// test simple authentication
HRESULT CTestMessageHandler::Test3()
{
CStunMessageBuilder builder1, builder2, builder3;
CStunMessageReader readerResponse;
uint16_t errorcode = 0;
HRESULT hr = S_OK;
// -----------------------------------------------------------------------
// simulate an authorized user making a request with a valid password
ChkA(InitBindingRequest(builder1));
builder1.AddStringAttribute(STUN_ATTRIBUTE_USERNAME, "AuthorizedUser");
builder1.AddMessageIntegrityShortTerm("password");
builder1.FixLengthField();
ChkA(SendHelper(builder1, &readerResponse, _spAuthShort));
ChkA(readerResponse.ValidateMessageIntegrityShort("password"));
// -----------------------------------------------------------------------
// simulate a user with a bad password
readerResponse.Reset();
InitBindingRequest(builder2);
builder2.AddStringAttribute(STUN_ATTRIBUTE_USERNAME, "WrongUser");
builder2.AddMessageIntegrityShortTerm("wrongpassword");
builder2.FixLengthField();
ChkA(SendHelper(builder2, &readerResponse, _spAuthShort))
errorcode = 0;
ChkA(readerResponse.GetErrorCode(&errorcode));
ChkIfA(errorcode != ::STUN_ERROR_UNAUTHORIZED, E_FAIL);
// -----------------------------------------------------------------------
// simulate a client sending no credentials - we expect it to fire back with a 400/bad-request
readerResponse.Reset();
ChkA(InitBindingRequest(builder3));
ChkA(SendHelper(builder3, &readerResponse, _spAuthShort));
errorcode = 0;
ChkA(readerResponse.GetErrorCode(&errorcode));
ChkIfA(errorcode != ::STUN_ERROR_BADREQUEST, E_FAIL);
Cleanup:
return hr;
}
// Test1 - just do a basic binding request
HRESULT CTestMessageHandler::Test1()
{
HRESULT hr = S_OK;
CStunMessageBuilder builder;
CRefCountedBuffer spBuffer, spBufferOut(new CBuffer(MAX_STUN_MESSAGE_SIZE));
CStunMessageReader reader;
StunMessageIn msgIn;
StunMessageOut msgOut;
TransportAddressSet tas = {};
InitTransportAddressSet(tas, true, true, true, true);
ChkA(InitBindingRequest(builder));
Chk(builder.GetResult(&spBuffer));
ChkIfA(CStunMessageReader::BodyValidated != reader.AddBytes(spBuffer->GetData(), spBuffer->GetSize()), E_FAIL);
// a message send to the PP socket on the server from the
msgIn.socketrole = RolePP;
msgIn.addrRemote = _addrMapped;
msgIn.pReader = &reader;
msgIn.addrLocal = _addrServerPP;
msgIn.fConnectionOriented = false;
spBuffer.reset();
msgOut.spBufferOut = spBufferOut;
msgOut.socketrole = RoleAA; // deliberately wrong - so we can validate if it got changed to RolePP
ChkA(CStunRequestHandler::ProcessRequest(msgIn, msgOut, &tas, NULL));
reader.Reset();
ChkIfA(CStunMessageReader::BodyValidated != reader.AddBytes(spBufferOut->GetData(), spBufferOut->GetSize()), E_FAIL);
// validate that the message returned is a success response for a binding request
ChkIfA(reader.GetMessageClass() != StunMsgClassSuccessResponse, E_FAIL);
ChkIfA(reader.GetMessageType() != (uint16_t)StunMsgTypeBinding, E_FAIL);
// Validate that the message came from the server port we expected
// and that it's the same address the server set for the origin address
ChkIfA(msgOut.socketrole != RolePP, E_FAIL);
ChkA(ValidateResponseOriginAddress(reader, _addrServerPP));
ChkIfA(msgOut.addrDest.IsSameIP_and_Port(_addrMapped)==false, E_FAIL);
// validate that the mapping was done correctly
ChkA(ValidateMappedAddress(reader, _addrMapped, false));
ChkA(ValidateOtherAddress(reader, _addrServerAA));
Cleanup:
return hr;
}
// test long-credential authentication
HRESULT CTestMessageHandler::Test4()
{
HRESULT hr=S_OK;
CStunMessageBuilder builder1, builder2;
CStunMessageReader readerResponse;
CSocketAddress addrMapped;
uint16_t errorcode = 0;
char szNonce[MAX_STUN_AUTH_STRING_SIZE+1];
char szRealm[MAX_STUN_AUTH_STRING_SIZE+1];
// -----------------------------------------------------------------------
