Software `/` code `/` prosody

Annotate

util/prosodyctl/check.lua @ 13553:850e4ade7a01

net.server_epoll: Make running out of buffer space a fatal error Prevent Bad Things from happening when the buffer gets full. This of course opens up the possibility of intentionally killing connections by sending much stuff, which need to be mitigated with rate limits elsewhere.

author	Kim Alvefur <zash@zash.se>
date	Sat, 09 Nov 2024 15:42:31 +0100
parent	13466:5d9ec2e55d74
child	13581:c71feb7686c0

rev	line source
12975 d10957394a3c util: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12899 diff changeset	1 local configmanager = require "prosody.core.configmanager";
13218 e576c6a0d1f8 Merge 0.12->trunk Kim Alvefur <zash@zash.se> parents: 13122 13217 diff changeset	2 local moduleapi = require "prosody.core.moduleapi";
12975 d10957394a3c util: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12899 diff changeset	3 local show_usage = require "prosody.util.prosodyctl".show_usage;
d10957394a3c util: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12899 diff changeset	4 local show_warning = require "prosody.util.prosodyctl".show_warning;
d10957394a3c util: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12899 diff changeset	5 local is_prosody_running = require "prosody.util.prosodyctl".isrunning;
d10957394a3c util: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12899 diff changeset	6 local parse_args = require "prosody.util.argparse".parse;
d10957394a3c util: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12899 diff changeset	7 local dependencies = require "prosody.util.dependencies";
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	8 local socket = require "socket";
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	9 local socket_url = require "socket.url";
12975 d10957394a3c util: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12899 diff changeset	10 local jid_split = require "prosody.util.jid".prepped_split;
d10957394a3c util: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12899 diff changeset	11 local modulemanager = require "prosody.core.modulemanager";
d10957394a3c util: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12899 diff changeset	12 local async = require "prosody.util.async";
d10957394a3c util: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12899 diff changeset	13 local httputil = require "prosody.util.http";
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	14
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	15 local function api(host)
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	16 return setmetatable({ name = "prosodyctl.check"; host = host; log = prosody.log }, { __index = moduleapi })
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	17 end
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	18
11826 e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	19 local function check_ojn(check_type, target_host)
12975 d10957394a3c util: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12899 diff changeset	20 local http = require "prosody.net.http"; -- .new({});
d10957394a3c util: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12899 diff changeset	21 local json = require "prosody.util.json";
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	22
11826 e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	23 local response, err = async.wait_for(http.request(
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	24 ("https://observe.jabber.network/api/v1/check/%s"):format(httputil.urlencode(check_type)),
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	25 {
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	26 method="POST",
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	27 headers={["Accept"] = "application/json"; ["Content-Type"] = "application/json"},
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	28 body=json.encode({target=target_host}),
11826 e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	29 }));
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	30
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	31 if not response then
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	32 return false, err;
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	33 end
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	34
11826 e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	35 if response.code ~= 200 then
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	36 return false, ("API replied with non-200 code: %d"):format(response.code);
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	37 end
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	38
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	39 local decoded_body, err = json.decode(response.body);
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	40 if decoded_body == nil then
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	41 return false, ("Failed to parse API JSON: %s"):format(err)
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	42 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	43
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	44 local success = decoded_body["success"];
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	45 return success == true, nil;
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	46 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	47
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	48 local function check_probe(base_url, probe_module, target)
12975 d10957394a3c util: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12899 diff changeset	49 local http = require "prosody.net.http"; -- .new({});
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	50 local params = httputil.formencode({ module = probe_module; target = target })
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	51 local response, err = async.wait_for(http.request(base_url .. "?" .. params));
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	52
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	53 if not response then return false, err; end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	54
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	55 if response.code ~= 200 then return false, ("API replied with non-200 code: %d"):format(response.code); end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	56
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	57 for line in response.body:gmatch("[^\r\n]+") do
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	58 local probe_success = line:match("^probe_success%s+(%d+)");
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	59
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	60 if probe_success == "1" then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	61 return true;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	62 elseif probe_success == "0" then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	63 return false;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	64 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	65 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	66 return false, "Probe endpoint did not return a success status";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	67 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	68
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	69 local function check_turn_service(turn_service, ping_service)
12975 d10957394a3c util: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12899 diff changeset	70 local ip = require "prosody.util.ip";
d10957394a3c util: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12899 diff changeset	71 local stun = require "prosody.net.stun";
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	72
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	73 -- Create UDP socket for communication with the server
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	74 local sock = assert(require "socket".udp());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	75 sock:setsockname("*", 0);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	76 sock:setpeername(turn_service.host, turn_service.port);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	77 sock:settimeout(10);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	78
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	79 -- Helper function to receive a packet
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	80 local function receive_packet()
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	81 local raw_packet, err = sock:receive();
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	82 if not raw_packet then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	83 return nil, err;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	84 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	85 return stun.new_packet():deserialize(raw_packet);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	86 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	87
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	88 local result = { warnings = {} };
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	89
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	90 -- Send a "binding" query, i.e. a request for our external IP/port
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	91 local bind_query = stun.new_packet("binding", "request");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	92 bind_query:add_attribute("software", "prosodyctl check turn");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	93 sock:send(bind_query:serialize());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	94
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	95 local bind_result, err = receive_packet();
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	96 if not bind_result then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	97 result.error = "No STUN response: "..err;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	98 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	99 elseif bind_result:is_err_resp() then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	100 result.error = ("STUN server returned error: %d (%s)"):format(bind_result:get_error());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	101 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	102 elseif not bind_result:is_success_resp() then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	103 result.error = ("Unexpected STUN response: %d (%s)"):format(bind_result:get_type());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	104 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	105 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	106
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	107 result.external_ip = bind_result:get_xor_mapped_address();
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	108 if not result.external_ip then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	109 result.error = "STUN server did not return an address";
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	110 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	111 end
12384 53b4549c2209 prosodyctl: check turn: Add check for private IP returned from STUN. Matthew Wild <mwild1@gmail.com> parents: 12383 diff changeset	112 if ip.new_ip(result.external_ip.address).private then
53b4549c2209 prosodyctl: check turn: Add check for private IP returned from STUN. Matthew Wild <mwild1@gmail.com> parents: 12383 diff changeset	113 table.insert(result.warnings, "STUN returned a private IP! Is the TURN server behind a NAT and misconfigured?");
53b4549c2209 prosodyctl: check turn: Add check for private IP returned from STUN. Matthew Wild <mwild1@gmail.com> parents: 12383 diff changeset	114 end
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	115
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	116 -- Send a TURN "allocate" request. Expected to fail due to auth, but
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	117 -- necessary to obtain a valid realm/nonce from the server.
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	118 local pre_request = stun.new_packet("allocate", "request");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	119 sock:send(pre_request:serialize());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	120
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	121 local pre_result, err = receive_packet();
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	122 if not pre_result then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	123 result.error = "No initial TURN response: "..err;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	124 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	125 elseif pre_result:is_success_resp() then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	126 result.error = "TURN server does not have authentication enabled";
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	127 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	128 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	129
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	130 local realm = pre_result:get_attribute("realm");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	131 local nonce = pre_result:get_attribute("nonce");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	132
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	133 if not realm then
12383 a9b6ed86b573 prosodyctl: check turn: improve warning text to suggest issues Matthew Wild <mwild1@gmail.com> parents: 12382 diff changeset	134 table.insert(result.warnings, "TURN server did not return an authentication realm. Is authentication enabled?");
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	135 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	136 if not nonce then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	137 table.insert(result.warnings, "TURN server did not return a nonce");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	138 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	139
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	140 -- Use the configured secret to obtain temporary user/pass credentials
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	141 local turn_user, turn_pass = stun.get_user_pass_from_secret(turn_service.secret);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	142
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	143 -- Send a TURN allocate request, will fail if auth is wrong
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	144 local alloc_request = stun.new_packet("allocate", "request");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	145 alloc_request:add_requested_transport("udp");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	146 alloc_request:add_attribute("username", turn_user);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	147 if realm then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	148 alloc_request:add_attribute("realm", realm);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	149 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	150 if nonce then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	151 alloc_request:add_attribute("nonce", nonce);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	152 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	153 local key = stun.get_long_term_auth_key(realm or turn_service.host, turn_user, turn_pass);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	154 alloc_request:add_message_integrity(key);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	155 sock:send(alloc_request:serialize());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	156
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	157 -- Check the response
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	158 local alloc_response, err = receive_packet();
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	159 if not alloc_response then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	160 result.error = "TURN server did not response to allocation request: "..err;
12466 9ee41552bca0 util.prosodyctl: check turn: ensure a result is always returned from a check (thanks eTaurus) Matthew Wild <mwild1@gmail.com> parents: 12441 diff changeset	161 return result;
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	162 elseif alloc_response:is_err_resp() then
12741 7b3deafb9162 prosodyctl: check turn: More clearly indicate the error is from TURN server Matthew Wild <mwild1@gmail.com> parents: 12520 diff changeset	163 result.error = ("TURN server failed to create allocation: %d (%s)"):format(alloc_response:get_error());
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	164 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	165 elseif not alloc_response:is_success_resp() then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	166 result.error = ("Unexpected TURN response: %d (%s)"):format(alloc_response:get_type());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	167 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	168 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	169
12375 ea5e46601cfb prosodyctl: check turn: show relayed address(es) in verbose mode Matthew Wild <mwild1@gmail.com> parents: 12373 diff changeset	170 result.relayed_addresses = alloc_response:get_xor_relayed_addresses();
ea5e46601cfb prosodyctl: check turn: show relayed address(es) in verbose mode Matthew Wild <mwild1@gmail.com> parents: 12373 diff changeset	171
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	172 if not ping_service then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	173 -- Success! We won't be running the relay test.
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	174 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	175 end
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	176
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	177 -- Run the relay test - i.e. send a binding request to ping_service
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	178 -- and receive a response.
