mirrors/coturn
1
0
Fork 0
mirror of https://github.com/coturn/coturn.git synced 2025-10-25 04:51:04 +02:00
Code Issues Projects Releases Wiki Activity

Move acme to new file

Browse Source
This commit is contained in:
Mészáros Mihály 2020-08-08 22:47:41 +02:00
parent 02d62e828d
commit fa01cfeed6
4 changed files with 5 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -23,6 +23,8 @@ Version 4.5.2 'dan Eider':
* fix compilation on macOS Big Sur * fix compilation on macOS Big Sur
- merge PR #546 (by jelmd) - merge PR #546 (by jelmd)
* Add ACME redirect url * Add ACME redirect url
- merge PR #551 (by jelmd)
* support of --acme-redirect <URL>
24/06/2020 Oleg Moskalenko <mom040267@gmail.com> Mihály Mészáros <misi@majd.eu> 24/06/2020 Oleg Moskalenko <mom040267@gmail.com> Mihály Mészáros <misi@majd.eu>
Version 4.5.1.3 'dan Eider': Version 4.5.1.3 'dan Eider':

7
man/man1/turnserver.1
View File

@ -787,13 +787,6 @@ File name to store the pid of the process.
Default is /var/run/turnserver.pid (if superuser account is used) or Default is /var/run/turnserver.pid (if superuser account is used) or
/var/tmp/turnserver.pid . /var/tmp/turnserver.pid .
.TP .TP
.BI --acme-redirect\ URL
Redirect ACME/RFC8555 (like Let's Encrypt challenge) requests, i.e.
HTTP GET requests matching '^/.well-known/acme-challenge/(.*)'
to \fIURL\fR$1 with $1 == (.*). No validation of \fIURL\fR will be done,
so make sure you do not forget the trailing slash. If \fIURL\fR is an empty
string (the default value), no special handling of such requests will be done.
.TP
.B .B
\fB\-\-proc\-user\fP \fB\-\-proc\-user\fP
User name to run the process. After the initialization, the \fIturnserver\fP process User name to run the process. After the initialization, the \fIturnserver\fP process

77
src/apps/relay/http_server.c
View File

@ -99,83 +99,6 @@ const char* get_http_date_header()
return buffer_header; return buffer_header;
} }
static int is_acme_req(char *req, size_t len) {
static const char *A = " - 0123456789 ABCDEFGHIJKLMNOPQRSTUVWXYZ _ abcdefghijklmnopqrstuvwxyz ";
int c, i, k;
// Check first request line. Should be like: GET path HTTP/1.x
if (strncmp(req, "GET /.well-known/acme-challenge/", 32))
return -1;
// Usually (for LE) the "method path" is 32 + 43 = 55 chars. But other
// implementations may choose longer pathes. We define PATHMAX = 127 chars
// to be prepared for "DoS" attacks (STUN msg size max. is ~ 64K).
len =- 21; // min size of trailing headers
if (len > 131)
len = 131;
for (i=32; i < (int) len; i++) {
// find the end of the path
if (req[i] != ' ')
continue;
// consider path < 10 chars invalid. Also we wanna see a "trailer".
if (i < 42 || strncmp(req + i, " HTTP/1.", 8))
return -2;
// finally check for allowed chars
for (k=32; k < i; k++) {
c = req[k];
if ((c > 127) || (A[c] == ' '))
return -3;
}
// all checks passed: sufficient for us to answer with a redirect
return i;
}
return -4; // end of path not found
}
int try_acme_redirect(char *req, size_t len, const char *url,
ioa_socket_handle s)
{
static const char *HTML = "<html><head><title>301 Moved Permanently</title></head><body><h1>301 Moved Permanently</h1></body></html>";
char http_response[1024];
int plen, rlen;
if (url == NULL || url[0] == '\0' || req == NULL || s == 0 )
return 1;
if (len < 64 || len > 512 || (plen = is_acme_req(req, len)) < 33)
return 2;
req[plen] = '\0';
snprintf(http_response, sizeof(http_response) - 1,
"HTTP/1.1 301 Moved Permanently\r\n"
"Content-Type: text/html\r\n"
"Content-Length: %ld\r\n"
"Connection: close\r\n"
"Location: %s%s\r\n"
"\r\n%s", strlen(HTML), url, req + 32, HTML);
rlen = strlen(http_response);
// Variant A: direkt write, no eventbuf stuff
if (write(s->fd, http_response, rlen) == -1) {
perror("Sending redirect failed");
} else if (((turn_turnserver *)s->session->server)->verbose) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "ACME redirect to %s%s\n",
url, req + 32);
}
req[plen] = ' ';
// Variant B: via eventbuf does not send anything for whatever reason
/*
set_ioa_socket_app_type(s, HTTP_CLIENT_SOCKET);
ioa_network_buffer_handle nbh = ioa_network_buffer_allocate(s->e);
uint8_t *data = ioa_network_buffer_data(nbh);
bcopy(http_response, data, rlen);
ioa_network_buffer_set_size(nbh, rlen);
send_data_from_ioa_socket_nbh(s, NULL, nbh, TTL_IGNORE, TOS_IGNORE, NULL);
*/
return 0;
}
/////////////////////////////////////////////// ///////////////////////////////////////////////
static struct headers_list * post_parse(char *data, size_t data_len) static struct headers_list * post_parse(char *data, size_t data_len)

3
src/server/ns_turn_ioalib.h
View File

@ -285,6 +285,9 @@ int get_default_protocol_port(const char* scheme, size_t slen);
///////////// HTTP //////////////////// ///////////// HTTP ////////////////////
void handle_http_echo(ioa_socket_handle s); void handle_http_echo(ioa_socket_handle s);
///////////// ACME /////////////////////
int try_acme_redirect(char *req, size_t len, const char *url, ioa_socket_handle s); int try_acme_redirect(char *req, size_t len, const char *url, ioa_socket_handle s);
///////////// ACME ///////////////////// ///////////// ACME /////////////////////