ソースを参照

xmpp uses cert if available

Bob Mottram 8 年 前
コミット
708cad129f
共有3 個のファイルを変更した51 個の追加14 個の削除を含む
  1. 40
    13
      src/freedombone-app-xmpp
  2. 10
    1
      src/freedombone-config
  3. 1
    0
      src/freedombone-utils-config

+ 40
- 13
src/freedombone-app-xmpp ファイルの表示

@@ -46,7 +46,8 @@ xmpp_variables=(ONION_ONLY
46 46
                 XMPP_ECC_CURVE
47 47
                 XMPP_ECC_CURVE
48 48
                 MY_USERNAME
49
-                DEFAULT_DOMAIN_NAME)
49
+                DEFAULT_DOMAIN_NAME
50
+                XMPP_DOMAIN_CODE)
50 51
 
51 52
 function remove_user_xmpp {
52 53
     remove_username="$1"
@@ -312,7 +313,7 @@ function install_xmpp_main {
312 313
 
313 314
     if [ ! -d /etc/prosody ]; then
314 315
         echo $"ERROR: prosody does not appear to have installed. $CHECK_MESSAGE"
315
-        exit 52
316
+        exit 52367
316 317
     fi
317 318
 
318 319
     # obtain the prosody modules
@@ -331,18 +332,29 @@ function install_xmpp_main {
331 332
     fi
332 333
 
333 334
     # create a certificate
334
-    if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then
335
-        ${PROJECT_NAME}-addcert -h xmpp --dhkey $DH_KEYLENGTH
336
-        check_certificates xmpp
335
+    if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
336
+        if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then
337
+            ${PROJECT_NAME}-addcert -h xmpp --dhkey $DH_KEYLENGTH
338
+            check_certificates xmpp
339
+        fi
337 340
     fi
338 341
     chown prosody:prosody /etc/ssl/private/xmpp.key
339 342
     chown prosody:prosody /etc/ssl/certs/xmpp.*
340 343
     cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
341 344
 
342
-    sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua
343
-    sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua
345
+    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
346
+        sed -i "s|/etc/prosody/certs/example.com.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
347
+        sed -i "s|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
348
+    else
349
+        sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua
350
+        sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua
351
+    fi
344 352
     if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
345
-        sed -i '/certificate =/a\        dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
353
+        if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
354
+            sed -i "/certificate =/a\        dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" /etc/prosody/conf.avail/xmpp.cfg.lua
355
+        else
356
+            sed -i '/certificate =/a\        dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
357
+        fi
346 358
     fi
347 359
     if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then
348 360
         sed -i '/certificate =/a\        options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua
@@ -386,10 +398,19 @@ function install_xmpp_main {
386 398
     fi
387 399
     ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua
388 400
 
389
-    sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua
390
-    sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua
401
+    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
402
+        sed -i "s|/etc/prosody/certs/localhost.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
403
+        sed -i "s|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
404
+    else
405
+        sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua
406
+        sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua
407
+    fi
391 408
     if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
392
-        sed -i '/certificate =/a\    dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua
409
+        if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
410
+            sed -i "/certificate =/a\    dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" /etc/prosody/prosody.cfg.lua
411
+        else
412
+            sed -i '/certificate =/a\    dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua
413
+        fi
393 414
     fi
394 415
     if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/prosody.cfg.lua; then
395 416
         sed -i '/certificate =/a\    options = {"no_sslv2", "no_sslv3" };' /etc/prosody/prosody.cfg.lua
@@ -413,8 +434,14 @@ function install_xmpp_main {
413 434
     sed -i 's/--"bosh";/"bosh";/g' /etc/prosody/prosody.cfg.lua
414 435
     sed -i 's/authentication = "internal_plain"/authentication = "internal_hashed"/g' /etc/prosody/prosody.cfg.lua
415 436
     sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua
416
-    sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua
417
-    sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua
437
+    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
438
+        # use an existing cert if possible
439
+        sed -i "s|key = \"/etc/prosody/certs/example.com.key\"|key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\"|g" /etc/prosody/prosody.cfg.lua
440
+        sed -i "s|certificate = \"/etc/prosody/certs/example.com.crt\"|certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\"|g" /etc/prosody/prosody.cfg.lua
441
+    else
442
+        sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua
443
+        sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua
444
+    fi
418 445
     sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua
419 446
 
420 447
     systemctl restart prosody

+ 10
- 1
src/freedombone-config ファイルの表示

@@ -190,10 +190,11 @@ function choose_default_domain_name {
190 190
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
191 191
                 dialog --backtitle $"Freedombone Configuration" \
192 192
                        --title $"Your main domain name" \
193
-                       --form $"\nWhich domain name should your email/XMPP/IRC/Mumble be associated with?" 12 55 4 \
193
+                       --form $"\nWhich domain name should your email/XMPP/IRC/Mumble be associated with?" 13 55 5 \
194 194
                        $"Domain:" 1 1 "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 24 33 40 \
195 195
                        $"Code:" 2 1 "$(grep 'DEFAULT_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 24 33 255 \
196 196
                        $"mail subdomain Code:" 3 1 "$(grep 'EMAIL_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 3 24 33 255 \
197
+                       $"XMPP subdomain Code:" 4 1 "$(grep 'XMPP_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 4 24 33 255 \
197 198
                        2> $data
198 199
                 sel=$?
199 200
                 case $sel in
@@ -203,6 +204,7 @@ function choose_default_domain_name {
203 204
                 DEFAULT_DOMAIN_NAME=$(cat $data | sed -n 1p)
204 205
                 DEFAULT_DOMAIN_CODE=$(cat $data | sed -n 2p)
205 206
                 EMAIL_DOMAIN_CODE=$(cat $data | sed -n 2p)
207
+                XMPP_DOMAIN_CODE=$(cat $data | sed -n 2p)
206 208
                 if [ $DEFAULT_DOMAIN_NAME ]; then
207 209
                     validate_freedns_code "$DEFAULT_DOMAIN_CODE"
208 210
                     if [ ! $VALID_CODE ]; then
@@ -216,6 +218,13 @@ function choose_default_domain_name {
216 218
                         EMAIL_DOMAIN_CODE=
217 219
                     fi
218 220
                 fi
221
+                if [ $XMPP_DOMAIN_CODE ]; then
222
+                    validate_freedns_code "$XMPP_DOMAIN_CODE"
223
+                    if [ ! $VALID_CODE ]; then
224
+                        DEFAULT_DOMAIN_NAME=
225
+                        XMPP_DOMAIN_CODE=
226
+                    fi
227
+                fi
219 228
             else
220 229
                 dialog --backtitle $"Freedombone Configuration" \
221 230
                        --inputbox $"Which domain name should your email/XMPP/IRC/Mumble be associated with?" 10 45 \

+ 1
- 0
src/freedombone-utils-config ファイルの表示

@@ -48,6 +48,7 @@ configuration_variables=(FRIENDS_MIRRORS_SERVER
48 48
                          DEFAULT_DOMAIN_NAME
49 49
                          DEFAULT_DOMAIN_CODE
50 50
                          EMAIL_DOMAIN_CODE
51
+                         XMPP_DOMAIN_CODE
51 52
                          NAMESERVER1
52 53
                          NAMESERVER2
53 54
                          GET_IP_ADDRESS_URL