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	179
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	180 -- Resolve the IP of the ping service
12373 5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	181 local ping_host, ping_port = ping_service:match("^([^:]+):(%d+)$");
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	182 if ping_host then
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	183 ping_port = tonumber(ping_port);
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	184 else
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	185 -- Only a hostname specified, use default STUN port
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	186 ping_host, ping_port = ping_service, 3478;
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	187 end
12416 19fd28239e73 prosodyctl: check turn: Fail with error if our own address is supplied for the ping test Matthew Wild <mwild1@gmail.com> parents: 12414 diff changeset	188
19fd28239e73 prosodyctl: check turn: Fail with error if our own address is supplied for the ping test Matthew Wild <mwild1@gmail.com> parents: 12414 diff changeset	189 if ping_host == turn_service.host then
19fd28239e73 prosodyctl: check turn: Fail with error if our own address is supplied for the ping test Matthew Wild <mwild1@gmail.com> parents: 12414 diff changeset	190 result.error = ("Unable to perform ping test: please supply an external STUN server address. See https://prosody.im/doc/turn#prosodyctl-check");
19fd28239e73 prosodyctl: check turn: Fail with error if our own address is supplied for the ping test Matthew Wild <mwild1@gmail.com> parents: 12414 diff changeset	191 return result;
19fd28239e73 prosodyctl: check turn: Fail with error if our own address is supplied for the ping test Matthew Wild <mwild1@gmail.com> parents: 12414 diff changeset	192 end
19fd28239e73 prosodyctl: check turn: Fail with error if our own address is supplied for the ping test Matthew Wild <mwild1@gmail.com> parents: 12414 diff changeset	193
12373 5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	194 local ping_service_ip, err = socket.dns.toip(ping_host);
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	195 if not ping_service_ip then
12379 6ac3c580c00d prosodyctl: check turn: Clearer error when unable to resolve external service host Matthew Wild <mwild1@gmail.com> parents: 12377 diff changeset	196 result.error = "Unable to resolve ping service hostname: "..err;
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	197 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	198 end
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	199
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	200 -- Ask the TURN server to allow packets from the ping service IP
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	201 local perm_request = stun.new_packet("create-permission");
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	202 perm_request:add_xor_peer_address(ping_service_ip);
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	203 perm_request:add_attribute("username", turn_user);
12382 574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	204 if realm then
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	205 perm_request:add_attribute("realm", realm);
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	206 end
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	207 if nonce then
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	208 perm_request:add_attribute("nonce", nonce);
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	209 end
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	210 perm_request:add_message_integrity(key);
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	211 sock:send(perm_request:serialize());
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	212
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	213 local perm_response, err = receive_packet();
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	214 if not perm_response then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	215 result.error = "No response from TURN server when requesting peer permission: "..err;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	216 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	217 elseif perm_response:is_err_resp() then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	218 result.error = ("TURN permission request failed: %d (%s)"):format(perm_response:get_error());
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	219 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	220 elseif not perm_response:is_success_resp() then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	221 result.error = ("Unexpected TURN response: %d (%s)"):format(perm_response:get_type());
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	222 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	223 end
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	224
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	225 -- Ask the TURN server to relay a STUN binding request to the ping server
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	226 local ping_data = stun.new_packet("binding"):serialize();
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	227
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	228 local ping_request = stun.new_packet("send", "indication");
12373 5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	229 ping_request:add_xor_peer_address(ping_service_ip, ping_port);
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	230 ping_request:add_attribute("data", ping_data);
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	231 ping_request:add_attribute("username", turn_user);
12382 574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	232 if realm then
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	233 ping_request:add_attribute("realm", realm);
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	234 end
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	235 if nonce then
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	236 ping_request:add_attribute("nonce", nonce);
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	237 end
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	238 ping_request:add_message_integrity(key);
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	239 sock:send(ping_request:serialize());
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	240
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	241 local ping_response, err = receive_packet();
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	242 if not ping_response then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	243 result.error = "No response from ping server ("..ping_service_ip.."): "..err;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	244 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	245 elseif not ping_response:is_indication() or select(2, ping_response:get_method()) ~= "data" then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	246 result.error = ("Unexpected TURN response: %s %s"):format(select(2, ping_response:get_method()), select(2, ping_response:get_type()));
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	247 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	248 end
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	249
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	250 local pong_data = ping_response:get_attribute("data");
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	251 if not pong_data then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	252 result.error = "No data relayed from remote server";
12466 9ee41552bca0 util.prosodyctl: check turn: ensure a result is always returned from a check (thanks eTaurus) Matthew Wild <mwild1@gmail.com> parents: 12441 diff changeset	253 return result;
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	254 end
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	255 local pong = stun.new_packet():deserialize(pong_data);
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	256
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	257 result.external_ip_pong = pong:get_xor_mapped_address();
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	258 if not result.external_ip_pong then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	259 result.error = "Ping server did not return an address";
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	260 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	261 end
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	262
12390 71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	263 local relay_address_found, relay_port_matches;
71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	264 for _, relayed_address in ipairs(result.relayed_addresses) do
71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	265 if relayed_address.address == result.external_ip_pong.address then
71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	266 relay_address_found = true;
71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	267 relay_port_matches = result.external_ip_pong.port == relayed_address.port;
71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	268 end
71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	269 end
71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	270 if not relay_address_found then
12383 a9b6ed86b573 prosodyctl: check turn: improve warning text to suggest issues Matthew Wild <mwild1@gmail.com> parents: 12382 diff changeset	271 table.insert(result.warnings, "TURN external IP vs relay address mismatch! Is the TURN server behind a NAT and misconfigured?");
12390 71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	272 elseif not relay_port_matches then
71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	273 table.insert(result.warnings, "External port does not match reported relay port! This is probably caused by a NAT in front of the TURN server.");
12383 a9b6ed86b573 prosodyctl: check turn: improve warning text to suggest issues Matthew Wild <mwild1@gmail.com> parents: 12382 diff changeset	274 end
a9b6ed86b573 prosodyctl: check turn: improve warning text to suggest issues Matthew Wild <mwild1@gmail.com> parents: 12382 diff changeset	275
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	276 --
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	277
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	278 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	279 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	280
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	281 local function skip_bare_jid_hosts(host)
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	282 if jid_split(host) then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	283 -- See issue #779
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	284 return false;
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	285 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	286 return true;
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	287 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	288
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	289 local check_opts = {
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	290 short_params = {
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	291 h = "help", v = "verbose";
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	292 };
12376 10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	293 value_params = {
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	294 ping = true;
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	295 };
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	296 };
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	297
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	298 local function check(arg)
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	299 if arg[1] == "help" or arg[1] == "--help" then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	300 show_usage([[check]], [[Perform basic checks on your Prosody installation]]);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	301 return 1;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	302 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	303 local what = table.remove(arg, 1);
12376 10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	304 local opts, opts_err, opts_info = parse_args(arg, check_opts);
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	305 if opts_err == "missing-value" then
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	306 print("Error: Expected a value after '"..opts_info.."'");
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	307 return 1;
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	308 elseif opts_err == "param-not-found" then
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	309 print("Error: Unknown parameter: "..opts_info);
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	310 return 1;
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	311 end
12975 d10957394a3c util: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12899 diff changeset	312 local array = require "prosody.util.array";
d10957394a3c util: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12899 diff changeset	313 local set = require "prosody.util.set";
d10957394a3c util: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12899 diff changeset	314 local it = require "prosody.util.iterators";
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	315 local ok = true;
13326 76b6556c0f67 util.prosodyctl.check: Check cert for HTTPS if http module enabled Kim Alvefur <zash@zash.se> parents: 13325 diff changeset	316 local function contains_match(hayset, needle) for member in hayset do if member:find(needle) then return true end end end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	317 local function disabled_hosts(host, conf) return host ~= "*" and conf.enabled ~= false; end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	318 local function enabled_hosts() return it.filter(disabled_hosts, pairs(configmanager.getconfig())); end
13301 84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	319 local checks = {};
84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	320 function checks.disabled()
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	321 local disabled_hosts_set = set.new();
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	322 for host in it.filter("*", pairs(configmanager.getconfig())) do
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	323 if api(host):get_option_boolean("enabled") == false then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	324 disabled_hosts_set:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	325 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	326 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	327 if not disabled_hosts_set:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	328 local msg = "Checks will be skipped for these disabled hosts: %s";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	329 if what then msg = "These hosts are disabled: %s"; end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	330 show_warning(msg, tostring(disabled_hosts_set));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	331 if what then return 0; end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	332 print""
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	333 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	334 end
13301 84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	335 function checks.config()
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	336 print("Checking config...");
12441 dc6263625069 prosodyctl: check config: Report paths of loaded configuration files (fixed #1729) Matthew Wild <mwild1@gmail.com> parents: 12416 diff changeset	337
dc6263625069 prosodyctl: check config: Report paths of loaded configuration files (fixed #1729) Matthew Wild <mwild1@gmail.com> parents: 12416 diff changeset	338 if what == "config" then
dc6263625069 prosodyctl: check config: Report paths of loaded configuration files (fixed #1729) Matthew Wild <mwild1@gmail.com> parents: 12416 diff changeset	339 local files = configmanager.files();
dc6263625069 prosodyctl: check config: Report paths of loaded configuration files (fixed #1729) Matthew Wild <mwild1@gmail.com> parents: 12416 diff changeset	340 print(" The following configuration files have been loaded:");
dc6263625069 prosodyctl: check config: Report paths of loaded configuration files (fixed #1729) Matthew Wild <mwild1@gmail.com> parents: 12416 diff changeset	341 print(" - "..table.concat(files, "\n - "));
dc6263625069 prosodyctl: check config: Report paths of loaded configuration files (fixed #1729) Matthew Wild <mwild1@gmail.com> parents: 12416 diff changeset	342 end
dc6263625069 prosodyctl: check config: Report paths of loaded configuration files (fixed #1729) Matthew Wild <mwild1@gmail.com> parents: 12416 diff changeset	343
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	344 local obsolete = set.new({ --> remove
12118 30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings Kim Alvefur <zash@zash.se> parents: 12099 diff changeset	345 "archive_cleanup_interval",
30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings Kim Alvefur <zash@zash.se> parents: 12099 diff changeset	346 "dns_timeout",
30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings Kim Alvefur <zash@zash.se> parents: 12099 diff changeset	347 "muc_log_cleanup_interval",
30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings Kim Alvefur <zash@zash.se> parents: 12099 diff changeset	348 "s2s_dns_resolvers",
30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings Kim Alvefur <zash@zash.se> parents: 12099 diff changeset	349 "setgid",
30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings Kim Alvefur <zash@zash.se> parents: 12099 diff changeset	350 "setuid",
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	351 });
12159 aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	352 local function instead_use(kind, name, value)
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	353 if kind == "option" then
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	354 if value then
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	355 return string.format("instead, use '%s = %q'", name, value);
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	356 else
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	357 return string.format("instead, use '%s'", name);
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	358 end
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	359 elseif kind == "module" then
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	360 return string.format("instead, add %q to '%s'", name, value or "modules_enabled");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	361 elseif kind == "community" then
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	362 return string.format("instead, add %q from %s", name, value or "prosody-modules");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	363 end
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	364 return kind
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	365 end
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	366 local deprecated_replacements = {
12159 aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	367 anonymous_login = instead_use("option", "authentication", "anonymous");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	368 daemonize = "instead, use the --daemonize/-D or --foreground/-F command line flags";
13254 a2ba3f06dcf4 util.prosodyctl.check: Correct modern replacement for 'disallow_s2s' Kim Alvefur <zash@zash.se> parents: 13219 diff changeset	369 disallow_s2s = instead_use("module", "s2s", "modules_disabled");
12159 aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	370 no_daemonize = "instead, use the --daemonize/-D or --foreground/-F command line flags";
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	371 require_encryption = "instead, use 'c2s_require_encryption' and 's2s_require_encryption'";
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	372 vcard_compatibility = instead_use("community", "mod_compat_vcard");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	373 use_libevent = instead_use("option", "network_backend", "event");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	374 whitelist_registration_only = instead_use("option", "allowlist_registration_only");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	375 registration_whitelist = instead_use("option", "registration_allowlist");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	376 registration_blacklist = instead_use("option", "registration_blocklist");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	377 blacklist_on_registration_throttle_overload = instead_use("blocklist_on_registration_throttle_overload");
12898 4255db0f8e58 util.prosodyctl.check: Suggest 'http_cors_override' instead of older CORS settings Kim Alvefur <zash@zash.se> parents: 12842 diff changeset	378 cross_domain_bosh = "instead, use 'http_cors_override', see https://prosody.im/doc/http#cross-domain-cors-support";
4255db0f8e58 util.prosodyctl.check: Suggest 'http_cors_override' instead of older CORS settings Kim Alvefur <zash@zash.se> parents: 12842 diff changeset	379 cross_domain_websocket = "instead, use 'http_cors_override', see https://prosody.im/doc/http#cross-domain-cors-support";
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	380 };
11800 60018637f5d4 util.prosodyctl.check: Nudge towards plural port options Kim Alvefur <zash@zash.se> parents: 11799 diff changeset	381 -- FIXME all the singular _port and _interface options are supposed to be deprecated too
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	382 local deprecated_ports = { bosh = "http", legacy_ssl = "c2s_direct_tls" };
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	383 local port_suffixes = set.new({ "port", "ports", "interface", "interfaces", "ssl" });
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	384 for port, replacement in pairs(deprecated_ports) do
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	385 for suffix in port_suffixes do
11800 60018637f5d4 util.prosodyctl.check: Nudge towards plural port options Kim Alvefur <zash@zash.se> parents: 11799 diff changeset	386 local rsuffix = (suffix == "port" or suffix == "interface") and suffix.."s" or suffix;
12158 7ff3699c1653 util.prosodyctl.check: Move word to ease future translations Kim Alvefur <zash@zash.se> parents: 12157 diff changeset	387 deprecated_replacements[port.."_"..suffix] = "instead, use '"..replacement.."_"..rsuffix.."'"
