Software `/` code `/` prosody

Annotate

util/prosodyctl/check.lua @ 12382:574cf096a426

prosodyctl: check turn: fix traceback when server does not provide realm/nonce As coturn when installed out of the box on Debian (because auth isn't enabled?)

author	Matthew Wild <mwild1@gmail.com>
date	Sat, 05 Mar 2022 20:32:47 +0000
parent	12381:d999c2b3e289
child	12383:a9b6ed86b573

rev	line source
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1 local configmanager = require "core.configmanager";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	2 local show_usage = require "util.prosodyctl".show_usage;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	3 local show_warning = require "util.prosodyctl".show_warning;
11780 98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running Kim Alvefur <zash@zash.se> parents: 11779 diff changeset	4 local is_prosody_running = require "util.prosodyctl".isrunning;
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	5 local parse_args = require "util.argparse".parse;
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	6 local dependencies = require "util.dependencies";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	7 local socket = require "socket";
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	8 local socket_url = require "socket.url";
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	9 local jid_split = require "util.jid".prepped_split;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	10 local modulemanager = require "core.modulemanager";
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	11 local async = require "util.async";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	12 local httputil = require "util.http";
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	13
11826 e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	14 local function check_ojn(check_type, target_host)
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	15 local http = require "net.http"; -- .new({});
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	16 local json = require "util.json";
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	17
11826 e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	18 local response, err = async.wait_for(http.request(
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	19 ("https://observe.jabber.network/api/v1/check/%s"):format(httputil.urlencode(check_type)),
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	20 {
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	21 method="POST",
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	22 headers={["Accept"] = "application/json"; ["Content-Type"] = "application/json"},
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	23 body=json.encode({target=target_host}),
11826 e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	24 }));
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	25
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	26 if not response then
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	27 return false, err;
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	28 end
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	29
11826 e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	30 if response.code ~= 200 then
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	31 return false, ("API replied with non-200 code: %d"):format(response.code);
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	32 end
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	33
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	34 local decoded_body, err = json.decode(response.body);
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	35 if decoded_body == nil then
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	36 return false, ("Failed to parse API JSON: %s"):format(err)
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	37 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	38
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	39 local success = decoded_body["success"];
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	40 return success == true, nil;
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	41 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	42
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	43 local function check_probe(base_url, probe_module, target)
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	44 local http = require "net.http"; -- .new({});
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	45 local params = httputil.formencode({ module = probe_module; target = target })
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	46 local response, err = async.wait_for(http.request(base_url .. "?" .. params));
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	47
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	48 if not response then return false, err; end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	49
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	50 if response.code ~= 200 then return false, ("API replied with non-200 code: %d"):format(response.code); end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	51
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	52 for line in response.body:gmatch("[^\r\n]+") do
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	53 local probe_success = line:match("^probe_success%s+(%d+)");
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	54
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	55 if probe_success == "1" then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	56 return true;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	57 elseif probe_success == "0" then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	58 return false;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	59 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	60 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	61 return false, "Probe endpoint did not return a success status";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	62 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	63
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	64 local function check_turn_service(turn_service, ping_service)
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	65 local stun = require "net.stun";
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	66
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	67 -- Create UDP socket for communication with the server
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	68 local sock = assert(require "socket".udp());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	69 sock:setsockname("*", 0);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	70 sock:setpeername(turn_service.host, turn_service.port);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	71 sock:settimeout(10);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	72
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	73 -- Helper function to receive a packet
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	74 local function receive_packet()
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	75 local raw_packet, err = sock:receive();
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	76 if not raw_packet then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	77 return nil, err;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	78 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	79 return stun.new_packet():deserialize(raw_packet);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	80 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	81
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	82 local result = { warnings = {} };
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	83
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	84 -- Send a "binding" query, i.e. a request for our external IP/port
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	85 local bind_query = stun.new_packet("binding", "request");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	86 bind_query:add_attribute("software", "prosodyctl check turn");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	87 sock:send(bind_query:serialize());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	88
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	89 local bind_result, err = receive_packet();
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	90 if not bind_result then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	91 result.error = "No STUN response: "..err;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	92 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	93 elseif bind_result:is_err_resp() then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	94 result.error = ("STUN server returned error: %d (%s)"):format(bind_result:get_error());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	95 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	96 elseif not bind_result:is_success_resp() then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	97 result.error = ("Unexpected STUN response: %d (%s)"):format(bind_result:get_type());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	98 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	99 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	100
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	101 result.external_ip = bind_result:get_xor_mapped_address();
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	102 if not result.external_ip then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	103 result.error = "STUN server did not return an address";
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	104 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	105 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	106
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	107 -- Send a TURN "allocate" request. Expected to fail due to auth, but
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	108 -- necessary to obtain a valid realm/nonce from the server.
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	109 local pre_request = stun.new_packet("allocate", "request");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	110 sock:send(pre_request:serialize());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	111
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	112 local pre_result, err = receive_packet();
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	113 if not pre_result then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	114 result.error = "No initial TURN response: "..err;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	115 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	116 elseif pre_result:is_success_resp() then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	117 result.error = "TURN server does not have authentication enabled";
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	118 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	119 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	120
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	121 local realm = pre_result:get_attribute("realm");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	122 local nonce = pre_result:get_attribute("nonce");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	123
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	124 if not realm then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	125 table.insert(result.warnings, "TURN server did not return an authentication realm");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	126 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	127 if not nonce then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	128 table.insert(result.warnings, "TURN server did not return a nonce");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	129 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	130
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	131 -- Use the configured secret to obtain temporary user/pass credentials
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	132 local turn_user, turn_pass = stun.get_user_pass_from_secret(turn_service.secret);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	133
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	134 -- Send a TURN allocate request, will fail if auth is wrong
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	135 local alloc_request = stun.new_packet("allocate", "request");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	136 alloc_request:add_requested_transport("udp");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	137 alloc_request:add_attribute("username", turn_user);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	138 if realm then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	139 alloc_request:add_attribute("realm", realm);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	140 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	141 if nonce then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	142 alloc_request:add_attribute("nonce", nonce);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	143 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	144 local key = stun.get_long_term_auth_key(realm or turn_service.host, turn_user, turn_pass);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	145 alloc_request:add_message_integrity(key);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	146 sock:send(alloc_request:serialize());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	147
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	148 -- Check the response
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	149 local alloc_response, err = receive_packet();
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	150 if not alloc_response then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	151 result.error = "TURN server did not response to allocation request: "..err;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	152 return;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	153 elseif alloc_response:is_err_resp() then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	154 result.error = ("TURN allocation failed: %d (%s)"):format(alloc_response:get_error());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	155 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	156 elseif not alloc_response:is_success_resp() then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	157 result.error = ("Unexpected TURN response: %d (%s)"):format(alloc_response:get_type());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	158 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	159 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	160
12375 ea5e46601cfb prosodyctl: check turn: show relayed address(es) in verbose mode Matthew Wild <mwild1@gmail.com> parents: 12373 diff changeset	161 result.relayed_addresses = alloc_response:get_xor_relayed_addresses();
ea5e46601cfb prosodyctl: check turn: show relayed address(es) in verbose mode Matthew Wild <mwild1@gmail.com> parents: 12373 diff changeset	162
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	163 if not ping_service then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	164 -- Success! We won't be running the relay test.
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	165 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	166 end
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	167
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	168 -- Run the relay test - i.e. send a binding request to ping_service
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	169 -- and receive a response.
