Software `/` code `/` prosody

Annotate

util/prosodyctl/check.lua @ 11645:3be346c5b940

util.prosodyctl.check: Reload unbound to ensure hosts.txt is ignored If unbound was initialized prior to this then the config change here wouldn't apply, and it will again think that 127.0.1.1 has been found in DNS.

author	Kim Alvefur <zash@zash.se>
date	Sat, 03 Jul 2021 03:24:26 +0200
parent	11635:1b17b967838e
child	11651:c9f46d28ed7e

rev	line source
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1 local configmanager = require "core.configmanager";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	2 local show_usage = require "util.prosodyctl".show_usage;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	3 local show_warning = require "util.prosodyctl".show_warning;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	4 local dependencies = require "util.dependencies";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	5 local socket = require "socket";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	6 local jid_split = require "util.jid".prepped_split;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	7 local modulemanager = require "core.modulemanager";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	8
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	9 local function check(arg)
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	10 if arg[1] == "--help" then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	11 show_usage([[check]], [[Perform basic checks on your Prosody installation]]);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	12 return 1;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	13 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	14 local what = table.remove(arg, 1);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	15 local set = require "util.set";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	16 local it = require "util.iterators";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	17 local ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	18 local function disabled_hosts(host, conf) return host ~= "*" and conf.enabled ~= false; end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	19 local function enabled_hosts() return it.filter(disabled_hosts, pairs(configmanager.getconfig())); end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	20 if not (what == nil or what == "disabled" or what == "config" or what == "dns" or what == "certs") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	21 show_warning("Don't know how to check '%s'. Try one of 'config', 'dns', 'certs' or 'disabled'.", what);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	22 return 1;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	23 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	24 if not what or what == "disabled" then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	25 local disabled_hosts_set = set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	26 for host, host_options in it.filter("*", pairs(configmanager.getconfig())) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	27 if host_options.enabled == false then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	28 disabled_hosts_set:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	29 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	30 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	31 if not disabled_hosts_set:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	32 local msg = "Checks will be skipped for these disabled hosts: %s";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	33 if what then msg = "These hosts are disabled: %s"; end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	34 show_warning(msg, tostring(disabled_hosts_set));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	35 if what then return 0; end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	36 print""
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	37 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	38 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	39 if not what or what == "config" then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	40 print("Checking config...");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	41 local deprecated = set.new({
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	42 "anonymous_login",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	43 "bosh_ports",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	44 "cross_domain_bosh",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	45 "cross_domain_websocket",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	46 "daemonize",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	47 "disallow_s2s",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	48 "legacy_ssl_interfaces",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	49 "legacy_ssl_port",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	50 "legacy_ssl_ports",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	51 "legacy_ssl_ssl",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	52 "no_daemonize",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	53 "require_encryption",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	54 "vcard_compatibility",
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	55 });
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	56 local known_global_options = set.new({
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	57 "access_control_allow_credentials",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	58 "access_control_allow_headers",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	59 "access_control_allow_methods",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	60 "access_control_max_age",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	61 "admin_socket",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	62 "body_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	63 "bosh_max_inactivity",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	64 "bosh_max_polling",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	65 "bosh_max_wait",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	66 "buffer_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	67 "c2s_close_timeout",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	68 "c2s_stanza_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	69 "c2s_tcp_keepalives",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	70 "c2s_timeout",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	71 "component_stanza_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	72 "component_tcp_keepalives",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	73 "consider_bosh_secure",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	74 "consider_websocket_secure",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	75 "console_banner",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	76 "console_prettyprint_settings",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	77 "cross_domain_bosh",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	78 "cross_domain_websocket",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	79 "daemonize",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	80 "gc",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	81 "http_default_host",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	82 "http_errors_always_show",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	83 "http_errors_default_message",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	84 "http_errors_detailed",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	85 "http_errors_messages",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	86 "installer_plugin_path",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	87 "limits",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	88 "limits_resolution",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	89 "log",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	90 "multiplex_buffer_size",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	91 "network_backend",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	92 "network_default_read_size",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	93 "network_settings",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	94 "pidfile",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	95 "plugin_paths",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	96 "plugin_server",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	97 "prosodyctl_timeout",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	98 "prosody_group",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	99 "prosody_user",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	100 "run_as_root",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	101 "s2s_close_timeout",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	102 "s2s_insecure_domains",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	103 "s2s_require_encryption",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	104 "s2s_secure_auth",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	105 "s2s_secure_domains",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	106 "s2s_stanza_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	107 "s2s_tcp_keepalives",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	108 "s2s_timeout",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	109 "statistics",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	110 "statistics_config",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	111 "statistics_interval",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	112 "tcp_keepalives",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	113 "trusted_proxies",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	114 "umask",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	115 "use_dane",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	116 "use_ipv4",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	117 "use_ipv6",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	118 "use_libevent",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	119 "websocket_frame_buffer_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	120 "websocket_frame_fragment_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	121 "websocket_get_response_body",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	122 "websocket_get_response_text",
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	123 });
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	124 local config = configmanager.getconfig();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	125 -- Check that we have any global options (caused by putting a host at the top)
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	126 if it.count(it.filter("log", pairs(config["*"]))) == 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	127 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	128 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	129 print(" No global options defined. Perhaps you have put a host definition at the top")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	130 print(" of the config file? They should be at the bottom, see https://prosody.im/doc/configure#overview");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	131 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	132 if it.count(enabled_hosts()) == 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	133 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	134 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	135 if it.count(it.filter("*", pairs(config))) == 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	136 print(" No hosts are defined, please add at least one VirtualHost section")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	137 elseif config["*"]["enabled"] == false then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	138 print(" No hosts are enabled. Remove enabled = false from the global section or put enabled = true under at least one VirtualHost section")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	139 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	140 print(" All hosts are disabled. Remove enabled = false from at least one VirtualHost section")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	141 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	142 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	143 if not config["*"].modules_enabled then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	144 print(" No global modules_enabled is set?");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	145 local suggested_global_modules;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	146 for host, options in enabled_hosts() do --luacheck: ignore 213/host
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	147 if not options.component_module and options.modules_enabled then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	148 suggested_global_modules = set.intersection(suggested_global_modules or set.new(options.modules_enabled), set.new(options.modules_enabled));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	149 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	150 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	151 if suggested_global_modules and not suggested_global_modules:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	152 print(" Consider moving these modules into modules_enabled in the global section:")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	153 print(" "..tostring(suggested_global_modules / function (x) return ("%q"):format(x) end));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	154 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	155 print();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	156 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	157
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	158 do -- Check for modules enabled both normally and as components
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	159 local modules = set.new(config["*"]["modules_enabled"]);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	160 for host, options in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	161 local component_module = options.component_module;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	162 if component_module and modules:contains(component_module) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	163 print((" mod_%s is enabled both in modules_enabled and as Component %q %q"):format(component_module, host, component_module));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	164 print(" This means the service is enabled on all VirtualHosts as well as the Component.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	165 print(" Are you sure this what you want? It may cause unexpected behaviour.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	166 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	167 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	168 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	169
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	170 -- Check for global options under hosts
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	171 local global_options = set.new(it.to_array(it.keys(config["*"])));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	172 local deprecated_global_options = set.intersection(global_options, deprecated);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	173 if not deprecated_global_options:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	174 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	175 print(" You have some deprecated options in the global section:");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	176 print(" "..tostring(deprecated_global_options))
