From 6b2fc221cea7cc00bf54be4df23bd18be244769f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= Date: Thu, 14 Dec 2017 13:01:56 +0100 Subject: [PATCH] empty cli-password not allowed=>disable telnet cli Adds a warning to set a cli-password and disable telnet cli interface. --- src/apps/relay/mainrelay.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c index 50290b94..ffc3a018 100644 --- a/src/apps/relay/mainrelay.c +++ b/src/apps/relay/mainrelay.c @@ -2235,17 +2235,23 @@ int main(int argc, char **argv) exit(-1); } - if(use_ltc && use_tltc) { + if(use_ltc && use_tltc) { TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "\nCONFIGURATION ALERT: You specified --lt-cred-mech and --use-auth-secret in the same time.\n" "Be aware that you could not mix the username/password and the shared secret based auth methohds. \n" "Shared secret overrides username/password based auth method. Check your configuration!\n"); - } + } + if(turn_params.allow_loopback_peers) { TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "CONFIG WARNING: allow_loopback_peers opens a possible security vulnerability. Do not use in production!!\n"); if(cli_password[0]==0) { TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "\nCONFIG ERROR: allow_loopback_peers and empty cli password cannot be used together.\n"); - exit(-1); + exit(-1); } + } + + if(cli_password[0]==0) { + TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "\nCONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!\n"); + use_cli = 0; } if(!use_lt_credentials && !anon_credentials) {