36
36
static int use_st_credentials = 0;
37
37
static int anon_credentials = 0;
39
////// TURNDB //////////////
55
#define DEFAULT_USERDB_FILE QUOTE(TURNDB)
59
#define DEFAULT_USERDB_FILE "/usr/local/var/db/turndb"
39
63
//////TURN PARAMS STRUCTURE DEFINITION //////
41
65
#define DEFAULT_GENERAL_RELAY_SERVERS_NUMBER (1)
95
119
/////////////// MISC PARAMS ////////////////
96
120
0,0,0,0,0,SHATYPE_SHA1,':',0,0,TURN_CREDENTIALS_NONE,0,0,0,0,0,0,
97
121
///////////// Users DB //////////////
98
{ TURN_USERDB_TYPE_FILE, {"\0",NULL}, {0,NULL,NULL, {NULL,0}} }
122
{ (TURN_USERDB_TYPE)0, {"\0",NULL}, {0,NULL,NULL, {NULL,0}} }
386
410
" -V, --Verbose Extra verbose mode, very annoying (for debug purposes only).\n"
387
411
" -o, --daemon Start process as daemon (detach from current shell).\n"
388
412
" -f, --fingerprint Use fingerprints in the TURN messages.\n"
389
" -a, --lt-cred-mech Use the long-term credential mechanism. This option can be used with either\n"
390
" flat file user database or PostgreSQL DB or MySQL DB for user keys storage.\n"
391
" -A, --st-cred-mech Use the short-term credential mechanism. This option requires\n"
392
" a PostgreSQL or MySQL DB for short term passwords storage.\n"
413
" -a, --lt-cred-mech Use the long-term credential mechanism.\n"
414
" -A, --st-cred-mech Use the short-term credential mechanism.\n"
393
415
" -z, --no-auth Do not use any credential mechanism, allow anonymous access.\n"
394
416
" -u, --user <user:pwd> User account, in form 'username:password', for long-term credentials.\n"
395
417
" Cannot be used with TURN REST API or with short-term credentials.\n"
396
418
" -r, --realm <realm> The default realm to be used for the users when no explicit\n"
397
" origin/realm relationship was found in the database, or if the TURN\n"
398
" server is not using any database (just the commands-line settings\n"
399
" and the userdb file). Must be used with long-term credentials \n"
419
" origin/realm relationship was found in the database.\n"
420
" Must be used with long-term credentials \n"
400
421
" mechanism or with TURN REST API.\n"
401
422
" --check-origin-consistency The flag that sets the origin consistency check:\n"
402
423
" across the session, all requests must have the same\n"
415
436
" Total bytes-per-second bandwidth the TURN server is allowed to allocate\n"
416
437
" for the sessions, combined (input and output network streams are treated separately).\n"
417
438
" -c <filename> Configuration file name (default - turnserver.conf).\n"
418
" -b, --userdb <filename> User database file name (default - turnuserdb.conf) for long-term credentials only.\n"
439
#if !defined(TURN_NO_SQLITE)
440
" -b, , --db, --userdb <filename> SQLite database file name; default - /var/db/turndb or\n"
441
" /usr/local/var/db/turndb.\n"
419
443
#if !defined(TURN_NO_PQ)
420
444
" -e, --psql-userdb, --sql-userdb <conn-string> PostgreSQL database connection string, if used (default - empty, no PostreSQL DB used).\n"
421
445
" This database can be used for long-term and short-term credentials mechanisms,\n"
571
595
static char AdminUsage[] = "Usage: turnadmin [command] [options]\n"
573
597
" -k, --key generate long-term credential mechanism key for a user\n"
574
598
" -a, --add add/update a long-term mechanism user\n"
575
599
" -A, --add-st add/update a short-term mechanism user\n"
577
601
" -D, --delete-st delete a short-term mechanism user\n"
578
602
" -l, --list list all long-term mechanism users\n"
579
603
" -L, --list-st list all short-term mechanism users\n"
