diff --git a/examples/var/db/turndb b/examples/var/db/turndb index 3b0da29..e856597 100644 Binary files a/examples/var/db/turndb and b/examples/var/db/turndb differ diff --git a/src/apps/relay/turn_admin_server.c b/src/apps/relay/turn_admin_server.c index cedfd49..35fecde 100644 --- a/src/apps/relay/turn_admin_server.c +++ b/src/apps/relay/turn_admin_server.c @@ -1765,7 +1765,7 @@ static void https_print_ip_range_list(struct str_buffer* sb, ip_range_list_t *va if(dynamic) { sbprintf(sb," %s",name); - sbprintf(sb,"
IP range:",form_names[AS_FORM_UPDATE].name,HR_ADD_IP_KIND,kind,HR_ADD_IP); + sbprintf(sb,"IP range:",form_names[AS_FORM_UPDATE].name,HR_ADD_IP_KIND,kind,HR_ADD_IP); sbprintf(sb,"Realm: \r\n\r\n"); @@ -2922,7 +2926,7 @@ static void write_https_oauth_page(ioa_socket_handle s, const char* add_kid, con str_buffer_append(sb,HR_ADD_OAUTH_IKM); str_buffer_append(sb,"\" value=\""); str_buffer_append(sb,(const char*)add_ikm); - str_buffer_append(sb,"\" maxlength=256 size=48 required "); + str_buffer_append(sb,"\" maxlength=256 size=64 "); str_buffer_append(sb,">
\r\n"); } { @@ -3107,24 +3111,30 @@ static void handle_update_request(ioa_socket_handle s, struct http_request* hr) const char* eip = get_http_header_value(hr, HR_ADD_IP,NULL); if(eip && eip[0]) { char* ip = evhttp_decode_uri(eip); - const char* r = get_http_header_value(hr, HR_ADD_IP_REALM,""); - const char* kind = get_http_header_value(hr, HR_ADD_IP_KIND,""); - const turn_dbdriver_t * dbd = get_dbdriver(); - if (dbd && dbd->set_permission_ip) { + if(check_ip_list_range(ip)<0) { + TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong address range format: %s\n", ip); + } else { - if(!r || !r[0]) { - r = current_realm(); - } + const char* r = get_http_header_value(hr, HR_ADD_IP_REALM,""); + const char* kind = get_http_header_value(hr, HR_ADD_IP_KIND,""); - if(current_realm()[0] && strcmp(current_realm(),r)) { - //forbidden - } else { + const turn_dbdriver_t * dbd = get_dbdriver(); + if (dbd && dbd->set_permission_ip) { - u08bits realm[STUN_MAX_REALM_SIZE+1]="\0"; - STRCPY(realm,r); + if(!r || !r[0]) { + r = current_realm(); + } - dbd->set_permission_ip(kind, realm, ip, 0); + if(current_realm()[0] && strcmp(current_realm(),r)) { + //forbidden + } else { + + u08bits realm[STUN_MAX_REALM_SIZE+1]="\0"; + STRCPY(realm,r); + + dbd->set_permission_ip(kind, realm, ip, 0); + } } } free(ip); diff --git a/src/apps/relay/userdb.c b/src/apps/relay/userdb.c index 5ab3d6c..0fdda26 100644 --- a/src/apps/relay/userdb.c +++ b/src/apps/relay/userdb.c @@ -1266,6 +1266,43 @@ int add_ip_list_range(const char * range0, const char * realm, ip_range_list_t * return 0; } +int check_ip_list_range(const char * range0) +{ + char *range = turn_strdup(range0); + + char* separator = strchr(range, '-'); + + if (separator) { + *separator = '\0'; + } + + ioa_addr min, max; + + if (make_ioa_addr((const u08bits*) range, 0, &min) < 0) { + TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong address range format: %s\n", range); + turn_free(range,0); + return -1; + } + + if (separator) { + if (make_ioa_addr((const u08bits*) separator + 1, 0, &max) < 0) { + TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong address range format: %s\n", separator + 1); + turn_free(range,0); + return -1; + } + } else { + // Doesn't have a '-' character in it, so assume that this is a single address + addr_cpy(&max, &min); + } + + if (separator) + *separator = '-'; + + turn_free(range,0); + + return 0; +} + /////////// REALM ////////////// void reread_realms(void) diff --git a/src/apps/relay/userdb.h b/src/apps/relay/userdb.h index 84b944c..c14a24e 100644 --- a/src/apps/relay/userdb.h +++ b/src/apps/relay/userdb.h @@ -202,6 +202,7 @@ int add_static_user_account(char *user); int adminuser(u08bits *user, u08bits *realm, u08bits *pwd, u08bits *secret, u08bits *origin, TURNADMIN_COMMAND_TYPE ct, perf_options_t* po, int is_admin); int add_ip_list_range(const char* range, const char* realm, ip_range_list_t * list); +int check_ip_list_range(const char* range); ip_range_list_t* get_ip_list(const char *kind); void ip_list_free(ip_range_list_t *l); diff --git a/src/client/ns_turn_ioaddr.c b/src/client/ns_turn_ioaddr.c index 13fb33d..60ccd3d 100644 --- a/src/client/ns_turn_ioaddr.c +++ b/src/client/ns_turn_ioaddr.c @@ -185,19 +185,35 @@ int addr_eq_no_port(const ioa_addr* a1, const ioa_addr *a2) { return 0; } -int make_ioa_addr(const u08bits* saddr, int port, ioa_addr *addr) { +int make_ioa_addr(const u08bits* saddr0, int port, ioa_addr *addr) { - if(!saddr || !addr) return -1; + if(!saddr0 || !addr) return -1; + + char ssaddr[257]; + STRCPY(ssaddr,saddr0); + + char* saddr=ssaddr; + while(*saddr == ' ') ++saddr; + + size_t len=strlen(saddr); + while(len>0) { + if(saddr[len-1]==' ') { + saddr[len-1]=0; + --len; + } else { + break; + } + } ns_bzero(addr, sizeof(ioa_addr)); - if((strlen((const s08bits*)saddr) == 0)|| - (inet_pton(AF_INET, (const s08bits*)saddr, &addr->s4.sin_addr) == 1)) { + if((len == 0)|| + (inet_pton(AF_INET, saddr, &addr->s4.sin_addr) == 1)) { addr->s4.sin_family = AF_INET; #if defined(TURN_HAS_SIN_LEN) /* tested when configured */ addr->s4.sin_len = sizeof(struct sockaddr_in); #endif addr->s4.sin_port = nswap16(port); - } else if (inet_pton(AF_INET6, (const s08bits*)saddr, &addr->s6.sin6_addr) == 1) { + } else if (inet_pton(AF_INET6, saddr, &addr->s6.sin6_addr) == 1) { addr->s6.sin6_family = AF_INET6; #if defined(SIN6_LEN) /* this define is required by IPv6 if used */ addr->s6.sin6_len = sizeof(struct sockaddr_in6); @@ -217,7 +233,7 @@ int make_ioa_addr(const u08bits* saddr, int port, ioa_addr *addr) { addr_hints.ai_addr = NULL; addr_hints.ai_next = NULL; - err = getaddrinfo((const char*)saddr, NULL, &addr_hints, &addr_result); + err = getaddrinfo(saddr, NULL, &addr_hints, &addr_result); if ((err != 0)||(!addr_result)) { fprintf(stderr,"error resolving '%s' hostname: %s\n",saddr,gai_strerror(err)); return -1;