mirror of
https://github.com/bjc/prosody.git
synced 2025-04-03 21:27:38 +03:00
Merge 0.10->trunk
This commit is contained in:
Kim Alvefur
commit
07da428d33
5 changed files with 23 additions and 16 deletions
|
|
@ -22,7 +22,7 @@ keysize=2048
|
|||
umask 0077 && touch $*.key
|
||||
openssl req -new -newkey rsa:$(keysize) -nodes -keyout $*.key \
|
||||
-sha256 -utf8 -config $^ -out $@
|
||||
@chmod 400 $*.key -c
|
||||
@chmod 400 $*.key
|
||||
|
||||
%.csr: %.key
|
||||
openssl req -new -key $^ -utf8 -subj /CN=$* -out $@
|
||||
|
|
@ -31,7 +31,7 @@ keysize=2048
|
|||
umask 0077 && touch $*.key
|
||||
openssl req -new -newkey rsa:$(keysize) -nodes -keyout $*.key \
|
||||
-utf8 -subj /CN=$* -out $@
|
||||
@chmod 400 $*.key -c
|
||||
@chmod 400 $*.key
|
||||
|
||||
# Self signed
|
||||
%.crt: %.cnf %.key
|
||||
|
|
@ -42,7 +42,7 @@ keysize=2048
|
|||
umask 0077 && touch $*.key
|
||||
openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout $*.key \
|
||||
-days 365 -sha256 -utf8 -config $(firstword $^) -out $@
|
||||
@chmod 400 $*.key -c
|
||||
@chmod 400 $*.key
|
||||
|
||||
%.crt: %.key
|
||||
openssl req -new -x509 -key $^ -days 365 -sha256 -utf8 -subj /CN=$* -out $@
|
||||
|
|
@ -51,7 +51,7 @@ keysize=2048
|
|||
umask 0077 && touch $*.key
|
||||
openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout $*.key \
|
||||
-days 365 -sha256 -out $@ -utf8 -subj /CN=$*
|
||||
@chmod 400 $*.key -c
|
||||
@chmod 400 $*.key
|
||||
|
||||
# Generate a config from the example
|
||||
%.cnf:
|
||||
|
|
@ -59,7 +59,7 @@ keysize=2048
|
|||
|
||||
%.key:
|
||||
umask 0077 && openssl genrsa -out $@ $(keysize)
|
||||
@chmod 400 $@ -c
|
||||
@chmod 400 $@
|
||||
|
||||
# Generate Diffie-Hellman parameters
|
||||
dh-%.pem:
|
||||
|
|
|
|||
|
|
@ -126,15 +126,11 @@ module:hook("host-disco-items", function (event)
|
|||
end);
|
||||
|
||||
local admin_aff = module:get_option_string("default_admin_affiliation", "owner");
|
||||
local unowned_aff = module:get_option_string("default_unowned_affiliation");
|
||||
local function get_affiliation(jid, node)
|
||||
local function get_affiliation(jid)
|
||||
local bare_jid = jid_bare(jid);
|
||||
if bare_jid == module.host or usermanager.is_admin(bare_jid, module.host) then
|
||||
return admin_aff;
|
||||
end
|
||||
if not node then
|
||||
return unowned_aff;
|
||||
end
|
||||
end
|
||||
|
||||
function set_service(new_service)
|
||||
|
|
|
|||
|
|
@ -101,9 +101,9 @@ local function handle_registration_stanza(event)
|
|||
|
||||
-- This one weird trick sends a reply to this stanza before the user is deleted
|
||||
local old_session_close = session.close;
|
||||
session.close = function(session, ...)
|
||||
session.send(st.reply(stanza));
|
||||
return old_session_close(session, ...);
|
||||
session.close = function(self, ...)