580
#if !defined(TURN_NO_PQ) || !defined(TURN_NO_MYSQL) || !defined(TURN_NO_MONGO) || !defined(TURN_NO_HIREDIS)
581
604
" -s, --set-secret=<value> Add shared secret for TURN RESP API\n"
582
605
" -S, --show-secret Show stored shared secrets for TURN REST API\n"
583
606
" -X, --delete-secret=<value> Delete a shared secret\n"
587
610
" -I, --list-origins List origin-to-realm relations.\n"
588
611
" -g, --set-realm-option Set realm params: max-bps, total-quota, user-quota.\n"
589
612
" -G, --list-realm-options List realm params.\n"
613
"\nOptions with mandatory values:\n\n"
614
#if !defined(TURN_NO_SQLITE)
615
" -b, --db, --userdb SQLite database file, default value is /var/db/turndb or\n"
616
" /usr/local/var/db/turndb.\n"
591
"Options with mandatory values:\n"
592
" -b, --userdb User database file, if flat DB file is used.\n"
593
618
#if !defined(TURN_NO_PQ)
594
619
" -e, --psql-userdb, --sql-userdb PostgreSQL user database connection string, if PostgreSQL DB is used.\n"
605
630
" -u, --user Username\n"
606
631
" -r, --realm Realm for long-term mechanism only\n"
607
632
" -p, --password Password\n"
608
#if !defined(TURN_NO_PQ) || !defined(TURN_NO_MYSQL) || !defined(TURN_NO_MONGO) || !defined(TURN_NO_HIREDIS)
633
#if !defined(TURN_NO_SQLITE) || !defined(TURN_NO_PQ) || !defined(TURN_NO_MYSQL) || !defined(TURN_NO_MONGO) || !defined(TURN_NO_HIREDIS)
609
634
" -o, --origin Origin\n"
611
636
" -H, --sha256 Use SHA256 digest function to be used for the message integrity.\n"
719
744
{ "st-cred-mech", optional_argument, NULL, 'A' },
720
745
{ "no-auth", optional_argument, NULL, 'z' },
721
746
{ "user", required_argument, NULL, 'u' },
747
#if !defined(TURN_NO_SQLITE)
722
748
{ "userdb", required_argument, NULL, 'b' },
749
{ "db", required_argument, NULL, 'b' },
723
751
#if !defined(TURN_NO_PQ)
724
752
{ "psql-userdb", required_argument, NULL, 'e' },
725
753
{ "sql-userdb", required_argument, NULL, 'e' },
808
836
{ "delete", no_argument, NULL, 'd' },
809
837
{ "list", no_argument, NULL, 'l' },
810
838
{ "list-st", no_argument, NULL, 'L' },
811
#if !defined(TURN_NO_PQ) || !defined(TURN_NO_MYSQL) || !defined(TURN_NO_MONGO) || !defined(TURN_NO_HIREDIS)
812
839
{ "set-secret", required_argument, NULL, 's' },
813
840
{ "show-secret", no_argument, NULL, 'S' },
814
841
{ "delete-secret", required_argument, NULL, 'X' },
815
842
{ "delete-all-secrets", no_argument, NULL, DEL_ALL_AUTH_SECRETS_OPT },
817
843
{ "add-st", no_argument, NULL, 'A' },
818
844
{ "delete-st", no_argument, NULL, 'D' },
845
#if !defined(TURN_NO_SQLITE)
819
846
{ "userdb", required_argument, NULL, 'b' },
847
{ "db", required_argument, NULL, 'b' },
820
849
#if !defined(TURN_NO_PQ)
821
850
{ "psql-userdb", required_argument, NULL, 'e' },
822
851
{ "sql-userdb", required_argument, NULL, 'e' },
834
863
{ "realm", required_argument, NULL, 'r' },
835
864
{ "password", required_argument, NULL, 'p' },
836
865
{ "sha256", no_argument, NULL, 'H' },
837
#if !defined(TURN_NO_PQ) || !defined(TURN_NO_MYSQL) || !defined(TURN_NO_MONGO) || !defined(TURN_NO_HIREDIS)
838
866
{ "add-origin", no_argument, NULL, 'O' },
839
867
{ "del-origin", no_argument, NULL, 'R' },
840
868
{ "list-origins", required_argument, NULL, 'I' },
844
872
{ "user-quota", required_argument, NULL, ADMIN_USER_QUOTA_OPT },
845
873
{ "total-quota", required_argument, NULL, ADMIN_TOTAL_QUOTA_OPT },
846
874
{ "max-bps", required_argument, NULL, ADMIN_MAX_BPS_OPT },
848
875
{ "help", no_argument, NULL, 'h' },
849
876
{ NULL, no_argument, NULL, 0 }
1112
1139
