From aefe2608d0691a2a939567192aa167af3a9e19cd Mon Sep 17 00:00:00 2001 From: mom040267 Date: Thu, 22 Jan 2015 10:03:40 +0000 Subject: [PATCH] oauth keys page --- INSTALL | 2 +- examples/var/db/turndb | Bin 22528 -> 22528 bytes src/apps/relay/dbdrivers/dbd_mongo.c | 15 +- src/apps/relay/dbdrivers/dbd_mysql.c | 22 +- src/apps/relay/dbdrivers/dbd_pgsql.c | 14 +- src/apps/relay/dbdrivers/dbd_redis.c | 15 +- src/apps/relay/dbdrivers/dbd_sqlite.c | 17 +- src/apps/relay/dbdrivers/dbdriver.h | 2 +- src/apps/relay/http_server.c | 9 +- src/apps/relay/turn_admin_server.c | 312 +++++++++++++++++++++++++- src/apps/relay/userdb.c | 6 +- 11 files changed, 382 insertions(+), 32 deletions(-) diff --git a/INSTALL b/INSTALL index 3e9873ff..990dfbbb 100644 --- a/INSTALL +++ b/INSTALL @@ -757,7 +757,7 @@ The oauth_key table fields meanings are: explicitly in the database; timestamp - (optional) the timestamp (in seconds) when the key - lifetime started; + lifetime starts; lifetime - (optional) the key lifetime in seconds; the default value is 0 - unlimited lifetime. diff --git a/examples/var/db/turndb b/examples/var/db/turndb index 8026af81d2843e4a1669b0916521d8352746dfe5..52b1258006a96f90e061d27631871022be8c1354 100644 GIT binary patch delta 58 zcmV-A0LA}+umOOu0gxL3Ympp70c){ftV03=PO*VM0|i3>002Lcfjg6pM}GnX;j;k@ Q(F2kc1OfmEv*k-03>}LRj{pDw delta 38 tcmZqJz}T>Xae_2s@lifetime = (u32bits)bson_iter_int32(&iter); } - printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n", - key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->hkdf_hash_func, - key->as_rs_alg, key->as_rs_key, key->auth_alg, key->auth_key); + if(kids) { + add_to_secrets_list(kids,key->kid); + add_to_secrets_list(hkdfs,key->hkdf_hash_func); + add_to_secrets_list(teas,key->as_rs_alg); + add_to_secrets_list(aas,key->auth_alg); + } else { + printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n", + key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->hkdf_hash_func, + key->as_rs_alg, key->as_rs_key, key->auth_alg, key->auth_key); + } } mongoc_cursor_destroy(cursor); ret = 0; diff --git a/src/apps/relay/dbdrivers/dbd_mysql.c b/src/apps/relay/dbdrivers/dbd_mysql.c index a536bdac..4d71be21 100644 --- a/src/apps/relay/dbdrivers/dbd_mysql.c +++ b/src/apps/relay/dbdrivers/dbd_mysql.c @@ -402,7 +402,7 @@ static int mysql_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) { return ret; } -static int mysql_list_oauth_keys(void) { +static int mysql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secrets_list_t *teas,secrets_list_t *aas) { oauth_key_data_raw key_; oauth_key_data_raw *key=&key_; @@ -457,9 +457,16 @@ static int mysql_list_oauth_keys(void) { ns_bcopy(row[8],key->kid,lengths[8]); key->kid[lengths[8]]=0; - printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n", + if(kids) { + add_to_secrets_list(kids,key->kid); + add_to_secrets_list(hkdfs,key->hkdf_hash_func); + add_to_secrets_list(teas,key->as_rs_alg); + add_to_secrets_list(aas,key->auth_alg); + } else { + printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n", key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->hkdf_hash_func, key->as_rs_alg, key->as_rs_key, key->auth_alg, key->auth_key); + } } row = mysql_fetch_row(mres); } @@ -496,8 +503,9 @@ static int mysql_set_user_key(u08bits *usname, u08bits *realm, const char *key) return ret; } -static int mysql_set_oauth_key(oauth_key_data_raw *key) { - int ret = -1; +static int mysql_set_oauth_key(oauth_key_data_raw *key) +{ + int ret = -1; char statement[TURN_LONG_STRING_SIZE]; MYSQL * myc = get_mydb_connection(); if(myc) { @@ -511,10 +519,14 @@ static int mysql_set_oauth_key(oauth_key_data_raw *key) { res = mysql_query(myc, statement); if(res) { TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error inserting/updating oauth key information: %s\n",mysql_error(myc)); + } else { + ret = 0; } + } else { + ret = 0; } } - return ret; + return ret; } static int mysql_del_user(u08bits *usname, u08bits *realm) { diff --git a/src/apps/relay/dbdrivers/dbd_pgsql.c b/src/apps/relay/dbdrivers/dbd_pgsql.c index 6b99e2a6..873c47e5 100644 --- a/src/apps/relay/dbdrivers/dbd_pgsql.c +++ b/src/apps/relay/dbdrivers/dbd_pgsql.c @@ -187,7 +187,7 @@ static int pgsql_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) { return ret; } -static int pgsql_list_oauth_keys(void) { +static int pgsql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secrets_list_t *teas,secrets_list_t *aas) { oauth_key_data_raw key_; oauth_key_data_raw *key=&key_; @@ -217,9 +217,16 @@ static int pgsql_list_oauth_keys(void) { STRCPY((char*)key->auth_key,PQgetvalue(res,i,7)); STRCPY((char*)key->kid,PQgetvalue(res,i,8)); - printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n", + if(kids) { + add_to_secrets_list(kids,key->kid); + add_to_secrets_list(hkdfs,key->hkdf_hash_func); + add_to_secrets_list(teas,key->as_rs_alg); + add_to_secrets_list(aas,key->auth_alg); + } else { + printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n", key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->hkdf_hash_func, key->as_rs_alg, key->as_rs_key, key->auth_alg, key->auth_key); + } ret = 0; } @@ -283,7 +290,10 @@ static int pgsql_set_oauth_key(oauth_key_data_raw *key) { } else { ret = 0; } + } else { + ret = 0; } + if(res) { PQclear(res); } diff --git a/src/apps/relay/dbdrivers/dbd_redis.c b/src/apps/relay/dbdrivers/dbd_redis.c index de1bf28c..49befeea 100644 --- a/src/apps/relay/dbdrivers/dbd_redis.c +++ b/src/apps/relay/dbdrivers/dbd_redis.c @@ -637,7 +637,7 @@ static int redis_list_users(u08bits *realm, secrets_list_t *users, secrets_list_ return ret; } -static int redis_list_oauth_keys(void) { +static int redis_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secrets_list_t *teas,secrets_list_t *aas) { int ret = -1; redisContext *rc = get_redis_connection(); secrets_list_t keys; @@ -673,9 +673,16 @@ static int redis_list_oauth_keys(void) { oauth_key_data_raw key_; oauth_key_data_raw *key=&key_; if(redis_get_oauth_key((const u08bits*)s,key) == 0) { - printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n", - key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->hkdf_hash_func, - key->as_rs_alg, key->as_rs_key, key->auth_alg, key->auth_key); + if(kids) { + add_to_secrets_list(kids,key->kid); + add_to_secrets_list(hkdfs,key->hkdf_hash_func); + add_to_secrets_list(teas,key->as_rs_alg); + add_to_secrets_list(aas,key->auth_alg); + } else { + printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n", + key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->hkdf_hash_func, + key->as_rs_alg, key->as_rs_key, key->auth_alg, key->auth_key); + } } } diff --git a/src/apps/relay/dbdrivers/dbd_sqlite.c b/src/apps/relay/dbdrivers/dbd_sqlite.c index e4ea4d09..f2ac8443 100644 --- a/src/apps/relay/dbdrivers/dbd_sqlite.c +++ b/src/apps/relay/dbdrivers/dbd_sqlite.c @@ -329,7 +329,7 @@ static int sqlite_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) { return ret; } -static int sqlite_list_oauth_keys(void) { +static int sqlite_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secrets_list_t *teas,secrets_list_t *aas) { oauth_key_data_raw key_; oauth_key_data_raw *key=&key_; @@ -363,11 +363,18 @@ static int sqlite_list_oauth_keys(void) { STRCPY((char*)key->as_rs_key,sqlite3_column_text(st, 5)); STRCPY((char*)key->auth_alg,sqlite3_column_text(st, 6)); STRCPY((char*)key->auth_key,sqlite3_column_text(st, 