["no-such-host"] = "The given hostname does not exist in the config";
["unable-to-save-data"] = "Unable to store, perhaps you don't have permission?";
["no-pidfile"] = "There is no 'pidfile' option in the configuration file, see http://prosody.im/doc/prosodyctl#pidfile for help";
+ ["invalid-pidfile"] = "The 'pidfile' option in the configuration file is not a string, see http://prosody.im/doc/prosodyctl#pidfile for help";
["no-posix"] = "The mod_posix module is not enabled in the Prosody config file, see http://prosody.im/doc/prosodyctl for more info";
["no-such-method"] = "This module has no commands";
["not-running"] = "Prosody is not running";
local modulemanager = require "core.modulemanager"
local prosodyctl = require "util.prosodyctl"
-require "socket"
+local socket = require "socket"
-----------------------
-- FIXME: Duplicate code waiting for util.startup
function read_version()
-- Try to determine version
local version_file = io.open((CFG_SOURCEDIR or ".").."/prosody.version");
+ prosody.version = "unknown";
if version_file then
prosody.version = version_file:read("*a"):gsub("%s*$", "");
version_file:close();
prosody.version = "hg:"..prosody.version;
end
else
- prosody.version = "unknown";
+ local hg = require"util.mercurial";
+ local hgid = hg.check_id(CFG_SOURCEDIR or ".");
+ if hgid then prosody.version = "hg:" .. hgid; end
end
end
local show_prompt = prosodyctl.show_prompt;
local read_password = prosodyctl.read_password;
+local jid_split = require "util.jid".prepped_split;
+
local prosodyctl_timeout = (config.get("*", "prosodyctl_timeout") or 5) * 2;
-----------------------
local commands = {};
local command = arg[1];
function commands.adduser(arg)
- local jid_split = require "util.jid".split;
if not arg[1] or arg[1] == "--help" then
show_usage([[adduser JID]], [[Create the specified user account in Prosody]]);
return 1;
end
function commands.passwd(arg)
- local jid_split = require "util.jid".split;
if not arg[1] or arg[1] == "--help" then
show_usage([[passwd JID]], [[Set the password for the specified user account in Prosody]]);
return 1;
end
function commands.deluser(arg)
- local jid_split = require "util.jid".split;
if not arg[1] or arg[1] == "--help" then
show_usage([[deluser JID]], [[Permanently remove the specified user account from Prosody]]);
return 1;
if not hosts[host] then
show_warning("The host '%s' is not listed in the configuration file (or is not enabled).", host)
- show_warning("The user will not be able to log in until this is changed.");
hosts[host] = make_host(host);
end
local ok, ret = prosodyctl.start();
if ok then
- if config.get("*", "daemonize") ~= false then
+ local daemonize = config.get("*", "daemonize");
+ if daemonize == nil then
+ daemonize = prosody.installed;
+ end
+ if daemonize then
local i=1;
while true do
local ok, running = prosodyctl.isrunning();
return 1;
end
+ local pwd = ".";
+ local lfs = require "lfs";
local array = require "util.array";
local keys = require "util.iterators".keys;
+ local hg = require"util.mercurial";
+ local relpath = config.resolve_relative_path;
print("Prosody "..(prosody.version or "(unknown version)"));
print("");
print("# Prosody directories");
- print("Data directory: ", CFG_DATADIR or "./");
- print("Plugin directory:", CFG_PLUGINDIR or "./");
- print("Config directory:", CFG_CONFIGDIR or "./");
- print("Source directory:", CFG_SOURCEDIR or "./");
+ print("Data directory: "..relpath(pwd, data_path));
+ print("Config directory: "..relpath(pwd, CFG_CONFIGDIR or "."));
+ print("Source directory: "..relpath(pwd, CFG_SOURCEDIR or "."));
+ print("Plugin directories:")
+ print(" "..(prosody.paths.plugins:gsub("([^;]+);?", function(path)
+ local opath = path;
+ path = config.resolve_relative_path(pwd, path);
+ local hgid, hgrepo = hg.check_id(path);
+ if not hgid and hgrepo then
+ return path.." - "..hgrepo .."!\n ";
+ end
+ -- 010452cfaf53 is the first commit in the prosody-modules repository
+ hgrepo = hgrepo == "010452cfaf53" and "prosody-modules";
+ return path..(hgid and " - "..(hgrepo or "HG").." rev: "..hgid or "")
+ .."\n ";
+ end)));
print("");
print("# Lua environment");
print("Lua version: ", _G._VERSION);
print(" "..path);
end
print("");
- local luarocks_status = (pcall(require, "luarocks.loader") and "Installed ("..(luarocks.cfg.program_version or "2.x+")..")")