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	177 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	178 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	179 for host, options in it.filter(function (h) return h ~= "*" end, pairs(configmanager.getconfig())) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	180 local host_options = set.new(it.to_array(it.keys(options)));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	181 local misplaced_options = set.intersection(host_options, known_global_options);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	182 for name in pairs(options) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	183 if name:match("^interfaces?")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	184 or name:match("_ports?$") or name:match("_interfaces?$")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	185 or (name:match("_ssl$") and not name:match("^[cs]2s_ssl$")) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	186 misplaced_options:add(name);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	187 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	188 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	189 if not misplaced_options:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	190 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	191 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	192 local n = it.count(misplaced_options);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	193 print(" You have "..n.." option"..(n>1 and "s " or " ").."set under "..host.." that should be");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	194 print(" in the global section of the config file, above any VirtualHost or Component definitions,")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	195 print(" see https://prosody.im/doc/configure#overview for more information.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	196 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	197 print(" You need to move the following option"..(n>1 and "s" or "")..": "..table.concat(it.to_array(misplaced_options), ", "));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	198 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	199 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	200 for host, options in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	201 local host_options = set.new(it.to_array(it.keys(options)));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	202 local subdomain = host:match("^[^.]+");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	203 if not(host_options:contains("component_module")) and (subdomain == "jabber" or subdomain == "xmpp"
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	204 or subdomain == "chat" or subdomain == "im") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	205 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	206 print(" Suggestion: If "..host.. " is a new host with no real users yet, consider renaming it now to");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	207 print(" "..host:gsub("^[^.]+%.", "")..". You can use SRV records to redirect XMPP clients and servers to "..host..".");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	208 print(" For more information see: https://prosody.im/doc/dns");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	209 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	210 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	211 local all_modules = set.new(config["*"].modules_enabled);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	212 local all_options = set.new(it.to_array(it.keys(config["*"])));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	213 for host in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	214 all_options:include(set.new(it.to_array(it.keys(config[host]))));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	215 all_modules:include(set.new(config[host].modules_enabled));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	216 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	217 for mod in all_modules do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	218 if mod:match("^mod_") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	219 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	220 print(" Modules in modules_enabled should not have the 'mod_' prefix included.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	221 print(" Change '"..mod.."' to '"..mod:match("^mod_(.*)").."'.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	222 elseif mod:match("^auth_") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	223 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	224 print(" Authentication modules should not be added to modules_enabled,");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	225 print(" but be specified in the 'authentication' option.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	226 print(" Remove '"..mod.."' from modules_enabled and instead add");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	227 print(" authentication = '"..mod:match("^auth_(.*)").."'");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	228 print(" For more information see https://prosody.im/doc/authentication");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	229 elseif mod:match("^storage_") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	230 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	231 print(" storage modules should not be added to modules_enabled,");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	232 print(" but be specified in the 'storage' option.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	233 print(" Remove '"..mod.."' from modules_enabled and instead add");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	234 print(" storage = '"..mod:match("^storage_(.*)").."'");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	235 print(" For more information see https://prosody.im/doc/storage");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	236 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	237 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	238 if all_modules:contains("vcard") and all_modules:contains("vcard_legacy") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	239 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	240 print(" Both mod_vcard_legacy and mod_vcard are enabled but they conflict");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	241 print(" with each other. Remove one.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	242 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	243 if all_modules:contains("pep") and all_modules:contains("pep_simple") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	244 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	245 print(" Both mod_pep_simple and mod_pep are enabled but they conflict");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	246 print(" with each other. Remove one.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	247 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	248 for host, host_config in pairs(config) do --luacheck: ignore 213/host
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	249 if type(rawget(host_config, "storage")) == "string" and rawget(host_config, "default_storage") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	250 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	251 print(" The 'default_storage' option is not needed if 'storage' is set to a string.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	252 break;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	253 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	254 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	255 local require_encryption = set.intersection(all_options, set.new({