// simulate a user making a request with no message integrity attribute (or username, or realm)
InitBindingRequest(builder1);
builder1.FixLengthField();
ChkA(SendHelper(builder1, &readerResponse, _spAuthLong));
Chk(readerResponse.GetErrorCode(&errorcode));
ChkIfA(readerResponse.GetMessageClass() != ::StunMsgClassFailureResponse, E_UNEXPECTED);
ChkIf(errorcode != ::STUN_ERROR_UNAUTHORIZED, E_UNEXPECTED);
readerResponse.GetStringAttributeByType(STUN_ATTRIBUTE_REALM, szRealm, ARRAYSIZE(szRealm));
readerResponse.GetStringAttributeByType(STUN_ATTRIBUTE_NONCE, szNonce, ARRAYSIZE(szNonce));
// --------------------------------------------------------------------------------
// now simulate the follow-up request
readerResponse.Reset();
InitBindingRequest(builder2);
builder2.AddNonce(szNonce);
builder2.AddRealm(szRealm);
builder2.AddUserName("AuthorizedUser");
builder2.AddMessageIntegrityLongTerm("AuthorizedUser", szRealm, "password");
builder2.FixLengthField();
ChkA(SendHelper(builder2, &readerResponse, _spAuthLong));
ChkIfA(readerResponse.GetMessageClass() != ::StunMsgClassSuccessResponse, E_UNEXPECTED);
// should have a mapped address
ChkA(readerResponse.GetMappedAddress(&addrMapped));
// and the message integrity field should be valid
ChkA(readerResponse.ValidateMessageIntegrityLong("AuthorizedUser", szRealm, "password"));
Cleanup:
return hr;
}
void TcpClientLoop(StunClientLogicConfig& config, ClientSocketConfig& socketconfig)
{
HRESULT hr = S_OK;
CStunSocket stunsocket;
CStunClientLogic clientlogic;
int sock;
CRefCountedBuffer spMsg(new CBuffer(1500));
CRefCountedBuffer spMsgReader(new CBuffer(1500));
CSocketAddress addrDest, addrLocal;
HRESULT hrRet, hrResult;
int ret;
size_t bytes_sent, bytes_recv;
size_t bytes_to_send, max_bytes_recv, remaining;
uint8_t* pData=NULL;
size_t readsize;
CStunMessageReader reader;
StunClientResults results;
hr= clientlogic.Initialize(config);
if (FAILED(hr))
{
Logging::LogMsg(LL_ALWAYS, "clientlogic.Initialize failed (hr == %x)", hr);
Chk(hr);
}
while (true)
{
stunsocket.Close();
hr = stunsocket.TCPInit(socketconfig.addrLocal, RolePP, true);
if (FAILED(hr))
{
Logging::LogMsg(LL_ALWAYS, "Unable to create local socket for TCP connection (hr == %x)", hr);
Chk(hr);
}
hrRet = clientlogic.GetNextMessage(spMsg, &addrDest, ::GetMillisecondCounter());
if (hrRet == E_STUNCLIENT_RESULTS_READY)
{
// clean exit
break;
}
// we should never get a "still waiting" return with TCP, because config.timeout is 0
ASSERT(hrRet != E_STUNCLIENT_STILL_WAITING);
if (FAILED(hrRet))
{
Chk(hrRet);
}
// connect to server
sock = stunsocket.GetSocketHandle();
ret = ::connect(sock, addrDest.GetSockAddr(), addrDest.GetSockAddrLength());
if (ret == -1)
{
hrResult = ERRNOHR;
Logging::LogMsg(LL_ALWAYS, "Can't connect to server (hr == %x)", hrResult);
Chk(hrResult);
}
Logging::LogMsg(LL_DEBUG, "Connected to server");
bytes_to_send = (int)(spMsg->GetSize());
bytes_sent = 0;
pData = spMsg->GetData();
while (bytes_sent < bytes_to_send)
{
ret = ::send(sock, pData+bytes_sent, bytes_to_send-bytes_sent, 0);
if (ret < 0)
{
hrResult = ERRNOHR;
Logging::LogMsg(LL_ALWAYS, "Send failed (hr == %x)", hrResult);
Chk(hrResult);
}
bytes_sent += ret;
}
Logging::LogMsg(LL_DEBUG, "Request sent - waiting for response");
// consume the response
reader.Reset();
reader.GetStream().Attach(spMsgReader, true);
pData = spMsg->GetData();
bytes_recv = 0;
max_bytes_recv = spMsg->GetAllocatedSize();
remaining = max_bytes_recv;
while (remaining > 0)
{
readsize = reader.HowManyBytesNeeded();
if (readsize == 0)
{
break;
}
if (readsize > remaining)
{
// technically an error, but the client logic will figure it out
ASSERT(false);
break;
}
ret = ::recv(sock, pData+bytes_recv, readsize, 0);
if (ret == 0)
{
// server cut us off before we got all the bytes we thought we were supposed to get?