+ local luarocks_status = (pcall(require, "luarocks.loader") and "Installed ("..(package.loaded["luarocks.cfg"].program_version or "2.x+")..")")
or (pcall(require, "luarocks.require") and "Installed (1.x)")
or "Not installed";
print("LuaRocks: ", luarocks_status);
print("");
print("# Lua module versions");
local module_versions, longest_name = {}, 8;
+ local luaevent =dependencies.softreq"luaevent";
+ local ssl = dependencies.softreq"ssl";
for name, module in pairs(package.loaded) do
if type(module) == "table" and rawget(module, "_VERSION")
and name ~= "_G" and not name:match("%.") then
conf.distinguished_name[k] = nv ~= "." and nv or nil;
end
end
- local conf_file = io.open(conf_filename, "w");
+ local conf_file, err = io.open(conf_filename, "w");
+ if not conf_file then
+ show_warning("Could not open OpenSSL config file for writing");
+ show_warning(err);
+ os.exit(1);
+ end
conf_file:write(conf:serialize());
conf_file:close();
print("");
end
local _, key_filename = cert_commands.key({arg[1]});
local _, conf_filename = cert_commands.config(arg);
- if openssl.req{new=true, key=key_filename, utf8=true, config=conf_filename, out=req_filename} then
+ if openssl.req{new=true, key=key_filename, utf8=true, sha256=true, config=conf_filename, out=req_filename} then
show_message("Certificate request written to ".. req_filename);
else
show_message("There was a problem, see OpenSSL output");
local ret;
if key_filename and conf_filename and cert_filename
and openssl.req{new=true, x509=true, nodes=true, key=key_filename,
- days=365, sha1=true, utf8=true, config=conf_filename, out=cert_filename} then
+ days=365, sha256=true, utf8=true, config=conf_filename, out=cert_filename} then
show_message("Certificate written to ".. cert_filename);
else
show_message("There was a problem, see OpenSSL output");
local array, set = require "util.array", require "util.set";
local it = require "util.iterators";
local ok = true;
+ local function disabled_hosts(host, conf) return host ~= "*" and conf.enabled ~= false; end
+ local function enabled_hosts() return it.filter(disabled_hosts, pairs(config.getconfig())); end
+ if not what or what == "disabled" then
+ local disabled_hosts = set.new();
+ for host, host_options in it.filter("*", pairs(config.getconfig())) do
+ if host_options.enabled == false then
+ disabled_hosts:add(host);
+ end
+ end
+ if not disabled_hosts:empty() then
+ local msg = "Checks will be skipped for these disabled hosts: %s";
+ if what then msg = "These hosts are disabled: %s"; end
+ show_warning(msg, tostring(disabled_hosts));
+ if what then return 0; end
+ print""
+ end
+ end
if not what or what == "config" then
print("Checking config...");
+ local deprecated = set.new({
+ "bosh_ports", "disallow_s2s", "no_daemonize", "anonymous_login", "require_encryption",
+ });
local known_global_options = set.new({
"pidfile", "log", "plugin_paths", "prosody_user", "prosody_group", "daemonize",
- "umask", "prosodyctl_timeout", "use_ipv6", "use_libevent", "network_settings"
+ "umask", "prosodyctl_timeout", "use_ipv6", "use_libevent", "network_settings",
+ "network_backend", "http_default_host",
});
local config = config.getconfig();
-- Check that we have any global options (caused by putting a host at the top)
print(" No global options defined. Perhaps you have put a host definition at the top")
print(" of the config file? They should be at the bottom, see http://prosody.im/doc/configure#overview");
end
+ if it.count(enabled_hosts()) == 0 then
+ ok = false;
+ print("");
+ if it.count(it.filter("*", pairs(config))) == 0 then
+ print(" No hosts are defined, please add at least one VirtualHost section")
+ elseif config["*"]["enabled"] == false then
+ print(" No hosts are enabled. Remove enabled = false from the global section or put enabled = true under at least one VirtualHost section")
