prosody
12eaa2fdd75b
util/prosodyctl/cert.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

util/prosodyctl/cert.lua @ 12199:12eaa2fdd75b

util.prosodyctl.cert: Pass variables via formatting instead of concatenation Prevents potential weirdness in case there's any %s or such in a host, file or directory name, since show_warning() is printf().
author Kim Alvefur <zash@zash.se>
date Wed, 19 Jan 2022 10:26:43 +0100
parent 12169:866d06644956
child 12200:2bb4ee5f42be
comparison
equal deleted inserted replaced
12198:341bc2081bb7 12199:12eaa2fdd75b
78 end 78 end
79 end 79 end
80 local conf_file, err = io.open(conf_filename, "w"); 80 local conf_file, err = io.open(conf_filename, "w");
81 if not conf_file then 81 if not conf_file then
82 pctl.show_warning("Could not open OpenSSL config file for writing"); 82 pctl.show_warning("Could not open OpenSSL config file for writing");
83 pctl.show_warning(err); 83 pctl.show_warning("%s", err);
84 os.exit(1); 84 os.exit(1);
85 end 85 end
86 conf_file:write(conf:serialize()); 86 conf_file:write(conf:serialize());
87 conf_file:close(); 87 conf_file:close();
88 print(""); 88 print("");
231 copy(paths.key, cert_basedir .. "/" .. host .. ".key", "0377", owner, group); 231 copy(paths.key, cert_basedir .. "/" .. host .. ".key", "0377", owner, group);
232 table.insert(imported, host); 232 table.insert(imported, host);
233 imported[paths.certificate] = true; 233 imported[paths.certificate] = true;
234 else 234 else
235 -- TODO Say where we looked 235 -- TODO Say where we looked
236 pctl.show_warning("No certificate for host "..host.." found :("); 236 pctl.show_warning("No certificate for host %s found :(", host);
237 end 237 end
238 -- TODO Additional checks 238 -- TODO Additional checks
239 -- Certificate names matches the hostname 239 -- Certificate names matches the hostname
240 -- Private key matches public key in certificate 240 -- Private key matches public key in certificate
241 end 241 end
255 if #arg >= 1 and arg[1] ~= "--help" then 255 if #arg >= 1 and arg[1] ~= "--help" then
256 openssl = require "util.openssl"; 256 openssl = require "util.openssl";
257 lfs = require "lfs"; 257 lfs = require "lfs";
258 local cert_dir_attrs = lfs.attributes(cert_basedir); 258 local cert_dir_attrs = lfs.attributes(cert_basedir);
259 if not cert_dir_attrs then 259 if not cert_dir_attrs then
260 pctl.show_warning("The directory "..cert_basedir.." does not exist"); 260 pctl.show_warning("The directory %s does not exist", cert_basedir);
261 return 1; -- TODO Should we create it? 261 return 1; -- TODO Should we create it?
262 end 262 end
263 local uid = pposix.getuid(); 263 local uid = pposix.getuid();
264 if uid ~= 0 and uid ~= cert_dir_attrs.uid then 264 if uid ~= 0 and uid ~= cert_dir_attrs.uid then
265 pctl.show_warning("The directory "..cert_basedir.." is not owned by the current user, won't be able to write files to it"); 265 pctl.show_warning("The directory %s is not owned by the current user, won't be able to write files to it", cert_basedir);
266 return 1; 266 return 1;
267 elseif not cert_dir_attrs.permissions then -- COMPAT with LuaFilesystem < 1.6.2 (hey CentOS!) 267 elseif not cert_dir_attrs.permissions then -- COMPAT with LuaFilesystem < 1.6.2 (hey CentOS!)
268 pctl.show_message("Unable to check permissions on %s (LuaFilesystem 1.6.2+ required)", cert_basedir); 268 pctl.show_message("Unable to check permissions on %s (LuaFilesystem 1.6.2+ required)", cert_basedir);
269 pctl.show_message("Please confirm that Prosody (and only Prosody) can write to this directory)"); 269 pctl.show_message("Please confirm that Prosody (and only Prosody) can write to this directory)");
270 elseif cert_dir_attrs.permissions:match("^%.w..%-..%-.$") then 270 elseif cert_dir_attrs.permissions:match("^%.w..%-..%-.$") then
271 pctl.show_warning("The directory "..cert_basedir.." not only writable by its owner"); 271 pctl.show_warning("The directory %s not only writable by its owner", cert_basedir);
272 return 1; 272 return 1;
273 end 273 end
274 local subcmd = table.remove(arg, 1); 274 local subcmd = table.remove(arg, 1);
275 if type(cert_commands[subcmd]) == "function" then 275 if type(cert_commands[subcmd]) == "function" then
276 if subcmd ~= "import" then -- hostnames are optional for import 276 if subcmd ~= "import" then -- hostnames are optional for import