prosody
8e16fd976c57
util/prosodyctl/check.lua
Software / code / prosody
Comparison
util/prosodyctl/check.lua @ 11615:8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 20 Jun 2021 17:11:19 +0200 |
| parent | 11613:c8a9f77d48fd |
| child | 11616:cd4006709493 |
comparison
equal
deleted
inserted
replaced
| 11614:1ac8976f09a9 | 11615:8e16fd976c57 |
|---|---|
| 231 end) | 231 end) |
| 232 local idna = require "util.encodings".idna; | 232 local idna = require "util.encodings".idna; |
| 233 local ip = require "util.ip"; | 233 local ip = require "util.ip"; |
| 234 local c2s_ports = set.new(configmanager.get("*", "c2s_ports") or {5222}); | 234 local c2s_ports = set.new(configmanager.get("*", "c2s_ports") or {5222}); |
| 235 local s2s_ports = set.new(configmanager.get("*", "s2s_ports") or {5269}); | 235 local s2s_ports = set.new(configmanager.get("*", "s2s_ports") or {5269}); |
| 236 | 236 local c2s_tls_ports = set.new(configmanager.get("*", "direct_tls_ports") or {}); |
| 237 local c2s_srv_required, s2s_srv_required; | 237 |
| 238 local c2s_srv_required, s2s_srv_required, c2s_tls_srv_required; | |
| 238 if not c2s_ports:contains(5222) then | 239 if not c2s_ports:contains(5222) then |
| 239 c2s_srv_required = true; | 240 c2s_srv_required = true; |
| 240 end | 241 end |
| 241 if not s2s_ports:contains(5269) then | 242 if not s2s_ports:contains(5269) then |
| 242 s2s_srv_required = true; | 243 s2s_srv_required = true; |
| 244 end | |
| 245 if not c2s_tls_ports:empty() then | |
| 246 c2s_tls_srv_required = true; | |
| 243 end | 247 end |
| 244 | 248 |
| 245 local problem_hosts = set.new(); | 249 local problem_hosts = set.new(); |
| 246 | 250 |
| 247 local external_addresses, internal_addresses = set.new(), set.new(); | 251 local external_addresses, internal_addresses = set.new(), set.new(); |
| 317 print(" No _xmpp-client SRV record found for "..host..", but it looks like you need one."); | 321 print(" No _xmpp-client SRV record found for "..host..", but it looks like you need one."); |
| 318 all_targets_ok = false; | 322 all_targets_ok = false; |
| 319 else | 323 else |
| 320 target_hosts:add(host); | 324 target_hosts:add(host); |
| 321 end | 325 end |
| 326 end | |
| 327 end | |
| 328 if modules:contains("c2s") and c2s_tls_srv_required then | |
| 329 local res = dns.lookup("_xmpps-client._tcp."..idna.to_ascii(host)..".", "SRV"); | |
| 330 if res and #res > 0 then | |
| 331 for _, record in ipairs(res) do | |
| 332 if record.srv.target == "." then -- TODO is this an error if mod_c2s is enabled? | |
| 333 print(" 'xmpps-client' service disabled by pointing to '.'"); -- FIXME Explain better what this is | |
| 334 break; | |
| 335 end | |
| 336 target_hosts:add(record.srv.target); | |
| 337 if not c2s_tls_ports:contains(record.srv.port) then | |
| 338 print(" SRV target "..record.srv.target.." contains unknown Direct TLS client port: "..record.srv.port); | |
| 339 end | |
| 340 end | |
| 341 else | |
| 342 print(" No _xmpps-client SRV record found for "..host..", but it looks like you need one."); | |
| 343 all_targets_ok = false; | |
| 322 end | 344 end |
| 323 end | 345 end |
| 324 if modules:contains("s2s") then | 346 if modules:contains("s2s") then |
| 325 local res = dns.lookup("_xmpp-server._tcp."..idna.to_ascii(host)..".", "SRV"); | 347 local res = dns.lookup("_xmpp-server._tcp."..idna.to_ascii(host)..".", "SRV"); |
| 326 if res and #res > 0 then | 348 if res and #res > 0 then |
