// test long-credential authentication
HRESULT CTestMessageHandler::Test4()
{
HRESULT hr=S_OK;
CStunMessageBuilder builder1, builder2;
CStunMessageReader readerResponse;
CSocketAddress addrMapped;
uint16_t errorcode = 0;
char szNonce[MAX_STUN_AUTH_STRING_SIZE+1];
char szRealm[MAX_STUN_AUTH_STRING_SIZE+1];
// -----------------------------------------------------------------------
// simulate a user making a request with no message integrity attribute (or username, or realm)
InitBindingRequest(builder1);
builder1.FixLengthField();
ChkA(SendHelper(builder1, &readerResponse, _spAuthLong));
Chk(readerResponse.GetErrorCode(&errorcode));
ChkIfA(readerResponse.GetMessageClass() != ::StunMsgClassFailureResponse, E_UNEXPECTED);
ChkIf(errorcode != ::STUN_ERROR_UNAUTHORIZED, E_UNEXPECTED);
readerResponse.GetStringAttributeByType(STUN_ATTRIBUTE_REALM, szRealm, ARRAYSIZE(szRealm));
readerResponse.GetStringAttributeByType(STUN_ATTRIBUTE_NONCE, szNonce, ARRAYSIZE(szNonce));
// --------------------------------------------------------------------------------
// now simulate the follow-up request
readerResponse.Reset();
InitBindingRequest(builder2);
builder2.AddNonce(szNonce);
builder2.AddRealm(szRealm);
builder2.AddUserName("AuthorizedUser");
builder2.AddMessageIntegrityLongTerm("AuthorizedUser", szRealm, "password");
builder2.FixLengthField();
ChkA(SendHelper(builder2, &readerResponse, _spAuthLong));
ChkIfA(readerResponse.GetMessageClass() != ::StunMsgClassSuccessResponse, E_UNEXPECTED);
// should have a mapped address
ChkA(readerResponse.GetMappedAddress(&addrMapped));
// and the message integrity field should be valid
ChkA(readerResponse.ValidateMessageIntegrityLong("AuthorizedUser", szRealm, "password"));
Cleanup:
return hr;
}
HRESULT CTestReader::Test1()
{
HRESULT hr = S_OK;
StunAttribute attrib;
const char* pszExpectedSoftwareAttribute = "STUN test client";
const char* pszExpectedUserName = "******";
CRefCountedBuffer spBuffer;
char szStringValue[100];
const unsigned char *req = c_requestbytes;
size_t requestsize = sizeof(c_requestbytes)-1; // -1 to get rid of the trailing null
CStunMessageReader reader;
CStunMessageReader::ReaderParseState state;
// reader is expecting at least enough bytes to fill the header
ChkIfA(reader.AddBytes(NULL, 0) != CStunMessageReader::HeaderNotRead, E_FAIL);
ChkIfA(reader.HowManyBytesNeeded() != STUN_HEADER_SIZE, E_FAIL);
state = reader.AddBytes(req, requestsize);
ChkIfA(state != CStunMessageReader::BodyValidated, E_FAIL);
ChkIfA(reader.HowManyBytesNeeded() != 0, E_FAIL);
ChkA(reader.GetBuffer(&spBuffer));
ChkIfA(reader.GetMessageClass() != StunMsgClassRequest, E_FAIL);
ChkIfA(reader.GetMessageType() != StunMsgTypeBinding, E_FAIL);
ChkA(reader.GetAttributeByType(STUN_ATTRIBUTE_SOFTWARE, &attrib));
ChkIfA(attrib.attributeType != STUN_ATTRIBUTE_SOFTWARE, E_FAIL);
ChkIfA(0 != ::strncmp(pszExpectedSoftwareAttribute, (const char*)(spBuffer->GetData() + attrib.offset), attrib.size), E_FAIL);
ChkA(reader.GetAttributeByType(STUN_ATTRIBUTE_USERNAME, &attrib));
ChkIfA(attrib.attributeType != STUN_ATTRIBUTE_USERNAME, E_FAIL);
ChkIfA(0 != ::strncmp(pszExpectedUserName, (const char*)(spBuffer->GetData() + attrib.offset), attrib.size), E_FAIL);
ChkA(reader.GetStringAttributeByType(STUN_ATTRIBUTE_SOFTWARE, szStringValue, ARRAYSIZE(szStringValue)));
