@@ -345,7 +345,7 @@ static int mysql_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
int ret = -1 ;
char statement[TURN_LONG_STRING_SIZE];
/* direct user input eliminated - there is no SQL injection problem (since version 4.4.5.3) */
snprintf (statement,sizeof (statement)," select ikm_key,timestamp,lifetime,as_rs_alg from oauth_key where kid='%s '" ,(const char *)kid);
snprintf (statement,sizeof (statement)," select ikm_key,timestamp,lifetime,as_rs_alg,realm from oauth_key where kid='%s '" ,(const char *)kid);
MYSQL * myc = get_mydb_connection ();
if (myc) {
@@ -356,7 +356,7 @@ static int mysql_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
MYSQL_RES *mres = mysql_store_result (myc);
if (!mres) {
TURN_LOG_FUNC (TURN_LOG_LEVEL_ERROR, " Error retrieving MySQL DB information: %s \n " ,mysql_error (myc));
} else if (mysql_field_count (myc)!=4 ) {
} else if (mysql_field_count (myc)!=5 ) {
TURN_LOG_FUNC (TURN_LOG_LEVEL_ERROR, " Unknown error retrieving MySQL DB information: %s \n " ,statement);
} else {
MYSQL_ROW row = mysql_fetch_row (mres);
@@ -380,6 +380,9 @@ static int mysql_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
ns_bcopy (row[3 ],key->as_rs_alg ,lengths[3 ]);
key->as_rs_alg [lengths[3 ]]=0 ;
ns_bcopy (row[4 ],key->realm ,lengths[4 ]);
key->realm [lengths[4 ]]=0 ;
ret = 0 ;
}
}
@@ -392,13 +395,13 @@ static int mysql_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
return ret;
}
static int mysql_list_oauth_keys (secrets_list_t *kids,secrets_list_t *teas,secrets_list_t *tss,secrets_list_t *lts) {
static int mysql_list_oauth_keys (secrets_list_t *kids,secrets_list_t *teas,secrets_list_t *tss,secrets_list_t *lts, secrets_list_t *realms ) {
oauth_key_data_raw key_;
oauth_key_data_raw *key=&key_;
int ret = -1 ;
char statement[TURN_LONG_STRING_SIZE];
snprintf (statement,sizeof (statement)," select ikm_key,timestamp,lifetime,as_rs_alg,kid from oauth_key order by kid" );
snprintf (statement,sizeof (statement)," select ikm_key,timestamp,lifetime,as_rs_alg,realm, kid from oauth_key order by kid" );
MYSQL * myc = get_mydb_connection ();
if (myc) {
@@ -409,7 +412,7 @@ static int mysql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secre
MYSQL_RES *mres = mysql_store_result (myc);
if (!mres) {
TURN_LOG_FUNC (TURN_LOG_LEVEL_ERROR, " Error retrieving MySQL DB information: %s \n " ,mysql_error (myc));
} else if (mysql_field_count (myc)!=5 ) {
} else if (mysql_field_count (myc)!=6 ) {
TURN_LOG_FUNC (TURN_LOG_LEVEL_ERROR, " Unknown error retrieving MySQL DB information: %s \n " ,statement);
} else {
MYSQL_ROW row = mysql_fetch_row (mres);
@@ -433,12 +436,16 @@ static int mysql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secre
ns_bcopy (row[3 ],key->as_rs_alg ,lengths[3 ]);
key->as_rs_alg [lengths[3 ]]=0 ;
ns_bcopy (row[4 ],key->kid ,lengths[4 ]);
key->kid [lengths[4 ]]=0 ;
ns_bcopy (row[4 ],key->realm ,lengths[4 ]);
key->realm [lengths[4 ]]=0 ;
ns_bcopy (row[5 ],key->kid ,lengths[5 ]);
key->kid [lengths[5 ]]=0 ;
if (kids) {
add_to_secrets_list (kids,key->kid );
add_to_secrets_list (teas,key->as_rs_alg );
add_to_secrets_list (realms,key->realm );
{
char ts[256 ];
snprintf (ts,sizeof (ts)-1 ," %llu " ,(unsigned long long )key->timestamp );
@@ -450,9 +457,9 @@ static int mysql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secre
add_to_secrets_list (lts,lt);
}
} else {
printf (" kid=%s , ikm_key=%s , timestamp=%llu , lifetime=%lu , as_rs_alg=%s \n " ,
printf (" kid=%s , ikm_key=%s , timestamp=%llu , lifetime=%lu , as_rs_alg=%s , realm= %s \n " ,
key->kid , key->ikm_key , (unsigned long long )key->timestamp , (unsigned long )key->lifetime ,
key->as_rs_alg );
key->as_rs_alg ,key-> realm );
}
}
row = mysql_fetch_row (mres);
@@ -496,13 +503,13 @@ static int mysql_set_oauth_key(oauth_key_data_raw *key)
char statement[TURN_LONG_STRING_SIZE];
MYSQL * myc = get_mydb_connection ();
if (myc) {
snprintf (statement,sizeof (statement)," insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('%s ','%s ',%llu ,%lu ,'%s ')" ,
snprintf (statement,sizeof (statement)," insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg,realm ) values('%s ','%s ',%llu ,%lu ,' %s ' ,'%s ')" ,
key->kid ,key->ikm_key ,(unsigned long long )key->timestamp ,(unsigned long )key->lifetime ,
key->as_rs_alg );
key->as_rs_alg ,key-> realm );
int res = mysql_query (myc, statement);
if (res) {
snprintf (statement,sizeof (statement)," update oauth_key set ikm_key='%s ',timestamp=%lu ,lifetime=%lu , as_rs_alg='%s ' where kid='%s '" ,key->ikm_key ,(unsigned long )key->timestamp ,(unsigned long )key->lifetime ,
key->as_rs_alg ,key->kid );
snprintf (statement,sizeof (statement)," update oauth_key set ikm_key='%s ',timestamp=%lu ,lifetime=%lu , as_rs_alg='%s ', realm=' %s ' where kid='%s '" ,key->ikm_key ,(unsigned long )key->timestamp ,(unsigned long )key->lifetime ,
key->as_rs_alg ,key->realm ,key-> kid );
res = mysql_query (myc, statement);
if (res) {
TURN_LOG_FUNC (TURN_LOG_LEVEL_ERROR, " Error inserting/updating oauth key information: %s \n " ,mysql_error (myc));