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	256 "require_encryption", "c2s_require_encryption", "s2s_require_encryption"
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	257 })):empty();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	258 local ssl = dependencies.softreq"ssl";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	259 if not ssl then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	260 if not require_encryption then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	261 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	262 print(" You require encryption but LuaSec is not available.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	263 print(" Connections will fail.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	264 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	265 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	266 elseif not ssl.loadcertificate then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	267 if all_options:contains("s2s_secure_auth") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	268 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	269 print(" You have set s2s_secure_auth but your version of LuaSec does ");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	270 print(" not support certificate validation, so all s2s connections will");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	271 print(" fail.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	272 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	273 elseif all_options:contains("s2s_secure_domains") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	274 local secure_domains = set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	275 for host in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	276 if config[host].s2s_secure_auth == true then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	277 secure_domains:add("*");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	278 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	279 secure_domains:include(set.new(config[host].s2s_secure_domains));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	280 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	281 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	282 if not secure_domains:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	283 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	284 print(" You have set s2s_secure_domains but your version of LuaSec does ");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	285 print(" not support certificate validation, so s2s connections to/from ");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	286 print(" these domains will fail.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	287 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	288 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	289 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	290 elseif require_encryption and not all_modules:contains("tls") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	291 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	292 print(" You require encryption but mod_tls is not enabled.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	293 print(" Connections will fail.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	294 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	295 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	296
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	297 print("Done.\n");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	298 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	299 if not what or what == "dns" then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	300 local dns = require "net.dns";
10971 3cdb4a7cb406 util.prosodyctl.check: Use net.unbound for DNS if available Kim Alvefur <zash@zash.se> parents: 10932 diff changeset	301 pcall(function ()
11645 3be346c5b940 util.prosodyctl.check: Reload unbound to ensure hosts.txt is ignored Kim Alvefur <zash@zash.se> parents: 11635 diff changeset	302 local unbound = require"net.unbound";
11617 166f8e1d82b0 util.prosodyctl.check: Ensure that libunbound does not check hosts file Kim Alvefur <zash@zash.se> parents: 11616 diff changeset	303 local unbound_config = configmanager.get("*", "unbound") or {};
166f8e1d82b0 util.prosodyctl.check: Ensure that libunbound does not check hosts file Kim Alvefur <zash@zash.se> parents: 11616 diff changeset	304 unbound_config.hoststxt = false; -- don't look at /etc/hosts
166f8e1d82b0 util.prosodyctl.check: Ensure that libunbound does not check hosts file Kim Alvefur <zash@zash.se> parents: 11616 diff changeset	305 configmanager.set("*", "unbound", unbound_config);
11645 3be346c5b940 util.prosodyctl.check: Reload unbound to ensure hosts.txt is ignored Kim Alvefur <zash@zash.se> parents: 11635 diff changeset	306 unbound.purge(); -- ensure the above config is used
3be346c5b940 util.prosodyctl.check: Reload unbound to ensure hosts.txt is ignored Kim Alvefur <zash@zash.se> parents: 11635 diff changeset	307 dns = unbound.dns;
10971 3cdb4a7cb406 util.prosodyctl.check: Use net.unbound for DNS if available Kim Alvefur <zash@zash.se> parents: 10932 diff changeset	308 end)
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	309 local idna = require "util.encodings".idna;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	310 local ip = require "util.ip";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	311 local c2s_ports = set.new(configmanager.get("*", "c2s_ports") or {5222});
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	312 local s2s_ports = set.new(configmanager.get("*", "s2s_ports") or {5269});
11615 8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	313 local c2s_tls_ports = set.new(configmanager.get("*", "direct_tls_ports") or {});
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	314
11615 8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	315 local c2s_srv_required, s2s_srv_required, c2s_tls_srv_required;
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	316 if not c2s_ports:contains(5222) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	317 c2s_srv_required = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	318 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	319 if not s2s_ports:contains(5269) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	320 s2s_srv_required = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	321 end
11615 8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	322 if not c2s_tls_ports:empty() then
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	323 c2s_tls_srv_required = true;
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	324 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	325
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	326 local problem_hosts = set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	327
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	328 local external_addresses, internal_addresses = set.new(), set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	329
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	330 local fqdn = socket.dns.tohostname(socket.dns.gethostname());
