X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=prosodyctl;h=34a67e6893ceaea8f668614ae284c8134148061c;hb=87fd458b978eae310245ec4678ec1312e8da3f31;hp=1a487fb5f54dbb5b8b897ee3f226f51eea09ebf0;hpb=ea83efae5b3356534f19799f67e97f6f4555adf9;p=prosody.git

diff --git a/prosodyctl b/prosodyctl
index 1a487fb5..34a67e68 100755
--- a/prosodyctl
+++ b/prosodyctl
@@ -11,10 +11,10 @@
 
 -- Will be modified by configure script if run --
 
-CFG_SOURCEDIR=os.getenv("PROSODY_SRCDIR");
-CFG_CONFIGDIR=os.getenv("PROSODY_CFGDIR");
-CFG_PLUGINDIR=os.getenv("PROSODY_PLUGINDIR");
-CFG_DATADIR=os.getenv("PROSODY_DATADIR");
+CFG_SOURCEDIR=CFG_SOURCEDIR or os.getenv("PROSODY_SRCDIR");
+CFG_CONFIGDIR=CFG_CONFIGDIR or os.getenv("PROSODY_CFGDIR");
+CFG_PLUGINDIR=CFG_PLUGINDIR or os.getenv("PROSODY_PLUGINDIR");
+CFG_DATADIR=CFG_DATADIR or os.getenv("PROSODY_DATADIR");
 
 -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
 
@@ -233,6 +233,7 @@ local function make_host(hostname)
 		type = "local",
 		events = prosody.events,
 		modules = {},
+		sessions = {},
 		users = require "core.usermanager".new_null_provider(hostname)
 	};
 end
@@ -589,8 +590,11 @@ function commands.about(arg)
 			module_versions[name] = module._VERSION;
 		end
 	end
+	if luaevent then
+		module_versions["libevent"] = luaevent.core.libevent_version();
+	end
 	local sorted_keys = array.collect(keys(module_versions)):sort();
-	for _, name in ipairs(array.collect(keys(module_versions)):sort()) do
+	for _, name in ipairs(sorted_keys) do
 		print(name..":"..string.rep(" ", longest_name-#name), module_versions[name]);
 	end
 	print("");
@@ -697,30 +701,43 @@ function cert_commands.config(arg)
 		if use_existing(conf_filename) then
 			return nil, conf_filename;
 		end
+		local distinguished_name;
+		if arg[#arg]:find("^/") then
+			distinguished_name = table.remove(arg);
+		end
 		local conf = openssl.config.new();
 		conf:from_prosody(hosts, config, arg);
-		show_message("Please provide details to include in the certificate config file.");
-		show_message("Leave the field empty to use the default value or '.' to exclude the field.")
-		for i, k in ipairs(openssl._DN_order) do
-			local v = conf.distinguished_name[k];
-			if v then
-				local nv;
-				if k == "commonName" then
-					v = arg[1]
-				elseif k == "emailAddress" then
-					v = "xmpp@" .. arg[1];
-				elseif k == "countryName" then
-					local tld = arg[1]:match"%.([a-z]+)$";
-					if tld and #tld == 2 and tld ~= "uk" then
-						v = tld:upper();
+		if distinguished_name then
+			local dn = {};
+			for k, v in distinguished_name:gmatch("/([^=/]+)=([^/]+)") do
+				table.insert(dn, k);
+				dn[k] = v;
+			end
+			conf.distinguished_name = dn;
+		else
+			show_message("Please provide details to include in the certificate config file.");
+			show_message("Leave the field empty to use the default value or '.' to exclude the field.")
+			for _, k in ipairs(openssl._DN_order) do
+				local v = conf.distinguished_name[k];
+				if v then
+					local nv;
+					if k == "commonName" then
+						v = arg[1]
+					elseif k == "emailAddress" then
+						v = "xmpp@" .. arg[1];
+					elseif k == "countryName" then
+						local tld = arg[1]:match"%.([a-z]+)$";
+						if tld and #tld == 2 and tld ~= "uk" then
+							v = tld:upper();
+						end
 					end
+					nv = show_prompt(("%s (%s):"):format(k, nv or v));
+					nv = (not nv or nv == "") and v or nv;
+					if nv:find"[\192-\252][\128-\191]+" then
+						conf.req.string_mask = "utf8only"
+					end
+					conf.distinguished_name[k] = nv ~= "." and nv or nil;
 				end
-				nv = show_prompt(("%s (%s):"):format(k, nv or v));
-				nv = (not nv or nv == "") and v or nv;
-				if nv:find"[\192-\252][\128-\191]+" then
-					conf.req.string_mask = "utf8only"
-				end
-				conf.distinguished_name[k] = nv ~= "." and nv or nil;
 			end
 		end
 		local conf_file, err = io.open(conf_filename, "w");
@@ -852,6 +869,7 @@ function commands.check(arg)
 		print("Checking config...");
 		local deprecated = set.new({
 			"bosh_ports", "disallow_s2s", "no_daemonize", "anonymous_login", "require_encryption",
+			"vcard_compatibility",
 		});
 		local known_global_options = set.new({
 			"pidfile", "log", "plugin_paths", "prosody_user", "prosody_group", "daemonize",
@@ -956,9 +974,10 @@ function commands.check(arg)
 				print("    For more information see https://prosody.im/doc/storage");
 			end
 		end
+		local require_encryption = set.intersection(all_options, set.new({"require_encryption", "c2s_require_encryption", "s2s_require_encryption"})):empty();
 		local ssl = dependencies.softreq"ssl";
 		if not ssl then
-			if not set.intersection(all_options, set.new({"require_encryption", "c2s_require_encryption", "s2s_require_encryption"})):empty() then
+			if not require_encryption then
 				print("");
 				print("    You require encryption but LuaSec is not available.");
 				print("    Connections will fail.");
@@ -988,6 +1007,11 @@ function commands.check(arg)
 					ok = false;
 				end
 			end
+		elseif require_encryption and not all_modules:contains("tls") then
+			print("");
+			print("    You require encryption but mod_tls is not enabled.");
+			print("    Connections will fail.");
+			ok = false;
 		end
 		
