X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=prosodyctl;h=e4e22322d873dd7953c28917852ec2b2a2d297ac;hb=07c0e4af71ccf604089260449cc56a0fd058bdc1;hp=abf9bf95d1392a02f01c3d8f3eeaac616f73bfba;hpb=f0cda18ec5acf1df5e1390aa0b2f38231ad65941;p=prosody.git diff --git a/prosodyctl b/prosodyctl index abf9bf95..e4e22322 100755 --- a/prosodyctl +++ b/prosodyctl @@ -244,7 +244,7 @@ end local modulemanager = require "core.modulemanager" local prosodyctl = require "util.prosodyctl" -require "socket" +local socket = require "socket" ----------------------- -- FIXME: Duplicate code waiting for util.startup @@ -552,6 +552,7 @@ function commands.about(arg) if not hgid and hgrepo then return path.." - "..hgrepo .."!\n "; end + -- 010452cfaf53 is the first commit in the prosody-modules repository hgrepo = hgrepo == "010452cfaf53" and "prosody-modules"; return path..(hgid and " - "..(hgrepo or "HG").." rev: "..hgid or "") .."\n "; @@ -577,6 +578,8 @@ function commands.about(arg) print(""); print("# Lua module versions"); local module_versions, longest_name = {}, 8; + local luaevent =dependencies.softreq"luaevent"; + local ssl = dependencies.softreq"ssl"; for name, module in pairs(package.loaded) do if type(module) == "table" and rawget(module, "_VERSION") and name ~= "_G" and not name:match("%.") then @@ -672,14 +675,26 @@ local lfs; local cert_commands = {}; -local function ask_overwrite(filename) - return lfs.attributes(filename) and not show_yesno("Overwrite "..filename .. "?"); +-- If a file already exists, ask if the user wants to use it or replace it +-- Backups the old file if replaced +local function use_existing(filename) + local attrs = lfs.attributes(filename); + if attrs then + if show_yesno(filename .. " exists, do you want to replace it? [y/n]") then + local backup = filename..".bkp~"..os.date("%FT%T", attrs.change); + os.rename(filename, backup); + show_message(filename.." backed up to "..backup); + else + -- Use the existing file + return true; + end + end end function cert_commands.config(arg) if #arg >= 1 and arg[1] ~= "--help" then local conf_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".cnf"; - if ask_overwrite(conf_filename) then + if use_existing(conf_filename) then return nil, conf_filename; end local conf = openssl.config.new(); @@ -727,7 +742,7 @@ end function cert_commands.key(arg) if #arg >= 1 and arg[1] ~= "--help" then local key_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".key"; - if ask_overwrite(key_filename) then + if use_existing(key_filename) then return nil, key_filename; end os.remove(key_filename); -- This file, if it exists is unlikely to have write permissions @@ -749,7 +764,7 @@ end function cert_commands.request(arg) if #arg >= 1 and arg[1] ~= "--help" then local req_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".req"; - if ask_overwrite(req_filename) then + if use_existing(req_filename) then return nil, req_filename; end local _, key_filename = cert_commands.key({arg[1]}); @@ -767,7 +782,7 @@ end function cert_commands.generate(arg) if #arg >= 1 and arg[1] ~= "--help" then local cert_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".crt"; - if ask_overwrite(cert_filename) then + if use_existing(cert_filename) then return nil, cert_filename; end local _, key_filename = cert_commands.key({arg[1]}); @@ -838,7 +853,8 @@ function commands.check(arg) }); local known_global_options = set.new({ "pidfile", "log", "plugin_paths", "prosody_user", "prosody_group", "daemonize", - "umask", "prosodyctl_timeout", "use_ipv6", "use_libevent", "network_settings" + "umask", "prosodyctl_timeout", "use_ipv6", "use_libevent", "network_settings", + "network_backend", "http_default_host", }); local config = config.getconfig(); -- Check that we have any global options (caused by putting a host at the top) @@ -897,6 +913,43 @@ function commands.check(arg) print(" For more information see: http://prosody.im/doc/dns"); end end + local all_options = set.new(); + for host in enabled_hosts() do + all_options:include(set.new(it.to_array(it.keys(config[host])))); + end + local ssl = nil, dependencies.softreq"ssl"; + if not ssl then + if not set.intersection(all_options, set.new({"require_encryption", "c2s_require_encryption", "s2s_require_encryption"})):empty() then + print(""); + print(" You require encryption but LuaSec is not available."); + print(" Connections will fail."); + ok = false; + end + elseif not ssl.loadcertificate then + if all_options:contains("s2s_secure_auth") then + print(""); + print(" You have set s2s_secure_auth but your version of LuaSec does "); + print(" not support certificate validation, so all s2s connections will"); + print(" fail."); + ok = false; + elseif all_options:contains("s2s_secure_domains") then + local secure_domains = set.new(); + for host in enabled_hosts() do + if config[host].s2s_secure_auth == true then + secure_domains:add("*"); + else + secure_domains:include(set.new(config[host].s2s_secure_domains)); + end + end + if not secure_domains:empty() then + print(""); + print(" You have set s2s_secure_domains but your version of LuaSec does "); + print(" not support certificate validation, so s2s connections to/from "); + print(" these domains will fail."); + ok = false; + end + end + end print("Done.\n"); end @@ -1093,7 +1146,7 @@ function commands.check(arg) local x509_verify_identity = require"util.x509".verify_identity; local ssl = dependencies.softreq"ssl"; -- local datetime_parse = require"util.datetime".parse_x509; - local load_cert = ssl and ssl.x509 and ssl.x509.load; + local load_cert = ssl and ssl.loadcertificate; -- or ssl.cert_from_pem if not ssl then print("LuaSec not available, can't perform certificate checks") @@ -1145,7 +1198,7 @@ function commands.check(arg) end if (not (config.get(host, "anonymous_login") or config.get(host, "authentication") == "anonymous")) - and not x509_verify_identity(host, "_xmpp-client", cert) then + and not x509_verify_identity(host, "_xmpp-server", cert) then print(" Not vaild for server-to-server connections to "..host..".") cert_ok = false end