From 6bf0a5cb5034a7e684dcc3500e841785237ce2dd Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 19:32:43 +0200 Subject: Adding upstream version 1:115.7.0. Signed-off-by: Daniel Baumann --- .../third_party/nICEr/src/stun/stun_client_ctx.c | 888 +++++++++++++++++++++ 1 file changed, 888 insertions(+) create mode 100644 dom/media/webrtc/transport/third_party/nICEr/src/stun/stun_client_ctx.c (limited to 'dom/media/webrtc/transport/third_party/nICEr/src/stun/stun_client_ctx.c') diff --git a/dom/media/webrtc/transport/third_party/nICEr/src/stun/stun_client_ctx.c b/dom/media/webrtc/transport/third_party/nICEr/src/stun/stun_client_ctx.c new file mode 100644 index 0000000000..50b9f74a5b --- /dev/null +++ b/dom/media/webrtc/transport/third_party/nICEr/src/stun/stun_client_ctx.c @@ -0,0 +1,888 @@ +/* +Copyright (c) 2007, Adobe Systems, Incorporated +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + +* Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +* Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +* Neither the name of Adobe Systems, Network Resonance nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include +#include +#include + +#include +#include "stun.h" +#include "async_timer.h" +#include "registry.h" +#include "stun_reg.h" +#include "nr_crypto.h" +#include "r_time.h" + +static int nr_stun_client_send_request(nr_stun_client_ctx *ctx); +static void nr_stun_client_timer_expired_cb(NR_SOCKET s, int b, void *cb_arg); +static int nr_stun_client_get_password(void *arg, nr_stun_message *msg, Data **password); + +#define NR_STUN_TRANSPORT_ADDR_CHECK_WILDCARD 1 +#define NR_STUN_TRANSPORT_ADDR_CHECK_LOOPBACK 2 + +int nr_stun_client_ctx_create(char *label, nr_socket *sock, nr_transport_addr *peer, UINT4 RTO, nr_stun_client_ctx **ctxp) + { + nr_stun_client_ctx *ctx=0; + char allow_loopback; + int r,_status; + + if ((r=nr_stun_startup())) + ABORT(r); + + if(!(ctx=RCALLOC(sizeof(nr_stun_client_ctx)))) + ABORT(R_NO_MEMORY); + + ctx->state=NR_STUN_CLIENT_STATE_INITTED; + + if(!(ctx->label=r_strdup(label))) + ABORT(R_NO_MEMORY); + + ctx->sock=sock; + + nr_socket_getaddr(sock,&ctx->my_addr); + nr_transport_addr_copy(&ctx->peer_addr,peer); + assert(ctx->my_addr.protocol==ctx->peer_addr.protocol); + + if (RTO != 0) { + ctx->rto_ms = RTO; + } else if (NR_reg_get_uint4(NR_STUN_REG_PREF_CLNT_RETRANSMIT_TIMEOUT, &ctx->rto_ms)) { + ctx->rto_ms = 100; + } + + if (NR_reg_get_double(NR_STUN_REG_PREF_CLNT_RETRANSMIT_BACKOFF, &ctx->retransmission_backoff_factor)) + ctx->retransmission_backoff_factor = 2.0; + + if (NR_reg_get_uint4(NR_STUN_REG_PREF_CLNT_MAXIMUM_TRANSMITS, &ctx->maximum_transmits)) + ctx->maximum_transmits = 7; + + if (NR_reg_get_uint4(NR_STUN_REG_PREF_CLNT_FINAL_RETRANSMIT_BACKOFF, &ctx->maximum_transmits_timeout_ms)) + ctx->maximum_transmits_timeout_ms = 16 * ctx->rto_ms; + + ctx->mapped_addr_check_mask = NR_STUN_TRANSPORT_ADDR_CHECK_WILDCARD; + if (NR_reg_get_char(NR_STUN_REG_PREF_ALLOW_LOOPBACK_ADDRS, &allow_loopback) || + !allow_loopback) { + ctx->mapped_addr_check_mask |= NR_STUN_TRANSPORT_ADDR_CHECK_LOOPBACK; + } + + if (ctx->my_addr.protocol == IPPROTO_TCP) { + /* Because TCP is reliable there is only one final timeout value. + * We store the timeout value for TCP in here, because timeout_ms gets + * reset to 0 in client_reset() which gets called from client_start() */ + ctx->maximum_transmits_timeout_ms = ctx->rto_ms * + pow(ctx->retransmission_backoff_factor, + ctx->maximum_transmits); + ctx->maximum_transmits = 1; + } + + *ctxp=ctx; + + _status=0; + abort: + if(_status){ + nr_stun_client_ctx_destroy(&ctx); + } + return(_status); + } + +static void nr_stun_client_fire_finished_cb(nr_stun_client_ctx *ctx) + { + if (ctx->finished_cb) { + NR_async_cb finished_cb = ctx->finished_cb; + ctx->finished_cb = 0; /* prevent 2nd call */ + /* finished_cb call must be absolutely last thing in function + * because as a side effect this ctx may be operated on in the + * callback */ + finished_cb(0,0,ctx->cb_arg); + } + } + +int nr_stun_client_start(nr_stun_client_ctx *ctx, int mode, NR_async_cb finished_cb, void *cb_arg) + { + int r,_status; + + if (ctx->state != NR_STUN_CLIENT_STATE_INITTED) + ABORT(R_NOT_PERMITTED); + + ctx->mode=mode; + + ctx->state=NR_STUN_CLIENT_STATE_RUNNING; + ctx->finished_cb=finished_cb; + ctx->cb_arg=cb_arg; + + if(mode!=NR_STUN_CLIENT_MODE_KEEPALIVE){ + if(r=nr_stun_client_send_request(ctx)) + ABORT(r); + } + + _status=0; + abort: + if (ctx->state != NR_STUN_CLIENT_STATE_RUNNING) { + nr_stun_client_fire_finished_cb(ctx); + } + + return(_status); + } + + int nr_stun_client_restart(nr_stun_client_ctx* ctx, + const nr_transport_addr* peer_addr) { + int r,_status; + int mode; + NR_async_cb finished_cb; + void *cb_arg; + if (ctx->state != NR_STUN_CLIENT_STATE_RUNNING) + ABORT(R_NOT_PERMITTED); + + mode = ctx->mode; + finished_cb = ctx->finished_cb; + cb_arg = ctx->cb_arg; + + nr_stun_client_reset(ctx); + nr_transport_addr_copy(&ctx->peer_addr, peer_addr); + + if (r=nr_stun_client_start(ctx, mode, finished_cb, cb_arg)) + ABORT(r); + + _status=0; + abort: + return(_status); + } + +int +nr_stun_client_reset(nr_stun_client_ctx *ctx) +{ + /* Cancel the timer firing */ + if (ctx->timer_handle){ + NR_async_timer_cancel(ctx->timer_handle); + ctx->timer_handle=0; + } + + nr_stun_message_destroy(&ctx->request); + ctx->request = 0; + + nr_stun_message_destroy(&ctx->response); + ctx->response = 0; + + memset(&ctx->results, 0, sizeof(ctx->results)); + + ctx->mode = 0; + ctx->finished_cb = 0; + ctx->cb_arg = 0; + ctx->request_ct = 0; + ctx->timeout_ms = 0; + + ctx->state = NR_STUN_CLIENT_STATE_INITTED; + + return 0; +} + +static void nr_stun_client_timer_expired_cb(NR_SOCKET s, int b, void *cb_arg) + { + int _status; + nr_stun_client_ctx *ctx=cb_arg; + struct timeval now; + INT8 ms_waited; + + /* Prevent this timer from being cancelled later */ + ctx->timer_handle=0; + + /* Shouldn't happen */ + if(ctx->state==NR_STUN_CLIENT_STATE_CANCELLED) + ABORT(R_REJECTED); + + gettimeofday(&now, 0); + if (r_timeval_diff_ms(&now, &ctx->timer_set, &ms_waited)) { + r_log(NR_LOG_STUN,LOG_DEBUG,"STUN-CLIENT(%s): Timer expired",ctx->label); + } + else { + r_log(NR_LOG_STUN,LOG_DEBUG,"STUN-CLIENT(%s): Timer expired (after %llu ms)",ctx->label, ms_waited); + } + + if (ctx->request_ct >= ctx->maximum_transmits) { + r_log(NR_LOG_STUN,LOG_INFO,"STUN-CLIENT(%s): Timed out",ctx->label); + ctx->state=NR_STUN_CLIENT_STATE_TIMED_OUT; + ABORT(R_FAILED); + } + + if (ctx->state != NR_STUN_CLIENT_STATE_RUNNING) + ABORT(R_NOT_PERMITTED); + + // track retransmits for ice telemetry + nr_accumulate_count(&(ctx->retransmit_ct), 1); + + /* as a side effect will reset the timer */ + nr_stun_client_send_request(ctx); + + _status = 0; + abort: + if (ctx->state != NR_STUN_CLIENT_STATE_RUNNING) { + /* Cancel the timer firing */ + if (ctx->timer_handle){ + NR_async_timer_cancel(ctx->timer_handle); + ctx->timer_handle=0; + } + + nr_stun_client_fire_finished_cb(ctx); + } + if (_status) { + // cb doesn't return anything, but we should probably log that we aborted + // This also quiets the unused variable warnings. + r_log(NR_LOG_STUN,LOG_DEBUG,"STUN-CLIENT(%s): Timer expired cb abort with status: %d", + ctx->label, _status); + } + return; + } + +int nr_stun_client_force_retransmit(nr_stun_client_ctx *ctx) + { + int r,_status; + + if (ctx->state != NR_STUN_CLIENT_STATE_RUNNING) + ABORT(R_NOT_PERMITTED); + + if (ctx->request_ct > ctx->maximum_transmits) { + r_log(NR_LOG_STUN,LOG_INFO,"STUN-CLIENT(%s): Too many retransmit attempts",ctx->label); + ABORT(R_FAILED); + } + + /* if there is a scheduled retransimt, get rid of the scheduled retransmit + * and retransmit immediately */ + if (ctx->timer_handle) { + NR_async_timer_cancel(ctx->timer_handle); + ctx->timer_handle=0; + + if (r=nr_stun_client_send_request(ctx)) + ABORT(r); + } + + _status=0; + abort: + + return(_status); + } + +static int nr_stun_client_send_request(nr_stun_client_ctx *ctx) + { + int r,_status; + char string[256]; + + if (ctx->state != NR_STUN_CLIENT_STATE_RUNNING) + ABORT(R_NOT_PERMITTED); + + r_log(NR_LOG_STUN,LOG_DEBUG,"STUN-CLIENT(%s): Sending check request (my_addr=%s,peer_addr=%s)",ctx->label,ctx->my_addr.as_string,ctx->peer_addr.as_string); + + if (ctx->request == 0) { + switch (ctx->mode) { + case NR_STUN_CLIENT_MODE_BINDING_REQUEST_LONG_TERM_AUTH: + ctx->params.stun_binding_request.nonce = ctx->nonce; + ctx->params.stun_binding_request.realm = ctx->realm; + assert(0); + ABORT(R_INTERNAL); + /* TODO(ekr@rtfm.com): Need to implement long-term auth for binding + requests */ + if ((r=nr_stun_build_req_lt_auth(&ctx->params.stun_binding_request, &ctx->request))) + ABORT(r); + break; + case NR_STUN_CLIENT_MODE_BINDING_REQUEST_SHORT_TERM_AUTH: + if ((r=nr_stun_build_req_st_auth(&ctx->params.stun_binding_request, &ctx->request))) + ABORT(r); + break; + case NR_STUN_CLIENT_MODE_BINDING_REQUEST_NO_AUTH: + if ((r=nr_stun_build_req_no_auth(&ctx->params.stun_binding_request, &ctx->request))) + ABORT(r); + break; + case NR_STUN_CLIENT_MODE_KEEPALIVE: + if ((r=nr_stun_build_keepalive(&ctx->params.stun_keepalive, &ctx->request))) + ABORT(r); + break; +#ifdef USE_STUND_0_96 + case NR_STUN_CLIENT_MODE_BINDING_REQUEST_STUND_0_96: + if ((r=nr_stun_build_req_stund_0_96(&ctx->params.stun_binding_request_stund_0_96, &ctx->request))) + ABORT(r); + break; +#endif /* USE_STUND_0_96 */ + +#ifdef USE_ICE + case NR_ICE_CLIENT_MODE_USE_CANDIDATE: + if ((r=nr_stun_build_use_candidate(&ctx->params.ice_binding_request, &ctx->request))) + ABORT(r); + break; + case NR_ICE_CLIENT_MODE_BINDING_REQUEST: + if ((r=nr_stun_build_req_ice(&ctx->params.ice_binding_request, &ctx->request))) + ABORT(r); + break; +#endif /* USE_ICE */ + +#ifdef USE_TURN + case NR_TURN_CLIENT_MODE_ALLOCATE_REQUEST: + if ((r=nr_stun_build_allocate_request(&ctx->auth_params, &ctx->params.allocate_request, &ctx->request))) + ABORT(r); + break; + case NR_TURN_CLIENT_MODE_REFRESH_REQUEST: + if ((r=nr_stun_build_refresh_request(&ctx->auth_params, &ctx->params.refresh_request, &ctx->request))) + ABORT(r); + break; + case NR_TURN_CLIENT_MODE_PERMISSION_REQUEST: + if ((r=nr_stun_build_permission_request(&ctx->auth_params, &ctx->params.permission_request, &ctx->request))) + ABORT(r); + break; + case NR_TURN_CLIENT_MODE_SEND_INDICATION: + if ((r=nr_stun_build_send_indication(&ctx->params.send_indication, &ctx->request))) + ABORT(r); + break; +#endif /* USE_TURN */ + + default: + assert(0); + ABORT(R_FAILED); + break; + } + } + + if (ctx->request->length == 0) { + if ((r=nr_stun_encode_message(ctx->request))) + ABORT(r); + } + + snprintf(string, sizeof(string)-1, "STUN-CLIENT(%s): Sending to %s ", ctx->label, ctx->peer_addr.as_string); + r_dump(NR_LOG_STUN, LOG_DEBUG, string, (char*)ctx->request->buffer, ctx->request->length); + + assert(ctx->my_addr.protocol==ctx->peer_addr.protocol); + + if(r=nr_socket_sendto(ctx->sock, ctx->request->buffer, ctx->request->length, 0, &ctx->peer_addr)) { + if (r != R_WOULDBLOCK) { + ABORT(r); + } + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): nr_socket_sendto blocked, treating as dropped packet",ctx->label); + } + + ctx->request_ct++; + + if (NR_STUN_GET_TYPE_CLASS(ctx->request->header.type) == NR_CLASS_INDICATION) { + /* no need to set the timer because indications don't receive a + * response */ + } + else { + if (ctx->request_ct >= ctx->maximum_transmits) { + /* Reliable transport only get here once. Unreliable get here for + * their final timeout. */ + ctx->timeout_ms += ctx->maximum_transmits_timeout_ms; + } + else if (ctx->timeout_ms) { + /* exponential backoff */ + ctx->timeout_ms *= ctx->retransmission_backoff_factor; + } + else { + /* initial timeout unreliable transports */ + ctx->timeout_ms = ctx->rto_ms; + } + + r_log(NR_LOG_STUN,LOG_DEBUG,"STUN-CLIENT(%s): Next timer will fire in %u ms",ctx->label, ctx->timeout_ms); + + gettimeofday(&ctx->timer_set, 0); + + assert(ctx->timeout_ms); + NR_ASYNC_TIMER_SET(ctx->timeout_ms, nr_stun_client_timer_expired_cb, ctx, &ctx->timer_handle); + } + + _status=0; + abort: + if (_status) { + nr_stun_client_failed(ctx); + } + return(_status); + } + +static int nr_stun_client_get_password(void *arg, nr_stun_message *msg, Data **password) +{ + *password = (Data*)arg; + if (!arg) + return(R_NOT_FOUND); + return(0); +} + +int nr_stun_transport_addr_check(nr_transport_addr* addr, UINT4 check) + { + if((check & NR_STUN_TRANSPORT_ADDR_CHECK_WILDCARD) && nr_transport_addr_is_wildcard(addr)) + return(R_BAD_DATA); + + if ((check & NR_STUN_TRANSPORT_ADDR_CHECK_LOOPBACK) && nr_transport_addr_is_loopback(addr)) + return(R_BAD_DATA); + + return(0); + } + +int nr_stun_client_process_response(nr_stun_client_ctx *ctx, UCHAR *msg, int len, nr_transport_addr *peer_addr) + { + int r,_status; + char string[256]; + char *username = 0; + Data *password = 0; + int allow_unauthed_redirect = 0; + nr_stun_message_attribute *attr; + nr_transport_addr *mapped_addr = 0; + int fail_on_error = 0; + UCHAR hmac_key_d[16]; + Data hmac_key; + int compute_lt_key=0; + /* TODO(bcampen@mozilla.com): Bug 1023619, refactor this. */ + int response_matched=0; + + ATTACH_DATA(hmac_key, hmac_key_d); + + if ((ctx->state != NR_STUN_CLIENT_STATE_RUNNING) && + (ctx->state != NR_STUN_CLIENT_STATE_WAITING)) + ABORT(R_REJECTED); + + r_log(NR_LOG_STUN,LOG_DEBUG,"STUN-CLIENT(%s): Inspecting STUN response (my_addr=%s, peer_addr=%s)",ctx->label,ctx->my_addr.as_string,peer_addr->as_string); + + snprintf(string, sizeof(string)-1, "STUN-CLIENT(%s): Received ", ctx->label); + r_dump(NR_LOG_STUN, LOG_DEBUG, string, (char*)msg, len); + + /* determine password */ + switch (ctx->mode) { + case NR_STUN_CLIENT_MODE_BINDING_REQUEST_LONG_TERM_AUTH: + /* If the STUN server responds with an error, give up, since we don't + * want to delay the completion of gathering. */ + fail_on_error = 1; + compute_lt_key = 1; + /* Fall through */ + case NR_STUN_CLIENT_MODE_BINDING_REQUEST_SHORT_TERM_AUTH: + password = ctx->params.stun_binding_request.password; + break; + + case NR_STUN_CLIENT_MODE_BINDING_REQUEST_NO_AUTH: + /* If the STUN server responds with an error, give up, since we don't + * want to delay the completion of gathering. */ + fail_on_error = 1; + break; + + case NR_STUN_CLIENT_MODE_BINDING_REQUEST_STUND_0_96: + /* If the STUN server responds with an error, give up, since we don't + * want to delay the completion of gathering. */ + fail_on_error = 1; + break; + +#ifdef USE_ICE + case NR_ICE_CLIENT_MODE_BINDING_REQUEST: + /* We do not set fail_on_error here. The error might be transient, and + * retrying isn't going to cause a slowdown. */ + password = &ctx->params.ice_binding_request.password; + break; + case NR_ICE_CLIENT_MODE_USE_CANDIDATE: + /* We do not set fail_on_error here. The error might be transient, and + * retrying isn't going to cause a slowdown. */ + password = &ctx->params.ice_binding_request.password; + break; +#endif /* USE_ICE */ + +#ifdef USE_TURN + case NR_TURN_CLIENT_MODE_ALLOCATE_REQUEST: + fail_on_error = 1; + compute_lt_key = 1; + /* Do not require mutual auth on redirect responses to Allocate requests. */ + allow_unauthed_redirect = 1; + username = ctx->auth_params.username; + password = &ctx->auth_params.password; + /* do nothing */ + break; + case NR_TURN_CLIENT_MODE_REFRESH_REQUEST: + fail_on_error = 1; + compute_lt_key = 1; + username = ctx->auth_params.username; + password = &ctx->auth_params.password; + /* do nothing */ + break; + case NR_TURN_CLIENT_MODE_PERMISSION_REQUEST: + fail_on_error = 1; + compute_lt_key = 1; + username = ctx->auth_params.username; + password = &ctx->auth_params.password; + /* do nothing */ + break; + case NR_TURN_CLIENT_MODE_SEND_INDICATION: + /* do nothing -- we just got our DATA-INDICATION */ + break; +#endif /* USE_TURN */ + + default: + assert(0); + ABORT(R_FAILED); + break; + } + + if (compute_lt_key) { + if (!ctx->realm || !username) { + r_log(NR_LOG_STUN, LOG_DEBUG, "Long-term auth required but no realm/username specified. Randomizing key"); + /* Fill the key with random bytes to guarantee non-match */ + if (r=nr_crypto_random_bytes(hmac_key_d, sizeof(hmac_key_d))) + ABORT(r); + } + else { + if (r=nr_stun_compute_lt_message_integrity_password(username, ctx->realm, + password, &hmac_key)) + ABORT(r); + } + password = &hmac_key; + } + + if (ctx->response) { + nr_stun_message_destroy(&ctx->response); + } + + /* TODO(bcampen@mozilla.com): Bug 1023619, refactor this. */ + if ((r=nr_stun_message_create2(&ctx->response, msg, len))) + ABORT(r); + + if ((r=nr_stun_decode_message(ctx->response, nr_stun_client_get_password, password))) { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): error decoding response",ctx->label); + ABORT(r); + } + + /* This will return an error if request and response don't match, + which is how we reject responses that match other contexts. */ + if ((r=nr_stun_receive_message(ctx->request, ctx->response))) { + r_log(NR_LOG_STUN,LOG_DEBUG,"STUN-CLIENT(%s): Response is not for us",ctx->label); + ABORT(r); + } + + r_log(NR_LOG_STUN,LOG_INFO, + "STUN-CLIENT(%s): Received response; processing",ctx->label); + response_matched=1; + + if (allow_unauthed_redirect && + nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_ERROR_CODE, + &attr) && + (attr->u.error_code.number / 100 == 3)) { + password = 0; + } + +/* TODO: !nn! currently using password!