["invalid-hostname"] = "The given hostname is invalid";
["no-password"] = "No password was supplied";
["no-such-user"] = "The given user does not exist on the server";
+ ["no-such-host"] = "The given hostname does not exist in the config";
["unable-to-save-data"] = "Unable to store, perhaps you don't have permission?";
["no-pidfile"] = "There is no 'pidfile' option in the configuration file, see http://prosody.im/doc/prosodyctl#pidfile for help";
["no-posix"] = "The mod_posix module is not enabled in the Prosody config file, see http://prosody.im/doc/prosodyctl for more info";
hosts[hostname] = make_host(hostname);
end
-require "core.modulemanager"
+local modulemanager = require "core.modulemanager"
-require "util.prosodyctl"
+local prosodyctl = require "util.prosodyctl"
require "socket"
-----------------------
+ -- FIXME: Duplicate code waiting for util.startup
+function read_version()
+ -- Try to determine version
+ local version_file = io.open((CFG_SOURCEDIR or ".").."/prosody.version");
+ if version_file then
+ prosody.version = version_file:read("*a"):gsub("%s*$", "");
+ version_file:close();
+ if #prosody.version == 12 and prosody.version:match("^[a-f0-9]+$") then
+ prosody.version = "hg:"..prosody.version;
+ end
+ else
+ prosody.version = "unknown";
+ end
+end
+
local show_message, show_warning = prosodyctl.show_message, prosodyctl.show_warning;
local show_usage = prosodyctl.show_usage;
local getchar, getpass = prosodyctl.getchar, prosodyctl.getpass;
local show_yesno = prosodyctl.show_yesno;
+local show_prompt = prosodyctl.show_prompt;
local read_password = prosodyctl.read_password;
local prosodyctl_timeout = (config.get("*", "core", "prosodyctl_timeout") or 5) * 2;
end
function commands.about(arg)
+ read_version();
if arg[1] == "--help" then
show_usage([[about]], [[Show information about this Prosody installation]]);
return 1;
end
- require "util.array";
- require "util.iterators";
+ local array = require "util.array";
+ local keys = require "util.iterators".keys;
print("Prosody "..(prosody.version or "(unknown version)"));
print("");
return 1;
end
+local openssl = require "util.openssl";
+local lfs = require "lfs";
+
+local cert_commands = {};
+
+local function ask_overwrite(filename)
+ return lfs.attributes(filename) and not show_yesno("Overwrite "..filename .. "?");
+end
+
+function cert_commands.config(arg)
+ if #arg >= 1 and arg[1] ~= "--help" then
+ local conf_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".cnf";
+ if ask_overwrite(conf_filename) then
+ return nil, conf_filename;
+ end
+ local conf = openssl.config.new();
+ conf:from_prosody(hosts, config, arg);
+ for k, v in pairs(conf.distinguished_name) do
+ local nv;
+ if k == "commonName" then
+ v = arg[1]
+ elseif k == "emailAddress" then
+ v = "xmpp@" .. arg[1];
+ end
+ nv = show_prompt(("%s (%s):"):format(k, nv or v));
+ nv = (not nv or nv == "") and v or nv;
+ if nv:find"[\192-\252][\128-\191]+" then
+ conf.req.string_mask = "utf8only"
+ end
+ conf.distinguished_name[k] = nv ~= "." and nv or nil;
+ end
+ local conf_file = io.open(conf_filename, "w");
+ conf_file:write(conf:serialize());
+ conf_file:close();
+ print("");
+ show_message("Config written to " .. conf_filename);
+ return nil, conf_filename;
+ else
+ show_usage("cert config HOSTNAME [HOSTNAME+]", "Builds a certificate config file covering the supplied hostname(s)")
+ end
+end
+
+function cert_commands.key(arg)
+ if #arg >= 1 and arg[1] ~= "--help" then
+ local key_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".key";
+ if ask_overwrite(key_filename) then
+ return nil, key_filename;
+ end
+ os.remove(key_filename); -- We chmod this file to not have write permissions
+ local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048);
+ if openssl.genrsa{out=key_filename, key_size} then
+ os.execute(("chmod 400 '%s'"):format(key_filename));
+ show_message("Key written to ".. key_filename);
+ return nil, key_filename;
+ end
+ show_message("There was a problem, see OpenSSL output");
+ else
+ show_usage("cert key HOSTNAME <bits>", "Generates a RSA key named HOSTNAME.key\n "
+ .."Prompts for a key size if none given")
+ end
+end
+
+function cert_commands.request(arg)
+ if #arg >= 1 and arg[1] ~= "--help" then
+ local req_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".req";
+ if ask_overwrite(req_filename) then
+ return nil, req_filename;
+ end
+ local _, key_filename = cert_commands.key({arg[1]});
+ local _, conf_filename = cert_commands.config(arg);
+ if openssl.req{new=true, key=key_filename, utf8=true, config=conf_filename, out=req_filename} then
+ show_message("Certificate request written to ".. req_filename);
+ else
+ show_message("There was a problem, see OpenSSL output");
+ end
+ else
+ show_usage("cert request HOSTNAME [HOSTNAME+]", "Generates a certificate request for the supplied hostname(s)")
+ end
+end
+
+function cert_commands.generate(arg)
+ if #arg >= 1 and arg[1] ~= "--help" then
+ local cert_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".cert";
+ if ask_overwrite(cert_filename) then
+ return nil, conf_filename;
+ end
+ local _, key_filename = cert_commands.key({arg[1]});
+ local _, conf_filename = cert_commands.config(arg);
+ local ret;
+ if key_filename and conf_filename and cert_filename
+ and openssl.req{new=true, x509=true, nodes=true, key=key_filename,
+ days=365, sha1=true, utf8=true, config=conf_filename, out=cert_filename} then
+ show_message("Certificate written to ".. cert_filename);
+ else
+ show_message("There was a problem, see OpenSSL output");
+ end
+ else
+ show_usage("cert generate HOSTNAME [HOSTNAME+]", "Generates a self-signed certificate for the current hostname(s)")
+ end
+end
+
+function commands.cert(arg)
+ if #arg >= 1 and arg[1] ~= "--help" then
+ local subcmd = table.remove(arg, 1);
+ if type(cert_commands[subcmd]) == "function" then
+ if not arg[1] then
+ show_message"You need to supply at least one hostname"
+ arg = { "--help" };
+ end
+ if arg[1] ~= "--help" and not hosts[arg[1]] then
+ show_message(error_messages["no-such-host"]);
+ return
+ end
+ return cert_commands[subcmd](arg);
+ end
+ end
+ show_usage("cert config|request|generate|key", "Helpers for generating X.509 certificates and keys.")
+end
+
---------------------
if command and command:match("^mod_") then -- Is a command in a module