NR_STUN_CLIENT_MODE_BINDING_REQUEST_SHORT_TERM_AUTH:
password = ctx->params.stun_binding_request.password;
break;
case NR_STUN_CLIENT_MODE_BINDING_REQUEST_NO_AUTH:
/* do nothing */
break;
case NR_STUN_CLIENT_MODE_BINDING_REQUEST_STUND_0_96:
/* do nothing */
break;
#ifdef USE_ICE
case NR_ICE_CLIENT_MODE_BINDING_REQUEST:
password = &ctx->params.ice_binding_request.password;
break;
case NR_ICE_CLIENT_MODE_USE_CANDIDATE:
password = &ctx->params.ice_binding_request.password;
break;
#endif /* USE_ICE */
#ifdef USE_TURN
case NR_TURN_CLIENT_MODE_ALLOCATE_REQUEST1:
/* do nothing */
break;
case NR_TURN_CLIENT_MODE_ALLOCATE_REQUEST2:
/* do nothing */
break;
case NR_TURN_CLIENT_MODE_SET_ACTIVE_DEST_REQUEST:
/* do nothing */
break;
case NR_TURN_CLIENT_MODE_SEND_INDICATION:
/* do nothing -- we just got our DATA-INDICATION */
break;
#endif /* USE_TURN */
default:
assert(0);
ABORT(R_FAILED);
break;
}
#ifdef USE_TURN
if (ctx->mode == NR_TURN_CLIENT_MODE_SEND_INDICATION) {
/* SEND-INDICATION gets a DATA-INDICATION back, which will always
* be a different transaction, so don't perform the check in that
* case */
}
#endif /* USE_TURN */
if ((r=nr_stun_message_create2(&ctx->response, msg, len)))
ABORT(r);
if ((r=nr_stun_decode_message(ctx->response, nr_stun_client_get_password, password)))
ABORT(r);
if ((r=nr_stun_receive_message(ctx->request, ctx->response)))
ABORT(r);
/* TODO: !nn! currently using password!=0 to mean that auth is required,
* TODO: !nn! but we should probably pass that in explicitly via the
* TODO: !nn! usage (ctx->mode?) */
if (password) {
if (nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_NONCE, 0)) {
if ((r=nr_stun_receive_response_long_term_auth(ctx->response, ctx)))
ABORT(r);
}
else {
if ((r=nr_stun_receive_response_short_term_auth(ctx->response)))
ABORT(r);
}
}
if (NR_STUN_GET_TYPE_CLASS(ctx->response->header.type) == NR_CLASS_RESPONSE) {
if ((r=nr_stun_process_success_response(ctx->response)))
ABORT(r);
}
else {
if ((r=nr_stun_process_error_response(ctx->response))) {
ABORT(r);
}
else {
/* drop the error on the floor */
ABORT(R_FAILED);
}
}
/* TODO: !nn! this should be moved to individual message receive/processing sections */
switch (ctx->mode) {
case NR_STUN_CLIENT_MODE_BINDING_REQUEST_LONG_TERM_AUTH:
case NR_STUN_CLIENT_MODE_BINDING_REQUEST_SHORT_TERM_AUTH:
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, 0))
ABORT(R_BAD_DATA);
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0))
ABORT(R_BAD_DATA);
mapped_addr = &ctx->results.stun_binding_response.mapped_addr;
break;
case NR_STUN_CLIENT_MODE_BINDING_REQUEST_NO_AUTH:
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, 0))
ABORT(R_BAD_DATA);
mapped_addr = &ctx->results.stun_binding_response.mapped_addr;
break;
case NR_STUN_CLIENT_MODE_BINDING_REQUEST_STUND_0_96:
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MAPPED_ADDRESS, 0) && ! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, 0))
ABORT(R_BAD_DATA);
mapped_addr = &ctx->results.stun_binding_response_stund_0_96.mapped_addr;
break;
#ifdef USE_ICE
case NR_ICE_CLIENT_MODE_BINDING_REQUEST:
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, 0))
ABORT(R_BAD_DATA);
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0))
ABORT(R_BAD_DATA);
mapped_addr = &ctx->results.stun_binding_response.mapped_addr;
break;
case NR_ICE_CLIENT_MODE_USE_CANDIDATE:
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, 0))
ABORT(R_BAD_DATA);
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0))
ABORT(R_BAD_DATA);
mapped_addr = &ctx->results.stun_binding_response.mapped_addr;
break;
#endif /* USE_ICE */
#ifdef USE_TURN
