Comparison

mod_delegation/mod_delegation.lua @ 1719:3938496cd4f8

mod_delegation: removed invalid error replies to iq result.
author Goffi <goffi@goffi.org>
date Sun, 03 May 2015 17:43:12 +0200
parent 1718:48be6e7efbe8
child 1720:48b7e8021afa
comparison
equal deleted inserted replaced
1718:48be6e7efbe8 1719:3938496cd4f8
153 153
154 local function managing_ent_result(event) 154 local function managing_ent_result(event)
155 -- this function manage iq results from the managing entity 155 -- this function manage iq results from the managing entity
156 -- it do a couple of security check before sending the 156 -- it do a couple of security check before sending the
157 -- result to the managed entity 157 -- result to the managed entity
158 local session, stanza = event.origin, event.stanza 158 local stanza = event.stanza
159 if stanza.attr.to ~= module.host then 159 if stanza.attr.to ~= module.host then
160 module:log("warn", 'forwarded stanza result has "to" attribute not addressed to current host, id conflict ?') 160 module:log("warn", 'forwarded stanza result has "to" attribute not addressed to current host, id conflict ?')
161 return 161 return
162 end 162 end
163 module:unhook("iq-result/host/"..stanza.attr.id, managing_ent_result) 163 module:unhook("iq-result/host/"..stanza.attr.id, managing_ent_result)
164 164
165 -- lot of checks to do... 165 -- lot of checks to do...
166 local delegation = stanza.tags[1] 166 local delegation = stanza.tags[1]
167 if #stanza ~= 1 or delegation.name ~= "delegation" or 167 if #stanza ~= 1 or delegation.name ~= "delegation" or
168 delegation.attr.xmlns ~= _DELEGATION_NS then 168 delegation.attr.xmlns ~= _DELEGATION_NS then
169 session.send(st.error_reply(stanza, 'modify', 'not-acceptable')) 169 module:log("warn", "ignoring invalid iq result from managing entity %s", stanza.attr.from)
170 return true 170 return true
171 end 171 end
172 172
173 local forwarded = delegation.tags[1] 173 local forwarded = delegation.tags[1]
174 if #delegation ~= 1 or forwarded.name ~= "forwarded" or 174 if #delegation ~= 1 or forwarded.name ~= "forwarded" or
175 forwarded.attr.xmlns ~= _FORWARDED_NS then 175 forwarded.attr.xmlns ~= _FORWARDED_NS then
176 session.send(st.error_reply(stanza, 'modify', 'not-acceptable')) 176 module:log("warn", "ignoring invalid iq result from managing entity %s", stanza.attr.from)
177 return true 177 return true
178 end 178 end
179 179
180 local iq = forwarded.tags[1] 180 local iq = forwarded.tags[1]
181 if #forwarded ~= 1 or iq.name ~= "iq" or #iq ~= 1 then 181 if #forwarded ~= 1 or iq.name ~= "iq" or #iq ~= 1 then
182 session.send(st.error_reply(stanza, 'modify', 'not-acceptable')) 182 module:log("warn", "ignoring invalid iq result from managing entity %s", stanza.attr.from)
183 return true 183 return true
184 end 184 end
185 185
186 local namespace = iq.tags[1].xmlns 186 local namespace = iq.tags[1].xmlns
187 local ns_data = ns_delegations[namespace] 187 local ns_data = ns_delegations[namespace]
188 local original = ns_data[_ORI_ID_PREFIX..stanza.attr.id] 188 local original = ns_data[_ORI_ID_PREFIX..stanza.attr.id]
189 189
190 if stanza.attr.from ~= ns_data.connected or iq.attr.type ~= "result" or 190 if stanza.attr.from ~= ns_data.connected or iq.attr.type ~= "result" or
191 iq.attr.id ~= original.attr.id or iq.attr.to ~= original.attr.from then 191 iq.attr.id ~= original.attr.id or iq.attr.to ~= original.attr.from then
192 session.send(st.error_reply(stanza, 'auth', 'forbidden')) 192 module:log("warn", "ignoring forbidden iq result from managing entity %s, please check that the component is no trying to do something bad (stanza: %s)", stanza.attr.from, tostring(stanza))
193 module:send(st.error_reply(original, 'cancel', 'service-unavailable')) 193 module:send(st.error_reply(original, 'cancel', 'service-unavailable'))
194 return true 194 return true
195 end 195 end
196 196
197 -- at this point eveything is checked, 197 -- at this point eveything is checked,