StunUsageTurnReturn stun_usage_turn_process (StunMessage *msg,
struct sockaddr *relay_addr, socklen_t *relay_addrlen,
struct sockaddr *addr, socklen_t *addrlen,
struct sockaddr *alternate_server, socklen_t *alternate_server_len,
uint32_t *bandwidth, uint32_t *lifetime,
StunUsageTurnCompatibility compatibility)
{
int val, code = -1;
StunUsageTurnReturn ret = STUN_USAGE_TURN_RETURN_RELAY_SUCCESS;
if (stun_message_get_method (msg) != STUN_ALLOCATE)
return STUN_USAGE_TURN_RETURN_INVALID;
switch (stun_message_get_class (msg))
{
case STUN_REQUEST:
case STUN_INDICATION:
return STUN_USAGE_TURN_RETURN_INVALID;
case STUN_RESPONSE:
break;
case STUN_ERROR:
if (stun_message_find_error (msg, &code) != STUN_MESSAGE_RETURN_SUCCESS) {
/* missing ERROR-CODE: ignore message */
return STUN_USAGE_TURN_RETURN_INVALID;
}
/* NOTE: currently we ignore unauthenticated messages if the context
* is authenticated, for security reasons. */
stun_debug (" STUN error message received (code: %d)\n", code);
/* ALTERNATE-SERVER mechanism */
if ((code / 100) == 3) {
if (alternate_server && alternate_server_len) {
if (stun_message_find_addr (msg, STUN_ATTRIBUTE_ALTERNATE_SERVER,
alternate_server, alternate_server_len) !=
STUN_MESSAGE_RETURN_SUCCESS) {
stun_debug (" Unexpectedly missing ALTERNATE-SERVER attribute\n");
return STUN_USAGE_TURN_RETURN_ERROR;
}
} else {
if (!stun_message_has_attribute (msg,
STUN_ATTRIBUTE_ALTERNATE_SERVER)) {
stun_debug (" Unexpectedly missing ALTERNATE-SERVER attribute\n");
return STUN_USAGE_TURN_RETURN_ERROR;
}
}
stun_debug ("Found alternate server\n");
return STUN_USAGE_TURN_RETURN_ALTERNATE_SERVER;
}
return STUN_USAGE_TURN_RETURN_ERROR;
}
stun_debug ("Received %u-bytes STUN message\n", stun_message_length (msg));
if (compatibility == STUN_USAGE_TURN_COMPATIBILITY_DRAFT9) {
val = stun_message_find_xor_addr (msg,
STUN_ATTRIBUTE_XOR_MAPPED_ADDRESS, addr, addrlen);
if (val == STUN_MESSAGE_RETURN_SUCCESS)
ret = STUN_USAGE_TURN_RETURN_MAPPED_SUCCESS;
val = stun_message_find_xor_addr (msg,
STUN_ATTRIBUTE_RELAY_ADDRESS, relay_addr, relay_addrlen);
if (val != STUN_MESSAGE_RETURN_SUCCESS) {
stun_debug (" No RELAYED-ADDRESS: %d\n", val);
return STUN_USAGE_TURN_RETURN_ERROR;
}
} else if (compatibility == STUN_USAGE_TURN_COMPATIBILITY_GOOGLE) {
val = stun_message_find_addr (msg,
STUN_ATTRIBUTE_MAPPED_ADDRESS, relay_addr, relay_addrlen);
if (val != STUN_MESSAGE_RETURN_SUCCESS) {
stun_debug (" No MAPPED-ADDRESS: %d\n", val);
return STUN_USAGE_TURN_RETURN_ERROR;
}
} else if (compatibility == STUN_USAGE_TURN_COMPATIBILITY_MSN) {
val = stun_message_find_addr (msg,
STUN_ATTRIBUTE_MSN_MAPPED_ADDRESS, addr, addrlen);
if (val == STUN_MESSAGE_RETURN_SUCCESS)
ret = STUN_USAGE_TURN_RETURN_MAPPED_SUCCESS;
val = stun_message_find_addr (msg,
STUN_ATTRIBUTE_MAPPED_ADDRESS, relay_addr, relay_addrlen);
if (val != STUN_MESSAGE_RETURN_SUCCESS) {
stun_debug (" No MAPPED-ADDRESS: %d\n", val);
return STUN_USAGE_TURN_RETURN_ERROR;
