1) working on https; 2) SSLv2 support removed.

ChangeLog

@@ -1,6 +1,7 @@
 1/1/2015 Oleg Moskalenko <mom040267@gmail.com>
 Version 4.3.4.1 'Tolomei':
 	- https admin server;
+	- SSLv2 support removed;
 
 12/24/2014 Oleg Moskalenko <mom040267@gmail.com>
 Version 4.3.3.1 'Tolomei':

INSTALL

@@ -796,10 +796,10 @@ The oauth_key table fields meanings are:
 # remote https access to the admin functions.
 #
 CREATE TABLE admin_user (
-	uname varchar(32),
+	name varchar(32),
 	realm varchar(127),
 	password varchar(127),
-	primary key (uname)
+	primary key (name)
 );
 
 You can use turnadmin program to manage the database - you can either use 

README.turnserver

@@ -300,7 +300,7 @@ Options with required values:
 			endpoints (the "plain" one and the "tls" one) are equivalent in terms of
 			functionality; but we keep both endpoints to satisfy the RFC 5766 specs.
 			For secure TCP connections, we currently support SSL version 3 and 
-			TLS versions 1.0, 1.1, 1.2. SSL2 "encapsulation mode" is also supported.
+			TLS versions 1.0, 1.1, 1.2.
 			For secure UDP connections, we support DTLS version 1.
 
 --alt-listening-port	Alternative listening port for UDP and TCP listeners;

configure

@@ -1160,7 +1160,7 @@ fi
 # So, what we have now:
 ###############################
 
-OSCFLAGS="${OSCFLAGS} ${TURN_NO_THREAD_BARRIERS} ${TURN_NO_DTLS} ${TURN_NO_GCM} ${TURN_NO_TLS} -DINSTALL_PREFIX=${PREFIX} -DTURNDB=${TURNDBDIR}/turndb"
+OSCFLAGS="-DOPENSSL_NO_SSL2 ${OSCFLAGS} ${TURN_NO_THREAD_BARRIERS} ${TURN_NO_DTLS} ${TURN_NO_GCM} ${TURN_NO_TLS} -DINSTALL_PREFIX=${PREFIX} -DTURNDB=${TURNDBDIR}/turndb"
 
 if ! [ -z "${TURN_ACCEPT_RPATH}" ] ; then
   if [ -z "${TURN_DISABLE_RPATH}" ] ; then

examples/etc/turnserver.conf

@@ -24,7 +24,7 @@
 # endpoints (the "plain" one and the "tls" one) are equivalent in terms of
 # functionality; but we keep both endpoints to satisfy the RFC 5766 specs.
 # For secure TCP connections, we currently support SSL version 3 and 
-# TLS version 1.0, 1.1 and 1.2. SSL2 "encapculation mode" is also supported.
+# TLS version 1.0, 1.1 and 1.2.
 # For secure UDP connections, we support DTLS version 1.
 #
 #tls-listening-port=5349

examples/scripts/longtermsecure/secure_relay.sh

@@ -22,7 +22,7 @@
 # 9) "--pkey=turn_server_pkey.pem" sets the OpenSSL private key name.
 # 10) "--log-file=stdout" means that all log output will go to the stdout. 
 # 11) "-v" means normal verbose mode (with some moderate logging).
-# 12) --cipher-list=ALL:SSLv2 means that we support all OpenSSL ciphers, including SSLv2
+# 12) --cipher-list=ALL means that we support all OpenSSL ciphers
 # Other parameters (config file name, etc) are default.
 
 if [ -d examples ] ; then
@@ -32,4 +32,4 @@ fi
 export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 
-PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 10 --min-port=32355 --max-port=65535 --user=ninefingers:youhavetoberealistic --user=gorst:hero -r north.gov --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout -v --cipher-list=ALL:SSLv2 $@
+PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 10 --min-port=32355 --max-port=65535 --user=ninefingers:youhavetoberealistic --user=gorst:hero -r north.gov --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout -v --cipher-list=ALL $@

examples/scripts/longtermsecure/secure_relay_cert.sh

@@ -25,7 +25,7 @@
 # 10) --CA-file sets the CA file for client certificate check.
 # 11) "--log-file=stdout" means that all log output will go to the stdout.
 # 12) "-v" means normal verbose mode (with some moderate logging).
-# 13) --cipher-list="ALL:SSLv2:!eNULL:!aNULL:!NULL" measn "all ciphers, except anonymous".
+# 13) --cipher-list="ALL:!eNULL:!aNULL:!NULL" measn "all ciphers, except anonymous".
 # Other parameters (config file name, etc) are default.
 
 if [ -d examples ] ; then
@@ -35,4 +35,4 @@ fi
 export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 
-PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 10 --min-port=32355 --max-port=65535 --user=ninefingers:youhavetoberealistic --user=bolt:kwyjibo -r bolt.co --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --CA-file=turn_server_cert.pem --log-file=stdout -v --cipher-list="ALL:SSLv2:!eNULL:!aNULL:!NULL" $@
+PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 10 --min-port=32355 --max-port=65535 --user=ninefingers:youhavetoberealistic --user=bolt:kwyjibo -r bolt.co --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --CA-file=turn_server_cert.pem --log-file=stdout -v --cipher-list="ALL:!eNULL:!aNULL:!NULL" $@

examples/scripts/longtermsecuredb/secure_relay_with_db_mongo.sh

@@ -20,7 +20,7 @@
 # 7) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name. 
 # 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
 # 9) "--log-file=stdout" means that all log output will go to the stdout.
-# 10) --cipher-list=ALL:SSLv2 means that we support all OpenSSL ciphers, including SSLv2
+# 10) --cipher-list=ALL means that we support all OpenSSL ciphers
 # 11) --oauth - accept oAuth security dialog
 # Other parameters (config file name, etc) are default.
 
@@ -31,4 +31,4 @@ fi
 export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
 export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/
 
-PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --mongo-userdb="mongodb://localhost/coturn" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL:SSLv2 --oauth $@
+PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --mongo-userdb="mongodb://localhost/coturn" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@

examples/scripts/longtermsecuredb/secure_relay_with_db_mysql.sh

@@ -21,7 +21,7 @@
 # 7) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name. 
 # 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
 # 9) "--log-file=stdout" means that all log output will go to the stdout.
-# 10) --cipher-list=ALL:SSLv2 means that we support all OpenSSL ciphers, including SSLv2
+# 10) --cipher-list=ALL means that we support all OpenSSL ciphers
 # 11) --oauth - accept oAuth security dialog
 # Other parameters (config file name, etc) are default.
 
@@ -32,4 +32,4 @@ fi
 export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 
-PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --mysql-userdb="host=localhost dbname=coturn user=turn password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL:SSLv2 --oauth $@
+PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --mysql-userdb="host=localhost dbname=coturn user=turn password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@

examples/scripts/longtermsecuredb/secure_relay_with_db_mysql_ssl.sh

@@ -22,7 +22,7 @@
 # 7) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name. 
 # 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
 # 9) "--log-file=stdout" means that all log output will go to the stdout.
-# 10) --cipher-list=ALL:SSLv2 means that we support all OpenSSL ciphers, including SSLv2
+# 10) --cipher-list=ALL means that we support all OpenSSL ciphers
 # 11) --oauth - accept oAuth security dialog
 # Other parameters (config file name, etc) are default.
 
@@ -33,4 +33,4 @@ fi
 export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 
-PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --mysql-userdb="host=localhost dbname=coturn user=turn password=turn cipher=DHE-RSA-AES256-SHA connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL:SSLv2 --oauth $@
+PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --mysql-userdb="host=localhost dbname=coturn user=turn password=turn cipher=DHE-RSA-AES256-SHA connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@

examples/scripts/longtermsecuredb/secure_relay_with_db_psql.sh

@@ -21,7 +21,7 @@
 # 7) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name. 
 # 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
 # 9) "--log-file=stdout" means that all log output will go to the stdout.
-# 10) --cipher-list=ALL:SSLv2 means that we support all OpenSSL ciphers, including SSLv2
+# 10) --cipher-list=ALL means that we support all OpenSSL ciphers
 # 11) --oauth - accept oAuth security dialog
 # Other parameters (config file name, etc) are default.
 
@@ -32,7 +32,7 @@ fi
 export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 
-PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --psql-userdb="host=localhost dbname=coturn user=turn password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL:SSLv2 --oauth $@ 
+PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --psql-userdb="host=localhost dbname=coturn user=turn password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@ 
 
 # Newer PostgreSQL style connection string example:
-# PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --psql-userdb=postgresql://turn:turn@/turn --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL:SSLv2 --oauth $@
+# PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --psql-userdb=postgresql://turn:turn@/turn --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@

examples/scripts/longtermsecuredb/secure_relay_with_db_redis.sh

@@ -24,7 +24,7 @@
 # 8) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name. 
 # 9) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
 # 10) "--log-file=stdout" means that all log output will go to the stdout.
-# 11) --cipher-list=ALL:SSLv2 means that we support all OpenSSL ciphers, including SSLv2
+# 11) --cipher-list=ALL means that we support all OpenSSL ciphers
 # 12) --oauth - accept oAuth security dialog
 # Other parameters (config file name, etc) are default.
 
