Comparison

prosodyctl @ 8100:1773559b03a8

prosodyctl cert: If running as root, write certificate files to config directory (fixes #530)
author Kim Alvefur <zash@zash.se>
date Wed, 19 Apr 2017 20:39:47 +0200
parent 8099:04eaaeb89a05
child 8101:3e25d96571d1
child 8102:927b9c5cc17a
comparison
equal deleted inserted replaced
8099:04eaaeb89a05 8100:1773559b03a8
695 return true; 695 return true;
696 end 696 end
697 end 697 end
698 end 698 end
699 699
700 local cert_basedir = CFG_DATADIR or "./certs";
701 if have_pposix and pposix.getuid() == 0 then
702 -- FIXME should be enough to check if this directory is writable
703 local cert_dir = config.get("*", "certificates") or "certs";
704 cert_basedir = config.resolve_relative_path(config.paths.certs, cert_dir);
705 end
706
700 function cert_commands.config(arg) 707 function cert_commands.config(arg)
701 if #arg >= 1 and arg[1] ~= "--help" then 708 if #arg >= 1 and arg[1] ~= "--help" then
702 local conf_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".cnf"; 709 local conf_filename = cert_basedir .. "/" .. arg[1] .. ".cnf";
703 if use_existing(conf_filename) then 710 if use_existing(conf_filename) then
704 return nil, conf_filename; 711 return nil, conf_filename;
705 end 712 end
706 local distinguished_name; 713 local distinguished_name;
707 if arg[#arg]:find("^/") then 714 if arg[#arg]:find("^/") then
758 end 765 end
759 end 766 end
760 767
761 function cert_commands.key(arg) 768 function cert_commands.key(arg)
762 if #arg >= 1 and arg[1] ~= "--help" then 769 if #arg >= 1 and arg[1] ~= "--help" then
763 local key_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".key"; 770 local key_filename = cert_basedir .. "/" .. arg[1] .. ".key";
764 if use_existing(key_filename) then 771 if use_existing(key_filename) then
765 return nil, key_filename; 772 return nil, key_filename;
766 end 773 end
767 os.remove(key_filename); -- This file, if it exists is unlikely to have write permissions 774 os.remove(key_filename); -- This file, if it exists is unlikely to have write permissions
768 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048); 775 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048);
780 end 787 end
781 end 788 end
782 789
783 function cert_commands.request(arg) 790 function cert_commands.request(arg)
784 if #arg >= 1 and arg[1] ~= "--help" then 791 if #arg >= 1 and arg[1] ~= "--help" then
785 local req_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".req"; 792 local req_filename = cert_basedir .. "/" .. arg[1] .. ".req";
786 if use_existing(req_filename) then 793 if use_existing(req_filename) then
787 return nil, req_filename; 794 return nil, req_filename;
788 end 795 end
789 local _, key_filename = cert_commands.key({arg[1]}); 796 local _, key_filename = cert_commands.key({arg[1]});
790 local _, conf_filename = cert_commands.config(arg); 797 local _, conf_filename = cert_commands.config(arg);
798 end 805 end
799 end 806 end
800 807
801 function cert_commands.generate(arg) 808 function cert_commands.generate(arg)
802 if #arg >= 1 and arg[1] ~= "--help" then 809 if #arg >= 1 and arg[1] ~= "--help" then
803 local cert_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".crt"; 810 local cert_filename = cert_basedir .. "/" .. arg[1] .. ".crt";
804 if use_existing(cert_filename) then 811 if use_existing(cert_filename) then
805 return nil, cert_filename; 812 return nil, cert_filename;
806 end 813 end
807 local _, key_filename = cert_commands.key({arg[1]}); 814 local _, key_filename = cert_commands.key({arg[1]});
808 local _, conf_filename = cert_commands.config(arg); 815 local _, conf_filename = cert_commands.config(arg);