mirror of
https://github.com/coturn/coturn.git
synced 2026-05-05 18:56:09 +02:00
check-origin-consistency
This commit is contained in:
mom040267
parent
863de36bb4
commit
851409a197
@ -1,7 +1,7 @@
|
||||
08/14/2014 Oleg Moskalenko <mom040267@gmail.com>
|
||||
Version 4.1.2.1 'Vitari':
|
||||
- The origin attribute is verified in the subsequent
|
||||
session messages.
|
||||
session messages (server flag --check-origin-consistency).
|
||||
- MySQL SSL connection support.
|
||||
- Crash fixed when the DB connection string is incorrect.
|
||||
- Minor docs fixes.
|
||||
|
||||
@ -269,6 +269,11 @@ Flags:
|
||||
(if configured). The load balancing is using the
|
||||
ALTERNATE-SERVER mechanism. The TURN client must support
|
||||
300 ALTERNATE-SERVER response for this functionality.
|
||||
|
||||
--check-origin-consistency The flag that sets the origin consistency
|
||||
check: across the session, all requests must have the same
|
||||
main ORIGIN attribute value (if the ORIGIN was
|
||||
initially used by the session).
|
||||
|
||||
-h Help.
|
||||
|
||||
@ -388,8 +393,8 @@ Options with required values:
|
||||
and the userdb file). Must be used with long-term credentials
|
||||
mechanism or with TURN REST API.
|
||||
|
||||
-C, --rest-api-separator This is the timestamp/username separator symbol (character) in TURN REST API.
|
||||
The default value is :.
|
||||
-C, --rest-api-separator This is the timestamp/username separator symbol
|
||||
(character) in TURN REST API. The default value is :.
|
||||
|
||||
-q, --user-quota Per-user allocations quota: how many concurrent
|
||||
allocations a user can create. This option can also be set
|
||||
|
||||
@ -306,6 +306,13 @@
|
||||
#
|
||||
#realm=mycompany.org
|
||||
|
||||
# The flag that sets the origin consistency
|
||||
# check: across the session, all requests must have the same
|
||||
# main ORIGIN attribute value (if the ORIGIN was
|
||||
# initially used by the session).
|
||||
#
|
||||
#check-origin-consistency
|
||||
|
||||
# Per-user allocation quota.
|
||||
# default value is 0 (no quota, unlimited number of sessions per user).
|
||||
# This option can also be set through the database, for a particular realm.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
.\" Text automatically generated by txt2man
|
||||
.TH TURN 1 "17 August 2014" "" ""
|
||||
.TH TURN 1 "18 August 2014" "" ""
|
||||
.SH GENERAL INFORMATION
|
||||
|
||||
\fIturnadmin\fP is a TURN administration tool. This tool can be used to manage
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
.\" Text automatically generated by txt2man
|
||||
.TH TURN 1 "17 August 2014" "" ""
|
||||
.TH TURN 1 "18 August 2014" "" ""
|
||||
.SH GENERAL INFORMATION
|
||||
|
||||
The \fBTURN Server\fP project contains the source code of a TURN server and TURN client
|
||||
@ -410,6 +410,13 @@ ALTERNATE\-SERVER mechanism. The TURN client must support
|
||||
300 ALTERNATE\-SERVER response for this functionality.
|
||||
.TP
|
||||
.B
|
||||
\fB\-\-check\-origin\-consistency\fP
|
||||
The flag that sets the origin consistency
|
||||
check: across the session, all requests must have the same
|
||||
main ORIGIN attribute value (if the ORIGIN was
|
||||
initially used by the session).
|
||||
.TP
|
||||
.B
|
||||
\fB\-h\fP
|
||||
Help.
|
||||
.TP
|
||||
@ -566,8 +573,8 @@ mechanism or with TURN REST API.
|
||||
.TP
|
||||
.B
|
||||
\fB\-C\fP, \fB\-\-rest\-api\-separator\fP
|
||||
This is the timestamp/username separator symbol (character) in TURN REST API.
|
||||
The default value is :.
|
||||
This is the timestamp/username separator symbol
|
||||
(character) in TURN REST API. The default value is :.
|
||||
.TP
|
||||
.B
|
||||
\fB\-q\fP, \fB\-\-user\-quota\fP
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
.\" Text automatically generated by txt2man
|
||||
.TH TURN 1 "17 August 2014" "" ""
|
||||
.TH TURN 1 "18 August 2014" "" ""
|
||||
.SH GENERAL INFORMATION
|
||||
|
||||
A set of turnutils_* programs provides some utility functionality to be used
|
||||
|
||||
@ -81,7 +81,7 @@ DEFAULT_STUN_PORT,DEFAULT_STUN_TLS_PORT,0,0,1,
|
||||
NEV_UNKNOWN,
|
||||
{ "Unknown", "UDP listening socket per session", "UDP thread per network endpoint", "UDP thread per CPU core" },
|
||||
//////////////// Relay servers //////////////////////////////////
|
||||
LOW_DEFAULT_PORTS_BOUNDARY,HIGH_DEFAULT_PORTS_BOUNDARY,0,0,"",
|
||||
LOW_DEFAULT_PORTS_BOUNDARY,HIGH_DEFAULT_PORTS_BOUNDARY,0,0,0,"",
|
||||
0,NULL,0,NULL,DEFAULT_GENERAL_RELAY_SERVERS_NUMBER,0,
|
||||
////////////// Auth server /////////////////////////////////////
|
||||
{NULL,NULL,NULL,0,NULL},
|
||||
@ -397,6 +397,10 @@ static char Usage[] = "Usage: turnserver [options]\n"
|
||||
" server is not using any database (just the commands-line settings\n"
|
||||
" and the userdb file). Must be used with long-term credentials \n"
|
||||
" mechanism or with TURN REST API.\n"
|
||||
" --check-origin-consistency The flag that sets the origin consistency check:\n"
|
||||
" across the session, all requests must have the same\n"
|
||||
" main ORIGIN attribute value (if the ORIGIN was\n"
|
||||
" initially used by the session).\n"
|
||||
" -q, --user-quota <number> Per-user allocation quota: how many concurrent allocations a user can create.\n"
|
||||
" This option can also be set through the database, for a particular realm.\n"
|
||||
" -Q, --total-quota <number> Total allocations quota: global limit on concurrent allocations.\n"
|
||||
@ -670,6 +674,7 @@ enum EXTRA_OPTS {
|
||||
NO_TLSV1_OPT,
|
||||
NO_TLSV1_1_OPT,
|
||||
NO_TLSV1_2_OPT,
|
||||
CHECK_ORIGIN_CONSISTENCY_OPT,
|
||||
ADMIN_MAX_BPS_OPT,
|
||||
ADMIN_TOTAL_QUOTA_OPT,
|
||||
ADMIN_USER_QUOTA_OPT
|
||||
@ -734,6 +739,7 @@ static const struct myoption long_options[] = {
|
||||
{ "Verbose", optional_argument, NULL, 'V' },
|
||||
{ "daemon", optional_argument, NULL, 'o' },
|
||||
{ "fingerprint", optional_argument, NULL, 'f' },
|
||||
{ "check-origin-consistency", optional_argument, NULL, CHECK_ORIGIN_CONSISTENCY_OPT },
|
||||
{ "no-udp", optional_argument, NULL, NO_UDP_OPT },
|
||||
{ "no-tcp", optional_argument, NULL, NO_TCP_OPT },
|
||||
{ "no-tls", optional_argument, NULL, NO_TLS_OPT },
|
||||
@ -1152,6 +1158,9 @@ static void set_option(int c, char *value)
|
||||
turn_params.bps_capacity = (band_limit_t)atoi(value);
|
||||
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "%lu bytes per second allowed, combined server capacity\n",(unsigned long)turn_params.bps_capacity);
|
||||
break;
|
||||
case CHECK_ORIGIN_CONSISTENCY_OPT:
|
||||
turn_params.check_origin = get_bool_value(value);
|
||||
break;
|
||||
case NO_UDP_OPT:
|
||||
turn_params.no_udp = get_bool_value(value);
|
||||
break;
|
||||
|
||||
@ -250,6 +250,8 @@ typedef struct _turn_params_ {
|
||||
u16bits min_port;
|
||||
u16bits max_port;
|
||||
|
||||
vint check_origin;
|
||||
|
||||
vint no_multicast_peers;
|
||||
vint no_loopback_peers;
|
||||
|
||||
|
||||
@ -1574,6 +1574,7 @@ static void setup_relay_server(struct relay_server *rs, ioa_engine_handle e, int
|
||||
check_new_allocation_quota,
|
||||
release_allocation_quota,
|
||||
turn_params.external_ip,
|
||||
&turn_params.check_origin,
|
||||
&turn_params.no_tcp_relay,
|
||||
&turn_params.no_udp_relay,
|
||||
&turn_params.stale_nonce,
|
||||
|
||||
@ -3506,24 +3506,26 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,
|
||||
ioa_network_buffer_get_size(in_buffer->nbh), sar);
|
||||
}
|
||||
|
||||
if(ss->origin[0]) {
|
||||
if(!origin_found) {
|
||||
if(server->check_origin && *(server->check_origin)) {
|
||||
if(ss->origin[0]) {
|
||||
if(!origin_found) {
|
||||
err_code = 441;
|
||||
reason = (const u08bits *)"The origin attribute does not match the initial session origin value";
|
||||
if(server->verbose) {
|
||||
char smethod[129];
|
||||
stun_method_str(method,smethod);
|
||||
log_method(ss, smethod, err_code, reason);
|
||||
}
|
||||
}
|
||||
} else if(norigins > 0){
|
||||
err_code = 441;
|
||||
reason = (const u08bits *)"The origin attribute does not match the initial session origin value";
|
||||
reason = (const u08bits *)"The origin attribute is empty, does not match the initial session origin value";
|
||||
if(server->verbose) {
|
||||
char smethod[129];
|
||||
stun_method_str(method,smethod);
|
||||
log_method(ss, smethod, err_code, reason);
|
||||
}
|
||||
}
|
||||
} else if(norigins > 0){
|
||||
err_code = 441;
|
||||
reason = (const u08bits *)"The origin attribute is empty, does not match the initial session origin value";
|
||||
if(server->verbose) {
|
||||
char smethod[129];
|
||||
stun_method_str(method,smethod);
|
||||
log_method(ss, smethod, err_code, reason);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -4675,6 +4677,7 @@ void init_turn_server(turn_turnserver* server,
|
||||
check_new_allocation_quota_cb chquotacb,
|
||||
release_allocation_quota_cb raqcb,
|
||||
ioa_addr *external_ip,
|
||||
vintp check_origin,
|
||||
vintp no_tcp_relay,
|
||||
vintp no_udp_relay,
|
||||
vintp stale_nonce,
|
||||
@ -4718,6 +4721,7 @@ void init_turn_server(turn_turnserver* server,
|
||||
|
||||
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO,"turn server id=%d created\n",(int)id);
|
||||
|
||||
server->check_origin = check_origin;
|
||||
server->no_tcp_relay = no_tcp_relay;
|
||||
server->no_udp_relay = no_udp_relay;
|
||||
|
||||
|
||||
@ -112,6 +112,7 @@ struct _turn_turnserver {
|
||||
int verbose;
|
||||
int fingerprint;
|
||||
int rfc5780;
|
||||
vintp check_origin;
|
||||
vintp stale_nonce;
|
||||
vintp stun_only;
|
||||
vintp no_stun;
|
||||
@ -174,6 +175,7 @@ void init_turn_server(turn_turnserver* server,
|
||||
check_new_allocation_quota_cb chquotacb,
|
||||
release_allocation_quota_cb raqcb,
|
||||
ioa_addr *external_addr,
|
||||
vintp check_origin,
|
||||
vintp no_tcp_relay,
|
||||
vintp no_udp_relay,
|
||||
vintp stale_nonce,
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user