|
||||
self.send(st.reply(stanza));
|
||||
return old_session_close(self, ...);
|
||||
end
|
||||
|
||||
local ok, err = usermanager_delete_user(username, host);
|
||||
|
|
@ -204,6 +204,7 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event)
|
|||
local log = session.log or module._log;
|
||||
|
||||
if not(allow_registration) or session.type ~= "c2s_unauthed" then
|
||||
log("debug", "Attempted registration when disabled or already authenticated");
|
||||
session.send(st.error_reply(stanza, "cancel", "service-unavailable"));
|
||||
else
|
||||
local query = stanza.tags[1];
|
||||
|
|
@ -217,6 +218,10 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event)
|
|||
else
|
||||
local data, errors = parse_response(query);
|
||||
if errors then
|
||||
log("debug", "Error parsing registration form:");
|
||||
for field, err in pairs(errors) do
|
||||
log("debug", "Field %q: %s", field, err);
|
||||
end
|
||||
session.send(st.error_reply(stanza, "modify", "not-acceptable"));
|
||||
else
|
||||
-- Check that the user is not blacklisted or registering too often
|
||||
|
|
@ -225,8 +230,9 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event)
|
|||
elseif blacklisted_ips[session.ip] or (whitelist_only and not whitelisted_ips[session.ip]) then
|
||||
session.send(st.error_reply(stanza, "cancel", "not-acceptable", "You are not allowed to register an account."));
|
||||
return true;
|
||||
elseif min_seconds_between_registrations and not whitelisted_ips[session.ip] then
|
||||
elseif throttle_max and not whitelisted_ips[session.ip] then
|
||||
if not check_throttle(session.ip) then
|
||||
log("debug", "Registrations over limit for ip %s", session.ip or "?");
|
||||
session.send(st.error_reply(stanza, "wait", "not-acceptable"));
|
||||
return true;
|
||||
end
|
||||
|
|
@ -235,20 +241,24 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event)
|
|||
data.username, data.password = nil, nil;
|
||||
local host = module.host;
|
||||
if not username or username == "" then
|
||||
log("debug", "The requested username is invalid.");
|
||||
session.send(st.error_reply(stanza, "modify", "not-acceptable", "The requested username is invalid."));
|
||||
return true;
|
||||
end
|
||||
local user = { username = username , host = host, allowed = true }
|
||||
module:fire_event("user-registering", user);
|
||||
if not user.allowed then
|
||||
log("debug", "Registration disallowed by module");
|
||||
session.send(st.error_reply(stanza, "modify", "not-acceptable", "The requested username is forbidden."));
|
||||
elseif usermanager_user_exists(username, host) then
|
||||
log("debug", "Attempt to register with existing username");
|
||||
session.send(st.error_reply(stanza, "cancel", "conflict", "The requested username already exists."));
|
||||
else
|
||||
-- TODO unable to write file, file may be locked, etc, what's the correct error?
|
||||
local error_reply = st.error_reply(stanza, "wait", "internal-server-error", "Failed to write data to disk.");
|
||||
if usermanager_create_user(username, password, host) then
|
||||
if next(data) and not account_details:set(username, data) then
|
||||
log("debug", "Could not store extra details");
|
||||
usermanager_delete_user(username, host);
|
||||
session.send(error_reply);
|
||||
return true;
|
||||
|
|
@ -259,6 +269,7 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event)
|
|||
username = username, host = host, source = "mod_register",
|
||||
session = session });
|
||||
else
|
||||
log("debug", "Could not create user");
|
||||
session.send(error_reply);
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -123,7 +123,7 @@ module:hook_stanza("http://etherx.jabber.org/streams", "features", function (ses
|
|||
end
|
||||
end, 500);
|
||||
|
||||
module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza)
|
||||
module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza
|
||||
module:log("debug", "Proceeding with TLS on s2sout...");
|
||||
session:reset_stream();
|
||||
session.conn:starttls(session.ssl_ctx);
|
||||
|
|
|
|||
|
|
@ -293,7 +293,7 @@ end
|
|||
local function keepalive(event)
|
||||
local session = event.session;
|
||||
if session.open_stream == session_open_stream then
|
||||
return session.conn:write(build_frame({ opcode = 0x9, }));
|
||||
return session.conn:write(build_frame({ opcode = 0x9, FIN = true }));
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue