From 296e43024490607f164fd43a00ce0f9715f2ef73 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 27 Sep 2017 15:21:20 +0200 Subject: prosodyctl: cert import: Reuse function from certmanager for locating certificates and keys --- prosodyctl | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) (limited to 'prosodyctl') diff --git a/prosodyctl b/prosodyctl index 311f251e..3323b169 100755 --- a/prosodyctl +++ b/prosodyctl @@ -894,18 +894,14 @@ function cert_commands.import(arg) owner = config.get("*", "prosody_user") or "prosody"; group = config.get("*", "prosody_group") or owner; end + local cm = require "core.certmanager"; local imported = {}; for _, host in ipairs(hostnames) do for _, dir in ipairs(arg) do - if lfs.attributes(dir .. "/" .. host .. "/fullchain.pem") - and lfs.attributes(dir .. "/" .. host .. "/privkey.pem") then - copy(dir .. "/" .. host .. "/fullchain.pem", cert_basedir .. "/" .. host .. ".crt", nil, owner, group); - copy(dir .. "/" .. host .. "/privkey.pem", cert_basedir .. "/" .. host .. ".key", "0377", owner, group); - table.insert(imported, host); - elseif lfs.attributes(dir .. "/" .. host .. ".crt") - and lfs.attributes(dir .. "/" .. host .. ".key") then - copy(dir .. "/" .. host .. ".crt", cert_basedir .. "/" .. host .. ".crt", nil, owner, group); - copy(dir .. "/" .. host .. ".key", cert_basedir .. "/" .. host .. ".key", "0377", owner, group); + local paths = cm.find_cert(dir, host); + if paths then + copy(paths.certificate, cert_basedir .. "/" .. host .. ".crt", nil, owner, group); + copy(paths.key, cert_basedir .. "/" .. host .. ".key", "0377", owner, group); table.insert(imported, host); else -- TODO Say where we looked -- cgit v1.2.3 From b71438e89de79f985d8c904fef757083aae14758 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 27 Sep 2017 15:33:29 +0200 Subject: prosody, prosodyctl: Print the actual config file name used when a problem loading it was encountered (see #990) --- prosodyctl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'prosodyctl') diff --git a/prosodyctl b/prosodyctl index 3323b169..379ccf46 100755 --- a/prosodyctl +++ b/prosodyctl @@ -93,13 +93,13 @@ do print("\n"); print("**************************"); if level == "parser" then - print("A problem occured while reading the config file "..(CFG_CONFIGDIR or ".").."/prosody.cfg.lua"); + print("A problem occured while reading the config file "..filename); local err_line, err_message = tostring(err):match("%[string .-%]:(%d*): (.*)"); print("Error"..(err_line and (" on line "..err_line) or "")..": "..(err_message or tostring(err))); print(""); elseif level == "file" then print("Prosody was unable to find the configuration file."); - print("We looked for: "..(CFG_CONFIGDIR or ".").."/prosody.cfg.lua"); + print("We looked for: "..filename); print("A sample config file is included in the Prosody download called prosody.cfg.lua.dist"); print("Copy or rename it to prosody.cfg.lua and edit as necessary."); end -- cgit v1.2.3 From b080aec43ae50bf1cb9396e06d4c37401b50bf9d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 27 Sep 2017 15:37:10 +0200 Subject: prosodyctl: Abort and warn if the config can't be opened after dropping root privileges (fixes #990) --- prosodyctl | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'prosodyctl') diff --git a/prosodyctl b/prosodyctl index 379ccf46..eaccf1d9 100755 --- a/prosodyctl +++ b/prosodyctl @@ -164,6 +164,17 @@ if have_pposix and pposix then if not switched_user then -- Boo! print("Warning: Couldn't switch to Prosody user/group '"..tostring(desired_user).."'/'"..tostring(desired_group).."': "..tostring(err)); + else + -- Make sure the Prosody user can read the config + local conf, err, errno = io.open(ENV_CONFIG); + if conf then + conf:close(); + else + print("The config file is not readable by the '"..desired_user.."' user."); + print("Prosody will not be able to read it."); + print("Error was "..err); + os.exit(1); + end end end -- cgit v1.2.3