aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--certs/Makefile10
-rw-r--r--plugins/mod_pubsub/mod_pubsub.lua6
-rw-r--r--plugins/mod_register.lua19
-rw-r--r--plugins/mod_tls.lua2
-rw-r--r--plugins/mod_websocket.lua2
5 files changed, 23 insertions, 16 deletions
diff --git a/certs/Makefile b/certs/Makefile
index b3011a89..fd4a2932 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -22,7 +22,7 @@ keysize=2048
umask 0077 && touch $*.key
openssl req -new -newkey rsa:$(keysize) -nodes -keyout $*.key \
-sha256 -utf8 -config $^ -out $@
- @chmod 400 $*.key -c
+ @chmod 400 $*.key
%.csr: %.key
openssl req -new -key $^ -utf8 -subj /CN=$* -out $@
@@ -31,7 +31,7 @@ keysize=2048
umask 0077 && touch $*.key
openssl req -new -newkey rsa:$(keysize) -nodes -keyout $*.key \
-utf8 -subj /CN=$* -out $@
- @chmod 400 $*.key -c
+ @chmod 400 $*.key
# Self signed
%.crt: %.cnf %.key
@@ -42,7 +42,7 @@ keysize=2048
umask 0077 && touch $*.key
openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout $*.key \
-days 365 -sha256 -utf8 -config $(firstword $^) -out $@
- @chmod 400 $*.key -c
+ @chmod 400 $*.key
%.crt: %.key
openssl req -new -x509 -key $^ -days 365 -sha256 -utf8 -subj /CN=$* -out $@
@@ -51,7 +51,7 @@ keysize=2048
umask 0077 && touch $*.key
openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout $*.key \
-days 365 -sha256 -out $@ -utf8 -subj /CN=$*
- @chmod 400 $*.key -c
+ @chmod 400 $*.key
# Generate a config from the example
%.cnf:
@@ -59,7 +59,7 @@ keysize=2048
%.key:
umask 0077 && openssl genrsa -out $@ $(keysize)
- @chmod 400 $@ -c
+ @chmod 400 $@
# Generate Diffie-Hellman parameters
dh-%.pem:
diff --git a/plugins/mod_pubsub/mod_pubsub.lua b/plugins/mod_pubsub/mod_pubsub.lua
index e93a5238..2b878ed8 100644
--- a/plugins/mod_pubsub/mod_pubsub.lua
+++ b/plugins/mod_pubsub/mod_pubsub.lua
@@ -126,15 +126,11 @@ module:hook("host-disco-items", function (event)
end);
local admin_aff = module:get_option_string("default_admin_affiliation", "owner");
-local unowned_aff = module:get_option_string("default_unowned_affiliation");
-local function get_affiliation(jid, node)
+local function get_affiliation(jid)
local bare_jid = jid_bare(jid);
if bare_jid == module.host or usermanager.is_admin(bare_jid, module.host) then
return admin_aff;
end
- if not node then
- return unowned_aff;
- end
end
function set_service(new_service)
diff --git a/plugins/mod_register.lua b/plugins/mod_register.lua
index df833cad..eaa0614d 100644
--- a/plugins/mod_register.lua
+++ b/plugins/mod_register.lua
@@ -101,9 +101,9 @@ local function handle_registration_stanza(event)
-- This one weird trick sends a reply to this stanza before the user is deleted
local old_session_close = session.close;
- session.close = function(session, ...)
- session.send(st.reply(stanza));
- return old_session_close(session, ...);
+ session.close = function(self, ...)
+ self.send(st.reply(stanza));
+ return old_session_close(self, ...);
end
local ok, err = usermanager_delete_user(username, host);
@@ -204,6 +204,7 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event)
local log = session.log or module._log;
if not(allow_registration) or session.type ~= "c2s_unauthed" then
+ log("debug", "Attempted registration when disabled or already authenticated");
session.send(st.error_reply(stanza, "cancel", "service-unavailable"));
else
local query = stanza.tags[1];
@@ -217,6 +218,10 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event)
else
local data, errors = parse_response(query);
if errors then
+ log("debug", "Error parsing registration form:");
+ for field, err in pairs(errors) do
+ log("debug", "Field %q: %s", field, err);
+ end
session.send(st.error_reply(stanza, "modify", "not-acceptable"));
else
-- Check that the user is not blacklisted or registering too often
@@ -225,8 +230,9 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event)
elseif blacklisted_ips[session.ip] or (whitelist_only and not whitelisted_ips[session.ip]) then
session.send(st.error_reply(stanza, "cancel", "not-acceptable", "You are not allowed to register an account."));
return true;
- elseif min_seconds_between_registrations and not whitelisted_ips[session.ip] then
+ elseif throttle_max and not whitelisted_ips[session.ip] then
if not check_throttle(session.ip) then
+ log("debug", "Registrations over limit for ip %s", session.ip or "?");
session.send(st.error_reply(stanza, "wait", "not-acceptable"));
return true;
end
@@ -235,20 +241,24 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event)
data.username, data.password = nil, nil;
local host = module.host;
if not username or username == "" then
+ log("debug", "The requested username is invalid.");
session.send(st.error_reply(stanza, "modify", "not-acceptable", "The requested username is invalid."));
return true;
end
local user = { username = username , host = host, allowed = true }
module:fire_event("user-registering", user);
if not user.allowed then
+ log("debug", "Registration disallowed by module");
session.send(st.error_reply(stanza, "modify", "not-acceptable", "The requested username is forbidden."));
elseif usermanager_user_exists(username, host) then
+ log("debug", "Attempt to register with existing username");
session.send(st.error_reply(stanza, "cancel", "conflict", "The requested username already exists."));
else
-- TODO unable to write file, file may be locked, etc, what's the correct error?
local error_reply = st.error_reply(stanza, "wait", "internal-server-error", "Failed to write data to disk.");
if usermanager_create_user(username, password, host) then
if next(data) and not account_details:set(username, data) then
+ log("debug", "Could not store extra details");
usermanager_delete_user(username, host);
session.send(error_reply);
return true;
@@ -259,6 +269,7 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event)
username = username, host = host, source = "mod_register",
session = session });
else
+ log("debug", "Could not create user");
session.send(error_reply);
end
end
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index 69aafe82..7eedb083 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -123,7 +123,7 @@ module:hook_stanza("http://etherx.jabber.org/streams", "features", function (ses
end
end, 500);
-module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza)
+module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza
module:log("debug", "Proceeding with TLS on s2sout...");
session:reset_stream();
session.conn:starttls(session.ssl_ctx);
diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua
index a3f5318c..ea736800 100644
--- a/plugins/mod_websocket.lua
+++ b/plugins/mod_websocket.lua
@@ -293,7 +293,7 @@ end
local function keepalive(event)
local session = event.session;
if session.open_stream == session_open_stream then
- return session.conn:write(build_frame({ opcode = 0x9, }));
+ return session.conn:write(build_frame({ opcode = 0x9, FIN = true }));
end
end