prosody
b7a6e86ab87d
prosodyctl

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

prosodyctl @ 4833:b7a6e86ab87d

Merge with Zash
author Matthew Wild <mwild1@gmail.com>
date Thu, 10 May 2012 23:10:56 +0100
parent 4827:fefbfd76d2d3
child 4872:b2059452fb55
comparison
equal deleted inserted replaced
4822:5ef05f32bc42 4833:b7a6e86ab87d
203 local error_messages = setmetatable({ 203 local error_messages = setmetatable({
204 ["invalid-username"] = "The given username is invalid in a Jabber ID"; 204 ["invalid-username"] = "The given username is invalid in a Jabber ID";
205 ["invalid-hostname"] = "The given hostname is invalid"; 205 ["invalid-hostname"] = "The given hostname is invalid";
206 ["no-password"] = "No password was supplied"; 206 ["no-password"] = "No password was supplied";
207 ["no-such-user"] = "The given user does not exist on the server"; 207 ["no-such-user"] = "The given user does not exist on the server";
208 ["no-such-host"] = "The given hostname does not exist in the config";
208 ["unable-to-save-data"] = "Unable to store, perhaps you don't have permission?"; 209 ["unable-to-save-data"] = "Unable to store, perhaps you don't have permission?";
209 ["no-pidfile"] = "There is no 'pidfile' option in the configuration file, see http://prosody.im/doc/prosodyctl#pidfile for help"; 210 ["no-pidfile"] = "There is no 'pidfile' option in the configuration file, see http://prosody.im/doc/prosodyctl#pidfile for help";
210 ["no-posix"] = "The mod_posix module is not enabled in the Prosody config file, see http://prosody.im/doc/prosodyctl for more info"; 211 ["no-posix"] = "The mod_posix module is not enabled in the Prosody config file, see http://prosody.im/doc/prosodyctl for more info";
211 ["no-such-method"] = "This module has no commands"; 212 ["no-such-method"] = "This module has no commands";
212 ["not-running"] = "Prosody is not running"; 213 ["not-running"] = "Prosody is not running";
611 612
612 show_message(error_messages[msg]) 613 show_message(error_messages[msg])
613 return 1; 614 return 1;
614 end 615 end
615 616
616 local x509 = require "util.x509"; 617 local openssl = require "util.openssl";
617 local genx509san = x509.genx509san; 618 local lfs = require "lfs";
618 local opensslbaseconf = x509.baseconf;
619 local seralizeopensslbaseconf = x509.serialize_conf;
620 619
621 local cert_commands = {}; 620 local cert_commands = {};
622 621
623 -- TODO Should this be moved to util.prosodyctl or x509? 622 local function ask_overwrite(filename)
623 return lfs.attributes(filename) and not show_yesno("Overwrite "..filename .. "?");
624 end
625
624 function cert_commands.config(arg) 626 function cert_commands.config(arg)
625 if #arg >= 1 and arg[1] ~= "--help" then 627 if #arg >= 1 and arg[1] ~= "--help" then
626 local conf_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".cnf"; 628 local conf_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".cnf";
627 if os.execute("test -f "..conf_filename) == 0 629 if ask_overwrite(conf_filename) then
628 and not show_yesno("Overwrite "..conf_filename .. "?") then
629 return nil, conf_filename; 630 return nil, conf_filename;
630 end 631 end
631 local conf = opensslbaseconf(); 632 local conf = openssl.config.new();
632 conf.subject_alternative_name = genx509san(hosts, config, arg, true) 633 conf:from_prosody(hosts, config, arg);
633 for k, v in pairs(conf.distinguished_name) do 634 for k, v in pairs(conf.distinguished_name) do
634 local nv; 635 local nv;
635 if k == "commonName" then 636 if k == "commonName" then
636 v = arg[1] 637 v = arg[1]
637 elseif k == "emailAddress" then 638 elseif k == "emailAddress" then
640 nv = show_prompt(("%s (%s):"):format(k, nv or v)); 641 nv = show_prompt(("%s (%s):"):format(k, nv or v));
641 nv = (not nv or nv == "") and v or nv; 642 nv = (not nv or nv == "") and v or nv;
642 conf.distinguished_name[k] = nv ~= "." and nv or nil; 643 conf.distinguished_name[k] = nv ~= "." and nv or nil;
643 end 644 end
644 local conf_file = io.open(conf_filename, "w"); 645 local conf_file = io.open(conf_filename, "w");
645 conf_file:write(seralizeopensslbaseconf(conf)); 646 conf_file:write(conf:serialize());
646 conf_file:close(); 647 conf_file:close();
647 print(""); 648 print("");
648 show_message("Config written to " .. conf_filename); 649 show_message("Config written to " .. conf_filename);
649 return nil, conf_filename; 650 return nil, conf_filename;
650 else 651 else
651 show_usage("cert config HOSTNAME", "generates config for OpenSSL") 652 show_usage("cert config HOSTNAME", "builds a config for OpenSSL")
652 end 653 end
653 end 654 end
654 655
655 function cert_commands.key(arg) 656 function cert_commands.key(arg)
656 if #arg >= 1 and arg[1] ~= "--help" then 657 if #arg >= 1 and arg[1] ~= "--help" then
657 local key_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".key"; 658 local key_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".key";