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	331 if fqdn then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	332 do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	333 local res = dns.lookup(idna.to_ascii(fqdn), "A");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	334 if res then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	335 for _, record in ipairs(res) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	336 external_addresses:add(record.a);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	337 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	338 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	339 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	340 do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	341 local res = dns.lookup(idna.to_ascii(fqdn), "AAAA");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	342 if res then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	343 for _, record in ipairs(res) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	344 external_addresses:add(record.aaaa);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	345 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	346 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	347 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	348 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	349
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	350 local local_addresses = require"util.net".local_addresses() or {};
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	351
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	352 for addr in it.values(local_addresses) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	353 if not ip.new_ip(addr).private then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	354 external_addresses:add(addr);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	355 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	356 internal_addresses:add(addr);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	357 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	358 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	359
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	360 if external_addresses:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	361 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	362 print(" Failed to determine the external addresses of this server. Checks may be inaccurate.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	363 c2s_srv_required, s2s_srv_required = true, true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	364 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	365
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	366 local v6_supported = not not socket.tcp6;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	367
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	368 for jid, host_options in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	369 local all_targets_ok, some_targets_ok = true, false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	370 local node, host = jid_split(jid);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	371
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	372 local modules, component_module = modulemanager.get_modules_for_host(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	373 if component_module then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	374 modules:add(component_module);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	375 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	376
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	377 local is_component = not not host_options.component_module;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	378 print("Checking DNS for "..(is_component and "component" or "host").." "..jid.."...");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	379 if node then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	380 print("Only the domain part ("..host..") is used in DNS.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	381 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	382 local target_hosts = set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	383 if modules:contains("c2s") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	384 local res = dns.lookup("_xmpp-client._tcp."..idna.to_ascii(host)..".", "SRV");
11613 c8a9f77d48fd util.prosodyctl.check: Fix for net.dns vs unbound API difference Kim Alvefur <zash@zash.se> parents: 11612 diff changeset	385 if res and #res > 0 then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	386 for _, record in ipairs(res) do
10932 ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	387 if record.srv.target == "." then -- TODO is this an error if mod_c2s is enabled?
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	388 print(" 'xmpp-client' service disabled by pointing to '.'"); -- FIXME Explain better what this is
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	389 break;
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	390 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	391 target_hosts:add(record.srv.target);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	392 if not c2s_ports:contains(record.srv.port) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	393 print(" SRV target "..record.srv.target.." contains unknown client port: "..record.srv.port);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	394 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	395 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	396 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	397 if c2s_srv_required then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	398 print(" No _xmpp-client SRV record found for "..host..", but it looks like you need one.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	399 all_targets_ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	400 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	401 target_hosts:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	402 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	403 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	404 end
11615 8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	405 if modules:contains("c2s") and c2s_tls_srv_required then
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	406 local res = dns.lookup("_xmpps-client._tcp."..idna.to_ascii(host)..".", "SRV");
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	407 if res and #res > 0 then
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	408 for _, record in ipairs(res) do
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	409 if record.srv.target == "." then -- TODO is this an error if mod_c2s is enabled?
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	410 print(" 'xmpps-client' service disabled by pointing to '.'"); -- FIXME Explain better what this is
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	411 break;
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	412 end
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	413 target_hosts:add(record.srv.target);
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	414 if not c2s_tls_ports:contains(record.srv.port) then
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	415 print(" SRV target "..record.srv.target.." contains unknown Direct TLS client port: "..record.srv.port);
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	416 end
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	417 end
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	418 else
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	419 print(" No _xmpps-client SRV record found for "..host..", but it looks like you need one.");
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	420 all_targets_ok = false;
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	421 end
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	422 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	423 if modules:contains("s2s") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	424 local res = dns.lookup("_xmpp-server._tcp."..idna.to_ascii(host)..".", "SRV");
11613 c8a9f77d48fd util.prosodyctl.check: Fix for net.dns vs unbound API difference Kim Alvefur <zash@zash.se> parents: 11612 diff changeset	425 if res and #res > 0 then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	426 for _, record in ipairs(res) do
10932 ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	427 if record.srv.target == "." then -- TODO Is this an error if mod_s2s is enabled?