ChkIfA(0 != ::strcmp(pszExpectedSoftwareAttribute, szStringValue), E_FAIL);
ChkIfA(reader.HasFingerprintAttribute() == false, E_FAIL);
ChkIfA(reader.IsFingerprintAttributeValid() == false, E_FAIL);
ChkIfA(reader.HasMessageIntegrityAttribute() == false, E_FAIL);
ChkA(reader.ValidateMessageIntegrityShort(c_password));
Cleanup:
return hr;
}
// Test1 - just do a basic binding request
HRESULT CTestMessageHandler::Test1()
{
HRESULT hr = S_OK;
CStunMessageBuilder builder;
CRefCountedBuffer spBuffer, spBufferOut(new CBuffer(MAX_STUN_MESSAGE_SIZE));
CStunMessageReader reader;
StunMessageIn msgIn;
StunMessageOut msgOut;
TransportAddressSet tas = {};
InitTransportAddressSet(tas, true, true, true, true);
ChkA(InitBindingRequest(builder));
Chk(builder.GetResult(&spBuffer));
ChkIfA(CStunMessageReader::BodyValidated != reader.AddBytes(spBuffer->GetData(), spBuffer->GetSize()), E_FAIL);
// a message send to the PP socket on the server from the
msgIn.socketrole = RolePP;
msgIn.addrRemote = _addrMapped;
msgIn.pReader = &reader;
msgIn.addrLocal = _addrServerPP;
msgIn.fConnectionOriented = false;
spBuffer.reset();
msgOut.spBufferOut = spBufferOut;
msgOut.socketrole = RoleAA; // deliberately wrong - so we can validate if it got changed to RolePP
ChkA(CStunRequestHandler::ProcessRequest(msgIn, msgOut, &tas, NULL));
reader.Reset();
ChkIfA(CStunMessageReader::BodyValidated != reader.AddBytes(spBufferOut->GetData(), spBufferOut->GetSize()), E_FAIL);
// validate that the message returned is a success response for a binding request
ChkIfA(reader.GetMessageClass() != StunMsgClassSuccessResponse, E_FAIL);
ChkIfA(reader.GetMessageType() != (uint16_t)StunMsgTypeBinding, E_FAIL);
// Validate that the message came from the server port we expected
// and that it's the same address the server set for the origin address
ChkIfA(msgOut.socketrole != RolePP, E_FAIL);
ChkA(ValidateResponseOriginAddress(reader, _addrServerPP));
ChkIfA(msgOut.addrDest.IsSameIP_and_Port(_addrMapped)==false, E_FAIL);
// validate that the mapping was done correctly
ChkA(ValidateMappedAddress(reader, _addrMapped, false));
ChkA(ValidateOtherAddress(reader, _addrServerAA));
Cleanup:
return hr;
}
void CStunThreadMessageHandler::ProcessRequest(StunMessageEnvelope& message)
{
CStunMessageReader reader;
CStunMessageReader::ReaderParseState state;
uint16_t responsePort = 0;
HRESULT hr = S_OK;
ChkIfA(_spStunResponder == NULL, E_FAIL);
_spReaderBuffer->SetSize(0);
_spResponseBuffer->SetSize(0);
_message = message;
_addrResponse = message.remoteAddr;
_socketOutput = message.localSocket;
_fRequestHasResponsePort = false;
// zero out _error without the overhead of zero'ing out every byte in the strings
_error.errorcode = 0;
_error.szNonce[0] = 0;
_error.szRealm[0] = 0;
_error.attribUnknown = 0;
_integrity.fSendWithIntegrity = false;
_integrity.szUser[0] = '\0';
_integrity.szRealm[0] = '\0';
_integrity.szPassword[0] = '\0';
// attach the temp buffer to reader
reader.GetStream().Attach(_spReaderBuffer, true);
reader.SetAllowLegacyFormat(true);
// parse the request
state = reader.AddBytes(message.spBuffer->GetData(), message.spBuffer->GetSize());
// If we get something that can't be validated as a stun message, don't send back a response
// STUN RFC may suggest sending back a "500", but I think that's the wrong approach.
