From a0c8033da347acab62a5cf1462615e2dc0d43dcc Mon Sep 17 00:00:00 2001
From: robby <robby@debian.domain.none>
Date: Wed, 20 May 2020 15:43:35 +0200
Subject: [PATCH 1/3] List private rooms if valid admin_key was provided.

---
 plugins/janus_videoroom.c | 34 ++++++++++++++++++++++++++++------
 1 file changed, 28 insertions(+), 6 deletions(-)

diff --git a/plugins/janus_videoroom.c b/plugins/janus_videoroom.c
index e11688db8d..7ebc6b2f87 100644
--- a/plugins/janus_videoroom.c
+++ b/plugins/janus_videoroom.c
@@ -3551,12 +3551,33 @@ static json_t *janus_videoroom_process_synchronous_request(janus_videoroom_sessi
 			if(!room)
 				continue;
 			janus_refcount_increase(&room->ref);
-			if(room->is_private) {
-				/* Skip private room */
-				JANUS_LOG(LOG_VERB, "Skipping private room '%s'\n", room->room_name);
-				janus_refcount_decrease(&room->ref);
-				continue;
-			}
+      if(room->is_private) {
+        /* only if admin_key isset */
+        if(admin_key != NULL) {
+          json_t *admin_key_json = json_object_get(root, "admin_key");
+          /* verify admin_key was provided */
+          if(admin_key_json != NULL && strlen(json_string_value(admin_key_json)) > 0) {
+            JANUS_CHECK_SECRET(admin_key, root, "admin_key", error_code, error_cause,
+            JANUS_VIDEOROOM_ERROR_MISSING_ELEMENT, JANUS_VIDEOROOM_ERROR_INVALID_ELEMENT, JANUS_VIDEOROOM_ERROR_UNAUTHORIZED);
+            if(error_code != 0) {
+              JANUS_LOG(LOG_VERB, "No room list, wrong admin_key provided\n");
+              goto end_loop;
+            }
+          }
+          else {
+            /* Skip private room */
+            JANUS_LOG(LOG_VERB, "Skipping private room '%s'\n", room->room_name);
+            janus_refcount_decrease(&room->ref);
+            continue;
+          }
+        }
+        else {
+          /* Skip private room */
+          JANUS_LOG(LOG_VERB, "Skipping private room '%s'\n", room->room_name);
+          janus_refcount_decrease(&room->ref);
+          continue;
+        }
+      }
 			if(!g_atomic_int_get(&room->destroyed)) {
 				json_t *rl = json_object();
 				json_object_set_new(rl, "room", string_ids ? json_string(room->room_id_str) : json_integer(room->room_id));
@@ -3596,6 +3617,7 @@ static json_t *janus_videoroom_process_synchronous_request(janus_videoroom_sessi
 			}
 			janus_refcount_decrease(&room->ref);
 		}
+    end_loop:
 		janus_mutex_unlock(&rooms_mutex);
 		response = json_object();
 		json_object_set_new(response, "videoroom", json_string("success"));

From 013b7c495002b3ae4f83ceaee54d0baac4661363 Mon Sep 17 00:00:00 2001
From: robby <robby@debian.domain.none>
Date: Wed, 20 May 2020 19:13:36 +0200
Subject: [PATCH 2/3] Improvements to listing of private rooms if admin_key was
 provided.

---
 plugins/janus_videoroom.c | 50 +++++++++++++++++----------------------
 1 file changed, 22 insertions(+), 28 deletions(-)

