author | Kim Alvefur <zash@zash.se> |
Sat, 11 Nov 2023 21:33:53 +0100 | |
changeset 13320 | a27a329e93ca |
parent 13306 | 30b7cd40ee14 |
child 13328 | 6f371066d6e0 |
permissions | -rw-r--r-- |
12979
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12903
diff
changeset
|
1 |
local configmanager = require "prosody.core.configmanager"; |
13222 | 2 |
local moduleapi = require "prosody.core.moduleapi"; |
12979
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12903
diff
changeset
|
3 |
local show_usage = require "prosody.util.prosodyctl".show_usage; |
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12903
diff
changeset
|
4 |
local show_warning = require "prosody.util.prosodyctl".show_warning; |
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12903
diff
changeset
|
5 |
local is_prosody_running = require "prosody.util.prosodyctl".isrunning; |
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12903
diff
changeset
|
6 |
local parse_args = require "prosody.util.argparse".parse; |
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12903
diff
changeset
|
7 |
local dependencies = require "prosody.util.dependencies"; |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 |
local socket = require "socket"; |
11831
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
9 |
local socket_url = require "socket.url"; |
12979
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12903
diff
changeset
|
10 |
local jid_split = require "prosody.util.jid".prepped_split; |
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12903
diff
changeset
|
11 |
local modulemanager = require "prosody.core.modulemanager"; |
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12903
diff
changeset
|
12 |
local async = require "prosody.util.async"; |
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12903
diff
changeset
|
13 |
local httputil = require "prosody.util.http"; |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 |
|
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
15 |
local function api(host) |
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
16 |
return setmetatable({ name = "prosodyctl.check"; host = host; log = prosody.log }, { __index = moduleapi }) |
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
17 |
end |
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
18 |
|
11830
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11811
diff
changeset
|
19 |
local function check_ojn(check_type, target_host) |
12979
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12903
diff
changeset
|
20 |
local http = require "prosody.net.http"; -- .new({}); |
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12903
diff
changeset
|
21 |
local json = require "prosody.util.json"; |
11783
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
22 |
|
11830
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11811
diff
changeset
|
23 |
local response, err = async.wait_for(http.request( |
11831
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
24 |
("https://observe.jabber.network/api/v1/check/%s"):format(httputil.urlencode(check_type)), |
11783
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
25 |
{ |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
26 |
method="POST", |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
27 |
headers={["Accept"] = "application/json"; ["Content-Type"] = "application/json"}, |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
28 |
body=json.encode({target=target_host}), |
11830
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11811
diff
changeset
|
29 |
})); |
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11811
diff
changeset
|
30 |
|
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11811
diff
changeset
|
31 |
if not response then |
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11811
diff
changeset
|
32 |
return false, err; |
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11811
diff
changeset
|
33 |
end |
11783
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
34 |
|
11830
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11811
diff
changeset
|
35 |
if response.code ~= 200 then |
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11811
diff
changeset
|
36 |
return false, ("API replied with non-200 code: %d"):format(response.code); |
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11811
diff
changeset
|
37 |
end |
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11811
diff
changeset
|
38 |
|
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11811
diff
changeset
|
39 |
local decoded_body, err = json.decode(response.body); |
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11811
diff
changeset
|
40 |
if decoded_body == nil then |
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11811
diff
changeset
|
41 |
return false, ("Failed to parse API JSON: %s"):format(err) |
11783
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
42 |
end |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
43 |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
44 |
local success = decoded_body["success"]; |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
45 |
return success == true, nil; |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
46 |
end |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
47 |
|
11831
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
48 |
local function check_probe(base_url, probe_module, target) |
12979
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12903
diff
changeset
|
49 |
local http = require "prosody.net.http"; -- .new({}); |
11831
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
50 |
local params = httputil.formencode({ module = probe_module; target = target }) |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
51 |
local response, err = async.wait_for(http.request(base_url .. "?" .. params)); |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
52 |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
53 |
if not response then return false, err; end |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
54 |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
55 |
if response.code ~= 200 then return false, ("API replied with non-200 code: %d"):format(response.code); end |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
56 |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
57 |
for line in response.body:gmatch("[^\r\n]+") do |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
58 |
local probe_success = line:match("^probe_success%s+(%d+)"); |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
59 |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
60 |
if probe_success == "1" then |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
61 |
return true; |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
62 |
elseif probe_success == "0" then |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
63 |
return false; |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
64 |
end |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
65 |
end |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
66 |
return false, "Probe endpoint did not return a success status"; |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
67 |
end |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
68 |
|
12376
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
69 |
local function check_turn_service(turn_service, ping_service) |
12979
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12903
diff
changeset
|
70 |
local ip = require "prosody.util.ip"; |
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12903
diff
changeset
|
71 |
local stun = require "prosody.net.stun"; |
12361
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
72 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
73 |
-- Create UDP socket for communication with the server |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
74 |
local sock = assert(require "socket".udp()); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
75 |
sock:setsockname("*", 0); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
76 |
sock:setpeername(turn_service.host, turn_service.port); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
77 |
sock:settimeout(10); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
78 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
79 |
-- Helper function to receive a packet |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
80 |
local function receive_packet() |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
81 |
local raw_packet, err = sock:receive(); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
82 |
if not raw_packet then |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
83 |
return nil, err; |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
84 |
end |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
85 |
return stun.new_packet():deserialize(raw_packet); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
86 |
end |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
87 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
88 |
local result = { warnings = {} }; |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
89 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
90 |
-- Send a "binding" query, i.e. a request for our external IP/port |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
91 |
local bind_query = stun.new_packet("binding", "request"); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
92 |
bind_query:add_attribute("software", "prosodyctl check turn"); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
93 |
sock:send(bind_query:serialize()); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
94 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
95 |
local bind_result, err = receive_packet(); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
96 |
if not bind_result then |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
97 |
result.error = "No STUN response: "..err; |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
98 |
return result; |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
99 |
elseif bind_result:is_err_resp() then |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
100 |
result.error = ("STUN server returned error: %d (%s)"):format(bind_result:get_error()); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
101 |
return result; |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
102 |
elseif not bind_result:is_success_resp() then |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
103 |
result.error = ("Unexpected STUN response: %d (%s)"):format(bind_result:get_type()); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
104 |
return result; |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
105 |
end |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
106 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
107 |
result.external_ip = bind_result:get_xor_mapped_address(); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
108 |
if not result.external_ip then |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
109 |
result.error = "STUN server did not return an address"; |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
110 |
return result; |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
111 |
end |
12388
53b4549c2209
prosodyctl: check turn: Add check for private IP returned from STUN.
Matthew Wild <mwild1@gmail.com>
parents:
12387
diff
changeset
|
112 |
if ip.new_ip(result.external_ip.address).private then |
53b4549c2209
prosodyctl: check turn: Add check for private IP returned from STUN.
Matthew Wild <mwild1@gmail.com>
parents:
12387
diff
changeset
|
113 |
table.insert(result.warnings, "STUN returned a private IP! Is the TURN server behind a NAT and misconfigured?"); |
53b4549c2209
prosodyctl: check turn: Add check for private IP returned from STUN.
Matthew Wild <mwild1@gmail.com>
parents:
12387
diff
changeset
|
114 |
end |
12361
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
115 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
116 |
-- Send a TURN "allocate" request. Expected to fail due to auth, but |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
117 |
-- necessary to obtain a valid realm/nonce from the server. |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
118 |
local pre_request = stun.new_packet("allocate", "request"); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
119 |
sock:send(pre_request:serialize()); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
120 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
121 |
local pre_result, err = receive_packet(); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
122 |
if not pre_result then |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
123 |
result.error = "No initial TURN response: "..err; |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
124 |
return result; |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
125 |
elseif pre_result:is_success_resp() then |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
126 |
result.error = "TURN server does not have authentication enabled"; |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
127 |
return result; |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
128 |
end |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
129 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
130 |
local realm = pre_result:get_attribute("realm"); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
131 |
local nonce = pre_result:get_attribute("nonce"); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
132 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
133 |
if not realm then |
12387
a9b6ed86b573
prosodyctl: check turn: improve warning text to suggest issues
Matthew Wild <mwild1@gmail.com>
parents:
12386
diff
changeset
|
134 |
table.insert(result.warnings, "TURN server did not return an authentication realm. Is authentication enabled?"); |
12361
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
135 |
end |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
136 |
if not nonce then |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
137 |
table.insert(result.warnings, "TURN server did not return a nonce"); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
138 |
end |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
139 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
140 |
-- Use the configured secret to obtain temporary user/pass credentials |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
141 |
local turn_user, turn_pass = stun.get_user_pass_from_secret(turn_service.secret); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
142 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
143 |
-- Send a TURN allocate request, will fail if auth is wrong |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
144 |
local alloc_request = stun.new_packet("allocate", "request"); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
145 |
alloc_request:add_requested_transport("udp"); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
146 |
alloc_request:add_attribute("username", turn_user); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
147 |
if realm then |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
148 |
alloc_request:add_attribute("realm", realm); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
149 |
end |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
150 |
if nonce then |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
151 |
alloc_request:add_attribute("nonce", nonce); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
152 |
end |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
153 |
local key = stun.get_long_term_auth_key(realm or turn_service.host, turn_user, turn_pass); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
154 |
alloc_request:add_message_integrity(key); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
155 |
sock:send(alloc_request:serialize()); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
156 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
157 |
-- Check the response |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
158 |
local alloc_response, err = receive_packet(); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
159 |
if not alloc_response then |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
160 |
result.error = "TURN server did not response to allocation request: "..err; |
12470
9ee41552bca0
util.prosodyctl: check turn: ensure a result is always returned from a check (thanks eTaurus)
Matthew Wild <mwild1@gmail.com>
parents:
12445
diff
changeset
|
161 |
return result; |
12361
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
162 |
elseif alloc_response:is_err_resp() then |
12745
7b3deafb9162
prosodyctl: check turn: More clearly indicate the error is from TURN server
Matthew Wild <mwild1@gmail.com>
parents:
12524
diff
changeset
|
163 |
result.error = ("TURN server failed to create allocation: %d (%s)"):format(alloc_response:get_error()); |
12361
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
164 |
return result; |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
165 |
elseif not alloc_response:is_success_resp() then |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
166 |
result.error = ("Unexpected TURN response: %d (%s)"):format(alloc_response:get_type()); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
167 |
return result; |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
168 |
end |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
169 |
|
12379
ea5e46601cfb
prosodyctl: check turn: show relayed address(es) in verbose mode
Matthew Wild <mwild1@gmail.com>
parents:
12377
diff
changeset
|
170 |
result.relayed_addresses = alloc_response:get_xor_relayed_addresses(); |
ea5e46601cfb
prosodyctl: check turn: show relayed address(es) in verbose mode
Matthew Wild <mwild1@gmail.com>
parents:
12377
diff
changeset
|
171 |
|
12376
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
172 |
if not ping_service then |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
173 |
-- Success! We won't be running the relay test. |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
174 |
return result; |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
175 |
end |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
176 |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
177 |
-- Run the relay test - i.e. send a binding request to ping_service |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
178 |
-- and receive a response. |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
179 |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
180 |
-- Resolve the IP of the ping service |
12377
5417ec7e2ee8
prosodyctl: check turn: Allow specifying port for the ping service
Matthew Wild <mwild1@gmail.com>
parents:
12376
diff
changeset
|
181 |
local ping_host, ping_port = ping_service:match("^([^:]+):(%d+)$"); |
5417ec7e2ee8
prosodyctl: check turn: Allow specifying port for the ping service
Matthew Wild <mwild1@gmail.com>
parents:
12376
diff
changeset
|
182 |
if ping_host then |
5417ec7e2ee8
prosodyctl: check turn: Allow specifying port for the ping service
Matthew Wild <mwild1@gmail.com>
parents:
12376
diff
changeset
|
183 |
ping_port = tonumber(ping_port); |
