X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=prosodyctl;h=e3bc6ffabbf0aa20531fac918bcefacae64fd099;hb=873005c41b407731d759be423c51cb251346c0ae;hp=e4ef45ad2a1f7f00d88488ddcb75d31689e248d5;hpb=625789e82062191ae505a6da718a654556a9b922;p=prosody.git diff --git a/prosodyctl b/prosodyctl index e4ef45ad..e3bc6ffa 100755 --- a/prosodyctl +++ b/prosodyctl @@ -11,10 +11,10 @@ -- Will be modified by configure script if run -- -CFG_SOURCEDIR=os.getenv("PROSODY_SRCDIR"); -CFG_CONFIGDIR=os.getenv("PROSODY_CFGDIR"); -CFG_PLUGINDIR=os.getenv("PROSODY_PLUGINDIR"); -CFG_DATADIR=os.getenv("PROSODY_DATADIR"); +CFG_SOURCEDIR=CFG_SOURCEDIR or os.getenv("PROSODY_SRCDIR"); +CFG_CONFIGDIR=CFG_CONFIGDIR or os.getenv("PROSODY_CFGDIR"); +CFG_PLUGINDIR=CFG_PLUGINDIR or os.getenv("PROSODY_PLUGINDIR"); +CFG_DATADIR=CFG_DATADIR or os.getenv("PROSODY_DATADIR"); -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- @@ -103,7 +103,7 @@ do print("A sample config file is included in the Prosody download called prosody.cfg.lua.dist"); print("Copy or rename it to prosody.cfg.lua and edit as necessary."); end - print("More help on configuring Prosody can be found at http://prosody.im/doc/configure"); + print("More help on configuring Prosody can be found at https://prosody.im/doc/configure"); print("Good luck!"); print("**************************"); print(""); @@ -168,7 +168,7 @@ if ok and pposix then pposix.setenv("PROSODY_CONFIG", ENV_CONFIG); else print("Error: Unable to load pposix module. Check that Prosody is installed correctly.") - print("For more help send the below error to us through http://prosody.im/discuss"); + print("For more help send the below error to us through https://prosody.im/discuss"); print(tostring(pposix)) os.exit(1); end @@ -219,9 +219,9 @@ local error_messages = setmetatable({ ["no-such-user"] = "The given user does not exist on the server"; ["no-such-host"] = "The given hostname does not exist in the config"; ["unable-to-save-data"] = "Unable to store, perhaps you don't have permission?"; - ["no-pidfile"] = "There is no 'pidfile' option in the configuration file, see http://prosody.im/doc/prosodyctl#pidfile for help"; - ["invalid-pidfile"] = "The 'pidfile' option in the configuration file is not a string, see http://prosody.im/doc/prosodyctl#pidfile for help"; - ["no-posix"] = "The mod_posix module is not enabled in the Prosody config file, see http://prosody.im/doc/prosodyctl for more info"; + ["no-pidfile"] = "There is no 'pidfile' option in the configuration file, see https://prosody.im/doc/prosodyctl#pidfile for help"; + ["invalid-pidfile"] = "The 'pidfile' option in the configuration file is not a string, see https://prosody.im/doc/prosodyctl#pidfile for help"; + ["no-posix"] = "The mod_posix module is not enabled in the Prosody config file, see https://prosody.im/doc/prosodyctl for more info"; ["no-such-method"] = "This module has no commands"; ["not-running"] = "Prosody is not running"; }, { __index = function (t,k) return "Error: "..(tostring(k):gsub("%-", " "):gsub("^.", string.upper)); end }); @@ -233,6 +233,7 @@ local function make_host(hostname) type = "local", events = prosody.events, modules = {}, + sessions = {}, users = require "core.usermanager".new_null_provider(hostname) }; end @@ -364,8 +365,8 @@ function commands.deluser(arg) end local user, host = jid_split(arg[1]); if not user and host then - show_message [[Failed to understand JID, please supply the JID you want to set the password for]] - show_usage [[passwd user@host]] + show_message [[Failed to understand JID, please supply the JID to the user account you want to delete]] + show_usage [[deluser user@host]] return 1; end @@ -589,8 +590,11 @@ function commands.about(arg) module_versions[name] = module._VERSION; end end + if luaevent then + module_versions["libevent"] = luaevent.core.libevent_version(); + end local sorted_keys = array.collect(keys(module_versions)):sort(); - for _, name in ipairs(array.collect(keys(module_versions)):sort()) do + for _, name in ipairs(sorted_keys) do print(name..":"..string.rep(" ", longest_name-#name), module_versions[name]); end print(""); @@ -697,30 +701,43 @@ function cert_commands.config(arg) if use_existing(conf_filename) then return nil, conf_filename; end + local distinguished_name; + if arg[#arg]:find("^/") then + distinguished_name = table.remove(arg); + end local conf = openssl.config.new(); conf:from_prosody(hosts, config, arg); - show_message("Please provide details to include in the certificate config file."); - show_message("Leave the field empty to use the default value or '.' to exclude the field.") - for i, k in ipairs(openssl._DN_order) do - local v = conf.distinguished_name[k]; - if v then - local nv; - if k == "commonName" then - v = arg[1] - elseif k == "emailAddress" then - v = "xmpp@" .. arg[1]; - elseif k == "countryName" then - local tld = arg[1]:match"%.