turnadmin command to produce an encrypted password

ChangeLog

@@ -1,6 +1,9 @@
 3/15/2015 Oleg Moskalenko <[email protected]>
 Version 4.4.4.1 'Ardee West':
 	- 'native' SCTP support;
+	- option of encrypted passwords for web admin users;
+	- option of encrypted password for CLI user;
+	- option of encrypted shared secrets;
 
 2/28/2015 Oleg Moskalenko <[email protected]>
 Version 4.4.2.3 'Ardee West':

README.turnadmin

@@ -47,6 +47,15 @@ $ turnadmin [ -h | --help]
   
 Commands:  
 
+-P, --generate-encrypted-password	Generate and print to the standard
+output an encrypted form of a password (for web admin user, or shared
+secret, or CLI). The value then can be used as a safe key for the password
+storage on disk or in the database. Every invocation for the same password
+produces a different result. The for mat of the encrypted password is:
+$5$<...salt...>$<...sha256(salt+password)...>. Salt is 16 characters,
+the sha256 output is 64 characters. Character 5 is the algorithm id (sha256).
+Only sha256 is supported as the hash function.
+
 -k, --key		Generate key for a long-term credentials mechanism user.
 
 -a, --add       	Add or update a long-term user.
@@ -104,8 +113,14 @@ Options with required values:
 --total-quota	Set value of realm's total-quota parameter.
 --user-quota	Set value of realm's user-quota parameter. 
 -h, --help		Help.
-  
-Generate a key:  
+
+Command examples:  
+
+Generate an encrypted form of a password:
+
+$ turnadmin -P -p <password>
+
+Generate a key:
 
 $ turnadmin -k -u <username> -r <realm> -p <password>
   

man/man1/turnadmin.1

@@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "15 March 2015" "" ""
+.TH TURN 1 "20 March 2015" "" ""
 .SH GENERAL INFORMATION
 
 \fIturnadmin\fP is a TURN administration tool. This tool can be used to manage 
@@ -66,6 +66,17 @@ $ \fIturnadmin\fP [ \fB\-h\fP | \fB\-\-help\fP]
 Commands:
 .TP
 .B
+\fB\-P\fP, \fB\-\-generate\-encrypted\-password\fP
+Generate and print to the standard
+output an encrypted form of a password (for web admin user, or shared
+secret, or CLI). The value then can be used as a safe key for the password
+storage on disk or in the database. Every invocation for the same password
+produces a different result. The for mat of the encrypted password is:
+$5$<\.\.\.salt\.\.\.>$<\.\.\.sha256(salt+password)\.\.\.>. Salt is 16 characters,
+the sha256 output is 64 characters. Character 5 is the algorithm id (sha256).
+Only sha256 is supported as the hash function.
+.TP
+.B
 \fB\-k\fP, \fB\-\-key\fP
 Generate key for a long\-term credentials mechanism user.
 .TP
@@ -203,6 +214,12 @@ Set value of realm's user\-quota parameter.
 Help.
 .TP
 .B
+Command examples:
+.PP
+Generate an encrypted form of a password:
+.PP
+$ \fIturnadmin\fP \fB\-P\fP \fB\-p\fP <password>
+.PP
 Generate a key:
 .PP
 $ \fIturnadmin\fP \fB\-k\fP \fB\-u\fP <username> \fB\-r\fP <realm> \fB\-p\fP <password>

man/man1/turnserver.1

@@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "15 March 2015" "" ""
+.TH TURN 1 "20 March 2015" "" ""
 .SH GENERAL INFORMATION
 
 The \fBTURN Server\fP project contains the source code of a TURN server and TURN client 

man/man1/turnutils.1

@@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "15 March 2015" "" ""
+.TH TURN 1 "20 March 2015" "" ""
 .SH GENERAL INFORMATION
 
 A set of turnutils_* programs provides some utility functionality to be used

src/apps/relay/mainrelay.c

@@ -599,6 +599,11 @@ static char Usage[] = "Usage: turnserver [options]\n"
 
 static char AdminUsage[] = "Usage: turnadmin [command] [options]\n"
 	"\nCommands:\n\n"
+	"	-P, --generate-encrypted-password	Generate and print to the standard\n"
+	"					output an encrypted form of a password\n"
+	"					(for web admin user, or shared\n"
+	"					secret, or CLI). See wiki, README or man\n"
+	"					pages for more detailed description.\n"
 	"	-k, --key			generate long-term credential mechanism key for a user\n"
 	"	-a, --add			add/update a long-term mechanism user\n"
 	"	-A, --add-admin			add/update a web admin user\n"
@@ -652,7 +657,7 @@ static char AdminUsage[] = "Usage: turnadmin [command] [options]\n"
 
 #define OPTIONS "c:d:p:L:E:X:i:m:l:r:u:b:B:e:M:J:N:O:q:Q:s:C:vVofhznaAS"
   
-#define ADMIN_OPTIONS "gGORIHKYlLkaADSdb:e:M:J:N:u:r:p:s:X:o:h"
+#define ADMIN_OPTIONS "PgGORIHKYlLkaADSdb:e:M:J:N:u:r:p:s:X:o:h"
 
 enum EXTRA_OPTS {
 	NO_UDP_OPT=256,
@@ -841,6 +846,7 @@ static const struct myoption long_options[] = {
 };
 
 static const struct myoption admin_long_options[] = {
+				{"generate-encrypted-password", no_argument, NULL, 'P' },
 				{ "key", no_argument, NULL, 'k' },
 				{ "add", no_argument, NULL, 'a' },
 				{ "delete", no_argument, NULL, 'd' },
@@ -1437,18 +1443,29 @@ static int adminmain(int argc, char **argv)
 
 	int is_admin = 0;
 
-	u08bits user[STUN_MAX_USERNAME_SIZE+1]="";
-	u08bits realm[STUN_MAX_REALM_SIZE+1]="";
-	u08bits pwd[STUN_MAX_PWD_SIZE+1]="";
-	u08bits secret[AUTH_SECRET_SIZE+1]="";
-	u08bits origin[STUN_MAX_ORIGIN_SIZE+1]="";
+	u08bits user[STUN_MAX_USERNAME_SIZE+1]="\0";
+	u08bits realm[STUN_MAX_REALM_SIZE+1]="\0";
+	u08bits pwd[STUN_MAX_PWD_SIZE+1]="\0";
+	u08bits secret[AUTH_SECRET_SIZE+1]="\0";
+	u08bits origin[STUN_MAX_ORIGIN_SIZE+1]="\0";
 	perf_options_t po = {(band_limit_t)-1,-1,-1};
 
 	struct uoptions uo;
 	uo.u.m = admin_long_options;
 
+	int print_enc_password = 0;
+
 	while (((c = getopt_long(argc, argv, ADMIN_OPTIONS, uo.u.o, NULL)) != -1)) {
 		switch (c){
+		case 'P':
+			if(pwd[0]) {
+				char result[257];
+				generate_new_enc_password((char*)pwd, result);
+				printf("%s\n",result);
+				exit(0);
+			}
+			print_enc_password = 1;
+			break;
 		case 'g':
 			ct = TA_SET_REALM_OPTION;
 			break;
@@ -1566,6 +1583,12 @@ static int adminmain(int argc, char **argv)
 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong password: %s\n",pwd);
 				exit(-1);
 			}
+			if(print_enc_password) {
+				char result[257];
+				generate_new_enc_password((char*)pwd, result);
+				printf("%s\n",result);
+				exit(0);
+			}
 			break;
 		case 'H':
 			if(get_bool_value(optarg))