mirror of
				https://github.com/coturn/coturn.git
				synced 2025-10-25 21:11:00 +02:00 
			
		
		
		
	working on new third-party auth draft
This commit is contained in:
		
							parent
							
								
									86f40b4bd9
								
							
						
					
					
						commit
						6dbee00b74
					
				
							
								
								
									
										10
									
								
								INSTALL
									
									
									
									
									
								
							
							
						
						
									
										10
									
								
								INSTALL
									
									
									
									
									
								
							| @ -744,8 +744,6 @@ CREATE TABLE oauth_key ( | |||||||
| 	timestamp bigint default 0, | 	timestamp bigint default 0, | ||||||
| 	lifetime integer default 0, | 	lifetime integer default 0, | ||||||
| 	as_rs_alg varchar(64) default '', | 	as_rs_alg varchar(64) default '', | ||||||
| 	as_rs_key varchar(256) default '', |  | ||||||
| 	auth_key varchar(256) default '', |  | ||||||
| 	primary key (kid) | 	primary key (kid) | ||||||
| );  | );  | ||||||
| 
 | 
 | ||||||
| @ -754,8 +752,6 @@ The oauth_key table fields meanings are: | |||||||
| 	kid: the kid of the key; | 	kid: the kid of the key; | ||||||
| 
 | 
 | ||||||
| 	ikm_key - (optional) base64-encoded key ("input keying material"); | 	ikm_key - (optional) base64-encoded key ("input keying material"); | ||||||
| 		The ikm_key is not needed if the as_rs_key and auth_key are defined |  | ||||||
| 		explicitly in the database; |  | ||||||
| 		 | 		 | ||||||
| 	timestamp - (optional) the timestamp (in seconds) when the key  | 	timestamp - (optional) the timestamp (in seconds) when the key  | ||||||
| 		lifetime starts; | 		lifetime starts; | ||||||
| @ -768,12 +764,6 @@ The oauth_key table fields meanings are: | |||||||
| 		http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-4.1). | 		http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-4.1). | ||||||
| 		The default value is "A256GCMKW"; | 		The default value is "A256GCMKW"; | ||||||
| 
 | 
 | ||||||
| 	as_rs_key - (optional) base64-encoded AS-RS key. If not defined, then  |  | ||||||
| 		calculated with ikm_key. |  | ||||||
| 		 |  | ||||||
| 	auth_key - (optional) base64-encoded AUTH key. If not defined, then  |  | ||||||
| 		calculated with ikm_key. Not used for AEAD algorithms. |  | ||||||
| 
 |  | ||||||
| # Https access admin users. | # Https access admin users. | ||||||
| # Leave this table empty if you do not want  | # Leave this table empty if you do not want  | ||||||
| # remote https access to the admin functions. | # remote https access to the admin functions. | ||||||
|  | |||||||
										
											Binary file not shown.
										
									
								