([a-z]+)$"; - if tld and #tld == 2 and tld ~= "uk" then - v = tld:upper(); + if distinguished_name then + local dn = {}; + for k, v in distinguished_name:gmatch("/([^=/]+)=([^/]+)") do + table.insert(dn, k); + dn[k] = v; + end + conf.distinguished_name = dn; + else + show_message("Please provide details to include in the certificate config file."); + show_message("Leave the field empty to use the default value or '.' to exclude the field.") + for i, k in ipairs(openssl._DN_order) do + local v = conf.distinguished_name[k]; + if v then + local nv; + if k == "commonName" then + v = arg[1] + elseif k == "emailAddress" then + v = "xmpp@" .. arg[1]; + elseif k == "countryName" then + local tld = arg[1]:match"%.([a-z]+)$"; + if tld and #tld == 2 and tld ~= "uk" then + v = tld:upper(); + end end + nv = show_prompt(("%s (%s):"):format(k, nv or v)); + nv = (not nv or nv == "") and v or nv; + if nv:find"[\192-\252][\128-\191]+" then + conf.req.string_mask = "utf8only" + end + conf.distinguished_name[k] = nv ~= "." and nv or nil; end - nv = show_prompt(("%s (%s):"):format(k, nv or v)); - nv = (not nv or nv == "") and v or nv; - if nv:find"[\192-\252][\128-\191]+" then - conf.req.string_mask = "utf8only" - end - conf.distinguished_name[k] = nv ~= "." and nv or nil; end end local conf_file, err = io.open(conf_filename, "w"); @@ -792,6 +809,8 @@ function cert_commands.generate(arg) and openssl.req{new=true, x509=true, nodes=true, key=key_filename, days=365, sha256=true, utf8=true, config=conf_filename, out=cert_filename} then show_message("Certificate written to ".. cert_filename); + print(); + show_message(("Example config:\n\nssl = {\n\tcertificate = %q;\n\tkey = %q;\n}"):format(cert_filename, key_filename)); else show_message("There was a problem, see OpenSSL output"); end @@ -850,6 +869,7 @@ function commands.check(arg) print("Checking config..."); local deprecated = set.new({ "bosh_ports", "disallow_s2s", "no_daemonize", "anonymous_login", "require_encryption", + "vcard_compatibility", }); local known_global_options = set.new({ "pidfile", "log", "plugin_paths", "prosody_user", "prosody_group", "daemonize", @@ -862,7 +882,7 @@ function commands.check(arg) ok = false; print(""); print(" No global options defined. Perhaps you have put a host definition at the top") - print(" of the config file? They should be at the bottom, see http://prosody.im/doc/configure#overview"); + print(" of the config file? They should be at the bottom, see https://prosody.im/doc/configure#overview"); end if it.count(enabled_hosts()) == 0 then ok = false; @@ -875,6 +895,20 @@ function commands.check(arg) print(" All hosts are disabled. Remove enabled = false from at least one VirtualHost section") end end + if not config["*"].modules_enabled then + print(" No global modules_enabled is set?"); + local suggested_global_modules; + for host, options in enabled_hosts() do + if not options.component_module and options.modules_enabled then + suggested_global_modules = set.intersection(suggested_global_modules or set.new(options.modules_enabled), set.new(options.modules_enabled)); + end + end + if not suggested_global_modules:empty() then + print(" Consider moving these modules into modules_enabled in the global section:") + print(" "..tostring(suggested_global_modules / function (x) return ("%q"):format(x) end)); + end + print(); + end -- Check for global options under hosts local global_options = set.new(it.to_array(it.keys(config["*"]))); local deprecated_global_options = set.intersection(global_options, deprecated); @@ -900,7 +934,7 @@ function commands.check(arg) local n = it.count(misplaced_options); print(" You have "..n.." option"..(n>1 and "s " or " ").."set under "..host.." that should be"); print(" in the global section of the config file, above any VirtualHost or Component definitions,") - print(" see http://prosody.im/doc/configure#overview for more information.") + print(" see https://prosody.im/doc/configure#overview for more information.") print(""); print(" You need to move the following option"..(n>1 and "s" or "")..": "..table.concat(it.to_array(misplaced_options), ", ")); end @@ -910,7 +944,7 @@ function commands.check(arg) print(""); print(" Suggestion: If "..host.. " is a new host with no real users yet, consider renaming it now to"); print(" "..host:gsub("^[^.]+%.", "")..". You can use SRV records to redirect XMPP clients and servers to "..host.."."); - print(" For more information see: http://prosody.im/doc/dns"); + print(" For more information see: https://prosody.im/doc/dns"); end end local all_modules = set.new(config["*"].modules_enabled); @@ -1029,11 +1063,15 @@ function commands.check(arg) local v6_supported = not not socket.tcp6; - for host, host_options in enabled_hosts() do + for jid, host_options in enabled_hosts() do local all_targets_ok, some_targets_ok = true, false; + local node, host = jid_split(jid); local is_component = not not host_options.component_module; - print("Checking DNS for "..(is_component and "component" or "host").." "..host.."..."); + print("Checking DNS for "..(is_component and "component" or "host").." "..jid.."..."); + if node then + print("Only the domain part ("..host..") is used in DNS.") + end local target_hosts = set.new(); if not is_component then local res = dns.lookup("_xmpp-client._tcp."..idna.to_ascii(host)..".", "SRV"); @@ -1047,7 +1085,7 @@ function commands.check(arg) else if c2s_srv_required then print(" No _xmpp-client SRV record found for "..host..", but it looks like you need one."); - all_targst_ok = false; + all_targets_ok = false; else target_hosts:add(host); end @@ -1078,8 +1116,8 @@ function commands.check(arg) target_hosts:remove("localhost"); end - local modules = set.new(it.to_array(it.values(host_options.modules_enabled))) - + set.new(it.to_array(it.values(config.get("*", "modules_enabled")))) + local modules = set.new(it.to_array(it.values(host_options.modules_enabled or {}))) + + set.new(it.to_array(it.values(config.get("*", "modules_enabled") or {}))) + set.new({ config.get(host, "component_module") }); if modules:contains("proxy65") then @@ -1144,7 +1182,7 @@ function commands.check(arg) end if host_ok_v6 and not v6_supported then print(" Host "..host.." has AAAA records, but your version of LuaSocket does not support IPv6."); - print(" Please see http://prosody.im/doc/ipv6 for more information."); + print(" Please see https://prosody.im/doc/ipv6 for more information."); end end if not all_targets_ok then @@ -1158,7 +1196,7 @@ function commands.check(arg) end if not problem_hosts:empty() then print(""); - print("For more information about DNS configuration please see http://prosody.im/doc/dns"); + print("For more information about DNS configuration please see https://prosody.im/doc/dns"); print(""); ok = false; end @@ -1167,6 +1205,7 @@ function commands.check(arg) local cert_ok; print"Checking certificates..." local x509_verify_identity = require"util.x509".verify_identity; + local create_context = require "core.certmanager".create_context; local ssl = dependencies.softreq"ssl"; -- local datetime_parse = require"util.datetime".parse_x509; local load_cert = ssl and ssl.loadcertificate; @@ -1181,19 +1220,18 @@ function commands.check(arg) for host in enabled_hosts() do print("Checking certificate for "..host); -- First, let's find out what certificate this host uses. - local ssl_config = config.rawget(host, "ssl"); - if not ssl_config then - local base_host = host:match("%.(.*)"); - ssl_config = config.get(base_host, "ssl"); - end - if not ssl_config then - print(" No 'ssl' option defined for "..host) + local host_ssl_config = config.rawget(host, "ssl") + or config.rawget(host:match("%.(.*)"), "ssl"); + local global_ssl_config = config.rawget("*", "ssl"); + local ok, err, ssl_config = create_context(host, "server", host_ssl_config, global_ssl_config); + if not ok then + print(" Error: "..err); cert_ok = false elseif not ssl_config.certificate then - print(" No 'certificate' set in ssl option for "..host) + print(" No 'certificate' found for "..host) cert_ok = false elseif not ssl_config.key then - print(" No 'key' set in ssl option for "..host) + print(" No 'key' found for "..host) cert_ok = false else local key, err = io.open(ssl_config.key); -- Permissions check only @@ -1213,6 +1251,13 @@ function commands.check(arg) if not cert:validat(os.time()) then print(" Certificate has expired.") cert_ok = false + elseif not cert:validat(os.time() + 86400) then + print(" Certificate expires within one day.") + cert_ok = false + elseif not cert:validat(os.time() + 86400*7) then + print(" Certificate expires within one week.") + elseif not cert:validat(os.time() + 86400*31) then + print(" Certificate expires within one month.") end if config.get(host, "component_module") == nil and not x509_verify_identity(host, "_xmpp-client", cert) then @@ -1230,7 +1275,7 @@ function commands.check(arg) end if cert_ok == false then print("") - print("For more information about certificates please see http://prosody.im/doc/certificates"); + print("For more information about certificates please see https://prosody.im/doc/certificates"); ok = false end end