admin user administration commands

2025-10-28 13:31:16 +01:00 · 2015-01-11 09:50:52 +00:00 · 2015-01-11 09:50:52 +00:00 · f562b9cfa7
commit f562b9cfa7
parent 6491eedf0b
7 changed files with 53 additions and 37 deletions
--- a/examples/var/db/turndb
+++ b/examples/var/db/turndb
--- a/src/apps/relay/dbdrivers/dbd_mysql.c
+++ b/src/apps/relay/dbdrivers/dbd_mysql.c
@ -1045,6 +1045,7 @@ static int mysql_set_admin_user(const u08bits *usname, const u08bits *realm, con
 {
  int ret = -1;
  char statement[TURN_LONG_STRING_SIZE];
  donot_print_connection_success=1;
  MYSQL * myc = get_mydb_connection();
  if(myc) {
 	  snprintf(statement,sizeof(statement),"insert into admin_user (realm,name,password) values('%s','%s','%s')",realm,usname,pwd);
@ -1068,6 +1069,7 @@ static int mysql_del_admin_user(const u08bits *usname)
 {
 	int ret = -1;
 	char statement[TURN_LONG_STRING_SIZE];
 	donot_print_connection_success=1;
 	MYSQL * myc = get_mydb_connection();
 	if(myc) {
 		snprintf(statement,sizeof(statement),"delete from admin_user where name='%s'",usname);
@ -1085,6 +1087,7 @@ static int mysql_list_admin_users(void)
 {
 	int ret = -1;
 	char statement[TURN_LONG_STRING_SIZE];
 	donot_print_connection_success=1;
 	MYSQL * myc = get_mydb_connection();
 	if(myc) {
 		snprintf(statement,sizeof(statement),"select name, realm from admin_user order by realm,name");
--- a/src/apps/relay/dbdrivers/dbd_pgsql.c
+++ b/src/apps/relay/dbdrivers/dbd_pgsql.c
@ -765,6 +765,7 @@ static int pgsql_set_admin_user(const u08bits *usname, const u08bits *realm, con
 {
 	int ret = -1;
 	char statement[TURN_LONG_STRING_SIZE];
 	donot_print_connection_success=1;
 	PGconn *pqc = get_pqdb_connection();
 	if(pqc) {
 	  snprintf(statement,sizeof(statement),"insert into admin_user (realm,name,password) values('%s','%s','%s')",realm,usname,pwd);
@ -793,6 +794,7 @@ static int pgsql_del_admin_user(const u08bits *usname)
 {
 	int ret = -1;
 	char statement[TURN_LONG_STRING_SIZE];
 	donot_print_connection_success=1;
 	PGconn *pqc = get_pqdb_connection();
 	if(pqc) {
 		snprintf(statement,sizeof(statement),"delete from admin_user where name='%s'",usname);
@ -809,6 +811,7 @@ static int pgsql_list_admin_users(void)
 {
 	int ret = -1;
 	char statement[TURN_LONG_STRING_SIZE];
 	donot_print_connection_success=1;
 	PGconn *pqc = get_pqdb_connection();
 	if(pqc) {
 		snprintf(statement,sizeof(statement),"select name,realm,password from admin_user order by realm,name");
--- a/src/apps/relay/dbdrivers/dbd_redis.c
+++ b/src/apps/relay/dbdrivers/dbd_redis.c
@ -539,7 +539,7 @@ static int redis_set_oauth_key(oauth_key_data_raw *key) {
  redisContext *rc = get_redis_connection();
  if(rc) {
 	char statement[TURN_LONG_STRING_SIZE];
-	snprintf(statement,sizeof(statement),"hmset turn/oauth/kid/%s ikm_key '%s' hkdf_hash_func '%s' as_rs_alg '%s' as_rs_key '%s' auth_alg '%s' auth_key '%s' timestamp %llu lifetime %lu",
+	snprintf(statement,sizeof(statement),"hmset turn/oauth/kid/%s ikm_key %s hkdf_hash_func %s as_rs_alg %s as_rs_key %s auth_alg %s auth_key %s timestamp %llu lifetime %lu",
 			key->kid,key->ikm_key,key->hkdf_hash_func,key->as_rs_alg,key->as_rs_key,key->auth_alg,key->auth_key,(unsigned long long)key->timestamp,(unsigned long)key->lifetime);
 	turnFreeRedisReply(redisCommand(rc, statement));
 	turnFreeRedisReply(redisCommand(rc, "save"));
@ -1187,13 +1187,14 @@ static int redis_get_admin_user(const u08bits *usname, u08bits *realm, password_
 static int redis_set_admin_user(const u08bits *usname, const u08bits *realm, const password_t pwd)
 {
  int ret = -1;
  donot_print_connection_success = 1;
  redisContext *rc = get_redis_connection();
  if(rc) {
 	char statement[TURN_LONG_STRING_SIZE];
 	if(realm[0]) {
-		snprintf(statement,sizeof(statement),"hmset turn/admin_user/%s realm '%s' password '%s'",usname,realm,pwd);
+		snprintf(statement,sizeof(statement),"hmset turn/admin_user/%s realm %s password %s",usname,realm,pwd);
 	} else {
-		snprintf(statement,sizeof(statement),"hmset turn/admin_user/%s password '%s'",usname,pwd);
+		snprintf(statement,sizeof(statement),"hmset turn/admin_user/%s password %s",usname,pwd);
 	}
 	turnFreeRedisReply(redisCommand(rc, statement));
 	turnFreeRedisReply(redisCommand(rc, "save"));
@ -1204,6 +1205,7 @@ static int redis_set_admin_user(const u08bits *usname, const u08bits *realm, con
 static int redis_del_admin_user(const u08bits *usname) {
  int ret = -1;
  donot_print_connection_success = 1;
  redisContext *rc = get_redis_connection();
  if(rc) {
 	char statement[TURN_LONG_STRING_SIZE];
@ -1218,6 +1220,7 @@ static int redis_del_admin_user(const u08bits *usname) {
 static int redis_list_admin_users(void)
 {
  int ret = -1;
  donot_print_connection_success = 1;
  redisContext *rc = get_redis_connection();
  secrets_list_t keys;
  size_t isz = 0;
--- a/src/apps/relay/mainrelay.c
+++ b/src/apps/relay/mainrelay.c
@ -119,7 +119,7 @@ LOW_DEFAULT_PORTS_BOUNDARY,HIGH_DEFAULT_PORTS_BOUNDARY,0,0,0,"",
 /////////////// MISC PARAMS ////////////////
 0,0,0,0,0,SHATYPE_SHA1,':',0,0,TURN_CREDENTIALS_NONE,0,0,0,0,0,0,
 ///////////// Users DB //////////////
-{ (TURN_USERDB_TYPE)0, {"\0"}, {0,NULL,NULL, {NULL,0}} },
+{ (TURN_USERDB_TYPE)0, {"\0"}, {0,NULL, {NULL,0}} },
 ///////////// CPUs //////////////////
 DEFAULT_CPUS_NUMBER
 };
@ -1129,7 +1129,7 @@ static void set_option(int c, char *value)
 		turn_params.fingerprint = get_bool_value(value);
 		break;
 	case 'u':
-		add_user_account(value,0);
+		add_static_user_account(value);
 		break;
 #if !defined(TURN_NO_SQLITE)
 	case 'b':
@ -1585,7 +1585,7 @@ static int adminmain(int argc, char **argv)
 		exit(-1);
 	}
-	return adminuser(user, realm, pwd, secret, origin, ct, &po);
+	return adminuser(user, realm, pwd, secret, origin, ct, &po, is_admin);
 }
 static void print_features(unsigned long mfn)
@ -1804,7 +1804,6 @@ int main(int argc, char **argv)
 	ns_bzero(&turn_params.default_users_db,sizeof(default_users_db_t));
 	turn_params.default_users_db.ram_db.static_accounts = ur_string_map_create(turn_free_simple);
 	turn_params.default_users_db.ram_db.dynamic_accounts = ur_string_map_create(turn_free_simple);
 	if(strstr(argv[0],"turnadmin"))
 		return adminmain(argc,argv);
--- a/src/apps/relay/userdb.c
+++ b/src/apps/relay/userdb.c
@ -620,12 +620,6 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, u08bits *u
 	ur_string_map_lock(turn_params.default_users_db.ram_db.static_accounts);
 	if(ur_string_map_get(turn_params.default_users_db.ram_db.static_accounts, (ur_string_map_key_type)usname, &ukey)) {
 		ret = 0;
 	} else {
 		ur_string_map_lock(turn_params.default_users_db.ram_db.dynamic_accounts);
 		if(ur_string_map_get(turn_params.default_users_db.ram_db.dynamic_accounts, (ur_string_map_key_type)usname, &ukey)) {
 			ret = 0;
 		}
 		ur_string_map_unlock(turn_params.default_users_db.ram_db.dynamic_accounts);
 	}
 	ur_string_map_unlock(turn_params.default_users_db.ram_db.static_accounts);
@ -721,7 +715,7 @@ void release_allocation_quota(u08bits *user, int oauth, u08bits *realm)
 //////////////////////////////////
-int add_user_account(char *user, int dynamic)
+int add_static_user_account(char *user)
 {
 	/* Realm is either default or empty for users taken from file or command-line */
 	if(user && !turn_params.use_auth_secret_with_timestamp) {
@ -755,11 +749,7 @@ int add_user_account(char *user, int dynamic)
 				//this is only for default realm
 				stun_produce_integrity_key_str((u08bits*)usname, (u08bits*)get_realm(NULL)->options.name, (u08bits*)s, *key, turn_params.shatype);
 			}
-			if(dynamic) {
+			{
 				ur_string_map_lock(turn_params.default_users_db.ram_db.dynamic_accounts);
 				ur_string_map_put(turn_params.default_users_db.ram_db.dynamic_accounts, (ur_string_map_key_type)usname, (ur_string_map_value_type)*key);
 				ur_string_map_unlock(turn_params.default_users_db.ram_db.dynamic_accounts);
 			} else {
 				ur_string_map_lock(turn_params.default_users_db.ram_db.static_accounts);
 				ur_string_map_put(turn_params.default_users_db.ram_db.static_accounts, (ur_string_map_key_type)usname, (ur_string_map_value_type)*key);
 				ur_string_map_unlock(turn_params.default_users_db.ram_db.static_accounts);
@ -775,11 +765,19 @@ int add_user_account(char *user, int dynamic)
 ////////////////// Admin /////////////////////////
-static int list_users(u08bits *realm)
+static int list_users(u08bits *realm, int is_admin)
 {
  const turn_dbdriver_t * dbd = get_dbdriver();
-  if (dbd && dbd->list_users) {
+  if (dbd) {
-    (*dbd->list_users)(realm);
+	  if(is_admin) {
 		  if(dbd->list_admin_users) {
 		  	(*dbd->list_admin_users)();
 		  }
 	  } else {
 		  if(dbd->list_users) {
 			  (*dbd->list_users)(realm);
 		  }
 	  }
  }
  return 0;
@ -895,17 +893,13 @@ static int list_realm_options(u08bits *realm)
 	return 0;
 }
-int adminuser(u08bits *user, u08bits *realm, u08bits *pwd, u08bits *secret, u08bits *origin, TURNADMIN_COMMAND_TYPE ct, perf_options_t *po)
+int adminuser(u08bits *user, u08bits *realm, u08bits *pwd, u08bits *secret, u08bits *origin, TURNADMIN_COMMAND_TYPE ct, perf_options_t *po, int is_admin)
 {
 	hmackey_t key;
 	char skey[sizeof(hmackey_t) * 2 + 1];
 	password_t passwd;
 	STRCPY(passwd,pwd);
 	if (ct == TA_LIST_USERS) {
-		return list_users(realm);
+		return list_users(realm, is_admin);
 	}
 	if (ct == TA_LIST_ORIGINS) {
@ -950,7 +944,7 @@ int adminuser(u08bits *user, u08bits *realm, u08bits *pwd, u08bits *secret, u08b
 	must_set_admin_user(user);
-	if (ct != TA_DELETE_USER) {
+	if (ct != TA_DELETE_USER && !is_admin) {
 		must_set_admin_pwd(pwd);
@ -977,14 +971,29 @@ int adminuser(u08bits *user, u08bits *realm, u08bits *pwd, u08bits *secret, u08b
 	} else if (dbd) {
-		must_set_admin_realm(realm);
+		if(!is_admin)
 			must_set_admin_realm(realm);
 		if (ct == TA_DELETE_USER) {
-			if (dbd->del_user)
+			if(is_admin) {
-				(*dbd->del_user)(user, realm);
+				if (dbd->del_admin_user)
 					(*dbd->del_admin_user)(user);
 			} else {
 				if (dbd->del_user)
 					(*dbd->del_user)(user, realm);
 			}
 		} else if (ct == TA_UPDATE_USER) {
-			if (dbd->set_user_key)
+			if(is_admin) {
-				(*dbd->set_user_key)(user, realm, skey);
+				must_set_admin_pwd(pwd);
 				if (dbd->set_admin_user) {
 					password_t password;
 					STRCPY(password,pwd);
 					(*dbd->set_admin_user)(user, realm, password);
 				}
 			} else {
 				if (dbd->set_user_key)
 					(*dbd->set_user_key)(user, realm, skey);
 			}
 		}
 	}
--- a/src/apps/relay/userdb.h
+++ b/src/apps/relay/userdb.h
@ -149,7 +149,6 @@ typedef struct _secrets_list secrets_list_t;
 typedef struct _ram_users_db_t {
 	size_t users_number;
 	ur_string_map *static_accounts;
 	ur_string_map *dynamic_accounts;
 	secrets_list_t static_auth_secrets;
 } ram_users_db_t;
@ -199,8 +198,8 @@ void release_allocation_quota(u08bits *username, int oauth, u08bits *realm);
 void auth_ping(redis_context_handle rch);
 void reread_realms(void);
-int add_user_account(char *user, int dynamic);
+int add_static_user_account(char *user);
-int adminuser(u08bits *user, u08bits *realm, u08bits *pwd, u08bits *secret, u08bits *origin, TURNADMIN_COMMAND_TYPE ct, perf_options_t* po);
+int adminuser(u08bits *user, u08bits *realm, u08bits *pwd, u08bits *secret, u08bits *origin, TURNADMIN_COMMAND_TYPE ct, perf_options_t* po, int is_admin);
 int add_ip_list_range(const char* range, const char* realm, ip_range_list_t * list);
 ip_range_list_t* get_ip_list(const char *kind);