prosody
7a8899d314d7
prosodyctl

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

prosodyctl @ 6163:7a8899d314d7

Merge 0.10->trunk
author Kim Alvefur <zash@zash.se>
date Tue, 06 May 2014 00:37:08 +0200
parent 6162:fbc3b195dab8
child 6326:a3b9496673ee
comparison
equal deleted inserted replaced
6157:44de98f516f5 6163:7a8899d314d7
795 end 795 end
796 local what = table.remove(arg, 1); 796 local what = table.remove(arg, 1);
797 local array, set = require "util.array", require "util.set"; 797 local array, set = require "util.array", require "util.set";
798 local it = require "util.iterators"; 798 local it = require "util.iterators";
799 local ok = true; 799 local ok = true;
800 local function disabled_hosts(host, conf) return host ~= "*" and conf.enabled ~= false; end
801 local function enabled_hosts() return it.filter(disabled_hosts, pairs(config.getconfig())); end
802 if not what or what == "disabled" then
803 local disabled_hosts = set.new();
804 for host, host_options in it.filter("*", pairs(config.getconfig())) do
805 if host_options.enabled == false then
806 disabled_hosts:add(host);
807 end
808 end
809 if not disabled_hosts:empty() then
810 local msg = "Checks will be skipped for these disabled hosts: %s";
811 if what then msg = "These hosts are disabled: %s"; end
812 show_warning(msg, tostring(disabled_hosts));
813 if what then return 0; end
814 print""
815 end
816 end
800 if not what or what == "config" then 817 if not what or what == "config" then
801 print("Checking config..."); 818 print("Checking config...");
819 local deprecated = set.new({
820 "bosh_ports", "disallow_s2s", "no_daemonize", "anonymous_login",
821 });
802 local known_global_options = set.new({ 822 local known_global_options = set.new({
803 "pidfile", "log", "plugin_paths", "prosody_user", "prosody_group", "daemonize", 823 "pidfile", "log", "plugin_paths", "prosody_user", "prosody_group", "daemonize",
804 "umask", "prosodyctl_timeout", "use_ipv6", "use_libevent", "network_settings" 824 "umask", "prosodyctl_timeout", "use_ipv6", "use_libevent", "network_settings"
805 }); 825 });
806 local config = config.getconfig(); 826 local config = config.getconfig();
809 ok = false; 829 ok = false;
810 print(""); 830 print("");
811 print(" No global options defined. Perhaps you have put a host definition at the top") 831 print(" No global options defined. Perhaps you have put a host definition at the top")
812 print(" of the config file? They should be at the bottom, see http://prosody.im/doc/configure#overview"); 832 print(" of the config file? They should be at the bottom, see http://prosody.im/doc/configure#overview");
813 end 833 end
834 if it.count(enabled_hosts()) == 0 then
835 ok = false;
836 print("");
837 if it.count(it.filter("*", pairs(config))) == 0 then
838 print(" No hosts are defined, please add at least one VirtualHost section")
839 elseif config["*"]["enabled"] == false then
840 print(" No hosts are enabled. Remove enabled = false from the global section or put enabled = true under at least one VirtualHost section")
841 else
842 print(" All hosts are disabled. Remove enabled = false from at least one VirtualHost section")
843 end
844 end
814 -- Check for global options under hosts 845 -- Check for global options under hosts
815 local global_options = set.new(it.to_array(it.keys(config["*"]))); 846 local global_options = set.new(it.to_array(it.keys(config["*"])));
816 for host, options in it.filter("*", pairs(config)) do 847 local deprecated_global_options = set.intersection(global_options, deprecated);
848 if not deprecated_global_options:empty() then
849 print("");
850 print(" You have some deprecated options in the global section:");
851 print(" "..tostring(deprecated_global_options))
852 ok = false;
853 end
854 for host, options in enabled_hosts() do
817 local host_options = set.new(it.to_array(it.keys(options))); 855 local host_options = set.new(it.to_array(it.keys(options)));
818 local misplaced_options = set.intersection(host_options, known_global_options); 856 local misplaced_options = set.intersection(host_options, known_global_options);
819 for name in pairs(options) do 857 for name in pairs(options) do
820 if name:match("^interfaces?") 858 if name:match("^interfaces?")
821 or name:match("_ports?$") or name:match("_interfaces?$") 859 or name:match("_ports?$") or name:match("_interfaces?$")
896 c2s_srv_required, s2s_srv_required = true, true; 934 c2s_srv_required, s2s_srv_required = true, true;
897 end 935 end
898 936
899 local v6_supported = not not socket.tcp6; 937 local v6_supported = not not socket.tcp6;
900 938
901 for host, host_options in it.filter("*", pairs(config.getconfig())) do 939 for host, host_options in enabled_hosts() do
