mirrors/coturn
1
0
Fork 0
mirror of https://github.com/coturn/coturn.git synced 2025-10-24 20:41:03 +02:00
Code Issues Projects Releases Wiki Activity

new turn_admin table

Browse Source
This commit is contained in:
mom040267 2015-01-07 07:57:56 +00:00
parent 44475566bb
commit f17ce4fe83
13 changed files with 77 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
INSTALL
View File

@ -669,7 +669,7 @@ The schema description:
# Table for long-term credentials mechanism authorization:
#
CREATE TABLE turnusers_lt (
realm varchar(512) default '',
realm varchar(127) default '',
name varchar(512),
hmackey char(128),
PRIMARY KEY (realm,name)
@ -688,7 +688,7 @@ or 64 characters (HEX representation of 32 bytes) for SHA256.
#
CREATE TABLE turnusers_st (
name varchar(512) PRIMARY KEY,
password varchar(512)
password varchar(127)
);
# Table holding shared secrets for secret-based authorization
@ -696,15 +696,15 @@ CREATE TABLE turnusers_st (
# mechanism:
#
CREATE TABLE turn_secret (
realm varchar(512) default '',
value varchar(512),
realm varchar(127) default '',
value varchar(127),
primary key (realm,value)
);
# Table holding "white" allowed peer IP ranges.
#
CREATE TABLE allowed_peer_ip (
realm varchar(512) default '',
realm varchar(127) default '',
ip_range varchar(256),
primary key (realm,ip_range)
);
@ -712,7 +712,7 @@ CREATE TABLE allowed_peer_ip (
# Table holding "black" denied peer IP ranges.
#
CREATE TABLE denied_peer_ip (
realm varchar(512) default '',
realm varchar(127) default '',
ip_range varchar(256),
primary key (realm,ip_range)
);
@ -723,8 +723,8 @@ CREATE TABLE denied_peer_ip (
# then the default realm is used.
#
CREATE TABLE turn_origin_to_realm (
origin varchar(512),
realm varchar(512),
origin varchar(127),
realm varchar(127),
primary key (origin,realm)
);
@ -734,7 +734,7 @@ CREATE TABLE turn_origin_to_realm (
# Values for them are integers (in text form).
#
CREATE TABLE turn_realm_option (
realm varchar(512) default '',
realm varchar(127) default '',
opt varchar(32),
value varchar(128),
primary key (realm,opt)
@ -753,7 +753,7 @@ CREATE TABLE oauth_key (
auth_alg varchar(64) default '',
auth_key varchar(256) default '',
primary key (kid)
);
);
The oauth_key table fields meanings are:
@ -791,6 +791,17 @@ The oauth_key table fields meanings are:
calculated with ikm_key and hkdf_hash_func. The auth_key length
is defined by auth_alg.
# Https access admin users.
# Leave this table empty if you do not want
# remote https access to the admin functions.
#
CREATE TABLE admin_user (
uname varchar(32),
realm varchar(127),
password varchar(127),
primary key (uname)
);
You can use turnadmin program to manage the database - you can either use
turnadmin to add/modify/delete users, or you can use turnadmin to produce
the hmac keys and modify the database with your favorite tools.

BIN
examples/var/db/turndb
View File

Binary file not shown.

4
src/apps/relay/dbdrivers/dbd_redis.c
View File

@ -533,8 +533,8 @@ static int redis_get_user_pwd(u08bits *usname, st_password_t pwd) {
if (rget->type != REDIS_REPLY_NIL)
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Unexpected type: %d\n", rget->type);
} else {
strncpy((char*)pwd,rget->str,SHORT_TERM_PASSWORD_SIZE);
pwd[SHORT_TERM_PASSWORD_SIZE]=0;
strncpy((char*)pwd,rget->str,STUN_MAX_PWD_SIZE);
pwd[STUN_MAX_PWD_SIZE]=0;
ret = 0;
}
turnFreeRedisReply(rget);