5417ec7e2ee8
prosodyctl: check turn: Allow specifying port for the ping service
Matthew Wild <mwild1@gmail.com>
parents:
12376
diff
changeset
|
184 |
else |
5417ec7e2ee8
prosodyctl: check turn: Allow specifying port for the ping service
Matthew Wild <mwild1@gmail.com>
parents:
12376
diff
changeset
|
185 |
-- Only a hostname specified, use default STUN port |
5417ec7e2ee8
prosodyctl: check turn: Allow specifying port for the ping service
Matthew Wild <mwild1@gmail.com>
parents:
12376
diff
changeset
|
186 |
ping_host, ping_port = ping_service, 3478; |
5417ec7e2ee8
prosodyctl: check turn: Allow specifying port for the ping service
Matthew Wild <mwild1@gmail.com>
parents:
12376
diff
changeset
|
187 |
end |
12420
19fd28239e73
prosodyctl: check turn: Fail with error if our own address is supplied for the ping test
Matthew Wild <mwild1@gmail.com>
parents:
12418
diff
changeset
|
188 |
|
19fd28239e73
prosodyctl: check turn: Fail with error if our own address is supplied for the ping test
Matthew Wild <mwild1@gmail.com>
parents:
12418
diff
changeset
|
189 |
if ping_host == turn_service.host then |
19fd28239e73
prosodyctl: check turn: Fail with error if our own address is supplied for the ping test
Matthew Wild <mwild1@gmail.com>
parents:
12418
diff
changeset
|
190 |
result.error = ("Unable to perform ping test: please supply an external STUN server address. See https://prosody.im/doc/turn#prosodyctl-check"); |
19fd28239e73
prosodyctl: check turn: Fail with error if our own address is supplied for the ping test
Matthew Wild <mwild1@gmail.com>
parents:
12418
diff
changeset
|
191 |
return result; |
19fd28239e73
prosodyctl: check turn: Fail with error if our own address is supplied for the ping test
Matthew Wild <mwild1@gmail.com>
parents:
12418
diff
changeset
|
192 |
end |
19fd28239e73
prosodyctl: check turn: Fail with error if our own address is supplied for the ping test
Matthew Wild <mwild1@gmail.com>
parents:
12418
diff
changeset
|
193 |
|
12377
5417ec7e2ee8
prosodyctl: check turn: Allow specifying port for the ping service
Matthew Wild <mwild1@gmail.com>
parents:
12376
diff
changeset
|
194 |
local ping_service_ip, err = socket.dns.toip(ping_host); |
12376
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
195 |
if not ping_service_ip then |
12383
6ac3c580c00d
prosodyctl: check turn: Clearer error when unable to resolve external service host
Matthew Wild <mwild1@gmail.com>
parents:
12381
diff
changeset
|
196 |
result.error = "Unable to resolve ping service hostname: "..err; |
12376
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
197 |
return result; |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
198 |
end |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
199 |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
200 |
-- Ask the TURN server to allow packets from the ping service IP |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
201 |
local perm_request = stun.new_packet("create-permission"); |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
202 |
perm_request:add_xor_peer_address(ping_service_ip); |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
203 |
perm_request:add_attribute("username", turn_user); |
12386
574cf096a426
prosodyctl: check turn: fix traceback when server does not provide realm/nonce
Matthew Wild <mwild1@gmail.com>
parents:
12385
diff
changeset
|
204 |
if realm then |
574cf096a426
prosodyctl: check turn: fix traceback when server does not provide realm/nonce
Matthew Wild <mwild1@gmail.com>
parents:
12385
diff
changeset
|
205 |
perm_request:add_attribute("realm", realm); |
574cf096a426
prosodyctl: check turn: fix traceback when server does not provide realm/nonce
Matthew Wild <mwild1@gmail.com>
parents:
12385
diff
changeset
|
206 |
end |
574cf096a426
prosodyctl: check turn: fix traceback when server does not provide realm/nonce
Matthew Wild <mwild1@gmail.com>
parents:
12385
diff
changeset
|
207 |
if nonce then |
574cf096a426
prosodyctl: check turn: fix traceback when server does not provide realm/nonce
Matthew Wild <mwild1@gmail.com>
parents:
12385
diff
changeset
|
208 |
perm_request:add_attribute("nonce", nonce); |
574cf096a426
prosodyctl: check turn: fix traceback when server does not provide realm/nonce
Matthew Wild <mwild1@gmail.com>
parents:
12385
diff
changeset
|
209 |
end |
12376
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
210 |
perm_request:add_message_integrity(key); |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
211 |
sock:send(perm_request:serialize()); |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
212 |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
213 |
local perm_response, err = receive_packet(); |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
214 |
if not perm_response then |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
215 |
result.error = "No response from TURN server when requesting peer permission: "..err; |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
216 |
return result; |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
217 |
elseif perm_response:is_err_resp() then |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
218 |
result.error = ("TURN permission request failed: %d (%s)"):format(perm_response:get_error()); |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
219 |
return result; |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
220 |
elseif not perm_response:is_success_resp() then |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
221 |
result.error = ("Unexpected TURN response: %d (%s)"):format(perm_response:get_type()); |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
222 |
return result; |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
223 |
end |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
224 |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
225 |
-- Ask the TURN server to relay a STUN binding request to the ping server |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
226 |
local ping_data = stun.new_packet("binding"):serialize(); |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
227 |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
228 |
local ping_request = stun.new_packet("send", "indication"); |
12377
5417ec7e2ee8
prosodyctl: check turn: Allow specifying port for the ping service
Matthew Wild <mwild1@gmail.com>
parents:
12376
diff
changeset
|
229 |
ping_request:add_xor_peer_address(ping_service_ip, ping_port); |
12376
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
230 |
ping_request:add_attribute("data", ping_data); |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
231 |
ping_request:add_attribute("username", turn_user); |
12386
574cf096a426
prosodyctl: check turn: fix traceback when server does not provide realm/nonce
Matthew Wild <mwild1@gmail.com>
parents:
12385
diff
changeset
|
232 |
if realm then |
574cf096a426
prosodyctl: check turn: fix traceback when server does not provide realm/nonce
Matthew Wild <mwild1@gmail.com>
parents:
12385
diff
changeset
|
233 |
ping_request:add_attribute("realm", realm); |
574cf096a426
prosodyctl: check turn: fix traceback when server does not provide realm/nonce
Matthew Wild <mwild1@gmail.com>
parents:
12385
diff
changeset
|
234 |
end |
574cf096a426
prosodyctl: check turn: fix traceback when server does not provide realm/nonce
Matthew Wild <mwild1@gmail.com>
parents:
12385
diff
changeset
|
235 |
if nonce then |
574cf096a426
prosodyctl: check turn: fix traceback when server does not provide realm/nonce
Matthew Wild <mwild1@gmail.com>
parents:
12385
diff
changeset
|
236 |
ping_request:add_attribute("nonce", nonce); |
574cf096a426
prosodyctl: check turn: fix traceback when server does not provide realm/nonce
Matthew Wild <mwild1@gmail.com>
parents:
12385
diff
changeset
|
237 |
end |
12376
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
238 |
ping_request:add_message_integrity(key); |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
239 |
sock:send(ping_request:serialize()); |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
240 |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
241 |
local ping_response, err = receive_packet(); |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
242 |
if not ping_response then |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
243 |
result.error = "No response from ping server ("..ping_service_ip.."): "..err; |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
244 |
return result; |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
245 |
elseif not ping_response:is_indication() or select(2, ping_response:get_method()) ~= "data" then |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
246 |
result.error = ("Unexpected TURN response: %s %s"):format(select(2, ping_response:get_method()), select(2, ping_response:get_type())); |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
247 |
return result; |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
248 |
end |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
249 |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
250 |
local pong_data = ping_response:get_attribute("data"); |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
251 |
if not pong_data then |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
252 |
result.error = "No data relayed from remote server"; |
12470
9ee41552bca0
util.prosodyctl: check turn: ensure a result is always returned from a check (thanks eTaurus)
Matthew Wild <mwild1@gmail.com>
parents:
12445
diff
changeset
|
253 |
return result; |
12376
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
254 |
end |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
255 |
local pong = stun.new_packet():deserialize(pong_data); |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
256 |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
257 |
result.external_ip_pong = pong:get_xor_mapped_address(); |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
258 |
if not result.external_ip_pong then |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
259 |
result.error = "Ping server did not return an address"; |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
260 |
return result; |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
261 |
end |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
262 |
|
12394
71b5c9b8b07a
prosodyctl: check turn: warn about external port mismatches behind NAT
Matthew Wild <mwild1@gmail.com>
parents:
12389
diff
changeset
|
263 |
local relay_address_found, relay_port_matches; |
71b5c9b8b07a
prosodyctl: check turn: warn about external port mismatches behind NAT
Matthew Wild <mwild1@gmail.com>
parents:
12389
diff
changeset
|
264 |
for _, relayed_address in ipairs(result.relayed_addresses) do |
71b5c9b8b07a
prosodyctl: check turn: warn about external port mismatches behind NAT
Matthew Wild <mwild1@gmail.com>
parents:
12389
diff
changeset
|
265 |
if relayed_address.address == result.external_ip_pong.address then |
71b5c9b8b07a
prosodyctl: check turn: warn about external port mismatches behind NAT
Matthew Wild <mwild1@gmail.com>
parents:
12389
diff
changeset
|
266 |
relay_address_found = true; |
71b5c9b8b07a
prosodyctl: check turn: warn about external port mismatches behind NAT
Matthew Wild <mwild1@gmail.com>
parents:
12389
diff
changeset
|
267 |
relay_port_matches = result.external_ip_pong.port == relayed_address.port; |
71b5c9b8b07a
prosodyctl: check turn: warn about external port mismatches behind NAT
Matthew Wild <mwild1@gmail.com>
parents:
12389
diff
changeset
|
268 |
end |
71b5c9b8b07a
prosodyctl: check turn: warn about external port mismatches behind NAT
Matthew Wild <mwild1@gmail.com>
parents:
12389
diff
changeset
|
269 |
end |
71b5c9b8b07a
prosodyctl: check turn: warn about external port mismatches behind NAT
Matthew Wild <mwild1@gmail.com>
parents:
12389
diff
changeset
|
270 |
if not relay_address_found then |
12387
a9b6ed86b573
prosodyctl: check turn: improve warning text to suggest issues
Matthew Wild <mwild1@gmail.com>
parents:
12386
diff
changeset
|
271 |
table.insert(result.warnings, "TURN external IP vs relay address mismatch! Is the TURN server behind a NAT and misconfigured?"); |
12394
71b5c9b8b07a
prosodyctl: check turn: warn about external port mismatches behind NAT
Matthew Wild <mwild1@gmail.com>
parents:
12389
diff
changeset
|
272 |
elseif not relay_port_matches then |
71b5c9b8b07a
prosodyctl: check turn: warn about external port mismatches behind NAT
Matthew Wild <mwild1@gmail.com>
parents:
12389
diff
changeset
|
273 |
table.insert(result.warnings, "External port does not match reported relay port! This is probably caused by a NAT in front of the TURN server."); |
12387
a9b6ed86b573
prosodyctl: check turn: improve warning text to suggest issues
Matthew Wild <mwild1@gmail.com>
parents:
12386
diff
changeset
|
274 |
end |
a9b6ed86b573
prosodyctl: check turn: improve warning text to suggest issues
Matthew Wild <mwild1@gmail.com>
parents:
12386
diff
changeset
|
275 |
|
12376
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
276 |
-- |
12361
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
277 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
278 |
return result; |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
279 |
end |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
280 |
|
11783
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
281 |
local function skip_bare_jid_hosts(host) |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
282 |
if jid_split(host) then |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
283 |
-- See issue #779 |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
284 |
return false; |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
285 |
end |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
286 |
return true; |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
287 |
end |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
288 |
|
12376
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
289 |
local check_opts = { |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
290 |
short_params = { |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
291 |
h = "help", v = "verbose"; |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
292 |
}; |
12380
10353ad0ca7a
prosodyctl: check: Slightly improved argument handling
Matthew Wild <mwild1@gmail.com>
parents:
12379
diff
changeset
|
293 |
value_params = { |
10353ad0ca7a
prosodyctl: check: Slightly improved argument handling
Matthew Wild <mwild1@gmail.com>
parents:
12379
diff
changeset
|
294 |
ping = true; |
10353ad0ca7a
prosodyctl: check: Slightly improved argument handling
Matthew Wild <mwild1@gmail.com>
parents:
12379
diff
changeset
|
295 |
}; |
12376
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
296 |
}; |
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
297 |
|
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
298 |
local function check(arg) |
12376
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
299 |
if arg[1] == "help" or arg[1] == "--help" then |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
300 |
show_usage([[check]], [[Perform basic checks on your Prosody installation]]); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
301 |
return 1; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
302 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
303 |
local what = table.remove(arg, 1); |
12380
10353ad0ca7a
prosodyctl: check: Slightly improved argument handling
Matthew Wild <mwild1@gmail.com>
parents:
12379
diff
changeset
|
304 |
local opts, opts_err, opts_info = parse_args(arg, check_opts); |
10353ad0ca7a
prosodyctl: check: Slightly improved argument handling
Matthew Wild <mwild1@gmail.com>
parents:
12379
diff
changeset
|
305 |
if opts_err == "missing-value" then |
10353ad0ca7a
prosodyctl: check: Slightly improved argument handling
Matthew Wild <mwild1@gmail.com>
parents:
12379
diff
changeset
|
306 |
print("Error: Expected a value after '"..opts_info.."'"); |
10353ad0ca7a
prosodyctl: check: Slightly improved argument handling
Matthew Wild <mwild1@gmail.com>
parents:
12379
diff
changeset
|
307 |
return 1; |
10353ad0ca7a
prosodyctl: check: Slightly improved argument handling
Matthew Wild <mwild1@gmail.com>
parents:
12379
diff
changeset
|
308 |
elseif opts_err == "param-not-found" then |
10353ad0ca7a
prosodyctl: check: Slightly improved argument handling
Matthew Wild <mwild1@gmail.com>
parents:
12379
diff
changeset
|
309 |
print("Error: Unknown parameter: "..opts_info); |
10353ad0ca7a
prosodyctl: check: Slightly improved argument handling
Matthew Wild <mwild1@gmail.com>
parents:
12379
diff
changeset
|
310 |
return 1; |
10353ad0ca7a
prosodyctl: check: Slightly improved argument handling
Matthew Wild <mwild1@gmail.com>
parents:
12379
diff
changeset
|
311 |
end |
12979
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12903
diff
changeset
|
312 |
local array = require "prosody.util.array"; |
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12903
diff
changeset
|
313 |
local set = require "prosody.util.set"; |
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12903
diff
changeset
|
314 |
local it = require "prosody.util.iterators"; |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
315 |
local ok = true; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
316 |
local function disabled_hosts(host, conf) return host ~= "*" and conf.enabled ~= false; end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
317 |
local function enabled_hosts() return it.filter(disabled_hosts, pairs(configmanager.getconfig())); end |
13305
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
318 |
local checks = {}; |
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
319 |
function checks.disabled() |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
320 |
local disabled_hosts_set = set.new(); |
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
321 |
for host in it.filter("*", pairs(configmanager.getconfig())) do |
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
322 |
if api(host):get_option_boolean("enabled") == false then |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
323 |
disabled_hosts_set:add(host); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
324 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
325 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
326 |
if not disabled_hosts_set:empty() then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
327 |
local msg = "Checks will be skipped for these disabled hosts: %s"; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
328 |
if what then msg = "These hosts are disabled: %s"; end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
329 |
show_warning(msg, tostring(disabled_hosts_set)); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
330 |
if what then return 0; end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
331 |
print"" |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
332 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
333 |
end |
13305
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
334 |
function checks.config() |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
335 |
print("Checking config..."); |
12445
dc6263625069
prosodyctl: check config: Report paths of loaded configuration files (fixed #1729)