@@ -35,4 +35,4 @@ fi
 export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 
-PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --redis-userdb="ip=127.0.0.1 dbname=2 password=turn connect_timeout=30" --redis-statsdb="ip=127.0.0.1 dbname=3 password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL:SSLv2 --oauth $@
+PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --redis-userdb="ip=127.0.0.1 dbname=2 password=turn connect_timeout=30" --redis-statsdb="ip=127.0.0.1 dbname=3 password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@

examples/scripts/longtermsecuredb/secure_relay_with_db_sqlite.sh

@@ -20,7 +20,7 @@
 # 7) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name. 
 # 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
 # 9) "--log-file=stdout" means that all log output will go to the stdout.
-# 10) --cipher-list=ALL:SSLv2 means that we support all OpenSSL ciphers, including SSLv2
+# 10) --cipher-list=ALL means that we support all OpenSSL ciphers
 # 11) --oauth - accept oAuth security dialog
 # Other parameters (config file name, etc) are default.
 
@@ -31,5 +31,5 @@ fi
 export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 
-PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --db="var/db/turndb" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL:SSLv2 --oauth $@ 
+PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --db="var/db/turndb" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@ 
 

examples/scripts/mobile/mobile_relay.sh

@@ -23,7 +23,7 @@
 # 10) "--log-file=stdout" means that all log output will go to the stdout. 
 # 11) "-v" means normal verbose mode (with some moderate logging).
 # 12) "--mobility" turns on the Mobile ICE TURN functionality.
-# 13) --cipher-list=ALL:SSLv2 means that we support all OpenSSL ciphers, including SSLv2
+# 13) --cipher-list=ALL means that we support all OpenSSL ciphers
 # Other parameters (config file name, etc) are default.
 
 if [ -d examples ] ; then
@@ -33,4 +33,4 @@ fi
 export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 
-PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 10 --min-port=32355 --max-port=65535 --user=ninefingers:0xbc807ee29df3c9ffa736523fb2c4e8ee --user=gorst:hero -r north.gov --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout -v --mobility --cipher-list=ALL:SSLv2 $@
+PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 10 --min-port=32355 --max-port=65535 --user=ninefingers:0xbc807ee29df3c9ffa736523fb2c4e8ee --user=gorst:hero -r north.gov --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout -v --mobility --cipher-list=ALL $@

examples/scripts/restapi/secure_relay_secret.sh

@@ -22,7 +22,7 @@
 # 10) "--log-file=stdout" means that all log output will go to the stdout.
 # 11) "-q 100" means that single user can create no more than 100 sessions
 # 12) "-Q 300" means that there may be no more than 300 sessions totally
-# 13) --cipher-list=ALL:SSLv2 means that we support all OpenSSL ciphers, including SSLv2.
+# 13) --cipher-list=ALL means that we support all OpenSSL ciphers
 # Other parameters (config file name, etc) are default.
 
 if [ -d examples ] ; then
@@ -32,5 +32,5 @@ fi
 export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 
-PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 --use-auth-secret --static-auth-secret=logen --realm=north.gov --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout -q 100 -Q 300 --cipher-list=ALL:SSLv2 $@
+PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 --use-auth-secret --static-auth-secret=logen --realm=north.gov --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout -q 100 -Q 300 --cipher-list=ALL $@
 

examples/scripts/restapi/secure_relay_secret_with_db_mongo.sh

@@ -24,7 +24,7 @@
 # 8) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name. 
 # 9) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
 # 10) "--log-file=stdout" means that all log output will go to the stdout.
-# 11) --cipher-list=ALL:SSLv2 means that we support all OpenSSL ciphers, including SSLv2
+# 11) --cipher-list=ALL means that we support all OpenSSL ciphers
 # Other parameters (config file name, etc) are default.
 
 if [ -d examples ] ; then
@@ -34,4 +34,4 @@ fi
 export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 
-PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 --use-auth-secret --realm=north.gov --mongo-userdb="mongodb://localhost/coturn" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL:SSLv2 $@
+PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 --use-auth-secret --realm=north.gov --mongo-userdb="mongodb://localhost/coturn" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL $@

examples/scripts/restapi/secure_relay_secret_with_db_mysql.sh

@@ -25,7 +25,7 @@
 # 8) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name. 
 # 9) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
 # 10) "--log-file=stdout" means that all log output will go to the stdout.
-# 11) --cipher-list=ALL:SSLv2 means that we support all OpenSSL ciphers, including SSLv2
+# 11) --cipher-list=ALL means that we support all OpenSSL ciphers
 # Other parameters (config file name, etc) are default.
 
 if [ -d examples ] ; then
@@ -35,4 +35,4 @@ fi
 export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 
-PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 --use-auth-secret --realm=north.gov --mysql-userdb="host=localhost dbname=coturn user=turn password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL:SSLv2 $@
+PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 --use-auth-secret --realm=north.gov --mysql-userdb="host=localhost dbname=coturn user=turn password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL $@

examples/scripts/restapi/secure_relay_secret_with_db_psql.sh

@@ -25,7 +25,7 @@
 # 8) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name. 
 # 9) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
 # 10) "--log-file=stdout" means that all log output will go to the stdout.
-# 11) --cipher-list=ALL:SSLv2 means that we support all OpenSSL ciphers, including SSLv2.
+# 11) --cipher-list=ALL means that we support all OpenSSL ciphers
 # Other parameters (config file name, etc) are default.
 
 if [ -d examples ] ; then
@@ -35,4 +35,4 @@ fi
 export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 
-PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 --use-auth-secret --realm=north.gov --psql-userdb="host=localhost dbname=coturn user=turn password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL:SSLv2 $@
+PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 --use-auth-secret --realm=north.gov --psql-userdb="host=localhost dbname=coturn user=turn password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL $@

examples/scripts/restapi/secure_relay_secret_with_db_redis.sh

@@ -25,7 +25,7 @@
 # 8) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name. 
 # 9) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
 # 10) "--log-file=stdout" means that all log output will go to the stdout.
-# 11) --cipher-list=ALL:SSLv2 means that we support all OpenSSL ciphers, including SSLv2.
+# 11) --cipher-list=ALL means that we support all OpenSSL ciphers
 # Other parameters (config file name, etc) are default.
 
 if [ -d examples ] ; then
@@ -35,4 +35,4 @@ fi
 export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 
-PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 --use-auth-secret --realm=north.gov --redis-userdb="ip=127.0.0.1 dbname=2 password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --redis-statsdb="ip=127.0.0.1 dbname=3 password=turn connect_timeout=30" --cipher-list=ALL:SSLv2 $@
+PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 --use-auth-secret --realm=north.gov --redis-userdb="ip=127.0.0.1 dbname=2 password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --redis-statsdb="ip=127.0.0.1 dbname=3 password=turn connect_timeout=30" --cipher-list=ALL $@

examples/scripts/restapi/secure_relay_secret_with_db_sqlite.sh

@@ -24,7 +24,7 @@
 # 8) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name. 
 # 9) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
 # 10) "--log-file=stdout" means that all log output will go to the stdout.
-# 11) --cipher-list=ALL:SSLv2 means that we support all OpenSSL ciphers, including SSLv2
+# 11) --cipher-list=ALL means that we support all OpenSSL ciphers
 # Other parameters (config file name, etc) are default.
 
 if [ -d examples ] ; then
@@ -34,4 +34,4 @@ fi
 export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 
-PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 --use-auth-secret --realm=north.gov --db="var/db/turndb" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL:SSLv2 $@
+PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 --use-auth-secret --realm=north.gov --db="var/db/turndb" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL $@

examples/scripts/selfloadbalance/secure_relay.sh

@@ -29,7 +29,7 @@
 # 11) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
 # 12) "--log-file=stdout" means that all log output will go to the stdout. 
 # 13) "-v" means normal verbose mode (with some moderate logging).
-# 14) --cipher-list=ALL:SSLv2 means that we support all OpenSSL ciphers, including SSLv2.
+# 14) --cipher-list=ALL means that we support all OpenSSL ciphers
 # Other parameters (config file name, etc) are default.
 
 if [ -d examples ] ; then
@@ -39,4 +39,4 @@ fi
 export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 
-PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --aux-server=127.0.0.1:12345 --aux-server=[::1]:12345 --aux-server=127.0.0.1:12346 --aux-server=[::1]:12346 --udp-self-balance --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 10 --min-port=32355 --max-port=65535 --user=ninefingers:youhavetoberealistic --user=gorst:hero -r north.gov --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL:SSLv2 $@
+PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --aux-server=127.0.0.1:12345 --aux-server=[::1]:12345 --aux-server=127.0.0.1:12346 --aux-server=[::1]:12346 --udp-self-balance --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 10 --min-port=32355 --max-port=65535 --user=ninefingers:youhavetoberealistic --user=gorst:hero -r north.gov --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL $@

examples/scripts/shorttermsecure/secure_relay_short_term_mech.sh

@@ -21,7 +21,7 @@
 # 8) "--log-file=stdout" means that all log output will go to the stdout.
 # 9) -E 127.0.0.1 and -E :;1 sets the relay addresses, in this case for loopback 
 # communications only.
-# 10) --cipher-list=ALL:SSLv2 means that we support all OpenSSL ciphers, including SSLv2.
+# 10) --cipher-list=ALL means that we support all OpenSSL ciphers
 # Other parameters (config file name, etc) are default.
 
 if [ -d examples ] ; then
@@ -31,4 +31,4 @@ fi
 export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 
-PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -A --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535  --db="var/db/turndb" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout -E 127.0.0.1 -E ::1 --cipher-list=ALL:SSLv2 $@
+PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -A --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535  --db="var/db/turndb" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout -E 127.0.0.1 -E ::1 --cipher-list=ALL $@

man/man1/turnadmin.1

@@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "07 January 2015" "" ""
+.TH TURN 1 "10 January 2015" "" ""
 .SH GENERAL INFORMATION
 
 \fIturnadmin\fP is a TURN administration tool. This tool can be used to manage 

man/man1/turnserver.1

@@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "07 January 2015" "" ""
+.TH TURN 1 "10 January 2015" "" ""
 .SH GENERAL INFORMATION
 