658 if os.execute("test -f "..key_filename) == 0 659 if ask_overwrite(key_filename) then
659 and not show_yesno("Overwrite "..key_filename .. "?") then
660 return nil, key_filename; 660 return nil, key_filename;
661 end 661 end
662 os.remove(key_filename); -- We chmod this file to not have write permissions
662 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048); 663 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048);
663 os.execute(("openssl genrsa -out %s %d"):format(key_filename, tonumber(key_size))); 664 if openssl.genrsa{out=key_filename, key_size} then
664 os.execute(("chmod 400 %s"):format(key_filename)); 665 os.execute(("chmod 400 '%s'"):format(key_filename));
665 show_message("Key written to ".. key_filename); 666 show_message("Key written to ".. key_filename);
666 return nil, key_filename; 667 return nil, key_filename;
668 end
669 show_message("There was a problem, see OpenSSL output");
667 else 670 else
668 show_usage("cert key HOSTNAME <bits>", "Generates a RSA key") 671 show_usage("cert key HOSTNAME <bits>", "Generates a RSA key")
669 end 672 end
670 end 673 end
671 674
672 function cert_commands.request(arg) 675 function cert_commands.request(arg)
673 if #arg >= 1 and arg[1] ~= "--help" then 676 if #arg >= 1 and arg[1] ~= "--help" then
674 local req_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".req"; 677 local req_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".req";
675 if os.execute("test -f "..req_filename) == 0 678 if ask_overwrite(req_filename) then
676 and not show_yesno("Overwrite "..req_filename .. "?") then
677 return nil, req_filename; 679 return nil, req_filename;
678 end 680 end
679 local _, key_filename = cert_commands.key({arg[1]}); 681 local _, key_filename = cert_commands.key({arg[1]});
680 local _, conf_filename = cert_commands.config({arg[1]}); 682 local _, conf_filename = cert_commands.config({arg[1]});
681 os.execute(("openssl req -new -key %s -utf8 -config %s -out %s") 683 if openssl.req{new=true, key=key_filename, utf8=true, config=conf_filename, out=req_filename} then
682 :format(key_filename, conf_filename, req_filename)); 684 show_message("Certificate request written to ".. req_filename);
683 show_message("Certificate request written to ".. req_filename); 685 else
686 show_message("There was a problem, see OpenSSL output");
687 end
684 else 688 else
685 show_usage("cert request HOSTNAME", "Generates a certificate request") 689 show_usage("cert request HOSTNAME", "Generates a certificate request")
686 end 690 end
687 end 691 end
688 692
689 function cert_commands.generate(arg) 693 function cert_commands.generate(arg)
690 if #arg >= 1 and arg[1] ~= "--help" then 694 if #arg >= 1 and arg[1] ~= "--help" then
691 local cert_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".cert"; 695 local cert_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".cert";
692 if os.execute("test -f "..cert_filename) == 0 696 if ask_overwrite(cert_filename) then
693 and not show_yesno("Overwrite "..cert_filename .. "?") then 697 return nil, conf_filename;
694 return nil, cert_filename;
695 end 698 end
696 local _, key_filename = cert_commands.key({arg[1]}); 699 local _, key_filename = cert_commands.key({arg[1]});
697 local _, conf_filename = cert_commands.config({arg[1]}); 700 local _, conf_filename = cert_commands.config({arg[1]});
698 os.execute(("openssl req -new -x509 -nodes -key %s -days 365 -sha1 -utf8 -config %s -out %s") 701 local ret;
699 :format(key_filename, conf_filename, cert_filename)); 702 if key_filename and conf_filename and cert_filename
700 show_message("Certificate written to ".. cert_filename); 703 and openssl.req{new=true, x509=true, nodes=true, key=key_filename,
704 days=365, sha1=true, utf8=true, config=conf_filename, out=cert_filename} then
705 show_message("Certificate written to ".. cert_filename);
706 else
707 show_message("There was a problem, see OpenSSL output");
708 end
701 else 709 else
702 show_usage("cert generate HOSTNAME", "Generates a self-signed certificate") 710 show_usage("cert generate HOSTNAME", "Generates a self-signed certificate")
703 end 711 end
704 end 712 end
705 713
706 function commands.cert(arg) 714 function commands.cert(arg)
707 if #arg >= 1 and arg[1] ~= "--help" then 715 if #arg >= 1 and arg[1] ~= "--help" then
708 local subcmd = table.remove(arg, 1); 716 local subcmd = table.remove(arg, 1);
709 if type(cert_commands[subcmd]) == "function" then 717 if type(cert_commands[subcmd]) == "function" then
718 if not hosts[arg[1]] then
719 show_message(error_messages["no-such-host"]);
720 return
721 end
710 return cert_commands[subcmd](arg); 722 return cert_commands[subcmd](arg);
711 end 723 end
712 end 724 end
713 show_usage("cert config|request|generate|key", "Helpers for X.509 certificates.") 725 show_usage("cert config|request|generate|key", "Helpers for X.509 certificates.")
714 end 726 end