diff --git a/ChangeLog b/ChangeLog index 60e2bcc5..e6b4821b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ 3/15/2015 Oleg Moskalenko Version 4.4.4.1 'Ardee West': - 'native' SCTP support; + - option of encrypted passwords for web admin users; + - option of encrypted password for CLI user; + - option of encrypted shared secrets; 2/28/2015 Oleg Moskalenko Version 4.4.2.3 'Ardee West': diff --git a/README.turnadmin b/README.turnadmin index 53166f6c..e6dc1b8e 100644 --- a/README.turnadmin +++ b/README.turnadmin @@ -47,6 +47,15 @@ $ turnadmin [ -h | --help] Commands: +-P, --generate-encrypted-password Generate and print to the standard +output an encrypted form of a password (for web admin user, or shared +secret, or CLI). The value then can be used as a safe key for the password +storage on disk or in the database. Every invocation for the same password +produces a different result. The for mat of the encrypted password is: +$5$<...salt...>$<...sha256(salt+password)...>. Salt is 16 characters, +the sha256 output is 64 characters. Character 5 is the algorithm id (sha256). +Only sha256 is supported as the hash function. + -k, --key Generate key for a long-term credentials mechanism user. -a, --add Add or update a long-term user. @@ -104,8 +113,14 @@ Options with required values: --total-quota Set value of realm's total-quota parameter. --user-quota Set value of realm's user-quota parameter. -h, --help Help. - -Generate a key: + +Command examples: + +Generate an encrypted form of a password: + +$ turnadmin -P -p + +Generate a key: $ turnadmin -k -u -r -p diff --git a/man/man1/turnadmin.1 b/man/man1/turnadmin.1 index 463a0b4e..08cd7733 100644 --- a/man/man1/turnadmin.1 +++ b/man/man1/turnadmin.1 @@ -1,5 +1,5 @@ .\" Text automatically generated by txt2man -.TH TURN 1 "15 March 2015" "" "" +.TH TURN 1 "20 March 2015" "" "" .SH GENERAL INFORMATION \fIturnadmin\fP is a TURN administration tool. This tool can be used to manage @@ -66,6 +66,17 @@ $ \fIturnadmin\fP [ \fB\-h\fP | \fB\-\-help\fP] Commands: .TP .B +\fB\-P\fP, \fB\-\-generate\-encrypted\-password\fP +Generate and print to the standard +output an encrypted form of a password (for web admin user, or shared +secret, or CLI). The value then can be used as a safe key for the password +storage on disk or in the database. Every invocation for the same password +produces a different result. The for mat of the encrypted password is: +$5$<\.\.\.salt\.\.\.>$<\.\.\.sha256(salt+password)\.\.\.>. Salt is 16 characters, +the sha256 output is 64 characters. Character 5 is the algorithm id (sha256). +Only sha256 is supported as the hash function. +.TP +.B \fB\-k\fP, \fB\-\-key\fP Generate key for a long\-term credentials mechanism user. .TP @@ -203,6 +214,12 @@ Set value of realm's user\-quota parameter. Help. .TP .B +Command examples: +.PP +Generate an encrypted form of a password: +.PP +$ \fIturnadmin\fP \fB\-P\fP \fB\-p\fP +.PP Generate a key: .PP $ \fIturnadmin\fP \fB\-k\fP \fB\-u\fP \fB\-r\fP \fB\-p\fP diff --git a/man/man1/turnserver.1 b/man/man1/turnserver.1 index 158ac135..83c9a443 100644 --- a/man/man1/turnserver.1 +++ b/man/man1/turnserver.1 @@ -1,5 +1,5 @@ .