 The \fBTURN Server\fP project contains the source code of a TURN server and TURN client 
@@ -453,7 +453,7 @@ Note: actually, "plain" TCP & UDP sessions can connect to the TLS & DTLS
 endpoints (the "plain" one and the "tls" one) are equivalent in terms of
 functionality; but we keep both endpoints to satisfy the RFC 5766 specs.
 For secure TCP connections, we currently support SSL version 3 and 
-TLS versions 1.0, 1.1, 1.2. SSL2 "encapsulation mode" is also supported.
+TLS versions 1.0, 1.1, 1.2.
 For secure UDP connections, we support DTLS version 1.
 .TP
 .B

man/man1/turnutils.1

@@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "07 January 2015" "" ""
+.TH TURN 1 "10 January 2015" "" ""
 .SH GENERAL INFORMATION
 
 A set of turnutils_* programs provides some utility functionality to be used

rpm/turnserver.spec

@@ -44,8 +44,7 @@ STUN specs:
 The implementation fully supports the following client-to-TURN-server protocols:
 - UDP (per RFC 5766)
 - TCP (per RFC 5766 and RFC 6062)
-- TLS (per RFC 5766 and RFC 6062); SSL3/TLS1.0/TLS1.1/TLS1.2; SSL2 wrapping
-  supported
+- TLS (per RFC 5766 and RFC 6062); SSL3/TLS1.0/TLS1.1/TLS1.2
 - DTLS (experimental non-standard feature)
 
 Supported relay protocols:

src/apps/relay/dbdrivers/dbd_mongo.c

@@ -312,7 +312,7 @@ static int mongo_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
 	return ret;
 }
   
-static int mongo_get_user_pwd(u08bits *usname, st_password_t pwd) {
+static int mongo_get_user_pwd(u08bits *usname, password_t pwd) {
   mongoc_collection_t * collection = mongo_get_collection("turnusers_st"); 
 
 	if(!collection)
@@ -425,7 +425,7 @@ static int mongo_set_oauth_key(oauth_key_data_raw *key) {
   return ret;
 }
   
-static int mongo_set_user_pwd(u08bits *usname, st_password_t pwd) {
+static int mongo_set_user_pwd(u08bits *usname, password_t pwd) {
   mongoc_collection_t * collection = mongo_get_collection("turnusers_st");
 
 	if(!collection)
@@ -1172,7 +1172,169 @@ static void mongo_reread_realms(secrets_list_t * realms_list) {
 	bson_destroy(&fields);
 }
 
-///////////////////////////////////////////////////////////////////////////////////////////////////////////
+/////////////////////////////////////////////////
+
+static int mongo_get_admin_user(const u08bits *usname, u08bits *realm, password_t pwd)
+{
+	mongoc_collection_t * collection = mongo_get_collection("admin_user");
+
+	if(!collection)
+    return -1;
+
+	realm[0]=0;
+	pwd[0]=0;
+
+	bson_t query;
+	bson_init(&query);
+	BSON_APPEND_UTF8(&query, "name", (const char *)usname);
+
+	bson_t fields;
+	bson_init(&fields);
+	BSON_APPEND_INT32(&fields, "realm", 1);
+	BSON_APPEND_INT32(&fields, "password", 1);
+
+	mongoc_cursor_t * cursor;
+	cursor = mongoc_collection_find(collection, MONGOC_QUERY_NONE, 0, 1, 0, &query, &fields, NULL);
+
+	int ret = -1;
+
+	if (!cursor) {
+		TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error querying MongoDB collection 'admin_user'\n");
+	} else {
+		const bson_t * item;
+		uint32_t length;
+		bson_iter_t iter;
+		if (mongoc_cursor_next(cursor, &item)) {
+			if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "realm") && BSON_ITER_HOLDS_UTF8(&iter)) {
+				strncpy((char*)realm,bson_iter_utf8(&iter, &length),STUN_MAX_REALM_SIZE);
+				ret = 0;
+			}
+			if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "password") && BSON_ITER_HOLDS_UTF8(&iter)) {
+				strncpy((char*)pwd,bson_iter_utf8(&iter, &length),STUN_MAX_PWD_SIZE);
+				ret = 0;
+			}
+		}
+		mongoc_cursor_destroy(cursor);
+	}
+	mongoc_collection_destroy(collection);
+	bson_destroy(&query);
+	bson_destroy(&fields);
+	return ret;
+}
+
+static int mongo_set_admin_user(const u08bits *usname, const u08bits *realm, const password_t pwd)
+{
+	mongoc_collection_t * collection = mongo_get_collection("admin_user");
+
+	if(!collection)
+    return -1;
+
+	bson_t query;
+	bson_init(&query);
+	BSON_APPEND_UTF8(&query, "name", (const char *)usname);
+
+	bson_t doc;
+	bson_init(&doc);
+	BSON_APPEND_UTF8(&doc, "name", (const char *)usname);
+	BSON_APPEND_UTF8(&doc, "realm", (const char *)realm);
+	BSON_APPEND_UTF8(&doc, "password", (const char *)pwd);
+
+	int ret = -1;
+
+	if (!mongoc_collection_update(collection, MONGOC_UPDATE_UPSERT, &query, &doc, NULL, NULL)) {
+		TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error inserting/updating admin user information\n");
+	} else {
+		ret = 0;
+	}
+	mongoc_collection_destroy(collection);
+	bson_destroy(&doc);
+	bson_destroy(&query);
+	return ret;
+}
+
+static int mongo_del_admin_user(const u08bits *usname)
+{
+	mongoc_collection_t * collection = mongo_get_collection("admin_user");
+
+	if(!collection)
+		return -1;
+
+	bson_t query;
+	bson_init(&query);
+	BSON_APPEND_UTF8(&query, "name", (const char *)usname);
+
+	int ret = -1;
+
+	if (!mongoc_collection_delete(collection, MONGOC_DELETE_SINGLE_REMOVE, &query, NULL, NULL)) {
+		TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error deleting admin user information\n");
+	} else {
+		ret = 0;
+	}
+	mongoc_collection_destroy(collection);
+	bson_destroy(&query);
+	return ret;
+}
+
+static int mongo_list_admin_users(void)
+{
+	const char * collection_name = "admin_user";
+	mongoc_collection_t * collection = mongo_get_collection(collection_name);
+
+	if(!collection)
+		return -1;
+
+	bson_t query, child;
+	bson_init(&query);
+	bson_append_document_begin(&query, "$orderby", -1, &child);
+	bson_append_int32(&child, "name", -1, 1);
+	bson_append_document_end(&query, &child);
+	bson_append_document_begin(&query, "$query", -1, &child);
+	bson_append_document_end(&query, &child);
+
+	bson_t fields;
+	bson_init(&fields);
+	BSON_APPEND_INT32(&fields, "name", 1);
+	BSON_APPEND_INT32(&fields, "realm", 1);
+
+	mongoc_cursor_t * cursor;
+	cursor = mongoc_collection_find(collection, MONGOC_QUERY_NONE, 0, 0, 0, &query, &fields, NULL);
+
+	int ret = -1;
+
+	if (!cursor) {
+		TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error querying MongoDB collection '%s'\n", collection_name);
+	} else {
+		const bson_t * item;
+		uint32_t length;
+		bson_iter_t iter;
+		bson_iter_t iter_realm;
+		const char * value;
+		while (mongoc_cursor_next(cursor, &item)) {
+			if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "name") && BSON_ITER_HOLDS_UTF8(&iter)) {
+				value = bson_iter_utf8(&iter, &length);
+				if (length) {
+					const char *realm = "";
+					if (bson_iter_init(&iter_realm, item) && bson_iter_find(&iter_realm, "realm") && BSON_ITER_HOLDS_UTF8(&iter_realm)) {
+						realm = bson_iter_utf8(&iter_realm, &length);
+					}
+					if(realm && *realm) {
+						printf("%s[%s]\n", value, realm);
+					} else {
+						printf("%s\n", value);
+					}
+				}
+			}
+		}
+		mongoc_cursor_destroy(cursor);
+		ret = 0;
+	}
+	mongoc_collection_destroy(collection);
+	bson_destroy(&query);
+	bson_destroy(&fields);
+	return ret;
+}
+
+//////////////////////////////////////////////////////////
 
 static const turn_dbdriver_t driver = {
   &mongo_get_auth_secrets,
@@ -1196,7 +1358,11 @@ static const turn_dbdriver_t driver = {
   &mongo_set_oauth_key,
   &mongo_get_oauth_key,
   &mongo_del_oauth_key,
-  &mongo_list_oauth_keys
+  &mongo_list_oauth_keys,
+  &mongo_get_admin_user,
+  &mongo_set_admin_user,
+  &mongo_del_admin_user,
+  &mongo_list_admin_users
 };
 
 const turn_dbdriver_t * get_mongo_dbdriver(void) {

src/apps/relay/dbdrivers/dbd_mysql.c

@@ -339,7 +339,7 @@ static int mysql_get_user_key(u08bits *usname, u08bits *realm, hmackey_t key) {
   return ret;
 }
   
-static int mysql_get_user_pwd(u08bits *usname, st_password_t pwd) {
+static int mysql_get_user_pwd(u08bits *usname, password_t pwd) {
 
   int ret = -1;
 
