From 79e78bc51003c85a1d6142d50713e7143d2e0953 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Sun, 20 Jun 2021 17:11:19 +0200
Subject: util.prosodyctl.check: Add support for checking Direct TLS SRV
 records

---
 util/prosodyctl/check.lua | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

(limited to 'util/prosodyctl/check.lua')

diff --git a/util/prosodyctl/check.lua b/util/prosodyctl/check.lua
index 705ae141..2245668b 100644
--- a/util/prosodyctl/check.lua
+++ b/util/prosodyctl/check.lua
@@ -233,14 +233,18 @@ local function check(arg)
 		local ip = require "util.ip";
 		local c2s_ports = set.new(configmanager.get("*", "c2s_ports") or {5222});
 		local s2s_ports = set.new(configmanager.get("*", "s2s_ports") or {5269});
+		local c2s_tls_ports = set.new(configmanager.get("*", "direct_tls_ports") or {});
 
-		local c2s_srv_required, s2s_srv_required;
+		local c2s_srv_required, s2s_srv_required, c2s_tls_srv_required;
 		if not c2s_ports:contains(5222) then
 			c2s_srv_required = true;
 		end
 		if not s2s_ports:contains(5269) then
 			s2s_srv_required = true;
 		end
+		if not c2s_tls_ports:empty() then
+			c2s_tls_srv_required = true;
+		end
 
 		local problem_hosts = set.new();
 
@@ -321,6 +325,24 @@ local function check(arg)
 					end
 				end
 			end
+			if modules:contains("c2s") and c2s_tls_srv_required then
+				local res = dns.lookup("_xmpps-client._tcp."..idna.to_ascii(host)..".", "SRV");
+				if res and #res > 0 then
+					for _, record in ipairs(res) do
+						if record.srv.target == "." then -- TODO is this an error if mod_c2s is enabled?
+							print("    'xmpps-client' service disabled by pointing to '.'"); -- FIXME Explain better what this is
+							break;
+						end
+						target_hosts:add(record.srv.target);
+						if not c2s_tls_ports:contains(record.srv.port) then
+							print("    SRV target "..record.srv.target.." contains unknown Direct TLS client port: "..record.srv.port);
+						end
+					end
+				else
+					print("    No _xmpps-client SRV record found for "..host..", but it looks like you need one.");
+					all_targets_ok = false;
+				end
+			end
 			if modules:contains("s2s") then
 				local res = dns.lookup("_xmpp-server._tcp."..idna.to_ascii(host)..".", "SRV");
 				if res and #res > 0 then
-- 
cgit v1.2.3