per-realm white/black lists added to mongo stuff
This commit is contained in:
mom040267
parent
13b8ac9e74
commit
1d79403997
@ -969,48 +969,80 @@ static void mongo_auth_ping(void * rch) {
|
||||
UNUSED_ARG(rch);
|
||||
// NOOP
|
||||
}
|
||||
|
||||
static int mongo_read_realms_ip_lists(const char *kind, ip_range_list_t * list)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
char field_name[129];
|
||||
sprintf(field_name, "%s_peer_ip", kind);
|
||||
|
||||
mongoc_collection_t * collection = mongo_get_collection("realm");
|
||||
|
||||
if (!collection)
|
||||
return ret;
|
||||
|
||||
bson_t query;
|
||||
bson_init(&query);
|
||||
|
||||
bson_t fields;
|
||||
bson_init(&fields);
|
||||
BSON_APPEND_INT32(&fields, "realm", 1);
|
||||
BSON_APPEND_INT32(&fields, field_name, 1);
|
||||
|
||||
mongoc_cursor_t * cursor;
|
||||
cursor = mongoc_collection_find(collection, MONGOC_QUERY_NONE, 0, 0, 0,
|
||||
&query, &fields, NULL);
|
||||
|
||||
if (!cursor) {
|
||||
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR,
|
||||
"Error querying MongoDB collection 'realm'\n");
|
||||
ret = -1;
|
||||
} else {
|
||||
const bson_t * item;
|
||||
uint32_t length;
|
||||
bson_iter_t iter;
|
||||
char realm[513];
|
||||
|
||||
while (mongoc_cursor_next(cursor, &item)) {
|
||||
|
||||
if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "realm")
|
||||
&& BSON_ITER_HOLDS_UTF8(&iter)) {
|
||||
|
||||
STRCPY(realm,bson_iter_utf8(&iter, &length));
|
||||
|
||||
if (bson_iter_init(&iter, item) && bson_iter_find(&iter,
|
||||
field_name) && BSON_ITER_HOLDS_ARRAY(&iter)) {
|
||||
const uint8_t *docbuf = NULL;
|
||||
uint32_t doclen = 0;
|
||||
bson_t ip_range_array;
|
||||
bson_iter_t ip_range_iter;
|
||||
|
||||
bson_iter_array(&iter, &doclen, &docbuf);
|
||||
bson_init_static(&ip_range_array, docbuf, doclen);
|
||||
|
||||
if (bson_iter_init(&ip_range_iter, &ip_range_array)) {
|
||||
while (bson_iter_next(&ip_range_iter)) {
|
||||
if (BSON_ITER_HOLDS_UTF8(&ip_range_iter)) {
|
||||
const char* ip_range = bson_iter_utf8(&ip_range_iter, &length);
|
||||
add_ip_list_range(ip_range, realm, list);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
mongoc_cursor_destroy(cursor);
|
||||
}
|
||||
mongoc_collection_destroy(collection);
|
||||
bson_destroy(&query);
|
||||
bson_destroy(&fields);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int mongo_get_ip_list(const char *kind, ip_range_list_t * list) {
|
||||
char * collection_name = (char *)turn_malloc(strlen(kind) + 9);
|
||||
sprintf(collection_name, "%s_peer_ip", kind);
|
||||
mongoc_collection_t * collection = mongo_get_collection(collection_name);
|
||||
turn_free(collection_name, strlen(kind) + 9);
|
||||
|
||||
if(!collection)
|
||||
return -1;
|
||||
|
||||
bson_t query;
|
||||
bson_init(&query);
|
||||
|
||||
bson_t fields;
|
||||
bson_init(&fields);
|
||||
BSON_APPEND_INT32(&fields, "ip_range", 1);
|
||||
|
||||
mongoc_cursor_t * cursor;
|
||||
cursor = mongoc_collection_find(collection, MONGOC_QUERY_NONE, 0, 0, 0, &query, &fields, NULL);
|
||||
|
||||
int ret = -1;
|
||||
|
||||
if (!cursor) {
|
||||
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error querying MongoDB collection '%s'\n", collection_name);
|
||||
} else {
|
||||
const bson_t * item;
|
||||
uint32_t length;
|
||||
bson_iter_t iter;
|
||||
const char * value;
|
||||
while(mongoc_cursor_next(cursor, &item)) {
|
||||
if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "ip_range") && BSON_ITER_HOLDS_UTF8(&iter)) {
|
||||
value = bson_iter_utf8(&iter, &length);
|
||||
add_ip_list_range(value, NULL, list);
|
||||
}
|
||||
}
|
||||
mongoc_cursor_destroy(cursor);
|
||||
ret = 0;
|
||||
}
|
||||
mongoc_collection_destroy(collection);
|
||||
bson_destroy(&query);
|
||||
bson_destroy(&fields);
|
||||
return ret;
|
||||
return mongo_read_realms_ip_lists(kind, list);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -4,6 +4,12 @@ mongo $* <<EOF
|
||||
|
||||
use coturn;
|
||||
|
||||
db.turnusers_lt.ensureIndex({ realm: 1, name: 1 }, { unique: 1 });
|
||||
db.turnusers_st.ensureIndex({ name: 1 }, { unique: 1 });
|
||||
db.turn_secret.ensureIndex({ realm: 1 }, { unique: 1 });
|
||||
db.realm.ensureIndex({ realm: 1 }, { unique: 1 });
|
||||
db.oauth_key.ensureIndex({ kid: 1 }, {unique: 1 });
|
||||
|
||||
db.turnusers_lt.insert({ realm: 'north.gov', name: 'ninefingers', hmackey: 'bc807ee29df3c9ffa736523fb2c4e8ee' });
|
||||
db.turnusers_lt.insert({ realm: 'north.gov', name: 'gorst', hmackey: '7da2270ccfa49786e0115366d3a3d14d' });
|
||||
db.turnusers_lt.insert({ realm: 'crinna.org', name: 'whirrun', hmackey: '6972e85e51f36e53b0b61759c5a5219a' });
|
||||
@ -23,7 +29,9 @@ db.realm.insert({
|
||||
"max-bps" : 500000,
|
||||
"user-quota" : 10000,
|
||||
"total-quota" : 12000
|
||||
}
|
||||
},
|
||||
allowed_peer_ip: [ '172.17.13.200', '172.17.13.201' ],
|
||||
denied_peer_ip: ['172.17.13.133-172.17.14.56', '123::45', '172.17.17.133-172.17.19.56']
|
||||
});
|
||||
|
||||
db.realm.insert({
|
||||
@ -33,14 +41,11 @@ db.realm.insert({
|
||||
"max-bps" : 400000,
|
||||
"user-quota" : 8000,
|
||||
"total-quota" : 10000
|
||||
}
|
||||
},
|
||||
allowed_peer_ip: [ '172.17.13.200', '172.17.13.201' ],
|
||||
denied_peer_ip: ['172.17.13.133-172.17.14.56', '123::45', '123::77']
|
||||
});
|
||||
|
||||
db.allowed_peer_ip.insert({ ip_range: '172.17.13.200' });
|
||||
|
||||
db.denied_peer_ip.insert({ ip_range: '172.17.13.133-172.17.14.56' });
|
||||
db.denied_peer_ip.insert({ ip_range: '123::45' });
|
||||
|
||||
db.oauth_key.insert({ kid: 'north',
|
||||
ikm_key: 'Y2FybGVvbg==',
|
||||
hkdf_hash_func: 'SHA-256',
|
||||
|
||||
Loading…
Reference in New Issue
Block a user