Matthew Wild <mwild1@gmail.com>
parents:
12420
diff
changeset
|
336 |
|
dc6263625069
prosodyctl: check config: Report paths of loaded configuration files (fixed #1729)
Matthew Wild <mwild1@gmail.com>
parents:
12420
diff
changeset
|
337 |
if what == "config" then |
dc6263625069
prosodyctl: check config: Report paths of loaded configuration files (fixed #1729)
Matthew Wild <mwild1@gmail.com>
parents:
12420
diff
changeset
|
338 |
local files = configmanager.files(); |
dc6263625069
prosodyctl: check config: Report paths of loaded configuration files (fixed #1729)
Matthew Wild <mwild1@gmail.com>
parents:
12420
diff
changeset
|
339 |
print(" The following configuration files have been loaded:"); |
dc6263625069
prosodyctl: check config: Report paths of loaded configuration files (fixed #1729)
Matthew Wild <mwild1@gmail.com>
parents:
12420
diff
changeset
|
340 |
print(" - "..table.concat(files, "\n - ")); |
dc6263625069
prosodyctl: check config: Report paths of loaded configuration files (fixed #1729)
Matthew Wild <mwild1@gmail.com>
parents:
12420
diff
changeset
|
341 |
end |
dc6263625069
prosodyctl: check config: Report paths of loaded configuration files (fixed #1729)
Matthew Wild <mwild1@gmail.com>
parents:
12420
diff
changeset
|
342 |
|
11802
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11787
diff
changeset
|
343 |
local obsolete = set.new({ --> remove |
12122
30d55809d9a6
util.prosodyctl.check: Add some more obsolete settings
Kim Alvefur <zash@zash.se>
parents:
12103
diff
changeset
|
344 |
"archive_cleanup_interval", |
30d55809d9a6
util.prosodyctl.check: Add some more obsolete settings
Kim Alvefur <zash@zash.se>
parents:
12103
diff
changeset
|
345 |
"dns_timeout", |
30d55809d9a6
util.prosodyctl.check: Add some more obsolete settings
Kim Alvefur <zash@zash.se>
parents:
12103
diff
changeset
|
346 |
"muc_log_cleanup_interval", |
30d55809d9a6
util.prosodyctl.check: Add some more obsolete settings
Kim Alvefur <zash@zash.se>
parents:
12103
diff
changeset
|
347 |
"s2s_dns_resolvers", |
30d55809d9a6
util.prosodyctl.check: Add some more obsolete settings
Kim Alvefur <zash@zash.se>
parents:
12103
diff
changeset
|
348 |
"setgid", |
30d55809d9a6
util.prosodyctl.check: Add some more obsolete settings
Kim Alvefur <zash@zash.se>
parents:
12103
diff
changeset
|
349 |
"setuid", |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
350 |
}); |
12163
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12162
diff
changeset
|
351 |
local function instead_use(kind, name, value) |
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12162
diff
changeset
|
352 |
if kind == "option" then |
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12162
diff
changeset
|
353 |
if value then |
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12162
diff
changeset
|
354 |
return string.format("instead, use '%s = %q'", name, value); |
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12162
diff
changeset
|
355 |
else |
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12162
diff
changeset
|
356 |
return string.format("instead, use '%s'", name); |
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12162
diff
changeset
|
357 |
end |
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12162
diff
changeset
|
358 |
elseif kind == "module" then |
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12162
diff
changeset
|
359 |
return string.format("instead, add %q to '%s'", name, value or "modules_enabled"); |
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12162
diff
changeset
|
360 |
elseif kind == "community" then |
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12162
diff
changeset
|
361 |
return string.format("instead, add %q from %s", name, value or "prosody-modules"); |
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12162
diff
changeset
|
362 |
end |
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12162
diff
changeset
|
363 |
return kind |
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12162
diff
changeset
|
364 |
end |
11802
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11787
diff
changeset
|
365 |
local deprecated_replacements = { |
12163
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12162
diff
changeset
|
366 |
anonymous_login = instead_use("option", "authentication", "anonymous"); |
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12162
diff
changeset
|
367 |
daemonize = "instead, use the --daemonize/-D or --foreground/-F command line flags"; |
13258
a2ba3f06dcf4
util.prosodyctl.check: Correct modern replacement for 'disallow_s2s'
Kim Alvefur <zash@zash.se>
parents:
13223
diff
changeset
|
368 |
disallow_s2s = instead_use("module", "s2s", "modules_disabled"); |
12163
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12162
diff
changeset
|
369 |
no_daemonize = "instead, use the --daemonize/-D or --foreground/-F command line flags"; |
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12162
diff
changeset
|
370 |
require_encryption = "instead, use 'c2s_require_encryption' and 's2s_require_encryption'"; |
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12162
diff
changeset
|
371 |
vcard_compatibility = instead_use("community", "mod_compat_vcard"); |
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12162
diff
changeset
|
372 |
use_libevent = instead_use("option", "network_backend", "event"); |
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12162
diff
changeset
|
373 |
whitelist_registration_only = instead_use("option", "allowlist_registration_only"); |
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12162
diff
changeset
|
374 |
registration_whitelist = instead_use("option", "registration_allowlist"); |
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12162
diff
changeset
|
375 |
registration_blacklist = instead_use("option", "registration_blocklist"); |
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12162
diff
changeset
|
376 |
blacklist_on_registration_throttle_overload = instead_use("blocklist_on_registration_throttle_overload"); |
12902
4255db0f8e58
util.prosodyctl.check: Suggest 'http_cors_override' instead of older CORS settings
Kim Alvefur <zash@zash.se>
parents:
12846
diff
changeset
|
377 |
cross_domain_bosh = "instead, use 'http_cors_override', see https://prosody.im/doc/http#cross-domain-cors-support"; |
4255db0f8e58
util.prosodyctl.check: Suggest 'http_cors_override' instead of older CORS settings
Kim Alvefur <zash@zash.se>
parents:
12846
diff
changeset
|
378 |
cross_domain_websocket = "instead, use 'http_cors_override', see https://prosody.im/doc/http#cross-domain-cors-support"; |
11802
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11787
diff
changeset
|
379 |
}; |
11804
60018637f5d4
util.prosodyctl.check: Nudge towards plural port options
Kim Alvefur <zash@zash.se>
parents:
11803
diff
changeset
|
380 |
-- FIXME all the singular _port and _interface options are supposed to be deprecated too |
11802
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11787
diff
changeset
|
381 |
local deprecated_ports = { bosh = "http", legacy_ssl = "c2s_direct_tls" }; |
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11787
diff
changeset
|
382 |
local port_suffixes = set.new({ "port", "ports", "interface", "interfaces", "ssl" }); |
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11787
diff
changeset
|
383 |
for port, replacement in pairs(deprecated_ports) do |
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11787
diff
changeset
|
384 |
for suffix in port_suffixes do |
11804
60018637f5d4
util.prosodyctl.check: Nudge towards plural port options
Kim Alvefur <zash@zash.se>
parents:
11803
diff
changeset
|
385 |
local rsuffix = (suffix == "port" or suffix == "interface") and suffix.."s" or suffix; |
12162
7ff3699c1653
util.prosodyctl.check: Move word to ease future translations
Kim Alvefur <zash@zash.se>
parents:
12161
diff
changeset
|
386 |
deprecated_replacements[port.."_"..suffix] = "instead, use '"..replacement.."_"..rsuffix.."'" |
11802
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11787
diff
changeset
|
387 |
end |
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11787
diff
changeset
|
388 |
end |
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11787
diff
changeset
|
389 |
local deprecated = set.new(array.collect(it.keys(deprecated_replacements))); |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
390 |
local known_global_options = set.new({ |
11639
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
391 |
"access_control_allow_credentials", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
392 |
"access_control_allow_headers", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
393 |
"access_control_allow_methods", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
394 |
"access_control_max_age", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
395 |
"admin_socket", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
396 |
"body_size_limit", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
397 |
"bosh_max_inactivity", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
398 |
"bosh_max_polling", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
399 |
"bosh_max_wait", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
400 |
"buffer_size_limit", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
401 |
"c2s_close_timeout", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
402 |
"c2s_stanza_size_limit", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
403 |
"c2s_tcp_keepalives", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
404 |
"c2s_timeout", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
405 |
"component_stanza_size_limit", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
406 |
"component_tcp_keepalives", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
407 |
"consider_bosh_secure", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
408 |
"consider_websocket_secure", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
409 |
"console_banner", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
410 |
"console_prettyprint_settings", |
11638
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11621
diff
changeset
|
411 |
"daemonize", |
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11621
diff
changeset
|
412 |
"gc", |
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11621
diff
changeset
|
413 |
"http_default_host", |
11639
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
414 |
"http_errors_always_show", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
415 |
"http_errors_default_message", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
416 |
"http_errors_detailed", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
417 |
"http_errors_messages", |
11837
bd86ab8122d9
util.prosodyctl.check: Add two known globals from mod_http
Kim Alvefur <zash@zash.se>
parents:
11831
diff
changeset
|
418 |
"http_max_buffer_size", |
bd86ab8122d9
util.prosodyctl.check: Add two known globals from mod_http
Kim Alvefur <zash@zash.se>
parents:
11831
diff
changeset
|
419 |
"http_max_content_size", |
11638
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11621
diff
changeset
|
420 |
"installer_plugin_path", |
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11621
diff
changeset
|
421 |
"limits", |
11639
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
422 |
"limits_resolution", |
11638
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11621
diff
changeset
|
423 |
"log", |
11639
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
424 |
"multiplex_buffer_size", |
11638
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11621
diff
changeset
|
425 |
"network_backend", |
11639
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
426 |
"network_default_read_size", |
11638
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11621
diff
changeset
|
427 |
"network_settings", |
11944
2d82e4245aa3
util.prosodyctl.check: Add mod_http_openmetrics settings to known globals
Kim Alvefur <zash@zash.se>
parents:
11929
diff
changeset
|
428 |
"openmetrics_allow_cidr", |
2d82e4245aa3
util.prosodyctl.check: Add mod_http_openmetrics settings to known globals
Kim Alvefur <zash@zash.se>
parents:
11929
diff
changeset
|
429 |
"openmetrics_allow_ips", |
11638
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11621
diff
changeset
|
430 |
"pidfile", |
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11621
diff
changeset
|
431 |
"plugin_paths", |
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11621
diff
changeset
|
432 |
"plugin_server", |
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11621
diff
changeset
|
433 |
"prosodyctl_timeout", |
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11621
diff
changeset
|
434 |
"prosody_group", |
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11621
diff
changeset
|
435 |
"prosody_user", |
11639
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
436 |
"run_as_root", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
437 |
"s2s_close_timeout", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
438 |
"s2s_insecure_domains", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
439 |
"s2s_require_encryption", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
440 |
"s2s_secure_auth", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
441 |
"s2s_secure_domains", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
442 |
"s2s_stanza_size_limit", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
443 |
"s2s_tcp_keepalives", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
444 |
"s2s_timeout", |
11638
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11621
diff
changeset
|
445 |
"statistics", |
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11621
diff
changeset
|
446 |
"statistics_config", |
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11621
diff
changeset
|
447 |
"statistics_interval", |
11639
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
448 |
"tcp_keepalives", |
12103
b344edad61d3
core.certmanager: Rename preset option to 'tls_preset'
Kim Alvefur <zash@zash.se>
parents:
11961
diff
changeset
|
449 |
"tls_profile", |
11639
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
450 |
"trusted_proxies", |
11638
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11621
diff
changeset
|
451 |
"umask", |
11639
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
452 |
"use_dane", |
11638
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11621
diff
changeset
|
453 |
"use_ipv4", |
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11621
diff
changeset
|
454 |
"use_ipv6", |
11639
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
455 |
"websocket_frame_buffer_limit", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
456 |
"websocket_frame_fragment_limit", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
457 |
"websocket_get_response_body", |
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11638
diff
changeset
|
458 |
"websocket_get_response_text", |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
459 |
}); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
460 |
local config = configmanager.getconfig(); |
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
461 |
local global = api("*"); |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
462 |
-- Check that we have any global options (caused by putting a host at the top) |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
463 |
if it.count(it.filter("log", pairs(config["*"]))) == 0 then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
464 |
ok = false; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
465 |
print(""); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
466 |
print(" No global options defined. Perhaps you have put a host definition at the top") |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
467 |
print(" of the config file? They should be at the bottom, see https://prosody.im/doc/configure#overview"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
468 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
469 |
if it.count(enabled_hosts()) == 0 then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
470 |
ok = false; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
471 |
print(""); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
472 |
if it.count(it.filter("*", pairs(config))) == 0 then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
473 |
print(" No hosts are defined, please add at least one VirtualHost section") |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
474 |
elseif config["*"]["enabled"] == false then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
475 |
print(" No hosts are enabled. Remove enabled = false from the global section or put enabled = true under at least one VirtualHost section") |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
476 |
else |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
477 |
print(" All hosts are disabled. Remove enabled = false from at least one VirtualHost section") |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
478 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
479 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
480 |
if not config["*"].modules_enabled then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
481 |
print(" No global modules_enabled is set?"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
482 |
local suggested_global_modules; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
483 |
for host, options in enabled_hosts() do --luacheck: ignore 213/host |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
484 |
if not options.component_module and options.modules_enabled then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
485 |
suggested_global_modules = set.intersection(suggested_global_modules or set.new(options.modules_enabled), set.new(options.modules_enabled)); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
486 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
487 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
488 |
if suggested_global_modules and not suggested_global_modules:empty() then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
489 |
print(" Consider moving these modules into modules_enabled in the global section:") |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
490 |
print(" "..tostring(suggested_global_modules / function (x) return ("%q"):format(x) end)); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
491 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
492 |
print(); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
493 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
494 |
|
13221
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
495 |
local function validate_module_list(host, name, modules) |
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
496 |
if modules == nil then |
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
497 |
return -- okay except for global section, checked separately |
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
498 |
end |
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
499 |
local t = type(modules) |
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
500 |
if t ~= "table" then |
