permission lifetime

963153391 · Sep 20, 2016 · 98e7a36 · 98e7a36
1 parent 8226747
commit 98e7a36
Show file tree

Hide file tree

Showing 7 changed files with 23 additions and 3 deletions.
diff --git a/examples/etc/turnserver.conf b/examples/etc/turnserver.conf
@@ -381,6 +381,13 @@
 #
 #stale-nonce
 
+# Uncomment to set the permission lifetime.
+# Default to 300 secs (5 minutes).
+# In production this value MUST not be changed,
+# however it can be useful for test purposes.
+#
+#permission-lifetime=300
+
 # Certificate file.
 # Use an absolute path or path relative to the 
 # configuration file.

diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c
@@ -124,7 +124,7 @@ LOW_DEFAULT_PORTS_BOUNDARY,HIGH_DEFAULT_PORTS_BOUNDARY,0,0,0,"",
 /////////////// stop server ////////////////
 0,
 /////////////// MISC PARAMS ////////////////
-0,0,0,0,0,':',0,0,TURN_CREDENTIALS_NONE,0,0,0,0,0,0,
+0,0,0,0,0,':',0,0,0,TURN_CREDENTIALS_NONE,0,0,0,0,0,0,
 ///////////// Users DB //////////////
 { (TURN_USERDB_TYPE)0, {"\0"}, {0,NULL, {NULL,0}} },
 ///////////// CPUs //////////////////
@@ -548,6 +548,8 @@ static char Usage[] = "Usage: turnserver [options]\n"
 "						name will be constructed as-is, without PID and date appendage.\n"
 "						This option can be used, for example, together with the logrotate tool.\n"
 " --stale-nonce					Use extra security with nonce value having limited lifetime (600 secs).\n"
+" --permission-lifetime		<value>		Set the value for the lifetime of the permission. Default to 300 secs.\n"
+"						This MUST not be changed for production purposes\n"
 " -S, --stun-only				Option to set standalone STUN operation only, all TURN requests will be ignored.\n"
 "     --no-stun					Option to suppress STUN functionality, only TURN requests will be processed.\n"
 " --alternate-server		<ip:port>	Set the TURN server to redirect the allocate requests (UDP and TCP services).\n"
@@ -670,6 +672,7 @@ enum EXTRA_OPTS {
 	MIN_PORT_OPT,
 	MAX_PORT_OPT,
 	STALE_NONCE_OPT,
+	PERMISSION_LIFETIME_OPT,
 	AUTH_SECRET_OPT,
 	DEL_ALL_AUTH_SECRETS_OPT,
 	STATIC_AUTH_SECRET_VAL_OPT,
@@ -787,6 +790,7 @@ static const struct myoption long_options[] = {
 				{ "no-udp-relay", optional_argument, NULL, NO_UDP_RELAY_OPT },
 				{ "no-tcp-relay", optional_argument, NULL, NO_TCP_RELAY_OPT },
 				{ "stale-nonce", optional_argument, NULL, STALE_NONCE_OPT },
+				{ "permission-lifetime", optional_argument, NULL, PERMISSION_LIFETIME_OPT },
 				{ "stun-only", optional_argument, NULL, 'S' },
 				{ "no-stun", optional_argument, NULL, NO_STUN_OPT },
 				{ "cert", required_argument, NULL, CERT_FILE_OPT },
@@ -1048,6 +1052,9 @@ static void set_option(int c, char *value)
 	case STALE_NONCE_OPT:
 		turn_params.stale_nonce = get_bool_value(value);
 		break;
+	case PERMISSION_LIFETIME_OPT:
+		turn_params.permission_lifetime = get_int_value(value, STUN_DEFAULT_PERMISSION_LIFETIME);
+		break;
 	case MAX_ALLOCATE_TIMEOUT_OPT:
 		TURN_MAX_ALLOCATE_TIMEOUT = atoi(value);
 		TURN_MAX_ALLOCATE_TIMEOUT_STUN_ONLY = atoi(value);

diff --git a/src/apps/relay/mainrelay.h b/src/apps/relay/mainrelay.h
@@ -285,6 +285,7 @@ typedef struct _turn_params_ {
   int fingerprint;
   char rest_api_separator;
   vint stale_nonce;
+  vint permission_lifetime;
   vint mobility;
   turn_credential_type ct;
   int use_auth_secret_with_timestamp;

diff --git a/src/apps/relay/netengine.c b/src/apps/relay/netengine.c
@@ -1633,6 +1633,7 @@ static void setup_relay_server(struct relay_server *rs, ioa_engine_handle e, int
 			 &turn_params.no_tcp_relay,
 			 &turn_params.no_udp_relay,
 			 &turn_params.stale_nonce,
+			 &turn_params.permission_lifetime,
 			 &turn_params.stun_only,
 			 &turn_params.no_stun,
 			 &turn_params.alternate_servers_list,

diff --git a/src/client/ns_turn_msg_defs.h b/src/client/ns_turn_msg_defs.h
@@ -64,7 +64,7 @@
 #define STUN_MIN_ALLOCATE_LIFETIME STUN_DEFAULT_ALLOCATE_LIFETIME
 #define STUN_MAX_ALLOCATE_LIFETIME (3600)
 #define STUN_CHANNEL_LIFETIME (600)
-#define STUN_PERMISSION_LIFETIME (300)
+#define STUN_DEFAULT_PERMISSION_LIFETIME (300)
 #define STUN_NONCE_EXPIRATION_TIME (600)
 /**/
 

diff --git a/src/server/ns_turn_server.c b/src/server/ns_turn_server.c
@@ -848,7 +848,7 @@ static int update_turn_permission_lifetime(ts_ur_super_session *ss, turn_permiss
 
 		if (server) {
 
-			if(!time_delta) time_delta = STUN_PERMISSION_LIFETIME;
+			if(!time_delta) time_delta = *(server->permission_lifetime);
 			tinfo->expiration_time = server->ctime + time_delta;
 
 			IOA_EVENT_DEL(tinfo->lifetime_ev);
@@ -4796,6 +4796,7 @@ void init_turn_server(turn_turnserver* server,
 		vintp no_tcp_relay,
 		vintp no_udp_relay,
 		vintp stale_nonce,
+		vintp permission_lifetime,
 		vintp stun_only,
 		vintp no_stun,
 		turn_server_addrs_list_t *alternate_servers_list,
@@ -4851,6 +4852,7 @@ void init_turn_server(turn_turnserver* server,
 	server->self_udp_balance = self_udp_balance;
 
 	server->stale_nonce = stale_nonce;
+	server->permission_lifetime = permission_lifetime;
 	server->stun_only = stun_only;
 	server->no_stun = no_stun;
 

diff --git a/src/server/ns_turn_server.h b/src/server/ns_turn_server.h
@@ -115,6 +115,7 @@ struct _turn_turnserver {
 	int rfc5780;
 	vintp check_origin;
 	vintp stale_nonce;
+        vintp permission_lifetime;
 	vintp stun_only;
 	vintp no_stun;
 	vintp secure_stun;
@@ -184,6 +185,7 @@ void init_turn_server(turn_turnserver* server,
 				    vintp no_tcp_relay,
 				    vintp no_udp_relay,
 				    vintp stale_nonce,
+                                    vintp permission_lifetime,
 				    vintp stun_only,
 				    vintp no_stun,
 				    turn_server_addrs_list_t *alternate_servers_list,