}
}
stun_message_find32 (msg, STUN_ATTRIBUTE_LIFETIME, lifetime);
stun_message_find32 (msg, STUN_ATTRIBUTE_BANDWIDTH, bandwidth);
stun_debug (" Mapped address found!\n");
return ret;
}
StunUsageBindReturn stun_usage_bind_process (StunMessage *msg,
struct sockaddr *addr, socklen_t *addrlen,
struct sockaddr *alternate_server, socklen_t *alternate_server_len)
{
int code = -1;
StunMessageReturn val;
if (stun_message_get_method (msg) != STUN_BINDING)
return STUN_USAGE_BIND_RETURN_INVALID;
switch (stun_message_get_class (msg))
{
case STUN_REQUEST:
case STUN_INDICATION:
return STUN_USAGE_BIND_RETURN_INVALID;
case STUN_RESPONSE:
break;
case STUN_ERROR:
if (stun_message_find_error (msg, &code) != STUN_MESSAGE_RETURN_SUCCESS) {
/* missing ERROR-CODE: ignore message */
return STUN_USAGE_BIND_RETURN_INVALID;
}
/* NOTE: currently we ignore unauthenticated messages if the context
* is authenticated, for security reasons. */
stun_debug (" STUN error message received (code: %d)", code);
/* ALTERNATE-SERVER mechanism */
if ((code / 100) == 3) {
if (alternate_server && alternate_server_len) {
if (stun_message_find_addr (msg, STUN_ATTRIBUTE_ALTERNATE_SERVER,
(struct sockaddr_storage *) alternate_server,
alternate_server_len) != STUN_MESSAGE_RETURN_SUCCESS) {
stun_debug (" Unexpectedly missing ALTERNATE-SERVER attribute");
return STUN_USAGE_BIND_RETURN_ERROR;
}
} else {
if (!stun_message_has_attribute (msg, STUN_ATTRIBUTE_ALTERNATE_SERVER)) {
stun_debug (" Unexpectedly missing ALTERNATE-SERVER attribute");
return STUN_USAGE_BIND_RETURN_ERROR;
}
}
stun_debug ("Found alternate server");
return STUN_USAGE_BIND_RETURN_ALTERNATE_SERVER;
}
return STUN_USAGE_BIND_RETURN_ERROR;
default:
/* Fall through. */
break;
}
stun_debug ("Received %u-bytes STUN message", stun_message_length (msg));
val = stun_message_find_xor_addr (msg,
STUN_ATTRIBUTE_XOR_MAPPED_ADDRESS, (struct sockaddr_storage *)addr,
addrlen);
if (val != STUN_MESSAGE_RETURN_SUCCESS)
{
stun_debug (" No XOR-MAPPED-ADDRESS: %d", val);
val = stun_message_find_addr (msg,
STUN_ATTRIBUTE_MAPPED_ADDRESS, (struct sockaddr_storage *)addr,
addrlen);
if (val != STUN_MESSAGE_RETURN_SUCCESS)
{
stun_debug (" No MAPPED-ADDRESS: %d", val);
return STUN_USAGE_BIND_RETURN_ERROR;
}
}
stun_debug (" Mapped address found!");
return STUN_USAGE_BIND_RETURN_SUCCESS;
}
StunUsageIceReturn stun_usage_ice_conncheck_process (StunMessage *msg,
struct sockaddr *addr, socklen_t *addrlen,
StunUsageIceCompatibility compatibility)
{
int code = -1;
StunMessageReturn val;
if (stun_message_get_method (msg) != STUN_BINDING)
return STUN_USAGE_ICE_RETURN_INVALID;
switch (stun_message_get_class (msg))
{
case STUN_REQUEST:
case STUN_INDICATION:
return STUN_USAGE_ICE_RETURN_INVALID;
case STUN_RESPONSE:
break;
case STUN_ERROR:
if (stun_message_find_error (msg, &code) != STUN_MESSAGE_RETURN_SUCCESS) {
/* missing ERROR-CODE: ignore message */
return STUN_USAGE_ICE_RETURN_INVALID;
}