@@ -514,21 +514,26 @@ static int mysql_list_oauth_keys(void) {
 	return ret;
 }
   
-static int mysql_set_user_key(u08bits *usname, u08bits *realm, const char *key) {
+static int mysql_set_user_key(u08bits *usname, u08bits *realm, const char *key)
+{
   int ret = -1;
-	char statement[TURN_LONG_STRING_SIZE];
-	MYSQL * myc = get_mydb_connection();
-	if(myc) {
+  char statement[TURN_LONG_STRING_SIZE];
+  MYSQL * myc = get_mydb_connection();
+  if(myc) {
 	  snprintf(statement,sizeof(statement),"insert into turnusers_lt (realm,name,hmackey) values('%s','%s','%s')",realm,usname,key);
-		int res = mysql_query(myc, statement);
-		if(res) {
+	  int res = mysql_query(myc, statement);
+	  if(!res) {
+		  ret = 0;
+	  } else {
 		  snprintf(statement,sizeof(statement),"update turnusers_lt set hmackey='%s' where name='%s' and realm='%s'",key,usname,realm);
-			res = mysql_query(myc, statement);
-			if(res) {
-				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error inserting/updating user key information: %s\n",mysql_error(myc));
-			}
-		}
-	}
+		  res = mysql_query(myc, statement);
+		  if(!res) {
+			  ret = 0;
+		  } else {
+			  TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error inserting/updating user key information: %s\n",mysql_error(myc));
+		  }
+	  }
+  }
   return ret;
 }
 
@@ -553,7 +558,7 @@ static int mysql_set_oauth_key(oauth_key_data_raw *key) {
   return ret;
 }
   
-static int mysql_set_user_pwd(u08bits *usname, st_password_t pwd) {
+static int mysql_set_user_pwd(u08bits *usname, password_t pwd) {
   int ret = -1;
 	char statement[TURN_LONG_STRING_SIZE];
 	MYSQL * myc = get_mydb_connection();
@@ -1065,7 +1070,126 @@ static void mysql_reread_realms(secrets_list_t * realms_list) {
 	}
 }
 
-///////////////////////////////////////////////////////////////////////////////////////////////////////////
+/////////////////////////////////////////////////////
+
+static int mysql_get_admin_user(const u08bits *usname, u08bits *realm, password_t pwd)
+{
+  int ret = -1;
+
+  realm[0]=0;
+  pwd[0]=0;
+
+  MYSQL * myc = get_mydb_connection();
+  if(myc) {
+	char statement[TURN_LONG_STRING_SIZE];
+	snprintf(statement,sizeof(statement),"select realm,password from admin_user where name='%s'",usname);
+	int res = mysql_query(myc, statement);
+	if(res) {
+		TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error retrieving MySQL DB information: %s\n",mysql_error(myc));
+	} else {
+		MYSQL_RES *mres = mysql_store_result(myc);
+		if(!mres) {
+			TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error retrieving MySQL DB information: %s\n",mysql_error(myc));
+		} else if(mysql_field_count(myc)!=2) {
+			TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Unknown error retrieving MySQL DB information: %s\n",statement);
+		} else {
+			MYSQL_ROW row = mysql_fetch_row(mres);
+			if(row && row[0]) {
+				strncpy((char*)realm,row[0],STUN_MAX_REALM_SIZE);
+				strncpy((char*)pwd,row[1],STUN_MAX_PWD_SIZE);
+				ret = 0;
+			}
+		}
+
+		if(mres)
+			mysql_free_result(mres);
+	}
+  }
+  return ret;
+}
+
+static int mysql_set_admin_user(const u08bits *usname, const u08bits *realm, const password_t pwd)
+{
+  int ret = -1;
+  char statement[TURN_LONG_STRING_SIZE];
+  MYSQL * myc = get_mydb_connection();
+  if(myc) {
+	  snprintf(statement,sizeof(statement),"insert into admin_user (realm,name,password) values('%s','%s','%s')",realm,usname,pwd);
+	  int res = mysql_query(myc, statement);
+	  if(!res) {
+		  ret = 0;
+	  } else {
+		  snprintf(statement,sizeof(statement),"update admin_user set realm='%s',password='%s' where name='%s'",realm,pwd,usname);
+		  res = mysql_query(myc, statement);
+		  if(!res) {
+			  ret = 0;
+		  } else {
+			  TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error inserting/updating user key information: %s\n",mysql_error(myc));
+		  }
+	  }
+  }
+  return ret;
+}
+
+static int mysql_del_admin_user(const u08bits *usname)
+{
+	int ret = -1;
+	char statement[TURN_LONG_STRING_SIZE];
+	MYSQL * myc = get_mydb_connection();
+	if(myc) {
+		snprintf(statement,sizeof(statement),"delete from admin_user where name='%s'",usname);
+		int res = mysql_query(myc, statement);
+		if(res) {
+			TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error deleting admin user information: %s\n",mysql_error(myc));
+		} else {
+		  ret = 0;
+		}
+	}
+	return ret;
+}
+
+static int mysql_list_admin_users(void)
+{
+	int ret = -1;
+	char statement[TURN_LONG_STRING_SIZE];
+	MYSQL * myc = get_mydb_connection();
+	if(myc) {
+		snprintf(statement,sizeof(statement),"select name, realm from admin_user order by realm,name");
+		int res = mysql_query(myc, statement);
+		if(res) {
+			TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error retrieving MySQL DB information: %s\n",mysql_error(myc));
+		} else {
+			MYSQL_RES *mres = mysql_store_result(myc);
+			if(!mres) {
+				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error retrieving MySQL DB information: %s\n",mysql_error(myc));
+			} else if(mysql_field_count(myc)!=2) {
+				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Unknown error retrieving MySQL DB information: %s\n",statement);
+			} else {
+				for(;;) {
+					MYSQL_ROW row = mysql_fetch_row(mres);
+					if(!row) {
+						break;
+					} else {
+						if(row[0]) {
+							if(row[1] && row[1][0]) {
+								printf("%s[%s]\n",row[0],row[1]);
+							} else {
+								printf("%s\n",row[0]);
+							}
+						}
+					}
+				}
+				ret = 0;
+			}
+
+			if(mres)
+				mysql_free_result(mres);
+		}
+	}
+	return ret;
+}
+
+//////////////////////////////////////////////////////
 
 static const turn_dbdriver_t driver = {
   &mysql_get_auth_secrets,
@@ -1089,7 +1213,11 @@ static const turn_dbdriver_t driver = {
   &mysql_set_oauth_key,
   &mysql_get_oauth_key,
   &mysql_del_oauth_key,
-  &mysql_list_oauth_keys
+  &mysql_list_oauth_keys,
+  &mysql_get_admin_user,
+  &mysql_set_admin_user,
+  &mysql_del_admin_user,
+  &mysql_list_admin_users
 };
 
 const turn_dbdriver_t * get_mysql_dbdriver(void) {

src/apps/relay/dbdrivers/dbd_pgsql.c

@@ -153,7 +153,7 @@ static int pgsql_get_user_key(u08bits *usname, u08bits *realm, hmackey_t key) {
   return ret;
 }
   
-static int pgsql_get_user_pwd(u08bits *usname, st_password_t pwd) {
+static int pgsql_get_user_pwd(u08bits *usname, password_t pwd) {
   int ret = -1;
 	char statement[TURN_LONG_STRING_SIZE];
 	snprintf(statement,sizeof(statement),"select password from turnusers_st where name='%s'",usname);
@@ -167,7 +167,7 @@ static int pgsql_get_user_pwd(u08bits *usname, st_password_t pwd) {
 		} else {
 			char *kval = PQgetvalue(res,0,0);
 			if(kval) {
-				strncpy((char*)pwd,kval,sizeof(st_password_t));
+				strncpy((char*)pwd,kval,sizeof(password_t));
 				ret = 0;
 			} else {
 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong password data for user %s: NULL\n",usname);
@@ -319,7 +319,7 @@ static int pgsql_set_oauth_key(oauth_key_data_raw *key) {
   return ret;
 }
 
-static int pgsql_set_user_pwd(u08bits *usname, st_password_t pwd) {
+static int pgsql_set_user_pwd(u08bits *usname, password_t pwd) {
   int ret = -1;
 	char statement[TURN_LONG_STRING_SIZE];
 	PGconn *pqc = get_pqdb_connection();
@@ -785,7 +785,119 @@ static void pgsql_reread_realms(secrets_list_t * realms_list) {
 	}
 }
 