=0 to mean that auth is required, + * TODO: !nn! but we should probably pass that in explicitly via the + * TODO: !nn! usage (ctx->mode?) */ + if (password) { + if (nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_NONCE, 0)) { + if ((r=nr_stun_receive_response_long_term_auth(ctx->response, ctx))) { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): long term auth failed",ctx->label); + ABORT(r); + } + } + else { + if ((r=nr_stun_receive_response_short_term_auth(ctx->response))) { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): short term auth failed",ctx->label); + ABORT(r); + } + } + } + + if (NR_STUN_GET_TYPE_CLASS(ctx->response->header.type) == NR_CLASS_RESPONSE) { + if ((r=nr_stun_process_success_response(ctx->response))) { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): nr_stun_process_success_response failed",ctx->label); + ABORT(r); + } + } + else { + if (fail_on_error) { + ctx->state = NR_STUN_CLIENT_STATE_FAILED; + } + /* Note: most times we call process_error_response, we get r != 0. + + However, if the error is to be discarded, we get r == 0, smash + the error code, and just keep going. + */ + if ((r=nr_stun_process_error_response(ctx->response, &ctx->error_code))) { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): nr_stun_process_error_response failed",ctx->label); + ABORT(r); + } + else { + ctx->error_code = 0xffff; + /* drop the error on the floor */ + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): processed error response",ctx->label); + ABORT(R_FAILED); + } + } + + r_log(NR_LOG_STUN,LOG_DEBUG,"STUN-CLIENT(%s): Successfully parsed mode=%d",ctx->label,ctx->mode); + +/* TODO: !nn! this should be moved to individual message receive/processing sections */ + switch (ctx->mode) { + case NR_STUN_CLIENT_MODE_BINDING_REQUEST_LONG_TERM_AUTH: + case NR_STUN_CLIENT_MODE_BINDING_REQUEST_SHORT_TERM_AUTH: + if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, 0)) { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): No XOR-MAPPED-ADDRESS",ctx->label); + ABORT(R_BAD_DATA); + } + if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0)) { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): No MESSAGE-INTEGRITY",ctx->label); + ABORT(R_BAD_DATA); + } + + mapped_addr = &ctx->results.stun_binding_response.mapped_addr; + break; + + case NR_STUN_CLIENT_MODE_BINDING_REQUEST_NO_AUTH: + if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, 0)) { + if (nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MAPPED_ADDRESS, 0)) { + /* Compensate for a bug in Google's STUN servers where they always respond with MAPPED-ADDRESS */ + r_log(NR_LOG_STUN,LOG_INFO,"STUN-CLIENT(%s): No XOR-MAPPED-ADDRESS but MAPPED-ADDRESS. Falling back (though server is wrong).", ctx->label); + } + else { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): No XOR-MAPPED-ADDRESS or MAPPED-ADDRESS",ctx->label); + ABORT(R_BAD_DATA); + } + } + + mapped_addr = &ctx->results.stun_binding_response.mapped_addr; + break; + + case NR_STUN_CLIENT_MODE_BINDING_REQUEST_STUND_0_96: + if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MAPPED_ADDRESS, 0) && ! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, 0)) { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): No MAPPED-ADDRESS",ctx->label); + ABORT(R_BAD_DATA); + } + + mapped_addr = &ctx->results.stun_binding_response_stund_0_96.mapped_addr; + break; + +#ifdef USE_ICE + case NR_ICE_CLIENT_MODE_BINDING_REQUEST: + if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, 0)) { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): No XOR-MAPPED-ADDRESS",ctx->label); + ABORT(R_BAD_DATA); + } + if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0)) { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): No MESSAGE-INTEGRITY",ctx->label); + ABORT(R_BAD_DATA); + } + + mapped_addr = &ctx->results.stun_binding_response.mapped_addr; + break; + case NR_ICE_CLIENT_MODE_USE_CANDIDATE: + if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, 0)) { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): No XOR-MAPPED-ADDRESS",ctx->label); + ABORT(R_BAD_DATA); + } + if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0)) { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): No MESSAGE-INTEGRITY",ctx->label); + ABORT(R_BAD_DATA); + } + + mapped_addr = &ctx->results.stun_binding_response.mapped_addr; + break; +#endif /* USE_ICE */ + +#ifdef USE_TURN + case NR_TURN_CLIENT_MODE_ALLOCATE_REQUEST: + if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, 0)) { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): No XOR-MAPPED-ADDRESS",ctx->label); + ABORT(R_BAD_DATA); + } + if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0)) { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): No MESSAGE-INTEGRITY",ctx->label); + ABORT(R_BAD_DATA); + } + + if (!nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_RELAY_ADDRESS, &attr)) { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): No XOR-RELAYED-ADDRESS",ctx->label); + ABORT(R_BAD_DATA); + } + + if ((r=nr_stun_transport_addr_check(&attr->u.relay_address.unmasked, + ctx->mapped_addr_check_mask))) { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): nr_stun_transport_addr_check failed",ctx->label); + ABORT(r); + } + + if ((r=nr_transport_addr_copy( + &ctx->results.allocate_response.relay_addr, + &attr->u.relay_address.unmasked))) { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): nr_transport_addr_copy failed",ctx->label); + ABORT(r); + } + + if (!nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_LIFETIME, &attr)) { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): No LIFETIME",ctx->label); + ABORT(R_BAD_DATA); + } + ctx->results.allocate_response.lifetime_secs=attr->u.lifetime_secs; + + r_log(NR_LOG_STUN,LOG_DEBUG,"STUN-CLIENT(%s): Received relay address: %s", ctx->label, ctx->results.allocate_response.relay_addr.as_string); + + mapped_addr = &ctx->results.allocate_response.mapped_addr; + + break; + case NR_TURN_CLIENT_MODE_REFRESH_REQUEST: + if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0)) { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): No MESSAGE-INTEGRITY",ctx->label); + ABORT(R_BAD_DATA); + } + if (!nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_LIFETIME, &attr)) { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): No LIFETIME",ctx->label); + ABORT(R_BAD_DATA); + } + ctx->results.refresh_response.lifetime_secs=attr->u.lifetime_secs; + break; + case NR_TURN_CLIENT_MODE_PERMISSION_REQUEST: + if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0)) { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): No MESSAGE-INTEGRITY",ctx->label); + ABORT(R_BAD_DATA); + } + break; +#endif /* USE_TURN */ + + default: + assert(0); + ABORT(R_FAILED); + break; + } + + /* make sure we have the most up-to-date address from this peer */ + if (nr_transport_addr_cmp(&ctx->peer_addr, peer_addr, NR_TRANSPORT_ADDR_CMP_MODE_ALL)) { + r_log(NR_LOG_STUN,LOG_INFO,"STUN-CLIENT(%s): Peer moved from %s to %s", ctx->label, ctx->peer_addr.as_string, peer_addr->as_string); + nr_transport_addr_copy(&ctx->peer_addr, peer_addr); + } + + if (mapped_addr) { + if (nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, &attr)) { + if ((r=nr_stun_transport_addr_check(&attr->u.xor_mapped_address.unmasked, + ctx->mapped_addr_check_mask))) { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): XOR-MAPPED-ADDRESS is bogus",ctx->label); + ABORT(r); + } + + if ((r=nr_transport_addr_copy(mapped_addr, &attr->u.xor_mapped_address.unmasked))) { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): nr_transport_addr_copy failed",ctx->label); + ABORT(r); + } + } + else if (nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MAPPED_ADDRESS, &attr)) { + if ((r=nr_stun_transport_addr_check(&attr->u.mapped_address, + ctx->mapped_addr_check_mask))) { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): MAPPED-ADDRESS is bogus",ctx->label); + ABORT(r); + } + + if ((r=nr_transport_addr_copy(mapped_addr, &attr->u.mapped_address))) { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): nr_transport_addr_copy failed",ctx->label); + ABORT(r); + } + } + else { + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): No mapped address!",ctx->label); + ABORT(R_BAD_DATA); + } + + // STUN doesn't distinguish protocol in mapped address, therefore + // assign used protocol from peer_addr + if (mapped_addr->protocol!=peer_addr->protocol){ + mapped_addr->protocol=peer_addr->protocol; + nr_transport_addr_fmt_addr_string(mapped_addr); + } + + r_log(NR_LOG_STUN,LOG_DEBUG,"STUN-CLIENT(%s): Received mapped address: %s", ctx->label, mapped_addr->as_string); + } + + ctx->state=NR_STUN_CLIENT_STATE_DONE; + + _status=0; + abort: + if(_status && response_matched){ + r_log(NR_LOG_STUN,LOG_WARNING,"STUN-CLIENT(%s): Error processing response: %s, stun error code %d.", ctx->label, nr_strerror(_status), (int)ctx->error_code); + } + + if ((ctx->state != NR_STUN_CLIENT_STATE_RUNNING) && + (ctx->state != NR_STUN_CLIENT_STATE_WAITING)) { + /* Cancel the timer firing */ + if (ctx->timer_handle) { + NR_async_timer_cancel(ctx->timer_handle); + ctx->timer_handle = 0; + } + + nr_stun_client_fire_finished_cb(ctx); + } + + return(_status); + } + +int nr_stun_client_ctx_destroy(nr_stun_client_ctx **ctxp) + { + nr_stun_client_ctx *ctx; + + if(!ctxp || !*ctxp) + return(0); + + ctx=*ctxp; + *ctxp=0; + + nr_stun_client_reset(ctx); + + RFREE(ctx->nonce); + RFREE(ctx->realm); + + RFREE(ctx->label); + RFREE(ctx); + + return(0); + } + + +int nr_stun_client_cancel(nr_stun_client_ctx *ctx) + { + /* Cancel the timer firing */ + if (ctx->timer_handle){ + NR_async_timer_cancel(ctx->timer_handle); + ctx->timer_handle=0; + } + + /* Mark cancelled so we ignore any returned messsages */ + ctx->state=NR_STUN_CLIENT_STATE_CANCELLED; + return(0); +} + +int nr_stun_client_wait(nr_stun_client_ctx *ctx) + { + nr_stun_client_cancel(ctx); + ctx->state=NR_STUN_CLIENT_STATE_WAITING; + + ctx->request_ct = ctx->maximum_transmits; + ctx->timeout_ms = ctx->maximum_transmits_timeout_ms; + NR_ASYNC_TIMER_SET(ctx->timeout_ms, nr_stun_client_timer_expired_cb, ctx, &ctx->timer_handle); + + return(0); + } + +int nr_stun_client_failed(nr_stun_client_ctx *ctx) + { + nr_stun_client_cancel(ctx); + ctx->state=NR_STUN_CLIENT_STATE_FAILED; + nr_stun_client_fire_finished_cb(ctx); + return(0); + } -- cgit v1.2.3