Software /
code /
prosody
File
plugins/muc/mod_muc.lua @ 6909:494938dec5d8
MUC: Reject muc:admin query with missing <item> child
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 18 Oct 2015 14:00:15 +0200 |
parent | 6800:ad231285efdd |
child | 7086:6cc7c9da29ed |
line wrap: on
line source
-- Prosody IM -- Copyright (C) 2008-2010 Matthew Wild -- Copyright (C) 2008-2010 Waqas Hussain -- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- if module:get_host_type() ~= "component" then error("MUC should be loaded as a component, please see http://prosody.im/doc/components", 0); end local muclib = module:require "muc"; room_mt = muclib.room_mt; -- Yes, global. local affiliation_notify = module:require "muc/affiliation_notify"; local name = module:require "muc/name"; room_mt.get_name = name.get; room_mt.set_name = name.set; local description = module:require "muc/description"; room_mt.get_description = description.get; room_mt.set_description = description.set; local hidden = module:require "muc/hidden"; room_mt.get_hidden = hidden.get; room_mt.set_hidden = hidden.set; function room_mt:get_public() return not self:get_hidden(); end function room_mt:set_public(public) return self:set_hidden(not public); end local password = module:require "muc/password"; room_mt.get_password = password.get; room_mt.set_password = password.set; local members_only = module:require "muc/members_only"; room_mt.get_members_only = members_only.get; room_mt.set_members_only = members_only.set; local moderated = module:require "muc/moderated"; room_mt.get_moderated = moderated.get; room_mt.set_moderated = moderated.set; local persistent = module:require "muc/persistent"; room_mt.get_persistent = persistent.get; room_mt.set_persistent = persistent.set; local subject = module:require "muc/subject"; room_mt.get_changesubject = subject.get_changesubject; room_mt.set_changesubject = subject.set_changesubject; room_mt.get_subject = subject.get; room_mt.set_subject = subject.set; room_mt.send_subject = subject.send; local history = module:require "muc/history"; room_mt.send_history = history.send; room_mt.get_historylength = history.get_length; room_mt.set_historylength = history.set_length; local iterators = require "util.iterators"; local jid_split = require "util.jid".split; local jid_bare = require "util.jid".bare; local st = require "util.stanza"; local um_is_admin = require "core.usermanager".is_admin; local rooms = module:shared "rooms"; module:depends("disco"); module:add_identity("conference", "text", module:get_option_string("name", "Prosody Chatrooms")); module:add_feature("http://jabber.org/protocol/muc"); module:depends "muc_unique" module:require "muc/lock"; local function is_admin(jid) return um_is_admin(jid, module.host); end do -- Monkey patch to make server admins room owners local _get_affiliation = room_mt.get_affiliation; function room_mt:get_affiliation(jid) if is_admin(jid) then return "owner"; end return _get_affiliation(self, jid); end local _set_affiliation = room_mt.set_affiliation; function room_mt:set_affiliation(actor, jid, affiliation, reason) if affiliation ~= "owner" and is_admin(jid) then return nil, "modify", "not-acceptable"; end return _set_affiliation(self, actor, jid, affiliation, reason); end end local persistent_rooms_storage = module:open_store("persistent"); local persistent_rooms = module:open_store("persistent", "map"); local room_configs = module:open_store("config"); local function room_save(room, forced) local node = jid_split(room.jid); local is_persistent = persistent.get(room); persistent_rooms:set(nil, room.jid, is_persistent); if is_persistent then local history = room._data.history; room._data.history = nil; local data = { jid = room.jid; _data = room._data; _affiliations = room._affiliations; }; room_configs:set(node, data); room._data.history = history; elseif forced then room_configs:set(node, nil); if not next(room._occupants) then -- Room empty rooms[room.jid] = nil; end end end -- Automatically destroy empty non-persistent rooms module:hook("muc-occupant-left",function(event) local room = event.room if not room:has_occupant() and not persistent.get(room) then -- empty, non-persistent room module:fire_event("muc-room-destroyed", { room = room }); end end); function