Merge branch 'PR#269'

2018-09-06 15:50:25 +02:00 · 2018-09-06 15:50:25 +02:00 · 5181992115
commit 5181992115
parent 93c1103bb8 1906139d6c
8 changed files with 32 additions and 46 deletions
--- a/README.turnserver
+++ b/README.turnserver
@ -120,12 +120,11 @@ User database settings:
 		(see http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html for the 
 		command options description).
 		
--secret-key-file 	If you want to use password as encrpyted in the mysql connection string MySQL encrypted connection, this is key path.
-			This is the file path which contain secret key of aes encryption while using password encryption.
-			This attribute should be use if allow-encoding-with-aes set to 1.
--allow-encoding-with-aes	If you want to use password as encrpyted in the mysql connection string. Set allow-encoding-with-aes to 1.
-				If you want to use clearteaxt password in the mysql connection string. Set allow-encoding-with-aes to 0.
-				You have to enable secret-key-file attribute above as a key location.
+--secret-key-file 	This is the file path which contain secret key of aes encryption while using MySQL password encryption.
+			If you want to use in the MySQL connection string the password in encrypted format,
+			then set in this option the file path of the secret key. The key which is used to encrypt MySQL password.
+			Warning: If this option is set, then MySQL password must be set in "mysql-userdb" option in encrypted format! 
+			If you want to use cleartext password then do not set this option!
 -J, --mongo-userdb	User database connection string for MongoDB. 
 		This database can be used for long-term credentials mechanism,
 		and it can store the secret value 
--- a/examples/etc/turnserver.conf
+++ b/examples/etc/turnserver.conf
@ -293,16 +293,16 @@
 #
 #mysql-userdb="host=<host> dbname=<database-name> user=<database-user> password=<database-user-password> port=<port> connect_timeout=<seconds> read_timeout=<seconds>"

-#If you want to use password as encrpyted in the mysql connection string MySQL encrypted connection, this is key path.
-#This is the file path which contain secret key of aes encryption while using password encryption.
-#This attribute should be use if allow-encoding-with-aes set to 1.
+# If you want to use in the MySQL connection string the password in encrypted format,
+# then set in this option the MySQL password encryption secret key file.
+#
+# Warning: If this option is set, then mysql password must be set in "mysql-userdb" in encrypted format! 
+# If you want to use cleartext password then do not set this option!
+#
+# This is the file path which contain secret key of aes encryption while using password encryption.
+#
 #secret-key-file=/path/

-#If you want to use password as encrpyted in the mysql connection string. Set allow-encoding-with-aes to 1.
-#If you want to use clearteaxt password in the mysql connection string. Set allow-encoding-with-aes to 0.
-#You have to enable secret-key-file attribute above as a key location.
-#allow-encoding-with-aes=1 or 0
-
 # MongoDB database connection string in the case that we are using MongoDB
 # as the user database.
 # This database can be used for long-term credential mechanism
--- a/man/man1/turnadmin.1
+++ b/man/man1/turnadmin.1
@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "06 September 2018" "" ""
+.TH TURN 1 "07 September 2018" "" ""
 .SH GENERAL INFORMATION

 \fIturnadmin\fP is a TURN administration tool. This tool can be used to manage 
--- a/man/man1/turnserver.1
+++ b/man/man1/turnserver.1
@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "06 September 2018" "" ""
+.TH TURN 1 "07 September 2018" "" ""
 .SH GENERAL INFORMATION

 The \fBTURN Server\fP project contains the source code of a TURN server and TURN client 
@ -181,15 +181,11 @@ command \fIoptions\fP description).
 .TP
 .B
 \fB\-\-secret\-key\-file\fP
-If you want to use password as encrpyted in the mysql connection string MySQL encrypted connection, this is key path.
-This is the file path which contain secret key of aes encryption while using password encryption.
-This attribute should be use if allow\-encoding\-with\-aes set to 1.
-.TP
-.B
-\fB\-\-allow\-encoding\-with\-aes\fP
-If you want to use password as encrpyted in the mysql connection string. Set allow\-encoding\-with\-aes to 1.
-If you want to use clearteaxt password in the mysql connection string. Set allow\-encoding\-with\-aes to 0.
-You have to enable secret\-key\-file attribute above as a key location.
+This is the file path which contain secret key of aes encryption while using MySQL password encryption.
+If you want to use in the MySQL connection string the password in encrypted format,
+then set in this option the file path of the secret key. The key which is used to encrypt MySQL password.
+Warning: If this option is set, then MySQL password must be set in "mysql\-userdb" option in encrypted format! 
+If you want to use cleartext password then do not set this option!
 .TP
 .B
 \fB\-J\fP, \fB\-\-mongo\-userdb\fP
--- a/man/man1/turnutils.1
+++ b/man/man1/turnutils.1
@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "06 September 2018" "" ""
+.TH TURN 1 "07 September 2018" "" ""
 .SH GENERAL INFORMATION