 		print("Done.\n");
@@ -1045,11 +1069,15 @@ function commands.check(arg)
 		
 		local v6_supported = not not socket.tcp6;
 		
-		for host, host_options in enabled_hosts() do
+		for jid, host_options in enabled_hosts() do
 			local all_targets_ok, some_targets_ok = true, false;
+			local node, host = jid_split(jid);
 			
 			local is_component = not not host_options.component_module;
-			print("Checking DNS for "..(is_component and "component" or "host").." "..host.."...");
+			print("Checking DNS for "..(is_component and "component" or "host").." "..jid.."...");
+			if node then
+				print("Only the domain part ("..host..") is used in DNS.")
+			end
 			local target_hosts = set.new();
 			if not is_component then
 				local res = dns.lookup("_xmpp-client._tcp."..idna.to_ascii(host)..".", "SRV");
@@ -1063,7 +1091,7 @@ function commands.check(arg)
 				else
 					if c2s_srv_required then
 						print("    No _xmpp-client SRV record found for "..host..", but it looks like you need one.");
-						all_targst_ok = false;
+						all_targets_ok = false;
 					else
 						target_hosts:add(host);
 					end
@@ -1183,6 +1211,7 @@ function commands.check(arg)
 		local cert_ok;
 		print"Checking certificates..."
 		local x509_verify_identity = require"util.x509".verify_identity;
+		local create_context = require "core.certmanager".create_context;
 		local ssl = dependencies.softreq"ssl";
 		-- local datetime_parse = require"util.datetime".parse_x509;
 		local load_cert = ssl and ssl.loadcertificate;
@@ -1197,19 +1226,18 @@ function commands.check(arg)
 			for host in enabled_hosts() do
 				print("Checking certificate for "..host);
 				-- First, let's find out what certificate this host uses.
-				local ssl_config = config.rawget(host, "ssl");
-				if not ssl_config then
-					local base_host = host:match("%.(.*)");
-					ssl_config = config.get(base_host, "ssl");
-				end
-				if not ssl_config then
-					print("  No 'ssl' option defined for "..host)
+				local host_ssl_config = config.rawget(host, "ssl")
+					or config.rawget(host:match("%.(.*)"), "ssl");
+				local global_ssl_config = config.rawget("*", "ssl");
+				local ok, err, ssl_config = create_context(host, "server", host_ssl_config, global_ssl_config);
+				if not ok then
+					print("  Error: "..err);
 					cert_ok = false
 				elseif not ssl_config.certificate then
-					print("  No 'certificate' set in ssl option for "..host)
+					print("  No 'certificate' found for "..host)
 					cert_ok = false
 				elseif not ssl_config.key then
-					print("  No 'key' set in ssl option for "..host)
+					print("  No 'key' found for "..host)
 					cert_ok = false
 				else
 					local key, err = io.open(ssl_config.key); -- Permissions check only
@@ -1229,16 +1257,23 @@ function commands.check(arg)
 						if not cert:validat(os.time()) then
 							print("    Certificate has expired.")
 							cert_ok = false
+						elseif not cert:validat(os.time() + 86400) then
+							print("    Certificate expires within one day.")
+							cert_ok = false
+						elseif not cert:validat(os.time() + 86400*7) then
+							print("    Certificate expires within one week.")
+						elseif not cert:validat(os.time() + 86400*31) then
+							print("    Certificate expires within one month.")
 						end
 						if config.get(host, "component_module") == nil
 							and not x509_verify_identity(host, "_xmpp-client", cert) then
-							print("    Not vaild for client connections to "..host..".")
+							print("    Not valid for client connections to "..host..".")
 							cert_ok = false
 						end
 						if (not (config.get(host, "anonymous_login")
 							or config.get(host, "authentication") == "anonymous"))
 							and not x509_verify_identity(host, "_xmpp-server", cert) then
-							print("    Not vaild for server-to-server connections to "..host..".")
+							print("    Not valid for server-to-server connections to "..host..".")
 							cert_ok = false
 						end
 					end