master/coturn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixes

Browse Source
This commit is contained in:
mom040267 2015-01-23 01:48:08 +00:00
parent e95d9736aa
commit 40043a9afc
5 changed files with 99 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
examples/var/db/turndb
View File

Binary file not shown.

68
src/apps/relay/turn_admin_server.c
View File

@ -1765,7 +1765,7 @@ static void https_print_ip_range_list(struct str_buffer* sb, ip_range_list_t *va
if(dynamic) {
sbprintf(sb,"<tr><td> %s</td><td>",name);
sbprintf(sb,"<form action=\"%s?%s=%s\" method=\"POST\">IP range:<input required type=\"text\" name=\"%s\" value=\"\">",form_names[AS_FORM_UPDATE].name,HR_ADD_IP_KIND,kind,HR_ADD_IP);
sbprintf(sb,"<form action=\"%s?%s=%s\" method=\"POST\">IP range:<input required type=\"text\" name=\"%s\" value=\"\" >",form_names[AS_FORM_UPDATE].name,HR_ADD_IP_KIND,kind,HR_ADD_IP);
sbprintf(sb,"Realm: <input type=\"text\" name=\"%s\" value=\"%s\" ",HR_ADD_IP_REALM,current_eff_realm());
if(!is_superuser()) {
sbprintf(sb," disabled ");
@ -1960,20 +1960,6 @@ static void write_pc_page(ioa_socket_handle s)
https_print_uint(sb,(unsigned long)turn_params.min_port,"min-port",0);
https_print_uint(sb,(unsigned long)turn_params.max_port,"max-port",0);
https_print_ip_range_list(sb,&turn_params.ip_whitelist,"Whitelist IP (static)",NULL,0);
{
ip_range_list_t* l = get_ip_list("allowed");
https_print_ip_range_list(sb,l,"Whitelist IP (dynamic)","allowed",1);
ip_list_free(l);
}
https_print_ip_range_list(sb,&turn_params.ip_blacklist,"Blacklist IP (static)", NULL, 0);
{
ip_range_list_t* l = get_ip_list("denied");
https_print_ip_range_list(sb,l,"Blacklist IP (dynamic)", "denied", 1);
ip_list_free(l);
}
https_print_flag(sb,turn_params.no_multicast_peers,"no-multicast-peers","no-multicast-peers");
https_print_flag(sb,turn_params.no_loopback_peers,"no-loopback-peers","no-loopback-peers");
@ -2069,6 +2055,24 @@ static void write_pc_page(ioa_socket_handle s)
https_print_uint(sb,(unsigned long)get_bps_capacity(),"Total bps-capacity (per server)","bps-capacity");
https_print_uint(sb,(unsigned long)get_bps_capacity_allocated(),"Allocated bps-capacity (per server)",0);
https_print_uint(sb,(unsigned long)get_max_bps(),"Default max-bps (per session)","max-bps");
https_print_empty_row(sb,2);
https_print_ip_range_list(sb,&turn_params.ip_whitelist,"Whitelist IP (static)",NULL,0);
{
ip_range_list_t* l = get_ip_list("allowed");
https_print_ip_range_list(sb,l,"Whitelist IP (dynamic)","allowed",1);
ip_list_free(l);
}
https_print_empty_row(sb,2);
https_print_ip_range_list(sb,&turn_params.ip_blacklist,"Blacklist IP (static)", NULL, 0);
{
ip_range_list_t* l = get_ip_list("denied");
https_print_ip_range_list(sb,l,"Blacklist IP (dynamic)", "denied", 1);
ip_list_free(l);
}
}
str_buffer_append(sb,"\r\n</table> </body>\r\n</html>\r\n");
@ -2922,7 +2926,7 @@ static void write_https_oauth_page(ioa_socket_handle s, const char* add_kid, con
str_buffer_append(sb,HR_ADD_OAUTH_IKM);
str_buffer_append(sb,"\" value=\"");
str_buffer_append(sb,(const char*)add_ikm);
str_buffer_append(sb,"\" maxlength=256 size=48 required ");
str_buffer_append(sb,"\" maxlength=256 size=64 ");
str_buffer_append(sb,"><br>\r\n");
}
{
@ -3107,24 +3111,30 @@ static void handle_update_request(ioa_socket_handle s, struct http_request* hr)
const char* eip = get_http_header_value(hr, HR_ADD_IP,NULL);
if(eip && eip[0]) {
char* ip = evhttp_decode_uri(eip);
const char* r = get_http_header_value(hr, HR_ADD_IP_REALM,"");
const char* kind = get_http_header_value(hr, HR_ADD_IP_KIND,"");
const turn_dbdriver_t * dbd = get_dbdriver();
if (dbd && dbd->set_permission_ip) {
if(check_ip_list_range(ip)<0) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong address range format: %s\n", ip);
} else {
if(!r || !r[0]) {
r = current_realm();
}
const char* r = get_http_header_value(hr, HR_ADD_IP_REALM,"");
const char* kind = get_http_header_value(hr, HR_ADD_IP_KIND,"");
if(current_realm()[0] && strcmp(current_realm(),r)) {
//forbidden
} else {
const turn_dbdriver_t * dbd = get_dbdriver();
if (dbd && dbd->set_permission_ip) {
u08bits realm[STUN_MAX_REALM_SIZE+1]="\0";
STRCPY(realm,r);
if(!r || !r[0]) {
r = current_realm();
}
dbd->set_permission_ip(kind, realm, ip, 0);
if(current_realm()[0] && strcmp(current_realm(),r)) {
//forbidden
} else {
u08bits realm[STUN_MAX_REALM_SIZE+1]="\0";
STRCPY(realm,r);
dbd->set_permission_ip(kind, realm, ip, 0);
}
}
}
free(ip);