add_user_account(value,0);
1141
#if !defined(TURN_NO_SQLITE)
1115
1143
STRCPY(turn_params.default_users_db.persistent_users_db.userdb, value);
1116
turn_params.default_users_db.userdb_type = TURN_USERDB_TYPE_FILE;
1144
turn_params.default_users_db.userdb_type = TURN_USERDB_TYPE_SQLITE;
1118
1147
#if !defined(TURN_NO_PQ)
1120
1149
STRCPY(turn_params.default_users_db.persistent_users_db.userdb, value);
1477
1505
case DEL_ALL_AUTH_SECRETS_OPT:
1478
1506
ct = TA_DEL_SECRET;
1508
#if !defined(TURN_NO_SQLITE)
1482
1510
STRCPY(turn_params.default_users_db.persistent_users_db.userdb,optarg);
1483
turn_params.default_users_db.userdb_type = TURN_USERDB_TYPE_FILE;
1511
turn_params.default_users_db.userdb_type = TURN_USERDB_TYPE_SQLITE;
1485
1514
#if !defined(TURN_NO_PQ)
1487
1516
STRCPY(turn_params.default_users_db.persistent_users_db.userdb,optarg);
1547
if(is_st && (turn_params.default_users_db.userdb_type == TURN_USERDB_TYPE_FILE)) {
1548
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "ERROR: you have to use a PostgreSQL or MySQL database with short-term credentials\n");
1552
if(!strlen(turn_params.default_users_db.persistent_users_db.userdb) && (turn_params.default_users_db.userdb_type == TURN_USERDB_TYPE_FILE))
1576
#if !defined(TURN_NO_SQLITE)
1577
if(!strlen(turn_params.default_users_db.persistent_users_db.userdb) && (turn_params.default_users_db.userdb_type == TURN_USERDB_TYPE_SQLITE))
1553
1578
STRCPY(turn_params.default_users_db.persistent_users_db.userdb,DEFAULT_USERDB_FILE);
1555
1581
if(ct == TA_COMMAND_UNKNOWN) {
1556
1582
fprintf(stderr,"\n%s\n", AdminUsage);
1601
1627
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "AEAD supported\n");
1630
#if !defined(TURN_NO_SQLITE)
1631
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "SQLite supported, default database location is %s\n",DEFAULT_USERDB_FILE);
1633
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "SQLite is not supported\n");
1604
1636
#if !defined(TURN_NO_HIREDIS)
1605
1637
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Redis supported\n");
1851
1883
TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "\nCONFIG: WARNING: --server-relay: NON-STANDARD AND DANGEROUS OPTION.\n");
1854
if(!strlen(turn_params.default_users_db.persistent_users_db.userdb) && (turn_params.default_users_db.userdb_type == TURN_USERDB_TYPE_FILE))
1886
#if !defined(TURN_NO_SQLITE)
1887
if(!strlen(turn_params.default_users_db.persistent_users_db.userdb) && (turn_params.default_users_db.userdb_type == TURN_USERDB_TYPE_SQLITE))
1855
1888
STRCPY(turn_params.default_users_db.persistent_users_db.userdb,DEFAULT_USERDB_FILE);
1857
read_userdb_file(0);
1858
1891
update_white_and_black_lists();
1860
1893
argc -= optind;
1893
1926
if(use_lt_credentials) {
1894
if(!turn_params.default_users_db.ram_db.users_number && (turn_params.default_users_db.userdb_type == TURN_USERDB_TYPE_FILE) && !turn_params.use_auth_secret_with_timestamp) {
1895
TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "\nCONFIGURATION ALERT: you did not specify any user account, (-u option) \n but you did specified a long-term credentials mechanism option (-a option).\n The TURN Server will be inaccessible.\n Check your configuration.\n");
1896
} else if(!get_realm(NULL)->options.name[0]) {
1927
if(!get_realm(NULL)->options.name[0]) {
1897
1928
TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "\nCONFIGURATION ALERT: you did specify the long-term credentials usage\n but you did not specify the default realm option (-r option).\n Check your configuration.\n");