X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=prosodyctl;h=247b099a94f73a30109a7139e45103a9fe32332f;hb=8785dcd4bd1ee99ad5653c0deea83e9730c06400;hp=cdeaaf26ffe3773bc0dc71513b59db0ee7dfe3ad;hpb=3b635da220bdbe28712f7007be430eb6e1283912;p=prosody.git diff --git a/prosodyctl b/prosodyctl index cdeaaf26..247b099a 100755 --- a/prosodyctl +++ b/prosodyctl @@ -50,6 +50,8 @@ local prosody = { platform = "posix"; lock_globals = function () end; unlock_globals = function () end; + installed = CFG_SOURCEDIR ~= nil; + core_post_stanza = function () end; -- TODO: mod_router! }; _G.prosody = prosody; @@ -60,16 +62,17 @@ end config = require "core.configmanager" +local ENV_CONFIG; do local filenames = {}; local filename; if arg[1] == "--config" and arg[2] then table.insert(filenames, arg[2]); - table.remove(arg, 1); table.remove(arg, 1); if CFG_CONFIGDIR then table.insert(filenames, CFG_CONFIGDIR.."/"..arg[2]); end + table.remove(arg, 1); table.remove(arg, 1); else for _, format in ipairs(config.parsers()) do table.insert(filenames, (CFG_CONFIGDIR or ".").."/prosody.cfg."..format); @@ -80,6 +83,7 @@ do local file = io.open(filename); if file then file:close(); + ENV_CONFIG = filename; CFG_CONFIGDIR = filename:match("^(.*)[\\/][^\\/]*$"); break; end @@ -106,11 +110,11 @@ do os.exit(1); end end -local original_logging_config = config.get("*", "core", "log"); -config.set("*", "core", "log", { { levels = { min="info" }, to = "console" } }); +local original_logging_config = config.get("*", "log"); +config.set("*", "log", { { levels = { min="info" }, to = "console" } }); -local data_path = config.get("*", "core", "data_path") or CFG_DATADIR or "data"; -local custom_plugin_paths = config.get("*", "core", "plugin_paths"); +local data_path = config.get("*", "data_path") or CFG_DATADIR or "data"; +local custom_plugin_paths = config.get("*", "plugin_paths"); if custom_plugin_paths then local path_sep = package.config:sub(3,3); -- path1;path2;path3;defaultpath... @@ -119,6 +123,11 @@ end prosody.paths = { source = CFG_SOURCEDIR, config = CFG_CONFIGDIR, plugins = CFG_PLUGINDIR or "plugins", data = data_path }; +if prosody.installed then + -- Change working directory to data path. + require "lfs".chdir(data_path); +end + require "core.loggingmanager" dependencies.log_warnings(); @@ -126,7 +135,7 @@ dependencies.log_warnings(); -- Switch away from root and into the prosody user -- local switched_user, current_uid; -local want_pposix_version = "0.3.5"; +local want_pposix_version = "0.3.6"; local ok, pposix = pcall(require, "util.pposix"); if ok and pposix then @@ -134,8 +143,8 @@ if ok and pposix then current_uid = pposix.getuid(); if current_uid == 0 then -- We haz root! - local desired_user = config.get("*", "core", "prosody_user") or "prosody"; - local desired_group = config.get("*", "core", "prosody_group") or desired_user; + local desired_user = config.get("*", "prosody_user") or "prosody"; + local desired_group = config.get("*", "prosody_group") or desired_user; local ok, err = pposix.setgid(desired_group); if ok then ok, err = pposix.initgroups(desired_user); @@ -154,11 +163,14 @@ if ok and pposix then end -- Set our umask to protect data files - pposix.umask(config.get("*", "core", "umask") or "027"); + pposix.umask(config.get("*", "umask") or "027"); + pposix.setenv("HOME", data_path); + pposix.setenv("PROSODY_CONFIG", ENV_CONFIG); else print("Error: Unable to load pposix module. Check that Prosody is installed correctly.") print("For more help send the below error to us through http://prosody.im/discuss"); print(tostring(pposix)) + os.exit(1); end local function test_writeable(filename) @@ -205,6 +217,7 @@ local error_messages = setmetatable({ ["invalid-hostname"] = "The given hostname is invalid"; ["no-password"] = "No password was supplied"; ["no-such-user"] = "The given user does not exist on the server"; + ["no-such-host"] = "The given hostname does not exist in the config"; ["unable-to-save-data"] = "Unable to store, perhaps you don't have permission?"; ["no-pidfile"] = "There is no 'pidfile' option in the configuration file, see http://prosody.im/doc/prosodyctl#pidfile for help"; ["no-posix"] = "The mod_posix module is not enabled in the Prosody config file, see http://prosody.im/doc/prosodyctl for more info"; @@ -218,6 +231,7 @@ local function make_host(hostname) return { type = "local", events = prosody.events, + modules = {}, users = require "core.usermanager".new_null_provider(hostname) }; end @@ -226,12 +240,27 @@ for hostname, config in pairs(config.getconfig()) do hosts[hostname] = make_host(hostname); end -require "core.modulemanager" +local modulemanager = require "core.modulemanager" -require "util.prosodyctl" +local prosodyctl = require "util.prosodyctl" require "socket" ----------------------- + -- FIXME: Duplicate code waiting for util.startup +function read_version() + -- Try to determine version + local version_file = io.open((CFG_SOURCEDIR or ".").."