working on oauth
This commit is contained in:
mom040267
parent
f2cc2e9457
commit
2fbd4138de
@ -190,6 +190,8 @@ Flags:
|
||||
This option can be used with long-term credentials mechanisms only -
|
||||
it does not make much sense with the short-term mechanism.
|
||||
|
||||
--oauth Support oAuth authentication.
|
||||
|
||||
--dh566 Use 566 bits predefined DH TLS key. Default size of the key is 1066.
|
||||
|
||||
--dh2066 Use 2066 bits predefined DH TLS key. Default size of the key is 1066.
|
||||
|
||||
@ -216,6 +216,10 @@
|
||||
#
|
||||
#server-name=blackdow.carleon.gov
|
||||
|
||||
# Flag to support oAuth authentication.
|
||||
#
|
||||
#oauth
|
||||
|
||||
# 'Static' user accounts for long term credentials mechanism, only.
|
||||
# This option cannot be used with TURN REST API or with short-term credentials
|
||||
# mechanism.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
.\" Text automatically generated by txt2man
|
||||
.TH TURN 1 "16 September 2014" "" ""
|
||||
.TH TURN 1 "18 September 2014" "" ""
|
||||
.SH GENERAL INFORMATION
|
||||
|
||||
\fIturnadmin\fP is a TURN administration tool. This tool can be used to manage
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
.\" Text automatically generated by txt2man
|
||||
.TH TURN 1 "16 September 2014" "" ""
|
||||
.TH TURN 1 "18 September 2014" "" ""
|
||||
.SH GENERAL INFORMATION
|
||||
|
||||
The \fBTURN Server\fP project contains the source code of a TURN server and TURN client
|
||||
@ -276,6 +276,10 @@ This option can be used with long\-term credentials mechanisms only \-
|
||||
it does not make much sense with the short\-term mechanism.
|
||||
.TP
|
||||
.B
|
||||
\fB\-\-oauth\fP
|
||||
Support oAuth authentication.
|
||||
.TP
|
||||
.B
|
||||
\fB\-\-dh566\fP
|
||||
Use 566 bits predefined DH TLS key. Default size of the key is 1066.
|
||||
.TP
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
.\" Text automatically generated by txt2man
|
||||
.TH TURN 1 "16 September 2014" "" ""
|
||||
.TH TURN 1 "18 September 2014" "" ""
|
||||
.SH GENERAL INFORMATION
|
||||
|
||||
A set of turnutils_* programs provides some utility functionality to be used
|
||||
|
||||
@ -85,7 +85,7 @@ LOW_DEFAULT_PORTS_BOUNDARY,HIGH_DEFAULT_PORTS_BOUNDARY,0,0,0,"",
|
||||
0,NULL,0,NULL,DEFAULT_GENERAL_RELAY_SERVERS_NUMBER,0,
|
||||
////////////// Auth server /////////////////////////////////////
|
||||
{NULL,NULL,NULL,0,NULL},
|
||||
"","",
|
||||
"","",0,
|
||||
/////////////// AUX SERVERS ////////////////
|
||||
{NULL,0,{0,NULL}},0,
|
||||
/////////////// ALTERNATE SERVERS ////////////////
|
||||
@ -467,6 +467,7 @@ static char Usage[] = "Usage: turnserver [options]\n"
|
||||
" --server-name Server name used (when necessary) for\n"
|
||||
" the authentication purposes (oauth).\n"
|
||||
" The default value is the FQDN of the host.\n"
|
||||
" --oauth Support oAuth authentication.\n"
|
||||
" -n Do not use configuration file, take all parameters from the command line only.\n"
|
||||
" --cert <filename> Certificate file, PEM format. Same file search rules\n"
|
||||
" applied as for the configuration file.\n"
|
||||
@ -682,7 +683,8 @@ enum EXTRA_OPTS {
|
||||
ADMIN_MAX_BPS_OPT,
|
||||
ADMIN_TOTAL_QUOTA_OPT,
|
||||
ADMIN_USER_QUOTA_OPT,
|
||||
SERVER_NAME_OPT
|
||||
SERVER_NAME_OPT,
|
||||
OAUTH_OPT
|
||||
};
|
||||
|
||||
struct myoption {
|
||||
@ -737,6 +739,7 @@ static const struct myoption long_options[] = {
|
||||
/* deprecated: */ { "secret-ts-exp-time", optional_argument, NULL, AUTH_SECRET_TS_EXP },
|
||||
{ "realm", required_argument, NULL, 'r' },
|
||||
{ "server-name", required_argument, NULL, SERVER_NAME_OPT },
|
||||
{ "oauth", optional_argument, NULL, OAUTH_OPT },
|
||||
{ "user-quota", required_argument, NULL, 'q' },
|
||||
{ "total-quota", required_argument, NULL, 'Q' },
|
||||
{ "max-bps", required_argument, NULL, 's' },
|
||||
@ -868,6 +871,9 @@ static void set_option(int c, char *value)
|
||||
case SERVER_NAME_OPT:
|
||||
STRCPY(turn_params.oauth_server_name,value);
|
||||
break;
|
||||
case OAUTH_OPT:
|
||||
turn_params.oauth = get_bool_value(value);
|
||||
