free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update xmpp e2e policy

This commit is contained in:
Bob Mottram 2018-04-25 12:55:35 +01:00
parent 85098a88af
commit 4e4bb0e47e
1 changed files with 43 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
src/freedombone-app-xmpp
View File

@ -63,6 +63,37 @@ xmpp_variables=(ONION_ONLY
DEFAULT_DOMAIN_NAME DEFAULT_DOMAIN_NAME
XMPP_DOMAIN_CODE) XMPP_DOMAIN_CODE)
function xmpp_update_e2e_policy {
filename="$1"
read_config_param DEFAULT_DOMAIN_NAME
read_config_param ONION_ONLY
if ! grep -q "e2e_policy_muc" "$filename"; then
echo "e2e_policy_muc = \"none\"" >> "$filename"
else
sed -i 's|e2e_policy_muc.*|e2e_policy_muc = "none"|g' "$filename"
fi
if ! grep -q "e2e_policy_chat" "$filename"; then
echo "e2e_policy_chat = \"required\"" >> "$filename"
else
sed -i 's|e2e_policy_chat.*|e2e_policy_chat = "required"|g' "$filename"
fi
if ! grep -q "e2e_policy_message_required_chat" "$filename"; then
echo "e2e_policy_message_required_chat = \"\"" >> "$filename"
else
sed -i "s|e2e_policy_message_required_chat.*|e2e_policy_message_required_chat = \"\"|g" "$filename"
fi
if [[ "$ONION_ONLY" != 'no' ]]; then
XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
sed -i "s|VirtualHost \".*.onion.*|VirtualHost \"${XMPP_ONION_HOSTNAME}\"|g" /etc/prosody/prosody.cfg.lua
# TLS is not strictly needed for onion transport security
sed -i 's|c2s_require_encryption =.*|c2s_require_encryption = false|g' /etc/prosody/prosody.cfg.lua
sed -i 's|s2s_require_encryption =.*|s2s_require_encryption = false|g' /etc/prosody/prosody.cfg.lua
fi
}
function logging_on_xmpp { function logging_on_xmpp {
if [ -d /etc/prosody ]; then if [ -d /etc/prosody ]; then
if [ ! -d /var/log/prosody ]; then if [ ! -d /var/log/prosody ]; then
@ -426,6 +457,10 @@ function upgrade_xmpp {
usermod -a -G ssl-cert prosody usermod -a -G ssl-cert prosody
fi fi
fi fi
xmpp_update_e2e_policy /etc/prosody/conf.avail/xmpp.cfg.lua
xmpp_update_e2e_policy /etc/prosody/prosody.cfg.lua
prosody_daemon_restart_script prosody_daemon_restart_script
function_check update_prosody_modules function_check update_prosody_modules
update_prosody_modules update_prosody_modules
@ -1077,6 +1112,14 @@ function install_xmpp {
else else
sed -i 's|s2s_require_encryption.*|s2s_require_encryption = true|g' /etc/prosody/conf.avail/xmpp.cfg.lua sed -i 's|s2s_require_encryption.*|s2s_require_encryption = true|g' /etc/prosody/conf.avail/xmpp.cfg.lua
fi fi
if [[ "$ONION_ONLY" != 'no' ]]; then
sed -i 's|c2s_require_encryption.*|c2s_require_encryption = false|g' /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i 's|s2s_require_encryption.*|s2s_require_encryption = false|g' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
xmpp_update_e2e_policy /etc/prosody/conf.avail/xmpp.cfg.lua
if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/conf.avail/xmpp.cfg.lua; then if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/conf.avail/xmpp.cfg.lua; then
echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
else else