 A set of turnutils_* programs provides some utility functionality to be used
--- a/src/apps/relay/dbdrivers/dbd_mysql.c
+++ b/src/apps/relay/dbdrivers/dbd_mysql.c
@ -263,7 +263,7 @@ static MYSQL *get_mydb_connection(void) {
 					mysql_ssl_set(mydbconnection, co->key, co->cert, co->ca, co->capath, co->cipher);
 				}

-				if(turn_params.allow_encoding){
+				if(turn_params.secret_key_file[0]){
 					co->password = decryptPassword(co->password, turn_params.secret_key);
 				}

@ -278,8 +278,10 @@ static MYSQL *get_mydb_connection(void) {
 					mydbconnection=NULL;
 				} else if(!donot_print_connection_success) {
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "MySQL DB connection success: %s\n",pud->userdb);
-					if(turn_params.allow_encoding)
-					    TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Connection is secure.\n");
+					if(turn_params.secret_key_file[0]) {
+						TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Encryption with AES is activated.\n");
+						TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Connection is secure.\n");
+					}
 					else
                        TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Connection is not secure.\n");
 					donot_print_connection_success = 1;
--- a/src/apps/relay/mainrelay.c
+++ b/src/apps/relay/mainrelay.c
@ -155,7 +155,6 @@ DEFAULT_CPUS_NUMBER,
 ///////// Encryption /////////
 "", /* secret_key_file */
 "", /* secret_key */
-0,  /* allow_encoding */
 0   /* keep_address_family */
 };

@ -498,12 +497,11 @@ static char Usage[] = "Usage: turnserver [options]\n"
 "						(see http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html for the\n"
 "						command options description).\n\n"
 "	        	          		All connection-string parameters are optional.\n\n"
-"--secret-key-file	<filename>		If you want to use password as encrpyted in the mysql connection string MySQL encrypted connection, this is key path.\n"
-"						This is the file path which contain secret key of aes encryption while using password encryption.\n"
-"						This attribute should be use if allow-encoding-with-aes set to 1.\n"
-"--allow-encoding-with-aes	<1/0>		If you want to use password as encrpyted in the mysql connection string. Set allow-encoding-with-aes to 1.\n"
-"						If you want to use clearteaxt password in the mysql connection string. Set allow-encoding-with-aes to 0.\n"
-"						You have to enable secret-key-file attribute above as a key location.\n"
+"--secret-key-file	<filename>		This is the file path which contain secret key of aes encryption while using MySQL password encryption.\n"
+"						If you want to use in the MySQL connection string the password in encrypted format,\n"
+"						then set in this option the file path of the secret key. The key which is used to encrypt MySQL password.\n"
+"						Warning: If this option is set, then MySQL password must be set in \"mysql-userdb\" option in encrypted format!\n"
+"						If you want to use cleartext password then do not set this option!\n"
 #endif
 #if !defined(TURN_NO_MONGO)
 " -J, --mongo-userdb	<connection-string>	MongoDB connection string, if used (default - empty, no MongoDB used).\n"
@ -771,8 +769,7 @@ enum EXTRA_OPTS {
 	OAUTH_OPT,
 	PROD_OPT,
 	NO_HTTP_OPT,
-	SECRET_KEY_OPT,
-	ALLOW_ENCODING_OPT
+	SECRET_KEY_OPT
 };

 struct myoption {
@ -892,7 +889,6 @@ static const struct myoption long_options[] = {
 				{ "no-tlsv1_1", optional_argument, NULL, NO_TLSV1_1_OPT },
 				{ "no-tlsv1_2", optional_argument, NULL, NO_TLSV1_2_OPT },
 				{ "secret-key-file", required_argument, NULL, SECRET_KEY_OPT },
-				{ "allow-encoding-with-aes", required_argument, NULL, ALLOW_ENCODING_OPT},
 				{ "keep-address-family", optional_argument, NULL, 'K' },
 				{ NULL, no_argument, NULL, 0 }
 };
@ -1475,9 +1471,6 @@ static void set_option(int c, char *value)
 	case SECRET_KEY_OPT:
 		 STRCPY(turn_params.secret_key_file,value);
 		 break;
-  	case ALLOW_ENCODING_OPT:
-  		turn_params.allow_encoding = atoi(value);
-  		break;
 	case PKEY_FILE_OPT:
 		STRCPY(turn_params.pkey_file,value);
 		break;
@ -2155,9 +2148,6 @@ int main(int argc, char **argv)

 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Domain name: %s\n",turn_params.domain);
 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Default realm: %s\n",get_realm(NULL)->options.name);
-    if(turn_params.allow_encoding){
-        TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "allow-encoding-with-aes activated.\n");
-    }

 	if(turn_params.oauth && turn_params.oauth_server_name[0]) {
 		TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "oAuth server name: %s\n",turn_params.oauth_server_name);
--- a/src/apps/relay/mainrelay.h
+++ b/src/apps/relay/mainrelay.h
@ -317,7 +317,6 @@ typedef struct _turn_params_ {
  ///////// Encryption /////////
  char secret_key_file[1025];
  unsigned char secret_key[1025];
-  int allow_encoding;
  int keep_address_family;

 } turn_params_t;