-///////////////////////////////////////////////////////////////////////////////////////////////////////////
+//////////////////////////////////////////////
+
+static int pgsql_get_admin_user(const u08bits *usname, u08bits *realm, password_t pwd)
+{
+	int ret = -1;
+
+	realm[0]=0;
+	pwd[0]=0;
+
+	PGconn * pqc = get_pqdb_connection();
+	if(pqc) {
+		char statement[TURN_LONG_STRING_SIZE];
+		snprintf(statement,sizeof(statement),"select realm,password from admin_user where name='%s'",usname);
+		PGresult *res = PQexec(pqc, statement);
+
+		if(!res || (PQresultStatus(res) != PGRES_TUPLES_OK) || (PQntuples(res)!=1)) {
+			TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error retrieving PostgreSQL DB information: %s\n",PQerrorMessage(pqc));
+		} else {
+			const char *kval = PQgetvalue(res,0,0);
+			if(kval) {
+				strncpy((char*)realm,kval,STUN_MAX_REALM_SIZE);
+			}
+			kval = (const char*) PQgetvalue(res,0,1);
+			if(kval) {
+				strncpy((char*)pwd,kval,STUN_MAX_PWD_SIZE);
+			}
+			ret = 0;
+		}
+
+		if(res)
+			PQclear(res);
+
+	}
+	return ret;
+}
+
+static int pgsql_set_admin_user(const u08bits *usname, const u08bits *realm, const password_t pwd)
+{
+	int ret = -1;
+	char statement[TURN_LONG_STRING_SIZE];
+	PGconn *pqc = get_pqdb_connection();
+	if(pqc) {
+	  snprintf(statement,sizeof(statement),"insert into admin_user (realm,name,password) values('%s','%s','%s')",realm,usname,pwd);
+
+	  PGresult *res = PQexec(pqc, statement);
+	  if(!res || (PQresultStatus(res) != PGRES_COMMAND_OK)) {
+		if(res) {
+			PQclear(res);
+		}
+		snprintf(statement,sizeof(statement),"update admin_user set password='%s',realm='%s' where name='%s'",pwd,realm,usname);
+		res = PQexec(pqc, statement);
+		if(!res || (PQresultStatus(res) != PGRES_COMMAND_OK)) {
+			TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error inserting/updating user information: %s\n",PQerrorMessage(pqc));
+		} else {
+		  ret = 0;
+		}
+	  }
+	  if(res) {
+		PQclear(res);
+	  }
+	}
+	return ret;
+}
+
+static int pgsql_del_admin_user(const u08bits *usname)
+{
+	int ret = -1;
+	char statement[TURN_LONG_STRING_SIZE];
+	PGconn *pqc = get_pqdb_connection();
+	if(pqc) {
+		snprintf(statement,sizeof(statement),"delete from admin_user where name='%s'",usname);
+		PGresult *res = PQexec(pqc, statement);
+		if(res) {
+			PQclear(res);
+			ret = 0;
+		}
+	}
+	return ret;
+}
+
+static int pgsql_list_admin_users(void)
+{
+	int ret = -1;
+	char statement[TURN_LONG_STRING_SIZE];
+	PGconn *pqc = get_pqdb_connection();
+	if(pqc) {
+		snprintf(statement,sizeof(statement),"select name,realm,password from admin_user order by realm,name");
+	}
+	PGresult *res = PQexec(pqc, statement);
+	if(!res || (PQresultStatus(res) != PGRES_TUPLES_OK)) {
+		TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error retrieving PostgreSQL DB information: %s\n",PQerrorMessage(pqc));
+	} else {
+		int i = 0;
+		for(i=0;i<PQntuples(res);i++) {
+			char *kval = PQgetvalue(res,i,0);
+			if(kval) {
+				char *rval = PQgetvalue(res,i,1);
+				if(rval && *rval) {
+					printf("%s[%s]\n",kval,rval);
+				} else {
+					printf("%s\n",kval);
+				}
+			}
+		}
+		ret = 0;
+	}
+	if(res) {
+		PQclear(res);
+	}
+	return ret;
+}
+
+/////////////////////////////////////////////////////////////
 
 static const turn_dbdriver_t driver = {
   &pgsql_get_auth_secrets,
@@ -809,7 +921,11 @@ static const turn_dbdriver_t driver = {
   &pgsql_set_oauth_key,
   &pgsql_get_oauth_key,
   &pgsql_del_oauth_key,
-  &pgsql_list_oauth_keys
+  &pgsql_list_oauth_keys,
+  &pgsql_get_admin_user,
+  &pgsql_set_admin_user,
+  &pgsql_del_admin_user,
+  &pgsql_list_admin_users
 };
 
 const turn_dbdriver_t * get_pgsql_dbdriver(void) {

src/apps/relay/dbdrivers/dbd_redis.c

@@ -519,7 +519,7 @@ static int redis_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
   return ret;
 }
   
-static int redis_get_user_pwd(u08bits *usname, st_password_t pwd) {
+static int redis_get_user_pwd(u08bits *usname, password_t pwd) {
   int ret = -1;
 	redisContext * rc = get_redis_connection();
 	if(rc) {
@@ -572,7 +572,7 @@ static int redis_set_oauth_key(oauth_key_data_raw *key) {
   return ret;
 }
   
-static int redis_set_user_pwd(u08bits *usname, st_password_t pwd) {
+static int redis_set_user_pwd(u08bits *usname, password_t pwd) {
   int ret = -1;
 	redisContext *rc = get_redis_connection();
 	if(rc) {
@@ -1203,7 +1203,128 @@ static void redis_reread_realms(secrets_list_t * realms_list) {
 	}
 }
 
-///////////////////////////////////////////////////////////////////////////////////////////////////////////
+/////////////////////////////////////////////////////
+
+static int redis_get_admin_user(const u08bits *usname, u08bits *realm, password_t pwd)
+{
+	int ret = -1;
+	redisContext * rc = get_redis_connection();
+	if(rc) {
+		char s[TURN_LONG_STRING_SIZE];
+		realm[0]=0;
+		pwd[0]=0;
+		snprintf(s,sizeof(s),"hgetall turn/admin_user/%s", (const char*)usname);
+		redisReply *reply = (redisReply *)redisCommand(rc, s);
+		if(reply) {
+			if (reply->type == REDIS_REPLY_ERROR)
+				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error: %s\n", reply->str);
+			else if (reply->type != REDIS_REPLY_ARRAY) {
+				if (reply->type != REDIS_REPLY_NIL)
+					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Unexpected type: %d\n", reply->type);
+			} else if(reply->elements > 1) {
+				size_t i;
+				for (i = 0; i < (reply->elements)/2; ++i) {
+					char *kw = reply->element[2*i]->str;
+					char *val = reply->element[2*i+1]->str;
+					if(kw) {
+						if(!strcmp(kw,"realm")) {
+							strncpy((char*)realm,val,STUN_MAX_REALM_SIZE);
+						} else if(!strcmp(kw,"password")) {
+							strncpy((char*)pwd,val,STUN_MAX_PWD_SIZE);
+							ret = 0;
+						}
+					}
+				}
+			}
+			turnFreeRedisReply(reply);
+		}
+	  }
+	  return ret;
+}
+
+static int redis_set_admin_user(const u08bits *usname, const u08bits *realm, const password_t pwd)
+{
+  int ret = -1;
+  redisContext *rc = get_redis_connection();
+  if(rc) {
+	char statement[TURN_LONG_STRING_SIZE];
+	if(realm[0]) {
+		snprintf(statement,sizeof(statement),"hmset turn/admin_user/%s realm '%s' password '%s'",usname,realm,pwd);
+	} else {
+		snprintf(statement,sizeof(statement),"hmset turn/admin_user/%s password '%s'",usname,pwd);
+	}
+	turnFreeRedisReply(redisCommand(rc, statement));
+	turnFreeRedisReply(redisCommand(rc, "save"));
+    ret = 0;
+  }
+  return ret;
+}
+
+static int redis_del_admin_user(const u08bits *usname) {
+  int ret = -1;
+  redisContext *rc = get_redis_connection();
+  if(rc) {
+	char statement[TURN_LONG_STRING_SIZE];
+	snprintf(statement,sizeof(statement),"del turn/admin_user/%s",(const char*)usname);
+	turnFreeRedisReply(redisCommand(rc, statement));
+	turnFreeRedisReply(redisCommand(rc, "save"));
+    ret = 0;
+  }
+  return ret;
+}
+
+static int redis_list_admin_users(void)
+{
+  int ret = -1;
+  redisContext *rc = get_redis_connection();
+  secrets_list_t keys;
+  size_t isz = 0;
+  init_secrets_list(&keys);
+
+  if(rc) {
+
+	  redisReply *reply = NULL;
+
+	  reply = (redisReply*)redisCommand(rc, "keys turn/admin_user/*");
+	  if(reply) {
+
+		if (reply->type == REDIS_REPLY_ERROR) {
+			TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error: %s\n", reply->str);
+		} else if (reply->type != REDIS_REPLY_ARRAY) {
+			if (reply->type != REDIS_REPLY_NIL) {
+				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Unexpected type: %d\n", reply->type);
+			}
+		} else {
+			size_t i;
+			for (i = 0; i < reply->elements; ++i) {
+				add_to_secrets_list(&keys,reply->element[i]->str);
+			}
+		}
+		turnFreeRedisReply(reply);
+	}
+  }
+
+  for(isz=0;isz<keys.sz;++isz) {
+	char *s = keys.secrets[isz];
+	s += strlen("turn/admin_user/");
+	u08bits realm[STUN_MAX_REALM_SIZE];
+	password_t pwd;
+	if(redis_get_admin_user((const u08bits*)s,realm,pwd) == 0) {
+		if(realm[0]) {
+			printf("%s[%s]\n",s,realm);
+		} else {
+			printf("%s\n",s);
+		}
+	}
+  }
+
+  clean_secrets_list(&keys);
+  ret = 0;
+
+  return ret;
+}
+
+//////////////////////////////////////////////////////
 
 static const turn_dbdriver_t driver = {
   &redis_get_auth_secrets,
@@ -1227,7 +1348,11 @@ static const turn_dbdriver_t driver = {
   &redis_set_oauth_key,
   &redis_get_oauth_key,
   &redis_del_oauth_key,
-  &redis_list_oauth_keys
+  &redis_list_oauth_keys,
+  &redis_get_admin_user,
+  &redis_set_admin_user,
+  &redis_del_admin_user,
+  &redis_list_admin_users
 };
 
 const turn_dbdriver_t * get_redis_dbdriver(void) {

src/apps/relay/dbdrivers/dbd_sqlite.c

@@ -287,7 +287,7 @@ static int sqlite_get_user_key(u08bits *usname, u08bits *realm, hmackey_t key)
 	return ret;
 }
 
