# HG changeset patch # User Kim Alvefur # Date 1478302110 -3600 # Node ID 9c8eb0239eef10aa834e1cd43bb6739ac484842d # Parent 7bb1cc7278b6f9b28b49b921e173f25f74354422# Parent 779a9ef6b4fddd1516d438b319ce7182c09b0fbc Merge 0.10->trunk diff -r 7bb1cc7278b6 -r 9c8eb0239eef certs/Makefile --- a/certs/Makefile Thu Oct 27 23:19:30 2016 +0200 +++ b/certs/Makefile Sat Nov 05 00:28:30 2016 +0100 @@ -22,7 +22,7 @@ umask 0077 && touch $*.key openssl req -new -newkey rsa:$(keysize) -nodes -keyout $*.key \ -sha256 -utf8 -config $^ -out $@ - @chmod 400 $*.key -c + @chmod 400 $*.key %.csr: %.key openssl req -new -key $^ -utf8 -subj /CN=$* -out $@ @@ -31,7 +31,7 @@ umask 0077 && touch $*.key openssl req -new -newkey rsa:$(keysize) -nodes -keyout $*.key \ -utf8 -subj /CN=$* -out $@ - @chmod 400 $*.key -c + @chmod 400 $*.key # Self signed %.crt: %.cnf %.key @@ -42,7 +42,7 @@ umask 0077 && touch $*.key openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout $*.key \ -days 365 -sha256 -utf8 -config $(firstword $^) -out $@ - @chmod 400 $*.key -c + @chmod 400 $*.key %.crt: %.key openssl req -new -x509 -key $^ -days 365 -sha256 -utf8 -subj /CN=$* -out $@ @@ -51,7 +51,7 @@ umask 0077 && touch $*.key openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout $*.key \ -days 365 -sha256 -out $@ -utf8 -subj /CN=$* - @chmod 400 $*.key -c + @chmod 400 $*.key # Generate a config from the example %.cnf: @@ -59,7 +59,7 @@ %.key: umask 0077 && openssl genrsa -out $@ $(keysize) - @chmod 400 $@ -c + @chmod 400 $@ # Generate Diffie-Hellman parameters dh-%.pem: diff -r 7bb1cc7278b6 -r 9c8eb0239eef plugins/mod_pubsub/mod_pubsub.lua --- a/plugins/mod_pubsub/mod_pubsub.lua Thu Oct 27 23:19:30 2016 +0200 +++ b/plugins/mod_pubsub/mod_pubsub.lua Sat Nov 05 00:28:30 2016 +0100 @@ -126,15 +126,11 @@ end); local admin_aff = module:get_option_string("default_admin_affiliation", "owner"); -local unowned_aff = module:get_option_string("default_unowned_affiliation"); -local function get_affiliation(jid, node) +local function get_affiliation(jid) local bare_jid = jid_bare(jid); if bare_jid == module.host or usermanager.is_admin(bare_jid, module.host) then return admin_aff; end - if not node then - return unowned_aff; - end end function set_service(new_service) diff -r 7bb1cc7278b6 -r 9c8eb0239eef plugins/mod_register.lua --- a/plugins/mod_register.lua Thu Oct 27 23:19:30 2016 +0200 +++ b/plugins/mod_register.lua Sat Nov 05 00:28:30 2016 +0100 @@ -101,9 +101,9 @@ -- This one weird trick sends a reply to this stanza before the user is deleted local old_session_close = session.close; - session.close = function(session, ...) - session.send(st.reply(stanza)); - return old_session_close(session, ...); + session.close = function(self, ...) + self.send(st.reply(stanza)); + return old_session_close(self, ...); end local ok, err = usermanager_delete_user(username, host); @@ -204,6 +204,7 @@ local log = session.log or module._log; if not(allow_registration) or session.type ~= "c2s_unauthed" then + log("debug", "Attempted registration when disabled or already authenticated"); session.send(st.error_reply(stanza, "cancel", "service-unavailable")); else local query = stanza.tags[1]; @@ -217,6 +218,10 @@ else local data, errors = parse_response(query); if errors then + log("debug", "Error parsing registration form:"); + for field, err in pairs(errors) do + log("debug", "Field %q: %s", field, err); + end session.send(st.error_reply(stanza, "modify", "not-acceptable")); else -- Check that the user is not blacklisted or registering too often @@ -225,8 +230,9 @@ elseif blacklisted_ips[session.ip] or (whitelist_only and not whitelisted_ips[session.ip]) then session.send(st.error_reply(stanza, "cancel", "not-acceptable", "You are not allowed to register an account.")); return true; - elseif min_seconds_between_registrations and not whitelisted_ips[session.ip] then + elseif throttle_max and not whitelisted_ips[session.ip] then if not check_throttle(session.ip) then + log("debug", "Registrations over limit for ip %s", session.ip or "?"); session.send(st.error_reply(stanza, "wait", "not-acceptable")); return true; end @@ -235,20 +241,24 @@ data.username, data.password = nil, nil; local host = module.host; if not username or username == "" then + log("debug", "The requested username is invalid."); session.send(st.error_reply(stanza, "modify", "not-acceptable", "The requested username is invalid.")); return true; end local user = { username = username , host = host, allowed = true } module:fire_event("user-registering", user); if not user.allowed then + log("debug", "Registration disallowed by module"); session.send(st.error_reply(stanza, "modify", "not-acceptable", "The requested username is forbidden.")); elseif usermanager_user_exists(username, host) then + log("debug", "Attempt to register with existing username"); session.send(st.error_reply(stanza, "cancel", "conflict", "The requested username already exists.")); else -- TODO unable to write file, file may be locked, etc, what's the correct error? local error_reply = st.error_reply(stanza, "wait", "internal-server-error", "Failed to write data to disk."); if usermanager_create_user(username, password, host) then if next(data) and not account_details:set(username, data) then + log("debug", "Could not store extra details"); usermanager_delete_user(username, host); session.send(error_reply); return true; @@ -259,6 +269,7 @@ username = username, host = host, source = "mod_register", session = session }); else + log("debug", "Could not create user"); session.send(error_reply); end end diff -r 7bb1cc7278b6 -r 9c8eb0239eef plugins/mod_tls.lua --- a/plugins/mod_tls.lua Thu Oct 27 23:19:30 2016 +0200 +++ b/plugins/mod_tls.lua Sat Nov 05 00:28:30 2016 +0100 @@ -123,7 +123,7 @@ end end, 500); -module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) +module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza module:log("debug", "Proceeding with TLS on s2sout..."); session:reset_stream(); session.conn:starttls(session.ssl_ctx); diff -r 7bb1cc7278b6 -r 9c8eb0239eef plugins/mod_websocket.lua --- a/plugins/mod_websocket.lua Thu Oct 27 23:19:30 2016 +0200 +++ b/plugins/mod_websocket.lua Sat Nov 05 00:28:30 2016 +0100 @@ -293,7 +293,7 @@ local function keepalive(event) local session = event.session; if session.open_stream == session_open_stream then - return session.conn:write(build_frame({ opcode = 0x9, })); + return session.conn:write(build_frame({ opcode = 0x9, FIN = true })); end end