From 708cad129f83414c9f9fd176972323a0c3704cbe Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Wed, 26 Oct 2016 12:51:37 +0100
Subject: [PATCH] xmpp uses cert if available
---
src/freedombone-app-xmpp | 53 +++++++++++++++++++++++++++---------
src/freedombone-config | 11 +++++++-
src/freedombone-utils-config | 1 +
3 files changed, 51 insertions(+), 14 deletions(-)
diff --git a/src/freedombone-app-xmpp b/src/freedombone-app-xmpp
index 77ff62e81..a27015580 100755
--- a/src/freedombone-app-xmpp
+++ b/src/freedombone-app-xmpp
@@ -46,7 +46,8 @@ xmpp_variables=(ONION_ONLY
XMPP_ECC_CURVE
XMPP_ECC_CURVE
MY_USERNAME
- DEFAULT_DOMAIN_NAME)
+ DEFAULT_DOMAIN_NAME
+ XMPP_DOMAIN_CODE)
function remove_user_xmpp {
remove_username="$1"
@@ -312,7 +313,7 @@ function install_xmpp_main {
if [ ! -d /etc/prosody ]; then
echo $"ERROR: prosody does not appear to have installed. $CHECK_MESSAGE"
- exit 52
+ exit 52367
fi
# obtain the prosody modules
@@ -331,18 +332,29 @@ function install_xmpp_main {
fi
# create a certificate
- if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then
- ${PROJECT_NAME}-addcert -h xmpp --dhkey $DH_KEYLENGTH
- check_certificates xmpp
+ if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+ if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then
+ ${PROJECT_NAME}-addcert -h xmpp --dhkey $DH_KEYLENGTH
+ check_certificates xmpp
+ fi
fi
chown prosody:prosody /etc/ssl/private/xmpp.key
chown prosody:prosody /etc/ssl/certs/xmpp.*
cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
- sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua
- sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua
+ if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+ sed -i "s|/etc/prosody/certs/example.com.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+ sed -i "s|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+ else
+ sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua
+ sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua
+ fi
if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
- sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
+ if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
+ sed -i "/certificate =/a\ dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" /etc/prosody/conf.avail/xmpp.cfg.lua
+ else
+ sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
+ fi
fi
if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua
@@ -386,10 +398,19 @@ function install_xmpp_main {
fi
ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua
- sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua
- sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua
+ if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+ sed -i "s|/etc/prosody/certs/localhost.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
+ sed -i "s|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
+ else
+ sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua
+ sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua
+ fi
if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
- sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua
+ if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
+ sed -i "/certificate =/a\ dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" /etc/prosody/prosody.cfg.lua
+ else
+ sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua
+ fi
fi
if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/prosody.cfg.lua; then
sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/prosody.cfg.lua
@@ -413,8 +434,14 @@ function install_xmpp_main {
sed -i 's/--"bosh";/"bosh";/g' /etc/prosody/prosody.cfg.lua
sed -i 's/authentication = "internal_plain"/authentication = "internal_hashed"/g' /etc/prosody/prosody.cfg.lua
sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua
- sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua
- sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua
+ if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+ # use an existing cert if possible
+ sed -i "s|key = \"/etc/prosody/certs/example.com.key\"|key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\"|g" /etc/prosody/prosody.cfg.lua
+ sed -i "s|certificate = \"/etc/prosody/certs/example.com.crt\"|certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\"|g" /etc/prosody/prosody.cfg.lua
+ else
+ sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua
+ sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua
+ fi
sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua
systemctl restart prosody
diff --git a/src/freedombone-config b/src/freedombone-config
index eefd78dc1..d45251c42 100755
--- a/src/freedombone-config
+++ b/src/freedombone-config
@@ -190,10 +190,11 @@ function choose_default_domain_name {
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
dialog --backtitle $"Freedombone Configuration" \
--title $"Your main domain name" \
- --form $"\nWhich domain name should your email/XMPP/IRC/Mumble be associated with?" 12 55 4 \
+ --form $"\nWhich domain name should your email/XMPP/IRC/Mumble be associated with?" 13 55 5 \
$"Domain:" 1 1 "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 24 33 40 \
$"Code:" 2 1 "$(grep 'DEFAULT_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 24 33 255 \
$"mail subdomain Code:" 3 1 "$(grep 'EMAIL_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 3 24 33 255 \
+ $"XMPP subdomain Code:" 4 1 "$(grep 'XMPP_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 4 24 33 255 \
2> $data
sel=$?
case $sel in
@@ -203,6 +204,7 @@ function choose_default_domain_name {
DEFAULT_DOMAIN_NAME=$(cat $data | sed -n 1p)
DEFAULT_DOMAIN_CODE=$(cat $data | sed -n 2p)
EMAIL_DOMAIN_CODE=$(cat $data | sed -n 2p)
+ XMPP_DOMAIN_CODE=$(cat $data | sed -n 2p)
if [ $DEFAULT_DOMAIN_NAME ]; then
validate_freedns_code "$DEFAULT_DOMAIN_CODE"
if [ ! $VALID_CODE ]; then
@@ -216,6 +218,13 @@ function choose_default_domain_name {
EMAIL_DOMAIN_CODE=
fi
fi
+ if [ $XMPP_DOMAIN_CODE ]; then
+ validate_freedns_code "$XMPP_DOMAIN_CODE"
+ if [ ! $VALID_CODE ]; then
+ DEFAULT_DOMAIN_NAME=
+ XMPP_DOMAIN_CODE=
+ fi
+ fi
else
dialog --backtitle $"Freedombone Configuration" \
--inputbox $"Which domain name should your email/XMPP/IRC/Mumble be associated with?" 10 45 \
diff --git a/src/freedombone-utils-config b/src/freedombone-utils-config
index cfe923313..4deb88483 100755
--- a/src/freedombone-utils-config
+++ b/src/freedombone-utils-config
@@ -48,6 +48,7 @@ configuration_variables=(FRIENDS_MIRRORS_SERVER
DEFAULT_DOMAIN_NAME
DEFAULT_DOMAIN_CODE
EMAIL_DOMAIN_CODE
+ XMPP_DOMAIN_CODE
NAMESERVER1
NAMESERVER2
GET_IP_ADDRESS_URL
--
GitLab