/prosody.version"); + if version_file then + prosody.version = version_file:read("*a"):gsub("%s*$", ""); + version_file:close(); + if #prosody.version == 12 and prosody.version:match("^[a-f0-9]+$") then + prosody.version = "hg:"..prosody.version; + end + else + prosody.version = "unknown"; + end +end + local show_message, show_warning = prosodyctl.show_message, prosodyctl.show_warning; local show_usage = prosodyctl.show_usage; local getchar, getpass = prosodyctl.getchar, prosodyctl.getpass; @@ -239,7 +268,7 @@ local show_yesno = prosodyctl.show_yesno; local show_prompt = prosodyctl.show_prompt; local read_password = prosodyctl.read_password; -local prosodyctl_timeout = (config.get("*", "core", "prosodyctl_timeout") or 5) * 2; +local prosodyctl_timeout = (config.get("*", "prosodyctl_timeout") or 5) * 2; ----------------------- local commands = {}; local command = arg[1]; @@ -350,7 +379,7 @@ function commands.deluser(arg) return 1; end - local ok, msg = prosodyctl.passwd { user = user, host = host }; + local ok, msg = prosodyctl.deluser { user = user, host = host }; if ok then return 0; end @@ -382,7 +411,7 @@ function commands.start(arg) local ok, ret = prosodyctl.start(); if ok then - if config.get("*", "core", "daemonize") ~= false then + if config.get("*", "daemonize") ~= false then local i=1; while true do local ok, running = prosodyctl.isrunning(); @@ -487,13 +516,14 @@ function commands.restart(arg) end function commands.about(arg) + read_version(); if arg[1] == "--help" then show_usage([[about]], [[Show information about this Prosody installation]]); return 1; end - require "util.array"; - require "util.iterators"; + local array = require "util.array"; + local keys = require "util.iterators".keys; print("Prosody "..(prosody.version or "(unknown version)")); print(""); @@ -613,104 +643,137 @@ function commands.unregister(arg) return 1; end -local x509 = require "util.x509"; -local genx509san = x509.genx509san; -local opensslbaseconf = x509.baseconf; -local seralizeopensslbaseconf = x509.serialize_conf; +local openssl; +local lfs; local cert_commands = {}; --- TODO Should this be moved to util.prosodyctl or x509? +local function ask_overwrite(filename) + return lfs.attributes(filename) and not show_yesno("Overwrite "..filename .. "?"); +end + function cert_commands.config(arg) if #arg >= 1 and arg[1] ~= "--help" then - local conf_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".cnf"; - if os.execute("test -f "..conf_filename) == 0 - and not show_yesno("Overwrite "..conf_filename .. "?") then + local conf_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".cnf"; + if ask_overwrite(conf_filename) then return nil, conf_filename; end - local conf = opensslbaseconf(); - conf.subject_alternative_name = genx509san(hosts, config, arg, true) - for k, v in pairs(conf.distinguished_name) do - local nv; - if k == "commonName" then - v = arg[1] - elseif k == "emailAddress" then - v = "xmpp@" .. arg[1]; + local conf = openssl.config.new(); + conf:from_prosody(hosts, config, arg); + show_message("Please provide details to include in the certificate config file."); + show_message("Leave the field empty to use the default value or '.' to exclude the field.") + for i, k in ipairs(openssl._DN_order) do + local v = conf.distinguished_name[k]; + if v then + local nv; + if k == "commonName" then + v = arg[1] + elseif k == "emailAddress" then + v = "xmpp@" .. arg[1]; + elseif k == "countryName" then + local tld = arg[1]:match"%.([a-z]+)$"; + if tld and #tld == 2 and tld ~= "uk" then + v = tld:upper(); + end + end + nv = show_prompt(("%s (%s):"):format(k, nv or v)); + nv = (not nv or nv == "") and v or nv; + if nv:find"[\192-\252][\128-\191]+" then + conf.req.string_mask = "utf8only" + end + conf.distinguished_name[k] = nv ~= "." and nv or nil; end - nv = show_prompt(("%s (%s):"):format(k, nv or v)); - nv = (not nv or nv == "") and v or nv; - conf.distinguished_name[k] = nv ~= "." and nv or nil; end local conf_file = io.open(conf_filename, "w"); - conf_file:write(seralizeopensslbaseconf(conf)); + conf_file:write(conf:serialize()); conf_file:close(); print(""); show_message("Config written to " .. conf_filename); return nil, conf_filename; else - show_usage("cert config HOSTNAME", "generates config for OpenSSL") + show_usage("cert