if (code == STUN_ERROR_ROLE_CONFLICT)
return STUN_USAGE_ICE_RETURN_ROLE_CONFLICT;
/* NOTE: currently we ignore unauthenticated messages if the context
* is authenticated, for security reasons. */
stun_debug (" STUN error message received (code: %d)\n", code);
return STUN_USAGE_ICE_RETURN_ERROR;
}
stun_debug ("Received %u-bytes STUN message\n", stun_message_length (msg));
if (compatibility == STUN_USAGE_ICE_COMPATIBILITY_MSN) {
StunTransactionId transid;
uint32_t magic_cookie;
stun_message_id (msg, transid);
magic_cookie = *((uint32_t *) transid);
val = stun_message_find_xor_addr_full (msg,
STUN_ATTRIBUTE_XOR_MAPPED_ADDRESS, addr, addrlen, htonl (magic_cookie));
} else {
val = stun_message_find_xor_addr (msg,
STUN_ATTRIBUTE_XOR_MAPPED_ADDRESS, addr, addrlen);
}
if (val != STUN_MESSAGE_RETURN_SUCCESS)
{
stun_debug (" No XOR-MAPPED-ADDRESS: %d\n", val);
val = stun_message_find_addr (msg,
STUN_ATTRIBUTE_MAPPED_ADDRESS, addr, addrlen);
if (val != STUN_MESSAGE_RETURN_SUCCESS)
{
stun_debug (" No MAPPED-ADDRESS: %d\n", val);
return STUN_USAGE_ICE_RETURN_NO_MAPPED_ADDRESS;
}
}
stun_debug ("Mapped address found!\n");
return STUN_USAGE_ICE_RETURN_SUCCESS;
}
/* Tests for message attribute parsing */
static void test_attribute (void)
{
static const uint8_t acme[] =
{0x04, 0x55, 0x00, 0x6C, // <-- update message length if needed!!
0x21, 0x12, 0xA4, 0x42, // cookie
0x76, 0x54, 0x32, 0x10,
0xfe, 0xdc, 0xba, 0x98,
0x76, 0x54, 0x32, 0x10,
/* FF01: empty */
0xff, 0x01, 0x00, 0x00,
/* FF02: address of unknown family, 32-bits */
0xff, 0x02, 0x00, 0x04,
0x41, 0x42, 0x43, 0x44,
/* FF03: too short IPv6 address */
0xff, 0x03, 0x00, 0x06,
0x00, 0x02, 0x12, 0x34,
0x20, 0x01, 0x0d, 0xb8,
/* FF04: valid IPv4 address, 64-bits */
0xff, 0x04, 0x00, 0x08,
0x00, 0x01, 0x12, 0x34,
0xc0, 0x00, 0x02, 0x01,
/* FF05: too long IPv4 address */
0xff, 0x05, 0x00, 0x0A,
0x00, 0x01, 0x12, 0x34,
0xc0, 0x00, 0x02, 0x01,
0x66, 0x60, 0x00, 0x00,
/* FF06: valid xor'd IPv6 address, 160-bits */
0xff, 0x06, 0x00, 0x14,
0x00, 0x02, 0x12, 0x34,
0x01, 0x13, 0xa9, 0xfa,
0xa8, 0xf9, 0x8c, 0xff,
0x20, 0x26, 0x74, 0x48,
0x8c, 0x9a, 0xec, 0xfd,
/* dummy USERNAME header */
0x00, 0x06, 0x00, 0x04,
0x41, 0x42, 0x43, 0x44,
/* MESSAGE-INTEGRITY attribute */
0x00, 0x08, 0x00, 0x14,
0x0b, 0xc4, 0xb2, 0x0c,
0x94, 0x58, 0xbb, 0x25,
0xa3, 0x22, 0x1a, 0xc8,
0xe1, 0x87, 0x32, 0x36,
0x3a, 0xfc, 0xe2, 0xc3};
union
{
struct sockaddr sa;
struct sockaddr_in6 s6;
} addr;
socklen_t addrlen;
uint32_t dword;
uint64_t qword;
char str[STUN_MAX_STR];
StunAgent agent;
StunMessage msg;
uint16_t known_attributes[] = {STUN_ATTRIBUTE_MESSAGE_INTEGRITY, STUN_ATTRIBUTE_USERNAME, 0};
printf ("Attribute test message length: %lu\n", sizeof (acme));
stun_agent_init (&agent, known_attributes,
STUN_COMPATIBILITY_RFC5389, STUN_AGENT_USAGE_SHORT_TERM_CREDENTIALS);
if (stun_agent_validate (&agent, &msg, acme, sizeof(acme),
NULL, NULL) != STUN_VALIDATION_UNAUTHORIZED)