902 local all_targets_ok, some_targets_ok = true, false; 940 local all_targets_ok, some_targets_ok = true, false;
903 941
904 local is_component = not not host_options.component_module; 942 local is_component = not not host_options.component_module;
905 print("Checking DNS for "..(is_component and "component" or "host").." "..host.."..."); 943 print("Checking DNS for "..(is_component and "component" or "host").." "..host.."...");
906 local target_hosts = set.new(); 944 local target_hosts = set.new();
1045 if what == "certs" then cert_ok = false end 1083 if what == "certs" then cert_ok = false end
1046 elseif not load_cert then 1084 elseif not load_cert then
1047 print("This version of LuaSec (" .. ssl._VERSION .. ") does not support certificate checking"); 1085 print("This version of LuaSec (" .. ssl._VERSION .. ") does not support certificate checking");
1048 cert_ok = false 1086 cert_ok = false
1049 else 1087 else
1050 for host in pairs(hosts) do 1088 for host in enabled_hosts() do
1051 if host ~= "*" then -- Should check global certs too. 1089 print("Checking certificate for "..host);
1052 print("Checking certificate for "..host); 1090 -- First, let's find out what certificate this host uses.
1053 -- First, let's find out what certificate this host uses. 1091 local ssl_config = config.rawget(host, "ssl");
1054 local ssl_config = config.rawget(host, "ssl"); 1092 if not ssl_config then
1055 if not ssl_config then 1093 local base_host = host:match("%.(.*)");
1056 local base_host = host:match("%.(.*)"); 1094 ssl_config = config.get(base_host, "ssl");
1057 ssl_config = config.get(base_host, "ssl"); 1095 end
1058 end 1096 if not ssl_config then
1059 if not ssl_config then 1097 print(" No 'ssl' option defined for "..host)
1060 print(" No 'ssl' option defined for "..host) 1098 cert_ok = false
1061 cert_ok = false 1099 elseif not ssl_config.certificate then
1062 elseif not ssl_config.certificate then 1100 print(" No 'certificate' set in ssl option for "..host)
1063 print(" No 'certificate' set in ssl option for "..host) 1101 cert_ok = false
1064 cert_ok = false 1102 elseif not ssl_config.key then
1065 elseif not ssl_config.key then 1103 print(" No 'key' set in ssl option for "..host)
1066 print(" No 'key' set in ssl option for "..host) 1104 cert_ok = false
1105 else
1106 local key, err = io.open(ssl_config.key); -- Permissions check only
1107 if not key then
1108 print(" Could not open "..ssl_config.key..": "..err);
1067 cert_ok = false 1109 cert_ok = false
1068 else 1110 else
1069 local key, err = io.open(ssl_config.key); -- Permissions check only 1111 key:close();
1070 if not key then 1112 end
1071 print(" Could not open "..ssl_config.key..": "..err); 1113 local cert_fh, err = io.open(ssl_config.certificate); -- Load the file.
1114 if not cert_fh then
1115 print(" Could not open "..ssl_config.certificate..": "..err);
1116 cert_ok = false
1117 else
1118 print(" Certificate: "..ssl_config.certificate)
1119 local cert = load_cert(cert_fh:read"*a"); cert_fh = cert_fh:close();
1120 if not cert:validat(os.time()) then
1121 print(" Certificate has expired.")
1072 cert_ok = false 1122 cert_ok = false
1073 else
1074 key:close();
1075 end 1123 end
1076 local cert_fh, err = io.open(ssl_config.certificate); -- Load the file. 1124 if config.get(host, "component_module") == nil
1077 if not cert_fh then 1125 and not x509_verify_identity(host, "_xmpp-client", cert) then
1078 print(" Could not open "..ssl_config.certificate..": "..err); 1126 print(" Not vaild for client connections to "..host..".")
1079 cert_ok = false 1127 cert_ok = false
1080 else 1128 end
1081 print(" Certificate: "..ssl_config.certificate) 1129 if (not (config.get(host, "anonymous_login")
1082 local cert = load_cert(cert_fh:read"*a"); cert_fh = cert_fh:close(); 1130 or config.get(host, "authentication") == "anonymous"))
1083 if not cert:validat(os.time()) then
1084 print(" Certificate has expired.")
1085 cert_ok = false
1086 end
1087 if config.get(host, "component_module") == nil
1088 and not x509_verify_identity(host, "_xmpp-client", cert) then 1131 and not x509_verify_identity(host, "_xmpp-client", cert) then
1089 print(" Not vaild for client connections to "..host..".") 1132 print(" Not vaild for server-to-server connections to "..host..".")
1090 cert_ok = false 1133 cert_ok = false
1091 end
1092 if (not (config.get(name, "anonymous_login")
1093 or config.get(name, "authentication") == "anonymous"))
1094 and not x509_verify_identity(host, "_xmpp-client", cert) then
1095 print(" Not vaild for server-to-server connections to "..host..".")
1096 cert_ok = false
1097 end
1098 end 1134 end
1099 end 1135 end
1100 end 1136 end
1101 end 1137 end
1102 if cert_ok == false then 1138 if cert_ok == false then