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
501 |
print(" The " .. name .. " in the " .. host .. " section should not be a " .. t .. " but a list of strings, e.g."); |
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
502 |
print(" " .. name .. " = { \"name_of_module\", \"another_plugin\", }") |
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
503 |
print() |
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
504 |
ok = false |
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
505 |
return |
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
506 |
end |
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
507 |
for k, v in pairs(modules) do |
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
508 |
if type(k) ~= "number" or type(v) ~= "string" then |
13320
a27a329e93ca
util.prosodyctl.check: Try to clarify check for misplaced k=v in modules_enabled (thanks aab and Menel)
Kim Alvefur <zash@zash.se>
parents:
13306
diff
changeset
|
509 |
print(" The " .. name .. " in the " .. host .. " section should be a list of strings, e.g."); |
13221
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
510 |
print(" " .. name .. " = { \"name_of_module\", \"another_plugin\", }") |
13320
a27a329e93ca
util.prosodyctl.check: Try to clarify check for misplaced k=v in modules_enabled (thanks aab and Menel)
Kim Alvefur <zash@zash.se>
parents:
13306
diff
changeset
|
511 |
print(" It should not contain key = value pairs, try putting them outside the {} brackets."); |
13221
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
512 |
ok = false |
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
513 |
break |
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
514 |
end |
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
515 |
end |
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
516 |
end |
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
517 |
|
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
518 |
for host, options in enabled_hosts() do |
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
519 |
validate_module_list(host, "modules_enabled", options.modules_enabled); |
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
520 |
validate_module_list(host, "modules_disabled", options.modules_disabled); |
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
521 |
end |
b264ea91e930
util.prosodyctl.check: Validate format of module list options
Kim Alvefur <zash@zash.se>
parents:
13220
diff
changeset
|
522 |
|
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
523 |
do -- Check for modules enabled both normally and as components |
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
524 |
local modules = global:get_option_set("modules_enabled"); |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
525 |
for host, options in enabled_hosts() do |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
526 |
local component_module = options.component_module; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
527 |
if component_module and modules:contains(component_module) then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
528 |
print((" mod_%s is enabled both in modules_enabled and as Component %q %q"):format(component_module, host, component_module)); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
529 |
print(" This means the service is enabled on all VirtualHosts as well as the Component."); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
530 |
print(" Are you sure this what you want? It may cause unexpected behaviour."); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
531 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
532 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
533 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
534 |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
535 |
-- Check for global options under hosts |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
536 |
local global_options = set.new(it.to_array(it.keys(config["*"]))); |
11802
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11787
diff
changeset
|
537 |
local obsolete_global_options = set.intersection(global_options, obsolete); |
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11787
diff
changeset
|
538 |
if not obsolete_global_options:empty() then |
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11787
diff
changeset
|
539 |
print(""); |
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11787
diff
changeset
|
540 |
print(" You have some obsolete options you can remove from the global section:"); |
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11787
diff
changeset
|
541 |
print(" "..tostring(obsolete_global_options)) |
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11787
diff
changeset
|
542 |
ok = false; |
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11787
diff
changeset
|
543 |
end |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
544 |
local deprecated_global_options = set.intersection(global_options, deprecated); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
545 |
if not deprecated_global_options:empty() then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
546 |
print(""); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
547 |
print(" You have some deprecated options in the global section:"); |
11802
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11787
diff
changeset
|
548 |
for option in deprecated_global_options do |
12162
7ff3699c1653
util.prosodyctl.check: Move word to ease future translations
Kim Alvefur <zash@zash.se>
parents:
12161
diff
changeset
|
549 |
print((" '%s' -- %s"):format(option, deprecated_replacements[option])); |
11802
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11787
diff
changeset
|
550 |
end |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
551 |
ok = false; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
552 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
553 |
for host, options in it.filter(function (h) return h ~= "*" end, pairs(configmanager.getconfig())) do |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
554 |
local host_options = set.new(it.to_array(it.keys(options))); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
555 |
local misplaced_options = set.intersection(host_options, known_global_options); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
556 |
for name in pairs(options) do |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
557 |
if name:match("^interfaces?") |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
558 |
or name:match("_ports?$") or name:match("_interfaces?$") |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
559 |
or (name:match("_ssl$") and not name:match("^[cs]2s_ssl$")) then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
560 |
misplaced_options:add(name); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
561 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
562 |
end |
11803
8c9ec2db1d95
util.prosodyctl.check: Fix to not treat some options as misplaced
Kim Alvefur <zash@zash.se>
parents:
11802
diff
changeset
|
563 |
-- FIXME These _could_ be misplaced, but we would have to check where the corresponding module is loaded to be sure |
8c9ec2db1d95
util.prosodyctl.check: Fix to not treat some options as misplaced
Kim Alvefur <zash@zash.se>
parents:
11802
diff
changeset
|
564 |
misplaced_options:exclude(set.new({ "external_service_port", "turn_external_port" })); |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
565 |
if not misplaced_options:empty() then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
566 |
ok = false; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
567 |
print(""); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
568 |
local n = it.count(misplaced_options); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
569 |
print(" You have "..n.." option"..(n>1 and "s " or " ").."set under "..host.." that should be"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
570 |
print(" in the global section of the config file, above any VirtualHost or Component definitions,") |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
571 |
print(" see https://prosody.im/doc/configure#overview for more information.") |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
572 |
print(""); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
573 |
print(" You need to move the following option"..(n>1 and "s" or "")..": "..table.concat(it.to_array(misplaced_options), ", ")); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
574 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
575 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
576 |
for host, options in enabled_hosts() do |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
577 |
local host_options = set.new(it.to_array(it.keys(options))); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
578 |
local subdomain = host:match("^[^.]+"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
579 |
if not(host_options:contains("component_module")) and (subdomain == "jabber" or subdomain == "xmpp" |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
580 |
or subdomain == "chat" or subdomain == "im") then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
581 |
print(""); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
582 |
print(" Suggestion: If "..host.. " is a new host with no real users yet, consider renaming it now to"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
583 |
print(" "..host:gsub("^[^.]+%.", "")..". You can use SRV records to redirect XMPP clients and servers to "..host.."."); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
584 |
print(" For more information see: https://prosody.im/doc/dns"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
585 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
586 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
587 |
local all_modules = set.new(config["*"].modules_enabled); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
588 |
local all_options = set.new(it.to_array(it.keys(config["*"]))); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
589 |
for host in enabled_hosts() do |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
590 |
all_options:include(set.new(it.to_array(it.keys(config[host])))); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
591 |
all_modules:include(set.new(config[host].modules_enabled)); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
592 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
593 |
for mod in all_modules do |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
594 |
if mod:match("^mod_") then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
595 |
print(""); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
596 |
print(" Modules in modules_enabled should not have the 'mod_' prefix included."); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
597 |
print(" Change '"..mod.."' to '"..mod:match("^mod_(.*)").."'."); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
598 |
elseif mod:match("^auth_") then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
599 |
print(""); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
600 |
print(" Authentication modules should not be added to modules_enabled,"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
601 |
print(" but be specified in the 'authentication' option."); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
602 |
print(" Remove '"..mod.."' from modules_enabled and instead add"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
603 |
print(" authentication = '"..mod:match("^auth_(.*)").."'"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
604 |
print(" For more information see https://prosody.im/doc/authentication"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
605 |
elseif mod:match("^storage_") then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
606 |
print(""); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
607 |
print(" storage modules should not be added to modules_enabled,"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
608 |
print(" but be specified in the 'storage' option."); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
609 |
print(" Remove '"..mod.."' from modules_enabled and instead add"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
610 |
print(" storage = '"..mod:match("^storage_(.*)").."'"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
611 |
print(" For more information see https://prosody.im/doc/storage"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
612 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
613 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
614 |
if all_modules:contains("vcard") and all_modules:contains("vcard_legacy") then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
615 |
print(""); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
616 |
print(" Both mod_vcard_legacy and mod_vcard are enabled but they conflict"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
617 |
print(" with each other. Remove one."); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
618 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
619 |
if all_modules:contains("pep") and all_modules:contains("pep_simple") then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
620 |
print(""); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
621 |
print(" Both mod_pep_simple and mod_pep are enabled but they conflict"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
622 |
print(" with each other. Remove one."); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
623 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
624 |
for host, host_config in pairs(config) do --luacheck: ignore 213/host |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
625 |
if type(rawget(host_config, "storage")) == "string" and rawget(host_config, "default_storage") then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
626 |
print(""); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
627 |
print(" The 'default_storage' option is not needed if 'storage' is set to a string."); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
628 |
break; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
629 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
630 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
631 |
local require_encryption = set.intersection(all_options, set.new({ |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
632 |
"require_encryption", "c2s_require_encryption", "s2s_require_encryption" |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
633 |
})):empty(); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
634 |
local ssl = dependencies.softreq"ssl"; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
635 |
if not ssl then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
636 |
if not require_encryption then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
637 |
print(""); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
638 |
print(" You require encryption but LuaSec is not available."); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
639 |
print(" Connections will fail."); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
640 |
ok = false; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
641 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
642 |
elseif not ssl.loadcertificate then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
643 |
if all_options:contains("s2s_secure_auth") then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
644 |
print(""); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
645 |
print(" You have set s2s_secure_auth but your version of LuaSec does "); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
646 |
print(" not support certificate validation, so all s2s connections will"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
647 |
print(" fail."); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
648 |
ok = false; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
649 |
elseif all_options:contains("s2s_secure_domains") then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
650 |
local secure_domains = set.new(); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
651 |
for host in enabled_hosts() do |
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
652 |
if api(host):get_option_boolean("s2s_secure_auth") then |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
653 |
secure_domains:add("*"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
654 |
else |
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
655 |
secure_domains:include(api(host):get_option_set("s2s_secure_domains", {})); |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
656 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
657 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
658 |
if not secure_domains:empty() then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
659 |
print(""); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
660 |
print(" You have set s2s_secure_domains but your version of LuaSec does "); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
661 |
print(" not support certificate validation, so s2s connections to/from "); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
662 |
print(" these domains will fail."); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
663 |
ok = false; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
664 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
665 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
666 |
elseif require_encryption and not all_modules:contains("tls") then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
667 |
print(""); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
668 |
print(" You require encryption but mod_tls is not enabled."); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
669 |
print(" Connections will fail."); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
670 |
ok = false; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
671 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
672 |
|
12321
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
673 |
do |
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
674 |
local registration_enabled_hosts = {}; |
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
675 |
for host in enabled_hosts() do |
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
676 |
local host_modules, component = modulemanager.get_modules_for_host(host); |
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
677 |
local hostapi = api(host); |
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
678 |
local allow_registration = hostapi:get_option_boolean("allow_registration", false); |
12321
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
679 |
local mod_register = host_modules:contains("register"); |
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
680 |
local mod_register_ibr = host_modules:contains("register_ibr"); |
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
681 |
local mod_invites_register = host_modules:contains("invites_register"); |
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
682 |
local registration_invite_only = hostapi:get_option_boolean("registration_invite_only", true); |