							| @ -1136,27 +1136,6 @@ void convert_oauth_key_data_raw(const oauth_key_data_raw *raw, oauth_key_data *o | |||||||
| 				turn_free(ikm_key,ikm_key_size); | 				turn_free(ikm_key,ikm_key_size); | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
| 
 |  | ||||||
| 		if(raw->as_rs_key[0]) { |  | ||||||
| 			size_t as_rs_key_size = 0; |  | ||||||
| 			char *as_rs_key = (char*)base64_decode(raw->as_rs_key,strlen(raw->as_rs_key),&as_rs_key_size); |  | ||||||
| 			if(as_rs_key) { |  | ||||||
| 				ns_bcopy(as_rs_key,oakd->as_rs_key,as_rs_key_size); |  | ||||||
| 				oakd->as_rs_key_size = as_rs_key_size; |  | ||||||
| 				turn_free(as_rs_key,as_rs_key_size); |  | ||||||
| 			} |  | ||||||
| 		} |  | ||||||
| 
 |  | ||||||
| 		if(raw->auth_key[0]) { |  | ||||||
| 			size_t auth_key_size = 0; |  | ||||||
| 			char *auth_key = (char*)base64_decode(raw->auth_key,strlen(raw->auth_key),&auth_key_size); |  | ||||||
| 			if(auth_key) { |  | ||||||
| 				ns_bcopy(auth_key,oakd->auth_key,auth_key_size); |  | ||||||
| 				oakd->auth_key_size = auth_key_size; |  | ||||||
| 				turn_free(auth_key,auth_key_size); |  | ||||||
| 			} |  | ||||||
| 		} |  | ||||||
| 
 |  | ||||||
| 	} | 	} | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -142,8 +142,6 @@ struct _oauth_key_data_raw { | |||||||
| 	u64bits timestamp; | 	u64bits timestamp; | ||||||
| 	u32bits lifetime; | 	u32bits lifetime; | ||||||
| 	char as_rs_alg[OAUTH_ALG_SIZE+1]; | 	char as_rs_alg[OAUTH_ALG_SIZE+1]; | ||||||
| 	char as_rs_key[OAUTH_KEY_SIZE+1]; |  | ||||||
| 	char auth_key[OAUTH_KEY_SIZE+1]; |  | ||||||
| }; | }; | ||||||
| 
 | 
 | ||||||
| typedef struct _oauth_key_data_raw oauth_key_data_raw; | typedef struct _oauth_key_data_raw oauth_key_data_raw; | ||||||
|  | |||||||
| @ -255,8 +255,6 @@ static int mongo_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) { | |||||||
| 	BSON_APPEND_INT32(&fields, "lifetime", 1); | 	BSON_APPEND_INT32(&fields, "lifetime", 1); | ||||||
| 	BSON_APPEND_INT32(&fields, "timestamp", 1); | 	BSON_APPEND_INT32(&fields, "timestamp", 1); | ||||||
| 	BSON_APPEND_INT32(&fields, "as_rs_alg", 1); | 	BSON_APPEND_INT32(&fields, "as_rs_alg", 1); | ||||||
| 	BSON_APPEND_INT32(&fields, "as_rs_key", 1); |  | ||||||
| 	BSON_APPEND_INT32(&fields, "auth_key", 1); |  | ||||||
| 	BSON_APPEND_INT32(&fields, "ikm_key", 1); | 	BSON_APPEND_INT32(&fields, "ikm_key", 1); | ||||||
| 
 | 
 | ||||||
| 	mongoc_cursor_t * cursor; | 	mongoc_cursor_t * cursor; | ||||||
| @ -279,12 +277,6 @@ static int mongo_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) { | |||||||
| 			if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "as_rs_alg") && BSON_ITER_HOLDS_UTF8(&iter)) { | 			if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "as_rs_alg") && BSON_ITER_HOLDS_UTF8(&iter)) { | ||||||
| 				STRCPY(key->as_rs_alg,bson_iter_utf8(&iter, &length)); | 				STRCPY(key->as_rs_alg,bson_iter_utf8(&iter, &length)); | ||||||
| 			} | 			} | ||||||
| 			if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "as_rs_key") && BSON_ITER_HOLDS_UTF8(&iter)) { |  | ||||||
| 				STRCPY(key->as_rs_key,bson_iter_utf8(&iter, &length)); |  | ||||||
| 			} |  | ||||||
| 			if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "auth_key") && BSON_ITER_HOLDS_UTF8(&iter)) { |  | ||||||
| 				STRCPY(key->auth_key,bson_iter_utf8(&iter, &length)); |  | ||||||
| 			} |  | ||||||
| 			if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "ikm_key") && BSON_ITER_HOLDS_UTF8(&iter)) { | 			if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "ikm_key") && BSON_ITER_HOLDS_UTF8(&iter)) { | ||||||
| 				STRCPY(key->ikm_key,bson_iter_utf8(&iter, &length)); | 				STRCPY(key->ikm_key,bson_iter_utf8(&iter, &length)); | ||||||
| 			} | 			} | ||||||
| @ -349,8 +341,6 @@ static int mongo_set_oauth_key(oauth_key_data_raw *key) { | |||||||
|   bson_init(&doc); |   bson_init(&doc); | ||||||
|   BSON_APPEND_UTF8(&doc, "kid", (const char *)key->kid); |   BSON_APPEND_UTF8(&doc, "kid", (const char *)key->kid); | ||||||
|   BSON_APPEND_UTF8(&doc, "as_rs_alg", (const char *)key->as_rs_alg); |   BSON_APPEND_UTF8(&doc, "as_rs_alg", (const char *)key->as_rs_alg); | ||||||
|   BSON_APPEND_UTF8(&doc, "as_rs_key", (const char *)key->as_rs_key); |  | ||||||
|   BSON_APPEND_UTF8(&doc, "auth_key", (const char *)key->auth_key); |  | ||||||
|   BSON_APPEND_UTF8(&doc, "ikm_key", (const char *)key->ikm_key); |   BSON_APPEND_UTF8(&doc, "ikm_key", (const char *)key->ikm_key); | ||||||
|   BSON_APPEND_INT64(&doc, "timestamp", (int64_t)key->timestamp); |   BSON_APPEND_INT64(&doc, "timestamp", (int64_t)key->timestamp); | ||||||
|   BSON_APPEND_INT32(&doc, "lifetime", (int32_t)key->lifetime); |   BSON_APPEND_INT32(&doc, "lifetime", (int32_t)key->lifetime); | ||||||
| @ -511,8 +501,6 @@ static int mongo_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secre | |||||||
|   BSON_APPEND_INT32(&fields, "lifetime", 1); |   BSON_APPEND_INT32(&fields, "lifetime", 1); | ||||||
|   BSON_APPEND_INT32(&fields, "timestamp", 1); |   BSON_APPEND_INT32(&fields, "timestamp", 1); | ||||||
|   BSON_APPEND_INT32(&fields, "as_rs_alg", 1); |   BSON_APPEND_INT32(&fields, "as_rs_alg", 1); | ||||||
|   BSON_APPEND_INT32(&fields, "as_rs_key", 1); |  | ||||||
|   BSON_APPEND_INT32(&fields, "auth_key", 1); |  | ||||||
|   BSON_APPEND_INT32(&fields, "ikm_key", 1); |   BSON_APPEND_INT32(&fields, "ikm_key", 1); | ||||||
| 
 | 
 | ||||||
|   mongoc_cursor_t * cursor; |   mongoc_cursor_t * cursor; | ||||||
| @ -537,12 +525,6 @@ static int mongo_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secre | |||||||
|     	if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "as_rs_alg") && BSON_ITER_HOLDS_UTF8(&iter)) { |     	if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "as_rs_alg") && BSON_ITER_HOLDS_UTF8(&iter)) { | ||||||
|     	    STRCPY(key->as_rs_alg,bson_iter_utf8(&iter, &length)); |     	    STRCPY(key->as_rs_alg,bson_iter_utf8(&iter, &length)); | ||||||
|     	} |     	} | ||||||
|     	if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "as_rs_key") && BSON_ITER_HOLDS_UTF8(&iter)) { |  | ||||||
|     		STRCPY(key->as_rs_key,bson_iter_utf8(&iter, &length)); |  | ||||||
|     	} |  | ||||||
|     	if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "auth_key") && BSON_ITER_HOLDS_UTF8(&iter)) { |  | ||||||
|     		STRCPY(key->auth_key,bson_iter_utf8(&iter, &length)); |  | ||||||
|     	} |  | ||||||
|     	if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "ikm_key") && BSON_ITER_HOLDS_UTF8(&iter)) { |     	if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "ikm_key") && BSON_ITER_HOLDS_UTF8(&iter)) { | ||||||
|     		STRCPY(key->ikm_key,bson_iter_utf8(&iter, &length)); |     		STRCPY(key->ikm_key,bson_iter_utf8(&iter, &length)); | ||||||
|     	} |     	} | ||||||
| @ -566,9 +548,9 @@ static int mongo_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secre | |||||||
| 				add_to_secrets_list(lts,lt); | 				add_to_secrets_list(lts,lt); | ||||||
| 			} | 			} | ||||||
|     	} else { |     	} else { | ||||||
|     		printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s, as_rs_key=%s, auth_key=%s\n", |     		printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s\n", | ||||||