-static int sqlite_get_user_pwd(u08bits *usname, st_password_t pwd)
+static int sqlite_get_user_pwd(u08bits *usname, password_t pwd)
 {
 	int ret = -1;
 	char statement[TURN_LONG_STRING_SIZE];
@@ -305,7 +305,7 @@ static int sqlite_get_user_pwd(u08bits *usname, st_password_t pwd)
 			if (res == SQLITE_ROW) {
 				const char *kval = (const char*) sqlite3_column_text(st, 0);
 				if (kval) {
-					strncpy((char*) pwd, kval, sizeof(st_password_t));
+					strncpy((char*) pwd, kval, sizeof(password_t));
 					ret = 0;
 				} else {
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong password data for user %s: NULL\n", usname);
@@ -493,7 +493,7 @@ static int sqlite_set_oauth_key(oauth_key_data_raw *key)
 	return ret;
 }
 
-static int sqlite_set_user_pwd(u08bits *usname, st_password_t pwd)
+static int sqlite_set_user_pwd(u08bits *usname, password_t pwd)
 {
 	int ret = -1;
 	char statement[TURN_LONG_STRING_SIZE];
@@ -1101,7 +1101,160 @@ static void sqlite_reread_realms(secrets_list_t * realms_list)
 	}
 }
 
-///////////////////////////////////////////////////////////////////////////////////////////////////////////
+////////////////////////////////////////////////////
+
+static int sqlite_get_admin_user(const u08bits *usname, u08bits *realm, password_t pwd)
+{
+	int ret = -1;
+
+	realm[0]=0;
+	pwd[0]=0;
+
+	sqlite3 *sqliteconnection = get_sqlite_connection();
+	if (sqliteconnection) {
+		char statement[TURN_LONG_STRING_SIZE];
+		sqlite3_stmt *st = NULL;
+		int rc = 0;
+		snprintf(statement, sizeof(statement), "select realm,password from admin_user where name='%s'", usname);
+
+		sqlite_lock(0);
+
+		if ((rc = sqlite3_prepare(sqliteconnection, statement, -1, &st, 0)) == SQLITE_OK) {
+			int res = sqlite3_step(st);
+			if (res == SQLITE_ROW) {
+				const char *kval = (const char*) sqlite3_column_text(st, 0);
+				if(kval) {
+					strncpy((char*)realm,kval,STUN_MAX_REALM_SIZE);
+				}
+				kval = (const char*) sqlite3_column_text(st, 1);
+				if(kval) {
+					strncpy((char*)pwd,kval,STUN_MAX_PWD_SIZE);
+				}
+				ret = 0;
+			}
+		} else {
+			const char* errmsg = sqlite3_errmsg(sqliteconnection);
+			TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error retrieving SQLite DB information: %s\n", errmsg);
+		}
+
+		sqlite3_finalize(st);
+
+		sqlite_unlock(0);
+	}
+	return ret;
+}
+
+static int sqlite_set_admin_user(const u08bits *usname, const u08bits *realm, const password_t pwd)
+{
+	int ret = -1;
+	char statement[TURN_LONG_STRING_SIZE];
+	sqlite3_stmt *st = NULL;
+	int rc = 0;
+
+	donot_print_connection_success=1;
+
+	sqlite3 *sqliteconnection = get_sqlite_connection();
+	if (sqliteconnection) {
+
+		sqlite_lock(1);
+
+		snprintf(statement, sizeof(statement), "insert or replace into admin_user (realm,name,password) values('%s','%s','%s')", realm, usname, pwd);
+
+		if ((rc = sqlite3_prepare(sqliteconnection, statement, -1, &st, 0)) == SQLITE_OK) {
+			sqlite3_step(st);
+			ret = 0;
+		} else {
+			const char* errmsg = sqlite3_errmsg(sqliteconnection);
+			TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error retrieving SQLite DB information: %s\n", errmsg);
+		}
+		sqlite3_finalize(st);
+
+		sqlite_unlock(1);
+	}
+	return ret;
+}
+
+static int sqlite_del_admin_user(const u08bits *usname)
+{
+	int ret = -1;
+	char statement[TURN_LONG_STRING_SIZE];
+	sqlite3_stmt *st = NULL;
+	int rc = 0;
+
+	donot_print_connection_success=1;
+
+	sqlite3 *sqliteconnection = get_sqlite_connection();
+	if (sqliteconnection) {
+		snprintf(statement, sizeof(statement), "delete from admin_user where name='%s'", usname);
+
+		sqlite_lock(1);
+
+		if ((rc = sqlite3_prepare(sqliteconnection, statement, -1, &st, 0)) == SQLITE_OK) {
+			sqlite3_step(st);
+			ret = 0;
+		} else {
+			const char* errmsg = sqlite3_errmsg(sqliteconnection);
+			TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error retrieving SQLite DB information: %s\n", errmsg);
+		}
+		sqlite3_finalize(st);
+
+		sqlite_unlock(1);
+	}
+	return ret;
+}
+
+static int sqlite_list_admin_users(void)
+{
+	int ret = -1;
+	char statement[TURN_LONG_STRING_SIZE];
+	sqlite3_stmt *st = NULL;
+	int rc = 0;
+
+	donot_print_connection_success=1;
+
+	sqlite3 *sqliteconnection = get_sqlite_connection();
+	if (sqliteconnection) {
+		snprintf(statement, sizeof(statement), "select name,realm from admin_user order by realm,name");
+
+		sqlite_lock(0);
+
+		if ((rc = sqlite3_prepare(sqliteconnection, statement, -1, &st, 0)) == SQLITE_OK) {
+
+			ret = 0;
+			while (1) {
+				int res = sqlite3_step(st);
+				if (res == SQLITE_ROW) {
+
+					const char* kval = (const char*) sqlite3_column_text(st, 0);
+					const char* rval = (const char*) sqlite3_column_text(st, 1);
+
+					if (rval && *rval) {
+						printf("%s[%s]\n", kval, rval);
+					} else {
+						printf("%s\n", kval);
+					}
+
+				} else if (res == SQLITE_DONE) {
+					break;
+				} else {
+					const char* errmsg = sqlite3_errmsg(sqliteconnection);
+					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error retrieving SQLite DB information: %s\n", errmsg);
+					ret = -1;
+					break;
+				}
+			}
+		} else {
+			const char* errmsg = sqlite3_errmsg(sqliteconnection);
+			TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error retrieving SQLite DB information: %s\n", errmsg);
+		}
+		sqlite3_finalize(st);
+
+		sqlite_unlock(0);
+	}
+	return ret;
+}
+
+///////////////////////////////////////////////////////
 
 static const turn_dbdriver_t driver = {
   &sqlite_get_auth_secrets,
@@ -1125,7 +1278,11 @@ static const turn_dbdriver_t driver = {
   &sqlite_set_oauth_key,
   &sqlite_get_oauth_key,
   &sqlite_del_oauth_key,
-  &sqlite_list_oauth_keys
+  &sqlite_list_oauth_keys,
+  &sqlite_get_admin_user,
+  &sqlite_set_admin_user,
+  &sqlite_del_admin_user,
+  &sqlite_list_admin_users
 };
 
 //////////////////////////////////////////////////

src/apps/relay/dbdrivers/dbdriver.h

@@ -50,9 +50,9 @@ extern pthread_once_t connection_key_once;
 typedef struct _turn_dbdriver_t {
   int (*get_auth_secrets)(secrets_list_t *sl, u08bits *realm);
   int (*get_user_key)(u08bits *usname, u08bits *realm, hmackey_t key);
-  int (*get_user_pwd)(u08bits *usname, st_password_t pwd);
+  int (*get_user_pwd)(u08bits *usname, password_t pwd);
   int (*set_user_key)(u08bits *usname, u08bits *realm, const char *key);
-  int (*set_user_pwd)(u08bits *usname, st_password_t pwd);
+  int (*set_user_pwd)(u08bits *usname, password_t pwd);
   int (*del_user)(u08bits *usname, int is_st, u08bits *realm);
   int (*list_users)(int is_st, u08bits *realm);
   int (*show_secret)(u08bits *realm);
@@ -70,6 +70,10 @@ typedef struct _turn_dbdriver_t {
   int (*get_oauth_key)(const u08bits *kid, oauth_key_data_raw *key);
   int (*del_oauth_key)(const u08bits *kid);
   int (*list_oauth_keys)(void);
+  int (*get_admin_user)(const u08bits *usname, u08bits *realm, password_t pwd);
+  int (*set_admin_user)(const u08bits *usname, const u08bits *realm, const password_t pwd);
+  int (*del_admin_user)(const u08bits *usname);
+  int (*list_admin_users)(void);
 } turn_dbdriver_t;
 
 /////////// USER DB CHECK //////////////////

src/apps/relay/mainrelay.h

@@ -65,6 +65,8 @@
 #include <openssl/rand.h>
 #include <openssl/crypto.h>
 #include <openssl/opensslv.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
 
 #include "ns_turn_utils.h"
 #include "ns_turn_khash.h"

src/apps/relay/netengine.c

@@ -403,13 +403,13 @@ static void auth_server_receive_message(struct bufferevent *bev, void *ptr)
     }
     
     if(am.ct == TURN_CREDENTIALS_SHORT_TERM) {
-      st_password_t pwd;
+      password_t pwd;
       am.in_oauth = 0;
       am.out_oauth = 0;
       if(get_user_pwd(am.username,pwd)<0) {
     	  am.success = 0;
       } else {
-    	  ns_bcopy(pwd,am.pwd,sizeof(st_password_t));
+    	  ns_bcopy(pwd,am.pwd,sizeof(password_t));
     	  am.success = 1;
       }
     } else {

src/apps/relay/ns_ioalib_engine_impl.c

@@ -2268,8 +2268,10 @@ static TURN_TLS_TYPE check_tentative_tls(ioa_socket_raw fd)
 				ret = (TURN_TLS_TYPE)(s[10]+1);
 		} else if((s[2]==1)&&(s[3]==3)) {
 			ret = TURN_TLS_SSL23; /* compatibility mode */
+#ifndef OPENSSL_NO_SSL2
 		} else if((s[2]==1)&&(s[3]==0)&&(s[4]==2)) {
 			ret = TURN_TLS_SSL23; /* old mode */
+#endif
 		}
 	}
 

src/apps/relay/userdb.c

@@ -496,7 +496,7 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, u08bits *u
 						return -1;
 					};
 