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	388 end
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	389 end
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	390 local deprecated = set.new(array.collect(it.keys(deprecated_replacements)));
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	391 local known_global_options = set.new({
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	392 "access_control_allow_credentials",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	393 "access_control_allow_headers",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	394 "access_control_allow_methods",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	395 "access_control_max_age",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	396 "admin_socket",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	397 "body_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	398 "bosh_max_inactivity",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	399 "bosh_max_polling",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	400 "bosh_max_wait",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	401 "buffer_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	402 "c2s_close_timeout",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	403 "c2s_stanza_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	404 "c2s_tcp_keepalives",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	405 "c2s_timeout",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	406 "component_stanza_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	407 "component_tcp_keepalives",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	408 "consider_bosh_secure",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	409 "consider_websocket_secure",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	410 "console_banner",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	411 "console_prettyprint_settings",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	412 "daemonize",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	413 "gc",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	414 "http_default_host",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	415 "http_errors_always_show",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	416 "http_errors_default_message",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	417 "http_errors_detailed",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	418 "http_errors_messages",
11833 bd86ab8122d9 util.prosodyctl.check: Add two known globals from mod_http Kim Alvefur <zash@zash.se> parents: 11827 diff changeset	419 "http_max_buffer_size",
bd86ab8122d9 util.prosodyctl.check: Add two known globals from mod_http Kim Alvefur <zash@zash.se> parents: 11827 diff changeset	420 "http_max_content_size",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	421 "installer_plugin_path",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	422 "limits",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	423 "limits_resolution",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	424 "log",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	425 "multiplex_buffer_size",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	426 "network_backend",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	427 "network_default_read_size",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	428 "network_settings",
11940 2d82e4245aa3 util.prosodyctl.check: Add mod_http_openmetrics settings to known globals Kim Alvefur <zash@zash.se> parents: 11925 diff changeset	429 "openmetrics_allow_cidr",
2d82e4245aa3 util.prosodyctl.check: Add mod_http_openmetrics settings to known globals Kim Alvefur <zash@zash.se> parents: 11925 diff changeset	430 "openmetrics_allow_ips",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	431 "pidfile",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	432 "plugin_paths",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	433 "plugin_server",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	434 "prosodyctl_timeout",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	435 "prosody_group",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	436 "prosody_user",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	437 "run_as_root",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	438 "s2s_close_timeout",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	439 "s2s_insecure_domains",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	440 "s2s_require_encryption",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	441 "s2s_secure_auth",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	442 "s2s_secure_domains",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	443 "s2s_stanza_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	444 "s2s_tcp_keepalives",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	445 "s2s_timeout",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	446 "statistics",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	447 "statistics_config",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	448 "statistics_interval",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	449 "tcp_keepalives",
12099 b344edad61d3 core.certmanager: Rename preset option to 'tls_preset' Kim Alvefur <zash@zash.se> parents: 11957 diff changeset	450 "tls_profile",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	451 "trusted_proxies",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	452 "umask",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	453 "use_dane",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	454 "use_ipv4",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	455 "use_ipv6",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	456 "websocket_frame_buffer_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	457 "websocket_frame_fragment_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	458 "websocket_get_response_body",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	459 "websocket_get_response_text",
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	460 });
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	461 local config = configmanager.getconfig();
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	462 local global = api("*");
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	463 -- Check that we have any global options (caused by putting a host at the top)
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	464 if it.count(it.filter("log", pairs(config["*"]))) == 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	465 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	466 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	467 print(" No global options defined. Perhaps you have put a host definition at the top")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	468 print(" of the config file? They should be at the bottom, see https://prosody.im/doc/configure#overview");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	469 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	470 if it.count(enabled_hosts()) == 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	471 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	472 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	473 if it.count(it.filter("*", pairs(config))) == 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	474 print(" No hosts are defined, please add at least one VirtualHost section")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	475 elseif config["*"]["enabled"] == false then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	476 print(" No hosts are enabled. Remove enabled = false from the global section or put enabled = true under at least one VirtualHost section")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	477 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	478 print(" All hosts are disabled. Remove enabled = false from at least one VirtualHost section")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	479 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	480 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	481 if not config["*"].modules_enabled then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	482 print(" No global modules_enabled is set?");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	483 local suggested_global_modules;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	484 for host, options in enabled_hosts() do --luacheck: ignore 213/host
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	485 if not options.component_module and options.modules_enabled then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	486 suggested_global_modules = set.intersection(suggested_global_modules or set.new(options.modules_enabled), set.new(options.modules_enabled));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	487 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	488 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	489 if suggested_global_modules and not suggested_global_modules:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	490 print(" Consider moving these modules into modules_enabled in the global section:")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	491 print(" "..tostring(suggested_global_modules / function (x) return ("%q"):format(x) end));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	492 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	493 print();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	494 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	495
13217 b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	496 local function validate_module_list(host, name, modules)
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	497 if modules == nil then
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	498 return -- okay except for global section, checked separately
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	499 end
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	500 local t = type(modules)
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	501 if t ~= "table" then
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	502 print(" The " .. name .. " in the " .. host .. " section should not be a " .. t .. " but a list of strings, e.g.");
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	503 print(" " .. name .. " = { \"name_of_module\", \"another_plugin\", }")
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	504 print()
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	505 ok = false
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	506 return
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	507 end
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	508 for k, v in pairs(modules) do
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	509 if type(k) ~= "number" or type(v) ~= "string" then
13316 a27a329e93ca util.prosodyctl.check: Try to clarify check for misplaced k=v in modules_enabled (thanks aab and Menel) Kim Alvefur <zash@zash.se> parents: 13302 diff changeset	510 print(" The " .. name .. " in the " .. host .. " section should be a list of strings, e.g.");
13217 b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	511 print(" " .. name .. " = { \"name_of_module\", \"another_plugin\", }")
13316 a27a329e93ca util.prosodyctl.check: Try to clarify check for misplaced k=v in modules_enabled (thanks aab and Menel) Kim Alvefur <zash@zash.se> parents: 13302 diff changeset	512 print(" It should not contain key = value pairs, try putting them outside the {} brackets.");
13217 b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	513 ok = false
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	514 break
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	515 end
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	516 end
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	517 end
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	518
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	519 for host, options in enabled_hosts() do
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	520 validate_module_list(host, "modules_enabled", options.modules_enabled);
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	521 validate_module_list(host, "modules_disabled", options.modules_disabled);
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	522 end
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	523
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	524 do -- Check for modules enabled both normally and as components
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	525 local modules = global:get_option_set("modules_enabled");
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	526 for host, options in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	527 local component_module = options.component_module;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	528 if component_module and modules:contains(component_module) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	529 print((" mod_%s is enabled both in modules_enabled and as Component %q %q"):format(component_module, host, component_module));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	530 print(" This means the service is enabled on all VirtualHosts as well as the Component.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	531 print(" Are you sure this what you want? It may cause unexpected behaviour.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	532 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	533 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	534 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	535
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	536 -- Check for global options under hosts
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	537 local global_options = set.new(it.to_array(it.keys(config["*"])));
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	538 local obsolete_global_options = set.intersection(global_options, obsolete);
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	539 if not obsolete_global_options:empty() then
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	540 print("");
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	541 print(" You have some obsolete options you can remove from the global section:");
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	542 print(" "..tostring(obsolete_global_options))
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	543 ok = false;
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	544 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	545 local deprecated_global_options = set.intersection(global_options, deprecated);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	546 if not deprecated_global_options:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	547 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	548 print(" You have some deprecated options in the global section:");
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	549 for option in deprecated_global_options do
12158 7ff3699c1653 util.prosodyctl.check: Move word to ease future translations Kim Alvefur <zash@zash.se> parents: 12157 diff changeset	550 print((" '%s' -- %s"):format(option, deprecated_replacements[option]));
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	551 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	552 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	553 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	554 for host, options in it.filter(function (h) return h ~= "*" end, pairs(configmanager.getconfig())) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	555 local host_options = set.new(it.to_array(it.keys(options)));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	556 local misplaced_options = set.intersection(host_options, known_global_options);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	557 for name in pairs(options) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	558 if name:match("^interfaces?")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	559 or name:match("_ports?$") or name:match("_interfaces?$")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	560 or (name:match("_ssl$") and not name:match("^[cs]2s_ssl$")) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	561 misplaced_options:add(name);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	562 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	563 end
11799 8c9ec2db1d95 util.prosodyctl.check: Fix to not treat some options as misplaced Kim Alvefur <zash@zash.se> parents: 11798 diff changeset	564 -- FIXME These _could_ be misplaced, but we would have to check where the corresponding module is loaded to be sure
8c9ec2db1d95 util.prosodyctl.check: Fix to not treat some options as misplaced Kim Alvefur <zash@zash.se> parents: 11798 diff changeset	565 misplaced_options:exclude(set.new({ "external_service_port", "turn_external_port" }));
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	566 if not misplaced_options:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	567 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	568 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	569 local n = it.count(misplaced_options);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	570 print(" You have "..n.." option"..(n>1 and "s " or " ").."set under "..host.." that should be");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	571 print(" in the global section of the config file, above any VirtualHost or Component definitions,")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	572 print(" see https://prosody.im/doc/configure#overview for more information.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	573 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	574 print(" You need to move the following option"..(n>1 and "s" or "")..": "..table.concat(it.to_array(misplaced_options), ", "));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	575 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	576 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	577 for host, options in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	578 local host_options = set.new(it.to_array(it.keys(options)));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	579 local subdomain = host:match("^[^.]+");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	580 if not(host_options:contains("component_module")) and (subdomain == "jabber" or subdomain == "xmpp"