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	170
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	171 -- Resolve the IP of the ping service
12373 5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	172 local ping_host, ping_port = ping_service:match("^([^:]+):(%d+)$");
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	173 if ping_host then
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	174 ping_port = tonumber(ping_port);
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	175 else
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	176 -- Only a hostname specified, use default STUN port
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	177 ping_host, ping_port = ping_service, 3478;
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	178 end
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	179 local ping_service_ip, err = socket.dns.toip(ping_host);
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	180 if not ping_service_ip then
12379 6ac3c580c00d prosodyctl: check turn: Clearer error when unable to resolve external service host Matthew Wild <mwild1@gmail.com> parents: 12377 diff changeset	181 result.error = "Unable to resolve ping service hostname: "..err;
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	182 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	183 end
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	184
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	185 -- Ask the TURN server to allow packets from the ping service IP
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	186 local perm_request = stun.new_packet("create-permission");
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	187 perm_request:add_xor_peer_address(ping_service_ip);
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	188 perm_request:add_attribute("username", turn_user);
12382 574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	189 if realm then
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	190 perm_request:add_attribute("realm", realm);
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	191 end
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	192 if nonce then
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	193 perm_request:add_attribute("nonce", nonce);
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	194 end
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	195 perm_request:add_message_integrity(key);
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	196 sock:send(perm_request:serialize());
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	197
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	198 local perm_response, err = receive_packet();
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	199 if not perm_response then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	200 result.error = "No response from TURN server when requesting peer permission: "..err;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	201 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	202 elseif perm_response:is_err_resp() then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	203 result.error = ("TURN permission request failed: %d (%s)"):format(perm_response:get_error());
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	204 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	205 elseif not perm_response:is_success_resp() then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	206 result.error = ("Unexpected TURN response: %d (%s)"):format(perm_response:get_type());
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	207 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	208 end
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	209
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	210 -- Ask the TURN server to relay a STUN binding request to the ping server
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	211 local ping_data = stun.new_packet("binding"):serialize();
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	212
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	213 local ping_request = stun.new_packet("send", "indication");
12373 5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	214 ping_request:add_xor_peer_address(ping_service_ip, ping_port);
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	215 ping_request:add_attribute("data", ping_data);
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	216 ping_request:add_attribute("username", turn_user);
12382 574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	217 if realm then
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	218 ping_request:add_attribute("realm", realm);
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	219 end
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	220 if nonce then
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	221 ping_request:add_attribute("nonce", nonce);
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	222 end
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	223 ping_request:add_message_integrity(key);
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	224 sock:send(ping_request:serialize());
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	225
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	226 local ping_response, err = receive_packet();
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	227 if not ping_response then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	228 result.error = "No response from ping server ("..ping_service_ip.."): "..err;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	229 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	230 elseif not ping_response:is_indication() or select(2, ping_response:get_method()) ~= "data" then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	231 result.error = ("Unexpected TURN response: %s %s"):format(select(2, ping_response:get_method()), select(2, ping_response:get_type()));
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	232 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	233 end
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	234
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	235 local pong_data = ping_response:get_attribute("data");
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	236 if not pong_data then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	237 result.error = "No data relayed from remote server";
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	238 return;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	239 end
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	240 local pong = stun.new_packet():deserialize(pong_data);
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	241
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	242 result.external_ip_pong = pong:get_xor_mapped_address();
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	243 if not result.external_ip_pong then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	244 result.error = "Ping server did not return an address";
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	245 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	246 end
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	247
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	248 --
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	249
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	250 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	251 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	252
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	253 local function skip_bare_jid_hosts(host)
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	254 if jid_split(host) then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	255 -- See issue #779
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	256 return false;
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	257 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	258 return true;
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	259 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	260
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	261 local check_opts = {
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	262 short_params = {
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	263 h = "help", v = "verbose";
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	264 };
12376 10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	265 value_params = {
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	266 ping = true;
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	267 };
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	268 };
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	269
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	270 local function check(arg)
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	271 if arg[1] == "help" or arg[1] == "--help" then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	272 show_usage([[check]], [[Perform basic checks on your Prosody installation]]);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	273 return 1;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	274 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	275 local what = table.remove(arg, 1);
12376 10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	276 local opts, opts_err, opts_info = parse_args(arg, check_opts);
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	277 if opts_err == "missing-value" then
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	278 print("Error: Expected a value after '"..opts_info.."'");
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	279 return 1;
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	280 elseif opts_err == "param-not-found" then
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	281 print("Error: Unknown parameter: "..opts_info);
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	282 return 1;
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	283 end
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	284 local array = require "util.array";
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	285 local set = require "util.set";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	286 local it = require "util.iterators";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	287 local ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	288 local function disabled_hosts(host, conf) return host ~= "*" and conf.enabled ~= false; end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	289 local function enabled_hosts() return it.filter(disabled_hosts, pairs(configmanager.getconfig())); end
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	290 if not (what == nil or what == "disabled" or what == "config" or what == "dns" or what == "certs" or what == "connectivity" or what == "turn") then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	291 show_warning("Don't know how to check '%s'. Try one of 'config', 'dns', 'certs', 'disabled', 'turn' or 'connectivity'.", what);
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	292 show_warning("Note: The connectivity check will connect to a remote server.");
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	293 return 1;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	294 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	295 if not what or what == "disabled" then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	296 local disabled_hosts_set = set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	297 for host, host_options in it.filter("*", pairs(configmanager.getconfig())) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	298 if host_options.enabled == false then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	299 disabled_hosts_set:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	300 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	301 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	302 if not disabled_hosts_set:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	303 local msg = "Checks will be skipped for these disabled hosts: %s";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	304 if what then msg = "These hosts are disabled: %s"; end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	305 show_warning(msg, tostring(disabled_hosts_set));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	306 if what then return 0; end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	307 print""
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	308 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	309 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	310 if not what or what == "config" then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	311 print("Checking config...");
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	312 local obsolete = set.new({ --> remove
12118 30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings Kim Alvefur <zash@zash.se> parents: 12099 diff changeset	313 "archive_cleanup_interval",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	314 "cross_domain_bosh",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	315 "cross_domain_websocket",
12118 30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings Kim Alvefur <zash@zash.se> parents: 12099 diff changeset	316 "dns_timeout",
30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings Kim Alvefur <zash@zash.se> parents: 12099 diff changeset	317 "muc_log_cleanup_interval",
30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings Kim Alvefur <zash@zash.se> parents: 12099 diff changeset	318 "s2s_dns_resolvers",
30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings Kim Alvefur <zash@zash.se> parents: 12099 diff changeset	319 "setgid",
30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings Kim Alvefur <zash@zash.se> parents: 12099 diff changeset	320 "setuid",
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	321 });
12159 aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	322 local function instead_use(kind, name, value)
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	323 if kind == "option" then
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	324 if value then
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	325 return string.format("instead, use '%s = %q'", name, value);
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	326 else
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	327 return string.format("instead, use '%s'", name);
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	328 end
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	329 elseif kind == "module" then
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	330 return string.format("instead, add %q to '%s'", name, value or "modules_enabled");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	331 elseif kind == "community" then
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	332 return string.format("instead, add %q from %s", name, value or "prosody-modules");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	333 end
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	334 return kind
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	335 end
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	336 local deprecated_replacements = {
12159 aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	337 anonymous_login = instead_use("option", "authentication", "anonymous");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	338 daemonize = "instead, use the --daemonize/-D or --foreground/-F command line flags";
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	339 disallow_s2s = instead_use("module", "s2s");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	340 no_daemonize = "instead, use the --daemonize/-D or --foreground/-F command line flags";
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	341 require_encryption = "instead, use 'c2s_require_encryption' and 's2s_require_encryption'";
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	342 vcard_compatibility = instead_use("community", "mod_compat_vcard");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	343 use_libevent = instead_use("option", "network_backend", "event");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	344 whitelist_registration_only = instead_use("option", "allowlist_registration_only");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	345 registration_whitelist = instead_use("option", "registration_allowlist");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	346 registration_blacklist = instead_use("option", "registration_blocklist");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	347 blacklist_on_registration_throttle_overload = instead_use("blocklist_on_registration_throttle_overload");
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	348 };
11800 60018637f5d4 util.prosodyctl.check: Nudge towards plural port options Kim Alvefur <zash@zash.se> parents: 11799 diff changeset	349 -- FIXME all the singular _port and _interface options are supposed to be deprecated too
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	350 local deprecated_ports = { bosh = "http", legacy_ssl = "c2s_direct_tls" };
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	351 local port_suffixes = set.new({ "port", "ports", "interface", "interfaces", "ssl" });
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	352 for port, replacement in pairs(deprecated_ports) do
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	353 for suffix in port_suffixes do
11800 60018637f5d4 util.prosodyctl.check: Nudge towards plural port options Kim Alvefur <zash@zash.se> parents: 11799 diff changeset	354 local rsuffix = (suffix == "port" or suffix == "interface") and suffix.."s" or suffix;
12158 7ff3699c1653 util.prosodyctl.check: Move word to ease future translations Kim Alvefur <zash@zash.se> parents: 12157 diff changeset	355 deprecated_replacements[port.."_"..suffix] = "instead, use '"..replacement.."_"..rsuffix.."'"