|     						key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, |     						key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, | ||||||
|     						key->as_rs_alg, key->as_rs_key, key->auth_key); |     						key->as_rs_alg); | ||||||
|     	} |     	} | ||||||
|     } |     } | ||||||
|     mongoc_cursor_destroy(cursor); |     mongoc_cursor_destroy(cursor); | ||||||
|  | |||||||
| @ -343,7 +343,7 @@ static int mysql_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) { | |||||||
| 
 | 
 | ||||||
| 	int ret = -1; | 	int ret = -1; | ||||||
| 	char statement[TURN_LONG_STRING_SIZE]; | 	char statement[TURN_LONG_STRING_SIZE]; | ||||||
| 	snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg,as_rs_key,auth_key from oauth_key where kid='%s'",(const char*)kid); | 	snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg from oauth_key where kid='%s'",(const char*)kid); | ||||||
| 
 | 
 | ||||||
| 	MYSQL * myc = get_mydb_connection(); | 	MYSQL * myc = get_mydb_connection(); | ||||||
| 	if(myc) { | 	if(myc) { | ||||||
| @ -354,7 +354,7 @@ static int mysql_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) { | |||||||
| 			MYSQL_RES *mres = mysql_store_result(myc); | 			MYSQL_RES *mres = mysql_store_result(myc); | ||||||
| 			if(!mres) { | 			if(!mres) { | ||||||
| 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error retrieving MySQL DB information: %s\n",mysql_error(myc)); | 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error retrieving MySQL DB information: %s\n",mysql_error(myc)); | ||||||
| 			} else if(mysql_field_count(myc)!=6) { | 			} else if(mysql_field_count(myc)!=4) { | ||||||
| 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Unknown error retrieving MySQL DB information: %s\n",statement); | 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Unknown error retrieving MySQL DB information: %s\n",statement); | ||||||
| 			} else { | 			} else { | ||||||
| 				MYSQL_ROW row = mysql_fetch_row(mres); | 				MYSQL_ROW row = mysql_fetch_row(mres); | ||||||
| @ -378,12 +378,6 @@ static int mysql_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) { | |||||||
| 						ns_bcopy(row[3],key->as_rs_alg,lengths[3]); | 						ns_bcopy(row[3],key->as_rs_alg,lengths[3]); | ||||||
| 						key->as_rs_alg[lengths[3]]=0; | 						key->as_rs_alg[lengths[3]]=0; | ||||||
| 
 | 
 | ||||||
| 						ns_bcopy(row[4],key->as_rs_key,lengths[4]); |  | ||||||
| 						key->as_rs_key[lengths[4]]=0; |  | ||||||
| 
 |  | ||||||
| 						ns_bcopy(row[5],key->auth_key,lengths[5]); |  | ||||||
| 						key->auth_key[lengths[5]]=0; |  | ||||||
| 
 |  | ||||||
| 						ret = 0; | 						ret = 0; | ||||||
| 					} | 					} | ||||||
| 				} | 				} | ||||||
| @ -402,7 +396,7 @@ static int mysql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secre | |||||||
| 	oauth_key_data_raw *key=&key_; | 	oauth_key_data_raw *key=&key_; | ||||||
| 	int ret = -1; | 	int ret = -1; | ||||||
| 	char statement[TURN_LONG_STRING_SIZE]; | 	char statement[TURN_LONG_STRING_SIZE]; | ||||||
| 	snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg,as_rs_key,auth_key,kid from oauth_key order by kid"); | 	snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg,kid from oauth_key order by kid"); | ||||||
| 
 | 
 | ||||||
| 	MYSQL * myc = get_mydb_connection(); | 	MYSQL * myc = get_mydb_connection(); | ||||||
| 	if(myc) { | 	if(myc) { | ||||||
| @ -413,7 +407,7 @@ static int mysql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secre | |||||||
| 			MYSQL_RES *mres = mysql_store_result(myc); | 			MYSQL_RES *mres = mysql_store_result(myc); | ||||||
| 			if(!mres) { | 			if(!mres) { | ||||||
| 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error retrieving MySQL DB information: %s\n",mysql_error(myc)); | 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error retrieving MySQL DB information: %s\n",mysql_error(myc)); | ||||||
| 			} else if(mysql_field_count(myc)!=7) { | 			} else if(mysql_field_count(myc)!=5) { | ||||||
| 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Unknown error retrieving MySQL DB information: %s\n",statement); | 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Unknown error retrieving MySQL DB information: %s\n",statement); | ||||||
| 			} else { | 			} else { | ||||||
| 				MYSQL_ROW row = mysql_fetch_row(mres); | 				MYSQL_ROW row = mysql_fetch_row(mres); | ||||||
| @ -437,14 +431,8 @@ static int mysql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secre | |||||||
| 						ns_bcopy(row[3],key->as_rs_alg,lengths[3]); | 						ns_bcopy(row[3],key->as_rs_alg,lengths[3]); | ||||||
| 						key->as_rs_alg[lengths[3]]=0; | 						key->as_rs_alg[lengths[3]]=0; | ||||||
| 
 | 
 | ||||||
| 						ns_bcopy(row[4],key->as_rs_key,lengths[4]); |  | ||||||
| 						key->as_rs_key[lengths[4]]=0; |  | ||||||
| 
 |  | ||||||
| 						ns_bcopy(row[5],key->auth_key,lengths[5]); |  | ||||||
| 						key->auth_key[lengths[5]]=0; |  | ||||||
| 
 |  | ||||||
| 						ns_bcopy(row[6],key->kid,lengths[6]); | 						ns_bcopy(row[6],key->kid,lengths[6]); | ||||||
| 						key->kid[lengths[6]]=0; | 						key->kid[lengths[4]]=0; | ||||||
| 
 | 
 | ||||||
| 						if(kids) { | 						if(kids) { | ||||||
| 							add_to_secrets_list(kids,key->kid); | 							add_to_secrets_list(kids,key->kid); | ||||||
| @ -460,9 +448,9 @@ static int mysql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secre | |||||||
| 								add_to_secrets_list(lts,lt); | 								add_to_secrets_list(lts,lt); | ||||||
| 							} | 							} | ||||||
| 						} else { | 						} else { | ||||||
| 							printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s, as_rs_key=%s, auth_key=%s\n", | 							printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s\n", | ||||||
| 								key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, | 								key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, | ||||||
| 								key->as_rs_alg, key->as_rs_key, key->auth_key); | 								key->as_rs_alg); | ||||||
| 						} | 						} | ||||||
| 					} | 					} | ||||||
| 					row = mysql_fetch_row(mres); | 					row = mysql_fetch_row(mres); | ||||||
| @ -506,13 +494,13 @@ static int mysql_set_oauth_key(oauth_key_data_raw *key) | |||||||
| 	char statement[TURN_LONG_STRING_SIZE]; | 	char statement[TURN_LONG_STRING_SIZE]; | ||||||
| 	MYSQL * myc = get_mydb_connection(); | 	MYSQL * myc = get_mydb_connection(); | ||||||
| 	if(myc) { | 	if(myc) { | ||||||
| 		snprintf(statement,sizeof(statement),"insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg,as_rs_key,auth_key) values('%s','%s',%llu,%lu,'%s','%s','%s')", | 		snprintf(statement,sizeof(statement),"insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('%s','%s',%llu,%lu,'%s')", | ||||||
| 					  key->kid,key->ikm_key,(unsigned long long)key->timestamp,(unsigned long)key->lifetime, | 					  key->kid,key->ikm_key,(unsigned long long)key->timestamp,(unsigned long)key->lifetime, | ||||||
| 					  key->as_rs_alg,key->as_rs_key,key->auth_key); | 					  key->as_rs_alg); | ||||||
| 		int res = mysql_query(myc, statement); | 		int res = mysql_query(myc, statement); | ||||||
| 		if(res) { | 		if(res) { | ||||||