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	581 or subdomain == "chat" or subdomain == "im") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	582 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	583 print(" Suggestion: If "..host.. " is a new host with no real users yet, consider renaming it now to");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	584 print(" "..host:gsub("^[^.]+%.", "")..". You can use SRV records to redirect XMPP clients and servers to "..host..".");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	585 print(" For more information see: https://prosody.im/doc/dns");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	586 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	587 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	588 local all_modules = set.new(config["*"].modules_enabled);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	589 local all_options = set.new(it.to_array(it.keys(config["*"])));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	590 for host in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	591 all_options:include(set.new(it.to_array(it.keys(config[host]))));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	592 all_modules:include(set.new(config[host].modules_enabled));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	593 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	594 for mod in all_modules do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	595 if mod:match("^mod_") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	596 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	597 print(" Modules in modules_enabled should not have the 'mod_' prefix included.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	598 print(" Change '"..mod.."' to '"..mod:match("^mod_(.*)").."'.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	599 elseif mod:match("^auth_") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	600 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	601 print(" Authentication modules should not be added to modules_enabled,");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	602 print(" but be specified in the 'authentication' option.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	603 print(" Remove '"..mod.."' from modules_enabled and instead add");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	604 print(" authentication = '"..mod:match("^auth_(.*)").."'");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	605 print(" For more information see https://prosody.im/doc/authentication");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	606 elseif mod:match("^storage_") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	607 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	608 print(" storage modules should not be added to modules_enabled,");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	609 print(" but be specified in the 'storage' option.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	610 print(" Remove '"..mod.."' from modules_enabled and instead add");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	611 print(" storage = '"..mod:match("^storage_(.*)").."'");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	612 print(" For more information see https://prosody.im/doc/storage");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	613 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	614 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	615 if all_modules:contains("vcard") and all_modules:contains("vcard_legacy") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	616 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	617 print(" Both mod_vcard_legacy and mod_vcard are enabled but they conflict");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	618 print(" with each other. Remove one.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	619 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	620 if all_modules:contains("pep") and all_modules:contains("pep_simple") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	621 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	622 print(" Both mod_pep_simple and mod_pep are enabled but they conflict");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	623 print(" with each other. Remove one.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	624 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	625 for host, host_config in pairs(config) do --luacheck: ignore 213/host
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	626 if type(rawget(host_config, "storage")) == "string" and rawget(host_config, "default_storage") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	627 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	628 print(" The 'default_storage' option is not needed if 'storage' is set to a string.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	629 break;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	630 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	631 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	632 local require_encryption = set.intersection(all_options, set.new({
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	633 "require_encryption", "c2s_require_encryption", "s2s_require_encryption"
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	634 })):empty();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	635 local ssl = dependencies.softreq"ssl";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	636 if not ssl then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	637 if not require_encryption then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	638 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	639 print(" You require encryption but LuaSec is not available.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	640 print(" Connections will fail.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	641 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	642 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	643 elseif not ssl.loadcertificate then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	644 if all_options:contains("s2s_secure_auth") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	645 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	646 print(" You have set s2s_secure_auth but your version of LuaSec does ");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	647 print(" not support certificate validation, so all s2s connections will");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	648 print(" fail.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	649 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	650 elseif all_options:contains("s2s_secure_domains") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	651 local secure_domains = set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	652 for host in enabled_hosts() do
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	653 if api(host):get_option_boolean("s2s_secure_auth") then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	654 secure_domains:add("*");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	655 else
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	656 secure_domains:include(api(host):get_option_set("s2s_secure_domains", {}));
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	657 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	658 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	659 if not secure_domains:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	660 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	661 print(" You have set s2s_secure_domains but your version of LuaSec does ");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	662 print(" not support certificate validation, so s2s connections to/from ");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	663 print(" these domains will fail.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	664 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	665 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	666 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	667 elseif require_encryption and not all_modules:contains("tls") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	668 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	669 print(" You require encryption but mod_tls is not enabled.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	670 print(" Connections will fail.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	671 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	672 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	673
12317 b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	674 do
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	675 local registration_enabled_hosts = {};
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	676 for host in enabled_hosts() do
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	677 local host_modules, component = modulemanager.get_modules_for_host(host);
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	678 local hostapi = api(host);
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	679 local allow_registration = hostapi:get_option_boolean("allow_registration", false);
12317 b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	680 local mod_register = host_modules:contains("register");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	681 local mod_register_ibr = host_modules:contains("register_ibr");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	682 local mod_invites_register = host_modules:contains("invites_register");
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	683 local registration_invite_only = hostapi:get_option_boolean("registration_invite_only", true);
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	684 local is_vhost = not component;
12317 b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	685 if is_vhost and (mod_register_ibr or (mod_register and allow_registration))
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	686 and not (mod_invites_register and registration_invite_only) then
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	687 table.insert(registration_enabled_hosts, host);
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	688 end
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	689 end
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	690 if #registration_enabled_hosts > 0 then
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	691 table.sort(registration_enabled_hosts);
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	692 print("");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	693 print(" Public registration is enabled on:");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	694 print(" "..table.concat(registration_enabled_hosts, ", "));
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	695 print("");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	696 print(" If this is intentional, review our guidelines on running a public server");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	697 print(" at https://prosody.im/doc/public_servers - otherwise, consider switching to");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	698 print(" invite-based registration, which is more secure.");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	699 end
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	700 end
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	701
12318 239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	702 do
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	703 local orphan_components = {};
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	704 local referenced_components = set.new();
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	705 local enabled_hosts_set = set.new();
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	706 for host in it.filter("*", pairs(configmanager.getconfig())) do
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	707 local hostapi = api(host);
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	708 if hostapi:get_option_boolean("enabled", true) then
12318 239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	709 enabled_hosts_set:add(host);
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	710 for _, disco_item in ipairs(hostapi:get_option_array("disco_items", {})) do
12318 239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	711 referenced_components:add(disco_item[1]);
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	712 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	713 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	714 end
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	715 for host in it.filter(skip_bare_jid_hosts, enabled_hosts()) do
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	716 local is_component = not not select(2, modulemanager.get_modules_for_host(host));
12318 239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	717 if is_component then
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	718 local parent_domain = host:match("^[^.]+%.(.+)$");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	719 local is_orphan = not (enabled_hosts_set:contains(parent_domain) or referenced_components:contains(host));
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	720 if is_orphan then
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	721 table.insert(orphan_components, host);
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	722 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	723 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	724 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	725 if #orphan_components > 0 then
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	726 table.sort(orphan_components);
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	727 print("");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	728 print(" Your configuration contains the following unreferenced components:\n");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	729 print(" "..table.concat(orphan_components, "\n "));
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	730 print("");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	731 print(" Clients may not be able to discover these services because they are not linked to");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	732 print(" any VirtualHost. They are automatically linked if they are direct subdomains of a");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	733 print(" VirtualHost. Alternatively, you can explicitly link them using the disco_items option.");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	734 print(" For more information see https://prosody.im/doc/modules/mod_disco#items");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	735 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	736 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	737
13465 54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	738 -- Check hostname validity
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	739 do
13466 5d9ec2e55d74 Merge 0.12->trunk Matthew Wild <mwild1@gmail.com> parents: 13327 13465 diff changeset	740 local idna = require "prosody.util.encodings".idna;
13465 54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	741 local invalid_hosts = {};
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	742 local alabel_hosts = {};
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	743 for host in it.filter("*", pairs(configmanager.getconfig())) do
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	744 local _, h, _ = jid_split(host);
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	745 if not h or not idna.to_ascii(h) then
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	746 table.insert(invalid_hosts, host);
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	747 else
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	748 for label in h:gmatch("[^%.]+") do
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	749 if label:match("^xn%-%-") then
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	750 table.insert(alabel_hosts, host);
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	751 break;
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	752 end
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	753 end
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	754 end
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	755 end
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	756
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	757 if #invalid_hosts > 0 then
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	758 table.sort(invalid_hosts);
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	759 print("");
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	760 print(" Your configuration contains invalid host names:");
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	761 print(" "..table.concat(invalid_hosts, "\n "));
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	762 print("");