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	356 end
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	357 end
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	358 local deprecated = set.new(array.collect(it.keys(deprecated_replacements)));
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	359 local known_global_options = set.new({
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	360 "access_control_allow_credentials",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	361 "access_control_allow_headers",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	362 "access_control_allow_methods",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	363 "access_control_max_age",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	364 "admin_socket",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	365 "body_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	366 "bosh_max_inactivity",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	367 "bosh_max_polling",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	368 "bosh_max_wait",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	369 "buffer_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	370 "c2s_close_timeout",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	371 "c2s_stanza_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	372 "c2s_tcp_keepalives",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	373 "c2s_timeout",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	374 "component_stanza_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	375 "component_tcp_keepalives",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	376 "consider_bosh_secure",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	377 "consider_websocket_secure",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	378 "console_banner",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	379 "console_prettyprint_settings",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	380 "daemonize",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	381 "gc",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	382 "http_default_host",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	383 "http_errors_always_show",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	384 "http_errors_default_message",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	385 "http_errors_detailed",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	386 "http_errors_messages",
11833 bd86ab8122d9 util.prosodyctl.check: Add two known globals from mod_http Kim Alvefur <zash@zash.se> parents: 11827 diff changeset	387 "http_max_buffer_size",
bd86ab8122d9 util.prosodyctl.check: Add two known globals from mod_http Kim Alvefur <zash@zash.se> parents: 11827 diff changeset	388 "http_max_content_size",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	389 "installer_plugin_path",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	390 "limits",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	391 "limits_resolution",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	392 "log",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	393 "multiplex_buffer_size",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	394 "network_backend",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	395 "network_default_read_size",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	396 "network_settings",
11940 2d82e4245aa3 util.prosodyctl.check: Add mod_http_openmetrics settings to known globals Kim Alvefur <zash@zash.se> parents: 11925 diff changeset	397 "openmetrics_allow_cidr",
2d82e4245aa3 util.prosodyctl.check: Add mod_http_openmetrics settings to known globals Kim Alvefur <zash@zash.se> parents: 11925 diff changeset	398 "openmetrics_allow_ips",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	399 "pidfile",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	400 "plugin_paths",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	401 "plugin_server",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	402 "prosodyctl_timeout",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	403 "prosody_group",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	404 "prosody_user",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	405 "run_as_root",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	406 "s2s_close_timeout",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	407 "s2s_insecure_domains",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	408 "s2s_require_encryption",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	409 "s2s_secure_auth",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	410 "s2s_secure_domains",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	411 "s2s_stanza_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	412 "s2s_tcp_keepalives",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	413 "s2s_timeout",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	414 "statistics",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	415 "statistics_config",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	416 "statistics_interval",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	417 "tcp_keepalives",
12099 b344edad61d3 core.certmanager: Rename preset option to 'tls_preset' Kim Alvefur <zash@zash.se> parents: 11957 diff changeset	418 "tls_profile",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	419 "trusted_proxies",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	420 "umask",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	421 "use_dane",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	422 "use_ipv4",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	423 "use_ipv6",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	424 "websocket_frame_buffer_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	425 "websocket_frame_fragment_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	426 "websocket_get_response_body",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	427 "websocket_get_response_text",
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	428 });
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	429 local config = configmanager.getconfig();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	430 -- Check that we have any global options (caused by putting a host at the top)
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	431 if it.count(it.filter("log", pairs(config["*"]))) == 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	432 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	433 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	434 print(" No global options defined. Perhaps you have put a host definition at the top")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	435 print(" of the config file? They should be at the bottom, see https://prosody.im/doc/configure#overview");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	436 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	437 if it.count(enabled_hosts()) == 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	438 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	439 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	440 if it.count(it.filter("*", pairs(config))) == 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	441 print(" No hosts are defined, please add at least one VirtualHost section")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	442 elseif config["*"]["enabled"] == false then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	443 print(" No hosts are enabled. Remove enabled = false from the global section or put enabled = true under at least one VirtualHost section")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	444 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	445 print(" All hosts are disabled. Remove enabled = false from at least one VirtualHost section")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	446 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	447 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	448 if not config["*"].modules_enabled then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	449 print(" No global modules_enabled is set?");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	450 local suggested_global_modules;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	451 for host, options in enabled_hosts() do --luacheck: ignore 213/host
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	452 if not options.component_module and options.modules_enabled then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	453 suggested_global_modules = set.intersection(suggested_global_modules or set.new(options.modules_enabled), set.new(options.modules_enabled));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	454 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	455 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	456 if suggested_global_modules and not suggested_global_modules:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	457 print(" Consider moving these modules into modules_enabled in the global section:")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	458 print(" "..tostring(suggested_global_modules / function (x) return ("%q"):format(x) end));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	459 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	460 print();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	461 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	462
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	463 do -- Check for modules enabled both normally and as components
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	464 local modules = set.new(config["*"]["modules_enabled"]);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	465 for host, options in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	466 local component_module = options.component_module;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	467 if component_module and modules:contains(component_module) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	468 print((" mod_%s is enabled both in modules_enabled and as Component %q %q"):format(component_module, host, component_module));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	469 print(" This means the service is enabled on all VirtualHosts as well as the Component.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	470 print(" Are you sure this what you want? It may cause unexpected behaviour.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	471 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	472 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	473 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	474
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	475 -- Check for global options under hosts
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	476 local global_options = set.new(it.to_array(it.keys(config["*"])));
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	477 local obsolete_global_options = set.intersection(global_options, obsolete);
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	478 if not obsolete_global_options:empty() then
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	479 print("");
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	480 print(" You have some obsolete options you can remove from the global section:");
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	481 print(" "..tostring(obsolete_global_options))
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	482 ok = false;
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	483 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	484 local deprecated_global_options = set.intersection(global_options, deprecated);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	485 if not deprecated_global_options:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	486 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	487 print(" You have some deprecated options in the global section:");
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	488 for option in deprecated_global_options do
12158 7ff3699c1653 util.prosodyctl.check: Move word to ease future translations Kim Alvefur <zash@zash.se> parents: 12157 diff changeset	489 print((" '%s' -- %s"):format(option, deprecated_replacements[option]));
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	490 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	491 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	492 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	493 for host, options in it.filter(function (h) return h ~= "*" end, pairs(configmanager.getconfig())) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	494 local host_options = set.new(it.to_array(it.keys(options)));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	495 local misplaced_options = set.intersection(host_options, known_global_options);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	496 for name in pairs(options) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	497 if name:match("^interfaces?")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	498 or name:match("_ports?$") or name:match("_interfaces?$")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	499 or (name:match("_ssl$") and not name:match("^[cs]2s_ssl$")) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	500 misplaced_options:add(name);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	501 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	502 end
11799 8c9ec2db1d95 util.prosodyctl.check: Fix to not treat some options as misplaced Kim Alvefur <zash@zash.se> parents: 11798 diff changeset	503 -- FIXME These _could_ be misplaced, but we would have to check where the corresponding module is loaded to be sure
8c9ec2db1d95 util.prosodyctl.check: Fix to not treat some options as misplaced Kim Alvefur <zash@zash.se> parents: 11798 diff changeset	504 misplaced_options:exclude(set.new({ "external_service_port", "turn_external_port" }));
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	505 if not misplaced_options:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	506 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	507 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	508 local n = it.count(misplaced_options);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	509 print(" You have "..n.." option"..(n>1 and "s " or " ").."set under "..host.." that should be");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	510 print(" in the global section of the config file, above any VirtualHost or Component definitions,")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	511 print(" see https://prosody.im/doc/configure#overview for more information.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	512 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	513 print(" You need to move the following option"..(n>1 and "s" or "")..": "..table.concat(it.to_array(misplaced_options), ", "));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	514 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	515 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	516 for host, options in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	517 local host_options = set.new(it.to_array(it.keys(options)));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	518 local subdomain = host:match("^[^.]+");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	519 if not(host_options:contains("component_module")) and (subdomain == "jabber" or subdomain == "xmpp"
