prosody
3e25d96571d1
prosodyctl
Software / code / prosody
Comparison
prosodyctl @ 8101:3e25d96571d1
Merge 0.10->trunk
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 20 Apr 2017 00:41:49 +0200 |
| parent | 8068:5abb6bc45edd |
| parent | 8100:1773559b03a8 |
| child | 8103:a0b498ec0b22 |
comparison
equal
deleted
inserted
replaced
| 8091:acecf1413233 | 8101:3e25d96571d1 |
|---|---|
| 134 | 134 |
| 135 -- Switch away from root and into the prosody user -- | 135 -- Switch away from root and into the prosody user -- |
| 136 local switched_user, current_uid; | 136 local switched_user, current_uid; |
| 137 | 137 |
| 138 local want_pposix_version = "0.4.0"; | 138 local want_pposix_version = "0.4.0"; |
| 139 local ok, pposix = pcall(require, "util.pposix"); | 139 local have_pposix, pposix = pcall(require, "util.pposix"); |
| 140 | 140 |
| 141 if ok and pposix then | 141 if have_pposix and pposix then |
| 142 if pposix._VERSION ~= want_pposix_version then print(string.format("Unknown version (%s) of binary pposix module, expected %s", tostring(pposix._VERSION), want_pposix_version)); return; end | 142 if pposix._VERSION ~= want_pposix_version then print(string.format("Unknown version (%s) of binary pposix module, expected %s", tostring(pposix._VERSION), want_pposix_version)); return; end |
| 143 current_uid = pposix.getuid(); | 143 current_uid = pposix.getuid(); |
| 144 if current_uid == 0 then | 144 local arg_root = arg[1] == "--root"; |
| 145 if arg_root then table.remove(arg, 1); end | |
| 146 if current_uid == 0 and config.get("*", "run_as_root") ~= true and not arg_root then | |
| 145 -- We haz root! | 147 -- We haz root! |
| 146 local desired_user = config.get("*", "prosody_user") or "prosody"; | 148 local desired_user = config.get("*", "prosody_user") or "prosody"; |
| 147 local desired_group = config.get("*", "prosody_group") or desired_user; | 149 local desired_group = config.get("*", "prosody_group") or desired_user; |
| 148 local ok, err = pposix.setgid(desired_group); | 150 local ok, err = pposix.setgid(desired_group); |
| 149 if ok then | 151 if ok then |
| 693 return true; | 695 return true; |
| 694 end | 696 end |
| 695 end | 697 end |
| 696 end | 698 end |
| 697 | 699 |
| 700 local cert_basedir = CFG_DATADIR or "./certs"; | |
| 701 if have_pposix and pposix.getuid() == 0 then | |
| 702 -- FIXME should be enough to check if this directory is writable | |
| 703 local cert_dir = config.get("*", "certificates") or "certs"; | |
| 704 cert_basedir = config.resolve_relative_path(config.paths.certs, cert_dir); | |
| 705 end | |
| 706 | |
| 698 function cert_commands.config(arg) | 707 function cert_commands.config(arg) |
| 699 if #arg >= 1 and arg[1] ~= "--help" then | 708 if #arg >= 1 and arg[1] ~= "--help" then |
| 700 local conf_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".cnf"; | 709 local conf_filename = cert_basedir .. "/" .. arg[1] .. ".cnf"; |
| 701 if use_existing(conf_filename) then | 710 if use_existing(conf_filename) then |
| 702 return nil, conf_filename; | 711 return nil, conf_filename; |
| 703 end | 712 end |
| 704 local distinguished_name; | 713 local distinguished_name; |
| 705 if arg[#arg]:find("^/") then | 714 if arg[#arg]:find("^/") then |
| 756 end | 765 end |
| 757 end | 766 end |
| 758 | 767 |
| 759 function cert_commands.key(arg) | 768 function cert_commands.key(arg) |
| 760 if #arg >= 1 and arg[1] ~= "--help" then | 769 if #arg >= 1 and arg[1] ~= "--help" then |
| 761 local key_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".key"; | 770 local key_filename = cert_basedir .. "/" .. arg[1] .. ".key"; |
| 762 if use_existing(key_filename) then | 771 if use_existing(key_filename) then |
| 763 return nil, key_filename; | 772 return nil, key_filename; |
| 764 end | 773 end |
| 765 os.remove(key_filename); -- This file, if it exists is unlikely to have write permissions | 774 os.remove(key_filename); -- This file, if it exists is unlikely to have write permissions |
| 766 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048); | 775 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048); |
| 778 end | 787 end |
| 779 end | 788 end |
| 780 | 789 |
| 781 function cert_commands.request(arg) | 790 function cert_commands.request(arg) |
| 782 if #arg >= 1 and arg[1] ~= "--help" then | 791 if #arg >= 1 and arg[1] ~= "--help" then |
| 783 local req_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".req"; | 792 local req_filename = cert_basedir .. "/" .. arg[1] .. ".req"; |
| 784 if use_existing(req_filename) then | 793 if use_existing(req_filename) then |
| 785 return nil, req_filename; | 794 return nil, req_filename; |
| 786 end | 795 end |
| 787 local _, key_filename = cert_commands.key({arg[1]}); | 796 local _, key_filename = cert_commands.key({arg[1]}); |
| 788 local _, conf_filename = cert_commands.config(arg); | 797 local _, conf_filename = cert_commands.config(arg); |
| 796 end | 805 end |
| 797 end | 806 end |
| 798 | 807 |
| 799 function cert_commands.generate(arg) | 808 function cert_commands.generate(arg) |
| 800 if #arg >= 1 and arg[1] ~= "--help" then | 809 if #arg >= 1 and arg[1] ~= "--help" then |
| 801 local cert_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".crt"; | 810 local cert_filename = cert_basedir .. "/" .. arg[1] .. ".crt"; |
| 802 if use_existing(cert_filename) then | 811 if use_existing(cert_filename) then |
| 803 return nil, cert_filename; | 812 return nil, cert_filename; |
| 804 end | 813 end |
| 805 local _, key_filename = cert_commands.key({arg[1]}); | 814 local _, key_filename = cert_commands.key({arg[1]}); |
| 806 local _, conf_filename = cert_commands.config(arg); | 815 local _, conf_filename = cert_commands.config(arg); |