config HOSTNAME [HOSTNAME+]", "Builds a certificate config file covering the supplied hostname(s)") end end function cert_commands.key(arg) if #arg >= 1 and arg[1] ~= "--help" then - local key_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".key"; - if os.execute("test -f "..key_filename) == 0 - and not show_yesno("Overwrite "..key_filename .. "?") then + local key_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".key"; + if ask_overwrite(key_filename) then return nil, key_filename; end + os.remove(key_filename); -- This file, if it exists is unlikely to have write permissions local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048); - os.execute(("openssl genrsa -out %s %d"):format(key_filename, tonumber(key_size))); - os.execute(("chmod 400 %s"):format(key_filename)); - show_message("Key written to ".. key_filename); - return nil, key_filename; + local old_umask = pposix.umask("0377"); + if openssl.genrsa{out=key_filename, key_size} then + os.execute(("chmod 400 '%s'"):format(key_filename)); + show_message("Key written to ".. key_filename); + pposix.umask(old_umask); + return nil, key_filename; + end + show_message("There was a problem, see OpenSSL output"); else - show_usage("cert key HOSTNAME ", "Generates a RSA key") + show_usage("cert key HOSTNAME ", "Generates a RSA key named HOSTNAME.key\n " + .."Prompts for a key size if none given") end end function cert_commands.request(arg) if #arg >= 1 and arg[1] ~= "--help" then - local req_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".req"; - if os.execute("test -f "..req_filename) == 0 - and not show_yesno("Overwrite "..req_filename .. "?") then + local req_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".req"; + if ask_overwrite(req_filename) then return nil, req_filename; end local _, key_filename = cert_commands.key({arg[1]}); - local _, conf_filename = cert_commands.config({arg[1]}); - os.execute(("openssl req -new -key %s -utf8 -config %s -out %s") - :format(key_filename, conf_filename, req_filename)); - show_message("Certificate request written to ".. req_filename); + local _, conf_filename = cert_commands.config(arg); + if openssl.req{new=true, key=key_filename, utf8=true, config=conf_filename, out=req_filename} then + show_message("Certificate request written to ".. req_filename); + else + show_message("There was a problem, see OpenSSL output"); + end else - show_usage("cert request HOSTNAME", "Generates a certificate request") + show_usage("cert request HOSTNAME [HOSTNAME+]", "Generates a certificate request for the supplied hostname(s)") end end function cert_commands.generate(arg) if #arg >= 1 and arg[1] ~= "--help" then - local cert_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".cert"; - if os.execute("test -f "..cert_filename) == 0 - and not show_yesno("Overwrite "..cert_filename .. "?") then + local cert_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".crt"; + if ask_overwrite(cert_filename) then return nil, cert_filename; end local _, key_filename = cert_commands.key({arg[1]}); - local _, conf_filename = cert_commands.config({arg[1]}); - os.execute(("openssl req -new -x509 -nodes -key %s -days 365 -sha1 -utf8 -config %s -out %s") - :format(key_filename, conf_filename, cert_filename)); - show_message("Certificate written to ".. cert_filename); + local _, conf_filename = cert_commands.config(arg); + local ret; + if key_filename and conf_filename and cert_filename + and openssl.req{new=true, x509=true, nodes=true, key=key_filename, + days=365, sha1=true, utf8=true, config=conf_filename, out=cert_filename} then + show_message("Certificate written to ".. cert_filename); + else + show_message("There was a problem, see OpenSSL output"); + end else - show_usage("cert generate HOSTNAME", "Generates a self-signed certificate") + show_usage("cert generate HOSTNAME [HOSTNAME+]", "Generates a self-signed certificate for the current hostname(s)") end end function commands.cert(arg) if #arg >= 1 and arg[1] ~= "--help" then + openssl = require "util.openssl"; + lfs = require "lfs"; local subcmd = table.remove(arg, 1); if type(cert_commands[subcmd]) == "function" then + if not arg[1] then + show_message"You need to supply at least one hostname" + arg = { "--help" }; + end + if arg[1] ~= "--help" and not hosts[arg[1]] then + show_message(error_messages["no-such-host"]); + return + end return cert_commands[subcmd](arg); end end - show_usage("cert config|request|generate|key", "Helpers for X.509 certificates.") + show_usage("cert config|request|generate|key", "Helpers for generating X.509 certificates and keys.") end ---------------------