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
683 |
local is_vhost = not component; |
12321
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
684 |
if is_vhost and (mod_register_ibr or (mod_register and allow_registration)) |
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
685 |
and not (mod_invites_register and registration_invite_only) then |
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
686 |
table.insert(registration_enabled_hosts, host); |
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
687 |
end |
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
688 |
end |
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
689 |
if #registration_enabled_hosts > 0 then |
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
690 |
table.sort(registration_enabled_hosts); |
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
691 |
print(""); |
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
692 |
print(" Public registration is enabled on:"); |
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
693 |
print(" "..table.concat(registration_enabled_hosts, ", ")); |
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
694 |
print(""); |
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
695 |
print(" If this is intentional, review our guidelines on running a public server"); |
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
696 |
print(" at https://prosody.im/doc/public_servers - otherwise, consider switching to"); |
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
697 |
print(" invite-based registration, which is more secure."); |
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
698 |
end |
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
699 |
end |
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
700 |
|
12322
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
701 |
do |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
702 |
local orphan_components = {}; |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
703 |
local referenced_components = set.new(); |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
704 |
local enabled_hosts_set = set.new(); |
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
705 |
for host in it.filter("*", pairs(configmanager.getconfig())) do |
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
706 |
local hostapi = api(host); |
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
707 |
if hostapi:get_option_boolean("enabled", true) then |
12322
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
708 |
enabled_hosts_set:add(host); |
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
709 |
for _, disco_item in ipairs(hostapi:get_option_array("disco_items", {})) do |
12322
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
710 |
referenced_components:add(disco_item[1]); |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
711 |
end |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
712 |
end |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
713 |
end |
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
714 |
for host in it.filter(skip_bare_jid_hosts, enabled_hosts()) do |
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
715 |
local is_component = not not select(2, modulemanager.get_modules_for_host(host)); |
12322
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
716 |
if is_component then |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
717 |
local parent_domain = host:match("^[^.]+%.(.+)$"); |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
718 |
local is_orphan = not (enabled_hosts_set:contains(parent_domain) or referenced_components:contains(host)); |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
719 |
if is_orphan then |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
720 |
table.insert(orphan_components, host); |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
721 |
end |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
722 |
end |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
723 |
end |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
724 |
if #orphan_components > 0 then |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
725 |
table.sort(orphan_components); |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
726 |
print(""); |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
727 |
print(" Your configuration contains the following unreferenced components:\n"); |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
728 |
print(" "..table.concat(orphan_components, "\n ")); |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
729 |
print(""); |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
730 |
print(" Clients may not be able to discover these services because they are not linked to"); |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
731 |
print(" any VirtualHost. They are automatically linked if they are direct subdomains of a"); |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
732 |
print(" VirtualHost. Alternatively, you can explicitly link them using the disco_items option."); |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
733 |
print(" For more information see https://prosody.im/doc/modules/mod_disco#items"); |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
734 |
end |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
735 |
end |
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12321
diff
changeset
|
736 |
|
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
737 |
print("Done.\n"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
738 |
end |
13305
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
739 |
function checks.dns() |
12979
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12903
diff
changeset
|
740 |
local dns = require "prosody.net.dns"; |
10975
3cdb4a7cb406
util.prosodyctl.check: Use net.unbound for DNS if available
Kim Alvefur <zash@zash.se>
parents:
10936
diff
changeset
|
741 |
pcall(function () |
12979
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12903
diff
changeset
|
742 |
local unbound = require"prosody.net.unbound"; |
11649
3be346c5b940
util.prosodyctl.check: Reload unbound to ensure hosts.txt is ignored
Kim Alvefur <zash@zash.se>
parents:
11639
diff
changeset
|
743 |
dns = unbound.dns; |
10975
3cdb4a7cb406
util.prosodyctl.check: Use net.unbound for DNS if available
Kim Alvefur <zash@zash.se>
parents:
10936
diff
changeset
|
744 |
end) |
12979
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12903
diff
changeset
|
745 |
local idna = require "prosody.util.encodings".idna; |
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12903
diff
changeset
|
746 |
local ip = require "prosody.util.ip"; |
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
747 |
local global = api("*"); |
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
748 |
local c2s_ports = global:get_option_set("c2s_ports", {5222}); |
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
749 |
local s2s_ports = global:get_option_set("s2s_ports", {5269}); |
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
750 |
local c2s_tls_ports = global:get_option_set("c2s_direct_tls_ports", {}); |
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
751 |
local s2s_tls_ports = global:get_option_set("s2s_direct_tls_ports", {}); |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
752 |
|
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
753 |
local global_enabled = set.new(); |
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
754 |
for host in enabled_hosts() do |
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
755 |
global_enabled:include(modulemanager.get_modules_for_host(host)); |
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
756 |
end |
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
757 |
if global_enabled:contains("net_multiplex") then |
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
758 |
local multiplex_ports = global:get_option_set("ports", {}); |
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
759 |
local multiplex_tls_ports = global:get_option_set("ssl_ports", {}); |
12234
f590058d8d99
util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents:
12222
diff
changeset
|
760 |
if not multiplex_ports:empty() then |
f590058d8d99
util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents:
12222
diff
changeset
|
761 |
c2s_ports = c2s_ports + multiplex_ports; |
f590058d8d99
util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents:
12222
diff
changeset
|
762 |
s2s_ports = s2s_ports + multiplex_ports; |
f590058d8d99
util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents:
12222
diff
changeset
|
763 |
end |
f590058d8d99
util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents:
12222
diff
changeset
|
764 |
if not multiplex_tls_ports:empty() then |
f590058d8d99
util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents:
12222
diff
changeset
|
765 |
c2s_tls_ports = c2s_tls_ports + multiplex_tls_ports; |
f590058d8d99
util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents:
12222
diff
changeset
|
766 |
s2s_tls_ports = s2s_tls_ports + multiplex_tls_ports; |
f590058d8d99
util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents:
12222
diff
changeset
|
767 |
end |
f590058d8d99
util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents:
12222
diff
changeset
|
768 |
end |
f590058d8d99
util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents:
12222
diff
changeset
|
769 |
|
11780
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11659
diff
changeset
|
770 |
local c2s_srv_required, s2s_srv_required, c2s_tls_srv_required, s2s_tls_srv_required; |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
771 |
if not c2s_ports:contains(5222) then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
772 |
c2s_srv_required = true; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
773 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
774 |
if not s2s_ports:contains(5269) then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
775 |
s2s_srv_required = true; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
776 |
end |
11619
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
777 |
if not c2s_tls_ports:empty() then |
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
778 |
c2s_tls_srv_required = true; |
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
779 |
end |
11780
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11659
diff
changeset
|
780 |
if not s2s_tls_ports:empty() then |
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11659
diff
changeset
|
781 |
s2s_tls_srv_required = true; |
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11659
diff
changeset
|
782 |
end |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
783 |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
784 |
local problem_hosts = set.new(); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
785 |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
786 |
local external_addresses, internal_addresses = set.new(), set.new(); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
787 |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
788 |
local fqdn = socket.dns.tohostname(socket.dns.gethostname()); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
789 |
if fqdn then |
13125
332e95f75dbb
util.prosodyctl.check: Fix error where hostname can't be turned into A label
Kim Alvefur <zash@zash.se>
parents:
12902
diff
changeset
|
790 |
local fqdn_a = idna.to_ascii(fqdn); |
332e95f75dbb
util.prosodyctl.check: Fix error where hostname can't be turned into A label
Kim Alvefur <zash@zash.se>
parents:
12902
diff
changeset
|
791 |
if fqdn_a then |
332e95f75dbb
util.prosodyctl.check: Fix error where hostname can't be turned into A label
Kim Alvefur <zash@zash.se>
parents:
12902
diff
changeset
|
792 |
local res = dns.lookup(fqdn_a, "A"); |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
793 |
if res then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
794 |
for _, record in ipairs(res) do |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
795 |
external_addresses:add(record.a); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
796 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
797 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
798 |
end |
13125
332e95f75dbb
util.prosodyctl.check: Fix error where hostname can't be turned into A label
Kim Alvefur <zash@zash.se>
parents:
12902
diff
changeset
|
799 |
if fqdn_a then |
332e95f75dbb
util.prosodyctl.check: Fix error where hostname can't be turned into A label
Kim Alvefur <zash@zash.se>
parents:
12902
diff
changeset
|
800 |
local res = dns.lookup(fqdn_a, "AAAA"); |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
801 |
if res then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
802 |
for _, record in ipairs(res) do |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
803 |
external_addresses:add(record.aaaa); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
804 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
805 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
806 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
807 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
808 |
|
12979
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12903
diff
changeset
|
809 |
local local_addresses = require"prosody.util.net".local_addresses() or {}; |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
810 |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
811 |
for addr in it.values(local_addresses) do |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
812 |
if not ip.new_ip(addr).private then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
813 |
external_addresses:add(addr); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
814 |
else |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
815 |
internal_addresses:add(addr); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
816 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
817 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
818 |
|
12324
f0be98bab9dd
prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config
Matthew Wild <mwild1@gmail.com>
parents:
12323
diff
changeset
|
819 |
-- Allow admin to specify additional (e.g. undiscoverable) IP addresses in the config |
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
820 |
for _, address in ipairs(global:get_option_array("external_addresses", {})) do |
12324
f0be98bab9dd
prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config
Matthew Wild <mwild1@gmail.com>
parents:
12323
diff
changeset
|
821 |
external_addresses:add(address); |
f0be98bab9dd
prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config
Matthew Wild <mwild1@gmail.com>
parents:
12323
diff
changeset
|
822 |
end |
f0be98bab9dd
prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config
Matthew Wild <mwild1@gmail.com>
parents:
12323
diff
changeset
|
823 |
|
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
824 |
if external_addresses:empty() then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
825 |
print(""); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
826 |
print(" Failed to determine the external addresses of this server. Checks may be inaccurate."); |
13223
22763b30e458
util.prosodyctl.check: Hint about the 'external_addresses' config option
Kim Alvefur <zash@zash.se>
parents:
13221
diff
changeset
|
827 |
print(" If you know the correct external addresses you can specify them in the config like:") |
22763b30e458
util.prosodyctl.check: Hint about the 'external_addresses' config option
Kim Alvefur <zash@zash.se>
parents:
13221
diff
changeset
|
828 |
print(" external_addresses = { \"192.0.2.34\", \"2001:db8::abcd:1234\" }") |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
829 |
c2s_srv_required, s2s_srv_required = true, true; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
830 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
831 |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
832 |
local v6_supported = not not socket.tcp6; |
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
833 |
local use_ipv4 = global:get_option_boolean("use_ipv4", true); |
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
834 |
local use_ipv6 = global:get_option_boolean("use_ipv6", true); |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
835 |
|
11659
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11658
diff
changeset
|
836 |
local function trim_dns_name(n) |
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11658
diff
changeset
|
837 |
return (n:gsub("%.$", "")); |
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11658
diff
changeset
|
838 |
end |
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11658
diff
changeset
|
839 |
|
12323
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12322
diff
changeset
|
840 |
local unknown_addresses = set.new(); |
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12322
diff
changeset
|
841 |
|
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
842 |
for jid in enabled_hosts() do |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
843 |
local all_targets_ok, some_targets_ok = true, false; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
844 |
local node, host = jid_split(jid); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
845 |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
846 |
local modules, component_module = modulemanager.get_modules_for_host(host); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
847 |
if component_module then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
848 |
modules:add(component_module); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
849 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
850 |
|
12846
3edd39c55a8a
prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793)
Kim Alvefur <zash@zash.se>
parents:
12524
diff
changeset
|
851 |
-- TODO Refactor these DNS SRV checks since they are very similar |
3edd39c55a8a
prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793)
Kim Alvefur <zash@zash.se>
parents:
12524
diff
changeset
|
852 |
-- FIXME Suggest concrete actionable steps to correct issues so that |
3edd39c55a8a
prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793)
Kim Alvefur <zash@zash.se>
parents:
12524
diff
changeset
|
853 |
-- users don't have to copy-paste the message into the support chat and |
3edd39c55a8a
prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793)
Kim Alvefur <zash@zash.se>
parents:
12524
diff
changeset
|
854 |
-- ask what to do about it. |
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
855 |
local is_component = not not component_module; |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
856 |
print("Checking DNS for "..(is_component and "component" or "host").." "..jid.."..."); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
857 |
if node then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
858 |
print("Only the domain part ("..host..") is used in DNS.") |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
859 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
860 |
local target_hosts = set.new(); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
861 |