ChkIf (state != CStunMessageReader::BodyValidated, E_FAIL);
// Regardless of what we send back, let's always attempt to honor a response port request
// Fix the destination port if the client asked for us to send back to another port
if (SUCCEEDED(reader.GetResponsePort(&responsePort)))
{
_addrResponse.SetPort(responsePort);
_fRequestHasResponsePort = true;
}
reader.GetTransactionId(&_transid);
// ignore anything that is not a request (with no response)
ChkIf(reader.GetMessageClass() != StunMsgClassRequest, E_FAIL);
// pre-prep the error message in case we wind up needing to send it
_error.msgtype = reader.GetMessageType();
_error.msgclass = StunMsgClassFailureResponse;
if (reader.GetMessageType() != StunMsgTypeBinding)
{
// we're going to send back an error response
_error.errorcode = STUN_ERROR_BADREQUEST; // invalid request
}
else
{
// handle authentication - but only if an auth provider has been set
hr = ValidateAuth(reader);
// if auth succeeded, then carry on to handling the request
if (SUCCEEDED(hr) && (_error.errorcode==0))
{
// handle the binding request
hr = ProcessBindingRequest(reader);
}
// catch all for any case where an error occurred
if (FAILED(hr) && (_error.errorcode==0))
{
_error.errorcode = STUN_ERROR_BADREQUEST;
}
}
if (_error.errorcode != 0)
{
// if either ValidateAuth or ProcessBindingRequest set an errorcode, or a fatal error occurred
SendErrorResponse();
}
else
{
SendResponse();
}
Cleanup:
return;
}
// The goal of this test is to just validate that we can create a message from CStunMessageBuilder and have it's output parsed correctly by CStunMessageReader
// Also helps validate CSocketAddress
HRESULT CTestBuilder::Test1()
{
HRESULT hr = S_OK;
CStunMessageBuilder builder;
CStunMessageReader reader;
StunAttribute attrib;
CRefCountedBuffer spBuffer;
CRefCountedBuffer spBufferReader;
CSocketAddress addrValidate(0,0);
StunTransactionId transid = {};
uint32_t ipvalidate = 0;
CSocketAddress addr(0x7f000001, 9999);
CSocketAddress addrOrigin(0xAABBCCDD, 8888);
CSocketAddress addrOther(0x11223344, 7777);
ChkA(builder.AddBindingRequestHeader());
ChkA(builder.AddRandomTransactionId(&transid));
ChkA(builder.AddStringAttribute(STUN_ATTRIBUTE_SOFTWARE, "FOOBAR"));
ChkA(builder.AddMappedAddress(addr));
ChkA(builder.AddXorMappedAddress(addr));
ChkA(builder.AddOtherAddress(addrOther));
ChkA(builder.AddResponseOriginAddress(addrOrigin));
ChkA(builder.AddFingerprintAttribute());
ChkA(builder.GetResult(&spBuffer));
ChkIfA(CStunMessageReader::BodyValidated != reader.AddBytes(spBuffer->GetData(), spBuffer->GetSize()), E_FAIL);
ChkIfA(reader.HasFingerprintAttribute() == false, E_FAIL);
ChkIfA(reader.IsFingerprintAttributeValid() == false, E_FAIL);
ChkIfA(reader.GetMessageClass() != StunMsgClassRequest, E_FAIL);
ChkIfA(reader.GetMessageType() != StunMsgTypeBinding, E_FAIL);
ChkA(reader.GetBuffer(&spBufferReader));
ChkA(reader.GetAttributeByType(STUN_ATTRIBUTE_SOFTWARE, &attrib));
ChkIfA(attrib.attributeType != STUN_ATTRIBUTE_SOFTWARE, E_FAIL);
ChkIfA(0 != ::strncmp("FOOBAR", (const char*)(spBufferReader->GetData() + attrib.offset), attrib.size), E_FAIL);
ChkA(reader.GetXorMappedAddress(&addrValidate));
ChkIf(addrValidate.IsSameIP_and_Port(addr) == false, E_FAIL);
ChkIfA(addrValidate.GetIPLength() != 4, E_FAIL);
addrValidate = CSocketAddress(0,0);
ChkA(reader.GetMappedAddress(&addrValidate));
ChkIfA(addrValidate.GetPort() != 9999, E_FAIL);
ChkIfA(addrValidate.GetIPLength() != 4, E_FAIL);
ChkIfA(4 != addrValidate.GetIP(&ipvalidate, 4), E_FAIL);
ChkIfA(ipvalidate != 0x7f000001, E_FAIL);
addrValidate = CSocketAddress(0,0);
ipvalidate = 0;
reader.GetOtherAddress(&addrValidate);
ChkIfA(addrValidate.GetPort() != 7777, E_FAIL);
ChkIfA(addrValidate.GetIPLength() != 4, E_FAIL);
ChkIfA(4 != addrValidate.GetIP(&ipvalidate, 4), E_FAIL);
ChkIf(ipvalidate != 0x11223344, E_FAIL);
Cleanup:
return hr;
}