// This test validates that the construction and parsing of the message integrity attribute in a stun message works as expected
// The test also validates both short term and long term credential modes with or without the presence of a fingerprint attribute
HRESULT CTestIntegrity::TestMessageIntegrity(bool fWithFingerprint, bool fLongCredentials)
{
HRESULT hr = S_OK;
const char* pszUserName = "******";
const char* pszRealm = "stunrealm";
const char* pszPassword = "******";
CStunMessageBuilder builder;
CStunMessageReader reader;
uint8_t *pMsg = NULL;
size_t sizeMsg = 0;
CStunMessageReader::ReaderParseState state;
CRefCountedBuffer spBuffer;
builder.AddBindingRequestHeader();
builder.AddRandomTransactionId(NULL);
builder.AddUserName(pszUserName);
builder.AddRealm(pszRealm);
if (fLongCredentials == false)
{
Chk(builder.AddMessageIntegrityShortTerm(pszPassword));
}
else
{
Chk(builder.AddMessageIntegrityLongTerm(pszUserName, pszRealm, pszPassword));
}
if (fWithFingerprint)
{
builder.AddFingerprintAttribute();
}
Chk(builder.GetResult(&spBuffer));
pMsg = spBuffer->GetData();
sizeMsg = spBuffer->GetSize();
state = reader.AddBytes(pMsg, sizeMsg);
ChkIfA(state != CStunMessageReader::BodyValidated, E_FAIL);
ChkIfA(reader.HasMessageIntegrityAttribute()==false, E_FAIL);
if (fLongCredentials == false)
{
ChkA(reader.ValidateMessageIntegrityShort(pszPassword));
}
else
{
ChkA(reader.ValidateMessageIntegrityLong(pszUserName, pszRealm, pszPassword));
}
Cleanup:
return hr;
}
// test long-credential authentication
HRESULT CTestMessageHandler::Test4()
{
HRESULT hr=S_OK;
CStunMessageBuilder builder1, builder2;
CStunMessageReader readerResponse;
CSocketAddress addrMapped;
uint16_t errorcode = 0;
char szNonce[MAX_STUN_AUTH_STRING_SIZE+1];
char szRealm[MAX_STUN_AUTH_STRING_SIZE+1];
// -----------------------------------------------------------------------
// simulate a user making a request with no message integrity attribute (or username, or realm)
InitBindingRequest(builder1);
builder1.FixLengthField();
ChkA(SendHelper(builder1, &readerResponse, _spAuthLong));
Chk(readerResponse.GetErrorCode(&errorcode));
ChkIfA(readerResponse.GetMessageClass() != ::StunMsgClassFailureResponse, E_UNEXPECTED);
ChkIf(errorcode != ::STUN_ERROR_UNAUTHORIZED, E_UNEXPECTED);
readerResponse.GetStringAttributeByType(STUN_ATTRIBUTE_REALM, szRealm, ARRAYSIZE(szRealm));
readerResponse.GetStringAttributeByType(STUN_ATTRIBUTE_NONCE, szNonce, ARRAYSIZE(szNonce));
// --------------------------------------------------------------------------------
// now simulate the follow-up request
readerResponse.Reset();
InitBindingRequest(builder2);
builder2.AddNonce(szNonce);
builder2.AddRealm(szRealm);
builder2.AddUserName("AuthorizedUser");
builder2.AddMessageIntegrityLongTerm("AuthorizedUser", szRealm, "password");
builder2.FixLengthField();
ChkA(SendHelper(builder2, &readerResponse, _spAuthLong));
ChkIfA(readerResponse.GetMessageClass() != ::StunMsgClassSuccessResponse, E_UNEXPECTED);
// should have a mapped address
ChkA(readerResponse.GetMappedAddress(&addrMapped));
// and the message integrity field should be valid
ChkA(readerResponse.ValidateMessageIntegrityLong("AuthorizedUser", szRealm, "password"));
Cleanup:
return hr;
}
HRESULT CStunThreadMessageHandler::ValidateAuth(CStunMessageReader& reader)
{
AuthAttributes authattributes;
AuthResponse authresponse;
HRESULT hr = S_OK;
HRESULT hrRet = S_OK;
if (_spAuth == NULL)
{
return S_OK; // nothing to do if there is no auth mechanism in place
}
memset(&authattributes, '\0', sizeof(authattributes));
memset(&authresponse, '\0', sizeof(authresponse));
reader.GetStringAttributeByType(STUN_ATTRIBUTE_USERNAME, authattributes.szUser, ARRAYSIZE(authattributes.szUser));
reader.GetStringAttributeByType(STUN_ATTRIBUTE_REALM, authattributes.szRealm, ARRAYSIZE(authattributes.szRealm));
reader.GetStringAttributeByType(STUN_ATTRIBUTE_NONCE, authattributes.szNonce, ARRAYSIZE(authattributes.szNonce));
reader.GetStringAttributeByType(::STUN_ATTRIBUTE_LEGACY_PASSWORD, authattributes.szLegacyPassword, ARRAYSIZE(authattributes.szLegacyPassword));
authattributes.fMessageIntegrityPresent = reader.HasMessageIntegrityAttribute();
Chk(_spAuth->DoAuthCheck(&authattributes, &authresponse));
// enforce that everything is null terminated
authresponse.szNonce[ARRAYSIZE(authresponse.szNonce)-1] = 0;
authresponse.szRealm[ARRAYSIZE(authresponse.szRealm)-1] = 0;
authresponse.szPassword[ARRAYSIZE(authresponse.szPassword)-1] = 0;
// now decide how to handle the auth
if (authresponse.responseType == StaleNonce)
{
_error.errorcode = STUN_ERROR_STALENONCE;
}
else if (authresponse.responseType == Unauthorized)
{
_error.errorcode = STUN_ERROR_UNAUTHORIZED;
}
else if (authresponse.responseType == Reject)
{
_error.errorcode = STUN_ERROR_BADREQUEST;
}
else if (authresponse.responseType == Allow)
{
// nothing to do!
}
else if (authresponse.responseType == AllowConditional)
{
// validate the message in // if either ValidateAuth or ProcessBindingRequest set an errorcode....
if (authresponse.authCredMech == AuthCredLongTerm)
{
hrRet = reader.ValidateMessageIntegrityLong(authattributes.szUser, authattributes.szRealm, authresponse.szPassword);
}
else
{
hrRet = reader.ValidateMessageIntegrityShort(authresponse.szPassword);
}
if (SUCCEEDED(hrRet))
{
_integrity.fSendWithIntegrity = true;
_integrity.fUseLongTerm = (authresponse.authCredMech == AuthCredLongTerm);
COMPILE_TIME_ASSERT(sizeof(_integrity.szPassword)==sizeof(authresponse.szPassword));
strcpy(_integrity.szPassword, authresponse.szPassword);
strcpy(_integrity.szUser, authattributes.szUser);
strcpy(_integrity.szRealm, authattributes.szRealm);
}
else
{
// bad password - so now turn this thing into a 401
_error.errorcode = STUN_ERROR_UNAUTHORIZED;
}
}
if ((_error.errorcode == STUN_ERROR_UNAUTHORIZED) || (_error.errorcode == STUN_ERROR_STALENONCE))
{
strcpy(_error.szRealm, authresponse.szRealm);
strcpy(_error.szNonce, authresponse.szNonce);
}
Cleanup:
return hr;
}