case NR_TURN_CLIENT_MODE_ALLOCATE_REQUEST1:
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_REALM, &attr))
ABORT(R_BAD_DATA);
ctx->results.allocate_response1.realm = attr->u.realm;
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_NONCE, &attr))
ABORT(R_BAD_DATA);
ctx->results.allocate_response1.nonce = attr->u.nonce;
break;
case NR_TURN_CLIENT_MODE_ALLOCATE_REQUEST2:
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_USERNAME, 0))
ABORT(R_BAD_DATA);
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, 0))
ABORT(R_BAD_DATA);
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0))
ABORT(R_BAD_DATA);
if (nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_RELAY_ADDRESS, &attr)) {
if ((r=nr_transport_addr_copy(
&ctx->results.allocate_response2.relay_addr,
&attr->u.relay_address)))
ABORT(r);
}
else {
if ((r=nr_transport_addr_copy(&ctx->results.allocate_response2.relay_addr, peer_addr)))
ABORT(r);
}
mapped_addr = &ctx->results.allocate_response2.mapped_addr;
break;
case NR_TURN_CLIENT_MODE_SET_ACTIVE_DEST_REQUEST:
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0))
ABORT(R_BAD_DATA);
break;
case NR_TURN_CLIENT_MODE_SEND_INDICATION:
if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_REMOTE_ADDRESS, 0))
ABORT(R_BAD_DATA);
break;
#endif /* USE_TURN */
default:
assert(0);
ABORT(R_FAILED);
break;
}
/* make sure we have the most up-to-date address from this peer */
if (nr_transport_addr_cmp(&ctx->peer_addr, peer_addr, NR_TRANSPORT_ADDR_CMP_MODE_ALL)) {
r_log(NR_LOG_STUN,LOG_INFO,"STUN-CLIENT(%s): Peer moved from %s to %s", ctx->label, ctx->peer_addr.as_string, peer_addr->as_string);
nr_transport_addr_copy(&ctx->peer_addr, peer_addr);
}
if (mapped_addr) {
if (nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, &attr)) {
if ((r=nr_transport_addr_copy(mapped_addr, &attr->u.xor_mapped_address.unmasked)))
ABORT(r);
}
else if (nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MAPPED_ADDRESS, &attr)) {
if ((r=nr_transport_addr_copy(mapped_addr, &attr->u.mapped_address)))
ABORT(r);
}
else
ABORT(R_BAD_DATA);
r_log(NR_LOG_STUN,LOG_DEBUG,"STUN-CLIENT(%s): Received mapped address: %s", ctx->label, mapped_addr->as_string);
}
ctx->state=NR_STUN_CLIENT_STATE_DONE;
_status=0;
abort:
if (ctx->state != NR_STUN_CLIENT_STATE_RUNNING) {
/* Cancel the timer firing */
if (ctx->timer_handle) {
NR_async_timer_cancel(ctx->timer_handle);
ctx->timer_handle = 0;
}
/* Fire the callback */
if (ctx->finished_cb) {
NR_async_cb finished_cb = ctx->finished_cb;
ctx->finished_cb = 0; /* prevent 2nd call */
/* finished_cb call must be absolutely last thing in function
* because as a side effect this ctx may be operated on in the
* callback */
finished_cb(0,0,ctx->cb_arg);
}
}
return(_status);
}
int nr_turn_client_parse_data_indication(nr_turn_client_ctx *ctx,
nr_transport_addr *source_addr,
UCHAR *msg, size_t len,
UCHAR *newmsg, size_t *newlen,
size_t newsize,
nr_transport_addr *remote_addr)
{
int r,_status;
nr_stun_message *ind=0;
nr_stun_message_attribute *attr;
nr_turn_permission *perm;
if (nr_transport_addr_cmp(&ctx->turn_server_addr, source_addr,
NR_TRANSPORT_ADDR_CMP_MODE_ALL)) {
r_log(NR_LOG_TURN, LOG_WARNING,
"TURN(%s): Indication from unexpected source addr %s (expected %s)",
ctx->label, source_addr->as_string, ctx->turn_server_addr.as_string);
ABORT(R_REJECTED);
}
if ((r=nr_stun_message_create2(&ind, msg, len)))
ABORT(r);
if ((r=nr_stun_decode_message(ind, 0, 0)))
ABORT(r);
if (ind->header.type != NR_STUN_MSG_DATA_INDICATION)
ABORT(R_BAD_ARGS);
if (!nr_stun_message_has_attribute(ind, NR_STUN_ATTR_XOR_PEER_ADDRESS, &attr))
ABORT(R_BAD_ARGS);
