Software /
code /
prosody
Comparison
prosodyctl @ 8100:1773559b03a8
prosodyctl cert: If running as root, write certificate files to config directory (fixes #530)
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 19 Apr 2017 20:39:47 +0200 |
parent | 8099:04eaaeb89a05 |
child | 8101:3e25d96571d1 |
child | 8102:927b9c5cc17a |
comparison
equal
deleted
inserted
replaced
8099:04eaaeb89a05 | 8100:1773559b03a8 |
---|---|
695 return true; | 695 return true; |
696 end | 696 end |
697 end | 697 end |
698 end | 698 end |
699 | 699 |
700 local cert_basedir = CFG_DATADIR or "./certs"; | |
701 if have_pposix and pposix.getuid() == 0 then | |
702 -- FIXME should be enough to check if this directory is writable | |
703 local cert_dir = config.get("*", "certificates") or "certs"; | |
704 cert_basedir = config.resolve_relative_path(config.paths.certs, cert_dir); | |
705 end | |
706 | |
700 function cert_commands.config(arg) | 707 function cert_commands.config(arg) |
701 if #arg >= 1 and arg[1] ~= "--help" then | 708 if #arg >= 1 and arg[1] ~= "--help" then |
702 local conf_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".cnf"; | 709 local conf_filename = cert_basedir .. "/" .. arg[1] .. ".cnf"; |
703 if use_existing(conf_filename) then | 710 if use_existing(conf_filename) then |
704 return nil, conf_filename; | 711 return nil, conf_filename; |
705 end | 712 end |
706 local distinguished_name; | 713 local distinguished_name; |
707 if arg[#arg]:find("^/") then | 714 if arg[#arg]:find("^/") then |
758 end | 765 end |
759 end | 766 end |
760 | 767 |
761 function cert_commands.key(arg) | 768 function cert_commands.key(arg) |
762 if #arg >= 1 and arg[1] ~= "--help" then | 769 if #arg >= 1 and arg[1] ~= "--help" then |
763 local key_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".key"; | 770 local key_filename = cert_basedir .. "/" .. arg[1] .. ".key"; |
764 if use_existing(key_filename) then | 771 if use_existing(key_filename) then |
765 return nil, key_filename; | 772 return nil, key_filename; |
766 end | 773 end |
767 os.remove(key_filename); -- This file, if it exists is unlikely to have write permissions | 774 os.remove(key_filename); -- This file, if it exists is unlikely to have write permissions |
768 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048); | 775 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048); |
780 end | 787 end |
781 end | 788 end |
782 | 789 |
783 function cert_commands.request(arg) | 790 function cert_commands.request(arg) |
784 if #arg >= 1 and arg[1] ~= "--help" then | 791 if #arg >= 1 and arg[1] ~= "--help" then |
785 local req_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".req"; | 792 local req_filename = cert_basedir .. "/" .. arg[1] .. ".req"; |
786 if use_existing(req_filename) then | 793 if use_existing(req_filename) then |
787 return nil, req_filename; | 794 return nil, req_filename; |
788 end | 795 end |
789 local _, key_filename = cert_commands.key({arg[1]}); | 796 local _, key_filename = cert_commands.key({arg[1]}); |
790 local _, conf_filename = cert_commands.config(arg); | 797 local _, conf_filename = cert_commands.config(arg); |
798 end | 805 end |
799 end | 806 end |
800 | 807 |
801 function cert_commands.generate(arg) | 808 function cert_commands.generate(arg) |
802 if #arg >= 1 and arg[1] ~= "--help" then | 809 if #arg >= 1 and arg[1] ~= "--help" then |
803 local cert_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".crt"; | 810 local cert_filename = cert_basedir .. "/" .. arg[1] .. ".crt"; |
804 if use_existing(cert_filename) then | 811 if use_existing(cert_filename) then |
805 return nil, cert_filename; | 812 return nil, cert_filename; |
806 end | 813 end |
807 local _, key_filename = cert_commands.key({arg[1]}); | 814 local _, key_filename = cert_commands.key({arg[1]}); |
808 local _, conf_filename = cert_commands.config(arg); | 815 local _, conf_filename = cert_commands.config(arg); |