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	520 or subdomain == "chat" or subdomain == "im") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	521 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	522 print(" Suggestion: If "..host.. " is a new host with no real users yet, consider renaming it now to");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	523 print(" "..host:gsub("^[^.]+%.", "")..". You can use SRV records to redirect XMPP clients and servers to "..host..".");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	524 print(" For more information see: https://prosody.im/doc/dns");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	525 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	526 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	527 local all_modules = set.new(config["*"].modules_enabled);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	528 local all_options = set.new(it.to_array(it.keys(config["*"])));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	529 for host in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	530 all_options:include(set.new(it.to_array(it.keys(config[host]))));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	531 all_modules:include(set.new(config[host].modules_enabled));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	532 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	533 for mod in all_modules do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	534 if mod:match("^mod_") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	535 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	536 print(" Modules in modules_enabled should not have the 'mod_' prefix included.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	537 print(" Change '"..mod.."' to '"..mod:match("^mod_(.*)").."'.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	538 elseif mod:match("^auth_") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	539 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	540 print(" Authentication modules should not be added to modules_enabled,");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	541 print(" but be specified in the 'authentication' option.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	542 print(" Remove '"..mod.."' from modules_enabled and instead add");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	543 print(" authentication = '"..mod:match("^auth_(.*)").."'");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	544 print(" For more information see https://prosody.im/doc/authentication");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	545 elseif mod:match("^storage_") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	546 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	547 print(" storage modules should not be added to modules_enabled,");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	548 print(" but be specified in the 'storage' option.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	549 print(" Remove '"..mod.."' from modules_enabled and instead add");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	550 print(" storage = '"..mod:match("^storage_(.*)").."'");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	551 print(" For more information see https://prosody.im/doc/storage");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	552 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	553 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	554 if all_modules:contains("vcard") and all_modules:contains("vcard_legacy") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	555 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	556 print(" Both mod_vcard_legacy and mod_vcard are enabled but they conflict");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	557 print(" with each other. Remove one.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	558 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	559 if all_modules:contains("pep") and all_modules:contains("pep_simple") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	560 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	561 print(" Both mod_pep_simple and mod_pep are enabled but they conflict");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	562 print(" with each other. Remove one.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	563 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	564 for host, host_config in pairs(config) do --luacheck: ignore 213/host
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	565 if type(rawget(host_config, "storage")) == "string" and rawget(host_config, "default_storage") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	566 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	567 print(" The 'default_storage' option is not needed if 'storage' is set to a string.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	568 break;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	569 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	570 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	571 local require_encryption = set.intersection(all_options, set.new({
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	572 "require_encryption", "c2s_require_encryption", "s2s_require_encryption"
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	573 })):empty();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	574 local ssl = dependencies.softreq"ssl";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	575 if not ssl then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	576 if not require_encryption then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	577 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	578 print(" You require encryption but LuaSec is not available.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	579 print(" Connections will fail.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	580 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	581 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	582 elseif not ssl.loadcertificate then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	583 if all_options:contains("s2s_secure_auth") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	584 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	585 print(" You have set s2s_secure_auth but your version of LuaSec does ");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	586 print(" not support certificate validation, so all s2s connections will");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	587 print(" fail.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	588 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	589 elseif all_options:contains("s2s_secure_domains") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	590 local secure_domains = set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	591 for host in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	592 if config[host].s2s_secure_auth == true then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	593 secure_domains:add("*");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	594 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	595 secure_domains:include(set.new(config[host].s2s_secure_domains));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	596 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	597 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	598 if not secure_domains:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	599 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	600 print(" You have set s2s_secure_domains but your version of LuaSec does ");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	601 print(" not support certificate validation, so s2s connections to/from ");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	602 print(" these domains will fail.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	603 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	604 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	605 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	606 elseif require_encryption and not all_modules:contains("tls") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	607 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	608 print(" You require encryption but mod_tls is not enabled.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	609 print(" Connections will fail.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	610 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	611 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	612
12317 b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	613 do
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	614 local global_modules = set.new(config["*"].modules_enabled);
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	615 local registration_enabled_hosts = {};
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	616 for host in enabled_hosts() do
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	617 local host_modules = set.new(config[host].modules_enabled) + global_modules;
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	618 local allow_registration = config[host].allow_registration;
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	619 local mod_register = host_modules:contains("register");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	620 local mod_register_ibr = host_modules:contains("register_ibr");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	621 local mod_invites_register = host_modules:contains("invites_register");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	622 local registration_invite_only = config[host].registration_invite_only;
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	623 local is_vhost = not config[host].component_module;
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	624 if is_vhost and (mod_register_ibr or (mod_register and allow_registration))
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	625 and not (mod_invites_register and registration_invite_only) then
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	626 table.insert(registration_enabled_hosts, host);
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	627 end
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	628 end
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	629 if #registration_enabled_hosts > 0 then
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	630 table.sort(registration_enabled_hosts);
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	631 print("");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	632 print(" Public registration is enabled on:");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	633 print(" "..table.concat(registration_enabled_hosts, ", "));
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	634 print("");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	635 print(" If this is intentional, review our guidelines on running a public server");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	636 print(" at https://prosody.im/doc/public_servers - otherwise, consider switching to");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	637 print(" invite-based registration, which is more secure.");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	638 end
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	639 end
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	640
12318 239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	641 do
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	642 local orphan_components = {};
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	643 local referenced_components = set.new();
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	644 local enabled_hosts_set = set.new();
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	645 for host, host_options in it.filter("*", pairs(configmanager.getconfig())) do
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	646 if host_options.enabled ~= false then
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	647 enabled_hosts_set:add(host);
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	648 for _, disco_item in ipairs(host_options.disco_items or {}) do
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	649 referenced_components:add(disco_item[1]);
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	650 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	651 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	652 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	653 for host, host_config in enabled_hosts() do
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	654 local is_component = not not host_config.component_module;
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	655 if is_component then
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	656 local parent_domain = host:match("^[^.]+%.(.+)$");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	657 local is_orphan = not (enabled_hosts_set:contains(parent_domain) or referenced_components:contains(host));
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	658 if is_orphan then
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	659 table.insert(orphan_components, host);
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	660 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	661 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	662 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	663 if #orphan_components > 0 then
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	664 table.sort(orphan_components);
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	665 print("");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	666 print(" Your configuration contains the following unreferenced components:\n");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	667 print(" "..table.concat(orphan_components, "\n "));
