diff options
-rw-r--r-- | certs/Makefile | 10 | ||||
-rw-r--r-- | plugins/mod_pubsub/mod_pubsub.lua | 6 | ||||
-rw-r--r-- | plugins/mod_register.lua | 19 | ||||
-rw-r--r-- | plugins/mod_tls.lua | 2 | ||||
-rw-r--r-- | plugins/mod_websocket.lua | 2 |
5 files changed, 23 insertions, 16 deletions
diff --git a/certs/Makefile b/certs/Makefile index b3011a89..fd4a2932 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -22,7 +22,7 @@ keysize=2048 umask 0077 && touch $*.key openssl req -new -newkey rsa:$(keysize) -nodes -keyout $*.key \ -sha256 -utf8 -config $^ -out $@ - @chmod 400 $*.key -c + @chmod 400 $*.key %.csr: %.key openssl req -new -key $^ -utf8 -subj /CN=$* -out $@ @@ -31,7 +31,7 @@ keysize=2048 umask 0077 && touch $*.key openssl req -new -newkey rsa:$(keysize) -nodes -keyout $*.key \ -utf8 -subj /CN=$* -out $@ - @chmod 400 $*.key -c + @chmod 400 $*.key # Self signed %.crt: %.cnf %.key @@ -42,7 +42,7 @@ keysize=2048 umask 0077 && touch $*.key openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout $*.key \ -days 365 -sha256 -utf8 -config $(firstword $^) -out $@ - @chmod 400 $*.key -c + @chmod 400 $*.key %.crt: %.key openssl req -new -x509 -key $^ -days 365 -sha256 -utf8 -subj /CN=$* -out $@ @@ -51,7 +51,7 @@ keysize=2048 umask 0077 && touch $*.key openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout $*.key \ -days 365 -sha256 -out $@ -utf8 -subj /CN=$* - @chmod 400 $*.key -c + @chmod 400 $*.key # Generate a config from the example %.cnf: @@ -59,7 +59,7 @@ keysize=2048 %.key: umask 0077 && openssl genrsa -out $@ $(keysize) - @chmod 400 $@ -c + @chmod 400 $@ # Generate Diffie-Hellman parameters dh-%.pem: diff --git a/plugins/mod_pubsub/mod_pubsub.lua b/plugins/mod_pubsub/mod_pubsub.lua index e93a5238..2b878ed8 100644 --- a/plugins/mod_pubsub/mod_pubsub.lua +++ b/plugins/mod_pubsub/mod_pubsub.lua @@ -126,15 +126,11 @@ module:hook("host-disco-items", function (event) end); local admin_aff = module:get_option_string("default_admin_affiliation", "owner"); -local unowned_aff = module:get_option_string("default_unowned_affiliation"); -local function get_affiliation(jid, node) +local function get_affiliation(jid) local bare_jid = jid_bare(jid); if bare_jid == module.host or usermanager.is_admin(bare_jid, module.host) then return admin_aff; end - if not node then - return unowned_aff; - end end function set_service(new_service) diff --git a/plugins/mod_register.lua b/plugins/mod_register.lua index df833cad..eaa0614d 100644 --- a/plugins/mod_register.lua +++ b/plugins/mod_register.lua @@ -101,9 +101,9 @@ local function handle_registration_stanza(event) -- This one weird trick sends a reply to this stanza before the user is deleted local old_session_close = session.close; - session.close = function(session, ...) - session.send(st.reply(stanza)); - return old_session_close(session, ...); + session.close = function(self, ...) + self.send(st.reply(stanza)); + return old_session_close(self, ...); end local ok, err = usermanager_delete_user(username, host); @@ -204,6 +204,7 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event) local log = session.log or module._log; if not(allow_registration) or session.type ~= "c2s_unauthed" then + log("debug", "Attempted registration when disabled or already authenticated"); session.send(st.error_reply(stanza, "cancel", "service-unavailable")); else local query = stanza.tags[1]; @@ -217,6 +218,10 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event) else local data, errors = parse_response(query); if errors then + log("debug", "Error parsing registration form:"); + for field, err in pairs(errors) do + log("debug", "Field %q: %s", field, err); + end session.send(st.error_reply(stanza, "modify", "not-acceptable")); else -- Check that the user is not blacklisted or registering too often @@ -225,8 +230,9 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event) elseif blacklisted_ips[session.ip] or (whitelist_only and not whitelisted_ips[session.ip]) then session.send(st.error_reply(stanza, "cancel", "not-acceptable", "You are not allowed to register an account.")); return true; - elseif min_seconds_between_registrations and not whitelisted_ips[session.ip] then + elseif throttle_max and not whitelisted_ips[session.ip] then if not check_throttle(session.ip) then + log("debug", "Registrations over limit for ip %s", session.ip or "?"); session.send(st.error_reply(stanza, "wait", "not-acceptable")); return true; end @@ -235,20 +241,24 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event) data.username, data.password = nil, nil; local host = module.host; if not username or username == "" then + log("debug", "The requested username is invalid."); session.send(st.error_reply(stanza, "modify", "not-acceptable", "The requested username is invalid.")); return true; end local user = { username = username , host = host, allowed = true } module:fire_event("user-registering", user); if not user.allowed then + log("debug", "Registration disallowed by module"); session.send(st.error_reply(stanza, "modify", "not-acceptable", "The requested username is forbidden.")); elseif usermanager_user_exists(username, host) then + log("debug", "Attempt to register with existing username"); session.send(st.error_reply(stanza, "cancel", "conflict", "The requested username already exists.")); else -- TODO unable to write file, file may be locked, etc, what's the correct error? local error_reply = st.error_reply(stanza, "wait", "internal-server-error", "Failed to write data to disk."); if usermanager_create_user(username, password, host) then if next(data) and not account_details:set(username, data) then + log("debug", "Could not store extra details"); usermanager_delete_user(username, host); session.send(error_reply); return true; @@ -259,6 +269,7 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event) username = username, host = host, source = "mod_register", session = session }); else + log("debug", "Could not create user"); session.send(error_reply); end end diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 69aafe82..7eedb083 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -123,7 +123,7 @@ module:hook_stanza("http://etherx.jabber.org/streams", "features", function (ses end end, 500); -module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) +module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza module:log("debug", "Proceeding with TLS on s2sout..."); session:reset_stream(); session.conn:starttls(session.ssl_ctx); diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index a3f5318c..ea736800 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -293,7 +293,7 @@ end local function keepalive(event) local session = event.session; if session.open_stream == session_open_stream then - return session.conn:write(build_frame({ opcode = 0x9, })); + return session.conn:write(build_frame({ opcode = 0x9, FIN = true })); end end |