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	763 print(" Clients may not be able to log in to these hosts, or you may not be able to");
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	764 print(" communicate with remote servers.");
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	765 print(" Use a valid domain name to correct this issue.");
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	766 end
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	767
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	768 if #alabel_hosts > 0 then
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	769 table.sort(alabel_hosts);
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	770 print("");
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	771 print(" Your configuration contains incorrectly-encoded hostnames:");
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	772 for _, ahost in ipairs(alabel_hosts) do
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	773 print((" '%s' (should be '%s')"):format(ahost, idna.to_unicode(ahost)));
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	774 end
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	775 print("");
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	776 print(" Clients may not be able to log in to these hosts, or you may not be able to");
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	777 print(" communicate with remote servers.");
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	778 print(" To correct this issue, use the Unicode version of the domain in Prosody's config file.");
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	779 end
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	780
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	781 if #invalid_hosts > 0 or #alabel_hosts > 0 then
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	782 print("");
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	783 print("WARNING: Changing the name of a VirtualHost in Prosody's config file");
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	784 print(" WILL NOT migrate any existing data (user accounts, etc.) to the new name.");
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	785 ok = false;
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	786 end
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	787 end
54a936345aaa prosodyctl check: Warn about invalid domain names in the config file Matthew Wild <mwild1@gmail.com> parents: 13254 diff changeset	788
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	789 print("Done.\n");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	790 end
13301 84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	791 function checks.dns()
12975 d10957394a3c util: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12899 diff changeset	792 local dns = require "prosody.net.dns";
10971 3cdb4a7cb406 util.prosodyctl.check: Use net.unbound for DNS if available Kim Alvefur <zash@zash.se> parents: 10932 diff changeset	793 pcall(function ()
12975 d10957394a3c util: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12899 diff changeset	794 local unbound = require"prosody.net.unbound";
11645 3be346c5b940 util.prosodyctl.check: Reload unbound to ensure hosts.txt is ignored Kim Alvefur <zash@zash.se> parents: 11635 diff changeset	795 dns = unbound.dns;
10971 3cdb4a7cb406 util.prosodyctl.check: Use net.unbound for DNS if available Kim Alvefur <zash@zash.se> parents: 10932 diff changeset	796 end)
12975 d10957394a3c util: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12899 diff changeset	797 local idna = require "prosody.util.encodings".idna;
d10957394a3c util: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12899 diff changeset	798 local ip = require "prosody.util.ip";
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	799 local global = api("*");
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	800 local c2s_ports = global:get_option_set("c2s_ports", {5222});
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	801 local s2s_ports = global:get_option_set("s2s_ports", {5269});
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	802 local c2s_tls_ports = global:get_option_set("c2s_direct_tls_ports", {});
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	803 local s2s_tls_ports = global:get_option_set("s2s_direct_tls_ports", {});
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	804
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	805 local global_enabled = set.new();
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	806 for host in enabled_hosts() do
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	807 global_enabled:include(modulemanager.get_modules_for_host(host));
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	808 end
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	809 if global_enabled:contains("net_multiplex") then
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	810 local multiplex_ports = global:get_option_set("ports", {});
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	811 local multiplex_tls_ports = global:get_option_set("ssl_ports", {});
12230 f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	812 if not multiplex_ports:empty() then
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	813 c2s_ports = c2s_ports + multiplex_ports;
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	814 s2s_ports = s2s_ports + multiplex_ports;
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	815 end
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	816 if not multiplex_tls_ports:empty() then
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	817 c2s_tls_ports = c2s_tls_ports + multiplex_tls_ports;
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	818 s2s_tls_ports = s2s_tls_ports + multiplex_tls_ports;
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	819 end
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	820 end
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	821
11776 1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	822 local c2s_srv_required, s2s_srv_required, c2s_tls_srv_required, s2s_tls_srv_required;
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	823 if not c2s_ports:contains(5222) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	824 c2s_srv_required = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	825 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	826 if not s2s_ports:contains(5269) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	827 s2s_srv_required = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	828 end
11615 8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	829 if not c2s_tls_ports:empty() then
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	830 c2s_tls_srv_required = true;
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	831 end
11776 1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	832 if not s2s_tls_ports:empty() then
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	833 s2s_tls_srv_required = true;
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	834 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	835
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	836 local problem_hosts = set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	837
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	838 local external_addresses, internal_addresses = set.new(), set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	839
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	840 local fqdn = socket.dns.tohostname(socket.dns.gethostname());
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	841 if fqdn then
13121 332e95f75dbb util.prosodyctl.check: Fix error where hostname can't be turned into A label Kim Alvefur <zash@zash.se> parents: 12898 diff changeset	842 local fqdn_a = idna.to_ascii(fqdn);
332e95f75dbb util.prosodyctl.check: Fix error where hostname can't be turned into A label Kim Alvefur <zash@zash.se> parents: 12898 diff changeset	843 if fqdn_a then
332e95f75dbb util.prosodyctl.check: Fix error where hostname can't be turned into A label Kim Alvefur <zash@zash.se> parents: 12898 diff changeset	844 local res = dns.lookup(fqdn_a, "A");
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	845 if res then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	846 for _, record in ipairs(res) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	847 external_addresses:add(record.a);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	848 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	849 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	850 end
13121 332e95f75dbb util.prosodyctl.check: Fix error where hostname can't be turned into A label Kim Alvefur <zash@zash.se> parents: 12898 diff changeset	851 if fqdn_a then
332e95f75dbb util.prosodyctl.check: Fix error where hostname can't be turned into A label Kim Alvefur <zash@zash.se> parents: 12898 diff changeset	852 local res = dns.lookup(fqdn_a, "AAAA");
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	853 if res then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	854 for _, record in ipairs(res) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	855 external_addresses:add(record.aaaa);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	856 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	857 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	858 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	859 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	860
12975 d10957394a3c util: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12899 diff changeset	861 local local_addresses = require"prosody.util.net".local_addresses() or {};
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	862
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	863 for addr in it.values(local_addresses) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	864 if not ip.new_ip(addr).private then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	865 external_addresses:add(addr);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	866 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	867 internal_addresses:add(addr);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	868 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	869 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	870
12320 f0be98bab9dd prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config Matthew Wild <mwild1@gmail.com> parents: 12319 diff changeset	871 -- Allow admin to specify additional (e.g. undiscoverable) IP addresses in the config
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	872 for _, address in ipairs(global:get_option_array("external_addresses", {})) do
12320 f0be98bab9dd prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config Matthew Wild <mwild1@gmail.com> parents: 12319 diff changeset	873 external_addresses:add(address);
f0be98bab9dd prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config Matthew Wild <mwild1@gmail.com> parents: 12319 diff changeset	874 end
f0be98bab9dd prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config Matthew Wild <mwild1@gmail.com> parents: 12319 diff changeset	875
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	876 if external_addresses:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	877 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	878 print(" Failed to determine the external addresses of this server. Checks may be inaccurate.");
13219 22763b30e458 util.prosodyctl.check: Hint about the 'external_addresses' config option Kim Alvefur <zash@zash.se> parents: 13217 diff changeset	879 print(" If you know the correct external addresses you can specify them in the config like:")
22763b30e458 util.prosodyctl.check: Hint about the 'external_addresses' config option Kim Alvefur <zash@zash.se> parents: 13217 diff changeset	880 print(" external_addresses = { \"192.0.2.34\", \"2001:db8::abcd:1234\" }")
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	881 c2s_srv_required, s2s_srv_required = true, true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	882 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	883
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	884 local v6_supported = not not socket.tcp6;
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	885 local use_ipv4 = global:get_option_boolean("use_ipv4", true);
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	886 local use_ipv6 = global:get_option_boolean("use_ipv6", true);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	887
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	888 local function trim_dns_name(n)
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	889 return (n:gsub("%.$", ""));
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	890 end
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	891
12319 8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	892 local unknown_addresses = set.new();
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	893
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	894 for jid in enabled_hosts() do
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	895 local all_targets_ok, some_targets_ok = true, false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	896 local node, host = jid_split(jid);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	897
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	898 local modules, component_module = modulemanager.get_modules_for_host(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	899 if component_module then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	900 modules:add(component_module);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	901 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	902
12842 3edd39c55a8a prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793) Kim Alvefur <zash@zash.se> parents: 12520 diff changeset	903 -- TODO Refactor these DNS SRV checks since they are very similar
3edd39c55a8a prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793) Kim Alvefur <zash@zash.se> parents: 12520 diff changeset	904 -- FIXME Suggest concrete actionable steps to correct issues so that
3edd39c55a8a prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793) Kim Alvefur <zash@zash.se> parents: 12520 diff changeset	905 -- users don't have to copy-paste the message into the support chat and
3edd39c55a8a prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793) Kim Alvefur <zash@zash.se> parents: 12520 diff changeset	906 -- ask what to do about it.
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	907 local is_component = not not component_module;
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	908 print("Checking DNS for "..(is_component and "component" or "host").." "..jid.."...");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	909 if node then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	910 print("Only the domain part ("..host..") is used in DNS.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	911 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	912 local target_hosts = set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	913 if modules:contains("c2s") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	914 local res = dns.lookup("_xmpp-client._tcp."..idna.to_ascii(host)..".", "SRV");
11613 c8a9f77d48fd util.prosodyctl.check: Fix for net.dns vs unbound API difference Kim Alvefur <zash@zash.se> parents: 11612 diff changeset	915 if res and #res > 0 then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	916 for _, record in ipairs(res) do
10932 ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	917 if record.srv.target == "." then -- TODO is this an error if mod_c2s is enabled?
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	918 print(" 'xmpp-client' service disabled by pointing to '.'"); -- FIXME Explain better what this is
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	919 break;
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	920 end
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	921 local target = trim_dns_name(record.srv.target);
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	922 target_hosts:add(target);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	923 if not c2s_ports:contains(record.srv.port) then
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	924 print(" SRV target "..target.." contains unknown client port: "..record.srv.port);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	925 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	926 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	927 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	928 if c2s_srv_required then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	929 print(" No _xmpp-client SRV record found for "..host..", but it looks like you need one.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	930 all_targets_ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	931 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	932 target_hosts:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	933 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	934 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	935 end
12842 3edd39c55a8a prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793) Kim Alvefur <zash@zash.se> parents: 12520 diff changeset	936 if modules:contains("c2s") then
11615 8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	937 local res = dns.lookup("_xmpps-client._tcp."..idna.to_ascii(host)..".", "SRV");
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	938 if res and #res > 0 then
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	939 for _, record in ipairs(res) do
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	940 if record.srv.target == "." then -- TODO is this an error if mod_c2s is enabled?