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	668 print("");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	669 print(" Clients may not be able to discover these services because they are not linked to");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	670 print(" any VirtualHost. They are automatically linked if they are direct subdomains of a");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	671 print(" VirtualHost. Alternatively, you can explicitly link them using the disco_items option.");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	672 print(" For more information see https://prosody.im/doc/modules/mod_disco#items");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	673 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	674 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	675
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	676 print("Done.\n");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	677 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	678 if not what or what == "dns" then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	679 local dns = require "net.dns";
10971 3cdb4a7cb406 util.prosodyctl.check: Use net.unbound for DNS if available Kim Alvefur <zash@zash.se> parents: 10932 diff changeset	680 pcall(function ()
11645 3be346c5b940 util.prosodyctl.check: Reload unbound to ensure hosts.txt is ignored Kim Alvefur <zash@zash.se> parents: 11635 diff changeset	681 local unbound = require"net.unbound";
11617 166f8e1d82b0 util.prosodyctl.check: Ensure that libunbound does not check hosts file Kim Alvefur <zash@zash.se> parents: 11616 diff changeset	682 local unbound_config = configmanager.get("*", "unbound") or {};
166f8e1d82b0 util.prosodyctl.check: Ensure that libunbound does not check hosts file Kim Alvefur <zash@zash.se> parents: 11616 diff changeset	683 unbound_config.hoststxt = false; -- don't look at /etc/hosts
166f8e1d82b0 util.prosodyctl.check: Ensure that libunbound does not check hosts file Kim Alvefur <zash@zash.se> parents: 11616 diff changeset	684 configmanager.set("*", "unbound", unbound_config);
12233 e4530bdbf5f3 util.prosodyctl.check: Fix reset of libunbound before DNS checks Kim Alvefur <zash@zash.se> parents: 12231 diff changeset	685 unbound.dns.purge(); -- ensure the above config is used
11645 3be346c5b940 util.prosodyctl.check: Reload unbound to ensure hosts.txt is ignored Kim Alvefur <zash@zash.se> parents: 11635 diff changeset	686 dns = unbound.dns;
10971 3cdb4a7cb406 util.prosodyctl.check: Use net.unbound for DNS if available Kim Alvefur <zash@zash.se> parents: 10932 diff changeset	687 end)
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	688 local idna = require "util.encodings".idna;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	689 local ip = require "util.ip";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	690 local c2s_ports = set.new(configmanager.get("*", "c2s_ports") or {5222});
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	691 local s2s_ports = set.new(configmanager.get("*", "s2s_ports") or {5269});
11778 f254fd16218a mod_c2s: Rename Direct TLS listener 'c2s_direct_tls' for clarity Kim Alvefur <zash@zash.se> parents: 11777 diff changeset	692 local c2s_tls_ports = set.new(configmanager.get("*", "c2s_direct_tls_ports") or {});
11776 1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	693 local s2s_tls_ports = set.new(configmanager.get("*", "s2s_direct_tls_ports") or {});
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	694
12230 f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	695 if set.new(configmanager.get("*", "modules_enabled")):contains("net_multiplex") then
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	696 local multiplex_ports = set.new(configmanager.get("*", "ports") or {});
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	697 local multiplex_tls_ports = set.new(configmanager.get("*", "ssl_ports") or {});
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	698 if not multiplex_ports:empty() then
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	699 c2s_ports = c2s_ports + multiplex_ports;
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	700 s2s_ports = s2s_ports + multiplex_ports;
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	701 end
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	702 if not multiplex_tls_ports:empty() then
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	703 c2s_tls_ports = c2s_tls_ports + multiplex_tls_ports;
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	704 s2s_tls_ports = s2s_tls_ports + multiplex_tls_ports;
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	705 end
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	706 end
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	707
11776 1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	708 local c2s_srv_required, s2s_srv_required, c2s_tls_srv_required, s2s_tls_srv_required;
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	709 if not c2s_ports:contains(5222) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	710 c2s_srv_required = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	711 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	712 if not s2s_ports:contains(5269) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	713 s2s_srv_required = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	714 end
11615 8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	715 if not c2s_tls_ports:empty() then
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	716 c2s_tls_srv_required = true;
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	717 end
11776 1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	718 if not s2s_tls_ports:empty() then
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	719 s2s_tls_srv_required = true;
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	720 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	721
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	722 local problem_hosts = set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	723
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	724 local external_addresses, internal_addresses = set.new(), set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	725
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	726 local fqdn = socket.dns.tohostname(socket.dns.gethostname());
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	727 if fqdn then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	728 do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	729 local res = dns.lookup(idna.to_ascii(fqdn), "A");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	730 if res then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	731 for _, record in ipairs(res) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	732 external_addresses:add(record.a);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	733 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	734 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	735 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	736 do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	737 local res = dns.lookup(idna.to_ascii(fqdn), "AAAA");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	738 if res then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	739 for _, record in ipairs(res) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	740 external_addresses:add(record.aaaa);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	741 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	742 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	743 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	744 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	745
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	746 local local_addresses = require"util.net".local_addresses() or {};
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	747
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	748 for addr in it.values(local_addresses) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	749 if not ip.new_ip(addr).private then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	750 external_addresses:add(addr);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	751 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	752 internal_addresses:add(addr);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	753 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	754 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	755
12320 f0be98bab9dd prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config Matthew Wild <mwild1@gmail.com> parents: 12319 diff changeset	756 -- Allow admin to specify additional (e.g. undiscoverable) IP addresses in the config
f0be98bab9dd prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config Matthew Wild <mwild1@gmail.com> parents: 12319 diff changeset	757 for _, address in ipairs(configmanager.get("*", "external_addresses") or {}) do
f0be98bab9dd prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config Matthew Wild <mwild1@gmail.com> parents: 12319 diff changeset	758 external_addresses:add(address);
f0be98bab9dd prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config Matthew Wild <mwild1@gmail.com> parents: 12319 diff changeset	759 end
f0be98bab9dd prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config Matthew Wild <mwild1@gmail.com> parents: 12319 diff changeset	760
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	761 if external_addresses:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	762 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	763 print(" Failed to determine the external addresses of this server. Checks may be inaccurate.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	764 c2s_srv_required, s2s_srv_required = true, true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	765 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	766
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	767 local v6_supported = not not socket.tcp6;
11924 53e68227c2c0 util.prosodyctl.check: Respect use_ipv4/v6 in proxy65 check Kim Alvefur <zash@zash.se> parents: 11923 diff changeset	768 local use_ipv4 = configmanager.get("*", "use_ipv4") ~= false;
53e68227c2c0 util.prosodyctl.check: Respect use_ipv4/v6 in proxy65 check Kim Alvefur <zash@zash.se> parents: 11923 diff changeset	769 local use_ipv6 = v6_supported and configmanager.get("*", "use_ipv6") ~= false;
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	770
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	771 local function trim_dns_name(n)
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	772 return (n:gsub("%.$", ""));
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	773 end
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	774
12319 8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	775 local unknown_addresses = set.new();
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	776
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	777 for jid, host_options in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	778 local all_targets_ok, some_targets_ok = true, false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	779 local node, host = jid_split(jid);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	780
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	781 local modules, component_module = modulemanager.get_modules_for_host(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	782 if component_module then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	783 modules:add(component_module);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	784 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	785
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	786 local is_component = not not host_options.component_module;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	787 print("Checking DNS for "..(is_component and "component" or "host").." "..jid.."...");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	788 if node then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	789 print("Only the domain part ("..host..") is used in DNS.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	790 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	791 local target_hosts = set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	792 if modules:contains("c2s") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	793 local res = dns.lookup("_xmpp-client._tcp."..idna.to_ascii(host)..".", "SRV");
11613 c8a9f77d48fd util.prosodyctl.check: Fix for net.dns vs unbound API difference Kim Alvefur <zash@zash.se> parents: 11612 diff changeset	794 if res and #res > 0 then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	795 for _, record in ipairs(res) do
10932 ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	796 if record.srv.target == "." then -- TODO is this an error if mod_c2s is enabled?
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	797 print(" 'xmpp-client' service disabled by pointing to '.'"); -- FIXME Explain better what this is
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	798 break;
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	799 end
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	800 local target = trim_dns_name(record.srv.target);
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	801 target_hosts:add(target);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	802 if not c2s_ports:contains(record.srv.port) then
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	803 print(" SRV target "..target.." contains unknown client port: "..record.srv.port);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	804 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	805 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	806 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	807 if c2s_srv_required then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	808 print(" No _xmpp-client SRV record found for "..host..", but it looks like you need one.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	809 all_targets_ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	810 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	811 target_hosts:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	812 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	813 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	814 end
11615 8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	815 if modules:contains("c2s") and c2s_tls_srv_required then
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	816 local res = dns.lookup("_xmpps-client._tcp."..idna.to_ascii(host)..".", "SRV");
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	817 if res and #res > 0 then
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	818 for _, record in ipairs(res) do
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	819 if record.srv.target == "." then -- TODO is this an error if mod_c2s is enabled?