| 			snprintf(statement,sizeof(statement),"update oauth_key set ikm_key='%s',timestamp=%lu,lifetime=%lu, as_rs_alg='%s',as_rs_key='%s',auth_key='%s' where kid='%s'",key->ikm_key,(unsigned long)key->timestamp,(unsigned long)key->lifetime, | 			snprintf(statement,sizeof(statement),"update oauth_key set ikm_key='%s',timestamp=%lu,lifetime=%lu, as_rs_alg='%s' where kid='%s'",key->ikm_key,(unsigned long)key->timestamp,(unsigned long)key->lifetime, | ||||||
| 							  key->as_rs_alg,key->as_rs_key,key->auth_key,key->kid); | 							  key->as_rs_alg,key->kid); | ||||||
| 			res = mysql_query(myc, statement); | 			res = mysql_query(myc, statement); | ||||||
| 			if(res) { | 			if(res) { | ||||||
| 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error inserting/updating oauth key information: %s\n",mysql_error(myc)); | 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error inserting/updating oauth key information: %s\n",mysql_error(myc)); | ||||||
|  | |||||||
| @ -158,7 +158,7 @@ static int pgsql_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) { | |||||||
| 	int ret = -1; | 	int ret = -1; | ||||||
| 
 | 
 | ||||||
| 	char statement[TURN_LONG_STRING_SIZE]; | 	char statement[TURN_LONG_STRING_SIZE]; | ||||||
| 	snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg,as_rs_key,auth_key from oauth_key where kid='%s'",(const char*)kid); | 	snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg from oauth_key where kid='%s'",(const char*)kid); | ||||||
| 
 | 
 | ||||||
| 	PGconn * pqc = get_pqdb_connection(); | 	PGconn * pqc = get_pqdb_connection(); | ||||||
| 	if(pqc) { | 	if(pqc) { | ||||||
| @ -171,8 +171,6 @@ static int pgsql_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) { | |||||||
| 			key->timestamp = (u64bits)strtoll(PQgetvalue(res,0,1),NULL,10); | 			key->timestamp = (u64bits)strtoll(PQgetvalue(res,0,1),NULL,10); | ||||||
| 			key->lifetime = (u32bits)strtol(PQgetvalue(res,0,2),NULL,10); | 			key->lifetime = (u32bits)strtol(PQgetvalue(res,0,2),NULL,10); | ||||||
| 			STRCPY(key->as_rs_alg,PQgetvalue(res,0,3)); | 			STRCPY(key->as_rs_alg,PQgetvalue(res,0,3)); | ||||||
| 			STRCPY(key->as_rs_key,PQgetvalue(res,0,4)); |  | ||||||
| 			STRCPY(key->auth_key,PQgetvalue(res,0,5)); |  | ||||||
| 			STRCPY(key->kid,kid); | 			STRCPY(key->kid,kid); | ||||||
| 			ret = 0; | 			ret = 0; | ||||||
| 		} | 		} | ||||||
| @ -193,7 +191,7 @@ static int pgsql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secre | |||||||
| 	int ret = -1; | 	int ret = -1; | ||||||
| 
 | 
 | ||||||
| 	char statement[TURN_LONG_STRING_SIZE]; | 	char statement[TURN_LONG_STRING_SIZE]; | ||||||
| 	snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg,as_rs_key,auth_key,kid from oauth_key order by kid"); | 	snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg,kid from oauth_key order by kid"); | ||||||
| 
 | 
 | ||||||
| 	PGconn * pqc = get_pqdb_connection(); | 	PGconn * pqc = get_pqdb_connection(); | ||||||
| 	if(pqc) { | 	if(pqc) { | ||||||
| @ -209,9 +207,7 @@ static int pgsql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secre | |||||||
| 				key->timestamp = (u64bits)strtoll(PQgetvalue(res,i,1),NULL,10); | 				key->timestamp = (u64bits)strtoll(PQgetvalue(res,i,1),NULL,10); | ||||||
| 				key->lifetime = (u32bits)strtol(PQgetvalue(res,i,2),NULL,10); | 				key->lifetime = (u32bits)strtol(PQgetvalue(res,i,2),NULL,10); | ||||||
| 				STRCPY(key->as_rs_alg,PQgetvalue(res,i,3)); | 				STRCPY(key->as_rs_alg,PQgetvalue(res,i,3)); | ||||||
| 				STRCPY(key->as_rs_key,PQgetvalue(res,i,4)); | 				STRCPY(key->kid,PQgetvalue(res,i,4)); | ||||||
| 				STRCPY(key->auth_key,PQgetvalue(res,i,5)); |  | ||||||
| 				STRCPY(key->kid,PQgetvalue(res,i,6)); |  | ||||||
| 
 | 
 | ||||||
| 				if(kids) { | 				if(kids) { | ||||||
| 					add_to_secrets_list(kids,key->kid); | 					add_to_secrets_list(kids,key->kid); | ||||||
| @ -227,9 +223,9 @@ static int pgsql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secre | |||||||
| 						add_to_secrets_list(lts,lt); | 						add_to_secrets_list(lts,lt); | ||||||
| 					} | 					} | ||||||
| 				} else { | 				} else { | ||||||
| 					printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s, as_rs_key=%s, auth_key=%s\n", | 					printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s\n", | ||||||
| 						key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, | 						key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, | ||||||
| 						key->as_rs_alg, key->as_rs_key, key->auth_key); | 						key->as_rs_alg); | ||||||
| 				} | 				} | ||||||
| 
 | 
 | ||||||
| 				ret = 0; | 				ret = 0; | ||||||
| @ -277,17 +273,17 @@ static int pgsql_set_oauth_key(oauth_key_data_raw *key) { | |||||||
|   char statement[TURN_LONG_STRING_SIZE]; |   char statement[TURN_LONG_STRING_SIZE]; | ||||||
|   PGconn *pqc = get_pqdb_connection(); |   PGconn *pqc = get_pqdb_connection(); | ||||||
|   if(pqc) { |   if(pqc) { | ||||||
| 	  snprintf(statement,sizeof(statement),"insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg,as_rs_key,auth_key) values('%s','%s',%llu,%lu,'%s','%s','%s')", | 	  snprintf(statement,sizeof(statement),"insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('%s','%s',%llu,%lu,'%s')", | ||||||
| 			  key->kid,key->ikm_key,(unsigned long long)key->timestamp,(unsigned long)key->lifetime, | 			  key->kid,key->ikm_key,(unsigned long long)key->timestamp,(unsigned long)key->lifetime, | ||||||
| 			  key->as_rs_alg,key->as_rs_key,key->auth_key); | 			  key->as_rs_alg); | ||||||
| 
 | 
 | ||||||
| 	  PGresult *res = PQexec(pqc, statement); | 	  PGresult *res = PQexec(pqc, statement); | ||||||
| 	  if(!res || (PQresultStatus(res) != PGRES_COMMAND_OK)) { | 	  if(!res || (PQresultStatus(res) != PGRES_COMMAND_OK)) { | ||||||
| 		  if(res) { | 		  if(res) { | ||||||
| 			PQclear(res); | 			PQclear(res); | ||||||
| 		  } | 		  } | ||||||
| 		  snprintf(statement,sizeof(statement),"update oauth_key set ikm_key='%s',timestamp=%lu,lifetime=%lu, as_rs_alg='%s',as_rs_key='%s',auth_key='%s' where kid='%s'",key->ikm_key,(unsigned long)key->timestamp,(unsigned long)key->lifetime, | 		  snprintf(statement,sizeof(statement),"update oauth_key set ikm_key='%s',timestamp=%lu,lifetime=%lu, as_rs_alg='%s' where kid='%s'",key->ikm_key,(unsigned long)key->timestamp,(unsigned long)key->lifetime, | ||||||
| 				  key->as_rs_alg,key->as_rs_key,key->auth_key,key->kid); | 				  key->as_rs_alg,key->kid); | ||||||
| 		  res = PQexec(pqc, statement); | 		  res = PQexec(pqc, statement); | ||||||
| 		  if(!res || (PQresultStatus(res) != PGRES_COMMAND_OK)) { | 		  if(!res || (PQresultStatus(res) != PGRES_COMMAND_OK)) { | ||||||
| 			  TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error inserting/updating oauth_key information: %s\n",PQerrorMessage(pqc)); | 			  TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error inserting/updating oauth_key information: %s\n",PQerrorMessage(pqc)); | ||||||
|  | |||||||
| @ -477,10 +477,6 @@ static int redis_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) { | |||||||
| 				if(kw) { | 				if(kw) { | ||||||
| 					if(!strcmp(kw,"as_rs_alg")) { | 					if(!strcmp(kw,"as_rs_alg")) { | ||||||
