free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Update xmpp e2e policy

Bob Mottram 6 years ago
parent
85098a88af
commit
4e4bb0e47e
1 changed files with 43 additions and 0 deletions
Split View Show Diff Stats
  1. 43
    0
      src/freedombone-app-xmpp

+ 43
- 0
src/freedombone-app-xmpp View File 

@@ -63,6 +63,37 @@ xmpp_variables=(ONION_ONLY
63 63 
                 DEFAULT_DOMAIN_NAME
64 64 
                 XMPP_DOMAIN_CODE)
65 65
66 
+function xmpp_update_e2e_policy {
67 
+    filename="$1"
68 
+
69 
+    read_config_param DEFAULT_DOMAIN_NAME
70 
+    read_config_param ONION_ONLY
71 
+
72 
+    if ! grep -q "e2e_policy_muc" "$filename"; then
73 
+        echo "e2e_policy_muc = \"none\"" >> "$filename"
74 
+    else
75 
+        sed -i 's|e2e_policy_muc.*|e2e_policy_muc = "none"|g' "$filename"
76 
+    fi
77 
+    if ! grep -q "e2e_policy_chat" "$filename"; then
78 
+        echo "e2e_policy_chat = \"required\"" >> "$filename"
79 
+    else
80 
+        sed -i 's|e2e_policy_chat.*|e2e_policy_chat = "required"|g' "$filename"
81 
+    fi
82 
+    if ! grep -q "e2e_policy_message_required_chat" "$filename"; then
83 
+        echo "e2e_policy_message_required_chat = \"\"" >> "$filename"
84 
+    else
85 
+        sed -i "s|e2e_policy_message_required_chat.*|e2e_policy_message_required_chat = \"\"|g" "$filename"
86 
+    fi
87 
+
88 
+    if [[ "$ONION_ONLY" != 'no' ]]; then
89 
+        XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
90 
+        sed -i "s|VirtualHost \".*.onion.*|VirtualHost \"${XMPP_ONION_HOSTNAME}\"|g" /etc/prosody/prosody.cfg.lua
91 
+        # TLS is not strictly needed for onion transport security
92 
+        sed -i 's|c2s_require_encryption =.*|c2s_require_encryption = false|g' /etc/prosody/prosody.cfg.lua
93 
+        sed -i 's|s2s_require_encryption =.*|s2s_require_encryption = false|g' /etc/prosody/prosody.cfg.lua
94 
+    fi
95 
+}
96 
+
66 97 
 function logging_on_xmpp {
67 98 
     if [ -d /etc/prosody ]; then
68 99 
         if [ ! -d /var/log/prosody ]; then
 
@@ -426,6 +457,10 @@ function upgrade_xmpp {
426 457 
             usermod -a -G ssl-cert prosody
427 458 
         fi
428 459 
     fi
460 
+
461 
+    xmpp_update_e2e_policy /etc/prosody/conf.avail/xmpp.cfg.lua
462 
+    xmpp_update_e2e_policy /etc/prosody/prosody.cfg.lua
463 
+
429 464 
     prosody_daemon_restart_script
430 465 
     function_check update_prosody_modules
431 466 
     update_prosody_modules
 
@@ -1077,6 +1112,14 @@ function install_xmpp {
1077 1112 
     else
1078 1113 
         sed -i 's|s2s_require_encryption.*|s2s_require_encryption = true|g' /etc/prosody/conf.avail/xmpp.cfg.lua
1079 1114 
     fi
1115 
+
1116 
+    if [[ "$ONION_ONLY" != 'no' ]]; then
1117 
+        sed -i 's|c2s_require_encryption.*|c2s_require_encryption = false|g' /etc/prosody/conf.avail/xmpp.cfg.lua
1118 
+        sed -i 's|s2s_require_encryption.*|s2s_require_encryption = false|g' /etc/prosody/conf.avail/xmpp.cfg.lua
1119 
+    fi
1120 
+
1121 
+    xmpp_update_e2e_policy /etc/prosody/conf.avail/xmpp.cfg.lua
1122 
+
1080 1123 
     if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/conf.avail/xmpp.cfg.lua; then
1081 1124 
         echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
1082 1125 
     else