From 708cad129f83414c9f9fd176972323a0c3704cbe Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 26 Oct 2016 12:51:37 +0100 Subject: [PATCH] xmpp uses cert if available --- src/freedombone-app-xmpp | 53 +++++++++++++++++++++++++++--------- src/freedombone-config | 11 +++++++- src/freedombone-utils-config | 1 + 3 files changed, 51 insertions(+), 14 deletions(-) diff --git a/src/freedombone-app-xmpp b/src/freedombone-app-xmpp index 77ff62e8..a2701558 100755 --- a/src/freedombone-app-xmpp +++ b/src/freedombone-app-xmpp @@ -46,7 +46,8 @@ xmpp_variables=(ONION_ONLY XMPP_ECC_CURVE XMPP_ECC_CURVE MY_USERNAME - DEFAULT_DOMAIN_NAME) + DEFAULT_DOMAIN_NAME + XMPP_DOMAIN_CODE) function remove_user_xmpp { remove_username="$1" @@ -312,7 +313,7 @@ function install_xmpp_main { if [ ! -d /etc/prosody ]; then echo $"ERROR: prosody does not appear to have installed. $CHECK_MESSAGE" - exit 52 + exit 52367 fi # obtain the prosody modules @@ -331,18 +332,29 @@ function install_xmpp_main { fi # create a certificate - if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then - ${PROJECT_NAME}-addcert -h xmpp --dhkey $DH_KEYLENGTH - check_certificates xmpp + if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then + if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then + ${PROJECT_NAME}-addcert -h xmpp --dhkey $DH_KEYLENGTH + check_certificates xmpp + fi fi chown prosody:prosody /etc/ssl/private/xmpp.key chown prosody:prosody /etc/ssl/certs/xmpp.* cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua - sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua - sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua + if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then + sed -i "s|/etc/prosody/certs/example.com.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua + sed -i "s|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua + else + sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua + sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua + fi if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then - sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua + if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then + sed -i "/certificate =/a\ dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" /etc/prosody/conf.avail/xmpp.cfg.lua + else + sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua + fi fi if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua @@ -386,10 +398,19 @@ function install_xmpp_main { fi ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua - sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua - sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua + if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then + sed -i "s|/etc/prosody/certs/localhost.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua + sed -i "s|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua + else + sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua + sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua + fi if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then - sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua + if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then + sed -i "/certificate =/a\ dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" /etc/prosody/prosody.cfg.lua + else + sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua + fi fi if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/prosody.cfg.lua; then sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/prosody.cfg.lua @@ -413,8 +434,14 @@ function install_xmpp_main { sed -i 's/--"bosh";/"bosh";/g' /etc/prosody/prosody.cfg.lua sed -i 's/authentication = "internal_plain"/authentication = "internal_hashed"/g' /etc/prosody/prosody.cfg.lua sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua - sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua - sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua + if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then + # use an existing cert if possible + sed -i "s|key = \"/etc/prosody/certs/example.com.key\"|key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\"|g" /etc/prosody/prosody.cfg.lua + sed -i "s|certificate = \"/etc/prosody/certs/example.com.crt\"|certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\"|g" /etc/prosody/prosody.cfg.lua + else + sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua + sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua + fi sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua systemctl restart prosody diff --git a/src/freedombone-config b/src/freedombone-config index eefd78dc..d45251c4 100755 --- a/src/freedombone-config +++ b/src/freedombone-config @@ -190,10 +190,11 @@ function choose_default_domain_name { if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then dialog --backtitle $"Freedombone Configuration" \ --title $"Your main domain name" \ - --form $"\nWhich domain name should your email/XMPP/IRC/Mumble be associated with?" 12 55 4 \ + --form $"\nWhich domain name should your email/XMPP/IRC/Mumble be associated with?" 13 55 5 \ $"Domain:" 1 1 "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 24 33 40 \ $"Code:" 2 1 "$(grep 'DEFAULT_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 24 33 255 \ $"mail subdomain Code:" 3 1 "$(grep 'EMAIL_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 3 24 33 255 \ + $"XMPP subdomain Code:" 4 1 "$(grep 'XMPP_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 4 24 33 255 \ 2> $data sel=$? case $sel in @@ -203,6 +204,7 @@ function choose_default_domain_name { DEFAULT_DOMAIN_NAME=$(cat $data | sed -n 1p) DEFAULT_DOMAIN_CODE=$(cat $data | sed -n 2p) EMAIL_DOMAIN_CODE=$(cat $data | sed -n 2p) + XMPP_DOMAIN_CODE=$(cat $data | sed -n 2p) if [ $DEFAULT_DOMAIN_NAME ]; then validate_freedns_code "$DEFAULT_DOMAIN_CODE" if [ ! $VALID_CODE ]; then @@ -216,6 +218,13 @@ function choose_default_domain_name { EMAIL_DOMAIN_CODE= fi fi + if [ $XMPP_DOMAIN_CODE ]; then + validate_freedns_code "$XMPP_DOMAIN_CODE" + if [ ! $VALID_CODE ]; then + DEFAULT_DOMAIN_NAME= + XMPP_DOMAIN_CODE= + fi + fi else dialog --backtitle $"Freedombone Configuration" \ --inputbox $"Which domain name should your email/XMPP/IRC/Mumble be associated with?" 10 45 \ diff --git a/src/freedombone-utils-config b/src/freedombone-utils-config index cfe92331..4deb8848 100755 --- a/src/freedombone-utils-config +++ b/src/freedombone-utils-config @@ -48,6 +48,7 @@ configuration_variables=(FRIENDS_MIRRORS_SERVER DEFAULT_DOMAIN_NAME DEFAULT_DOMAIN_CODE EMAIL_DOMAIN_CODE + XMPP_DOMAIN_CODE NAMESERVER1 NAMESERVER2 GET_IP_ADDRESS_URL