| 						STRCPY(key->as_rs_alg,val); | 						STRCPY(key->as_rs_alg,val); | ||||||
| 					} else if(!strcmp(kw,"as_rs_key")) { |  | ||||||
| 						STRCPY(key->as_rs_key,val); |  | ||||||
| 					} else if(!strcmp(kw,"auth_key")) { |  | ||||||
| 						STRCPY(key->auth_key,val); |  | ||||||
| 					} else if(!strcmp(kw,"ikm_key")) { | 					} else if(!strcmp(kw,"ikm_key")) { | ||||||
| 						STRCPY(key->ikm_key,val); | 						STRCPY(key->ikm_key,val); | ||||||
| 					} else if(!strcmp(kw,"timestamp")) { | 					} else if(!strcmp(kw,"timestamp")) { | ||||||
| @ -516,8 +512,8 @@ static int redis_set_oauth_key(oauth_key_data_raw *key) { | |||||||
|   redisContext *rc = get_redis_connection(); |   redisContext *rc = get_redis_connection(); | ||||||
|   if(rc) { |   if(rc) { | ||||||
| 	char statement[TURN_LONG_STRING_SIZE]; | 	char statement[TURN_LONG_STRING_SIZE]; | ||||||
| 	snprintf(statement,sizeof(statement),"hmset turn/oauth/kid/%s ikm_key %s as_rs_alg %s as_rs_key %s auth_key %s timestamp %llu lifetime %lu", | 	snprintf(statement,sizeof(statement),"hmset turn/oauth/kid/%s ikm_key %s as_rs_alg %s timestamp %llu lifetime %lu", | ||||||
| 			key->kid,key->ikm_key,key->as_rs_alg,key->as_rs_key,key->auth_key,(unsigned long long)key->timestamp,(unsigned long)key->lifetime); | 			key->kid,key->ikm_key,key->as_rs_alg,(unsigned long long)key->timestamp,(unsigned long)key->lifetime); | ||||||
| 	turnFreeRedisReply(redisCommand(rc, statement)); | 	turnFreeRedisReply(redisCommand(rc, statement)); | ||||||
| 	turnFreeRedisReply(redisCommand(rc, "save")); | 	turnFreeRedisReply(redisCommand(rc, "save")); | ||||||
|     ret = 0; |     ret = 0; | ||||||
| @ -683,9 +679,9 @@ static int redis_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secre | |||||||
| 				add_to_secrets_list(lts,lt); | 				add_to_secrets_list(lts,lt); | ||||||
| 			} | 			} | ||||||
| 		} else { | 		} else { | ||||||
| 			printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s, as_rs_key=%s, auth_key=%s\n", | 			printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s\n", | ||||||
| 							key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, | 							key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, | ||||||
| 							key->as_rs_alg, key->as_rs_key, key->auth_key); | 							key->as_rs_alg); | ||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
|   } |   } | ||||||
|  | |||||||
| @ -154,7 +154,7 @@ static void init_sqlite_database(sqlite3 *sqliteconnection) { | |||||||
| 		"CREATE TABLE denied_peer_ip (realm varchar(127) default '', ip_range varchar(256), primary key (realm,ip_range))", | 		"CREATE TABLE denied_peer_ip (realm varchar(127) default '', ip_range varchar(256), primary key (realm,ip_range))", | ||||||
| 		"CREATE TABLE turn_origin_to_realm (origin varchar(127),realm varchar(127),primary key (origin))", | 		"CREATE TABLE turn_origin_to_realm (origin varchar(127),realm varchar(127),primary key (origin))", | ||||||
| 		"CREATE TABLE turn_realm_option (realm varchar(127) default '',	opt varchar(32),	value varchar(128),	primary key (realm,opt))", | 		"CREATE TABLE turn_realm_option (realm varchar(127) default '',	opt varchar(32),	value varchar(128),	primary key (realm,opt))", | ||||||
| 		"CREATE TABLE oauth_key (kid varchar(128),ikm_key varchar(256) default '',timestamp bigint default 0,lifetime integer default 0,as_rs_alg varchar(64) default '',as_rs_key varchar(256) default '',auth_key varchar(256) default '',primary key (kid))", | 		"CREATE TABLE oauth_key (kid varchar(128),ikm_key varchar(256) default '',timestamp bigint default 0,lifetime integer default 0,as_rs_alg varchar(64) default '',primary key (kid))", | ||||||
| 		"CREATE TABLE admin_user (name varchar(32), realm varchar(127), password varchar(127), primary key (name))", | 		"CREATE TABLE admin_user (name varchar(32), realm varchar(127), password varchar(127), primary key (name))", | ||||||
| 		NULL | 		NULL | ||||||
| 	}; | 	}; | ||||||
| @ -293,7 +293,7 @@ static int sqlite_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) { | |||||||
| 	char statement[TURN_LONG_STRING_SIZE]; | 	char statement[TURN_LONG_STRING_SIZE]; | ||||||
| 	sqlite3_stmt *st = NULL; | 	sqlite3_stmt *st = NULL; | ||||||
| 	int rc = 0; | 	int rc = 0; | ||||||
| 	snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg,as_rs_key,auth_key from oauth_key where kid='%s'",(const char*)kid); | 	snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg from oauth_key where kid='%s'",(const char*)kid); | ||||||
| 
 | 
 | ||||||
| 	sqlite3 *sqliteconnection = get_sqlite_connection(); | 	sqlite3 *sqliteconnection = get_sqlite_connection(); | ||||||
| 	if(sqliteconnection) { | 	if(sqliteconnection) { | ||||||
| @ -309,8 +309,6 @@ static int sqlite_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) { | |||||||
| 				key->timestamp = (u64bits)strtoll((const char*)sqlite3_column_text(st, 1),NULL,10); | 				key->timestamp = (u64bits)strtoll((const char*)sqlite3_column_text(st, 1),NULL,10); | ||||||
| 				key->lifetime = (u32bits)strtol((const char*)sqlite3_column_text(st, 2),NULL,10); | 				key->lifetime = (u32bits)strtol((const char*)sqlite3_column_text(st, 2),NULL,10); | ||||||
| 				STRCPY(key->as_rs_alg,sqlite3_column_text(st, 3)); | 				STRCPY(key->as_rs_alg,sqlite3_column_text(st, 3)); | ||||||
| 				STRCPY(key->as_rs_key,sqlite3_column_text(st, 4)); |  | ||||||
| 				STRCPY(key->auth_key,sqlite3_column_text(st, 5)); |  | ||||||
| 				STRCPY(key->kid,kid); | 				STRCPY(key->kid,kid); | ||||||
| 				ret = 0; | 				ret = 0; | ||||||
| 			} | 			} | ||||||
| @ -339,7 +337,7 @@ static int sqlite_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secr | |||||||
| 	char statement[TURN_LONG_STRING_SIZE]; | 	char statement[TURN_LONG_STRING_SIZE]; | ||||||
| 	sqlite3_stmt *st = NULL; | 	sqlite3_stmt *st = NULL; | ||||||
| 	int rc = 0; | 	int rc = 0; | ||||||
| 	snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg,as_rs_key,auth_key,kid from oauth_key order by kid"); | 	snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg,kid from oauth_key order by kid"); | ||||||
| 
 | 
 | ||||||
| 	sqlite3 *sqliteconnection = get_sqlite_connection(); | 	sqlite3 *sqliteconnection = get_sqlite_connection(); | ||||||
| 	if(sqliteconnection) { | 	if(sqliteconnection) { | ||||||
| @ -357,9 +355,7 @@ static int sqlite_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secr | |||||||
| 					key->timestamp = (u64bits)strtoll((const char*)sqlite3_column_text(st, 1),NULL,10); | 					key->timestamp = (u64bits)strtoll((const char*)sqlite3_column_text(st, 1),NULL,10); | ||||||
| 					key->lifetime = (u32bits)strtol((const char*)sqlite3_column_text(st, 2),NULL,10); | 					key->lifetime = (u32bits)strtol((const char*)sqlite3_column_text(st, 2),NULL,10); | ||||||
| 					STRCPY(key->as_rs_alg,sqlite3_column_text(st, 3)); | 					STRCPY(key->as_rs_alg,sqlite3_column_text(st, 3)); | ||||||
| 					STRCPY(key->as_rs_key,sqlite3_column_text(st, 4)); | 					STRCPY(key->kid,sqlite3_column_text(st, 4)); | ||||||
| 					STRCPY(key->auth_key,sqlite3_column_text(st, 5)); |  | ||||||
| 					STRCPY(key->kid,sqlite3_column_text(st, 6)); |  | ||||||
| 
 | 
 | ||||||
| 					if(kids) { | 					if(kids) { | ||||||