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	941 print(" 'xmpps-client' service disabled by pointing to '.'"); -- FIXME Explain better what this is
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	942 break;
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	943 end
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	944 local target = trim_dns_name(record.srv.target);
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	945 target_hosts:add(target);
11615 8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	946 if not c2s_tls_ports:contains(record.srv.port) then
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	947 print(" SRV target "..target.." contains unknown Direct TLS client port: "..record.srv.port);
11615 8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	948 end
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	949 end
12842 3edd39c55a8a prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793) Kim Alvefur <zash@zash.se> parents: 12520 diff changeset	950 elseif c2s_tls_srv_required then
11615 8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	951 print(" No _xmpps-client SRV record found for "..host..", but it looks like you need one.");
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	952 all_targets_ok = false;
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	953 end
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	954 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	955 if modules:contains("s2s") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	956 local res = dns.lookup("_xmpp-server._tcp."..idna.to_ascii(host)..".", "SRV");
11613 c8a9f77d48fd util.prosodyctl.check: Fix for net.dns vs unbound API difference Kim Alvefur <zash@zash.se> parents: 11612 diff changeset	957 if res and #res > 0 then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	958 for _, record in ipairs(res) do
10932 ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	959 if record.srv.target == "." then -- TODO Is this an error if mod_s2s is enabled?
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	960 print(" 'xmpp-server' service disabled by pointing to '.'"); -- FIXME Explain better what this is
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	961 break;
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	962 end
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	963 local target = trim_dns_name(record.srv.target);
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	964 target_hosts:add(target);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	965 if not s2s_ports:contains(record.srv.port) then
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	966 print(" SRV target "..target.." contains unknown server port: "..record.srv.port);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	967 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	968 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	969 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	970 if s2s_srv_required then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	971 print(" No _xmpp-server SRV record found for "..host..", but it looks like you need one.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	972 all_targets_ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	973 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	974 target_hosts:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	975 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	976 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	977 end
12842 3edd39c55a8a prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793) Kim Alvefur <zash@zash.se> parents: 12520 diff changeset	978 if modules:contains("s2s") then
11776 1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	979 local res = dns.lookup("_xmpps-server._tcp."..idna.to_ascii(host)..".", "SRV");
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	980 if res and #res > 0 then
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	981 for _, record in ipairs(res) do
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	982 if record.srv.target == "." then -- TODO is this an error if mod_s2s is enabled?
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	983 print(" 'xmpps-server' service disabled by pointing to '.'"); -- FIXME Explain better what this is
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	984 break;
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	985 end
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	986 local target = trim_dns_name(record.srv.target);
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	987 target_hosts:add(target);
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	988 if not s2s_tls_ports:contains(record.srv.port) then
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	989 print(" SRV target "..target.." contains unknown Direct TLS server port: "..record.srv.port);
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	990 end
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	991 end
12842 3edd39c55a8a prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793) Kim Alvefur <zash@zash.se> parents: 12520 diff changeset	992 elseif s2s_tls_srv_required then
11776 1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	993 print(" No _xmpps-server SRV record found for "..host..", but it looks like you need one.");
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	994 all_targets_ok = false;
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	995 end
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	996 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	997 if target_hosts:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	998 target_hosts:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	999 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1000
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1001 if target_hosts:contains("localhost") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1002 print(" Target 'localhost' cannot be accessed from other servers");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1003 target_hosts:remove("localhost");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1004 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1005
12217 39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1006 local function check_address(target)
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1007 local A, AAAA = dns.lookup(idna.to_ascii(target), "A"), dns.lookup(idna.to_ascii(target), "AAAA");
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1008 local prob = {};
12231 ca8453129ade util.prosodyctl.check: Fix A/AAAA check for proxy65 and http Kim Alvefur <zash@zash.se> parents: 12230 diff changeset	1009 if use_ipv4 and not (A and #A > 0) then table.insert(prob, "A"); end
ca8453129ade util.prosodyctl.check: Fix A/AAAA check for proxy65 and http Kim Alvefur <zash@zash.se> parents: 12230 diff changeset	1010 if use_ipv6 and not (AAAA and #AAAA > 0) then table.insert(prob, "AAAA"); end
12217 39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1011 return prob;
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1012 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1013
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1014 if modules:contains("proxy65") then
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	1015 local proxy65_target = api(host):get_option_string("proxy65_address", host);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1016 if type(proxy65_target) == "string" then
12217 39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1017 local prob = check_address(proxy65_target);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1018 if #prob > 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1019 print(" File transfer proxy "..proxy65_target.." has no "..table.concat(prob, "/")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1020 .." record. Create one or set 'proxy65_address' to the correct host/IP.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1021 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1022 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1023 print(" proxy65_address for "..host.." should be set to a string, unable to perform DNS check");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1024 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1025 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1026
12217 39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1027 local known_http_modules = set.new { "bosh"; "http_files"; "http_file_share"; "http_openmetrics"; "websocket" };
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1028
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1029 if modules:contains("http") or not set.intersection(modules, known_http_modules):empty()
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1030 or contains_match(modules, "^http_") or contains_match(modules, "_web$") then
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1031
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	1032 local http_host = api(host):get_option_string("http_host", host);
12217 39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1033 local http_internal_host = http_host;
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	1034 local http_url = api(host):get_option_string("http_external_url");
12217 39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1035 if http_url then
12218 0795e1ccf3d8 util.prosodyctl.check: Fix use of LuaSocket URL parser Kim Alvefur <zash@zash.se> parents: 12217 diff changeset	1036 local url_parse = require "socket.url".parse;
12217 39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1037 local external_url_parts = url_parse(http_url);
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1038 if external_url_parts then
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1039 http_host = external_url_parts.host;
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1040 else
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1041 print(" The 'http_external_url' setting is not a valid URL");
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1042 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1043 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1044
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1045 local prob = check_address(http_host);
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1046 if #prob > 1 then
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1047 print(" HTTP service " .. http_host .. " has no " .. table.concat(prob, "/") .. " record. Create one or change "
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1048 .. (http_url and "'http_external_url'" or "'http_host'").." to the correct host.");
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1049 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1050
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1051 if http_host ~= http_internal_host then
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1052 print(" Ensure the reverse proxy sets the HTTP Host header to '" .. http_internal_host .. "'");
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1053 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1054 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1055
11652 887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false Kim Alvefur <zash@zash.se> parents: 11651 diff changeset	1056 if not use_ipv4 and not use_ipv6 then
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false Kim Alvefur <zash@zash.se> parents: 11651 diff changeset	1057 print(" Both IPv6 and IPv4 are disabled, Prosody will not listen on any ports");
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false Kim Alvefur <zash@zash.se> parents: 11651 diff changeset	1058 print(" nor be able to connect to any remote servers.");
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false Kim Alvefur <zash@zash.se> parents: 11651 diff changeset	1059 all_targets_ok = false;
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false Kim Alvefur <zash@zash.se> parents: 11651 diff changeset	1060 end
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false Kim Alvefur <zash@zash.se> parents: 11651 diff changeset	1061
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1062 for target_host in target_hosts do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1063 local host_ok_v4, host_ok_v6;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1064 do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1065 local res = dns.lookup(idna.to_ascii(target_host), "A");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1066 if res then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1067 for _, record in ipairs(res) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1068 if external_addresses:contains(record.a) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1069 some_targets_ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1070 host_ok_v4 = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1071 elseif internal_addresses:contains(record.a) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1072 host_ok_v4 = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1073 some_targets_ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1074 print(" "..target_host.." A record points to internal address, external connections might fail");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1075 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1076 print(" "..target_host.." A record points to unknown address "..record.a);
12319 8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1077 unknown_addresses:add(record.a);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1078 all_targets_ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1079 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1080 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1081 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1082 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1083 do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1084 local res = dns.lookup(idna.to_ascii(target_host), "AAAA");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1085 if res then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1086 for _, record in ipairs(res) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1087 if external_addresses:contains(record.aaaa) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1088 some_targets_ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1089 host_ok_v6 = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1090 elseif internal_addresses:contains(record.aaaa) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1091 host_ok_v6 = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1092 some_targets_ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1093 print(" "..target_host.." AAAA record points to internal address, external connections might fail");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1094 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1095 print(" "..target_host.." AAAA record points to unknown address "..record.aaaa);
12319 8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1096 unknown_addresses:add(record.aaaa);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1097 all_targets_ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1098 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1099 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1100 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1101 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1102
11653 51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1103 if host_ok_v4 and not use_ipv4 then
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1104 print(" Host "..target_host.." does seem to resolve to this server but IPv4 has been disabled");
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1105 all_targets_ok = false;
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1106 end
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1107
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1108 if host_ok_v6 and not use_ipv6 then
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1109 print(" Host "..target_host.." does seem to resolve to this server but IPv6 has been disabled");
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1110 all_targets_ok = false;
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1111 end
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1112
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1113 local bad_protos = {}
11651 c9f46d28ed7e util.prosodyctl.check: Silence IP protocol mismatches when disabled Kim Alvefur <zash@zash.se> parents: 11645 diff changeset	1114 if use_ipv4 and not host_ok_v4 then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1115 table.insert(bad_protos, "IPv4");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1116 end
11651 c9f46d28ed7e util.prosodyctl.check: Silence IP protocol mismatches when disabled Kim Alvefur <zash@zash.se> parents: 11645 diff changeset	1117 if use_ipv6 and not host_ok_v6 then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1118 table.insert(bad_protos, "IPv6");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1119 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1120 if #bad_protos > 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1121 print(" Host "..target_host.." does not seem to resolve to this server ("..table.concat(bad_protos, "/")..")");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1122 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1123 if host_ok_v6 and not v6_supported then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1124 print(" Host "..target_host.." has AAAA records, but your version of LuaSocket does not support IPv6.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1125 print(" Please see https://prosody.im/doc/ipv6 for more information.");
11925 3e0d03a74285 util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false Kim Alvefur <zash@zash.se> parents: 11924 diff changeset	1126 elseif host_ok_v6 and not use_ipv6 then
3e0d03a74285 util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false Kim Alvefur <zash@zash.se> parents: 11924 diff changeset	1127 print(" Host "..target_host.." has AAAA records, but IPv6 is disabled.");
3e0d03a74285 util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false Kim Alvefur <zash@zash.se> parents: 11924 diff changeset	1128 -- TODO Tell them to drop the AAAA records or enable IPv6?