if modules:contains("c2s") then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
862 |
local res = dns.lookup("_xmpp-client._tcp."..idna.to_ascii(host)..".", "SRV"); |
11617
c8a9f77d48fd
util.prosodyctl.check: Fix for net.dns vs unbound API difference
Kim Alvefur <zash@zash.se>
parents:
11616
diff
changeset
|
863 |
if res and #res > 0 then |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
864 |
for _, record in ipairs(res) do |
10936
ea4a7619058f
util.prosodyctl.check: Fix traceback by handling SRV '.' target to
Kim Alvefur <zash@zash.se>
parents:
10875
diff
changeset
|
865 |
if record.srv.target == "." then -- TODO is this an error if mod_c2s is enabled? |
ea4a7619058f
util.prosodyctl.check: Fix traceback by handling SRV '.' target to
Kim Alvefur <zash@zash.se>
parents:
10875
diff
changeset
|
866 |
print(" 'xmpp-client' service disabled by pointing to '.'"); -- FIXME Explain better what this is |
ea4a7619058f
util.prosodyctl.check: Fix traceback by handling SRV '.' target to
Kim Alvefur <zash@zash.se>
parents:
10875
diff
changeset
|
867 |
break; |
ea4a7619058f
util.prosodyctl.check: Fix traceback by handling SRV '.' target to
Kim Alvefur <zash@zash.se>
parents:
10875
diff
changeset
|
868 |
end |
11659
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11658
diff
changeset
|
869 |
local target = trim_dns_name(record.srv.target); |
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11658
diff
changeset
|
870 |
target_hosts:add(target); |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
871 |
if not c2s_ports:contains(record.srv.port) then |
11659
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11658
diff
changeset
|
872 |
print(" SRV target "..target.." contains unknown client port: "..record.srv.port); |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
873 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
874 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
875 |
else |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
876 |
if c2s_srv_required then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
877 |
print(" No _xmpp-client SRV record found for "..host..", but it looks like you need one."); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
878 |
all_targets_ok = false; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
879 |
else |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
880 |
target_hosts:add(host); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
881 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
882 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
883 |
end |
12846
3edd39c55a8a
prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793)
Kim Alvefur <zash@zash.se>
parents:
12524
diff
changeset
|
884 |
if modules:contains("c2s") then |
11619
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
885 |
local res = dns.lookup("_xmpps-client._tcp."..idna.to_ascii(host)..".", "SRV"); |
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
886 |
if res and #res > 0 then |
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
887 |
for _, record in ipairs(res) do |
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
888 |
if record.srv.target == "." then -- TODO is this an error if mod_c2s is enabled? |
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
889 |
print(" 'xmpps-client' service disabled by pointing to '.'"); -- FIXME Explain better what this is |
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
890 |
break; |
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
891 |
end |
11659
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11658
diff
changeset
|
892 |
local target = trim_dns_name(record.srv.target); |
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11658
diff
changeset
|
893 |
target_hosts:add(target); |
11619
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
894 |
if not c2s_tls_ports:contains(record.srv.port) then |
11659
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11658
diff
changeset
|
895 |
print(" SRV target "..target.." contains unknown Direct TLS client port: "..record.srv.port); |
11619
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
896 |
end |
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
897 |
end |
12846
3edd39c55a8a
prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793)
Kim Alvefur <zash@zash.se>
parents:
12524
diff
changeset
|
898 |
elseif c2s_tls_srv_required then |
11619
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
899 |
print(" No _xmpps-client SRV record found for "..host..", but it looks like you need one."); |
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
900 |
all_targets_ok = false; |
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
901 |
end |
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
902 |
end |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
903 |
if modules:contains("s2s") then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
904 |
local res = dns.lookup("_xmpp-server._tcp."..idna.to_ascii(host)..".", "SRV"); |
11617
c8a9f77d48fd
util.prosodyctl.check: Fix for net.dns vs unbound API difference
Kim Alvefur <zash@zash.se>
parents:
11616
diff
changeset
|
905 |
if res and #res > 0 then |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
906 |
for _, record in ipairs(res) do |
10936
ea4a7619058f
util.prosodyctl.check: Fix traceback by handling SRV '.' target to
Kim Alvefur <zash@zash.se>
parents:
10875
diff
changeset
|
907 |
if record.srv.target == "." then -- TODO Is this an error if mod_s2s is enabled? |
ea4a7619058f
util.prosodyctl.check: Fix traceback by handling SRV '.' target to
Kim Alvefur <zash@zash.se>
parents:
10875
diff
changeset
|
908 |
print(" 'xmpp-server' service disabled by pointing to '.'"); -- FIXME Explain better what this is |
ea4a7619058f
util.prosodyctl.check: Fix traceback by handling SRV '.' target to
Kim Alvefur <zash@zash.se>
parents:
10875
diff
changeset
|
909 |
break; |
ea4a7619058f
util.prosodyctl.check: Fix traceback by handling SRV '.' target to
Kim Alvefur <zash@zash.se>
parents:
10875
diff
changeset
|
910 |
end |
11659
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11658
diff
changeset
|
911 |
local target = trim_dns_name(record.srv.target); |
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11658
diff
changeset
|
912 |
target_hosts:add(target); |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
913 |
if not s2s_ports:contains(record.srv.port) then |
11659
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11658
diff
changeset
|
914 |
print(" SRV target "..target.." contains unknown server port: "..record.srv.port); |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
915 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
916 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
917 |
else |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
918 |
if s2s_srv_required then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
919 |
print(" No _xmpp-server SRV record found for "..host..", but it looks like you need one."); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
920 |
all_targets_ok = false; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
921 |
else |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
922 |
target_hosts:add(host); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
923 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
924 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
925 |
end |
12846
3edd39c55a8a
prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793)
Kim Alvefur <zash@zash.se>
parents:
12524
diff
changeset
|
926 |
if modules:contains("s2s") then |
11780
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11659
diff
changeset
|
927 |
local res = dns.lookup("_xmpps-server._tcp."..idna.to_ascii(host)..".", "SRV"); |
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11659
diff
changeset
|
928 |
if res and #res > 0 then |
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11659
diff
changeset
|
929 |
for _, record in ipairs(res) do |
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11659
diff
changeset
|
930 |
if record.srv.target == "." then -- TODO is this an error if mod_s2s is enabled? |
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11659
diff
changeset
|
931 |
print(" 'xmpps-server' service disabled by pointing to '.'"); -- FIXME Explain better what this is |
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11659
diff
changeset
|
932 |
break; |
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11659
diff
changeset
|
933 |
end |
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11659
diff
changeset
|
934 |
local target = trim_dns_name(record.srv.target); |
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11659
diff
changeset
|
935 |
target_hosts:add(target); |
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11659
diff
changeset
|
936 |
if not s2s_tls_ports:contains(record.srv.port) then |
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11659
diff
changeset
|
937 |
print(" SRV target "..target.." contains unknown Direct TLS server port: "..record.srv.port); |
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11659
diff
changeset
|
938 |
end |
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11659
diff
changeset
|
939 |
end |
12846
3edd39c55a8a
prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793)
Kim Alvefur <zash@zash.se>
parents:
12524
diff
changeset
|
940 |
elseif s2s_tls_srv_required then |
11780
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11659
diff
changeset
|
941 |
print(" No _xmpps-server SRV record found for "..host..", but it looks like you need one."); |
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11659
diff
changeset
|
942 |
all_targets_ok = false; |
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11659
diff
changeset
|
943 |
end |
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11659
diff
changeset
|
944 |
end |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
945 |
if target_hosts:empty() then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
946 |
target_hosts:add(host); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
947 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
948 |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
949 |
if target_hosts:contains("localhost") then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
950 |
print(" Target 'localhost' cannot be accessed from other servers"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
951 |
target_hosts:remove("localhost"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
952 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
953 |
|
12221
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
954 |
local function check_address(target) |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
955 |
local A, AAAA = dns.lookup(idna.to_ascii(target), "A"), dns.lookup(idna.to_ascii(target), "AAAA"); |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
956 |
local prob = {}; |
12235
ca8453129ade
util.prosodyctl.check: Fix A/AAAA check for proxy65 and http
Kim Alvefur <zash@zash.se>
parents:
12234
diff
changeset
|
957 |
if use_ipv4 and not (A and #A > 0) then table.insert(prob, "A"); end |
ca8453129ade
util.prosodyctl.check: Fix A/AAAA check for proxy65 and http
Kim Alvefur <zash@zash.se>
parents:
12234
diff
changeset
|
958 |
if use_ipv6 and not (AAAA and #AAAA > 0) then table.insert(prob, "AAAA"); end |
12221
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
959 |
return prob; |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
960 |
end |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
961 |
|
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
962 |
if modules:contains("proxy65") then |
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
963 |
local proxy65_target = api(host):get_option_string("proxy65_address", host); |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
964 |
if type(proxy65_target) == "string" then |
12221
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
965 |
local prob = check_address(proxy65_target); |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
966 |
if #prob > 0 then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
967 |
print(" File transfer proxy "..proxy65_target.." has no "..table.concat(prob, "/") |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
968 |
.." record. Create one or set 'proxy65_address' to the correct host/IP."); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
969 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
970 |
else |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
971 |
print(" proxy65_address for "..host.." should be set to a string, unable to perform DNS check"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
972 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
973 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
974 |
|
12221
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
975 |
local known_http_modules = set.new { "bosh"; "http_files"; "http_file_share"; "http_openmetrics"; "websocket" }; |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
976 |
local function contains_match(hayset, needle) |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
977 |
for member in hayset do if member:find(needle) then return true end end |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
978 |
end |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
979 |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
980 |
if modules:contains("http") or not set.intersection(modules, known_http_modules):empty() |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
981 |
or contains_match(modules, "^http_") or contains_match(modules, "_web$") then |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
982 |
|
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
983 |
local http_host = api(host):get_option_string("http_host", host); |
12221
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
984 |
local http_internal_host = http_host; |
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
985 |
local http_url = api(host):get_option_string("http_external_url"); |
12221
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
986 |
if http_url then |
12222
0795e1ccf3d8
util.prosodyctl.check: Fix use of LuaSocket URL parser
Kim Alvefur <zash@zash.se>
parents:
12221
diff
changeset
|
987 |
local url_parse = require "socket.url".parse; |
12221
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
988 |
local external_url_parts = url_parse(http_url); |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
989 |
if external_url_parts then |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
990 |
http_host = external_url_parts.host; |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
991 |
else |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
992 |
print(" The 'http_external_url' setting is not a valid URL"); |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
993 |
end |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
994 |
end |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
995 |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
996 |
local prob = check_address(http_host); |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
997 |
if #prob > 1 then |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
998 |
print(" HTTP service " .. http_host .. " has no " .. table.concat(prob, "/") .. " record. Create one or change " |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
999 |
.. (http_url and "'http_external_url'" or "'http_host'").." to the correct host."); |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
1000 |
end |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
1001 |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
1002 |
if http_host ~= http_internal_host then |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
1003 |
print(" Ensure the reverse proxy sets the HTTP Host header to '" .. http_internal_host .. "'"); |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
1004 |
end |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
1005 |
end |
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12163
diff
changeset
|
1006 |
|
11656
887d7b15e21b
util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
1007 |
if not use_ipv4 and not use_ipv6 then |
887d7b15e21b
util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
1008 |
print(" Both IPv6 and IPv4 are disabled, Prosody will not listen on any ports"); |
887d7b15e21b
util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
1009 |
print(" nor be able to connect to any remote servers."); |
887d7b15e21b
util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
1010 |
all_targets_ok = false; |
887d7b15e21b
util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
1011 |
end |
887d7b15e21b
util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
1012 |
|
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1013 |
for target_host in target_hosts do |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1014 |
local host_ok_v4, host_ok_v6; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1015 |
do |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1016 |
local res = dns.lookup(idna.to_ascii(target_host), "A"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1017 |
if res then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1018 |
for _, record in ipairs(res) do |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1019 |
if external_addresses:contains(record.a) then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1020 |
some_targets_ok = true; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1021 |
host_ok_v4 = true; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1022 |
elseif internal_addresses:contains(record.a) then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1023 |
host_ok_v4 = true; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1024 |
some_targets_ok = true; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1025 |
print(" "..target_host.." A record points to internal address, external connections might fail"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1026 |
else |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1027 |
print(" "..target_host.." A record points to unknown address "..record.a); |
12323
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12322
diff
changeset
|
1028 |
unknown_addresses:add(record.a); |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1029 |
all_targets_ok = false; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1030 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1031 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1032 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1033 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1034 |
do |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1035 |
local res = dns.lookup(idna.to_ascii(target_host), "AAAA"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1036 |
if res then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1037 |
for _, record in ipairs(res) do |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1038 |
if external_addresses:contains(record.aaaa) then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1039 |
some_targets_ok = true; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1040 |