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	428 print(" 'xmpp-server' service disabled by pointing to '.'"); -- FIXME Explain better what this is
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	429 break;
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	430 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	431 target_hosts:add(record.srv.target);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	432 if not s2s_ports:contains(record.srv.port) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	433 print(" SRV target "..record.srv.target.." contains unknown server port: "..record.srv.port);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	434 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	435 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	436 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	437 if s2s_srv_required then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	438 print(" No _xmpp-server SRV record found for "..host..", but it looks like you need one.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	439 all_targets_ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	440 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	441 target_hosts:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	442 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	443 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	444 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	445 if target_hosts:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	446 target_hosts:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	447 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	448
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	449 if target_hosts:contains("localhost") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	450 print(" Target 'localhost' cannot be accessed from other servers");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	451 target_hosts:remove("localhost");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	452 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	453
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	454 if modules:contains("proxy65") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	455 local proxy65_target = configmanager.get(host, "proxy65_address") or host;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	456 if type(proxy65_target) == "string" then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	457 local A, AAAA = dns.lookup(idna.to_ascii(proxy65_target), "A"), dns.lookup(idna.to_ascii(proxy65_target), "AAAA");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	458 local prob = {};
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	459 if not A then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	460 table.insert(prob, "A");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	461 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	462 if v6_supported and not AAAA then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	463 table.insert(prob, "AAAA");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	464 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	465 if #prob > 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	466 print(" File transfer proxy "..proxy65_target.." has no "..table.concat(prob, "/")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	467 .." record. Create one or set 'proxy65_address' to the correct host/IP.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	468 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	469 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	470 print(" proxy65_address for "..host.." should be set to a string, unable to perform DNS check");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	471 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	472 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	473
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	474 for target_host in target_hosts do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	475 local host_ok_v4, host_ok_v6;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	476 do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	477 local res = dns.lookup(idna.to_ascii(target_host), "A");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	478 if res then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	479 for _, record in ipairs(res) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	480 if external_addresses:contains(record.a) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	481 some_targets_ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	482 host_ok_v4 = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	483 elseif internal_addresses:contains(record.a) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	484 host_ok_v4 = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	485 some_targets_ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	486 print(" "..target_host.." A record points to internal address, external connections might fail");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	487 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	488 print(" "..target_host.." A record points to unknown address "..record.a);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	489 all_targets_ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	490 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	491 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	492 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	493 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	494 do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	495 local res = dns.lookup(idna.to_ascii(target_host), "AAAA");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	496 if res then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	497 for _, record in ipairs(res) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	498 if external_addresses:contains(record.aaaa) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	499 some_targets_ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	500 host_ok_v6 = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	501 elseif internal_addresses:contains(record.aaaa) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	502 host_ok_v6 = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	503 some_targets_ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	504 print(" "..target_host.." AAAA record points to internal address, external connections might fail");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	505 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	506 print(" "..target_host.." AAAA record points to unknown address "..record.aaaa);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	507 all_targets_ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	508 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	509 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	510 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	511 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	512
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	513 local bad_protos = {}
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	514 if not host_ok_v4 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	515 table.insert(bad_protos, "IPv4");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	516 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	517 if not host_ok_v6 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	518 table.insert(bad_protos, "IPv6");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	519 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	520 if #bad_protos > 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	521 print(" Host "..target_host.." does not seem to resolve to this server ("..table.concat(bad_protos, "/")..")");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	522 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	523 if host_ok_v6 and not v6_supported then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	524 print(" Host "..target_host.." has AAAA records, but your version of LuaSocket does not support IPv6.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	525 print(" Please see https://prosody.im/doc/ipv6 for more information.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	526 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	527 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	528 if not all_targets_ok then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	529 print(" "..(some_targets_ok and "Only some" or "No").." targets for "..host.." appear to resolve to this server.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	530 if is_component then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	531 print(" DNS records are necessary if you want users on other servers to access this component.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	532 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	533 problem_hosts:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	534 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	535 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	536 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	537 if not problem_hosts:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	538 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	539 print("For more information about DNS configuration please see https://prosody.im/doc/dns");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	540 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	541 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	542 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	543 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	544 if not what or what == "certs" then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	545 local cert_ok;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	546 print"Checking certificates..."
