local show_usage = prosodyctl.show_usage;
local getchar, getpass = prosodyctl.getchar, prosodyctl.getpass;
local show_yesno = prosodyctl.show_yesno;
+local show_prompt = prosodyctl.show_prompt;
local read_password = prosodyctl.read_password;
local prosodyctl_timeout = (config.get("*", "core", "prosodyctl_timeout") or 5) * 2;
end
require "util.array";
- require "util.iterators";
+ local keys = require "util.iterators".keys;
print("Prosody "..(prosody.version or "(unknown version)"));
print("");
function commands.reload(arg)
if arg[1] == "--help" then
- show_usage([[reload]], [[Reload prosody configuration file]]);
+ show_usage([[reload]], [[Reload Prosody's configuration and re-open log files]]);
return 1;
end
local ok, ret = prosodyctl.reload();
if ok then
- show_message("Config updated");
+ show_message("Prosody log files re-opened and config file reloaded. You may need to reload modules for some changes to take effect.");
return 0;
end
return 1;
end
+local openssl = require "util.openssl";
+
+local cert_commands = {};
+
+function cert_commands.config(arg)
+ if #arg >= 1 and arg[1] ~= "--help" then
+ local conf_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".cnf";
+ if os.execute("test -f "..conf_filename) == 0
+ and not show_yesno("Overwrite "..conf_filename .. "?") then
+ return nil, conf_filename;
+ end
+ local conf = openssl.config.new();
+ conf:from_prosody(hosts, config, arg);
+ for k, v in pairs(conf.distinguished_name) do
+ local nv;
+ if k == "commonName" then
+ v = arg[1]
+ elseif k == "emailAddress" then
+ v = "xmpp@" .. arg[1];
+ end
+ nv = show_prompt(("%s (%s):"):format(k, nv or v));
+ nv = (not nv or nv == "") and v or nv;
+ conf.distinguished_name[k] = nv ~= "." and nv or nil;
+ end
+ local conf_file = io.open(conf_filename, "w");
+ conf_file:write(conf:serialize());
+ conf_file:close();
+ print("");
+ show_message("Config written to " .. conf_filename);
+ return nil, conf_filename;
+ else
+ show_usage("cert config HOSTNAME", "generates config for OpenSSL")
+ end
+end
+
+function cert_commands.key(arg)
+ if #arg >= 1 and arg[1] ~= "--help" then
+ local key_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".key";
+ if os.execute("test -f "..key_filename) == 0 then
+ if not show_yesno("Overwrite "..key_filename .. "?") then
+ return nil, key_filename;
+ end
+ os.remove(key_filename); -- We chmod this file to not have write permissions
+ end
+ local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048);
+ if openssl.genrsa{out=key_filename, key_size} then
+ os.execute(("chmod 400 '%s'"):format(key_filename));
+ show_message("Key written to ".. key_filename);
+ return nil, key_filename;
+ end
+ show_message("There was a problem, see OpenSSL output");
+ else
+ show_usage("cert key HOSTNAME <bits>", "Generates a RSA key")
+ end
+end
+
+function cert_commands.request(arg)
+ if #arg >= 1 and arg[1] ~= "--help" then
+ local req_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".req";
+ if os.execute("test -f "..req_filename) == 0
+ and not show_yesno("Overwrite "..req_filename .. "?") then
+ return nil, req_filename;
+ end
+ local _, key_filename = cert_commands.key({arg[1]});
+ local _, conf_filename = cert_commands.config({arg[1]});
+ if openssl.req{new=true, key=key_filename, utf8=true, config=conf_filename, out=req_filename} then
+ show_message("Certificate request written to ".. req_filename);
+ else
+ show_message("There was a problem, see OpenSSL output");
+ end
+ else
+ show_usage("cert request HOSTNAME", "Generates a certificate request")
+ end
+end
+
+function cert_commands.generate(arg)
+ if #arg >= 1 and arg[1] ~= "--help" then
+ local cert_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".cert";
+ if os.execute("test -f "..cert_filename) == 0
+ and not show_yesno("Overwrite "..cert_filename .. "?") then
+ return nil, cert_filename;
+ end
+ local _, key_filename = cert_commands.key({arg[1]});
+ local _, conf_filename = cert_commands.config({arg[1]});
+ local ret;
+ if key_filename and conf_filename and cert_filename
+ and openssl.req{new=true, x509=true, nodes=true, key=key_filename,
+ days=365, sha1=true, utf8=true, config=conf_filename, out=cert_filename} then
+ show_message("Certificate written to ".. cert_filename);
+ else
+ show_message("There was a problem, see OpenSSL output");
+ end
+ else
+ show_usage("cert generate HOSTNAME", "Generates a self-signed certificate")
+ end
+end
+
+function commands.cert(arg)
+ if #arg >= 1 and arg[1] ~= "--help" then
+ local subcmd = table.remove(arg, 1);
+ if type(cert_commands[subcmd]) == "function" then
+ return cert_commands[subcmd](arg);
+ end
+ end
+ show_usage("cert config|request|generate|key", "Helpers for X.509 certificates.")
+end
+
---------------------
if command and command:match("^mod_") then -- Is a command in a module