ASSERT(false);
break;
}
if (ret < 0)
{
hrResult = ERRNOHR;
Logging::LogMsg(LL_ALWAYS, "Recv failed (hr == %x)", hrResult);
Chk(hrResult);
}
reader.AddBytes(pData+bytes_recv, ret);
bytes_recv += ret;
remaining = max_bytes_recv - bytes_recv;
spMsg->SetSize(bytes_recv);
}
// now feed the response into the client logic
stunsocket.UpdateAddresses();
addrLocal = stunsocket.GetLocalAddress();
clientlogic.ProcessResponse(spMsg, addrDest, addrLocal);
}
stunsocket.Close();
results.Init();
clientlogic.GetResults(&results);
::DumpResults(config, results);
Cleanup:
return;
}
// Test2 - send a binding request to a duplex server instructing it to send back on it's alternate port and alternate IP to an alternate client port
HRESULT CTestMessageHandler::Test2()
{
HRESULT hr = S_OK;
CStunMessageBuilder builder;
CRefCountedBuffer spBuffer, spBufferOut(new CBuffer(MAX_STUN_MESSAGE_SIZE));
CStunMessageReader reader;
StunMessageIn msgIn;
StunMessageOut msgOut;
TransportAddressSet tas = {};
uint16_t responsePort = 2222;
StunChangeRequestAttribute changereq;
CStunMessageReader::ReaderParseState state;
CSocketAddress addrDestExpected;
InitTransportAddressSet(tas, true, true, true, true);
InitBindingRequest(builder);
builder.AddResponsePort(responsePort);
changereq.fChangeIP = true;
changereq.fChangePort = true;
builder.AddChangeRequest(changereq);
builder.AddResponsePort(responsePort);
builder.GetResult(&spBuffer);
ChkIfA(CStunMessageReader::BodyValidated != reader.AddBytes(spBuffer->GetData(), spBuffer->GetSize()), E_FAIL);
msgIn.fConnectionOriented = false;
msgIn.addrLocal = _addrServerPP;
msgIn.pReader = &reader;
msgIn.socketrole = RolePP;
msgIn.addrRemote = _addrMapped;
msgOut.socketrole = RolePP; // deliberate initialized wrong
msgOut.spBufferOut = spBufferOut;
ChkA(CStunRequestHandler::ProcessRequest(msgIn, msgOut, &tas, NULL));
// parse the response
reader.Reset();
state = reader.AddBytes(spBufferOut->GetData(), spBufferOut->GetSize());
ChkIfA(state != CStunMessageReader::BodyValidated, E_FAIL);
// validate that the message was sent back from the AA
ChkIfA(msgOut.socketrole != RoleAA, E_FAIL);
// validate that the server though it was sending back from the AA
ChkA(ValidateResponseOriginAddress(reader, _addrServerAA));
// validate that the message was sent to the response port requested
addrDestExpected = _addrMapped;
addrDestExpected.SetPort(responsePort);
ChkIfA(addrDestExpected.IsSameIP_and_Port(msgOut.addrDest)==false, E_FAIL);
// validate that the binding response came back
ChkA(ValidateMappedAddress(reader, _addrMapped, false));
// the "other" address is still AA (See RFC 3489 - section 8.1)
ChkA(ValidateOtherAddress(reader, _addrServerAA));
Cleanup:
return hr;
}