break;
|
||||
case NO_SSLV2_OPT:
|
||||
turn_params.no_sslv2 = get_bool_value(value);
|
||||
break;
|
||||
@ -1834,7 +1840,9 @@ int main(int argc, char **argv)
|
||||
init_oauth_server_name();
|
||||
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Domain name: %s\n",turn_params.domain);
|
||||
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Default realm: %s\n",get_realm(NULL)->options.name);
|
||||
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Server name: %s\n",turn_params.oauth_server_name);
|
||||
if(turn_params.oauth) {
|
||||
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "oAuth server name: %s\n",turn_params.oauth_server_name);
|
||||
}
|
||||
|
||||
optind = 0;
|
||||
|
||||
|
||||
@ -273,6 +273,7 @@ typedef struct _turn_params_ {
|
||||
struct auth_server authserver;
|
||||
char oauth_server_name[1025];
|
||||
char domain[1025];
|
||||
int oauth;
|
||||
|
||||
/////////////// AUX SERVERS ////////////////
|
||||
|
||||
|
||||
@ -1594,7 +1594,8 @@ static void setup_relay_server(struct relay_server *rs, ioa_engine_handle e, int
|
||||
&turn_params.secure_stun, turn_params.shatype, &turn_params.mobility,
|
||||
turn_params.server_relay,
|
||||
send_turn_session_info,
|
||||
allocate_bps);
|
||||
allocate_bps,
|
||||
turn_params.oauth, turn_params.oauth_server_name);
|
||||
|
||||
if(to_set_rfc5780) {
|
||||
set_rfc5780(&(rs->server), get_alt_addr, send_message_from_listener_to_client);
|
||||
|
||||
@ -103,6 +103,8 @@ typedef enum _AUTH_ALG AUTH_ALG;
|
||||
* oAuth struct
|
||||
*/
|
||||
|
||||
#define STUN_ATTRIBUTE_THIRD_PARTY_AUTHORIZATION (0x8030)
|
||||
|
||||
#define OAUTH_KID_SIZE (128)
|
||||
#define OAUTH_HASH_FUNC_SIZE (64)
|
||||
#define OAUTH_ALG_SIZE (64)
|
||||
|
||||
@ -3075,6 +3075,17 @@ static int create_challenge_response(ts_ur_super_session *ss, stun_tid *tid, int
|
||||
char *realm = ss->realm_options.name;
|
||||
stun_attr_add_str(ioa_network_buffer_data(nbh), &len, STUN_ATTRIBUTE_REALM,
|
||||
(u08bits*)realm, (int)(strlen((s08bits*)(realm))));
|
||||
|
||||
if(ss->server) {
|
||||
turn_turnserver* server = (turn_turnserver*)ss->server;
|
||||
if(server->oauth && (server->oauth_server_name)&&(server->oauth_server_name[0])) {
|
||||
stun_attr_add_str(ioa_network_buffer_data(nbh), &len,
|
||||
STUN_ATTRIBUTE_THIRD_PARTY_AUTHORIZATION,
|
||||
(const u08bits*)(server->oauth_server_name),
|
||||
strlen(server->oauth_server_name));
|
||||
}
|
||||
}
|
||||
|
||||
ioa_network_buffer_set_size(nbh,len);
|
||||
return 0;
|
||||
}
|
||||
@ -4702,7 +4713,8 @@ void init_turn_server(turn_turnserver* server,
|
||||
send_socket_to_relay_cb send_socket_to_relay,
|
||||
vintp secure_stun, SHATYPE shatype, vintp mobility, int server_relay,
|
||||
send_turn_session_info_cb send_turn_session_info,
|
||||
allocate_bps_cb allocate_bps_func) {
|
||||
allocate_bps_cb allocate_bps_func,
|
||||
int oauth, const char* oauth_server_name) {
|
||||
|
||||
if (!server)
|
||||
return;
|
||||
@ -4726,6 +4738,9 @@ void init_turn_server(turn_turnserver* server,
|
||||
server->mobility = mobility;
|
||||
server->server_relay = server_relay;
|
||||
server->send_turn_session_info = send_turn_session_info;
|
||||
server->oauth = oauth;
|
||||
if(oauth)
|
||||
server->oauth_server_name = oauth_server_name;
|
||||
if(mobility)
|
||||
server->mobile_connections_map = ur_map_create();
|
||||
|
||||
|
||||
@ -160,6 +160,10 @@ struct _turn_turnserver {
|
||||
|
||||
/* Bandwidth draft: */
|
||||
allocate_bps_cb allocate_bps_func;
|
||||
|
||||
/* oAuth: */
|
||||
int oauth;
|
||||
const char* oauth_server_name;
|
||||
};
|
||||
|
||||
///////////////////////////////////////////
|
||||
@ -195,7 +199,9 @@ void init_turn_server(turn_turnserver* server,
|
||||
vintp mobility,
|
||||
int server_relay,
|
||||
send_turn_session_info_cb send_turn_session_info,
|
||||
allocate_bps_cb allocate_bps_func);
|
||||
allocate_bps_cb allocate_bps_func,
|
||||
int oauth,
|
||||
const char* oauth_server_name);
|
||||
|
||||
ioa_engine_handle turn_server_get_engine(turn_turnserver *s);
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user