11 年前 · 00336faf3d
--- a/src/apps/relay/dbdrivers/dbd_mongo.c
+++ b/src/apps/relay/dbdrivers/dbd_mongo.c
@@ -566,11 +566,15 @@ static int mongo_list_oauth_keys(void) {
 
				   if(!collection)
			
 
				     return -1;
			
 
				 
			
 
				-  bson_t query, child;
			
 
				+  bson_t query;
			
 
				   bson_init(&query);
			
 
				+
			
 
				+  bson_t child;
			
 
				   bson_append_document_begin(&query, "$orderby", -1, &child);
			
 
				   bson_append_int32(&child, "kid", -1, 1);
			
 
				   bson_append_document_end(&query, &child);
			
 
				+  bson_append_document_begin(&query, "$query", -1, &child);
			
 
				+  bson_append_document_end(&query, &child);
			
 
				 
			
 
				   bson_t fields;
			
 
				   bson_init(&fields);
			
@@ -598,6 +602,8 @@ static int mongo_list_oauth_keys(void) {
 
				     uint32_t length;
			
 
				     bson_iter_t iter;
			
 
				     while (mongoc_cursor_next(cursor, &item)) {
			
 
				+
			
 
				+    	ns_bzero(key,sizeof(oauth_key_data_raw));
			
 
				     	if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "kid") && BSON_ITER_HOLDS_UTF8(&iter)) {
			
 
				     		STRCPY(key->kid,bson_iter_utf8(&iter, &length));
			
 
				     	}
			
--- a/src/apps/relay/dbdrivers/dbd_redis.c
+++ b/src/apps/relay/dbdrivers/dbd_redis.c
@@ -511,24 +511,25 @@ static int redis_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
 
				 		} else {
			
 
				 			size_t i;
			
 
				 			for (i = 0; i < (reply->elements)/2; ++i) {
			
 
				-				char *kw = reply->element[i]->str;
			
 
				+				char *kw = reply->element[2*i]->str;
			
 
				+				char *val = reply->element[2*i+1]->str;
			
 
				 				if(kw) {
			
 
				 					if(!strcmp(kw,"as_rs_alg")) {
			
 
				-						STRCPY(key->as_rs_alg,reply->element[i+1]->str);
			
 
				+						STRCPY(key->as_rs_alg,val);
			
 
				 					} else if(!strcmp(kw,"as_rs_key")) {
			
 
				-						STRCPY(key->as_rs_key,reply->element[i+1]->str);
			
 
				+						STRCPY(key->as_rs_key,val);
			
 
				 					} else if(!strcmp(kw,"auth_key")) {
			
 
				-						STRCPY(key->auth_key,reply->element[i+1]->str);
			
 
				+						STRCPY(key->auth_key,val);
			
 
				 					} else if(!strcmp(kw,"auth_alg")) {
			
 
				-						STRCPY(key->auth_alg,reply->element[i+1]->str);
			
 
				+						STRCPY(key->auth_alg,val);
			
 
				 					} else if(!strcmp(kw,"ikm_key")) {
			
 
				-						STRCPY(key->ikm_key,reply->element[i+1]->str);
			
 
				+						STRCPY(key->ikm_key,val);
			
 
				 					} else if(!strcmp(kw,"hkdf_hash_func")) {
			
 
				-						STRCPY(key->hkdf_hash_func,reply->element[i+1]->str);
			
 
				+						STRCPY(key->hkdf_hash_func,val);
			
 
				 					} else if(!strcmp(kw,"timestamp")) {
			
 
				-						key->timestamp = (u64bits)strtoull(reply->element[i+1]->str,NULL,10);
			
 
				+						key->timestamp = (u64bits)strtoull(val,NULL,10);
			
 
				 					} else if(!strcmp(kw,"lifetime")) {
			
 
				-						key->lifetime = (u32bits)strtoul(reply->element[i+1]->str,NULL,10);
			
 
				+						key->lifetime = (u32bits)strtoul(val,NULL,10);
			
 
				 					}
			
 
				 				}
			
 
				 			}
			
@@ -739,16 +740,18 @@ static int redis_list_oauth_keys(void) {
 
				   init_secrets_list(&keys);
			
 
				 
			
 
				   if(rc) {
			
 
				+
			
 
				 	  redisReply *reply = NULL;
			
 
				 
			
 
				 	  reply = (redisReply*)redisCommand(rc, "keys turn/oauth/kid/*");
			
 
				 	  if(reply) {
			
 
				 
			
 
				-		if (reply->type == REDIS_REPLY_ERROR)
			
 
				+		if (reply->type == REDIS_REPLY_ERROR) {
			
 
				 			TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error: %s\n", reply->str);
			
