prosody-modules
3938496cd4f8
mod_delegation/mod_delegation.lua
Software / code / prosody-modules
Comparison
mod_delegation/mod_delegation.lua @ 1719:3938496cd4f8
mod_delegation: removed invalid error replies to iq result.
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Sun, 03 May 2015 17:43:12 +0200 |
| parent | 1718:48be6e7efbe8 |
| child | 1720:48b7e8021afa |
comparison
equal
deleted
inserted
replaced
| 1718:48be6e7efbe8 | 1719:3938496cd4f8 |
|---|---|
| 153 | 153 |
| 154 local function managing_ent_result(event) | 154 local function managing_ent_result(event) |
| 155 -- this function manage iq results from the managing entity | 155 -- this function manage iq results from the managing entity |
| 156 -- it do a couple of security check before sending the | 156 -- it do a couple of security check before sending the |
| 157 -- result to the managed entity | 157 -- result to the managed entity |
| 158 local session, stanza = event.origin, event.stanza | 158 local stanza = event.stanza |
| 159 if stanza.attr.to ~= module.host then | 159 if stanza.attr.to ~= module.host then |
| 160 module:log("warn", 'forwarded stanza result has "to" attribute not addressed to current host, id conflict ?') | 160 module:log("warn", 'forwarded stanza result has "to" attribute not addressed to current host, id conflict ?') |
| 161 return | 161 return |
| 162 end | 162 end |
| 163 module:unhook("iq-result/host/"..stanza.attr.id, managing_ent_result) | 163 module:unhook("iq-result/host/"..stanza.attr.id, managing_ent_result) |
| 164 | 164 |
| 165 -- lot of checks to do... | 165 -- lot of checks to do... |
| 166 local delegation = stanza.tags[1] | 166 local delegation = stanza.tags[1] |
| 167 if #stanza ~= 1 or delegation.name ~= "delegation" or | 167 if #stanza ~= 1 or delegation.name ~= "delegation" or |
| 168 delegation.attr.xmlns ~= _DELEGATION_NS then | 168 delegation.attr.xmlns ~= _DELEGATION_NS then |
| 169 session.send(st.error_reply(stanza, 'modify', 'not-acceptable')) | 169 module:log("warn", "ignoring invalid iq result from managing entity %s", stanza.attr.from) |
| 170 return true | 170 return true |
| 171 end | 171 end |
| 172 | 172 |
| 173 local forwarded = delegation.tags[1] | 173 local forwarded = delegation.tags[1] |
| 174 if #delegation ~= 1 or forwarded.name ~= "forwarded" or | 174 if #delegation ~= 1 or forwarded.name ~= "forwarded" or |
| 175 forwarded.attr.xmlns ~= _FORWARDED_NS then | 175 forwarded.attr.xmlns ~= _FORWARDED_NS then |
| 176 session.send(st.error_reply(stanza, 'modify', 'not-acceptable')) | 176 module:log("warn", "ignoring invalid iq result from managing entity %s", stanza.attr.from) |
| 177 return true | 177 return true |
| 178 end | 178 end |
| 179 | 179 |
| 180 local iq = forwarded.tags[1] | 180 local iq = forwarded.tags[1] |
| 181 if #forwarded ~= 1 or iq.name ~= "iq" or #iq ~= 1 then | 181 if #forwarded ~= 1 or iq.name ~= "iq" or #iq ~= 1 then |
| 182 session.send(st.error_reply(stanza, 'modify', 'not-acceptable')) | 182 module:log("warn", "ignoring invalid iq result from managing entity %s", stanza.attr.from) |
| 183 return true | 183 return true |
| 184 end | 184 end |
| 185 | 185 |
| 186 local namespace = iq.tags[1].xmlns | 186 local namespace = iq.tags[1].xmlns |
| 187 local ns_data = ns_delegations[namespace] | 187 local ns_data = ns_delegations[namespace] |
| 188 local original = ns_data[_ORI_ID_PREFIX..stanza.attr.id] | 188 local original = ns_data[_ORI_ID_PREFIX..stanza.attr.id] |
| 189 | 189 |
| 190 if stanza.attr.from ~= ns_data.connected or iq.attr.type ~= "result" or | 190 if stanza.attr.from ~= ns_data.connected or iq.attr.type ~= "result" or |
| 191 iq.attr.id ~= original.attr.id or iq.attr.to ~= original.attr.from then | 191 iq.attr.id ~= original.attr.id or iq.attr.to ~= original.attr.from then |
| 192 session.send(st.error_reply(stanza, 'auth', 'forbidden')) | 192 module:log("warn", "ignoring forbidden iq result from managing entity %s, please check that the component is no trying to do something bad (stanza: %s)", stanza.attr.from, tostring(stanza)) |
| 193 module:send(st.error_reply(original, 'cancel', 'service-unavailable')) | 193 module:send(st.error_reply(original, 'cancel', 'service-unavailable')) |
| 194 return true | 194 return true |
| 195 end | 195 end |
| 196 | 196 |
| 197 -- at this point eveything is checked, | 197 -- at this point eveything is checked, |