host_ok_v6 = true; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1041 |
elseif internal_addresses:contains(record.aaaa) then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1042 |
host_ok_v6 = true; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1043 |
some_targets_ok = true; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1044 |
print(" "..target_host.." AAAA record points to internal address, external connections might fail"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1045 |
else |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1046 |
print(" "..target_host.." AAAA record points to unknown address "..record.aaaa); |
12323
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12322
diff
changeset
|
1047 |
unknown_addresses:add(record.aaaa); |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1048 |
all_targets_ok = false; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1049 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1050 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1051 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1052 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1053 |
|
11657
51141309ffc4
util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents:
11656
diff
changeset
|
1054 |
if host_ok_v4 and not use_ipv4 then |
51141309ffc4
util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents:
11656
diff
changeset
|
1055 |
print(" Host "..target_host.." does seem to resolve to this server but IPv4 has been disabled"); |
51141309ffc4
util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents:
11656
diff
changeset
|
1056 |
all_targets_ok = false; |
51141309ffc4
util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents:
11656
diff
changeset
|
1057 |
end |
51141309ffc4
util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents:
11656
diff
changeset
|
1058 |
|
51141309ffc4
util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents:
11656
diff
changeset
|
1059 |
if host_ok_v6 and not use_ipv6 then |
51141309ffc4
util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents:
11656
diff
changeset
|
1060 |
print(" Host "..target_host.." does seem to resolve to this server but IPv6 has been disabled"); |
51141309ffc4
util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents:
11656
diff
changeset
|
1061 |
all_targets_ok = false; |
51141309ffc4
util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents:
11656
diff
changeset
|
1062 |
end |
51141309ffc4
util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents:
11656
diff
changeset
|
1063 |
|
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1064 |
local bad_protos = {} |
11655
c9f46d28ed7e
util.prosodyctl.check: Silence IP protocol mismatches when disabled
Kim Alvefur <zash@zash.se>
parents:
11649
diff
changeset
|
1065 |
if use_ipv4 and not host_ok_v4 then |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1066 |
table.insert(bad_protos, "IPv4"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1067 |
end |
11655
c9f46d28ed7e
util.prosodyctl.check: Silence IP protocol mismatches when disabled
Kim Alvefur <zash@zash.se>
parents:
11649
diff
changeset
|
1068 |
if use_ipv6 and not host_ok_v6 then |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1069 |
table.insert(bad_protos, "IPv6"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1070 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1071 |
if #bad_protos > 0 then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1072 |
print(" Host "..target_host.." does not seem to resolve to this server ("..table.concat(bad_protos, "/")..")"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1073 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1074 |
if host_ok_v6 and not v6_supported then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1075 |
print(" Host "..target_host.." has AAAA records, but your version of LuaSocket does not support IPv6."); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1076 |
print(" Please see https://prosody.im/doc/ipv6 for more information."); |
11929
3e0d03a74285
util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false
Kim Alvefur <zash@zash.se>
parents:
11928
diff
changeset
|
1077 |
elseif host_ok_v6 and not use_ipv6 then |
3e0d03a74285
util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false
Kim Alvefur <zash@zash.se>
parents:
11928
diff
changeset
|
1078 |
print(" Host "..target_host.." has AAAA records, but IPv6 is disabled."); |
3e0d03a74285
util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false
Kim Alvefur <zash@zash.se>
parents:
11928
diff
changeset
|
1079 |
-- TODO Tell them to drop the AAAA records or enable IPv6? |
3e0d03a74285
util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false
Kim Alvefur <zash@zash.se>
parents:
11928
diff
changeset
|
1080 |
print(" Please see https://prosody.im/doc/ipv6 for more information."); |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1081 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1082 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1083 |
if not all_targets_ok then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1084 |
print(" "..(some_targets_ok and "Only some" or "No").." targets for "..host.." appear to resolve to this server."); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1085 |
if is_component then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1086 |
print(" DNS records are necessary if you want users on other servers to access this component."); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1087 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1088 |
problem_hosts:add(host); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1089 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1090 |
print(""); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1091 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1092 |
if not problem_hosts:empty() then |
12323
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12322
diff
changeset
|
1093 |
if not unknown_addresses:empty() then |
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12322
diff
changeset
|
1094 |
print(""); |
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12322
diff
changeset
|
1095 |
print("Some of your DNS records point to unknown IP addresses. This may be expected if your server"); |
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12322
diff
changeset
|
1096 |
print("is behind a NAT or proxy. The unrecognized addresses were:"); |
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12322
diff
changeset
|
1097 |
print(""); |
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12322
diff
changeset
|
1098 |
print(" Unrecognized: "..tostring(unknown_addresses)); |
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12322
diff
changeset
|
1099 |
print(""); |
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12322
diff
changeset
|
1100 |
print("The addresses we found on this system are:"); |
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12322
diff
changeset
|
1101 |
print(""); |
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12322
diff
changeset
|
1102 |
print(" Internal: "..tostring(internal_addresses)); |
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12322
diff
changeset
|
1103 |
print(" External: "..tostring(external_addresses)); |
13223
22763b30e458
util.prosodyctl.check: Hint about the 'external_addresses' config option
Kim Alvefur <zash@zash.se>
parents:
13221
diff
changeset
|
1104 |
print("") |
22763b30e458
util.prosodyctl.check: Hint about the 'external_addresses' config option
Kim Alvefur <zash@zash.se>
parents:
13221
diff
changeset
|
1105 |
print("If the list of external external addresses is incorrect you can specify correct addresses in the config:") |
22763b30e458
util.prosodyctl.check: Hint about the 'external_addresses' config option
Kim Alvefur <zash@zash.se>
parents:
13221
diff
changeset
|
1106 |
print(" external_addresses = { \"192.0.2.34\", \"2001:db8::abcd:1234\" }") |
12323
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12322
diff
changeset
|
1107 |
end |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1108 |
print(""); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1109 |
print("For more information about DNS configuration please see https://prosody.im/doc/dns"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1110 |
print(""); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1111 |
ok = false; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1112 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1113 |
end |
13305
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
1114 |
function checks.certs() |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1115 |
local cert_ok; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1116 |
print"Checking certificates..." |
12979
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12903
diff
changeset
|
1117 |
local x509_verify_identity = require"prosody.util.x509".verify_identity; |
13306
30b7cd40ee14
util.prosodyctl.check: Print DANE TLSA records for certificates
Kim Alvefur <zash@zash.se>
parents:
13305
diff
changeset
|
1118 |
local use_dane = configmanager.get("*", "use_dane"); |
30b7cd40ee14
util.prosodyctl.check: Print DANE TLSA records for certificates
Kim Alvefur <zash@zash.se>
parents:
13305
diff
changeset
|
1119 |
local pem2der = require"prosody.util.x509".pem2der; |
30b7cd40ee14
util.prosodyctl.check: Print DANE TLSA records for certificates
Kim Alvefur <zash@zash.se>
parents:
13305
diff
changeset
|
1120 |
local sha256 = require"prosody.util.hashes".sha256; |
12979
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12903
diff
changeset
|
1121 |
local create_context = require "prosody.core.certmanager".create_context; |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1122 |
local ssl = dependencies.softreq"ssl"; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1123 |
-- local datetime_parse = require"util.datetime".parse_x509; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1124 |
local load_cert = ssl and ssl.loadcertificate; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1125 |
-- or ssl.cert_from_pem |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1126 |
if not ssl then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1127 |
print("LuaSec not available, can't perform certificate checks") |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1128 |
if what == "certs" then cert_ok = false end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1129 |
elseif not load_cert then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1130 |
print("This version of LuaSec (" .. ssl._VERSION .. ") does not support certificate checking"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1131 |
cert_ok = false |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1132 |
else |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1133 |
for host in it.filter(skip_bare_jid_hosts, enabled_hosts()) do |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1134 |
print("Checking certificate for "..host); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1135 |
-- First, let's find out what certificate this host uses. |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1136 |
local host_ssl_config = configmanager.rawget(host, "ssl") |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1137 |
or configmanager.rawget(host:match("%.(.*)"), "ssl"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1138 |
local global_ssl_config = configmanager.rawget("*", "ssl"); |
13305
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
1139 |
local ctx_ok, err, ssl_config = create_context(host, "server", host_ssl_config, global_ssl_config); |
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
1140 |
if not ctx_ok then |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1141 |
print(" Error: "..err); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1142 |
cert_ok = false |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1143 |
elseif not ssl_config.certificate then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1144 |
print(" No 'certificate' found for "..host) |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1145 |
cert_ok = false |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1146 |
elseif not ssl_config.key then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1147 |
print(" No 'key' found for "..host) |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1148 |
cert_ok = false |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1149 |
else |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1150 |
local key, err = io.open(ssl_config.key); -- Permissions check only |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1151 |
if not key then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1152 |
print(" Could not open "..ssl_config.key..": "..err); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1153 |
cert_ok = false |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1154 |
else |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1155 |
key:close(); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1156 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1157 |
local cert_fh, err = io.open(ssl_config.certificate); -- Load the file. |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1158 |
if not cert_fh then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1159 |
print(" Could not open "..ssl_config.certificate..": "..err); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1160 |
cert_ok = false |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1161 |
else |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1162 |
print(" Certificate: "..ssl_config.certificate) |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1163 |
local cert = load_cert(cert_fh:read"*a"); cert_fh:close(); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1164 |
if not cert:validat(os.time()) then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1165 |
print(" Certificate has expired.") |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1166 |
cert_ok = false |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1167 |
elseif not cert:validat(os.time() + 86400) then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1168 |
print(" Certificate expires within one day.") |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1169 |
cert_ok = false |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1170 |
elseif not cert:validat(os.time() + 86400*7) then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1171 |
print(" Certificate expires within one week.") |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1172 |
elseif not cert:validat(os.time() + 86400*31) then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1173 |
print(" Certificate expires within one month.") |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1174 |
end |
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
1175 |
if select(2, modulemanager.get_modules_for_host(host)) == nil |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1176 |
and not x509_verify_identity(host, "_xmpp-client", cert) then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1177 |
print(" Not valid for client connections to "..host..".") |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1178 |
cert_ok = false |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1179 |
end |
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
1180 |
if (not (api(host):get_option_boolean("anonymous_login", false) |
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
1181 |
or api(host):get_option_string("authentication", "internal_hashed") == "anonymous")) |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1182 |
and not x509_verify_identity(host, "_xmpp-server", cert) then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1183 |
print(" Not valid for server-to-server connections to "..host..".") |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1184 |
cert_ok = false |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1185 |
end |
13306
30b7cd40ee14
util.prosodyctl.check: Print DANE TLSA records for certificates
Kim Alvefur <zash@zash.se>
parents:
13305
diff
changeset
|
1186 |
if use_dane then |
30b7cd40ee14
util.prosodyctl.check: Print DANE TLSA records for certificates
Kim Alvefur <zash@zash.se>
parents:
13305
diff
changeset
|
1187 |
if cert.pubkey then |
30b7cd40ee14
util.prosodyctl.check: Print DANE TLSA records for certificates
Kim Alvefur <zash@zash.se>
parents:
13305
diff
changeset
|
1188 |
print(" DANE: TLSA 3 1 1 "..sha256(pem2der(cert:pubkey()), true)) |
30b7cd40ee14
util.prosodyctl.check: Print DANE TLSA records for certificates
Kim Alvefur <zash@zash.se>
parents:
13305
diff
changeset
|
1189 |
elseif cert.pem then |
30b7cd40ee14
util.prosodyctl.check: Print DANE TLSA records for certificates
Kim Alvefur <zash@zash.se>
parents:
13305
diff
changeset
|
1190 |
print(" DANE: TLSA 3 0 1 "..sha256(pem2der(cert:pem()), true)) |
30b7cd40ee14
util.prosodyctl.check: Print DANE TLSA records for certificates
Kim Alvefur <zash@zash.se>
parents:
13305
diff
changeset
|
1191 |
end |
30b7cd40ee14
util.prosodyctl.check: Print DANE TLSA records for certificates
Kim Alvefur <zash@zash.se>
parents:
13305
diff
changeset
|
1192 |
end |
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1193 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1194 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1195 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1196 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1197 |
if cert_ok == false then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1198 |
print("") |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1199 |
print("For more information about certificates please see https://prosody.im/doc/certificates"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1200 |
ok = false |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1201 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1202 |
print("") |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1203 |
end |
11783
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1204 |
-- intentionally not doing this by default |
13305
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
1205 |
function checks.connectivity() |
11786
d93107de52dd
util.prosodyctl.check: Ignore unused "ok" variable [luacheck]
Kim Alvefur <zash@zash.se>
parents:
11784
diff
changeset
|
1206 |
local _, prosody_is_running = is_prosody_running(); |
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
1207 |
if api("*"):get_option_string("pidfile") and not prosody_is_running then |
11784
98ae95235775
util.prosodyctl.check: Refuse to do ojn test unless prosody is running
Kim Alvefur <zash@zash.se>
parents:
11783
diff
changeset
|
1208 |
print("Prosody does not appear to be running, which is required for this test."); |
98ae95235775
util.prosodyctl.check: Refuse to do ojn test unless prosody is running
Kim Alvefur <zash@zash.se>
parents:
11783
diff
changeset
|
1209 |
print("Start it and then try again."); |
98ae95235775
util.prosodyctl.check: Refuse to do ojn test unless prosody is running
Kim Alvefur <zash@zash.se>
parents:
11783
diff
changeset
|
1210 |
return 1; |
98ae95235775