-					st_password_t pwdtmp;
+					password_t pwdtmp;
 					if(stun_check_message_integrity_by_key_str(TURN_CREDENTIALS_LONG_TERM,
 								ioa_network_buffer_data(nbh),
 								ioa_network_buffer_get_size(nbh),
@@ -549,7 +549,7 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, u08bits *u
 
 			u08bits hmac[MAXSHASIZE];
 			unsigned int hmac_len;
-			st_password_t pwdtmp;
+			password_t pwdtmp;
 
 			hmac[0] = 0;
 
@@ -646,7 +646,7 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, u08bits *u
 /*
  * Short-term mechanism password retrieval
  */
-int get_user_pwd(u08bits *usname, st_password_t pwd)
+int get_user_pwd(u08bits *usname, password_t pwd)
 {
 	int ret = -1;
 
@@ -915,7 +915,7 @@ int adminuser(u08bits *user, u08bits *realm, u08bits *pwd, u08bits *secret, u08b
 	hmackey_t key;
 	char skey[sizeof(hmackey_t) * 2 + 1];
 
-	st_password_t passwd;
+	password_t passwd;
 
 	if (ct == TA_LIST_USERS) {
 		return list_users(is_st, realm);
@@ -968,7 +968,7 @@ int adminuser(u08bits *user, u08bits *realm, u08bits *pwd, u08bits *secret, u08b
 		must_set_admin_pwd(pwd);
 
 		if (is_st) {
-			strncpy((char*) passwd, (char*) pwd, sizeof(st_password_t));
+			strncpy((char*) passwd, (char*) pwd, sizeof(password_t));
 		} else {
 			stun_produce_integrity_key_str(user, realm, pwd, key, turn_params.shatype);
 			size_t i = 0;

src/apps/relay/userdb.h

@@ -86,7 +86,7 @@ struct auth_message {
 	u08bits username[STUN_MAX_USERNAME_SIZE + 1];
 	u08bits realm[STUN_MAX_REALM_SIZE + 1];
 	hmackey_t key;
-	st_password_t pwd;
+	password_t pwd;
 	get_username_resume_cb resume_func;
 	ioa_net_data in_buffer;
 	u64bits ctxkey;
@@ -187,7 +187,7 @@ void add_to_secrets_list(secrets_list_t *sl, const char* elem);
 /////////// USER DB CHECK //////////////////
 
 int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, u08bits *uname, u08bits *realm, hmackey_t key, ioa_network_buffer_handle nbh);
-int get_user_pwd(u08bits *uname, st_password_t pwd);
+int get_user_pwd(u08bits *uname, password_t pwd);
 u08bits *start_user_check(turnserver_id id, turn_credential_type ct, int in_oauth, int *out_oauth, u08bits *uname, u08bits *realm, get_username_resume_cb resume, ioa_net_data *in_buffer, u64bits ctxkey, int *postpone_reply);
 int check_new_allocation_quota(u08bits *username, int oauth, u08bits *realm);
 void release_allocation_quota(u08bits *username, int oauth, u08bits *realm);

src/apps/uclient/mainuclient.c

@@ -63,7 +63,7 @@ int no_rtcp = 0;
 int default_address_family = STUN_ATTRIBUTE_REQUESTED_ADDRESS_FAMILY_VALUE_DEFAULT;
 int dont_fragment = 0;
 u08bits g_uname[STUN_MAX_USERNAME_SIZE+1];
-st_password_t g_upwd;
+password_t g_upwd;
 char g_auth_secret[1025]="\0";
 int g_use_auth_secret_with_timestamp = 0;
 int use_fingerprints = 1;

src/apps/uclient/uclient.c

@@ -1654,7 +1654,7 @@ int add_integrity(app_ur_conn_info *clnet_info, stun_buffer *message)
 
 			//self-test:
 			{
-				st_password_t pwd;
+				password_t pwd;
 				if(stun_check_message_integrity_by_key_str(get_turn_credentials_type(),
 								message->buf, (size_t)(message->len), clnet_info->key, pwd, clnet_info->shatype, NULL)<1) {
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR," Self-test of integrity does not comple correctly !\n");
@@ -1679,7 +1679,7 @@ int check_integrity(app_ur_conn_info *clnet_info, stun_buffer *message)
 
 	if(oauth && clnet_info->oauth) {
 
-		st_password_t pwd;
+		password_t pwd;
 
 		return stun_check_message_integrity_by_key_str(get_turn_credentials_type(),
 				message->buf, (size_t)(message->len), clnet_info->key, pwd, sht, NULL);

src/apps/uclient/uclient.h

@@ -61,7 +61,7 @@ extern int no_rtcp;
 extern int default_address_family;
 extern int dont_fragment;
 extern u08bits g_uname[STUN_MAX_USERNAME_SIZE+1];
-extern st_password_t g_upwd;
+extern password_t g_upwd;
 extern char g_auth_secret[1025];
 extern int g_use_auth_secret_with_timestamp;
 extern int use_fingerprints;

src/client/ns_turn_msg.c

@@ -1465,7 +1465,7 @@ void print_bin_func(const char *name, size_t len, const void *s, const char *fun
 	printf("]\n");
 }
 
-int stun_attr_add_integrity_str(turn_credential_type ct, u08bits *buf, size_t *len, hmackey_t key, st_password_t pwd, SHATYPE shatype)
+int stun_attr_add_integrity_str(turn_credential_type ct, u08bits *buf, size_t *len, hmackey_t key, password_t pwd, SHATYPE shatype)
 {
 	u08bits hmac[MAXSHASIZE];
 
@@ -1504,7 +1504,7 @@ int stun_attr_add_integrity_by_key_str(u08bits *buf, size_t *len, u08bits *uname
 	if(stun_attr_add_str(buf, len, STUN_ATTRIBUTE_REALM, realm, strlen((s08bits*)realm))<0)
 			return -1;
 
-	st_password_t p;
+	password_t p;
 	return stun_attr_add_integrity_str(TURN_CREDENTIALS_LONG_TERM, buf, len, key, p, shatype);
 }
 
@@ -1518,7 +1518,7 @@ int stun_attr_add_integrity_by_user_str(u08bits *buf, size_t *len, u08bits *unam
 	return stun_attr_add_integrity_by_key_str(buf, len, uname, realm, key, nonce, shatype);
 }
 
-int stun_attr_add_integrity_by_user_short_term_str(u08bits *buf, size_t *len, u08bits *uname, st_password_t pwd, SHATYPE shatype)
+int stun_attr_add_integrity_by_user_short_term_str(u08bits *buf, size_t *len, u08bits *uname, password_t pwd, SHATYPE shatype)
 {
 	if(stun_attr_add_str(buf, len, STUN_ATTRIBUTE_USERNAME, uname, strlen((s08bits*)uname))<0)
 			return -1;
@@ -1540,7 +1540,7 @@ void print_hmac(const char *name, const void *s, size_t len)
 /*
  * Return -1 if failure, 0 if the integrity is not correct, 1 if OK
  */
-int stun_check_message_integrity_by_key_str(turn_credential_type ct, u08bits *buf, size_t len, hmackey_t key, st_password_t pwd, SHATYPE shatype, int *too_weak)
+int stun_check_message_integrity_by_key_str(turn_credential_type ct, u08bits *buf, size_t len, hmackey_t key, password_t pwd, SHATYPE shatype, int *too_weak)
 {
 	int res = 0;
 	u08bits new_hmac[MAXSHASIZE];
@@ -1608,10 +1608,10 @@ int stun_check_message_integrity_by_key_str(turn_credential_type ct, u08bits *bu
 int stun_check_message_integrity_str(turn_credential_type ct, u08bits *buf, size_t len, u08bits *uname, u08bits *realm, u08bits *upwd, SHATYPE shatype)
 {
 	hmackey_t key;
-	st_password_t pwd;
+	password_t pwd;
 
 	if(ct == TURN_CREDENTIALS_SHORT_TERM)
-		strncpy((char*)pwd,(char*)upwd,sizeof(st_password_t));
+		strncpy((char*)pwd,(char*)upwd,sizeof(password_t));
 	else if (stun_produce_integrity_key_str(uname, realm, upwd, key, shatype) < 0)
 		return -1;
 

src/client/ns_turn_msg.h

@@ -66,7 +66,7 @@ typedef u08bits hmackey_t[64];
 /**
  * Short-term credentials password
  */
-typedef u08bits st_password_t[STUN_MAX_PWD_SIZE+1];
+typedef u08bits password_t[STUN_MAX_PWD_SIZE+1];
 typedef unsigned int band_limit_t;
 
