From 52320f8ac9167bd3e5ceca4d29f76086ccca8d61 Mon Sep 17 00:00:00 2001
From: Greg Fodor <gfodor@gmail.com>
Date: Sat, 18 Apr 2020 01:27:54 +0000
Subject: [PATCH] Add flags to disable periodic use of dynamic tables

---
 src/apps/relay/mainrelay.c | 23 ++++++++++++++++++++++-
 src/apps/relay/mainrelay.h |  3 +++
 src/apps/relay/netengine.c |  5 ++++-
 src/apps/relay/userdb.c    |  4 ++--
 4 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c
index 6710da6..c1f1438 100644
--- a/src/apps/relay/mainrelay.c
+++ b/src/apps/relay/mainrelay.c
@@ -157,7 +157,10 @@ DEFAULT_CPUS_NUMBER,
 ///////// Encryption /////////
 "", /* secret_key_file */
 "", /* secret_key */
-0   /* keep_address_family */
+0,  /* keep_address_family */
+0,  /* no_auth_pings */
+0,  /* no_dynamic_ip_list */
+0   /* no_dynamic_realms */
 };
 
 //////////////// OpenSSL Init //////////////////////
@@ -532,6 +535,9 @@ static char Usage[] = "Usage: turnserver [options]\n"
 "						That database value can be changed on-the-fly\n"
 "						by a separate program, so this is why it is 'dynamic'.\n"
 "						Multiple shared secrets can be used (both in the database and in the \"static\" fashion).\n"
+" --no-auth-pings				Disable periodic health checks to 'dynamic' auth secret tables.\n"
+" --no-dynamic-ip-list				Do not use dynamic allowed/denied peer ip list.\n"
+" --no-dynamic-realms				Do not use dynamic realm assignment and options.\n"
 " --server-name					Server name used for\n"
 "						the oAuth authentication purposes.\n"
 "						The default value is the realm name.\n"
@@ -730,6 +736,9 @@ enum EXTRA_OPTS {
 	CHANNEL_LIFETIME_OPT,
 	PERMISSION_LIFETIME_OPT,
 	AUTH_SECRET_OPT,
+	NO_AUTH_PINGS_OPT,
+	NO_DYNAMIC_IP_LIST_OPT,
+	NO_DYNAMIC_REALMS_OPT,
 	DEL_ALL_AUTH_SECRETS_OPT,
 	STATIC_AUTH_SECRET_VAL_OPT,
 	AUTH_SECRET_TS_EXP, /* deprecated */
@@ -833,6 +842,9 @@ static const struct myoption long_options[] = {
 #endif
 				{ "use-auth-secret", optional_argument, NULL, AUTH_SECRET_OPT },
 				{ "static-auth-secret", required_argument, NULL, STATIC_AUTH_SECRET_VAL_OPT },
+				{ "no-auth-pings", optional_argument, NULL, NO_AUTH_PINGS_OPT },
+				{ "no-dynamic-ip-list", optional_argument, NULL, NO_DYNAMIC_IP_LIST_OPT },
+				{ "no-dynamic-realms", optional_argument, NULL, NO_DYNAMIC_REALMS_OPT },
 /* deprecated: */		{ "secret-ts-exp-time", optional_argument, NULL, AUTH_SECRET_TS_EXP },
 				{ "realm", required_argument, NULL, 'r' },
 				{ "server-name", required_argument, NULL, SERVER_NAME_OPT },
@@ -1429,6 +1441,15 @@ static void set_option(int c, char *value)
 		turn_params.ct = TURN_CREDENTIALS_LONG_TERM;
 		use_lt_credentials = 1;
 		break;
+	case NO_AUTH_PINGS_OPT:
+		turn_params.no_auth_pings = 1;
+		break;
+	case NO_DYNAMIC_IP_LIST_OPT:
+		turn_params.no_dynamic_ip_list = 1;
+		break;
+	case NO_DYNAMIC_REALMS_OPT:
+		turn_params.no_dynamic_realms = 1;
+		break;
 	case STATIC_AUTH_SECRET_VAL_OPT:
 		add_to_secrets_list(&turn_params.default_users_db.ram_db.static_auth_secrets,value);
 		turn_params.use_auth_secret_with_timestamp = 1;
diff --git a/src/apps/relay/mainrelay.h b/src/apps/relay/mainrelay.h
index ea13984..1ed5d5f 100644
--- a/src/apps/relay/mainrelay.h
+++ b/src/apps/relay/mainrelay.h
@@ -322,6 +322,9 @@ typedef struct _turn_params_ {
   char secret_key_file[1025];
   unsigned char secret_key[1025];
   int keep_address_family;
+  int no_auth_pings;
+  int no_dynamic_ip_list;
+  int no_dynamic_realms;
 
 } turn_params_t;
 
diff --git a/src/apps/relay/netengine.c b/src/apps/relay/netengine.c
index 1a69dcd..ead46f7 100644
--- a/src/apps/relay/netengine.c
+++ b/src/apps/relay/netengine.c
@@ -1776,7 +1776,10 @@ static void* run_auth_server_thread(void *arg)
 		barrier_wait();
 
 		while(run_auth_server_flag) {
-			auth_ping(as->rch);
+			if (!turn_params.no_auth_pings) {
+				auth_ping(as->rch);
+			}
+
 			run_events(as->event_base,NULL);
 		}
 	}
diff --git a/src/apps/relay/userdb.c b/src/apps/relay/userdb.c
index 76d0c7c..d2effac 100644
--- a/src/apps/relay/userdb.c
+++ b/src/apps/relay/userdb.c
@@ -1167,7 +1167,7 @@ ip_range_list_t* get_ip_list(const char *kind)
 	bzero(ret,sizeof(ip_range_list_t));
 
 	const turn_dbdriver_t * dbd = get_dbdriver();
-	if (dbd && dbd->get_ip_list) {
+	if (dbd && dbd->get_ip_list && !turn_params.no_dynamic_ip_list) {
 		(*dbd->get_ip_list)(kind, ret);
 	}
 
@@ -1303,7 +1303,7 @@ void reread_realms(void)
 	}
 
 	const turn_dbdriver_t * dbd = get_dbdriver();
-	if (dbd && dbd->reread_realms) {
+	if (dbd && dbd->reread_realms && !turn_params.no_dynamic_realms) {
 		(*dbd->reread_realms)(&realms_list);
 	}
 }