| 						add_to_secrets_list(kids,key->kid); | 						add_to_secrets_list(kids,key->kid); | ||||||
| @ -375,9 +371,9 @@ static int sqlite_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secr | |||||||
| 							add_to_secrets_list(lts,lt); | 							add_to_secrets_list(lts,lt); | ||||||
| 						} | 						} | ||||||
| 					} else { | 					} else { | ||||||
| 						printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s, as_rs_key=%s, auth_key=%s\n", | 						printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s\n", | ||||||
| 										key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, | 										key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, | ||||||
| 										key->as_rs_alg, key->as_rs_key, key->auth_key); | 										key->as_rs_alg); | ||||||
| 					} | 					} | ||||||
| 
 | 
 | ||||||
| 				} else if (res == SQLITE_DONE) { | 				} else if (res == SQLITE_DONE) { | ||||||
| @ -447,9 +443,8 @@ static int sqlite_set_oauth_key(oauth_key_data_raw *key) | |||||||
| 		snprintf( | 		snprintf( | ||||||
| 						statement, | 						statement, | ||||||
| 						sizeof(statement), | 						sizeof(statement), | ||||||
| 						"insert or replace into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg,as_rs_key,auth_key) values('%s','%s',%llu,%lu,'%s','%s','%s')", | 						"insert or replace into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('%s','%s',%llu,%lu,'%s')", | ||||||
| 						key->kid, key->ikm_key, (unsigned long long) key->timestamp, (unsigned long) key->lifetime, key->as_rs_alg, key->as_rs_key, | 						key->kid, key->ikm_key, (unsigned long long) key->timestamp, (unsigned long) key->lifetime, key->as_rs_alg); | ||||||
| 						key->auth_key); |  | ||||||
| 
 | 
 | ||||||
| 		sqlite_lock(1); | 		sqlite_lock(1); | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -1372,8 +1372,6 @@ typedef enum _AS_FORM AS_FORM; | |||||||
| #define HR_ADD_OAUTH_TS "oauth_ts" | #define HR_ADD_OAUTH_TS "oauth_ts" | ||||||
| #define HR_ADD_OAUTH_LT "oauth_lt" | #define HR_ADD_OAUTH_LT "oauth_lt" | ||||||
| #define HR_ADD_OAUTH_IKM "oauth_ikm" | #define HR_ADD_OAUTH_IKM "oauth_ikm" | ||||||
| #define HR_ADD_OAUTH_RS_KEY "oauth_rs_key" |  | ||||||
| #define HR_ADD_OAUTH_AUTH_KEY "oauth_auth_key" |  | ||||||
| #define HR_ADD_OAUTH_TEA "oauth_tea" | #define HR_ADD_OAUTH_TEA "oauth_tea" | ||||||
| #define HR_DELETE_OAUTH_KID "oauth_kid_del" | #define HR_DELETE_OAUTH_KID "oauth_kid_del" | ||||||
| #define HR_OAUTH_KID "kid" | #define HR_OAUTH_KID "kid" | ||||||
| @ -2878,28 +2876,6 @@ static void write_https_oauth_show_keys(ioa_socket_handle s, const char* kid) | |||||||
| 								str_buffer_append(sb,"</td></tr>\r\n"); | 								str_buffer_append(sb,"</td></tr>\r\n"); | ||||||
| 							} | 							} | ||||||
| 
 | 
 | ||||||
| 							if(okey.as_rs_key_size) { |  | ||||||
| 								size_t as_rs_key_size = 0; |  | ||||||
| 								char *as_rs_key = (char*)base64_encode((unsigned char*)okey.as_rs_key,okey.as_rs_key_size,&as_rs_key_size); |  | ||||||
| 								if(as_rs_key) { |  | ||||||
| 									str_buffer_append(sb,"<tr><td>AS-RS key:</td><td>"); |  | ||||||
| 									str_buffer_append(sb,as_rs_key); |  | ||||||
| 									str_buffer_append(sb,"</td></tr>\r\n"); |  | ||||||
| 									turn_free(as_rs_key,as_rs_key_size); |  | ||||||
| 								} |  | ||||||
| 							} |  | ||||||
| 
 |  | ||||||
| 							if(okey.auth_key_size) { |  | ||||||
| 								size_t auth_key_size = 0; |  | ||||||
| 								char *auth_key = (char*)base64_encode((unsigned char*)okey.auth_key,okey.auth_key_size,&auth_key_size); |  | ||||||
| 								if(auth_key) { |  | ||||||
| 									str_buffer_append(sb,"<tr><td>AUTH key:</td><td>"); |  | ||||||
| 									str_buffer_append(sb,auth_key); |  | ||||||
| 									str_buffer_append(sb,"</td></tr>\r\n"); |  | ||||||
| 									turn_free(auth_key,auth_key_size); |  | ||||||
| 								} |  | ||||||
| 							} |  | ||||||
| 
 |  | ||||||
| 							str_buffer_append(sb,"</table>\r\n"); | 							str_buffer_append(sb,"</table>\r\n"); | ||||||
| 						} | 						} | ||||||
| 					} | 					} | ||||||
| @ -2914,7 +2890,6 @@ static void write_https_oauth_show_keys(ioa_socket_handle s, const char* kid) | |||||||
| static void write_https_oauth_page(ioa_socket_handle s, const char* add_kid, const char* add_ikm, | static void write_https_oauth_page(ioa_socket_handle s, const char* add_kid, const char* add_ikm, | ||||||
| 				const char* add_tea, | 				const char* add_tea, | ||||||
| 				const char *add_ts, const char* add_lt, | 				const char *add_ts, const char* add_lt, | ||||||
| 				const char *add_rs_key, const char *add_auth_key, |  | ||||||
| 				const char* msg) | 				const char* msg) | ||||||
| { | { | ||||||
| 	if(s && !ioa_socket_tobeclosed(s)) { | 	if(s && !ioa_socket_tobeclosed(s)) { | ||||||
| @ -3017,35 +2992,7 @@ static void write_https_oauth_page(ioa_socket_handle s, const char* add_kid, con | |||||||
| 					str_buffer_append(sb,">A256GCMKW\r\n<br>\r\n"); | 					str_buffer_append(sb,">A256GCMKW\r\n<br>\r\n"); | ||||||
| 				} | 				} | ||||||
| 
 | 
 | ||||||
| 				str_buffer_append(sb,"</td><td colspan=\"2\">"); | 				str_buffer_append(sb,"</td></tr>\r\n</table>\r\n"); | ||||||
| 
 |  | ||||||
| 				{ |  | ||||||
| 					if(!add_rs_key) add_rs_key = ""; |  | ||||||
| 
 |  | ||||||
| 					str_buffer_append(sb,"  <br>Base64-encoded AS-RS key (optional):<br><textarea wrap=\"soft\" cols=70 rows=4 name=\""); |  | ||||||
| 					str_buffer_append(sb,HR_ADD_OAUTH_RS_KEY); |  | ||||||
| 					str_buffer_append(sb,"\" maxLength=256 >"); |  | ||||||
| 					str_buffer_append(sb,(const char*)add_rs_key); |  | ||||||
| 					str_buffer_append(sb,"</textarea>"); |  | ||||||
| 					str_buffer_append(sb,"<br>\r\n"); |  | ||||||
| 				} |  | ||||||
| 
 |  | ||||||
| 				str_buffer_append(sb,"</td></tr>\r\n"); |  | ||||||
| 
 |  | ||||||
| 				str_buffer_append(sb,"<tr><td colspan=\"2\">"); |  | ||||||
| 
 |  | ||||||
| 				{ |  | ||||||
| 					if(!add_auth_key) add_auth_key = ""; |  | ||||||
| 
 |  | ||||||
| 					str_buffer_append(sb,"  <br>Base64-encoded AUTH key (optional):<br><textarea wrap=\"soft\" cols=70 rows=4 name=\""); |  | ||||||
| 					str_buffer_append(sb,HR_ADD_OAUTH_AUTH_KEY); |  | ||||||
| 					str_buffer_append(sb,"\" maxLength=256 >"); |  | ||||||
| 					str_buffer_append(sb,(const char*)add_auth_key); |  | ||||||
| 					str_buffer_append(sb,"</textarea>"); |  | ||||||
| 					str_buffer_append(sb,"<br>\r\n"); |  | ||||||
| 				} |  | ||||||
| 
 |  | ||||||
| 				str_buffer_append(sb,"</td></tr></table>\r\n"); |  | ||||||
| 
 | 
 | ||||||
| 				str_buffer_append(sb,"<br><input type=\"submit\" value=\"Add key\">"); | 				str_buffer_append(sb,"<br><input type=\"submit\" value=\"Add key\">"); | ||||||
| 
 | 
 | ||||||
| @ -3545,28 +3492,19 @@ static void handle_https(ioa_socket_handle s, ioa_network_buffer_handle nbh) | |||||||
| 					const char* add_ts = "0"; | 					const char* add_ts = "0"; | ||||||
| 					const char* add_lt = "0"; | 					const char* add_lt = "0"; | ||||||
| 					const char* add_ikm = ""; | 					const char* add_ikm = ""; | ||||||
| 					const char *add_rs_key = ""; |  | ||||||
| 					const char *add_auth_key = ""; |  | ||||||
