Merge branch 'dynamic-tables'

README.turnserver

@@ -429,6 +429,12 @@ Options with values:
 			that other mode is dynamic. Multiple shared secrets can be used
 			(both in the database and in the "static" fashion).
 
+ --no-auth-pings			Disable periodic health checks to 'dynamic' auth secret tables.
+
+ --no-dynamic-ip-list	Do not use dynamic allowed/denied peer ip list.
+
+ --no-dynamic-realms	Do not use dynamic realm assignment and options.
+			
 --server-name		Server name used for
 			the oAuth authentication purposes.
 			The default value is the realm name.

man/man1/turnadmin.1

@@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "28 April 2020" "" ""
+.TH TURN 1 "29 April 2020" "" ""
 .SH GENERAL INFORMATION
 
 \fIturnadmin\fP is a TURN administration tool. This tool can be used to manage

man/man1/turnserver.1

@@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "28 April 2020" "" ""
+.TH TURN 1 "29 April 2020" "" ""
 .SH GENERAL INFORMATION
 
 The \fBTURN Server\fP project contains the source code of a TURN server and TURN client
@@ -617,6 +617,20 @@ in turn_secret table in user database (if present). The database\-stored
 value can be changed on\-the\-fly by a separate program, so this is why
 that other mode is dynamic. Multiple shared secrets can be used
 (both in the database and in the "static" fashion).
+.RS
+.TP
+.B
+\fB\-\-no\-auth\-pings\fP
+Disable periodic health checks to 'dynamic' auth secret tables.
+.TP
+.B
+\fB\-\-no\-dynamic\-ip\-list\fP
+Do not use dynamic allowed/denied peer ip list.
+.TP
+.B
+\fB\-\-no\-dynamic\-realms\fP
+Do not use dynamic realm assignment and \fIoptions\fP.
+.RE
 .TP
 .B
 \fB\-\-server\-name\fP

man/man1/turnutils.1

@@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "28 April 2020" "" ""
+.TH TURN 1 "29 April 2020" "" ""
 .SH GENERAL INFORMATION
 
 A set of turnutils_* programs provides some utility functionality to be used

src/apps/relay/mainrelay.c

@@ -157,7 +157,10 @@ DEFAULT_CPUS_NUMBER,
 ///////// Encryption /////////
 "", /* secret_key_file */
 "", /* secret_key */
-0   /* keep_address_family */
+0,  /* keep_address_family */
+0,  /* no_auth_pings */
+0,  /* no_dynamic_ip_list */
+0   /* no_dynamic_realms */
 };
 
 //////////////// OpenSSL Init //////////////////////
@@ -534,6 +537,9 @@ static char Usage[] = "Usage: turnserver [options]\n"
 "						That database value can be changed on-the-fly\n"
 "						by a separate program, so this is why it is 'dynamic'.\n"
 "						Multiple shared secrets can be used (both in the database and in the \"static\" fashion).\n"
+" --no-auth-pings				Disable periodic health checks to 'dynamic' auth secret tables.\n"
+" --no-dynamic-ip-list				Do not use dynamic allowed/denied peer ip list.\n"
+" --no-dynamic-realms				Do not use dynamic realm assignment and options.\n"
 " --server-name					Server name used for\n"
 "						the oAuth authentication purposes.\n"
 "						The default value is the realm name.\n"
@@ -733,6 +739,9 @@ enum EXTRA_OPTS {
 	CHANNEL_LIFETIME_OPT,
 	PERMISSION_LIFETIME_OPT,
 	AUTH_SECRET_OPT,
+	NO_AUTH_PINGS_OPT,
+	NO_DYNAMIC_IP_LIST_OPT,
+	NO_DYNAMIC_REALMS_OPT,
 	DEL_ALL_AUTH_SECRETS_OPT,
 	STATIC_AUTH_SECRET_VAL_OPT,
 	AUTH_SECRET_TS_EXP, /* deprecated */
@@ -837,6 +846,9 @@ static const struct myoption long_options[] = {
 #endif
 				{ "use-auth-secret", optional_argument, NULL, AUTH_SECRET_OPT },
 				{ "static-auth-secret", required_argument, NULL, STATIC_AUTH_SECRET_VAL_OPT },
+				{ "no-auth-pings", optional_argument, NULL, NO_AUTH_PINGS_OPT },
+				{ "no-dynamic-ip-list", optional_argument, NULL, NO_DYNAMIC_IP_LIST_OPT },
+				{ "no-dynamic-realms", optional_argument, NULL, NO_DYNAMIC_REALMS_OPT },
 /* deprecated: */		{ "secret-ts-exp-time", optional_argument, NULL, AUTH_SECRET_TS_EXP },
 				{ "realm", required_argument, NULL, 'r' },
 				{ "server-name", required_argument, NULL, SERVER_NAME_OPT },
@@ -1438,6 +1450,15 @@ static void set_option(int c, char *value)
 		turn_params.ct = TURN_CREDENTIALS_LONG_TERM;
 		use_lt_credentials = 1;
 		break;
+	case NO_AUTH_PINGS_OPT:
+		turn_params.no_auth_pings = 1;
+		break;
+	case NO_DYNAMIC_IP_LIST_OPT:
+		turn_params.no_dynamic_ip_list = 1;
+		break;
+	case NO_DYNAMIC_REALMS_OPT:
+		turn_params.no_dynamic_realms = 1;
+		break;
 	case STATIC_AUTH_SECRET_VAL_OPT:
 		add_to_secrets_list(&turn_params.default_users_db.ram_db.static_auth_secrets,value);
 		turn_params.use_auth_secret_with_timestamp = 1;

src/apps/relay/mainrelay.h

@@ -324,6 +324,9 @@ typedef struct _turn_params_ {
   char secret_key_file[1025];
   unsigned char secret_key[1025];
   int keep_address_family;
+  int no_auth_pings;
+  int no_dynamic_ip_list;
+  int no_dynamic_realms;
 
 } turn_params_t;
 

src/apps/relay/netengine.c

@@ -1776,7 +1776,10 @@ static void* run_auth_server_thread(void *arg)
 		barrier_wait();
 
 		while(run_auth_server_flag) {
-			auth_ping(as->rch);
+			if (!turn_params.no_auth_pings) {
+				auth_ping(as->rch);
+			}
+
 			run_events(as->event_base,NULL);
 		}
 	}

src/apps/relay/userdb.c

@@ -1167,7 +1167,7 @@ ip_range_list_t* get_ip_list(const char *kind)
 	bzero(ret,sizeof(ip_range_list_t));
 
 	const turn_dbdriver_t * dbd = get_dbdriver();
-	if (dbd && dbd->get_ip_list) {
+	if (dbd && dbd->get_ip_list && !turn_params.no_dynamic_ip_list) {
 		(*dbd->get_ip_list)(kind, ret);
 	}
 
@@ -1303,7 +1303,7 @@ void reread_realms(void)
 	}
 
 	const turn_dbdriver_t * dbd = get_dbdriver();
-	if (dbd && dbd->reread_realms) {
+	if (dbd && dbd->reread_realms && !turn_params.no_dynamic_realms) {
 		(*dbd->reread_realms)(&realms_list);
 	}
 }