free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

xmpp uses cert if available

Bob Mottram 9 years ago
parent
c338679069
commit
708cad129f
3 changed files with 51 additions and 14 deletions
Split View Show Diff Stats
  1. 40
    13
      src/freedombone-app-xmpp
  2. 10
    1
      src/freedombone-config
  3. 1
    0
      src/freedombone-utils-config

+ 40
- 13
src/freedombone-app-xmpp View File 

@@ -46,7 +46,8 @@ xmpp_variables=(ONION_ONLY
46 46 
                 XMPP_ECC_CURVE
47 47 
                 XMPP_ECC_CURVE
48 48 
                 MY_USERNAME
49 
-                DEFAULT_DOMAIN_NAME)
49 
+                DEFAULT_DOMAIN_NAME
50 
+                XMPP_DOMAIN_CODE)
50 51
51 52 
 function remove_user_xmpp {
52 53 
     remove_username="$1"
 
@@ -312,7 +313,7 @@ function install_xmpp_main {
312 313
313 314 
     if [ ! -d /etc/prosody ]; then
314 315 
         echo $"ERROR: prosody does not appear to have installed. $CHECK_MESSAGE"
315 
-        exit 52
316 
+        exit 52367
316 317 
     fi
317 318
318 319 
     # obtain the prosody modules
 
@@ -331,18 +332,29 @@ function install_xmpp_main {
331 332 
     fi
332 333
333 334 
     # create a certificate
334 
-    if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then
335 
-        ${PROJECT_NAME}-addcert -h xmpp --dhkey $DH_KEYLENGTH
336 
-        check_certificates xmpp
335 
+    if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
336 
+        if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then
337 
+            ${PROJECT_NAME}-addcert -h xmpp --dhkey $DH_KEYLENGTH
338 
+            check_certificates xmpp
339 
+        fi
337 340 
     fi
338 341 
     chown prosody:prosody /etc/ssl/private/xmpp.key
339 342 
     chown prosody:prosody /etc/ssl/certs/xmpp.*
340 343 
     cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
341 344
342 
-    sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua
343 
-    sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua
345 
+    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
346 
+        sed -i "s|/etc/prosody/certs/example.com.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
347 
+        sed -i "s|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
348 
+    else
349 
+        sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua
350 
+        sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua
351 
+    fi
344 352 
     if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
345 
-        sed -i '/certificate =/a\        dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
353 
+        if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
354 
+            sed -i "/certificate =/a\        dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" /etc/prosody/conf.avail/xmpp.cfg.lua
355 
+        else
356 
+            sed -i '/certificate =/a\        dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
357 
+        fi
346 358 
     fi
347 359 
     if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then
348 360 
         sed -i '/certificate =/a\        options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua
 
@@ -386,10 +398,19 @@ function install_xmpp_main {
386 398 
     fi
387 399 
     ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua
388 400
389 
-    sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua
390 
-    sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua
401 
+    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
402 
+        sed -i "s|/etc/prosody/certs/localhost.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
403 
+        sed -i "s|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
404 
+    else
405 
+        sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua
406 
+        sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua
407 
+    fi
391 408 
     if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
392 
-        sed -i '/certificate =/a\    dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua
409 
+        if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
410 
+            sed -i "/certificate =/a\    dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" /etc/prosody/prosody.cfg.lua
411 
+        else
412 
+            sed -i '/certificate =/a\    dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua
413 
+        fi
393 414 
     fi
394 415 
     if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/prosody.cfg.lua; then
395 416 
         sed -i '/certificate =/a\    options = {"no_sslv2", "no_sslv3" };' /etc/prosody/prosody.cfg.lua
 
@@ -413,8 +434,14 @@ function install_xmpp_main {
413 434 
     sed -i 's/--"bosh";/"bosh";/g' /etc/prosody/prosody.cfg.lua
414 435 
     sed -i 's/authentication = "internal_plain"/authentication = "internal_hashed"/g' /etc/prosody/prosody.cfg.lua
415 436 
     sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua
416 
-    sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua
417 
-    sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua
437 
+    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
438 
+        # use an existing cert if possible
439 
+        sed -i "s|key = \"/etc/prosody/certs/example.com.key\"|key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\"|g" /etc/prosody/prosody.cfg.lua
440 
+        sed -i "s|certificate = \"/etc/prosody/certs/example.com.crt\"|certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\"|g" /etc/prosody/prosody.cfg.lua
441 
+    else
442 
+        sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua
443 
+        sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua
444 
+    fi
418 445 
     sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua
419 446
420 447 
     systemctl restart prosody

+ 10
- 1
src/freedombone-config View File 

@@ -190,10 +190,11 @@ function choose_default_domain_name {
190 190 
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
191 191 
                 dialog --backtitle $"Freedombone Configuration" \
192 192 
                        --title $"Your main domain name" \
193 
-                       --form $"\nWhich domain name should your email/XMPP/IRC/Mumble be associated with?" 12 55 4 \
193 
+                       --form $"\nWhich domain name should your email/XMPP/IRC/Mumble be associated with?" 13 55 5 \
194 194 
                        $"Domain:" 1 1 "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 24 33 40 \
195 195 
                        $"Code:" 2 1 "$(grep 'DEFAULT_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 24 33 255 \
196 196 
                        $"mail subdomain Code:" 3 1 "$(grep 'EMAIL_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 3 24 33 255 \
197 
+                       $"XMPP subdomain Code:" 4 1 "$(grep 'XMPP_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 4 24 33 255 \
197 198 
                        2> $data
198 199 
                 sel=$?
199 200 
                 case $sel in
 
@@ -203,6 +204,7 @@ function choose_default_domain_name {
203 204 
                 DEFAULT_DOMAIN_NAME=$(cat $data | sed -n 1p)
204 205 
                 DEFAULT_DOMAIN_CODE=$(cat $data | sed -n 2p)
205 206 
                 EMAIL_DOMAIN_CODE=$(cat $data | sed -n 2p)
207 
+                XMPP_DOMAIN_CODE=$(cat $data | sed -n 2p)
206 208 
                 if [ $DEFAULT_DOMAIN_NAME ]; then
207 209 
                     validate_freedns_code "$DEFAULT_DOMAIN_CODE"
208 210 
                     if [ ! $VALID_CODE ]; then
 
@@ -216,6 +218,13 @@ function choose_default_domain_name {
216 218 
                         EMAIL_DOMAIN_CODE=
217 219 
                     fi
218 220 
                 fi
221 
+                if [ $XMPP_DOMAIN_CODE ]; then
222 
+                    validate_freedns_code "$XMPP_DOMAIN_CODE"
223 
+                    if [ ! $VALID_CODE ]; then
224 
+                        DEFAULT_DOMAIN_NAME=
225 
+                        XMPP_DOMAIN_CODE=
226 
+                    fi
227 
+                fi
219 228 
             else
220 229 
                 dialog --backtitle $"Freedombone Configuration" \
221 230 
                        --inputbox $"Which domain name should your email/XMPP/IRC/Mumble be associated with?" 10 45 \

+ 1
- 0
src/freedombone-utils-config View File 

@@ -48,6 +48,7 @@ configuration_variables=(FRIENDS_MIRRORS_SERVER
48 48 
                          DEFAULT_DOMAIN_NAME
49 49 
                          DEFAULT_DOMAIN_CODE
50 50 
                          EMAIL_DOMAIN_CODE
51 
+                         XMPP_DOMAIN_CODE
51 52 
                          NAMESERVER1
52 53 
                          NAMESERVER2
53 54 
                          GET_IP_ADDRESS_URL