Stun Server  Compliant with the latest RFCs including 5389, 5769, and 5780
discover the local host's own external IP address
stunauth.h
Go to the documentation of this file.
1 /*
2  Copyright 2011 John Selbie
3 
4  Licensed under the Apache License, Version 2.0 (the "License");
5  you may not use this file except in compliance with the License.
6  You may obtain a copy of the License at
7 
8  http://www.apache.org/licenses/LICENSE-2.0
9 
10  Unless required by applicable law or agreed to in writing, software
11  distributed under the License is distributed on an "AS IS" BASIS,
12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  See the License for the specific language governing permissions and
14  limitations under the License.
15 */
16 
17 
18 #ifndef STUNAUTH_H_
19 #define STUNAUTH_H_
20 
21 
22 const uint32_t MAX_STUN_AUTH_STRING_SIZE = 64; // max string size for username, realm, password, nonce attributes
23 
24 
25 
26 struct AuthAttributes
27 {
28  // attributes in the request
29  char szUser[MAX_STUN_AUTH_STRING_SIZE+1]; // the user name attribute in the request (if available)
30  char szRealm[MAX_STUN_AUTH_STRING_SIZE+1]; // the realm attribute in the request (if available)
31  char szNonce[MAX_STUN_AUTH_STRING_SIZE+1]; // the nonce attribute in the request (if available)
32  char szLegacyPassword[MAX_STUN_AUTH_STRING_SIZE+1]; // this is not the password used in the message integrity, this is if the request provided a password in the clear (ala rfc 3478). Not recommended, but auth providers can use it if they want.
33  bool fMessageIntegrityPresent; // true if there was a message integrity field
34 };
35 
36 
37 enum AuthCredentialMechanism
38 {
39  AuthCredShortTerm,
40  AuthCredLongTerm
41 };
42 
43 enum AuthResponseType
44 {
45  Allow, // just send back a response without any additional attributes or integrity
46  AllowConditional, // send back a response if the integrity matches with szPassword, otherwise respond back with a 401 and a nonce/realm
47  StaleNonce, // send back 438/Stale Nonce and use the new realm/nonce provided
48  Reject, // send back a 400/Bad Request with no additional attributes
49  Unauthorized // send back a 401 with realm/nonce provided
50 };
51 
52 struct AuthResponse
53 {
54  AuthResponseType responseType; // how the server should treat the response
55  AuthCredentialMechanism authCredMech;
56 
57  char szPassword[MAX_STUN_AUTH_STRING_SIZE+1]; // ignored if _responseType is anything other than AllowConditional
58  char szRealm[MAX_STUN_AUTH_STRING_SIZE+1]; // realm attribute for challenge-response. Ignored if _authCredMech is not AuthCredLongTerm
59  char szNonce[MAX_STUN_AUTH_STRING_SIZE+1]; // nonce attribute for challenge-response. Ignored if _authCredMech is not AuthCredLongTerm
60 };
61 
62 
63 class IStunAuth : public IRefCounted
64 {
65 public:
66  virtual HRESULT DoAuthCheck(AuthAttributes* pAuthAttributes, AuthResponse* pResponse) = 0;
67 };
68 
69 
70 #endif
AuthResponse::responseType
AuthResponseType responseType
Definition: stunauth.h:54
AuthAttributes::szUser
char szUser[MAX_STUN_AUTH_STRING_SIZE+1]
Definition: stunauth.h:29
AuthAttributes::szNonce
char szNonce[MAX_STUN_AUTH_STRING_SIZE+1]
Definition: stunauth.h:31
AuthAttributes::fMessageIntegrityPresent
bool fMessageIntegrityPresent
Definition: stunauth.h:33
AuthCredentialMechanism
AuthCredentialMechanism
Definition: stunauth.h:37
AuthResponse::authCredMech
AuthCredentialMechanism authCredMech
Definition: stunauth.h:55
MAX_STUN_AUTH_STRING_SIZE
const uint32_t MAX_STUN_AUTH_STRING_SIZE
Definition: stunauth.h:22
HRESULT
int32_t HRESULT
Definition: hresult.h:22
Allow
Definition: stunauth.h:45
AuthResponseType
AuthResponseType
Definition: stunauth.h:43
AuthAttributes::szRealm
char szRealm[MAX_STUN_AUTH_STRING_SIZE+1]
Definition: stunauth.h:30
AuthAttributes::szLegacyPassword
char szLegacyPassword[MAX_STUN_AUTH_STRING_SIZE+1]
Definition: stunauth.h:32