From: <abe...@us...> - 2013-01-09 19:47:10
|
Revision: 5883 http://astlinux.svn.sourceforge.net/astlinux/?rev=5883&view=rev Author: abelbeck Date: 2013-01-09 19:47:03 +0000 (Wed, 09 Jan 2013) Log Message: ----------- prosody, always require SSL/TLS and 'disallow_s2s' Modified Paths: -------------- branches/1.0/package/prosody/prosody.init branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf Modified: branches/1.0/package/prosody/prosody.init =================================================================== --- branches/1.0/package/prosody/prosody.init 2013-01-08 23:03:47 UTC (rev 5882) +++ branches/1.0/package/prosody/prosody.init 2013-01-09 19:47:03 UTC (rev 5883) @@ -24,8 +24,17 @@ gen_xmpp_config() { local m ADD_MODS="" modules="" admins="" hostname cert key log syslog error - local SSL_OK LOG_OK SYSLOG_OK ERROR_LOG IFS + local LOG_OK SYSLOG_OK ERROR_LOG IFS + cert="${XMPP_CERT:-/etc/prosody/certs/server.crt}" + key="${XMPP_KEY:-/etc/prosody/certs/server.key}" + if [ ! -f "$cert" ] || [ ! -f "$key" ]; then + return 1 + fi + if [ "$(stat -c '%U:%G' "$cert")" != "prosody:prosody" -o "$(stat -c '%U:%G' "$key")" != "prosody:prosody" ]; then + return 1 + fi + unset IFS for m in $XMPP_ENABLE_MODULES; do if ! mod_in_list "$m" "$DEFAULT_MODULES"; then @@ -38,15 +47,6 @@ fi done - SSL_OK="-- " - cert="${XMPP_CERT:-/etc/prosody/certs/server.crt}" - key="${XMPP_KEY:-/etc/prosody/certs/server.key}" - if [ -f "$cert" -a -f "$key" ]; then - if [ "$(stat -c '%U:%G' "$cert")" = "prosody:prosody" -a "$(stat -c '%U:%G' "$key")" = "prosody:prosody" ]; then - SSL_OK="" - fi - fi - for m in $XMPP_ADMIN_USERS; do admins="$admins${admins:+, }\"$m\"" done @@ -86,6 +86,10 @@ authentication = \"internal_plain\" +disallow_s2s = true + +c2s_require_encryption = true + admins = { $admins } log = { @@ -94,10 +98,10 @@ ${ERROR_LOG} error = \"/var/log/prosody/prosody.err\"; } -${SSL_OK}ssl = { -${SSL_OK} certificate = \"$cert\"; -${SSL_OK} key = \"$key\"; -${SSL_OK}} +ssl = { + certificate = \"$cert\"; + key = \"$key\"; +} modules_enabled = { \"posix\", $modules } @@ -110,9 +114,6 @@ echo "Component \"$XMPP_CONFERENCE\" \"muc\"" fi - if [ -n "$SSL_OK" ]; then - return 1 - fi return 0 } @@ -160,9 +161,9 @@ -- A manually generated prosody.cfg.lua config will use /mnt/kd/prosody/prosody.conf if it exists. " >/mnt/kd/prosody/prosody.cfg.lua gen_xmpp_config >>/mnt/kd/prosody/prosody.cfg.lua - if [ $? -ne 0 -a "$XMPP_REQUIRE_SSL" != "no" ]; then + if [ $? -ne 0 ]; then logger -s -t prosody -p kern.info "XMPP SSL configuration error, failed to start." - logger -s -t prosody -p kern.info "Try generating an Asterisk SIP-TLS Server Certificate, which XMPP will use." + logger -s -t prosody -p kern.info "Try generating an Asterisk SIP-TLS Server Certificate, which XMPP will use by default." rm /mnt/kd/prosody/prosody.cfg.lua return fi Modified: branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf =================================================================== --- branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf 2013-01-08 23:03:47 UTC (rev 5882) +++ branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf 2013-01-09 19:47:03 UTC (rev 5883) @@ -451,7 +451,6 @@ #XMPP_LOG="none" # Enable /var/log/prosody/prosody.log: "none", "warn", "info", "debug" #XMPP_SYSLOG="warn" # Enable syslog logging: "none", "error", "warn", "info" #XMPP_ERROR_LOG="no" # Enable error logging /var/log/prosody/prosody.err: "no", "yes" -#XMPP_REQUIRE_SSL="yes" # Require SSL/TLS encryption, "no", "yes", defaults to "yes" ## Proxy ENV variables (http_proxy, ftp_proxy, etc.) for curl, wget, etc. ## Format: http://user:pass@proxyhost:proxyport" This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |