From c9419f828036c5533b8eb22ee7385f845b7f3ae0 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 18 Oct 2016 22:47:26 +0200 Subject: Backed out changeset f1af4edd5722, doesn't work as intended (node is the name of the node and always present) --- plugins/mod_pubsub/mod_pubsub.lua | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/plugins/mod_pubsub/mod_pubsub.lua b/plugins/mod_pubsub/mod_pubsub.lua index e93a5238..2b878ed8 100644 --- a/plugins/mod_pubsub/mod_pubsub.lua +++ b/plugins/mod_pubsub/mod_pubsub.lua @@ -126,15 +126,11 @@ module:hook("host-disco-items", function (event) end); local admin_aff = module:get_option_string("default_admin_affiliation", "owner"); -local unowned_aff = module:get_option_string("default_unowned_affiliation"); -local function get_affiliation(jid, node) +local function get_affiliation(jid) local bare_jid = jid_bare(jid); if bare_jid == module.host or usermanager.is_admin(bare_jid, module.host) then return admin_aff; end - if not node then - return unowned_aff; - end end function set_service(new_service) -- cgit v1.2.3 From 61a00045761ce63aec78b4b7d8828c277c17dfd8 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 2 Nov 2016 13:08:12 +0100 Subject: mod_register: Additional logging for various registration failure cases --- plugins/mod_register.lua | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/plugins/mod_register.lua b/plugins/mod_register.lua index df833cad..8929529e 100644 --- a/plugins/mod_register.lua +++ b/plugins/mod_register.lua @@ -204,6 +204,7 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event) local log = session.log or module._log; if not(allow_registration) or session.type ~= "c2s_unauthed" then + log("debug", "Attempted registration when disabled or already authenticated"); session.send(st.error_reply(stanza, "cancel", "service-unavailable")); else local query = stanza.tags[1]; @@ -217,6 +218,10 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event) else local data, errors = parse_response(query); if errors then + log("debug", "Error parsing registration form:"); + for field, err in pairs(errors) do + log("debug", "Field %q: %s", field, err); + end session.send(st.error_reply(stanza, "modify", "not-acceptable")); else -- Check that the user is not blacklisted or registering too often @@ -227,6 +232,7 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event) return true; elseif min_seconds_between_registrations and not whitelisted_ips[session.ip] then if not check_throttle(session.ip) then + log("debug", "Registrations over limit for ip %s", session.ip or "?"); session.send(st.error_reply(stanza, "wait", "not-acceptable")); return true; end @@ -235,20 +241,24 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event) data.username, data.password = nil, nil; local host = module.host; if not username or username == "" then + log("debug", "The requested username is invalid."); session.send(st.error_reply(stanza, "modify", "not-acceptable", "The requested username is invalid.")); return true; end local user = { username = username , host = host, allowed = true } module:fire_event("user-registering", user); if not user.allowed then + log("debug", "Registration disallowed by module"); session.send(st.error_reply(stanza, "modify", "not-acceptable", "The requested username is forbidden.")); elseif usermanager_user_exists(username, host) then + log("debug", "Attempt to register with existing username"); session.send(st.error_reply(stanza, "cancel", "conflict", "The requested username already exists.")); else -- TODO unable to write file, file may be locked, etc, what's the correct error? local error_reply = st.error_reply(stanza, "wait", "internal-server-error", "Failed to write data to disk."); if usermanager_create_user(username, password, host) then if next(data) and not account_details:set(username, data) then + log("debug", "Could not store extra details"); usermanager_delete_user(username, host); session.send(error_reply); return true; @@ -259,6 +269,7 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event) username = username, host = host, source = "mod_register", session = session }); else + log("debug", "Could not create user"); session.send(error_reply); end end -- cgit v1.2.3 From 4c3e5c248e00d3b84f591ae125163c62ee540307 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 2 Nov 2016 13:30:45 +0100 Subject: mod_register: Use throttle_max as indicator of limits being enabled, in case min_seconds_between_registrations is not used --- plugins/mod_register.