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	820 print(" 'xmpps-client' service disabled by pointing to '.'"); -- FIXME Explain better what this is
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	821 break;
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	822 end
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	823 local target = trim_dns_name(record.srv.target);
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	824 target_hosts:add(target);
11615 8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	825 if not c2s_tls_ports:contains(record.srv.port) then
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	826 print(" SRV target "..target.." contains unknown Direct TLS client port: "..record.srv.port);
11615 8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	827 end
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	828 end
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	829 else
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	830 print(" No _xmpps-client SRV record found for "..host..", but it looks like you need one.");
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	831 all_targets_ok = false;
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	832 end
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	833 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	834 if modules:contains("s2s") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	835 local res = dns.lookup("_xmpp-server._tcp."..idna.to_ascii(host)..".", "SRV");
11613 c8a9f77d48fd util.prosodyctl.check: Fix for net.dns vs unbound API difference Kim Alvefur <zash@zash.se> parents: 11612 diff changeset	836 if res and #res > 0 then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	837 for _, record in ipairs(res) do
10932 ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	838 if record.srv.target == "." then -- TODO Is this an error if mod_s2s is enabled?
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	839 print(" 'xmpp-server' service disabled by pointing to '.'"); -- FIXME Explain better what this is
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	840 break;
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	841 end
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	842 local target = trim_dns_name(record.srv.target);
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	843 target_hosts:add(target);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	844 if not s2s_ports:contains(record.srv.port) then
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	845 print(" SRV target "..target.." contains unknown server port: "..record.srv.port);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	846 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	847 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	848 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	849 if s2s_srv_required then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	850 print(" No _xmpp-server SRV record found for "..host..", but it looks like you need one.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	851 all_targets_ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	852 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	853 target_hosts:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	854 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	855 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	856 end
11776 1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	857 if modules:contains("s2s") and s2s_tls_srv_required then
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	858 local res = dns.lookup("_xmpps-server._tcp."..idna.to_ascii(host)..".", "SRV");
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	859 if res and #res > 0 then
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	860 for _, record in ipairs(res) do
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	861 if record.srv.target == "." then -- TODO is this an error if mod_s2s is enabled?
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	862 print(" 'xmpps-server' service disabled by pointing to '.'"); -- FIXME Explain better what this is
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	863 break;
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	864 end
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	865 local target = trim_dns_name(record.srv.target);
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	866 target_hosts:add(target);
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	867 if not s2s_tls_ports:contains(record.srv.port) then
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	868 print(" SRV target "..target.." contains unknown Direct TLS server port: "..record.srv.port);
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	869 end
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	870 end
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	871 else
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	872 print(" No _xmpps-server SRV record found for "..host..", but it looks like you need one.");
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	873 all_targets_ok = false;
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	874 end
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	875 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	876 if target_hosts:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	877 target_hosts:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	878 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	879
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	880 if target_hosts:contains("localhost") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	881 print(" Target 'localhost' cannot be accessed from other servers");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	882 target_hosts:remove("localhost");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	883 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	884
12217 39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	885 local function check_address(target)
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	886 local A, AAAA = dns.lookup(idna.to_ascii(target), "A"), dns.lookup(idna.to_ascii(target), "AAAA");
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	887 local prob = {};
12231 ca8453129ade util.prosodyctl.check: Fix A/AAAA check for proxy65 and http Kim Alvefur <zash@zash.se> parents: 12230 diff changeset	888 if use_ipv4 and not (A and #A > 0) then table.insert(prob, "A"); end
ca8453129ade util.prosodyctl.check: Fix A/AAAA check for proxy65 and http Kim Alvefur <zash@zash.se> parents: 12230 diff changeset	889 if use_ipv6 and not (AAAA and #AAAA > 0) then table.insert(prob, "AAAA"); end
12217 39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	890 return prob;
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	891 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	892
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	893 if modules:contains("proxy65") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	894 local proxy65_target = configmanager.get(host, "proxy65_address") or host;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	895 if type(proxy65_target) == "string" then
12217 39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	896 local prob = check_address(proxy65_target);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	897 if #prob > 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	898 print(" File transfer proxy "..proxy65_target.." has no "..table.concat(prob, "/")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	899 .." record. Create one or set 'proxy65_address' to the correct host/IP.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	900 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	901 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	902 print(" proxy65_address for "..host.." should be set to a string, unable to perform DNS check");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	903 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	904 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	905
12217 39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	906 local known_http_modules = set.new { "bosh"; "http_files"; "http_file_share"; "http_openmetrics"; "websocket" };
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	907 local function contains_match(hayset, needle)
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	908 for member in hayset do if member:find(needle) then return true end end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	909 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	910
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	911 if modules:contains("http") or not set.intersection(modules, known_http_modules):empty()
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	912 or contains_match(modules, "^http_") or contains_match(modules, "_web$") then
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	913
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	914 local http_host = configmanager.get(host, "http_host") or host;
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	915 local http_internal_host = http_host;
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	916 local http_url = configmanager.get(host, "http_external_url");
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	917 if http_url then
12218 0795e1ccf3d8 util.prosodyctl.check: Fix use of LuaSocket URL parser Kim Alvefur <zash@zash.se> parents: 12217 diff changeset	918 local url_parse = require "socket.url".parse;
12217 39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	919 local external_url_parts = url_parse(http_url);
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	920 if external_url_parts then
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	921 http_host = external_url_parts.host;
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	922 else
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	923 print(" The 'http_external_url' setting is not a valid URL");
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	924 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	925 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	926
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	927 local prob = check_address(http_host);
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	928 if #prob > 1 then
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	929 print(" HTTP service " .. http_host .. " has no " .. table.concat(prob, "/") .. " record. Create one or change "
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	930 .. (http_url and "'http_external_url'" or "'http_host'").." to the correct host.");
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	931 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	932
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	933 if http_host ~= http_internal_host then
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	934 print(" Ensure the reverse proxy sets the HTTP Host header to '" .. http_internal_host .. "'");
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	935 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	936 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	937
11652 887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false Kim Alvefur <zash@zash.se> parents: 11651 diff changeset	938 if not use_ipv4 and not use_ipv6 then
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false Kim Alvefur <zash@zash.se> parents: 11651 diff changeset	939 print(" Both IPv6 and IPv4 are disabled, Prosody will not listen on any ports");
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false Kim Alvefur <zash@zash.se> parents: 11651 diff changeset	940 print(" nor be able to connect to any remote servers.");
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false Kim Alvefur <zash@zash.se> parents: 11651 diff changeset	941 all_targets_ok = false;
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false Kim Alvefur <zash@zash.se> parents: 11651 diff changeset	942 end
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false Kim Alvefur <zash@zash.se> parents: 11651 diff changeset	943