3e0d03a74285 util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false Kim Alvefur <zash@zash.se> parents: 11924 diff changeset	1129 print(" Please see https://prosody.im/doc/ipv6 for more information.");
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1130 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1131 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1132 if not all_targets_ok then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1133 print(" "..(some_targets_ok and "Only some" or "No").." targets for "..host.." appear to resolve to this server.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1134 if is_component then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1135 print(" DNS records are necessary if you want users on other servers to access this component.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1136 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1137 problem_hosts:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1138 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1139 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1140 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1141 if not problem_hosts:empty() then
12319 8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1142 if not unknown_addresses:empty() then
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1143 print("");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1144 print("Some of your DNS records point to unknown IP addresses. This may be expected if your server");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1145 print("is behind a NAT or proxy. The unrecognized addresses were:");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1146 print("");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1147 print(" Unrecognized: "..tostring(unknown_addresses));
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1148 print("");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1149 print("The addresses we found on this system are:");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1150 print("");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1151 print(" Internal: "..tostring(internal_addresses));
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1152 print(" External: "..tostring(external_addresses));
13219 22763b30e458 util.prosodyctl.check: Hint about the 'external_addresses' config option Kim Alvefur <zash@zash.se> parents: 13217 diff changeset	1153 print("")
22763b30e458 util.prosodyctl.check: Hint about the 'external_addresses' config option Kim Alvefur <zash@zash.se> parents: 13217 diff changeset	1154 print("If the list of external external addresses is incorrect you can specify correct addresses in the config:")
22763b30e458 util.prosodyctl.check: Hint about the 'external_addresses' config option Kim Alvefur <zash@zash.se> parents: 13217 diff changeset	1155 print(" external_addresses = { \"192.0.2.34\", \"2001:db8::abcd:1234\" }")
12319 8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1156 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1157 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1158 print("For more information about DNS configuration please see https://prosody.im/doc/dns");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1159 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1160 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1161 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1162 end
13301 84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	1163 function checks.certs()
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1164 local cert_ok;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1165 print"Checking certificates..."
12975 d10957394a3c util: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12899 diff changeset	1166 local x509_verify_identity = require"prosody.util.x509".verify_identity;
13302 30b7cd40ee14 util.prosodyctl.check: Print DANE TLSA records for certificates Kim Alvefur <zash@zash.se> parents: 13301 diff changeset	1167 local use_dane = configmanager.get("*", "use_dane");
30b7cd40ee14 util.prosodyctl.check: Print DANE TLSA records for certificates Kim Alvefur <zash@zash.se> parents: 13301 diff changeset	1168 local pem2der = require"prosody.util.x509".pem2der;
30b7cd40ee14 util.prosodyctl.check: Print DANE TLSA records for certificates Kim Alvefur <zash@zash.se> parents: 13301 diff changeset	1169 local sha256 = require"prosody.util.hashes".sha256;
12975 d10957394a3c util: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12899 diff changeset	1170 local create_context = require "prosody.core.certmanager".create_context;
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1171 local ssl = dependencies.softreq"ssl";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1172 -- local datetime_parse = require"util.datetime".parse_x509;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1173 local load_cert = ssl and ssl.loadcertificate;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1174 -- or ssl.cert_from_pem
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1175 if not ssl then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1176 print("LuaSec not available, can't perform certificate checks")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1177 if what == "certs" then cert_ok = false end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1178 elseif not load_cert then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1179 print("This version of LuaSec (" .. ssl._VERSION .. ") does not support certificate checking");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1180 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1181 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1182 for host in it.filter(skip_bare_jid_hosts, enabled_hosts()) do
13324 6f371066d6e0 util.prosodyctl.check: Simplify conditions for c2s and s2s cert checks Kim Alvefur <zash@zash.se> parents: 13316 diff changeset	1183 local modules = modulemanager.get_modules_for_host(host);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1184 print("Checking certificate for "..host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1185 -- First, let's find out what certificate this host uses.
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1186 local host_ssl_config = configmanager.rawget(host, "ssl")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1187 or configmanager.rawget(host:match("%.(.*)"), "ssl");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1188 local global_ssl_config = configmanager.rawget("*", "ssl");
13301 84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	1189 local ctx_ok, err, ssl_config = create_context(host, "server", host_ssl_config, global_ssl_config);
84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	1190 if not ctx_ok then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1191 print(" Error: "..err);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1192 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1193 elseif not ssl_config.certificate then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1194 print(" No 'certificate' found for "..host)
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1195 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1196 elseif not ssl_config.key then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1197 print(" No 'key' found for "..host)
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1198 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1199 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1200 local key, err = io.open(ssl_config.key); -- Permissions check only
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1201 if not key then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1202 print(" Could not open "..ssl_config.key..": "..err);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1203 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1204 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1205 key:close();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1206 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1207 local cert_fh, err = io.open(ssl_config.certificate); -- Load the file.
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1208 if not cert_fh then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1209 print(" Could not open "..ssl_config.certificate..": "..err);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1210 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1211 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1212 print(" Certificate: "..ssl_config.certificate)
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1213 local cert = load_cert(cert_fh:read"*a"); cert_fh:close();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1214 if not cert:validat(os.time()) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1215 print(" Certificate has expired.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1216 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1217 elseif not cert:validat(os.time() + 86400) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1218 print(" Certificate expires within one day.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1219 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1220 elseif not cert:validat(os.time() + 86400*7) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1221 print(" Certificate expires within one week.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1222 elseif not cert:validat(os.time() + 86400*31) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1223 print(" Certificate expires within one month.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1224 end
13324 6f371066d6e0 util.prosodyctl.check: Simplify conditions for c2s and s2s cert checks Kim Alvefur <zash@zash.se> parents: 13316 diff changeset	1225 if modules:contains("c2s") and not x509_verify_identity(host, "_xmpp-client", cert) then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1226 print(" Not valid for client connections to "..host..".")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1227 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1228 end
13325 f32faaea3461 util.prosodyctl.check: Update conditions for s2s cert checks Kim Alvefur <zash@zash.se> parents: 13324 diff changeset	1229 local anon = api(host):get_option_string("authentication", "internal_hashed") == "anonymous";
f32faaea3461 util.prosodyctl.check: Update conditions for s2s cert checks Kim Alvefur <zash@zash.se> parents: 13324 diff changeset	1230 local anon_s2s = api(host):get_option_boolean("allow_anonymous_s2s", false);
f32faaea3461 util.prosodyctl.check: Update conditions for s2s cert checks Kim Alvefur <zash@zash.se> parents: 13324 diff changeset	1231 if modules:contains("s2s") and (anon_s2s or not anon) and not x509_verify_identity(host, "_xmpp-server", cert) then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1232 print(" Not valid for server-to-server connections to "..host..".")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1233 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1234 end
13326 76b6556c0f67 util.prosodyctl.check: Check cert for HTTPS if http module enabled Kim Alvefur <zash@zash.se> parents: 13325 diff changeset	1235
76b6556c0f67 util.prosodyctl.check: Check cert for HTTPS if http module enabled Kim Alvefur <zash@zash.se> parents: 13325 diff changeset	1236 local known_http_modules = set.new { "bosh"; "http_files"; "http_file_share"; "http_openmetrics"; "websocket" };
76b6556c0f67 util.prosodyctl.check: Check cert for HTTPS if http module enabled Kim Alvefur <zash@zash.se> parents: 13325 diff changeset	1237 local http_loaded = modules:contains("http")
76b6556c0f67 util.prosodyctl.check: Check cert for HTTPS if http module enabled Kim Alvefur <zash@zash.se> parents: 13325 diff changeset	1238 or not set.intersection(modules, known_http_modules):empty()
76b6556c0f67 util.prosodyctl.check: Check cert for HTTPS if http module enabled Kim Alvefur <zash@zash.se> parents: 13325 diff changeset	1239 or contains_match(modules, "^http_")
76b6556c0f67 util.prosodyctl.check: Check cert for HTTPS if http module enabled Kim Alvefur <zash@zash.se> parents: 13325 diff changeset	1240 or contains_match(modules, "_web$");
76b6556c0f67 util.prosodyctl.check: Check cert for HTTPS if http module enabled Kim Alvefur <zash@zash.se> parents: 13325 diff changeset	1241
76b6556c0f67 util.prosodyctl.check: Check cert for HTTPS if http module enabled Kim Alvefur <zash@zash.se> parents: 13325 diff changeset	1242 local http_host = api(host):get_option_string("http_host", host);
13327 f0fc6e7cc4de util.prosodyctl.check: Disable https cert check if http_external_url set Kim Alvefur <zash@zash.se> parents: 13326 diff changeset	1243 if api(host):get_option_string("http_external_url") then
f0fc6e7cc4de util.prosodyctl.check: Disable https cert check if http_external_url set Kim Alvefur <zash@zash.se> parents: 13326 diff changeset	1244 -- Assumed behind a reverse proxy
f0fc6e7cc4de util.prosodyctl.check: Disable https cert check if http_external_url set Kim Alvefur <zash@zash.se> parents: 13326 diff changeset	1245 http_loaded = false;
f0fc6e7cc4de util.prosodyctl.check: Disable https cert check if http_external_url set Kim Alvefur <zash@zash.se> parents: 13326 diff changeset	1246 end
13326 76b6556c0f67 util.prosodyctl.check: Check cert for HTTPS if http module enabled Kim Alvefur <zash@zash.se> parents: 13325 diff changeset	1247 if http_loaded and not x509_verify_identity(http_host, nil, cert) then
76b6556c0f67 util.prosodyctl.check: Check cert for HTTPS if http module enabled Kim Alvefur <zash@zash.se> parents: 13325 diff changeset	1248 print(" Not valid for HTTPS connections to "..host..".")
