prosody
6122a6270773
net/xmppcomponent_listener.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

net/xmppcomponent_listener.lua @ 3316:6122a6270773

xmppcomponent_listener: Don't validate to/from on non-stanzas, fixes component auth.
author Waqas Hussain <waqas20@gmail.com>
date Sat, 03 Jul 2010 18:11:28 +0500
parent 3315:f4d2de6ac22e
child 3320:517ae40a12a2
comparison
equal deleted inserted replaced
3315:f4d2de6ac22e 3316:6122a6270773
97 function stream_callbacks.handlestanza(session, stanza) 97 function stream_callbacks.handlestanza(session, stanza)
98 -- Namespaces are icky. 98 -- Namespaces are icky.
99 if not stanza.attr.xmlns and stanza.name == "handshake" then 99 if not stanza.attr.xmlns and stanza.name == "handshake" then
100 stanza.attr.xmlns = xmlns_component; 100 stanza.attr.xmlns = xmlns_component;
101 end 101 end
102 local from = stanza.attr.from; 102 if not stanza.attr.xmlns or stanza.attr.xmlns == "jabber:client" then
103 if from then 103 local from = stanza.attr.from;
104 if session.component_validate_from then 104 if from then
105 local _, domain = jid_split(stanza.attr.from); 105 if session.component_validate_from then
106 if domain ~= session.host then 106 local _, domain = jid_split(stanza.attr.from);
107 -- Return error 107 if domain ~= session.host then
108 session:close{ 108 -- Return error
109 condition = "invalid-from"; 109 session:close{
110 text = "Component tried to send from address <"..tostring(from) 110 condition = "invalid-from";
111 .."> which is not in domain <"..tostring(session.host)..">"; 111 text = "Component tried to send from address <"..tostring(from)
112 }; 112 .."> which is not in domain <"..tostring(session.host)..">";
113 return; 113 };
114 end 114 return;
115 end 115 end
116 else 116 end
117 else
117 stanza.attr.from = session.host; 118 stanza.attr.from = session.host;
118 end 119 end
119 if not stanza.attr.to then 120 if not stanza.attr.to then
120 session.send(st.error_reply(stanza, "modify", "bad-request", "Components MUST specify a 'to' address on stanzas")); 121 session.send(st.error_reply(stanza, "modify", "bad-request", "Components MUST specify a 'to' address on stanzas"));
121 return; 122 return;
123 end
122 end 124 end
123 return core_process_stanza(session, stanza); 125 return core_process_stanza(session, stanza);
124 end 126 end
125 127
126 --- Closing a component connection 128 --- Closing a component connection