diff --git a/src/apps/relay/dbdrivers/dbd_mongo.c b/src/apps/relay/dbdrivers/dbd_mongo.c index ae02593c..65a0acd6 100644 --- a/src/apps/relay/dbdrivers/dbd_mongo.c +++ b/src/apps/relay/dbdrivers/dbd_mongo.c @@ -566,11 +566,15 @@ static int mongo_list_oauth_keys(void) { if(!collection) return -1; - bson_t query, child; + bson_t query; bson_init(&query); + + bson_t child; bson_append_document_begin(&query, "$orderby", -1, &child); bson_append_int32(&child, "kid", -1, 1); bson_append_document_end(&query, &child); + bson_append_document_begin(&query, "$query", -1, &child); + bson_append_document_end(&query, &child); bson_t fields; bson_init(&fields); @@ -598,6 +602,8 @@ static int mongo_list_oauth_keys(void) { uint32_t length; bson_iter_t iter; while (mongoc_cursor_next(cursor, &item)) { + + ns_bzero(key,sizeof(oauth_key_data_raw)); if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "kid") && BSON_ITER_HOLDS_UTF8(&iter)) { STRCPY(key->kid,bson_iter_utf8(&iter, &length)); } diff --git a/src/apps/relay/dbdrivers/dbd_redis.c b/src/apps/relay/dbdrivers/dbd_redis.c index 5f34cf50..2966bc3d 100644 --- a/src/apps/relay/dbdrivers/dbd_redis.c +++ b/src/apps/relay/dbdrivers/dbd_redis.c @@ -511,24 +511,25 @@ static int redis_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) { } else { size_t i; for (i = 0; i < (reply->elements)/2; ++i) { - char *kw = reply->element[i]->str; + char *kw = reply->element[2*i]->str; + char *val = reply->element[2*i+1]->str; if(kw) { if(!strcmp(kw,"as_rs_alg")) { - STRCPY(key->as_rs_alg,reply->element[i+1]->str); + STRCPY(key->as_rs_alg,val); } else if(!strcmp(kw,"as_rs_key")) { - STRCPY(key->as_rs_key,reply->element[i+1]->str); + STRCPY(key->as_rs_key,val); } else if(!strcmp(kw,"auth_key")) { - STRCPY(key->auth_key,reply->element[i+1]->str); + STRCPY(key->auth_key,val); } else if(!strcmp(kw,"auth_alg")) { - STRCPY(key->auth_alg,reply->element[i+1]->str); + STRCPY(key->auth_alg,val); } else if(!strcmp(kw,"ikm_key")) { - STRCPY(key->ikm_key,reply->element[i+1]->str); + STRCPY(key->ikm_key,val); } else if(!strcmp(kw,"hkdf_hash_func")) { - STRCPY(key->hkdf_hash_func,reply->element[i+1]->str); + STRCPY(key->hkdf_hash_func,val); } else if(!strcmp(kw,"timestamp")) { - key->timestamp = (u64bits)strtoull(reply->element[i+1]->str,NULL,10); + key->timestamp = (u64bits)strtoull(val,NULL,10); } else if(!strcmp(kw,"lifetime")) { - key->lifetime = (u32bits)strtoul(reply->element[i+1]->str,NULL,10); + key->lifetime = (u32bits)strtoul(val,NULL,10); } } } @@ -739,16 +740,18 @@ static int redis_list_oauth_keys(void) { init_secrets_list(&keys); if(rc) { + redisReply *reply = NULL; reply = (redisReply*)redisCommand(rc, "keys turn/oauth/kid/*"); if(reply) { - if (reply->type == REDIS_REPLY_ERROR) + if (reply->type == REDIS_REPLY_ERROR) { TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error: %s\n", reply->str); - else if (reply->type != REDIS_REPLY_ARRAY) { - if (reply->type != REDIS_REPLY_NIL) + } else if (reply->type != REDIS_REPLY_ARRAY) { + if (reply->type != REDIS_REPLY_NIL) { TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Unexpected type: %d\n", reply->type); + } } else { size_t i; for (i = 0; i < reply->elements; ++i) { @@ -761,6 +764,7 @@ static int redis_list_oauth_keys(void) { for(isz=0;iszrch); +#if defined(DB_TEST) + run_db_test(); +#endif } return arg; diff --git a/src/apps/relay/userdb.c b/src/apps/relay/userdb.c index 94af2867..5bc6d0cc 100644 --- a/src/apps/relay/userdb.c +++ b/src/apps/relay/userdb.c @@ -1101,6 +1101,20 @@ void auth_ping(redis_context_handle rch) } } +///////////////// TEST ///////////////// + +#if defined(DB_TEST) + +void run_db_test(void) +{ + turn_dbdriver_t * dbd = get_dbdriver(); + if (dbd) { + dbd->list_oauth_keys(); + } +} + +#endif + ///////////////// WHITE/BLACK IP LISTS /////////////////// #if !defined(TURN_NO_RWLOCK) diff --git a/src/apps/relay/userdb.h b/src/apps/relay/userdb.h index a529d1bb..5932cbbe 100644 --- a/src/apps/relay/userdb.h +++ b/src/apps/relay/userdb.h @@ -195,6 +195,10 @@ void release_allocation_quota(u08bits *username, u08bits *realm); /////////// Handle user DB ///////////////// +#if defined(DB_TEST) + void run_db_test(void); +#endif + void read_userdb_file(int to_print); void auth_ping(redis_context_handle rch); void reread_realms(void); diff --git a/turndb/testmongosetup.sh b/turndb/testmongosetup.sh index 7567942a..190dee29 100755 --- a/turndb/testmongosetup.sh +++ b/turndb/testmongosetup.sh @@ -41,7 +41,7 @@ db.allowed_peer_ip.insert({ ip_range: '172.17.13.200' }); db.denied_peer_ip.insert({ ip_range: '172.17.13.133-172.17.14.56' }); db.denied_peer_ip.insert({ ip_range: '123::45' }); -db.oauth_key.insert({ kid: 'north', ikm_key: 'Y2FybGVvbg==', hkdf_hash_func: 'SHA-256', as_rs_alg: 'AES-128-CBC', auth_alg: 'HMAC-SHA-256-128' }); +db.oauth_key.insert({ kid: 'north', ikm_key: 'Y2FybGVvbg==', hkdf_hash_func: 'SHA-256', as_rs_alg: 'AES-256-CBC', auth_alg: 'HMAC-SHA-256-128' }); exit diff --git a/turndb/testredisdbsetup.sh b/turndb/testredisdbsetup.sh index bfeb8713..d4d97198 100755 --- a/turndb/testredisdbsetup.sh +++ b/turndb/testredisdbsetup.sh @@ -38,7 +38,7 @@ set turn/denied-peer-ip/234567 "123::45" set turn/allowed-peer-ip/345678 "172.17.13.200" -hmset turn/oauth/kid/north ikm_key Y2FybGVvbg== hkdf_hash_func 'SHA-256' as_rs_alg 'AES-128-CBC' auth_alg 'HMAC-SHA-256-128' +hmset turn/oauth/kid/north ikm_key Y2FybGVvbg== hkdf_hash_func 'SHA-256' as_rs_alg 'AES-256-CBC' auth_alg 'HMAC-SHA-256-128' save