free
/
freedombone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

xmpp uses cert if available

This commit is contained in:
Bob Mottram 2016-10-26 12:51:37 +01:00
parent c338679069
commit 708cad129f
3 changed files with 51 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
src/freedombone-app-xmpp
View File

@ -46,7 +46,8 @@ xmpp_variables=(ONION_ONLY
XMPP_ECC_CURVE XMPP_ECC_CURVE
XMPP_ECC_CURVE XMPP_ECC_CURVE
MY_USERNAME MY_USERNAME
DEFAULT_DOMAIN_NAME) DEFAULT_DOMAIN_NAME
XMPP_DOMAIN_CODE)
function remove_user_xmpp { function remove_user_xmpp {
remove_username="$1" remove_username="$1"
@ -312,7 +313,7 @@ function install_xmpp_main {
if [ ! -d /etc/prosody ]; then if [ ! -d /etc/prosody ]; then
echo $"ERROR: prosody does not appear to have installed. $CHECK_MESSAGE" echo $"ERROR: prosody does not appear to have installed. $CHECK_MESSAGE"
exit 52 exit 52367
fi fi
# obtain the prosody modules # obtain the prosody modules
@ -331,18 +332,29 @@ function install_xmpp_main {
fi fi
# create a certificate # create a certificate
if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
${PROJECT_NAME}-addcert -h xmpp --dhkey $DH_KEYLENGTH if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then
check_certificates xmpp ${PROJECT_NAME}-addcert -h xmpp --dhkey $DH_KEYLENGTH
check_certificates xmpp
fi
fi fi
chown prosody:prosody /etc/ssl/private/xmpp.key chown prosody:prosody /etc/ssl/private/xmpp.key
chown prosody:prosody /etc/ssl/certs/xmpp.* chown prosody:prosody /etc/ssl/certs/xmpp.*
cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua sed -i "s|/etc/prosody/certs/example.com.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i "s|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
else
sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
sed -i "/certificate =/a\ dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" /etc/prosody/conf.avail/xmpp.cfg.lua
else
sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
fi fi
if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua
@ -386,10 +398,19 @@ function install_xmpp_main {
fi fi
ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua
sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua sed -i "s|/etc/prosody/certs/localhost.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
sed -i "s|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
else
sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua
sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua
fi
if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
sed -i "/certificate =/a\ dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" /etc/prosody/prosody.cfg.lua
else
sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua
fi
fi fi
if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/prosody.cfg.lua; then if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/prosody.cfg.lua; then
sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/prosody.cfg.lua sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/prosody.cfg.lua
@ -413,8 +434,14 @@ function install_xmpp_main {
sed -i 's/--"bosh";/"bosh";/g' /etc/prosody/prosody.cfg.lua sed -i 's/--"bosh";/"bosh";/g' /etc/prosody/prosody.cfg.lua
sed -i 's/authentication = "internal_plain"/authentication = "internal_hashed"/g' /etc/prosody/prosody.cfg.lua sed -i 's/authentication = "internal_plain"/authentication = "internal_hashed"/g' /etc/prosody/prosody.cfg.lua
sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua
sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua # use an existing cert if possible
sed -i "s|key = \"/etc/prosody/certs/example.com.key\"|key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\"|g" /etc/prosody/prosody.cfg.lua
sed -i "s|certificate = \"/etc/prosody/certs/example.com.crt\"|certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\"|g" /etc/prosody/prosody.cfg.lua
else
sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua
sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua
fi
sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua
systemctl restart prosody systemctl restart prosody

11
src/freedombone-config
View File

@ -190,10 +190,11 @@ function choose_default_domain_name {
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"Your main domain name" \ --title $"Your main domain name" \
--form $"\nWhich domain name should your email/XMPP/IRC/Mumble be associated with?" 12 55 4 \ --form $"\nWhich domain name should your email/XMPP/IRC/Mumble be associated with?" 13 55 5 \
$"Domain:" 1 1 "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 24 33 40 \ $"Domain:" 1 1 "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 24 33 40 \
$"Code:" 2 1 "$(grep 'DEFAULT_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 24 33 255 \ $"Code:" 2 1 "$(grep 'DEFAULT_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 24 33 255 \
$"mail subdomain Code:" 3 1 "$(grep 'EMAIL_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 3 24 33 255 \ $"mail subdomain Code:" 3 1 "$(grep 'EMAIL_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 3 24 33 255 \
$"XMPP subdomain Code:" 4 1 "$(grep 'XMPP_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 4 24 33 255 \
2> $data 2> $data
sel=$? sel=$?
case $sel in case $sel in
@ -203,6 +204,7 @@ function choose_default_domain_name {
DEFAULT_DOMAIN_NAME=$(cat $data | sed -n 1p) DEFAULT_DOMAIN_NAME=$(cat $data | sed -n 1p)
DEFAULT_DOMAIN_CODE=$(cat $data | sed -n 2p) DEFAULT_DOMAIN_CODE=$(cat $data | sed -n 2p)
EMAIL_DOMAIN_CODE=$(cat $data | sed -n 2p) EMAIL_DOMAIN_CODE=$(cat $data | sed -n 2p)
XMPP_DOMAIN_CODE=$(cat $data | sed -n 2p)
if [ $DEFAULT_DOMAIN_NAME ]; then if [ $DEFAULT_DOMAIN_NAME ]; then
validate_freedns_code "$DEFAULT_DOMAIN_CODE" validate_freedns_code "$DEFAULT_DOMAIN_CODE"
if [ ! $VALID_CODE ]; then if [ ! $VALID_CODE ]; then
@ -216,6 +218,13 @@ function choose_default_domain_name {
EMAIL_DOMAIN_CODE= EMAIL_DOMAIN_CODE=
fi fi
fi fi
if [ $XMPP_DOMAIN_CODE ]; then
validate_freedns_code "$XMPP_DOMAIN_CODE"
if [ ! $VALID_CODE ]; then
DEFAULT_DOMAIN_NAME=
XMPP_DOMAIN_CODE=
fi
fi
else else
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--inputbox $"Which domain name should your email/XMPP/IRC/Mumble be associated with?" 10 45 \ --inputbox $"Which domain name should your email/XMPP/IRC/Mumble be associated with?" 10 45 \

1
src/freedombone-utils-config
View File

@ -48,6 +48,7 @@ configuration_variables=(FRIENDS_MIRRORS_SERVER
DEFAULT_DOMAIN_NAME DEFAULT_DOMAIN_NAME
DEFAULT_DOMAIN_CODE DEFAULT_DOMAIN_CODE
EMAIL_DOMAIN_CODE EMAIL_DOMAIN_CODE
XMPP_DOMAIN_CODE
NAMESERVER1 NAMESERVER1
NAMESERVER2 NAMESERVER2
GET_IP_ADDRESS_URL GET_IP_ADDRESS_URL