7)); - STRCPY((char*)key->kid,sqlite3_column_text(st, 7)); + STRCPY((char*)key->kid,sqlite3_column_text(st, 8)); - printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n", - key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->hkdf_hash_func, - key->as_rs_alg, key->as_rs_key, key->auth_alg, key->auth_key); + if(kids) { + add_to_secrets_list(kids,key->kid); + add_to_secrets_list(hkdfs,key->hkdf_hash_func); + add_to_secrets_list(teas,key->as_rs_alg); + add_to_secrets_list(aas,key->auth_alg); + } else { + printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n", + key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->hkdf_hash_func, + key->as_rs_alg, key->as_rs_key, key->auth_alg, key->auth_key); + } } else if (res == SQLITE_DONE) { break; diff --git a/src/apps/relay/dbdrivers/dbdriver.h b/src/apps/relay/dbdrivers/dbdriver.h index 7cfd3b01..8776a3a2 100644 --- a/src/apps/relay/dbdrivers/dbdriver.h +++ b/src/apps/relay/dbdrivers/dbdriver.h @@ -68,7 +68,7 @@ typedef struct _turn_dbdriver_t { int (*set_oauth_key)(oauth_key_data_raw *key); int (*get_oauth_key)(const u08bits *kid, oauth_key_data_raw *key); int (*del_oauth_key)(const u08bits *kid); - int (*list_oauth_keys)(void); + int (*list_oauth_keys)(secrets_list_t *kids,secrets_list_t *hkdfs,secrets_list_t *teas,secrets_list_t *aas); int (*get_admin_user)(const u08bits *usname, u08bits *realm, password_t pwd); int (*set_admin_user)(const u08bits *usname, const u08bits *realm, const password_t pwd); int (*del_admin_user)(const u08bits *usname); diff --git a/src/apps/relay/http_server.c b/src/apps/relay/http_server.c index c189c908..39c98345 100644 --- a/src/apps/relay/http_server.c +++ b/src/apps/relay/http_server.c @@ -117,7 +117,7 @@ static struct headers_list * post_parse(char *data, size_t data_len) value = value ? value : ""; value = evhttp_decode_uri(value); char *p = value; - while (*p != '\0') { + while (*p) { if (*p == '+') *p = ' '; p++; @@ -135,6 +135,7 @@ static struct headers_list * post_parse(char *data, size_t data_len) static struct http_request* parse_http_request_1(struct http_request* ret, char* request, int parse_post) { + if(ret && request) { char* s = strstr(request," HTTP/"); @@ -266,7 +267,7 @@ static void free_headers_list(struct headers_list *h) { } const char *get_http_header_value(const struct http_request *request, const char* key, const char* default_value) { - const char *ret = default_value; + const char *ret = NULL; if(key && key[0] && request && request->headers) { if(request->headers->uri_headers) { ret = evhttp_find_header(request->headers->uri_headers,key); @@ -274,7 +275,9 @@ const char *get_http_header_value(const struct http_request *request, const char if(!ret && request->headers->post_headers) { ret = get_headers_list_value(request->headers->post_headers,key); } - if(!ret) ret = default_value; + } + if(!ret) { + ret = default_value; } return ret; } diff --git a/src/apps/relay/turn_admin_server.c b/src/apps/relay/turn_admin_server.c index 4b54ae6f..226cf8b6 100644 --- a/src/apps/relay/turn_admin_server.c +++ b/src/apps/relay/turn_admin_server.c @@ -1392,6 +1392,12 @@ typedef enum _AS_FORM AS_FORM; #define HR_ADD_IP_REALM "aipr" #define HR_ADD_IP_KIND "aipk" #define HR_UPDATE_PARAMETER "togglepar" +#define HR_ADD_OAUTH_KID "oauth_kid" +#define HR_ADD_OAUTH_IKM "oauth_ikm" +#define HR_ADD_OAUTH_HKDF "oauth_hkdf" +#define HR_ADD_OAUTH_TEA "oauth_tea" +#define HR_ADD_OAUTH_AA "oauth_aa" +#define HR_DELETE_OAUTH_KID "oauth_kid_del" struct form_name { AS_FORM form; @@ -1558,9 +1564,11 @@ static void write_https_home_page(ioa_socket_handle s) str_buffer_append(sb,form_names[AS_FORM_OS].name); str_buffer_append(sb,"\">"); - str_buffer_append(sb,"
"); + if(is_superuser()) { + str_buffer_append(sb,"
"); + } str_buffer_append(sb,"\r\n"); str_buffer_append(sb,"\r\n"); @@ -2778,6 +2786,246 @@ static void write_origins_page(ioa_socket_handle s, const char* add_origin, cons } } +static size_t https_print_oauth_keys(struct str_buffer* sb) +{ + size_t ret = 0; + const turn_dbdriver_t * dbd = get_dbdriver(); + if (dbd && dbd->list_oauth_keys) { + secrets_list_t kids,hkdfs,teas,aas; + init_secrets_list(&kids); + init_secrets_list(&hkdfs); + init_secrets_list(&teas); + init_secrets_list(&aas); + dbd->list_oauth_keys(&kids,&hkdfs,&teas,&aas); + + size_t sz = get_secrets_list_size(&kids); + size_t i; + for(i=0;i"); + str_buffer_append_sz(sb,i+1); + str_buffer_append(sb,""); + str_buffer_append(sb,""); + str_buffer_append(sb,get_secrets_list_elem(&kids,i)); + str_buffer_append(sb,""); + str_buffer_append(sb,""); + str_buffer_append(sb,get_secrets_list_elem(&hkdfs,i)); + str_buffer_append(sb,""); + str_buffer_append(sb,""); + str_buffer_append(sb,get_secrets_list_elem(&teas,i)); + str_buffer_append(sb,""); + str_buffer_append(sb,""); + str_buffer_append(sb,get_secrets_list_elem(&aas,i)); + str_buffer_append(sb,""); + + { + str_buffer_append(sb," delete"); + str_buffer_append(sb,""); + } + str_buffer_append(sb,""); + ++ret; + } + + clean_secrets_list(&kids); + clean_secrets_list(&hkdfs); + clean_secrets_list(&teas); + clean_secrets_list(&aas); + } + + return ret; +} + +static void write_https_oauth_page(ioa_socket_handle s, const char* add_kid, const char* add_ikm, + const char* add_hkdf_hash_func, const char* add_tea, const char* add_aa, + const char* msg) +{ + if(s && !ioa_socket_tobeclosed(s)) { + + if(!(s->as_ok)) { + write_https_logon_page(s); + } else if(!is_superuser()) { + write_https_home_page(s); + } else { + + struct str_buffer* sb = str_buffer_new(); + + str_buffer_append(sb,"\r\n\r\n \r\n "); + str_buffer_append(sb,admin_title); + str_buffer_append(sb,"\r\n \r\n \r\n "); + str_buffer_append(sb,bold_admin_title); + str_buffer_append(sb,"
\r\n"); + str_buffer_append(sb,home_link); + str_buffer_append(sb,"
\r\n"); + + { + str_buffer_append(sb,"
\r\n"); + str_buffer_append(sb,"
oAuth key:\r\n"); + + if(msg && msg[0]) { + str_buffer_append(sb,"
"); + str_buffer_append(sb,msg); + str_buffer_append(sb,"

"); + } + + { + if(!add_kid) add_kid=""; + + str_buffer_append(sb,"
KID:
\r\n"); + } + { + if(!add_ikm) add_ikm = ""; + + str_buffer_append(sb,"
Base64-encoded input keying material:
\r\n"); + } + { + str_buffer_append(sb,">
Hash key derivation function:
\r\n"); + + if(!add_hkdf_hash_func || !add_hkdf_hash_func[0]) + add_hkdf_hash_func = "SHA-256"; + + str_buffer_append(sb,"SHA-1\r\n
\r\n"); + + str_buffer_append(sb,"SHA-256\r\n
\r\n"); + } + { + str_buffer_append(sb,">
Token encryption algorithm:
\r\n"); + + if(!add_tea || !add_tea[0]) + add_tea = "AES-256-CBC"; + + str_buffer_append(sb,"AES-128-CBC\r\n
\r\n"); + + str_buffer_append(sb,"AES-256-CBC\r\n
\r\n"); + + str_buffer_append(sb,"AEAD-AES-128-GCM\r\n
\r\n"); + + str_buffer_append(sb,"AEAD-AES-256-GCM\r\n
\r\n"); + } + { + str_buffer_append(sb,">
Token authentication algorithm:
\r\n"); + + if(!add_aa || !add_aa[0]) + add_aa = "HMAC-SHA-256-128"; + + str_buffer_append(sb,"HMAC-SHA-256-128\r\n
\r\n"); + + str_buffer_append(sb,"HMAC-SHA-256\r\n
\r\n"); + + str_buffer_append(sb,"HMAC-SHA-1\r\n
\r\n"); + } + + str_buffer_append(sb,"
"); + + str_buffer_append(sb,"
\r\n"); + str_buffer_append(sb,"
\r\n"); + } + + str_buffer_append(sb,"
OAuth keys:

\r\n"); + str_buffer_append(sb,"\r\n"); + str_buffer_append(sb,""); + str_buffer_append(sb,""); + str_buffer_append(sb,""); + str_buffer_append(sb,""); + str_buffer_append(sb,""); + str_buffer_append(sb,"\r\n"); + + size_t total_sz = https_print_oauth_keys(sb); + + str_buffer_append(sb,"\r\n