 ///////////////////////////////////
@@ -179,12 +179,12 @@ void print_bin_func(const char *name, size_t len, const void *s, const char *fun
 /*
  * Return -1 if failure, 0 if the integrity is not correct, 1 if OK
  */
-int stun_check_message_integrity_by_key_str(turn_credential_type ct, u08bits *buf, size_t len, hmackey_t key, st_password_t pwd, SHATYPE shatype, int *too_weak);
+int stun_check_message_integrity_by_key_str(turn_credential_type ct, u08bits *buf, size_t len, hmackey_t key, password_t pwd, SHATYPE shatype, int *too_weak);
 int stun_check_message_integrity_str(turn_credential_type ct, u08bits *buf, size_t len, u08bits *uname, u08bits *realm, u08bits *upwd, SHATYPE shatype);
-int stun_attr_add_integrity_str(turn_credential_type ct, u08bits *buf, size_t *len, hmackey_t key, st_password_t pwd, SHATYPE shatype);
+int stun_attr_add_integrity_str(turn_credential_type ct, u08bits *buf, size_t *len, hmackey_t key, password_t pwd, SHATYPE shatype);
 int stun_attr_add_integrity_by_key_str(u08bits *buf, size_t *len, u08bits *uname, u08bits *realm, hmackey_t key, u08bits *nonce, SHATYPE shatype);
 int stun_attr_add_integrity_by_user_str(u08bits *buf, size_t *len, u08bits *uname, u08bits *realm, u08bits *upwd, u08bits *nonce, SHATYPE shatype);
-int stun_attr_add_integrity_by_user_short_term_str(u08bits *buf, size_t *len, u08bits *uname, st_password_t pwd, SHATYPE shatype);
+int stun_attr_add_integrity_by_user_short_term_str(u08bits *buf, size_t *len, u08bits *uname, password_t pwd, SHATYPE shatype);
 size_t get_hmackey_size(SHATYPE shatype);
 
 /*

src/server/ns_turn_server.c

@@ -3164,7 +3164,7 @@ static int create_challenge_response(ts_ur_super_session *ss, stun_tid *tid, int
 #define min(a,b) ((a)<=(b) ? (a) : (b))
 #endif
 
-static void resume_processing_after_username_check(int success,  int oauth, int max_session_time, hmackey_t hmackey, st_password_t pwd, turn_turnserver *server, u64bits ctxkey, ioa_net_data *in_buffer)
+static void resume_processing_after_username_check(int success,  int oauth, int max_session_time, hmackey_t hmackey, password_t pwd, turn_turnserver *server, u64bits ctxkey, ioa_net_data *in_buffer)
 {
 
 	if(server && in_buffer && in_buffer->nbh) {
@@ -3178,7 +3178,7 @@ static void resume_processing_after_username_check(int success,  int oauth, int
 				ss->hmackey_set = 1;
 				ss->oauth = oauth;
 				ss->max_session_time_auth = (turn_time_t)max_session_time;
-				ns_bcopy(pwd,ss->pwd,sizeof(st_password_t));
+				ns_bcopy(pwd,ss->pwd,sizeof(password_t));
 			}
 
 			read_client_connection(server,ss,in_buffer,0,0);

src/server/ns_turn_server.h

@@ -90,7 +90,7 @@ typedef enum {
 struct _turn_turnserver;
 typedef struct _turn_turnserver turn_turnserver;
 
-typedef void (*get_username_resume_cb)(int success, int oauth, int max_session_time, hmackey_t hmackey, st_password_t pwd, turn_turnserver *server, u64bits ctxkey, ioa_net_data *in_buffer);
+typedef void (*get_username_resume_cb)(int success, int oauth, int max_session_time, hmackey_t hmackey, password_t pwd, turn_turnserver *server, u64bits ctxkey, ioa_net_data *in_buffer);
 typedef u08bits *(*get_user_key_cb)(turnserver_id id, turn_credential_type ct, int in_oauth, int *out_oauth, u08bits *uname, u08bits *realm, get_username_resume_cb resume, ioa_net_data *in_buffer, u64bits ctxkey, int *postpone_reply);
 typedef int (*check_new_allocation_quota_cb)(u08bits *username, int oauth, u08bits *realm);
 typedef void (*release_allocation_quota_cb)(u08bits *username, int oauth, u08bits *realm);

src/server/ns_turn_session.h

@@ -81,7 +81,7 @@ struct _ts_ur_super_session {
   u08bits username[STUN_MAX_USERNAME_SIZE+1];
   hmackey_t hmackey;
   int hmackey_set;
-  st_password_t pwd;
+  password_t pwd;
   int quota_used;
   int oauth;
   turn_time_t max_session_time_auth;

turndb/schema.mongo.sh

@@ -9,7 +9,7 @@ db.turnusers_st.ensureIndex({ name: 1 }, { unique: 1 });
 db.turn_secret.ensureIndex({ realm: 1 }, { unique: 1 });
 db.realm.ensureIndex({ realm: 1 }, { unique: 1 });
 db.oauth_key.ensureIndex({ kid: 1 }, {unique: 1 });
-db.admin_user.ensureIndex({ uname: 1 }, {unique: 1 });
+db.admin_user.ensureIndex({ name: 1 }, {unique: 1 });
 
 exit
 

turndb/schema.sql

@@ -56,8 +56,8 @@ CREATE TABLE oauth_key (
 );
 
 CREATE TABLE admin_user (
-	uname varchar(32),
+	name varchar(32),
 	realm varchar(127),
 	password varchar(127),
-	primary key (uname)
+	primary key (name)
 );

turndb/schema.userdb.redis

@@ -139,9 +139,6 @@ set turn/user/gorst/password "hero"
 set turn/user/whirrun/password "sword"
 set turn/user/stranger-come-knocking/password "civilization"
 
-set turn/realm/north.gov/admin_user/skarling/password "hoodless"
-set turn/admin_user/bayaz/password "magi"
-
 set turn/realm/north.gov/max-bps 500000
 set turn/realm/north.gov/total-quota 12000
 set turn/realm/north.gov/user-quota 10000
@@ -158,7 +155,11 @@ sadd turn/realm/crinna.org/allowed-peer-ip "172.17.13.202"
 sadd turn/realm/north.gov/denied-peer-ip "172.17.13.133-172.17.14.56" "172.17.17.133-172.17.19.56" "123::45"
 sadd turn/realm/crinna.org/denied-peer-ip "123::77"
 
-hmset turn/oauth/kid/north ikm_key Y2FybGVvbg== hkdf_hash_func 'SHA-256' as_rs_alg 'AES-128-CBC' auth_alg 'HMAC-SHA-256-128'
+hmset turn/oauth/kid/north ikm_key 'Y2FybGVvbg==' hkdf_hash_func 'SHA-256' as_rs_alg 'AES-128-CBC' auth_alg 'HMAC-SHA-256-128'
+hmset turn/oauth/kid/oldempire ikm_key 'YXVsY3Vz' hkdf_hash_func 'SHA-256' as_rs_alg 'AEAD-AES-256-GCM'
+
+hmset turn/admin_user/skarling realm 'north.gov' password 'hoodless'
+hmset turn/admin_user/bayaz password 'magi'
 
 save
 

turndb/testmongosetup.sh

@@ -23,8 +23,8 @@ db.turnusers_st.insert({ name: 'stranger-come-knocking', password: 'civilization
 db.turn_secret.insert({ realm: 'north.gov', value: 'logen' });
 db.turn_secret.insert({ realm: 'crinna.org', value: 'north' });
 
-db.admin_user.insert({ uname: 'skarling', realm: 'north.gov', password: 'hoodless' });
-db.admin_user.insert({ uname: 'bayaz', realm: '', password: 'magi' });
+db.admin_user.insert({ name: 'skarling', realm: 'north.gov', password: 'hoodless' });
+db.admin_user.insert({ name: 'bayaz', realm: '', password: 'magi' });
 
 db.realm.insert({
   realm: 'north.gov',

turndb/testredisdbsetup.sh

@@ -51,8 +51,11 @@ sadd turn/realm/crinna.org/allowed-peer-ip "172.17.13.202"
 sadd turn/realm/north.gov/denied-peer-ip "172.17.13.133-172.17.14.56" "172.17.17.133-172.17.19.56" "123::45"
 sadd turn/realm/crinna.org/denied-peer-ip "123::77"
 
-hmset turn/oauth/kid/north ikm_key Y2FybGVvbg== hkdf_hash_func 'SHA-256' as_rs_alg 'AES-256-CBC' auth_alg 'HMAC-SHA-256-128'
-hmset turn/oauth/kid/oldempire ikm_key YXVsY3Vz hkdf_hash_func 'SHA-256' as_rs_alg 'AEAD-AES-256-GCM'
+hmset turn/oauth/kid/north ikm_key 'Y2FybGVvbg==' hkdf_hash_func 'SHA-256' as_rs_alg 'AES-256-CBC' auth_alg 'HMAC-SHA-256-128'
+hmset turn/oauth/kid/oldempire ikm_key 'YXVsY3Vz' hkdf_hash_func 'SHA-256' as_rs_alg 'AEAD-AES-256-GCM'
+
+hmset turn/admin_user/skarling realm 'north.gov' password 'hoodless'
+hmset turn/admin_user/bayaz password 'magi'
 
 save
 

turndb/testsqldbsetup.sql

@@ -12,8 +12,8 @@ insert into turnusers_st (name, password) values('stranger-come-knocking','civil
 insert into turn_secret (realm,value) values('north.gov','logen');
 insert into turn_secret (realm,value) values('crinna.org','north');
 
-insert into admin_user (uname, realm, password) values('skarling','north.gov','hoodless');
-insert into admin_user (uname, realm, password) values('bayaz','','magi');
+insert into admin_user (name, realm, password) values('skarling','north.gov','hoodless');
+insert into admin_user (name, realm, password) values('bayaz','','magi');
 
 insert into turn_origin_to_realm (origin,realm) values('http://crinna.org:80','crinna.org');
 insert into turn_origin_to_realm (origin,realm) values('https://bligh.edu:443','crinna.org');