fatal ("Unauthorized validation failed");
if (stun_agent_validate (&agent, &msg, acme, sizeof(acme),
test_attribute_validater, "bad__guy") != STUN_VALIDATION_UNAUTHORIZED)
fatal ("invalid password validation failed");
if (stun_agent_validate (&agent, &msg, acme, sizeof(acme),
test_attribute_validater, "good_guy") != STUN_VALIDATION_SUCCESS)
fatal ("good password validation failed");
if (stun_message_has_attribute (&msg, 0xff00))
fatal ("Absent attribute test failed");
if (!stun_message_has_attribute (&msg, 0xff01))
fatal ("Present attribute test failed");
if (stun_message_find_flag (&msg, 0xff00) != STUN_MESSAGE_RETURN_NOT_FOUND)
fatal ("Absent flag test failed");
if (stun_message_find_flag (&msg, 0xff01) != STUN_MESSAGE_RETURN_SUCCESS)
fatal ("Flag test failed");
if (stun_message_find_flag (&msg, 0xff02) != STUN_MESSAGE_RETURN_INVALID)
fatal ("Too big flag test failed");
if (stun_message_find32 (&msg, 0xff00, &dword) !=
STUN_MESSAGE_RETURN_NOT_FOUND)
fatal ("Absent dword test failed");
if (stun_message_find32 (&msg, 0xff01, &dword) != STUN_MESSAGE_RETURN_INVALID)
fatal ("Bad dword test failed");
if (stun_message_find32 (&msg, 0xff02, &dword) != STUN_MESSAGE_RETURN_SUCCESS)
fatal ("Double-word test failed");
if (stun_message_find64 (&msg, 0xff00, &qword) !=
STUN_MESSAGE_RETURN_NOT_FOUND)
fatal ("Absent qword test failed");
if (stun_message_find64 (&msg, 0xff01, &qword) != STUN_MESSAGE_RETURN_INVALID)
fatal ("Bad qword test failed");
if (stun_message_find64 (&msg, 0xff04, &qword) != STUN_MESSAGE_RETURN_SUCCESS)
fatal ("Quad-word test failed");
if (stun_message_find_string (&msg, 0xff00, str, STUN_MAX_CP) !=
STUN_MESSAGE_RETURN_NOT_FOUND)
fatal ("Absent string test failed");
if ((stun_message_find_string (&msg, 0xff02, str, STUN_MAX_CP) !=
STUN_MESSAGE_RETURN_SUCCESS)
|| strcmp (str, "ABCD"))
fatal ("String test failed");
addrlen = sizeof (addr);
if (stun_message_find_addr (&msg, 0xff01, &addr.sa, &addrlen) !=
STUN_MESSAGE_RETURN_INVALID)
fatal ("Too short addres test failed");
addrlen = sizeof (addr);
if (stun_message_find_addr (&msg, 0xff02, &addr.sa, &addrlen) !=
STUN_MESSAGE_RETURN_UNSUPPORTED_ADDRESS)
fatal ("Unknown address family test failed");
addrlen = sizeof (addr);
if (stun_message_find_addr (&msg, 0xff03, &addr.sa, &addrlen) !=
STUN_MESSAGE_RETURN_INVALID)
fatal ("Too short IPv6 address test failed");
addrlen = sizeof (addr);
if (stun_message_find_addr (&msg, 0xff04, &addr.sa, &addrlen) !=
STUN_MESSAGE_RETURN_SUCCESS)
fatal ("IPv4 address test failed");
addrlen = sizeof (addr);
if (stun_message_find_addr (&msg, 0xff05, &addr.sa, &addrlen) !=
STUN_MESSAGE_RETURN_INVALID)
fatal ("Too big IPv4 address test failed");
addrlen = sizeof (addr);
if (stun_message_find_xor_addr (&msg, 0xff06, &addr.sa, &addrlen) !=
STUN_MESSAGE_RETURN_SUCCESS ||
memcmp (&addr.s6.sin6_addr, "\x20\x01\x0d\xb8""\xde\xad\xbe\xef"
"\xde\xfa\xce\xd0""\xfa\xce\xde\xed", 16))
fatal ("IPv6 address test failed");
}
