prosody
1132a1f1ca5a
util/prosodyctl/check.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

util/prosodyctl/check.lua @ 11776:1132a1f1ca5a

util.prosodyctl.check: Check for server-to-server Direct TLS records
author Kim Alvefur <zash@zash.se>
date Thu, 09 Sep 2021 22:09:41 +0200
parent 11655:bbf50525faa5
child 11777:08de090e05e9
comparison
equal deleted inserted replaced
11775:af9c7f3f4735 11776:1132a1f1ca5a
309 local idna = require "util.encodings".idna; 309 local idna = require "util.encodings".idna;
310 local ip = require "util.ip"; 310 local ip = require "util.ip";
311 local c2s_ports = set.new(configmanager.get("*", "c2s_ports") or {5222}); 311 local c2s_ports = set.new(configmanager.get("*", "c2s_ports") or {5222});
312 local s2s_ports = set.new(configmanager.get("*", "s2s_ports") or {5269}); 312 local s2s_ports = set.new(configmanager.get("*", "s2s_ports") or {5269});
313 local c2s_tls_ports = set.new(configmanager.get("*", "direct_tls_ports") or {}); 313 local c2s_tls_ports = set.new(configmanager.get("*", "direct_tls_ports") or {});
314 314 local s2s_tls_ports = set.new(configmanager.get("*", "s2s_direct_tls_ports") or {});
315 local c2s_srv_required, s2s_srv_required, c2s_tls_srv_required; 315
316 local c2s_srv_required, s2s_srv_required, c2s_tls_srv_required, s2s_tls_srv_required;
316 if not c2s_ports:contains(5222) then 317 if not c2s_ports:contains(5222) then
317 c2s_srv_required = true; 318 c2s_srv_required = true;
318 end 319 end
319 if not s2s_ports:contains(5269) then 320 if not s2s_ports:contains(5269) then
320 s2s_srv_required = true; 321 s2s_srv_required = true;
321 end 322 end
322 if not c2s_tls_ports:empty() then 323 if not c2s_tls_ports:empty() then
323 c2s_tls_srv_required = true; 324 c2s_tls_srv_required = true;
325 end
326 if not s2s_tls_ports:empty() then
327 s2s_tls_srv_required = true;
324 end 328 end
325 329
326 local problem_hosts = set.new(); 330 local problem_hosts = set.new();
327 331
328 local external_addresses, internal_addresses = set.new(), set.new(); 332 local external_addresses, internal_addresses = set.new(), set.new();
445 print(" No _xmpp-server SRV record found for "..host..", but it looks like you need one."); 449 print(" No _xmpp-server SRV record found for "..host..", but it looks like you need one.");
446 all_targets_ok = false; 450 all_targets_ok = false;
447 else 451 else
448 target_hosts:add(host); 452 target_hosts:add(host);
449 end 453 end
454 end
455 end
456 if modules:contains("s2s") and s2s_tls_srv_required then
457 local res = dns.lookup("_xmpps-server._tcp."..idna.to_ascii(host)..".", "SRV");
458 if res and #res > 0 then
459 for _, record in ipairs(res) do
460 if record.srv.target == "." then -- TODO is this an error if mod_s2s is enabled?
461 print(" 'xmpps-server' service disabled by pointing to '.'"); -- FIXME Explain better what this is
462 break;
463 end
464 local target = trim_dns_name(record.srv.target);
465 target_hosts:add(target);
466 if not s2s_tls_ports:contains(record.srv.port) then
467 print(" SRV target "..target.." contains unknown Direct TLS server port: "..record.srv.port);
468 end
469 end
470 else
471 print(" No _xmpps-server SRV record found for "..host..", but it looks like you need one.");
472 all_targets_ok = false;
450 end 473 end
451 end 474 end
452 if target_hosts:empty() then 475 if target_hosts:empty() then
453 target_hosts:add(host); 476 target_hosts:add(host);
454 end 477 end