| 					const char* add_tea = ""; | 					const char* add_tea = ""; | ||||||
| 					const char* msg = ""; | 					const char* msg = ""; | ||||||
| 
 | 
 | ||||||
| 					add_kid = get_http_header_value(hr,HR_ADD_OAUTH_KID,""); | 					add_kid = get_http_header_value(hr,HR_ADD_OAUTH_KID,""); | ||||||
| 					if(add_kid[0]) { | 					if(add_kid[0]) { | ||||||
| 						add_ikm = get_http_header_value(hr,HR_ADD_OAUTH_IKM,""); | 						add_ikm = get_http_header_value(hr,HR_ADD_OAUTH_IKM,""); | ||||||
| 						add_rs_key = get_http_header_value(hr,HR_ADD_OAUTH_RS_KEY,""); |  | ||||||
| 						add_auth_key = get_http_header_value(hr,HR_ADD_OAUTH_AUTH_KEY,""); |  | ||||||
| 						add_ts = get_http_header_value(hr,HR_ADD_OAUTH_TS,""); | 						add_ts = get_http_header_value(hr,HR_ADD_OAUTH_TS,""); | ||||||
| 						add_lt = get_http_header_value(hr,HR_ADD_OAUTH_LT,""); | 						add_lt = get_http_header_value(hr,HR_ADD_OAUTH_LT,""); | ||||||
| 						add_tea = get_http_header_value(hr,HR_ADD_OAUTH_TEA,""); | 						add_tea = get_http_header_value(hr,HR_ADD_OAUTH_TEA,""); | ||||||
| 
 | 
 | ||||||
| 						int keys_ok = 0; | 						int keys_ok = (add_ikm[0] != 0); | ||||||
| 						if(add_rs_key[0] && add_auth_key[0]) { |  | ||||||
| 							keys_ok = 1; |  | ||||||
| 						} else if(strstr(add_tea,"GCM") && add_rs_key[0]) { |  | ||||||
| 							keys_ok = 1; |  | ||||||
| 						} |  | ||||||
| 						if(!keys_ok) { | 						if(!keys_ok) { | ||||||
| 							msg = "Provided information is insufficient for the oAuth key generation."; | 							msg = "You must enter the key value."; | ||||||
| 						} else { | 						} else { | ||||||
| 							oauth_key_data_raw key; | 							oauth_key_data_raw key; | ||||||
| 							ns_bzero(&key,sizeof(key)); | 							ns_bzero(&key,sizeof(key)); | ||||||
| @ -3588,8 +3526,6 @@ static void handle_https(ioa_socket_handle s, ioa_network_buffer_handle nbh) | |||||||
| 
 | 
 | ||||||
| 							STRCPY(key.ikm_key,add_ikm); | 							STRCPY(key.ikm_key,add_ikm); | ||||||
| 							STRCPY(key.as_rs_alg,add_tea); | 							STRCPY(key.as_rs_alg,add_tea); | ||||||
| 							STRCPY(key.as_rs_key,add_rs_key); |  | ||||||
| 							STRCPY(key.auth_key,add_auth_key); |  | ||||||
| 
 | 
 | ||||||
| 							const turn_dbdriver_t * dbd = get_dbdriver(); | 							const turn_dbdriver_t * dbd = get_dbdriver(); | ||||||
| 							if (dbd && dbd->set_oauth_key) { | 							if (dbd && dbd->set_oauth_key) { | ||||||
| @ -3601,14 +3537,12 @@ static void handle_https(ioa_socket_handle s, ioa_network_buffer_handle nbh) | |||||||
| 									add_lt = "0"; | 									add_lt = "0"; | ||||||
| 									add_ikm = ""; | 									add_ikm = ""; | ||||||
| 									add_tea = ""; | 									add_tea = ""; | ||||||
| 									add_rs_key = ""; |  | ||||||
| 									add_auth_key = ""; |  | ||||||
| 								} | 								} | ||||||
| 							} | 							} | ||||||
| 						} | 						} | ||||||
| 					} | 					} | ||||||
| 
 | 
 | ||||||
| 					write_https_oauth_page(s,add_kid,add_ikm,add_tea,add_ts,add_lt,add_rs_key,add_auth_key,msg); | 					write_https_oauth_page(s,add_kid,add_ikm,add_tea,add_ts,add_lt,msg); | ||||||
| 				} | 				} | ||||||
| 				break; | 				break; | ||||||
| 			} | 			} | ||||||
|  | |||||||
| @ -1018,15 +1018,12 @@ void run_db_test(void) | |||||||
| 		oauth_key_data_raw key_; | 		oauth_key_data_raw key_; | ||||||
| 		oauth_key_data_raw *key=&key_; | 		oauth_key_data_raw *key=&key_; | ||||||
| 		dbd->get_oauth_key((const u08bits*)"north",key); | 		dbd->get_oauth_key((const u08bits*)"north",key); | ||||||
| 		printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s, as_rs_key=%s, auth_key=%s\n", | 		printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s\n", | ||||||
| 		    		key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, | 		    		key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->as_rs_alg); | ||||||
| 		    		key->as_rs_alg, key->as_rs_key, key->auth_key); |  | ||||||
| 
 | 
 | ||||||
| 		printf("DB TEST 3:\n"); | 		printf("DB TEST 3:\n"); | ||||||
| 
 | 
 | ||||||
| 		STRCPY(key->as_rs_alg,"as_rs_alg"); | 		STRCPY(key->as_rs_alg,"as_rs_alg"); | ||||||
| 		STRCPY(key->as_rs_key,"as_rs_key"); |  | ||||||
| 		STRCPY(key->auth_key,"auth_key"); |  | ||||||
| 		STRCPY(key->ikm_key,"ikm_key"); | 		STRCPY(key->ikm_key,"ikm_key"); | ||||||
| 		STRCPY(key->kid,"kid"); | 		STRCPY(key->kid,"kid"); | ||||||
| 		key->timestamp = 123; | 		key->timestamp = 123; | ||||||
| @ -1037,9 +1034,8 @@ void run_db_test(void) | |||||||
| 
 | 
 | ||||||
| 		printf("DB TEST 4:\n"); | 		printf("DB TEST 4:\n"); | ||||||
| 		dbd->get_oauth_key((const u08bits*)"kid",key); | 		dbd->get_oauth_key((const u08bits*)"kid",key); | ||||||
| 		printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s, as_rs_key=%s, auth_key=%s\n", | 		printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s\n", | ||||||
| 		    		key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, | 		    		key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->as_rs_alg); | ||||||
| 		    		key->as_rs_alg, key->as_rs_key, key->auth_key); |  | ||||||
| 
 | 
 | ||||||
| 		printf("DB TEST 5:\n"); | 		printf("DB TEST 5:\n"); | ||||||
| 		dbd->del_oauth_key((const u08bits*)"kid"); | 		dbd->del_oauth_key((const u08bits*)"kid"); | ||||||
| @ -1051,9 +1047,8 @@ void run_db_test(void) | |||||||
| 
 | 
 | ||||||
| 		oauth_key_data oakd; | 		oauth_key_data oakd; | ||||||
| 		convert_oauth_key_data_raw(key, &oakd); | 		convert_oauth_key_data_raw(key, &oakd); | ||||||
| 		printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s, as_rs_key_size=%d, auth_key_size=%d\n", | 		printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s\n", | ||||||
| 				    		oakd.kid, oakd.ikm_key, (unsigned long long)oakd.timestamp, (unsigned long)oakd.lifetime, | 				    		oakd.kid, oakd.ikm_key, (unsigned long long)oakd.timestamp, (unsigned long)oakd.lifetime, oakd.as_rs_alg); | ||||||
| 				    		oakd.as_rs_alg, (int)oakd.as_rs_key_size, (int)oakd.auth_key_size); |  | ||||||
| 
 | 
 | ||||||
| 		oauth_key oak; | 		oauth_key oak; | ||||||
| 		char err_msg[1025]; | 		char err_msg[1025]; | ||||||
|  | |||||||
| @ -102,9 +102,9 @@ int oauth = 0; | |||||||
| oauth_key okey_array[3]; | oauth_key okey_array[3]; | ||||||
| 
 | 
 | ||||||
| static oauth_key_data_raw okdr_array[3] = { | static oauth_key_data_raw okdr_array[3] = { | ||||||
| 		{"north","Y2FybGVvbg==",0,0,"A256GCMKW","",""}, | 		{"north","Y2FybGVvbg==",0,0,"A256GCMKW"}, | ||||||
| 		{"union","aGVyb2Q=",0,0,"A128GCMKW","",""}, | 		{"union","aGVyb2Q=",0,0,"A128GCMKW"}, | ||||||
| 		{"oldempire","YXVsY3Vz",0,0,"A256GCMKW","",""} | 		{"oldempire","YXVsY3Vz",0,0,"A256GCMKW"} | ||||||
| }; | }; | ||||||
| 
 | 
 | ||||||
| //////////////// local definitions /////////////////
 | //////////////// local definitions /////////////////
 | ||||||
|  | |||||||
| @ -2045,15 +2045,8 @@ int convert_oauth_key_data(const oauth_key_data *oakd0, oauth_key *key, char *er | |||||||
| 		oauth_key_data *oakd = &oakd_obj; | 		oauth_key_data *oakd = &oakd_obj; | ||||||
| 
 | 
 | ||||||
| 		if(!(oakd->ikm_key_size)) { | 		if(!(oakd->ikm_key_size)) { | ||||||
| 			if(!(oakd->as_rs_key_size)) { | 			if(err_msg) { | ||||||