\" Text automatically generated by txt2man -.TH TURN 1 "15 March 2015" "" "" +.TH TURN 1 "20 March 2015" "" "" .SH GENERAL INFORMATION The \fBTURN Server\fP project contains the source code of a TURN server and TURN client diff --git a/man/man1/turnutils.1 b/man/man1/turnutils.1 index aaf9ea34..f474c0bd 100644 --- a/man/man1/turnutils.1 +++ b/man/man1/turnutils.1 @@ -1,5 +1,5 @@ .\" Text automatically generated by txt2man -.TH TURN 1 "15 March 2015" "" "" +.TH TURN 1 "20 March 2015" "" "" .SH GENERAL INFORMATION A set of turnutils_* programs provides some utility functionality to be used diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c index 2899e90e..9fc4d4ee 100644 --- a/src/apps/relay/mainrelay.c +++ b/src/apps/relay/mainrelay.c @@ -599,6 +599,11 @@ static char Usage[] = "Usage: turnserver [options]\n" static char AdminUsage[] = "Usage: turnadmin [command] [options]\n" "\nCommands:\n\n" + " -P, --generate-encrypted-password Generate and print to the standard\n" + " output an encrypted form of a password\n" + " (for web admin user, or shared\n" + " secret, or CLI). See wiki, README or man\n" + " pages for more detailed description.\n" " -k, --key generate long-term credential mechanism key for a user\n" " -a, --add add/update a long-term mechanism user\n" " -A, --add-admin add/update a web admin user\n" @@ -652,7 +657,7 @@ static char AdminUsage[] = "Usage: turnadmin [command] [options]\n" #define OPTIONS "c:d:p:L:E:X:i:m:l:r:u:b:B:e:M:J:N:O:q:Q:s:C:vVofhznaAS" -#define ADMIN_OPTIONS "gGORIHKYlLkaADSdb:e:M:J:N:u:r:p:s:X:o:h" +#define ADMIN_OPTIONS "PgGORIHKYlLkaADSdb:e:M:J:N:u:r:p:s:X:o:h" enum EXTRA_OPTS { NO_UDP_OPT=256, @@ -841,6 +846,7 @@ static const struct myoption long_options[] = { }; static const struct myoption admin_long_options[] = { + {"generate-encrypted-password", no_argument, NULL, 'P' }, { "key", no_argument, NULL, 'k' }, { "add", no_argument, NULL, 'a' }, { "delete", no_argument, NULL, 'd' }, @@ -1437,18 +1443,29 @@ static int adminmain(int argc, char **argv) int is_admin = 0; - u08bits user[STUN_MAX_USERNAME_SIZE+1]=""; - u08bits realm[STUN_MAX_REALM_SIZE+1]=""; - u08bits pwd[STUN_MAX_PWD_SIZE+1]=""; - u08bits secret[AUTH_SECRET_SIZE+1]=""; - u08bits origin[STUN_MAX_ORIGIN_SIZE+1]=""; + u08bits user[STUN_MAX_USERNAME_SIZE+1]="\0"; + u08bits realm[STUN_MAX_REALM_SIZE+1]="\0"; + u08bits pwd[STUN_MAX_PWD_SIZE+1]="\0"; + u08bits secret[AUTH_SECRET_SIZE+1]="\0"; + u08bits origin[STUN_MAX_ORIGIN_SIZE+1]="\0"; perf_options_t po = {(band_limit_t)-1,-1,-1}; struct uoptions uo; uo.u.m = admin_long_options; + int print_enc_password = 0; + while (((c = getopt_long(argc, argv, ADMIN_OPTIONS, uo.u.o, NULL)) != -1)) { switch (c){ + case 'P': + if(pwd[0]) { + char result[257]; + generate_new_enc_password((char*)pwd, result); + printf("%s\n",result); + exit(0); + } + print_enc_password = 1; + break; case 'g': ct = TA_SET_REALM_OPTION; break; @@ -1566,6 +1583,12 @@ static int adminmain(int argc, char **argv) TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong password: %s\n",pwd); exit(-1); } + if(print_enc_password) { + char result[257]; + generate_new_enc_password((char*)pwd, result); + printf("%s\n",result); + exit(0); + } break; case 'H': if(get_bool_value(optarg))