+ else
+ print(" All hosts are disabled. Remove enabled = false from at least one VirtualHost section")
+ end
+ end
-- Check for global options under hosts
local global_options = set.new(it.to_array(it.keys(config["*"])));
- for host, options in it.filter("*", pairs(config)) do
+ local deprecated_global_options = set.intersection(global_options, deprecated);
+ if not deprecated_global_options:empty() then
+ print("");
+ print(" You have some deprecated options in the global section:");
+ print(" "..tostring(deprecated_global_options))
+ ok = false;
+ end
+ for host, options in enabled_hosts() do
local host_options = set.new(it.to_array(it.keys(options)));
local misplaced_options = set.intersection(host_options, known_global_options);
for name in pairs(options) do
end
if not what or what == "dns" then
local dns = require "net.dns";
+ local idna = require "util.encodings".idna;
local ip = require "util.ip";
local c2s_ports = set.new(config.get("*", "c2s_ports") or {5222});
local s2s_ports = set.new(config.get("*", "s2s_ports") or {5269});
local fqdn = socket.dns.tohostname(socket.dns.gethostname());
if fqdn then
- local res = dns.lookup(fqdn, "A");
+ local res = dns.lookup(idna.to_ascii(fqdn), "A");
if res then
for _, record in ipairs(res) do
external_addresses:add(record.a);
end
end
- local res = dns.lookup(fqdn, "AAAA");
+ local res = dns.lookup(idna.to_ascii(fqdn), "AAAA");
if res then
for _, record in ipairs(res) do
external_addresses:add(record.aaaa);
local v6_supported = not not socket.tcp6;
- for host, host_options in it.filter("*", pairs(config.getconfig())) do
+ for host, host_options in enabled_hosts() do
local all_targets_ok, some_targets_ok = true, false;
local is_component = not not host_options.component_module;
print("Checking DNS for "..(is_component and "component" or "host").." "..host.."...");
local target_hosts = set.new();
if not is_component then
- local res = dns.lookup("_xmpp-client._tcp."..host..".", "SRV");
+ local res = dns.lookup("_xmpp-client._tcp."..idna.to_ascii(host)..".", "SRV");
if res then
for _, record in ipairs(res) do
target_hosts:add(record.srv.target);
end
end
end
- local res = dns.lookup("_xmpp-server._tcp."..host..".", "SRV");
+ local res = dns.lookup("_xmpp-server._tcp."..idna.to_ascii(host)..".", "SRV");
if res then
for _, record in ipairs(res) do
target_hosts:add(record.srv.target);
if modules:contains("proxy65") then
local proxy65_target = config.get(host, "proxy65_address") or host;
- local A, AAAA = dns.lookup(proxy65_target, "A"), dns.lookup(proxy65_target, "AAAA");
+ local A, AAAA = dns.lookup(idna.to_ascii(proxy65_target), "A"), dns.lookup(idna.to_ascii(proxy65_target), "AAAA");
local prob = {};
if not A then
table.insert(prob, "A");
for host in target_hosts do
local host_ok_v4, host_ok_v6;
- local res = dns.lookup(host, "A");
+ local res = dns.lookup(idna.to_ascii(host), "A");
if res then
for _, record in ipairs(res) do
if external_addresses:contains(record.a) then
end
end
end
- local res = dns.lookup(host, "AAAA");
+ local res = dns.lookup(idna.to_ascii(host), "AAAA");
if res then
for _, record in ipairs(res) do
if external_addresses:contains(record.aaaa) then
local x509_verify_identity = require"util.x509".verify_identity;
local ssl = dependencies.softreq"ssl";
-- local datetime_parse = require"util.datetime".parse_x509;
- local load_cert = ssl and ssl.x509 and ssl.x509.load;
+ local load_cert = ssl and ssl.loadcertificate;
-- or ssl.cert_from_pem
if not ssl then
print("LuaSec not available, can't perform certificate checks")
print("This version of LuaSec (" .. ssl._VERSION .. ") does not support certificate checking");
cert_ok = false
else
- for host in pairs(hosts) do
- if host ~= "*" then -- Should check global certs too.