| 				if(err_msg) { | 				snprintf(err_msg,err_msg_size,"key is not defined"); | ||||||
| 					snprintf(err_msg,err_msg_size,"AS-RS key is not defined"); |  | ||||||
| 				} |  | ||||||
| 				OAUTH_ERROR("AS-RS key is not defined\n"); |  | ||||||
| 				return -1; |  | ||||||
| 			} |  | ||||||
| 			if(!(oakd->auth_key_size)) { |  | ||||||
| 				//AEAD ?
 |  | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
| 
 | 
 | ||||||
| @ -2075,10 +2068,6 @@ int convert_oauth_key_data(const oauth_key_data *oakd0, oauth_key *key, char *er | |||||||
| 
 | 
 | ||||||
| 		STRCPY(key->kid,oakd->kid); | 		STRCPY(key->kid,oakd->kid); | ||||||
| 
 | 
 | ||||||
| 		ns_bcopy(oakd->as_rs_key,key->as_rs_key,sizeof(key->as_rs_key)); |  | ||||||
| 		key->as_rs_key_size = oakd->as_rs_key_size; |  | ||||||
| 		ns_bcopy(oakd->auth_key,key->auth_key,sizeof(key->auth_key)); |  | ||||||
| 		key->auth_key_size = oakd->auth_key_size; |  | ||||||
| 		ns_bcopy(oakd->ikm_key,key->ikm_key,sizeof(key->ikm_key)); | 		ns_bcopy(oakd->ikm_key,key->ikm_key,sizeof(key->ikm_key)); | ||||||
| 		key->ikm_key_size = oakd->ikm_key_size; | 		key->ikm_key_size = oakd->ikm_key_size; | ||||||
| 
 | 
 | ||||||
| @ -2108,20 +2097,16 @@ int convert_oauth_key_data(const oauth_key_data *oakd0, oauth_key *key, char *er | |||||||
| 			return -1; | 			return -1; | ||||||
| 		} | 		} | ||||||
| 
 | 
 | ||||||
| 		if(!(key->auth_key_size)) { | 		key->auth_key_size = calculate_auth_key_length(key->as_rs_alg); | ||||||
| 			key->auth_key_size = calculate_auth_key_length(key->as_rs_alg); | 		if(key->auth_key_size) { | ||||||
| 			if(key->auth_key_size) { | 			if(calculate_key(key->ikm_key,key->ikm_key_size,key->auth_key,key->auth_key_size)<0) { | ||||||
| 				if(calculate_key(key->ikm_key,key->ikm_key_size,key->auth_key,key->auth_key_size)<0) { | 				return -1; | ||||||
| 					return -1; |  | ||||||
| 				} |  | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
| 
 | 
 | ||||||
| 		if(!(key->as_rs_key_size)) { | 		key->as_rs_key_size = calculate_enc_key_length(key->as_rs_alg); | ||||||
| 			key->as_rs_key_size = calculate_enc_key_length(key->as_rs_alg); | 		if(calculate_key(key->ikm_key,key->ikm_key_size,key->as_rs_key,key->as_rs_key_size)<0) { | ||||||
| 			if(calculate_key(key->ikm_key,key->ikm_key_size,key->as_rs_key,key->as_rs_key_size)<0) { | 			return -1; | ||||||
| 				return -1; |  | ||||||
| 			} |  | ||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -112,10 +112,6 @@ struct _oauth_key_data { | |||||||
| 	turn_time_t timestamp; | 	turn_time_t timestamp; | ||||||
| 	turn_time_t lifetime; | 	turn_time_t lifetime; | ||||||
| 	char as_rs_alg[OAUTH_ALG_SIZE+1]; | 	char as_rs_alg[OAUTH_ALG_SIZE+1]; | ||||||
| 	char as_rs_key[OAUTH_KEY_SIZE+1]; |  | ||||||
| 	size_t as_rs_key_size; |  | ||||||
| 	char auth_key[OAUTH_KEY_SIZE+1]; |  | ||||||
| 	size_t auth_key_size; |  | ||||||
| }; | }; | ||||||
| 
 | 
 | ||||||
| typedef struct _oauth_key_data oauth_key_data; | typedef struct _oauth_key_data oauth_key_data; | ||||||
|  | |||||||
| @ -43,8 +43,6 @@ CREATE TABLE oauth_key ( | |||||||
| 	timestamp bigint default 0, | 	timestamp bigint default 0, | ||||||
| 	lifetime integer default 0, | 	lifetime integer default 0, | ||||||
| 	as_rs_alg varchar(64) default '', | 	as_rs_alg varchar(64) default '', | ||||||
| 	as_rs_key varchar(256) default '', |  | ||||||
| 	auth_key varchar(256) default '', |  | ||||||
| 	primary key (kid) | 	primary key (kid) | ||||||
| ); | ); | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -34,12 +34,10 @@ and they will be almost immediately "seen" by the turnserver process. | |||||||
| 4) For the oAuth authentication, there is a hash structure with the key  | 4) For the oAuth authentication, there is a hash structure with the key  | ||||||
| "turn/oauth/kid/<kid-value>". The kid structure fields are: | "turn/oauth/kid/<kid-value>". The kid structure fields are: | ||||||
|   |   | ||||||
| 	ikm_key - (optional) base64-encoded key ("input keying material"); | 	ikm_key - (optional) base64-encoded key ("input keying material"). | ||||||
| 		The ikm_key is not needed if the as_rs_key and auth_key are defined |  | ||||||
| 		explicitly in the database; |  | ||||||
| 		 | 		 | ||||||
| 	timestamp - (optional) the timestamp (in seconds) when the key  | 	timestamp - (optional) the timestamp (in seconds) when the key  | ||||||
| 		lifetime started; | 		lifetime started. | ||||||
| 	 | 	 | ||||||
| 	lifetime - (optional) the key lifetime in seconds; the default value  | 	lifetime - (optional) the key lifetime in seconds; the default value  | ||||||
| 		is 0 - unlimited lifetime. | 		is 0 - unlimited lifetime. | ||||||
| @ -47,14 +45,7 @@ and they will be almost immediately "seen" by the turnserver process. | |||||||
| 	as_rs_alg - oAuth token encryption algorithm; the valid values are | 	as_rs_alg - oAuth token encryption algorithm; the valid values are | ||||||
| 		"A256GCMKW", "A128GCMKW" (see  | 		"A256GCMKW", "A128GCMKW" (see  | ||||||
| 		http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-4.1). | 		http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-4.1). | ||||||
| 		The default value is "A256GCMKW"; | 		The default value is "A256GCMKW". | ||||||
| 		 |  | ||||||
| 	as_rs_key - (optional) base64-encoded AS-RS key. If not defined, then  |  | ||||||
| 		calculated with ikm_key. The as_rs_key length  |  | ||||||
| 		is defined by as_rs_alg. |  | ||||||
| 		 |  | ||||||
| 	auth_key - (optional) base64-encoded AUTH key. If not defined, then  |  | ||||||
| 		calculated with ikm_key. Not used with AEAD algorithms. |  | ||||||
| 		 | 		 | ||||||
| 5) admin users (over https interface) are maintained as keys of form: | 5) admin users (over https interface) are maintained as keys of form: | ||||||
| "turn/admin_user/<username> with hash members "password" and, | "turn/admin_user/<username> with hash members "password" and, | ||||||
|  | |||||||
| @ -31,6 +31,6 @@ insert into denied_peer_ip (ip_range) values('123::45'); | |||||||
| insert into denied_peer_ip (realm,ip_range) values('north.gov','172.17.17.133-172.17.19.56'); | insert into denied_peer_ip (realm,ip_range) values('north.gov','172.17.17.133-172.17.19.56'); | ||||||
| insert into denied_peer_ip (realm,ip_range) values('crinna.org','123::77'); | insert into denied_peer_ip (realm,ip_range) values('crinna.org','123::77'); | ||||||
| 
 | 
 | ||||||
| insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg,as_rs_key,auth_key) values('north','Y2FybGVvbg==',0,0,'A256GCMKW','',''); | insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('north','Y2FybGVvbg==',0,0,'A256GCMKW'); | ||||||
| insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg,as_rs_key,auth_key) values('union','aGVyb2Q=',0,0,'A128GCMKW','',''); | insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('union','aGVyb2Q=',0,0,'A128GCMKW'); | ||||||
| insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg,as_rs_key,auth_key) values('oldempire','YXVsY3Vz',0,0,'A256GCMKW','',''); | insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('oldempire','YXVsY3Vz',0,0,'A256GCMKW'); | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user