Changeset

6163:7a8899d314d7

Merge 0.10->trunk
author Kim Alvefur <zash@zash.se>
date Tue, 06 May 2014 00:37:08 +0200 (2014-05-05)
parents 6157:44de98f516f5 (current diff) 6162:fbc3b195dab8 (diff)
children 6168:3942630b4e35
files
diffstat 1 files changed, 81 insertions(+), 45 deletions(-) [+]
line wrap: on
line diff
--- a/prosodyctl	Sun Apr 27 01:02:54 2014 +0200
+++ b/prosodyctl	Tue May 06 00:37:08 2014 +0200
@@ -797,8 +797,28 @@
 	local array, set = require "util.array", require "util.set";
 	local it = require "util.iterators";
 	local ok = true;
+	local function disabled_hosts(host, conf) return host ~= "*" and conf.enabled ~= false; end
+	local function enabled_hosts() return it.filter(disabled_hosts, pairs(config.getconfig())); end
+	if not what or what == "disabled" then
+		local disabled_hosts = set.new();
+		for host, host_options in it.filter("*", pairs(config.getconfig())) do
+			if host_options.enabled == false then
+				disabled_hosts:add(host);
+			end
+		end
+		if not disabled_hosts:empty() then
+			local msg = "Checks will be skipped for these disabled hosts: %s";
+			if what then msg = "These hosts are disabled: %s"; end
+			show_warning(msg, tostring(disabled_hosts));
+			if what then return 0; end
+			print""
+		end
+	end
 	if not what or what == "config" then
 		print("Checking config...");
+		local deprecated = set.new({
+			"bosh_ports", "disallow_s2s", "no_daemonize", "anonymous_login",
+		});
 		local known_global_options = set.new({
 			"pidfile", "log", "plugin_paths", "prosody_user", "prosody_group", "daemonize",
 			"umask", "prosodyctl_timeout", "use_ipv6", "use_libevent", "network_settings"
@@ -811,9 +831,27 @@
 			print("    No global options defined. Perhaps you have put a host definition at the top")
 			print("    of the config file? They should be at the bottom, see http://prosody.im/doc/configure#overview");
 		end
+		if it.count(enabled_hosts()) == 0 then
+			ok = false;
+			print("");
+			if it.count(it.filter("*", pairs(config))) == 0 then
+				print("    No hosts are defined, please add at least one VirtualHost section")
+			elseif config["*"]["enabled"] == false then
+				print("    No hosts are enabled. Remove enabled = false from the global section or put enabled = true under at least one VirtualHost section")
+			else
+				print("    All hosts are disabled. Remove enabled = false from at least one VirtualHost section")
+			end
+		end
 		-- Check for global options under hosts
 		local global_options = set.new(it.to_array(it.keys(config["*"])));
-		for host, options in it.filter("*", pairs(config)) do
+		local deprecated_global_options = set.intersection(global_options, deprecated);
+		if not deprecated_global_options:empty() then
+			print("");
+			print("    You have some deprecated options in the global section:");
+			print("    "..tostring(deprecated_global_options))
+			ok = false;
+		end
+		for host, options in enabled_hosts() do
 			local host_options = set.new(it.to_array(it.keys(options)));
 			local misplaced_options = set.intersection(host_options, known_global_options);
 			for name in pairs(options) do
@@ -898,7 +936,7 @@
 		
 		local v6_supported = not not socket.tcp6;
 		
-		for host, host_options in it.filter("*", pairs(config.getconfig())) do
+		for host, host_options in enabled_hosts() do
 			local all_targets_ok, some_targets_ok = true, false;
 			
 			local is_component = not not host_options.component_module;
@@ -1047,54 +1085,52 @@
 			print("This version of LuaSec (" .. ssl._VERSION .. ") does not support certificate checking");
 			cert_ok = false
 		else
-			for host in pairs(hosts) do
-				if host ~= "*" then -- Should check global certs too.
-					print("Checking certificate for "..host);
-					-- First, let's find out what certificate this host uses.
-					local ssl_config = config.rawget(host, "ssl");
-					if not ssl_config then
-						local base_host = host:match("%.(.*)");
-						ssl_config = config.get(base_host, "ssl");
-					end
-					if not ssl_config then
-						print("  No 'ssl' option defined for "..host)
-						cert_ok = false
-					elseif not ssl_config.certificate then
-						print("  No 'certificate' set in ssl option for "..host)
-						cert_ok = false
-					elseif not ssl_config.key then
-						print("  No 'key' set in ssl option for "..host)
+			for host in enabled_hosts() do
+				print("Checking certificate for "..host);
+				-- First, let's find out what certificate this host uses.
+				local ssl_config = config.rawget(host, "ssl");
+				if not ssl_config then
+					local base_host = host:match("%.(.*)");
+					ssl_config = config.get(base_host, "ssl");
+				end
+				if not ssl_config then
+					print("  No 'ssl' option defined for "..host)
+					cert_ok = false
+				elseif not ssl_config.certificate then
+					print("  No 'certificate' set in ssl option for "..host)
+					cert_ok = false
+				elseif not ssl_config.key then
+					print("  No 'key' set in ssl option for "..host)
+					cert_ok = false
+				else
+					local key, err = io.open(ssl_config.key); -- Permissions check only
+					if not key then
+						print("    Could not open "..ssl_config.key..": "..err);
 						cert_ok = false
 					else
-						local key, err = io.open(ssl_config.key); -- Permissions check only
-						if not key then
-							print("    Could not open "..ssl_config.key..": "..err);
-							cert_ok = false
-						else
-							key:close();
-						end
-						local cert_fh, err = io.open(ssl_config.certificate); -- Load the file.
-						if not cert_fh then
-							print("    Could not open "..ssl_config.certificate..": "..err);
+						key:close();
+					end
+					local cert_fh, err = io.open(ssl_config.certificate); -- Load the file.
+					if not cert_fh then
+						print("    Could not open "..ssl_config.certificate..": "..err);
+						cert_ok = false
+					else
+						print("  Certificate: "..ssl_config.certificate)
+						local cert = load_cert(cert_fh:read"*a"); cert_fh = cert_fh:close();
+						if not cert:validat(os.time()) then
+							print("    Certificate has expired.")
 							cert_ok = false
-						else
-							print("  Certificate: "..ssl_config.certificate)
-							local cert = load_cert(cert_fh:read"*a"); cert_fh = cert_fh:close();
-							if not cert:validat(os.time()) then
-								print("    Certificate has expired.")
-								cert_ok = false
-							end
-							if config.get(host, "component_module") == nil
+						end
+						if config.get(host, "component_module") == nil
 							and not x509_verify_identity(host, "_xmpp-client", cert) then
-								print("    Not vaild for client connections to "..host..".")
-								cert_ok = false
-							end
-							if (not (config.get(name, "anonymous_login")
-								or config.get(name, "authentication") == "anonymous"))
+							print("    Not vaild for client connections to "..host..".")
+							cert_ok = false
+						end
+						if (not (config.get(host, "anonymous_login")
+							or config.get(host, "authentication") == "anonymous"))
 							and not x509_verify_identity(host, "_xmpp-client", cert) then
-								print("    Not vaild for server-to-server connections to "..host..".")
-								cert_ok = false
-							end
+							print("    Not vaild for server-to-server connections to "..host..".")
+							cert_ok = false
 						end
 					end
 				end