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	944 for target_host in target_hosts do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	945 local host_ok_v4, host_ok_v6;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	946 do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	947 local res = dns.lookup(idna.to_ascii(target_host), "A");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	948 if res then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	949 for _, record in ipairs(res) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	950 if external_addresses:contains(record.a) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	951 some_targets_ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	952 host_ok_v4 = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	953 elseif internal_addresses:contains(record.a) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	954 host_ok_v4 = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	955 some_targets_ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	956 print(" "..target_host.." A record points to internal address, external connections might fail");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	957 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	958 print(" "..target_host.." A record points to unknown address "..record.a);
12319 8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	959 unknown_addresses:add(record.a);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	960 all_targets_ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	961 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	962 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	963 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	964 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	965 do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	966 local res = dns.lookup(idna.to_ascii(target_host), "AAAA");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	967 if res then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	968 for _, record in ipairs(res) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	969 if external_addresses:contains(record.aaaa) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	970 some_targets_ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	971 host_ok_v6 = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	972 elseif internal_addresses:contains(record.aaaa) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	973 host_ok_v6 = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	974 some_targets_ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	975 print(" "..target_host.." AAAA record points to internal address, external connections might fail");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	976 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	977 print(" "..target_host.." AAAA record points to unknown address "..record.aaaa);
12319 8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	978 unknown_addresses:add(record.aaaa);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	979 all_targets_ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	980 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	981 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	982 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	983 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	984
11653 51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	985 if host_ok_v4 and not use_ipv4 then
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	986 print(" Host "..target_host.." does seem to resolve to this server but IPv4 has been disabled");
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	987 all_targets_ok = false;
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	988 end
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	989
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	990 if host_ok_v6 and not use_ipv6 then
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	991 print(" Host "..target_host.." does seem to resolve to this server but IPv6 has been disabled");
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	992 all_targets_ok = false;
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	993 end
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	994
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	995 local bad_protos = {}
11651 c9f46d28ed7e util.prosodyctl.check: Silence IP protocol mismatches when disabled Kim Alvefur <zash@zash.se> parents: 11645 diff changeset	996 if use_ipv4 and not host_ok_v4 then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	997 table.insert(bad_protos, "IPv4");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	998 end
11651 c9f46d28ed7e util.prosodyctl.check: Silence IP protocol mismatches when disabled Kim Alvefur <zash@zash.se> parents: 11645 diff changeset	999 if use_ipv6 and not host_ok_v6 then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1000 table.insert(bad_protos, "IPv6");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1001 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1002 if #bad_protos > 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1003 print(" Host "..target_host.." does not seem to resolve to this server ("..table.concat(bad_protos, "/")..")");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1004 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1005 if host_ok_v6 and not v6_supported then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1006 print(" Host "..target_host.." has AAAA records, but your version of LuaSocket does not support IPv6.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1007 print(" Please see https://prosody.im/doc/ipv6 for more information.");
11925 3e0d03a74285 util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false Kim Alvefur <zash@zash.se> parents: 11924 diff changeset	1008 elseif host_ok_v6 and not use_ipv6 then
3e0d03a74285 util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false Kim Alvefur <zash@zash.se> parents: 11924 diff changeset	1009 print(" Host "..target_host.." has AAAA records, but IPv6 is disabled.");
3e0d03a74285 util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false Kim Alvefur <zash@zash.se> parents: 11924 diff changeset	1010 -- TODO Tell them to drop the AAAA records or enable IPv6?
3e0d03a74285 util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false Kim Alvefur <zash@zash.se> parents: 11924 diff changeset	1011 print(" Please see https://prosody.im/doc/ipv6 for more information.");
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1012 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1013 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1014 if not all_targets_ok then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1015 print(" "..(some_targets_ok and "Only some" or "No").." targets for "..host.." appear to resolve to this server.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1016 if is_component then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1017 print(" DNS records are necessary if you want users on other servers to access this component.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1018 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1019 problem_hosts:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1020 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1021 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1022 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1023 if not problem_hosts:empty() then
12319 8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1024 if not unknown_addresses:empty() then
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1025 print("");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1026 print("Some of your DNS records point to unknown IP addresses. This may be expected if your server");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1027 print("is behind a NAT or proxy. The unrecognized addresses were:");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1028 print("");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1029 print(" Unrecognized: "..tostring(unknown_addresses));
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1030 print("");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1031 print("The addresses we found on this system are:");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1032 print("");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1033 print(" Internal: "..tostring(internal_addresses));
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1034 print(" External: "..tostring(external_addresses));
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1035 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1036 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1037 print("For more information about DNS configuration please see https://prosody.im/doc/dns");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1038 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1039 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1040 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1041 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1042 if not what or what == "certs" then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1043 local cert_ok;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1044 print"Checking certificates..."
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1045 local x509_verify_identity = require"util.x509".verify_identity;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1046 local create_context = require "core.certmanager".create_context;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1047 local ssl = dependencies.softreq"ssl";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1048 -- local datetime_parse = require"util.datetime".parse_x509;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1049 local load_cert = ssl and ssl.loadcertificate;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1050 -- or ssl.cert_from_pem
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1051 if not ssl then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1052 print("LuaSec not available, can't perform certificate checks")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1053 if what == "certs" then cert_ok = false end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1054 elseif not load_cert then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1055 print("This version of LuaSec (" .. ssl._VERSION .. ") does not support certificate checking");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1056 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1057 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1058 for host in it.filter(skip_bare_jid_hosts, enabled_hosts()) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1059 print("Checking certificate for "..host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1060 -- First, let's find out what certificate this host uses.
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1061 local host_ssl_config = configmanager.rawget(host, "ssl")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1062 or configmanager.rawget(host:match("%.(.*)"), "ssl");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1063 local global_ssl_config = configmanager.rawget("*", "ssl");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1064 local ok, err, ssl_config = create_context(host, "server", host_ssl_config, global_ssl_config);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1065 if not ok then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1066 print(" Error: "..err);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1067 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1068 elseif not ssl_config.certificate then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1069 print(" No 'certificate' found for "..host)
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1070 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1071 elseif not ssl_config.key then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1072 print(" No 'key' found for "..host)
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1073 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1074 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1075 local key, err = io.open(ssl_config.key); -- Permissions check only
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1076 if not key then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1077 print(" Could not open "..ssl_config.key..": "..err);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1078 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1079 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1080 key:close();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1081 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1082 local cert_fh, err = io.open(ssl_config.certificate); -- Load the file.