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/mod_register.lua b/plugins/mod_register.lua index 8929529e..12d3c232 100644 --- a/plugins/mod_register.lua +++ b/plugins/mod_register.lua @@ -230,7 +230,7 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event) elseif blacklisted_ips[session.ip] or (whitelist_only and not whitelisted_ips[session.ip]) then session.send(st.error_reply(stanza, "cancel", "not-acceptable", "You are not allowed to register an account.")); return true; - elseif min_seconds_between_registrations and not whitelisted_ips[session.ip] then + elseif throttle_max and not whitelisted_ips[session.ip] then if not check_throttle(session.ip) then log("debug", "Registrations over limit for ip %s", session.ip or "?"); session.send(st.error_reply(stanza, "wait", "not-acceptable")); -- cgit v1.2.3 From 6426801bd32dfdefa8f15bb5521b42292f515042 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 2 Nov 2016 13:34:09 +0100 Subject: mod_register: Rename session reference in wrapped close method [luacheck] --- plugins/mod_register.lua | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugins/mod_register.lua b/plugins/mod_register.lua index 12d3c232..eaa0614d 100644 --- a/plugins/mod_register.lua +++ b/plugins/mod_register.lua @@ -101,9 +101,9 @@ local function handle_registration_stanza(event) -- This one weird trick sends a reply to this stanza before the user is deleted local old_session_close = session.close; - session.close = function(session, ...) - session.send(st.reply(stanza)); - return old_session_close(session, ...); + session.close = function(self, ...) + self.send(st.reply(stanza)); + return old_session_close(self, ...); end local ok, err = usermanager_delete_user(username, host); -- cgit v1.2.3 From 1a12e55904adf8bbb5ca0663d5720f3862de3413 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 2 Nov 2016 23:19:41 +0100 Subject: mod_tls: Ignore unused argument [luacheck] --- plugins/mod_tls.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 69aafe82..7eedb083 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -123,7 +123,7 @@ module:hook_stanza("http://etherx.jabber.org/streams", "features", function (ses end end, 500); -module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) +module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza module:log("debug", "Proceeding with TLS on s2sout..."); session:reset_stream(); session.conn:starttls(session.ssl_ctx); -- cgit v1.2.3 From f8b911269b90918b014319cbdda32eedc687d941 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 3 Nov 2016 23:51:40 +0100 Subject: certs/Makefile: Remove -c flag to chmod, which appears to be a GNUism ... again (thanks waqas) --- certs/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/certs/Makefile b/certs/Makefile index c709ff91..587fadc6 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -27,4 +27,4 @@ keysize=2048 %.key: umask 0077 && openssl genrsa -out $@ $(keysize) - @chmod 400 $@ -c + @chmod 400 $@ -- cgit v1.2.3 From 24b2036f9e4292e15e1d313df6bbfd8bf00ad27d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 3 Nov 2016 23:56:17 +0100 Subject: certs/Makefile: Remove more -c flags --- certs/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/certs/Makefile b/certs/Makefile index 6a8b140f..fd4a2932 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -22,7 +22,7 @@ keysize=2048 umask 0077 && touch $*.key openssl req -new -newkey rsa:$(keysize) -nodes -keyout $*.key \ -sha256 -utf8 -config $^ -out $@ - @chmod 400 $*.key -c + @chmod 400 $*.key %.csr: %.key openssl req -new -key $^ -utf8 -subj /CN=$* -out $@ @@ -31,7 +31,7 @@ keysize=2048 umask 0077 && touch $*.key openssl req -new -newkey rsa:$(keysize) -nodes -keyout $*.key \ -utf8 -subj /CN=$* -out $@ - @chmod 400 $*.key -c + @chmod 400 $*.key # Self signed %.crt: %.cnf %.key @@ -42,7 +42,7 @@ keysize=2048 umask 0077 && touch $*.key openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout $*.key \ -days 365 -sha256 -utf8 -config $(firstword $^) -out $@ - @chmod 400 $*.key -c + @chmod 400 $*.key %.crt: %.key openssl req -new -x509 -key $^ -days 365 -sha256 -utf8 -subj /CN=$* -out $@ @@ -51,7 +51,7 @@ keysize=2048 umask 0077 && touch $*.key openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout $*.key \ -days 365 -sha256 -out $@ -utf8 -subj /CN=$* - @chmod 400 $*.key -c + @chmod 400 $*.key # Generate a config from the example %.cnf: -- cgit v1.2.3 From 02919f09518951d7561b8adbb843e88c6fc262ac Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 4 Nov 2016 13:28:10 +0100 Subject: mod_websocket: Set FIN flag on ping frames (fixes #773) --- plugins/mod_websocket.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index a3f5318c..ea736800 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -293,7 +293,7 @@ end local function keepalive(event) local session = event.session; if session.open_stream == session_open_stream then - return session.conn:write(build_frame({ opcode = 0x9, })); + return session.conn:write(build_frame({ opcode = 0x9, FIN = true })); end end -- cgit v1.2.3