mirror of
				https://github.com/coturn/coturn.git
				synced 2025-10-25 04:51:04 +02:00 
			
		
		
		
	Move acme to new file
This commit is contained in:
		
							parent
							
								
									02d62e828d
								
							
						
					
					
						commit
						fa01cfeed6
					
				| @ -23,6 +23,8 @@ Version 4.5.2 'dan Eider': | ||||
| 		* fix compilation on macOS Big Sur | ||||
| 	- merge PR #546 (by jelmd) | ||||
| 		* Add ACME redirect url | ||||
| 	- merge PR #551 (by jelmd) | ||||
| 		* support of --acme-redirect <URL> | ||||
| 
 | ||||
| 24/06/2020 Oleg Moskalenko <mom040267@gmail.com> Mihály Mészáros <misi@majd.eu> | ||||
| Version 4.5.1.3 'dan Eider': | ||||
|  | ||||
| @ -787,13 +787,6 @@ File name to store the pid of the process. | ||||
| Default is /var/run/turnserver.pid (if superuser account is used) or | ||||
| /var/tmp/turnserver.pid . | ||||
| .TP | ||||
| .BI --acme-redirect\  URL | ||||
| Redirect ACME/RFC8555 (like Let's Encrypt challenge) requests, i.e. | ||||
| HTTP GET requests matching '^/.well-known/acme-challenge/(.*)' | ||||
| to \fIURL\fR$1 with $1 == (.*).  No validation of \fIURL\fR will be done, | ||||
| so make sure you do not forget the trailing slash. If \fIURL\fR is an empty | ||||
| string (the default value), no special handling of such requests will be done. | ||||
| .TP | ||||
| .B | ||||
| \fB\-\-proc\-user\fP | ||||
| User name to run the process. After the initialization, the \fIturnserver\fP process | ||||
|  | ||||
| @ -99,83 +99,6 @@ const char* get_http_date_header() | ||||
| 	return buffer_header; | ||||
| } | ||||
| 
 | ||||
| static int is_acme_req(char *req, size_t len) { | ||||
| 	static const char *A = "                                             -  0123456789       ABCDEFGHIJKLMNOPQRSTUVWXYZ    _ abcdefghijklmnopqrstuvwxyz     "; | ||||
| 	int c, i, k; | ||||
| 
 | ||||
| 	// Check first request line. Should be like: GET path HTTP/1.x
 | ||||
| 	if (strncmp(req, "GET /.well-known/acme-challenge/", 32)) | ||||
| 		return -1; | ||||
| 	// Usually (for LE) the "method path" is 32 + 43 = 55 chars. But other
 | ||||
| 	// implementations may choose longer pathes. We define PATHMAX = 127 chars
 | ||||
| 	// to be prepared for "DoS" attacks (STUN msg size max. is ~ 64K).
 | ||||
| 	len =- 21;					// min size of trailing headers
 | ||||
| 	if (len > 131) | ||||
| 		len = 131; | ||||
| 	for (i=32; i < (int) len; i++) { | ||||
| 		// find the end of the path
 | ||||
| 		if (req[i] != ' ') | ||||
| 			continue; | ||||
| 		// consider path < 10 chars invalid. Also we wanna see a "trailer".
 | ||||
| 		if (i < 42 || strncmp(req + i, " HTTP/1.", 8)) | ||||
| 			return -2; | ||||
| 		// finally check for allowed chars
 | ||||
| 		for (k=32; k < i; k++) { | ||||
| 			c = req[k]; | ||||
| 			if ((c > 127) || (A[c] == ' ')) | ||||
| 				return -3; | ||||
| 		} | ||||
| 		// all checks passed: sufficient for us to answer with a redirect
 | ||||
| 		return i; | ||||
| 	} | ||||
| 	return -4;		// end of path not found
 | ||||
| } | ||||
| 
 | ||||
| int try_acme_redirect(char *req, size_t len, const char *url, | ||||
| 	ioa_socket_handle s) | ||||
| { | ||||
| 	static const char *HTML = "<html><head><title>301 Moved Permanently</title></head><body><h1>301 Moved Permanently</h1></body></html>"; | ||||
| 	char http_response[1024]; | ||||
| 	int plen, rlen; | ||||
| 
 | ||||
| 	if (url == NULL || url[0] == '\0' || req == NULL || s == 0 ) | ||||
| 		return 1; | ||||
| 	if (len < 64 || len > 512 || (plen = is_acme_req(req, len)) < 33) | ||||
| 		return 2; | ||||
| 
 | ||||
| 	req[plen] = '\0'; | ||||
| 	snprintf(http_response, sizeof(http_response) - 1, | ||||
| 		"HTTP/1.1 301 Moved Permanently\r\n" | ||||
| 		"Content-Type: text/html\r\n" | ||||
| 		"Content-Length: %ld\r\n" | ||||
| 		"Connection: close\r\n" | ||||
| 		"Location: %s%s\r\n" | ||||
| 		"\r\n%s", strlen(HTML), url, req + 32, HTML); | ||||
| 
 | ||||
| 	rlen = strlen(http_response); | ||||
| 
 | ||||
| 	// Variant A: direkt write, no eventbuf stuff
 | ||||
| 	if (write(s->fd, http_response, rlen) == -1) { | ||||
| 		perror("Sending redirect failed"); | ||||
| 	} else if (((turn_turnserver *)s->session->server)->verbose) { | ||||
| 		TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "ACME redirect to %s%s\n", | ||||
| 			url, req + 32); | ||||
| 	} | ||||
| 
 | ||||
| 	req[plen] = ' '; | ||||
| 
 | ||||
| 	// Variant B: via eventbuf does not send anything for whatever reason
 | ||||
| 	/*
 | ||||
| 	set_ioa_socket_app_type(s, HTTP_CLIENT_SOCKET); | ||||
| 	ioa_network_buffer_handle nbh = ioa_network_buffer_allocate(s->e); | ||||
| 	uint8_t *data = ioa_network_buffer_data(nbh); | ||||
| 	bcopy(http_response, data, rlen); | ||||
| 	ioa_network_buffer_set_size(nbh, rlen); | ||||
| 	send_data_from_ioa_socket_nbh(s, NULL, nbh, TTL_IGNORE, TOS_IGNORE, NULL); | ||||
| 	*/ | ||||
| 
 | ||||
| 	return 0; | ||||
| } | ||||
| ///////////////////////////////////////////////
 | ||||
| 
 | ||||
| static struct headers_list * post_parse(char *data, size_t data_len) | ||||
|  | ||||
| @ -285,6 +285,9 @@ int get_default_protocol_port(const char* scheme, size_t slen); | ||||
| ///////////// HTTP ////////////////////
 | ||||
| 
 | ||||
| void handle_http_echo(ioa_socket_handle s); | ||||
| 
 | ||||
| ///////////// ACME /////////////////////
 | ||||
| 
 | ||||
| int try_acme_redirect(char *req, size_t len, const char *url, ioa_socket_handle s); | ||||
| 
 | ||||
| ///////////// ACME /////////////////////
 | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user