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1083 if not cert_fh then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1084 print(" Could not open "..ssl_config.certificate..": "..err);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1085 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1086 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1087 print(" Certificate: "..ssl_config.certificate)
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1088 local cert = load_cert(cert_fh:read"*a"); cert_fh:close();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1089 if not cert:validat(os.time()) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1090 print(" Certificate has expired.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1091 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1092 elseif not cert:validat(os.time() + 86400) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1093 print(" Certificate expires within one day.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1094 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1095 elseif not cert:validat(os.time() + 86400*7) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1096 print(" Certificate expires within one week.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1097 elseif not cert:validat(os.time() + 86400*31) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1098 print(" Certificate expires within one month.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1099 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1100 if configmanager.get(host, "component_module") == nil
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1101 and not x509_verify_identity(host, "_xmpp-client", cert) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1102 print(" Not valid for client connections to "..host..".")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1103 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1104 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1105 if (not (configmanager.get(host, "anonymous_login")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1106 or configmanager.get(host, "authentication") == "anonymous"))
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1107 and not x509_verify_identity(host, "_xmpp-server", cert) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1108 print(" Not valid for server-to-server connections to "..host..".")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1109 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1110 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1111 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1112 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1113 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1114 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1115 if cert_ok == false then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1116 print("")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1117 print("For more information about certificates please see https://prosody.im/doc/certificates");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1118 ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1119 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1120 print("")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1121 end
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1122 -- intentionally not doing this by default
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1123 if what == "connectivity" then
11782 d93107de52dd util.prosodyctl.check: Ignore unused "ok" variable [luacheck] Kim Alvefur <zash@zash.se> parents: 11780 diff changeset	1124 local _, prosody_is_running = is_prosody_running();
11780 98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running Kim Alvefur <zash@zash.se> parents: 11779 diff changeset	1125 if configmanager.get("*", "pidfile") and not prosody_is_running then
98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running Kim Alvefur <zash@zash.se> parents: 11779 diff changeset	1126 print("Prosody does not appear to be running, which is required for this test.");
98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running Kim Alvefur <zash@zash.se> parents: 11779 diff changeset	1127 print("Start it and then try again.");
98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running Kim Alvefur <zash@zash.se> parents: 11779 diff changeset	1128 return 1;
98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running Kim Alvefur <zash@zash.se> parents: 11779 diff changeset	1129 end
98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running Kim Alvefur <zash@zash.se> parents: 11779 diff changeset	1130
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1131 local checker = "observe.jabber.network";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1132 local probe_instance;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1133 local probe_modules = {
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1134 ["xmpp-client"] = "c2s_normal_auth";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1135 ["xmpp-server"] = "s2s_normal";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1136 ["xmpps-client"] = nil; -- TODO
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1137 ["xmpps-server"] = nil; -- TODO
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1138 };
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1139 local probe_settings = configmanager.get("*", "connectivity_probe");
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1140 if type(probe_settings) == "string" then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1141 probe_instance = probe_settings;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1142 elseif type(probe_settings) == "table" and type(probe_settings.url) == "string" then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1143 probe_instance = probe_settings.url;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1144 if type(probe_settings.modules) == "table" then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1145 probe_modules = probe_settings.modules;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1146 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1147 elseif probe_settings ~= nil then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1148 print("The 'connectivity_probe' setting not understood.");
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1149 print("Expected an URL or a table with 'url' and 'modules' fields");
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1150 print("See https://prosody.im/doc/prosodyctl#check for more information."); -- FIXME
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1151 return 1;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1152 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1153
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1154 local check_api;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1155 if probe_instance then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1156 local parsed_url = socket_url.parse(probe_instance);
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1157 if not parsed_url then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1158 print(("'connectivity_probe' is not a valid URL: %q"):format(probe_instance));
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1159 print("Set it to the URL of an XMPP Blackbox Exporter instance and try again");
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1160 return 1;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1161 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1162 checker = parsed_url.host;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1163
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1164 function check_api(protocol, host)
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1165 local target = socket_url.build({scheme="xmpp",path=host});
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1166 local probe_module = probe_modules[protocol];
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1167 if not probe_module then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1168 return nil, "Checking protocol '"..protocol.."' is currently unsupported";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1169 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1170 return check_probe(probe_instance, probe_module, target);
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1171 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1172 else
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1173 check_api = check_ojn;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1174 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1175
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1176 for host in it.filter(skip_bare_jid_hosts, enabled_hosts()) do
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1177 local modules, component_module = modulemanager.get_modules_for_host(host);
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1178 if component_module then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1179 modules:add(component_module)
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1180 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1181
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1182 print("Checking external connectivity for "..host.." via "..checker)
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1183 local function check_connectivity(protocol)
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1184 local success, err = check_api(protocol, host);
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1185 if not success and err ~= nil then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1186 print((" %s: Failed to request check at API: %s"):format(protocol, err))
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1187 elseif success then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1188 print((" %s: Works"):format(protocol))
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1189 else
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1190 print((" %s: Check service failed to establish (secure) connection"):format(protocol))
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1191 ok = false
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1192 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1193 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1194
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1195 if modules:contains("c2s") then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1196 check_connectivity("xmpp-client")
11957 3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks Kim Alvefur <zash@zash.se> parents: 11940 diff changeset	1197 if configmanager.get("*", "c2s_direct_tls_ports") then
3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks Kim Alvefur <zash@zash.se> parents: 11940 diff changeset	1198 check_connectivity("xmpps-client");
3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks Kim Alvefur <zash@zash.se> parents: 11940 diff changeset	1199 end
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1200 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1201
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1202 if modules:contains("s2s") then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1203 check_connectivity("xmpp-server")
11957 3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks Kim Alvefur <zash@zash.se> parents: 11940 diff changeset	1204 if configmanager.get("*", "s2s_direct_tls_ports") then
3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks Kim Alvefur <zash@zash.se> parents: 11940 diff changeset	1205 check_connectivity("xmpps-server");
3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks Kim Alvefur <zash@zash.se> parents: 11940 diff changeset	1206 end
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1207 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1208
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1209 print()
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1210 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1211 print("Note: The connectivity check only checks the reachability of the domain.")
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1212 print("Note: It does not ensure that the check actually reaches this specific prosody instance.")
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1213 end
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1214
12377 317132bca8c0 prosodyctl: check: include TURN checks by default Matthew Wild <mwild1@gmail.com> parents: 12376 diff changeset	1215 if not what or what == "turn" then
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1216 local turn_enabled_hosts = {};
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1217 local turn_services = {};
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1218
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1219 for host in enabled_hosts() do
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1220 local has_external_turn = modulemanager.get_modules_for_host(host):contains("turn_external");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1221 if has_external_turn then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1222 table.insert(turn_enabled_hosts, host);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1223 local turn_host = configmanager.get(host, "turn_external_host") or host;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1224 local turn_port = configmanager.get(host, "turn_external_port") or 3478;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1225 local turn_secret = configmanager.get(host, "turn_external_secret");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1226 if not turn_secret then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1227 print("Error: Your configuration is missing a turn_external_secret for "..host);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1228 print("Error: TURN will not be advertised for this host.");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1229 ok = false;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1230 else
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1231 local turn_id = ("%s:%d"):format(turn_host, turn_port);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1232 if turn_services[turn_id] and turn_services[turn_id].secret ~= turn_secret then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1233 print("Error: Your configuration contains multiple differing secrets");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1234 print(" for the TURN service at "..turn_id.." - we will only test one.");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1235 elseif not turn_services[turn_id] then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1236 turn_services[turn_id] = {
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1237 host = turn_host;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1238 port = turn_port;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1239 secret = turn_secret;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1240 };
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1241 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1242 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1243 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1244 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1245
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1246 if what == "turn" then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1247 local count = it.count(pairs(turn_services));
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1248 if count == 0 then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1249 print("Error: Unable to find any TURN services configured. Enable mod_turn_external!");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1250 else
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1251 print("Identified "..tostring(count).." TURN services.");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1252 print("");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1253 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1254 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1255
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1256 for turn_id, turn_service in pairs(turn_services) do
12377 317132bca8c0 prosodyctl: check: include TURN checks by default Matthew Wild <mwild1@gmail.com> parents: 12376 diff changeset	1257 print("Testing TURN service "..turn_id.."...");
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1258
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	1259 local result = check_turn_service(turn_service, opts.ping);
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1260 if #result.warnings > 0 then
12381 d999c2b3e289 prosodyctl: check turn: fix formatting of multiple warnings Matthew Wild <mwild1@gmail.com> parents: 12380 diff changeset	1261 print(("%d warnings:\n"):format(#result.warnings));
d999c2b3e289 prosodyctl: check turn: fix formatting of multiple warnings Matthew Wild <mwild1@gmail.com> parents: 12380 diff changeset	1262 print(" "..table.concat(result.warnings, "\n "));
d999c2b3e289 prosodyctl: check turn: fix formatting of multiple warnings Matthew Wild <mwild1@gmail.com> parents: 12380 diff changeset	1263 print("");
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1264 end
12380 3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1265
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1266 if opts.verbose then
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1267 if result.external_ip then
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1268 print(("External IP: %s"):format(result.external_ip.address));
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1269 end
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1270 if result.relayed_addresses then
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1271 for i, relayed_address in ipairs(result.relayed_addresses) do
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1272 print(("Relayed address %d: %s:%d"):format(i, relayed_address.address, relayed_address.port));
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1273 end
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1274 end
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1275 if result.external_ip_pong then
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1276 print(("TURN external IP: %s"):format(result.external_ip_pong.address));
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1277 end
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1278 end
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1279
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1280 if result.error then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1281 print("Error: "..result.error.."\n");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1282 ok = false;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1283 else
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1284 print("Success!\n");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1285 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1286 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1287 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1288
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1289 if not ok then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1290 print("Problems found, see above.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1291 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1292 print("All checks passed, congratulations!");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1293 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1294 return ok and 0 or 2;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1295 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1296
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1297 return {
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1298 check = check;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1299 };

prosody

574cf096a426

util/prosodyctl/check.lua

Software / code / prosody

Annotate

util/prosodyctl/check.lua @ 12382:574cf096a426

Software `/` code `/` prosody