76b6556c0f67 util.prosodyctl.check: Check cert for HTTPS if http module enabled Kim Alvefur <zash@zash.se> parents: 13325 diff changeset	1249 cert_ok = false
76b6556c0f67 util.prosodyctl.check: Check cert for HTTPS if http module enabled Kim Alvefur <zash@zash.se> parents: 13325 diff changeset	1250 end
13302 30b7cd40ee14 util.prosodyctl.check: Print DANE TLSA records for certificates Kim Alvefur <zash@zash.se> parents: 13301 diff changeset	1251 if use_dane then
30b7cd40ee14 util.prosodyctl.check: Print DANE TLSA records for certificates Kim Alvefur <zash@zash.se> parents: 13301 diff changeset	1252 if cert.pubkey then
30b7cd40ee14 util.prosodyctl.check: Print DANE TLSA records for certificates Kim Alvefur <zash@zash.se> parents: 13301 diff changeset	1253 print(" DANE: TLSA 3 1 1 "..sha256(pem2der(cert:pubkey()), true))
30b7cd40ee14 util.prosodyctl.check: Print DANE TLSA records for certificates Kim Alvefur <zash@zash.se> parents: 13301 diff changeset	1254 elseif cert.pem then
30b7cd40ee14 util.prosodyctl.check: Print DANE TLSA records for certificates Kim Alvefur <zash@zash.se> parents: 13301 diff changeset	1255 print(" DANE: TLSA 3 0 1 "..sha256(pem2der(cert:pem()), true))
30b7cd40ee14 util.prosodyctl.check: Print DANE TLSA records for certificates Kim Alvefur <zash@zash.se> parents: 13301 diff changeset	1256 end
30b7cd40ee14 util.prosodyctl.check: Print DANE TLSA records for certificates Kim Alvefur <zash@zash.se> parents: 13301 diff changeset	1257 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1258 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1259 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1260 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1261 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1262 if cert_ok == false then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1263 print("")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1264 print("For more information about certificates please see https://prosody.im/doc/certificates");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1265 ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1266 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1267 print("")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1268 end
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1269 -- intentionally not doing this by default
13301 84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	1270 function checks.connectivity()
11782 d93107de52dd util.prosodyctl.check: Ignore unused "ok" variable [luacheck] Kim Alvefur <zash@zash.se> parents: 11780 diff changeset	1271 local _, prosody_is_running = is_prosody_running();
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	1272 if api("*"):get_option_string("pidfile") and not prosody_is_running then
11780 98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running Kim Alvefur <zash@zash.se> parents: 11779 diff changeset	1273 print("Prosody does not appear to be running, which is required for this test.");
98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running Kim Alvefur <zash@zash.se> parents: 11779 diff changeset	1274 print("Start it and then try again.");
98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running Kim Alvefur <zash@zash.se> parents: 11779 diff changeset	1275 return 1;
98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running Kim Alvefur <zash@zash.se> parents: 11779 diff changeset	1276 end
98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running Kim Alvefur <zash@zash.se> parents: 11779 diff changeset	1277
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1278 local checker = "observe.jabber.network";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1279 local probe_instance;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1280 local probe_modules = {
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1281 ["xmpp-client"] = "c2s_normal_auth";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1282 ["xmpp-server"] = "s2s_normal";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1283 ["xmpps-client"] = nil; -- TODO
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1284 ["xmpps-server"] = nil; -- TODO
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1285 };
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	1286 local probe_settings = api("*"):get_option_string("connectivity_probe");
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1287 if type(probe_settings) == "string" then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1288 probe_instance = probe_settings;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1289 elseif type(probe_settings) == "table" and type(probe_settings.url) == "string" then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1290 probe_instance = probe_settings.url;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1291 if type(probe_settings.modules) == "table" then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1292 probe_modules = probe_settings.modules;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1293 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1294 elseif probe_settings ~= nil then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1295 print("The 'connectivity_probe' setting not understood.");
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1296 print("Expected an URL or a table with 'url' and 'modules' fields");
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1297 print("See https://prosody.im/doc/prosodyctl#check for more information."); -- FIXME
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1298 return 1;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1299 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1300
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1301 local check_api;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1302 if probe_instance then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1303 local parsed_url = socket_url.parse(probe_instance);
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1304 if not parsed_url then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1305 print(("'connectivity_probe' is not a valid URL: %q"):format(probe_instance));
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1306 print("Set it to the URL of an XMPP Blackbox Exporter instance and try again");
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1307 return 1;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1308 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1309 checker = parsed_url.host;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1310
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1311 function check_api(protocol, host)
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1312 local target = socket_url.build({scheme="xmpp",path=host});
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1313 local probe_module = probe_modules[protocol];
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1314 if not probe_module then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1315 return nil, "Checking protocol '"..protocol.."' is currently unsupported";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1316 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1317 return check_probe(probe_instance, probe_module, target);
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1318 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1319 else
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1320 check_api = check_ojn;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1321 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1322
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1323 for host in it.filter(skip_bare_jid_hosts, enabled_hosts()) do
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1324 local modules, component_module = modulemanager.get_modules_for_host(host);
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1325 if component_module then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1326 modules:add(component_module)
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1327 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1328
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1329 print("Checking external connectivity for "..host.." via "..checker)
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1330 local function check_connectivity(protocol)
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1331 local success, err = check_api(protocol, host);
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1332 if not success and err ~= nil then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1333 print((" %s: Failed to request check at API: %s"):format(protocol, err))
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1334 elseif success then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1335 print((" %s: Works"):format(protocol))
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1336 else
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1337 print((" %s: Check service failed to establish (secure) connection"):format(protocol))
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1338 ok = false
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1339 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1340 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1341
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1342 if modules:contains("c2s") then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1343 check_connectivity("xmpp-client")
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	1344 if not api("*"):get_option_set("c2s_direct_tls_ports", {}):empty() then
11957 3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks Kim Alvefur <zash@zash.se> parents: 11940 diff changeset	1345 check_connectivity("xmpps-client");
3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks Kim Alvefur <zash@zash.se> parents: 11940 diff changeset	1346 end
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1347 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1348
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1349 if modules:contains("s2s") then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1350 check_connectivity("xmpp-server")
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	1351 if not api("*"):get_option_set("s2s_direct_tls_ports", {}):empty() then
11957 3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks Kim Alvefur <zash@zash.se> parents: 11940 diff changeset	1352 check_connectivity("xmpps-server");
3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks Kim Alvefur <zash@zash.se> parents: 11940 diff changeset	1353 end
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1354 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1355
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1356 print()
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1357 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1358 print("Note: The connectivity check only checks the reachability of the domain.")
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1359 print("Note: It does not ensure that the check actually reaches this specific prosody instance.")
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1360 end
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1361
13301 84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	1362 function checks.turn()
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1363 local turn_enabled_hosts = {};
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1364 local turn_services = {};
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1365
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1366 for host in enabled_hosts() do
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1367 local has_external_turn = modulemanager.get_modules_for_host(host):contains("turn_external");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1368 if has_external_turn then
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	1369 local hostapi = api(host);
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1370 table.insert(turn_enabled_hosts, host);
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	1371 local turn_host = hostapi:get_option_string("turn_external_host", host);
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	1372 local turn_port = hostapi:get_option_number("turn_external_port", 3478);
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	1373 local turn_secret = hostapi:get_option_string("turn_external_secret");
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1374 if not turn_secret then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1375 print("Error: Your configuration is missing a turn_external_secret for "..host);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1376 print("Error: TURN will not be advertised for this host.");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1377 ok = false;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1378 else
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1379 local turn_id = ("%s:%d"):format(turn_host, turn_port);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1380 if turn_services[turn_id] and turn_services[turn_id].secret ~= turn_secret then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1381 print("Error: Your configuration contains multiple differing secrets");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1382 print(" for the TURN service at "..turn_id.." - we will only test one.");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1383 elseif not turn_services[turn_id] then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1384 turn_services[turn_id] = {
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1385 host = turn_host;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1386 port = turn_port;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1387 secret = turn_secret;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1388 };
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1389 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1390 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1391 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1392 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1393
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1394 if what == "turn" then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1395 local count = it.count(pairs(turn_services));
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1396 if count == 0 then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1397 print("Error: Unable to find any TURN services configured. Enable mod_turn_external!");
12488 3183f358a88f util.prosodyctl.check: turn: Report lack of TURN services as a problem #1749 Kim Alvefur <zash@zash.se> parents: 12466 diff changeset	1398 ok = false;
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1399 else
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1400 print("Identified "..tostring(count).." TURN services.");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1401 print("");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1402 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1403 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1404
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1405 for turn_id, turn_service in pairs(turn_services) do
12377 317132bca8c0 prosodyctl: check: include TURN checks by default Matthew Wild <mwild1@gmail.com> parents: 12376 diff changeset	1406 print("Testing TURN service "..turn_id.."...");
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1407
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	1408 local result = check_turn_service(turn_service, opts.ping);
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1409 if #result.warnings > 0 then
12381 d999c2b3e289 prosodyctl: check turn: fix formatting of multiple warnings Matthew Wild <mwild1@gmail.com> parents: 12380 diff changeset	1410 print(("%d warnings:\n"):format(#result.warnings));
d999c2b3e289 prosodyctl: check turn: fix formatting of multiple warnings Matthew Wild <mwild1@gmail.com> parents: 12380 diff changeset	1411 print(" "..table.concat(result.warnings, "\n "));
d999c2b3e289 prosodyctl: check turn: fix formatting of multiple warnings Matthew Wild <mwild1@gmail.com> parents: 12380 diff changeset	1412 print("");
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1413 end
12380 3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1414
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1415 if opts.verbose then
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1416 if result.external_ip then
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1417 print(("External IP: %s"):format(result.external_ip.address));
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1418 end
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1419 if result.relayed_addresses then
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1420 for i, relayed_address in ipairs(result.relayed_addresses) do
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1421 print(("Relayed address %d: %s:%d"):format(i, relayed_address.address, relayed_address.port));
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1422 end
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1423 end
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1424 if result.external_ip_pong then
12390 71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	1425 print(("TURN external address: %s:%d"):format(result.external_ip_pong.address, result.external_ip_pong.port));
12380 3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1426 end
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1427 end
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1428
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1429 if result.error then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1430 print("Error: "..result.error.."\n");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1431 ok = false;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1432 else
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1433 print("Success!\n");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1434 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1435 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1436 end
13301 84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	1437 if what == nil or what == "all" then
84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	1438 local ret;
84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	1439 ret = checks.disabled();
84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	1440 if ret ~= nil then return ret; end
84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	1441 ret = checks.config();
84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	1442 if ret ~= nil then return ret; end
84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	1443 ret = checks.dns();
84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	1444 if ret ~= nil then return ret; end
84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	1445 ret = checks.certs();
84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	1446 if ret ~= nil then return ret; end
84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	1447 ret = checks.turn();
84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	1448 if ret ~= nil then return ret; end
84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	1449 elseif checks[what] then
84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	1450 local ret = checks[what]();
84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	1451 if ret ~= nil then return ret; end
84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	1452 else
84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	1453 show_warning("Don't know how to check '%s'. Try one of 'config', 'dns', 'certs', 'disabled', 'turn' or 'connectivity'.", what);
84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	1454 show_warning("Note: The connectivity check will connect to a remote server.");
84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	1455 return 1;
84d83f4a190f util.prosodyctl.check: Wrap each check in a function Kim Alvefur <zash@zash.se> parents: 13256 diff changeset	1456 end
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1457
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1458 if not ok then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1459 print("Problems found, see above.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1460 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1461 print("All checks passed, congratulations!");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1462 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1463 return ok and 0 or 2;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1464 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1465
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1466 return {
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1467 check = check;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1468 };

prosody

850e4ade7a01

util/prosodyctl/check.lua

Software / code / prosody

Annotate

util/prosodyctl/check.lua @ 13553:850e4ade7a01

Software `/` code `/` prosody