util.prosodyctl.check: Refuse to do ojn test unless prosody is running
Kim Alvefur <zash@zash.se>
parents:
11783
diff
changeset
|
1211 |
end |
98ae95235775
util.prosodyctl.check: Refuse to do ojn test unless prosody is running
Kim Alvefur <zash@zash.se>
parents:
11783
diff
changeset
|
1212 |
|
11831
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1213 |
local checker = "observe.jabber.network"; |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1214 |
local probe_instance; |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1215 |
local probe_modules = { |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1216 |
["xmpp-client"] = "c2s_normal_auth"; |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1217 |
["xmpp-server"] = "s2s_normal"; |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1218 |
["xmpps-client"] = nil; -- TODO |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1219 |
["xmpps-server"] = nil; -- TODO |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1220 |
}; |
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
1221 |
local probe_settings = api("*"):get_option_string("connectivity_probe"); |
11831
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1222 |
if type(probe_settings) == "string" then |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1223 |
probe_instance = probe_settings; |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1224 |
elseif type(probe_settings) == "table" and type(probe_settings.url) == "string" then |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1225 |
probe_instance = probe_settings.url; |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1226 |
if type(probe_settings.modules) == "table" then |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1227 |
probe_modules = probe_settings.modules; |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1228 |
end |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1229 |
elseif probe_settings ~= nil then |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1230 |
print("The 'connectivity_probe' setting not understood."); |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1231 |
print("Expected an URL or a table with 'url' and 'modules' fields"); |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1232 |
print("See https://prosody.im/doc/prosodyctl#check for more information."); -- FIXME |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1233 |
return 1; |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1234 |
end |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1235 |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1236 |
local check_api; |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1237 |
if probe_instance then |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1238 |
local parsed_url = socket_url.parse(probe_instance); |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1239 |
if not parsed_url then |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1240 |
print(("'connectivity_probe' is not a valid URL: %q"):format(probe_instance)); |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1241 |
print("Set it to the URL of an XMPP Blackbox Exporter instance and try again"); |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1242 |
return 1; |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1243 |
end |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1244 |
checker = parsed_url.host; |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1245 |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1246 |
function check_api(protocol, host) |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1247 |
local target = socket_url.build({scheme="xmpp",path=host}); |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1248 |
local probe_module = probe_modules[protocol]; |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1249 |
if not probe_module then |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1250 |
return nil, "Checking protocol '"..protocol.."' is currently unsupported"; |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1251 |
end |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1252 |
return check_probe(probe_instance, probe_module, target); |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1253 |
end |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1254 |
else |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1255 |
check_api = check_ojn; |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1256 |
end |
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1257 |
|
11783
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1258 |
for host in it.filter(skip_bare_jid_hosts, enabled_hosts()) do |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1259 |
local modules, component_module = modulemanager.get_modules_for_host(host); |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1260 |
if component_module then |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1261 |
modules:add(component_module) |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1262 |
end |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1263 |
|
11831
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11830
diff
changeset
|
1264 |
print("Checking external connectivity for "..host.." via "..checker) |
11783
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1265 |
local function check_connectivity(protocol) |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1266 |
local success, err = check_api(protocol, host); |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1267 |
if not success and err ~= nil then |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1268 |
print((" %s: Failed to request check at API: %s"):format(protocol, err)) |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1269 |
elseif success then |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1270 |
print((" %s: Works"):format(protocol)) |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1271 |
else |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1272 |
print((" %s: Check service failed to establish (secure) connection"):format(protocol)) |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1273 |
ok = false |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1274 |
end |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1275 |
end |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1276 |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1277 |
if modules:contains("c2s") then |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1278 |
check_connectivity("xmpp-client") |
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
1279 |
if not api("*"):get_option_set("c2s_direct_tls_ports", {}):empty() then |
11961
3a7ce7df7806
util.prosodyctl.check: Support direct TLS connectivity checks
Kim Alvefur <zash@zash.se>
parents:
11944
diff
changeset
|
1280 |
check_connectivity("xmpps-client"); |
3a7ce7df7806
util.prosodyctl.check: Support direct TLS connectivity checks
Kim Alvefur <zash@zash.se>
parents:
11944
diff
changeset
|
1281 |
end |
11783
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1282 |
end |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1283 |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1284 |
if modules:contains("s2s") then |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1285 |
check_connectivity("xmpp-server") |
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
1286 |
if not api("*"):get_option_set("s2s_direct_tls_ports", {}):empty() then |
11961
3a7ce7df7806
util.prosodyctl.check: Support direct TLS connectivity checks
Kim Alvefur <zash@zash.se>
parents:
11944
diff
changeset
|
1287 |
check_connectivity("xmpps-server"); |
3a7ce7df7806
util.prosodyctl.check: Support direct TLS connectivity checks
Kim Alvefur <zash@zash.se>
parents:
11944
diff
changeset
|
1288 |
end |
11783
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1289 |
end |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1290 |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1291 |
print() |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1292 |
end |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1293 |
print("Note: The connectivity check only checks the reachability of the domain.") |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1294 |
print("Note: It does not ensure that the check actually reaches this specific prosody instance.") |
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11782
diff
changeset
|
1295 |
end |
12361
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1296 |
|
13305
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
1297 |
function checks.turn() |
12361
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1298 |
local turn_enabled_hosts = {}; |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1299 |
local turn_services = {}; |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1300 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1301 |
for host in enabled_hosts() do |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1302 |
local has_external_turn = modulemanager.get_modules_for_host(host):contains("turn_external"); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1303 |
if has_external_turn then |
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
1304 |
local hostapi = api(host); |
12361
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1305 |
table.insert(turn_enabled_hosts, host); |
13220
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
1306 |
local turn_host = hostapi:get_option_string("turn_external_host", host); |
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
1307 |
local turn_port = hostapi:get_option_number("turn_external_port", 3478); |
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13125
diff
changeset
|
1308 |
local turn_secret = hostapi:get_option_string("turn_external_secret"); |
12361
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1309 |
if not turn_secret then |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1310 |
print("Error: Your configuration is missing a turn_external_secret for "..host); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1311 |
print("Error: TURN will not be advertised for this host."); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1312 |
ok = false; |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1313 |
else |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1314 |
local turn_id = ("%s:%d"):format(turn_host, turn_port); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1315 |
if turn_services[turn_id] and turn_services[turn_id].secret ~= turn_secret then |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1316 |
print("Error: Your configuration contains multiple differing secrets"); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1317 |
print(" for the TURN service at "..turn_id.." - we will only test one."); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1318 |
elseif not turn_services[turn_id] then |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1319 |
turn_services[turn_id] = { |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1320 |
host = turn_host; |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1321 |
port = turn_port; |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1322 |
secret = turn_secret; |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1323 |
}; |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1324 |
end |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1325 |
end |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1326 |
end |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1327 |
end |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1328 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1329 |
if what == "turn" then |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1330 |
local count = it.count(pairs(turn_services)); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1331 |
if count == 0 then |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1332 |
print("Error: Unable to find any TURN services configured. Enable mod_turn_external!"); |
12492
3183f358a88f
util.prosodyctl.check: turn: Report lack of TURN services as a problem #1749
Kim Alvefur <zash@zash.se>
parents:
12470
diff
changeset
|
1333 |
ok = false; |
12361
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1334 |
else |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1335 |
print("Identified "..tostring(count).." TURN services."); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1336 |
print(""); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1337 |
end |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1338 |
end |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1339 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1340 |
for turn_id, turn_service in pairs(turn_services) do |
12381
317132bca8c0
prosodyctl: check: include TURN checks by default
Matthew Wild <mwild1@gmail.com>
parents:
12380
diff
changeset
|
1341 |
print("Testing TURN service "..turn_id.."..."); |
12361
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1342 |
|
12376
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12366
diff
changeset
|
1343 |
local result = check_turn_service(turn_service, opts.ping); |
12361
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1344 |
if #result.warnings > 0 then |
12385
d999c2b3e289
prosodyctl: check turn: fix formatting of multiple warnings
Matthew Wild <mwild1@gmail.com>
parents:
12384
diff
changeset
|
1345 |
print(("%d warnings:\n"):format(#result.warnings)); |
d999c2b3e289
prosodyctl: check turn: fix formatting of multiple warnings
Matthew Wild <mwild1@gmail.com>
parents:
12384
diff
changeset
|
1346 |
print(" "..table.concat(result.warnings, "\n ")); |
d999c2b3e289
prosodyctl: check turn: fix formatting of multiple warnings
Matthew Wild <mwild1@gmail.com>
parents:
12384
diff
changeset
|
1347 |
print(""); |
12361
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1348 |
end |
12384
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12383
diff
changeset
|
1349 |
|
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12383
diff
changeset
|
1350 |
if opts.verbose then |
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12383
diff
changeset
|
1351 |
if result.external_ip then |
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12383
diff
changeset
|
1352 |
print(("External IP: %s"):format(result.external_ip.address)); |
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12383
diff
changeset
|
1353 |
end |
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12383
diff
changeset
|
1354 |
if result.relayed_addresses then |
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12383
diff
changeset
|
1355 |
for i, relayed_address in ipairs(result.relayed_addresses) do |
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12383
diff
changeset
|
1356 |
print(("Relayed address %d: %s:%d"):format(i, relayed_address.address, relayed_address.port)); |
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12383
diff
changeset
|
1357 |
end |
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12383
diff
changeset
|
1358 |
end |
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12383
diff
changeset
|
1359 |
if result.external_ip_pong then |
12394
71b5c9b8b07a
prosodyctl: check turn: warn about external port mismatches behind NAT
Matthew Wild <mwild1@gmail.com>
parents:
12389
diff
changeset
|
1360 |
print(("TURN external address: %s:%d"):format(result.external_ip_pong.address, result.external_ip_pong.port)); |
12384
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12383
diff
changeset
|
1361 |
end |
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12383
diff
changeset
|
1362 |
end |
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12383
diff
changeset
|
1363 |
|
12361
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1364 |
if result.error then |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1365 |
print("Error: "..result.error.."\n"); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1366 |
ok = false; |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1367 |
else |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1368 |
print("Success!\n"); |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1369 |
end |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1370 |
end |
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1371 |
end |
13305
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
1372 |
if what == nil or what == "all" then |
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
1373 |
local ret; |
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
1374 |
ret = checks.disabled(); |
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
1375 |
if ret ~= nil then return ret; end |
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
1376 |
ret = checks.config(); |
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
1377 |
if ret ~= nil then return ret; end |
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
1378 |
ret = checks.dns(); |
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
1379 |
if ret ~= nil then return ret; end |
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
1380 |
ret = checks.certs(); |
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
1381 |
if ret ~= nil then return ret; end |
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
1382 |
ret = checks.turn(); |
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
1383 |
if ret ~= nil then return ret; end |
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
1384 |
elseif checks[what] then |
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
1385 |
local ret = checks[what](); |
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
1386 |
if ret ~= nil then return ret; end |
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
1387 |
else |
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
1388 |
show_warning("Don't know how to check '%s'. Try one of 'config', 'dns', 'certs', 'disabled', 'turn' or 'connectivity'.", what); |
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
1389 |
show_warning("Note: The connectivity check will connect to a remote server."); |
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
1390 |
return 1; |
84d83f4a190f
util.prosodyctl.check: Wrap each check in a function
Kim Alvefur <zash@zash.se>
parents:
13260
diff
changeset
|
1391 |
end |
12361
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12237
diff
changeset
|
1392 |
|
10875
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1393 |
if not ok then |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1394 |
print("Problems found, see above."); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1395 |
else |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1396 |
print("All checks passed, congratulations!"); |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1397 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1398 |
return ok and 0 or 2; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1399 |
end |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1400 |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1401 |
return { |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1402 |
check = check; |
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1403 |
}; |