- print("Checking certificate for "..host);
- -- First, let's find out what certificate this host uses.
- local ssl_config = config.rawget(host, "ssl");
- if not ssl_config then
- local base_host = host:match("%.(.*)");
- ssl_config = config.get(base_host, "ssl");
- end
- if not ssl_config then
- print(" No 'ssl' option defined for "..host)
- cert_ok = false
- elseif not ssl_config.certificate then
- print(" No 'certificate' set in ssl option for "..host)
+ for host in enabled_hosts() do
+ print("Checking certificate for "..host);
+ -- First, let's find out what certificate this host uses.
+ local ssl_config = config.rawget(host, "ssl");
+ if not ssl_config then
+ local base_host = host:match("%.(.*)");
+ ssl_config = config.get(base_host, "ssl");
+ end
+ if not ssl_config then
+ print(" No 'ssl' option defined for "..host)
+ cert_ok = false
+ elseif not ssl_config.certificate then
+ print(" No 'certificate' set in ssl option for "..host)
+ cert_ok = false
+ elseif not ssl_config.key then
+ print(" No 'key' set in ssl option for "..host)
+ cert_ok = false
+ else
+ local key, err = io.open(ssl_config.key); -- Permissions check only
+ if not key then
+ print(" Could not open "..ssl_config.key..": "..err);
cert_ok = false
- elseif not ssl_config.key then
- print(" No 'key' set in ssl option for "..host)
+ else
+ key:close();
+ end
+ local cert_fh, err = io.open(ssl_config.certificate); -- Load the file.
+ if not cert_fh then
+ print(" Could not open "..ssl_config.certificate..": "..err);
cert_ok = false
else
- local key, err = io.open(ssl_config.key); -- Permissions check only
- if not key then
- print(" Could not open "..ssl_config.key..": "..err);
+ print(" Certificate: "..ssl_config.certificate)
+ local cert = load_cert(cert_fh:read"*a"); cert_fh = cert_fh:close();
+ if not cert:validat(os.time()) then
+ print(" Certificate has expired.")
cert_ok = false
- else
- key:close();
end
- local cert_fh, err = io.open(ssl_config.certificate); -- Load the file.
- if not cert_fh then
- print(" Could not open "..ssl_config.certificate..": "..err);
- cert_ok = false
- else
- print(" Certificate: "..ssl_config.certificate)
- local cert = load_cert(cert_fh:read"*a"); cert_fh = cert_fh:close();
- if not cert:validat(os.time()) then
- print(" Certificate has expired.")
- cert_ok = false
- end
- if config.get(host, "component_module") == nil
+ if config.get(host, "component_module") == nil
and not x509_verify_identity(host, "_xmpp-client", cert) then
- print(" Not vaild for client connections to "..host..".")
- cert_ok = false
- end
- if (not (config.get(name, "anonymous_login")
- or config.get(name, "authentication") == "anonymous"))
- and not x509_verify_identity(host, "_xmpp-client", cert) then
- print(" Not vaild for server-to-server connections to "..host..".")
- cert_ok = false
- end
+ print(" Not vaild for client connections to "..host..".")
+ cert_ok = false
+ end
+ if (not (config.get(host, "anonymous_login")
+ or config.get(host, "authentication") == "anonymous"))
+ and not x509_verify_identity(host, "_xmpp-server", cert) then
+ print(" Not vaild for server-to-server connections to "..host..".")
+ cert_ok = false
end
end
end