From 584a6cdf9bf8a892c9b1f7585e41764948ef247c Mon Sep 17 00:00:00 2001 From: skystar-p Date: Mon, 3 Jul 2017 12:06:18 +0900 Subject: [PATCH 1/2] added config warning about using use-auth-secret --- src/apps/relay/mainrelay.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c index 7aba10c..f991ddf 100644 --- a/src/apps/relay/mainrelay.c +++ b/src/apps/relay/mainrelay.c @@ -39,6 +39,8 @@ static int use_lt_credentials = 0; static int anon_credentials = 0; +static int use_lt_credentials_only = 0; +static int timestamp_credentials = 0; ////// ALPN ////////// @@ -1156,6 +1158,7 @@ static void set_option(int c, char *value) if (get_bool_value(value)) { turn_params.ct = TURN_CREDENTIALS_LONG_TERM; use_lt_credentials=1; + use_lt_credentials_only=1; } else { turn_params.ct = TURN_CREDENTIALS_UNDEFINED; use_lt_credentials=0; @@ -1217,12 +1220,14 @@ static void set_option(int c, char *value) #endif case AUTH_SECRET_OPT: turn_params.use_auth_secret_with_timestamp = 1; + timestamp_credentials = 1; turn_params.ct = TURN_CREDENTIALS_LONG_TERM; use_lt_credentials = 1; break; case STATIC_AUTH_SECRET_VAL_OPT: add_to_secrets_list(&turn_params.default_users_db.ram_db.static_auth_secrets,value); turn_params.use_auth_secret_with_timestamp = 1; + timestamp_credentials = 1; turn_params.ct = TURN_CREDENTIALS_LONG_TERM; use_lt_credentials = 1; break; @@ -1983,6 +1988,10 @@ int main(int argc, char **argv) exit(-1); } + if(use_lt_credentials_only && timestamp_credentials) { + TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "\nCONFIGURATION ALERT: you specified --lt-cred-mech and --use-auth-secret both. Check your configuration.\n"); + } + if(!use_lt_credentials && !anon_credentials) { if(turn_params.default_users_db.ram_db.users_number) { TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "\nCONFIGURATION ALERT: you specified long-term user accounts, (-u option) \n but you did not specify the long-term credentials option\n (-a or --lt-cred-mech option).\n I am turning --lt-cred-mech ON for you, but double-check your configuration.\n"); From 436426b9c7e5d8fb6a034ab5441085e3a675b48d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= Date: Fri, 15 Dec 2017 11:09:43 +0100 Subject: [PATCH 2/2] Review PR #160 --- ChangeLog | 3 ++- src/apps/relay/mainrelay.c | 18 +++++++++++------- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index b0d4732..a9e0513 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,8 @@ 12/11/2017 Oleg Moskalenko Version 4.5.0.8 'dan Eider': - Spelling fixes. - + - Add a warning if --lt-cred-mech and --use-auth-secret both presents. + 12/10/2017 Oleg Moskalenko Version 4.5.0.7 'dan Eider': - Misc security improvements. diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c index 8df6a7a..3106dbe 100644 --- a/src/apps/relay/mainrelay.c +++ b/src/apps/relay/mainrelay.c @@ -39,8 +39,10 @@ static int use_lt_credentials = 0; static int anon_credentials = 0; -static int use_lt_credentials_only = 0; -static int timestamp_credentials = 0; +//long term credential +static int use_ltc = 0; +//timelimited long term credential +static int use_tltc = 0; ////// ALPN ////////// @@ -1164,7 +1166,7 @@ static void set_option(int c, char *value) if (get_bool_value(value)) { turn_params.ct = TURN_CREDENTIALS_LONG_TERM; use_lt_credentials=1; - use_lt_credentials_only=1; + use_ltc=1; } else { turn_params.ct = TURN_CREDENTIALS_UNDEFINED; use_lt_credentials=0; @@ -1226,14 +1228,14 @@ static void set_option(int c, char *value) #endif case AUTH_SECRET_OPT: turn_params.use_auth_secret_with_timestamp = 1; - timestamp_credentials = 1; + use_tltc = 1; turn_params.ct = TURN_CREDENTIALS_LONG_TERM; use_lt_credentials = 1; break; case STATIC_AUTH_SECRET_VAL_OPT: add_to_secrets_list(&turn_params.default_users_db.ram_db.static_auth_secrets,value); turn_params.use_auth_secret_with_timestamp = 1; - timestamp_credentials = 1; + use_tltc = 1; turn_params.ct = TURN_CREDENTIALS_LONG_TERM; use_lt_credentials = 1; break; @@ -1994,8 +1996,10 @@ int main(int argc, char **argv) exit(-1); } - if(use_lt_credentials_only && timestamp_credentials) { - TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "\nCONFIGURATION ALERT: you specified --lt-cred-mech and --use-auth-secret both. Check your configuration.\n"); + if(use_ltc && use_tltc) { + TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "\nCONFIGURATION ALERT: You specified --lt-cred-mech and --use-auth-secret in the same time.\n" + "Be aware that you could not mix the username/password and the shared secret based auth methohds. \n" + "Shared secret overrides username/password based auth method. Check your configuration!\n"); } if(!use_lt_credentials && !anon_credentials) {