Menu
▾
▴
[Astlinux-commits] SF.net SVN: astlinux:[5883] branches/1.0
|
From: <abe...@us...> - 2013-01-09 19:47:10
|
Revision: 5883
http://astlinux.svn.sourceforge.net/astlinux/?rev=5883&view=rev
Author: abelbeck
Date: 2013-01-09 19:47:03 +0000 (Wed, 09 Jan 2013)
Log Message:
-----------
prosody, always require SSL/TLS and 'disallow_s2s'
Modified Paths:
--------------
branches/1.0/package/prosody/prosody.init
branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
Modified: branches/1.0/package/prosody/prosody.init
===================================================================
--- branches/1.0/package/prosody/prosody.init 2013-01-08 23:03:47 UTC (rev 5882)
+++ branches/1.0/package/prosody/prosody.init 2013-01-09 19:47:03 UTC (rev 5883)
@@ -24,8 +24,17 @@
gen_xmpp_config()
{
local m ADD_MODS="" modules="" admins="" hostname cert key log syslog error
- local SSL_OK LOG_OK SYSLOG_OK ERROR_LOG IFS
+ local LOG_OK SYSLOG_OK ERROR_LOG IFS
+ cert="${XMPP_CERT:-/etc/prosody/certs/server.crt}"
+ key="${XMPP_KEY:-/etc/prosody/certs/server.key}"
+ if [ ! -f "$cert" ] || [ ! -f "$key" ]; then
+ return 1
+ fi
+ if [ "$(stat -c '%U:%G' "$cert")" != "prosody:prosody" -o "$(stat -c '%U:%G' "$key")" != "prosody:prosody" ]; then
+ return 1
+ fi
+
unset IFS
for m in $XMPP_ENABLE_MODULES; do
if ! mod_in_list "$m" "$DEFAULT_MODULES"; then
@@ -38,15 +47,6 @@
fi
done
- SSL_OK="-- "
- cert="${XMPP_CERT:-/etc/prosody/certs/server.crt}"
- key="${XMPP_KEY:-/etc/prosody/certs/server.key}"
- if [ -f "$cert" -a -f "$key" ]; then
- if [ "$(stat -c '%U:%G' "$cert")" = "prosody:prosody" -a "$(stat -c '%U:%G' "$key")" = "prosody:prosody" ]; then
- SSL_OK=""
- fi
- fi
-
for m in $XMPP_ADMIN_USERS; do
admins="$admins${admins:+, }\"$m\""
done
@@ -86,6 +86,10 @@
authentication = \"internal_plain\"
+disallow_s2s = true
+
+c2s_require_encryption = true
+
admins = { $admins }
log = {
@@ -94,10 +98,10 @@
${ERROR_LOG} error = \"/var/log/prosody/prosody.err\";
}
-${SSL_OK}ssl = {
-${SSL_OK} certificate = \"$cert\";
-${SSL_OK} key = \"$key\";
-${SSL_OK}}
+ssl = {
+ certificate = \"$cert\";
+ key = \"$key\";
+}
modules_enabled = { \"posix\", $modules }
@@ -110,9 +114,6 @@
echo "Component \"$XMPP_CONFERENCE\" \"muc\""
fi
- if [ -n "$SSL_OK" ]; then
- return 1
- fi
return 0
}
@@ -160,9 +161,9 @@
-- A manually generated prosody.cfg.lua config will use /mnt/kd/prosody/prosody.conf if it exists.
" >/mnt/kd/prosody/prosody.cfg.lua
gen_xmpp_config >>/mnt/kd/prosody/prosody.cfg.lua
- if [ $? -ne 0 -a "$XMPP_REQUIRE_SSL" != "no" ]; then
+ if [ $? -ne 0 ]; then
logger -s -t prosody -p kern.info "XMPP SSL configuration error, failed to start."
- logger -s -t prosody -p kern.info "Try generating an Asterisk SIP-TLS Server Certificate, which XMPP will use."
+ logger -s -t prosody -p kern.info "Try generating an Asterisk SIP-TLS Server Certificate, which XMPP will use by default."
rm /mnt/kd/prosody/prosody.cfg.lua
return
fi
Modified: branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf 2013-01-08 23:03:47 UTC (rev 5882)
+++ branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf 2013-01-09 19:47:03 UTC (rev 5883)
@@ -451,7 +451,6 @@
#XMPP_LOG="none" # Enable /var/log/prosody/prosody.log: "none", "warn", "info", "debug"
#XMPP_SYSLOG="warn" # Enable syslog logging: "none", "error", "warn", "info"
#XMPP_ERROR_LOG="no" # Enable error logging /var/log/prosody/prosody.err: "no", "yes"
-#XMPP_REQUIRE_SSL="yes" # Require SSL/TLS encryption, "no", "yes", defaults to "yes"
## Proxy ENV variables (http_proxy, ftp_proxy, etc.) for curl, wget, etc.
## Format: http://user:pass@proxyhost:proxyport"
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