23
src/apps/relay/dbdrivers/dbd_sqlite.c
View File

@ -148,14 +148,15 @@ static void fix_user_directory(char *dir0) {
static void init_sqlite_database(sqlite3 *sqliteconnection) {
const char * statements[] = {
"CREATE TABLE turnusers_lt ( realm varchar(512) default '', name varchar(512), hmackey char(128), PRIMARY KEY (realm,name))",
"CREATE TABLE turnusers_st (name varchar(512) PRIMARY KEY, password varchar(512))",
"CREATE TABLE turn_secret (realm varchar(512) default '', value varchar(512), primary key (realm,value))",
"CREATE TABLE allowed_peer_ip (realm varchar(512) default '', ip_range varchar(256), primary key (realm,ip_range))",
"CREATE TABLE denied_peer_ip (realm varchar(512) default '', ip_range varchar(256), primary key (realm,ip_range))",
"CREATE TABLE turn_origin_to_realm (origin varchar(512),realm varchar(512),primary key (origin))",
"CREATE TABLE turn_realm_option (realm varchar(512) default '', opt varchar(32), value varchar(128), primary key (realm,opt))",
"CREATE TABLE turnusers_lt ( realm varchar(127) default '', name varchar(512), hmackey char(128), PRIMARY KEY (realm,name))",
"CREATE TABLE turnusers_st (name varchar(512) PRIMARY KEY, password varchar(127))",
"CREATE TABLE turn_secret (realm varchar(127) default '', value varchar(127), primary key (realm,value))",
"CREATE TABLE allowed_peer_ip (realm varchar(127) default '', ip_range varchar(256), primary key (realm,ip_range))",
"CREATE TABLE denied_peer_ip (realm varchar(127) default '', ip_range varchar(256), primary key (realm,ip_range))",
"CREATE TABLE turn_origin_to_realm (origin varchar(127),realm varchar(127),primary key (origin))",
"CREATE TABLE turn_realm_option (realm varchar(127) default '', opt varchar(32), value varchar(128), primary key (realm,opt))",
"CREATE TABLE oauth_key (kid varchar(128),ikm_key varchar(256) default '',timestamp bigint default 0,lifetime integer default 0,hkdf_hash_func varchar(64) default '',as_rs_alg varchar(64) default '',as_rs_key varchar(256) default '',auth_alg varchar(64) default '',auth_key varchar(256) default '',primary key (kid))",
"CREATE TABLE admin_user (uname varchar(32), realm varchar(127), password varchar(127), primary key (uname))",
NULL
};
@ -188,10 +189,12 @@ static sqlite3 * get_sqlite_connection(void) {
sqliteconnection=NULL;
}
turn_params.default_users_db.userdb_type = TURN_USERDB_TYPE_UNKNOWN;
} else if(!donot_print_connection_success){
} else {
init_sqlite_database(sqliteconnection);
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "SQLite DB connection success: %s\n",pud->userdb);
donot_print_connection_success = 1;
if(!donot_print_connection_success){
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "SQLite DB connection success: %s\n",pud->userdb);
donot_print_connection_success = 1;
}
}
if(sqliteconnection) {
(void) pthread_setspecific(connection_key, sqliteconnection);

4
src/apps/relay/userdb.h
View File

@ -46,10 +46,6 @@
extern "C" {
#endif
//////////// Defines //////////////////////////////
#define AUTH_SECRET_SIZE (512)
//////////// REALM //////////////
struct _realm_status_t;

3
src/client/ns_turn_msg.h
View File

@ -66,8 +66,7 @@ typedef u08bits hmackey_t[64];
/**
* Short-term credentials password
*/
#define SHORT_TERM_PASSWORD_SIZE (512)
typedef u08bits st_password_t[SHORT_TERM_PASSWORD_SIZE+1];
typedef u08bits st_password_t[STUN_MAX_PWD_SIZE+1];
typedef unsigned int band_limit_t;
///////////////////////////////////

3
src/client/ns_turn_msg_defs.h
View File

@ -40,11 +40,12 @@
#define STUN_HEADER_LENGTH (20)
#define STUN_CHANNEL_HEADER_LENGTH (4)
#define STUN_MAX_USERNAME_SIZE (513)
#define STUN_MAX_USERNAME_SIZE (512)
#define STUN_MAX_REALM_SIZE (127)
#define STUN_MAX_NONCE_SIZE (127)
#define STUN_MAX_SERVER_NAME_SIZE (1025)
#define STUN_MAX_PWD_SIZE (127)
#define AUTH_SECRET_SIZE STUN_MAX_PWD_SIZE
#define STUN_MAGIC_COOKIE (0x2112A442)

1
turndb/schema.mongo.sh
View File

@ -9,6 +9,7 @@ db.turnusers_st.ensureIndex({ name: 1 }, { unique: 1 });
db.turn_secret.ensureIndex({ realm: 1 }, { unique: 1 });
db.realm.ensureIndex({ realm: 1 }, { unique: 1 });
db.oauth_key.ensureIndex({ kid: 1 }, {unique: 1 });
db.admin_user.ensureIndex({ uname: 1 }, {unique: 1 });
exit

25
turndb/schema.sql
View File

@ -1,6 +1,6 @@
CREATE TABLE turnusers_lt (
realm varchar(512) default '',
realm varchar(127) default '',
name varchar(512),
hmackey char(128),
PRIMARY KEY (realm,name)
@ -8,35 +8,35 @@ CREATE TABLE turnusers_lt (
CREATE TABLE turnusers_st (
name varchar(512) PRIMARY KEY,
password varchar(512)
password varchar(127)
);
CREATE TABLE turn_secret (
realm varchar(512) default '',
value varchar(512),
realm varchar(127) default '',
value varchar(127),
primary key (realm,value)
);
CREATE TABLE allowed_peer_ip (
realm varchar(512) default '',
realm varchar(127) default '',
ip_range varchar(256),
primary key (realm,ip_range)
);
CREATE TABLE denied_peer_ip (
realm varchar(512) default '',
realm varchar(127) default '',
ip_range varchar(256),
primary key (realm,ip_range)
);
CREATE TABLE turn_origin_to_realm (
origin varchar(512),
realm varchar(512),
origin varchar(127),
realm varchar(127),
primary key (origin)
);
CREATE TABLE turn_realm_option (
realm varchar(512) default '',
realm varchar(127) default '',
opt varchar(32),
value varchar(128),
primary key (realm,opt)
@ -54,3 +54,10 @@ CREATE TABLE oauth_key (
auth_key varchar(256) default '',
primary key (kid)
);
CREATE TABLE admin_user (
uname varchar(32),
realm varchar(127),
password varchar(127),
primary key (uname)
);

13
turndb/schema.userdb.redis
View File

@ -72,6 +72,12 @@ and they will be almost immediately "seen" by the turnserver process.
auth_key - (optional) base64-encoded AUTH key. If not defined, then
calculated with ikm_key and hkdf_hash_func. The auth_key length
is defined by auth_alg.
6) admin users (over https interface) are maintained as keys of form:
"turn/realm/<realm-name>/admin_user/<username>/password" with the password
values (for the per-relam admin users), or as keys of form:
"turn/admin_user/<username>/password" with password values - for the global
admin users.
II. Extra realms data in the database
@ -104,7 +110,9 @@ This example sets user database for:
* The realm performance parameters: "max_bps",
"total_quota" and "user_quota" (same names as the turnserver
configuration options, with the same meanings).
* The oAuth data for the key with kid "north" and key value "carleon".
* The oAuth data for the key with kid "north" and key value "carleon".
* The admin user 'skarling', realm 'north.gov', with password 'hoodless';
* The global admin user 'bayaz' with password 'magi';
The shell command would be:
@ -131,6 +139,9 @@ set turn/user/gorst/password "hero"
set turn/user/whirrun/password "sword"
set turn/user/stranger-come-knocking/password "civilization"
set turn/realm/north.gov/admin_user/skarling/password "hoodless"
set turn/admin_user/bayaz/password "magi"
set turn/realm/north.gov/max-bps 500000
set turn/realm/north.gov/total-quota 12000
set turn/realm/north.gov/user-quota 10000

3
turndb/testmongosetup.sh
View File

@ -23,6 +23,9 @@ db.turnusers_st.insert({ name: 'stranger-come-knocking', password: 'civilization
db.turn_secret.insert({ realm: 'north.gov', value: 'logen' });
db.turn_secret.insert({ realm: 'crinna.org', value: 'north' });
db.admin_user.insert({ uname: 'skarling', realm: 'north.gov', password: 'hoodless' });
db.admin_user.insert({ uname: 'bayaz', realm: '', password: 'magi' });
db.realm.insert({
realm: 'north.gov',
options: {

3
turndb/testredisdbsetup.sh
View File

@ -32,6 +32,9 @@ set turn/user/bethod/password "king-of-north"
set turn/user/whirrun/password "sword"
set turn/user/stranger-come-knocking/password "civilization"
set turn/realm/north.gov/admin_user/skarling/password "hoodless"
set turn/admin_user/bayaz/password "magi"
set turn/realm/north.gov/max-bps 500000
set turn/realm/north.gov/total-quota 12000
set turn/realm/north.gov/user-quota 10000

3
turndb/testsqldbsetup.sql
View File

@ -12,6 +12,9 @@ insert into turnusers_st (name, password) values('stranger-come-knocking','civil
insert into turn_secret (realm,value) values('north.gov','logen');
insert into turn_secret (realm,value) values('crinna.org','north');
insert into admin_user (uname, realm, password) values('skarling','north.gov','hoodless');
insert into admin_user (uname, realm, password) values('bayaz','','magi');
insert into turn_origin_to_realm (origin,realm) values('http://crinna.org:80','crinna.org');
insert into turn_origin_to_realm (origin,realm) values('https://bligh.edu:443','crinna.org');