37
src/apps/relay/userdb.c
View File

@ -1266,6 +1266,43 @@ int add_ip_list_range(const char * range0, const char * realm, ip_range_list_t *
return 0;
}
int check_ip_list_range(const char * range0)
{
char *range = turn_strdup(range0);
char* separator = strchr(range, '-');
if (separator) {
*separator = '\0';
}
ioa_addr min, max;
if (make_ioa_addr((const u08bits*) range, 0, &min) < 0) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong address range format: %s\n", range);
turn_free(range,0);
return -1;
}
if (separator) {
if (make_ioa_addr((const u08bits*) separator + 1, 0, &max) < 0) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong address range format: %s\n", separator + 1);
turn_free(range,0);
return -1;
}
} else {
// Doesn't have a '-' character in it, so assume that this is a single address
addr_cpy(&max, &min);
}
if (separator)
*separator = '-';
turn_free(range,0);
return 0;
}
/////////// REALM //////////////
void reread_realms(void)

1
src/apps/relay/userdb.h
View File

@ -202,6 +202,7 @@ int add_static_user_account(char *user);
int adminuser(u08bits *user, u08bits *realm, u08bits *pwd, u08bits *secret, u08bits *origin, TURNADMIN_COMMAND_TYPE ct, perf_options_t* po, int is_admin);
int add_ip_list_range(const char* range, const char* realm, ip_range_list_t * list);
int check_ip_list_range(const char* range);
ip_range_list_t* get_ip_list(const char *kind);
void ip_list_free(ip_range_list_t *l);

28
src/client/ns_turn_ioaddr.c
View File

@ -185,19 +185,35 @@ int addr_eq_no_port(const ioa_addr* a1, const ioa_addr *a2) {
return 0;
}
int make_ioa_addr(const u08bits* saddr, int port, ioa_addr *addr) {
int make_ioa_addr(const u08bits* saddr0, int port, ioa_addr *addr) {
if(!saddr || !addr) return -1;
if(!saddr0 || !addr) return -1;
char ssaddr[257];
STRCPY(ssaddr,saddr0);
char* saddr=ssaddr;
while(*saddr == ' ') ++saddr;
size_t len=strlen(saddr);
while(len>0) {
if(saddr[len-1]==' ') {
saddr[len-1]=0;
--len;
} else {
break;
}
}
ns_bzero(addr, sizeof(ioa_addr));
if((strlen((const s08bits*)saddr) == 0)||
(inet_pton(AF_INET, (const s08bits*)saddr, &addr->s4.sin_addr) == 1)) {
if((len == 0)||
(inet_pton(AF_INET, saddr, &addr->s4.sin_addr) == 1)) {
addr->s4.sin_family = AF_INET;
#if defined(TURN_HAS_SIN_LEN) /* tested when configured */
addr->s4.sin_len = sizeof(struct sockaddr_in);
#endif
addr->s4.sin_port = nswap16(port);
} else if (inet_pton(AF_INET6, (const s08bits*)saddr, &addr->s6.sin6_addr) == 1) {
} else if (inet_pton(AF_INET6, saddr, &addr->s6.sin6_addr) == 1) {
addr->s6.sin6_family = AF_INET6;
#if defined(SIN6_LEN) /* this define is required by IPv6 if used */
addr->s6.sin6_len = sizeof(struct sockaddr_in6);
@ -217,7 +233,7 @@ int make_ioa_addr(const u08bits* saddr, int port, ioa_addr *addr) {
addr_hints.ai_addr = NULL;
addr_hints.ai_next = NULL;
err = getaddrinfo((const char*)saddr, NULL, &addr_hints, &addr_result);
err = getaddrinfo(saddr, NULL, &addr_hints, &addr_result);
if ((err != 0)||(!addr_result)) {
fprintf(stderr,"error resolving '%s' hostname: %s\n",saddr,gai_strerror(err));
return -1;