diff --git a/plugins/janus_videoroom.c b/plugins/janus_videoroom.c
index 7ebc6b2f87..14bc633d0e 100644
--- a/plugins/janus_videoroom.c
+++ b/plugins/janus_videoroom.c
@@ -3546,38 +3546,33 @@ static json_t *janus_videoroom_process_synchronous_request(janus_videoroom_sessi
 		GHashTableIter iter;
 		gpointer value;
 		g_hash_table_iter_init(&iter, rooms);
+		gboolean lock_room_list = TRUE;
+		if(admin_key != NULL) {
+			json_t *admin_key_json = json_object_get(root, "admin_key");
+			/* Verify admin_key if it was provided */
+			if(admin_key_json != NULL && strlen(json_string_value(admin_key_json)) > 0) {
+				JANUS_CHECK_SECRET(admin_key, root, "admin_key", error_code, error_cause,
+					JANUS_VIDEOROOM_ERROR_MISSING_ELEMENT, JANUS_VIDEOROOM_ERROR_INVALID_ELEMENT, JANUS_VIDEOROOM_ERROR_UNAUTHORIZED);
+				if(error_code != 0) {
+					janus_mutex_unlock(&rooms_mutex);
+					goto prepare_response;
+				}
+				else {
+					lock_room_list = FALSE;
+				}
+			}
+		}
 		while(g_hash_table_iter_next(&iter, NULL, &value)) {
 			janus_videoroom *room = value;
 			if(!room)
 				continue;
 			janus_refcount_increase(&room->ref);
-      if(room->is_private) {
-        /* only if admin_key isset */
-        if(admin_key != NULL) {
-          json_t *admin_key_json = json_object_get(root, "admin_key");
-          /* verify admin_key was provided */
-          if(admin_key_json != NULL && strlen(json_string_value(admin_key_json)) > 0) {
-            JANUS_CHECK_SECRET(admin_key, root, "admin_key", error_code, error_cause,
-            JANUS_VIDEOROOM_ERROR_MISSING_ELEMENT, JANUS_VIDEOROOM_ERROR_INVALID_ELEMENT, JANUS_VIDEOROOM_ERROR_UNAUTHORIZED);
-            if(error_code != 0) {
-              JANUS_LOG(LOG_VERB, "No room list, wrong admin_key provided\n");
-              goto end_loop;
-            }
-          }
-          else {
-            /* Skip private room */
-            JANUS_LOG(LOG_VERB, "Skipping private room '%s'\n", room->room_name);
-            janus_refcount_decrease(&room->ref);
-            continue;
-          }
-        }
-        else {
-          /* Skip private room */
-          JANUS_LOG(LOG_VERB, "Skipping private room '%s'\n", room->room_name);
-          janus_refcount_decrease(&room->ref);
-          continue;
-        }
-      }
+			if(room->is_private && lock_room_list) {
+					/* Skip private room if no valid admin_key was provided */
+					JANUS_LOG(LOG_VERB, "Skipping private room '%s'\n", room->room_name);
+					janus_refcount_decrease(&room->ref);
+					continue;
+			}
 			if(!g_atomic_int_get(&room->destroyed)) {
 				json_t *rl = json_object();
 				json_object_set_new(rl, "room", string_ids ? json_string(room->room_id_str) : json_integer(room->room_id));
@@ -3617,7 +3612,6 @@ static json_t *janus_videoroom_process_synchronous_request(janus_videoroom_sessi
 			}
 			janus_refcount_decrease(&room->ref);
 		}
-    end_loop:
 		janus_mutex_unlock(&rooms_mutex);
 		response = json_object();
 		json_object_set_new(response, "videoroom", json_string("success"));

From e8e3f99fb9f5a3c44becba6891ec8a4f40f2f682 Mon Sep 17 00:00:00 2001
From: robby <robby@debian.domain.none>
Date: Wed, 20 May 2020 19:33:38 +0200
Subject: [PATCH 3/3] Added additional validation and style fixes

---
 plugins/janus_videoroom.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/plugins/janus_videoroom.c b/plugins/janus_videoroom.c
index 14bc633d0e..8498fba6ad 100644
--- a/plugins/janus_videoroom.c
+++ b/plugins/janus_videoroom.c
@@ -3550,14 +3550,13 @@ static json_t *janus_videoroom_process_synchronous_request(janus_videoroom_sessi
 		if(admin_key != NULL) {
 			json_t *admin_key_json = json_object_get(root, "admin_key");
 			/* Verify admin_key if it was provided */
-			if(admin_key_json != NULL && strlen(json_string_value(admin_key_json)) > 0) {
+			if(admin_key_json != NULL && json_is_string(admin_key_json) && strlen(json_string_value(admin_key_json)) > 0) {
 				JANUS_CHECK_SECRET(admin_key, root, "admin_key", error_code, error_cause,
 					JANUS_VIDEOROOM_ERROR_MISSING_ELEMENT, JANUS_VIDEOROOM_ERROR_INVALID_ELEMENT, JANUS_VIDEOROOM_ERROR_UNAUTHORIZED);
 				if(error_code != 0) {
 					janus_mutex_unlock(&rooms_mutex);
 					goto prepare_response;
-				}
-				else {
+				} else {
 					lock_room_list = FALSE;
 				}
 			}
@@ -3568,10 +3567,10 @@ static json_t *janus_videoroom_process_synchronous_request(janus_videoroom_sessi
 				continue;
 			janus_refcount_increase(&room->ref);
 			if(room->is_private && lock_room_list) {
-					/* Skip private room if no valid admin_key was provided */
-					JANUS_LOG(LOG_VERB, "Skipping private room '%s'\n", room->room_name);
-					janus_refcount_decrease(&room->ref);
-					continue;
+				/* Skip private room if no valid admin_key was provided */
+				JANUS_LOG(LOG_VERB, "Skipping private room '%s'\n", room->room_name);
+				janus_refcount_decrease(&room->ref);
+				continue;
 			}
 			if(!g_atomic_int_get(&room->destroyed)) {
 				json_t *rl = json_object();