if ((r=nr_turn_permission_find(ctx, &attr->u.xor_mapped_address.unmasked,
&perm))) {
if (r == R_NOT_FOUND) {
r_log(NR_LOG_TURN, LOG_WARNING,
"TURN(%s): Indication from peer addr %s with no permission",
ctx->label, attr->u.xor_mapped_address.unmasked.as_string);
}
ABORT(r);
}
if ((r=nr_transport_addr_copy(remote_addr,
&attr->u.xor_mapped_address.unmasked)))
ABORT(r);
#if REFRESH_RESERVATION_ON_RECV
if ((r=nr_turn_client_ensure_perm(ctx, remote_addr))) {
ABORT(r);
}
#endif
if (!nr_stun_message_has_attribute(ind, NR_STUN_ATTR_DATA, &attr)) {
ABORT(R_BAD_DATA);
}
assert(newsize >= attr->u.data.length);
if (newsize < attr->u.data.length)
ABORT(R_BAD_ARGS);
memcpy(newmsg, attr->u.data.data, attr->u.data.length);
*newlen = attr->u.data.length;
_status=0;
abort:
nr_stun_message_destroy(&ind);
return(_status);
}
int
nr_stun_server_process(StunServerInfo* info)
{
int r,_status;
char msg[NR_STUN_MAX_MESSAGE_SIZE];
int msgLen = sizeof(msg);
char ok = 0;
char recvAltIp =0;
char recvAltPort = 0;
fd_set fdSet;
Socket maxFd=0;
struct timeval tv;
nr_stun_message *req;
nr_stun_message *resp;
Data password = { (UCHAR*)"hello", 5 };
nr_transport_addr from2;
FD_ZERO(&fdSet);
FD_SET(info->myFd,&fdSet);
if ( info->myFd >= maxFd ) maxFd=info->myFd+1;
tv.tv_sec = 1;
tv.tv_usec = 0;
int e = select( maxFd, &fdSet, NULL,NULL, &tv );
if (e < 0)
{
r_log_e(NR_LOG_STUN, LOG_WARNING, "Error on select");
}
else if (e >= 0)
{
StunAddress4 from;
if (FD_ISSET(info->myFd,&fdSet))
{
r_log(NR_LOG_STUN, LOG_DEBUG, "received on A1:P1");
recvAltIp = 0;
recvAltPort = 0;
ok = 1;
if (getMessage( info->myFd, msg, &msgLen, &from.addr, &from.port))
ok = 0;
}
else
{
goto done;
}
if ( !ok )
{
r_log(NR_LOG_STUN, LOG_DEBUG, "Get message did not return a valid message");
goto done;
}
r_log(NR_LOG_STUN, LOG_DEBUG, "Got request (len=%u) from %s",msgLen,nr_ip4toa(&from));
if ( msgLen <= 0 )
{
goto done;
}
if ((r=nr_stun_message_create2(&req, (UCHAR*)msg, msgLen))) {
fprintf(stderr,"Error in nr_stun_message_create2\n");
exit(1);
}
if ((r=nr_stun_decode_message(req, returnpassword, &password))) {
fprintf(stderr,"Error in nr_stun_parse_message\n");
exit(1);
}
if ((r=nr_stun_message_create(&resp))) {
fprintf(stderr,"Error in nr_stun_message_create\n");
exit(1);
}
nr_ip4_port_to_transport_addr(from.addr, from.port, IPPROTO_UDP, &from2);
if ((r=nr_stun_receive_message(0, req))) {
r_log(NR_LOG_STUN, LOG_DEBUG, "Failed to receive message");
nr_stun_form_error_response(req, resp, 400, "Bad Message");
}
else if (alternate_server && from.addr != info->myAddr.addr) {
/* NOTE: this code is broken because we don't want 'from', we want 'to',
* but UNIX doesn't provide a way to easily get that information, so
* the -a flag only works when the client and server reside on the
* same machine */
/* send ALTERNATE-SERVER */
nr_transport_addr alternate_server;
nr_stun_form_error_response(req, resp, 300, "Alternate Server");
nr_ip4_port_to_transport_addr(info->myAddr.addr, info->myAddr.port, IPPROTO_UDP, &alternate_server);
nr_stun_message_add_alternate_server_attribute(resp, &alternate_server);
}
else if ((r=nr_stun_process_request(req,resp))) {
r_log(NR_LOG_STUN, LOG_DEBUG, "Failed to process request");
/* continue, even though failed to parse message, to send error message */
}
else {
nr_stun_form_success_response(req, &from2, &password, resp);
}
if ((r=nr_stun_encode_message(resp)))
{
/* ignore this failure */
}
else if (from.addr != 0 && from.port != 0)
{
if ( info->myFd != INVALID_SOCKET )
{
sendMessage(info->myFd, (char*)resp->buffer, resp->length, from.addr, from.port);
}
}
}
done:
_status=0;
// abort:
return _status;
}