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	547 local x509_verify_identity = require"util.x509".verify_identity;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	548 local create_context = require "core.certmanager".create_context;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	549 local ssl = dependencies.softreq"ssl";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	550 -- local datetime_parse = require"util.datetime".parse_x509;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	551 local load_cert = ssl and ssl.loadcertificate;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	552 -- or ssl.cert_from_pem
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	553 if not ssl then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	554 print("LuaSec not available, can't perform certificate checks")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	555 if what == "certs" then cert_ok = false end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	556 elseif not load_cert then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	557 print("This version of LuaSec (" .. ssl._VERSION .. ") does not support certificate checking");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	558 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	559 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	560 local function skip_bare_jid_hosts(host)
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	561 if jid_split(host) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	562 -- See issue #779
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	563 return false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	564 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	565 return true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	566 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	567 for host in it.filter(skip_bare_jid_hosts, enabled_hosts()) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	568 print("Checking certificate for "..host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	569 -- First, let's find out what certificate this host uses.
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	570 local host_ssl_config = configmanager.rawget(host, "ssl")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	571 or configmanager.rawget(host:match("%.(.*)"), "ssl");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	572 local global_ssl_config = configmanager.rawget("*", "ssl");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	573 local ok, err, ssl_config = create_context(host, "server", host_ssl_config, global_ssl_config);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	574 if not ok then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	575 print(" Error: "..err);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	576 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	577 elseif not ssl_config.certificate then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	578 print(" No 'certificate' found for "..host)
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	579 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	580 elseif not ssl_config.key then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	581 print(" No 'key' found for "..host)
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	582 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	583 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	584 local key, err = io.open(ssl_config.key); -- Permissions check only
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	585 if not key then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	586 print(" Could not open "..ssl_config.key..": "..err);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	587 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	588 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	589 key:close();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	590 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	591 local cert_fh, err = io.open(ssl_config.certificate); -- Load the file.
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	592 if not cert_fh then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	593 print(" Could not open "..ssl_config.certificate..": "..err);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	594 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	595 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	596 print(" Certificate: "..ssl_config.certificate)
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	597 local cert = load_cert(cert_fh:read"*a"); cert_fh:close();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	598 if not cert:validat(os.time()) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	599 print(" Certificate has expired.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	600 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	601 elseif not cert:validat(os.time() + 86400) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	602 print(" Certificate expires within one day.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	603 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	604 elseif not cert:validat(os.time() + 86400*7) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	605 print(" Certificate expires within one week.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	606 elseif not cert:validat(os.time() + 86400*31) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	607 print(" Certificate expires within one month.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	608 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	609 if configmanager.get(host, "component_module") == nil
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	610 and not x509_verify_identity(host, "_xmpp-client", cert) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	611 print(" Not valid for client connections to "..host..".")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	612 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	613 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	614 if (not (configmanager.get(host, "anonymous_login")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	615 or configmanager.get(host, "authentication") == "anonymous"))
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	616 and not x509_verify_identity(host, "_xmpp-server", cert) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	617 print(" Not valid for server-to-server connections to "..host..".")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	618 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	619 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	620 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	621 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	622 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	623 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	624 if cert_ok == false then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	625 print("")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	626 print("For more information about certificates please see https://prosody.im/doc/certificates");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	627 ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	628 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	629 print("")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	630 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	631 if not ok then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	632 print("Problems found, see above.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	633 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	634 print("All checks passed, congratulations!");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	635 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	636 return ok and 0 or 2;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	637 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	638
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	639 return {
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	640 check = check;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	641 };

prosody

3be346c5b940

util/prosodyctl/check.lua

Software / code / prosody

Annotate

util/prosodyctl/check.lua @ 11645:3be346c5b940

Software `/` code `/` prosody