 
				-		else if (reply->type != REDIS_REPLY_ARRAY) {
			
 
				-			if (reply->type != REDIS_REPLY_NIL)
			
 
				+		} else if (reply->type != REDIS_REPLY_ARRAY) {
			
 
				+			if (reply->type != REDIS_REPLY_NIL) {
			
 
				 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Unexpected type: %d\n", reply->type);
			
 
				+			}
			
 
				 		} else {
			
 
				 			size_t i;
			
 
				 			for (i = 0; i < reply->elements; ++i) {
			
@@ -761,6 +764,7 @@ static int redis_list_oauth_keys(void) {
 
				 
			
 
				   for(isz=0;isz<keys.sz;++isz) {
			
 
				 	char *s = keys.secrets[isz];
			
 
				+	s += strlen("turn/oauth/kid/");
			
 
				 	oauth_key_data_raw key_;
			
 
				 	oauth_key_data_raw *key=&key_;
			
 
				 	if(redis_get_oauth_key((const u08bits*)s,key) == 0) {
			
--- a/src/apps/relay/netengine.c
+++ b/src/apps/relay/netengine.c
@@ -1686,6 +1686,9 @@ static void* run_auth_server_thread(void *arg)
 
				 		read_userdb_file(0);
			
 
				 		update_white_and_black_lists();
			
 
				 		auth_ping(authserver->rch);
			
 
				+#if defined(DB_TEST)
			
 
				+		run_db_test();
			
 
				+#endif
			
 
				 	}
			
 
				 
			
 
				 	return arg;
			
--- a/src/apps/relay/userdb.c
+++ b/src/apps/relay/userdb.c
@@ -1101,6 +1101,20 @@ void auth_ping(redis_context_handle rch)
 
				 	}
			
 
				 }
			
 
				 
			
 
				+///////////////// TEST /////////////////
			
 
				+
			
 
				+#if defined(DB_TEST)
			
 
				+
			
 
				+void run_db_test(void)
			
 
				+{
			
 
				+	turn_dbdriver_t * dbd = get_dbdriver();
			
 
				+	if (dbd) {
			
 
				+		dbd->list_oauth_keys();
			
 
				+	}
			
 
				+}
			
 
				+
			
 
				+#endif
			
 
				+
			
 
				 ///////////////// WHITE/BLACK IP LISTS ///////////////////
			
 
				 
			
 
				 #if !defined(TURN_NO_RWLOCK)
			
--- a/src/apps/relay/userdb.h
+++ b/src/apps/relay/userdb.h
@@ -195,6 +195,10 @@ void release_allocation_quota(u08bits *username, u08bits *realm);
 
				 
			
 
				 /////////// Handle user DB /////////////////
			
 
				 
			
 
				+#if defined(DB_TEST)
			
 
				+	void run_db_test(void);
			
 
				+#endif
			
 
				+
			
 
				 void read_userdb_file(int to_print);
			
 
				 void auth_ping(redis_context_handle rch);
			
 
				 void reread_realms(void);
			
--- a/turndb/testmongosetup.sh
+++ b/turndb/testmongosetup.sh
@@ -41,7 +41,7 @@ db.allowed_peer_ip.insert({ ip_range: '172.17.13.200' });
 
				 db.denied_peer_ip.insert({ ip_range: '172.17.13.133-172.17.14.56' });
			
 
				 db.denied_peer_ip.insert({ ip_range: '123::45' });
			
 
				 
			
 
				-db.oauth_key.insert({ kid: 'north', ikm_key: 'Y2FybGVvbg==', hkdf_hash_func: 'SHA-256', as_rs_alg: 'AES-128-CBC', auth_alg: 'HMAC-SHA-256-128' });
			
 
				+db.oauth_key.insert({ kid: 'north', ikm_key: 'Y2FybGVvbg==', hkdf_hash_func: 'SHA-256', as_rs_alg: 'AES-256-CBC', auth_alg: 'HMAC-SHA-256-128' });
			
 
				 
			
 
				 exit
			
 
				 
			
--- a/turndb/testredisdbsetup.sh
+++ b/turndb/testredisdbsetup.sh
@@ -38,7 +38,7 @@ set turn/denied-peer-ip/234567 "123::45"
 
				 
			
 
				 set turn/allowed-peer-ip/345678 "172.17.13.200"
			
 
				 
			
 
				-hmset turn/oauth/kid/north ikm_key Y2FybGVvbg== hkdf_hash_func 'SHA-256' as_rs_alg 'AES-128-CBC' auth_alg 'HMAC-SHA-256-128'
			
 
				+hmset turn/oauth/kid/north ikm_key Y2FybGVvbg== hkdf_hash_func 'SHA-256' as_rs_alg 'AES-256-CBC' auth_alg 'HMAC-SHA-256-128'
			
 
				 
			
 
				 save