NKIDHash key derivation functionToken encryption algorithmToken authentication algorithm
\r\n"); + + str_buffer_append(sb,"
Total oAuth keys = "); + str_buffer_append_sz(sb,total_sz); + str_buffer_append(sb,"
\r\n"); + + str_buffer_append(sb,"\r\n\r\n"); + + send_str_from_ioa_socket_tcp(s,"HTTP/1.1 200 OK\r\nServer: "); + send_str_from_ioa_socket_tcp(s,TURN_SOFTWARE); + send_str_from_ioa_socket_tcp(s,"\r\n"); + send_str_from_ioa_socket_tcp(s,get_http_date_header()); + send_str_from_ioa_socket_tcp(s,"Content-Type: text/html; charset=UTF-8\r\nContent-Length: "); + + send_ulong_from_ioa_socket_tcp(s,str_buffer_get_str_len(sb)); + + send_str_from_ioa_socket_tcp(s,"\r\n\r\n"); + send_str_from_ioa_socket_tcp(s,str_buffer_get_str(sb)); + + str_buffer_free(sb); + } + } +} + static void handle_toggle_request(ioa_socket_handle s, struct http_request* hr) { if(s && hr) { @@ -3197,11 +3445,63 @@ static void handle_https(ioa_socket_handle s, ioa_network_buffer_handle nbh) break; } case AS_FORM_OAUTH: { - if(s->as_ok) { - //TODO + if(!s->as_ok) { + write_https_logon_page(s); + } else if(!is_superuser()) { write_https_home_page(s); } else { - write_https_logon_page(s); + + { + const char* del_kid = get_http_header_value(hr,HR_DELETE_OAUTH_KID,""); + if(del_kid[0]) { + const turn_dbdriver_t * dbd = get_dbdriver(); + if (dbd && dbd->del_oauth_key) { + (*dbd->del_oauth_key)((const u08bits*)del_kid); + } + } + } + + const char* add_kid = ""; + const char* add_ikm = ""; + const char* add_hkdf_hash_func = ""; + const char* add_tea = ""; + const char* add_aa = ""; + const char* msg = ""; + + add_kid = get_http_header_value(hr,HR_ADD_OAUTH_KID,""); + if(add_kid[0]) { + add_ikm = get_http_header_value(hr,HR_ADD_OAUTH_IKM,""); + if(add_ikm[0]) { + add_hkdf_hash_func = get_http_header_value(hr,HR_ADD_OAUTH_HKDF,""); + add_tea = get_http_header_value(hr,HR_ADD_OAUTH_TEA,""); + add_aa = get_http_header_value(hr,HR_ADD_OAUTH_AA,""); + + oauth_key_data_raw key; + ns_bzero(&key,sizeof(key)); + STRCPY(key.kid,add_kid); + STRCPY(key.ikm_key,add_ikm); + STRCPY(key.hkdf_hash_func,add_hkdf_hash_func); + STRCPY(key.as_rs_alg,add_tea); + STRCPY(key.auth_alg,add_aa); + + if(strstr(key.as_rs_alg,"AEAD")) key.auth_alg[0]=0; + + const turn_dbdriver_t * dbd = get_dbdriver(); + if (dbd && dbd->set_oauth_key) { + if((*dbd->set_oauth_key)(&key)<0) { + msg = "Cannot insert oAuth key into the database"; + } else { + add_kid = ""; + add_ikm = ""; + add_hkdf_hash_func = ""; + add_tea = ""; + add_aa = ""; + } + } + } + } + + write_https_oauth_page(s,add_kid,add_ikm,add_hkdf_hash_func,add_tea,add_aa,msg); } break; } diff --git a/src/apps/relay/userdb.c b/src/apps/relay/userdb.c index 57ac5291..5ab3d6c9 100644 --- a/src/apps/relay/userdb.c +++ b/src/apps/relay/userdb.c @@ -405,7 +405,7 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, u08bits *u if(max_session_time) *max_session_time = 0; - if(in_oauth && out_oauth && usname && usname[0] && realm && realm[0]) { + if(in_oauth && out_oauth && usname && usname[0]) { stun_attr_ref sar = stun_attr_get_first_by_type_str(ioa_network_buffer_data(nbh), ioa_network_buffer_get_size(nbh), @@ -471,6 +471,10 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, u08bits *u const char* server_name = (char*)turn_params.oauth_server_name; if(!(server_name && server_name[0])) { server_name = (char*)realm; + if(!(server_name && server_name[0])) { + TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Cannot determine oAuth server name"); + return -1; + } } if (decode_oauth_token((const u08bits *) server_name, &etoken,&okey, &dot) < 0) {