track_room(room) rooms[room.jid] = room; -- When room is created, over-ride 'save' method room.save = room_save; end local function restore_room(jid) local node = jid_split(jid); local data = room_configs:get(node); if data then local room = muclib.new_room(jid); room._data = data._data; room._affiliations = data._affiliations; track_room(room); return room; end end function forget_room(room) local room_jid = room.jid; local node = jid_split(room.jid); rooms[room_jid] = nil; room_configs:set(node, nil); if persistent.get(room) then persistent_rooms:set(nil, room_jid, nil); end end function get_room_from_jid(room_jid) local room = rooms[room_jid]; if room == nil then -- Check if in persistent storage if persistent_rooms:get(nil, room_jid) then room = restore_room(room_jid); if room == nil then module:log("error", "Missing data for room '%s', removing from persistent room list", room_jid); persistent_rooms:set(nil, room_jid, nil); end end end return room end function each_room(local_only) if not local_only then for room_jid in pairs(persistent_rooms_storage:get(nil) or {}) do if rooms[room_jid] == nil then -- Don't restore rooms that already exist local room = restore_room(room_jid); if room == nil then module:log("error", "Missing data for room '%s', omitting from iteration", room_jid); end end end end return iterators.values(rooms); end module:hook("host-disco-items", function(event) local reply = event.reply; module:log("debug", "host-disco-items called"); for room in each_room() do if not room:get_hidden() then reply:tag("item", {jid=room.jid, name=room:get_name()}):up(); end end end); module:hook("muc-room-pre-create", function(event) track_room(event.room); end, -1000); module:hook("muc-room-destroyed",function(event) return forget_room(event.room); end) do local restrict_room_creation = module:get_option("restrict_room_creation"); if restrict_room_creation == true then restrict_room_creation = "admin"; end if restrict_room_creation then local host_suffix = module.host:gsub("^[^%.]+%.", ""); module:hook("muc-room-pre-create", function(event) local origin, stanza = event.origin, event.stanza; local user_jid = stanza.attr.from; if not is_admin(user_jid) and not ( restrict_room_creation == "local" and select(2, jid_split(user_jid)) == host_suffix ) then origin.send(st.error_reply(stanza, "cancel", "not-allowed")); return true; end end); end end for event_name, method in pairs { -- Normal room interactions ["iq-get/bare/http://jabber.org/protocol/disco#info:query"] = "handle_disco_info_get_query" ; ["iq-get/bare/http://jabber.org/protocol/disco#items:query"] = "handle_disco_items_get_query" ; ["iq-set/bare/http://jabber.org/protocol/muc#admin:query"] = "handle_admin_query_set_command" ; ["iq-get/bare/http://jabber.org/protocol/muc#admin:query"] = "handle_admin_query_get_command" ; ["iq-set/bare/http://jabber.org/protocol/muc#owner:query"] = "handle_owner_query_set_to_room" ; ["iq-get/bare/http://jabber.org/protocol/muc#owner:query"] = "handle_owner_query_get_to_room" ; ["message/bare"] = "handle_message_to_room" ; ["presence/bare"] = "handle_presence_to_room" ; -- Host room ["iq-get/host/http://jabber.org/protocol/disco#info:query"] = "handle_disco_info_get_query" ; ["iq-get/host/http://jabber.org/protocol/disco#items:query"] = "handle_disco_items_get_query" ; ["iq-set/host/http://jabber.org/protocol/muc#admin:query"] = "handle_admin_query_set_command" ; ["iq-get/host/http://jabber.org/protocol/muc#admin:query"] = "handle_admin_query_get_command" ; ["iq-set/host/http://jabber.org/protocol/muc#owner:query"] = "handle_owner_query_set_to_room" ; ["iq-get/host/http://jabber.org/protocol/muc#owner:query"] = "handle_owner_query_get_to_room" ; ["message/host"] = "handle_message_to_room" ; ["presence/host"] = "handle_presence_to_room" ; -- Direct to occupant (normal rooms and host room) ["presence/full"] = "handle_presence_to_occupant" ; ["iq/full"] = "handle_iq_to_occupant" ; ["message/full"] = "handle_message_to_occupant" ; } do module:hook(event_name, function (event) local origin, stanza = event.origin, event.stanza; local room_jid = jid_bare(stanza.attr.to); local room = get_room_from_jid(room_jid); if room == nil then -- Watch presence to create rooms if stanza.attr.type == nil and stanza.name == "presence" then room = muclib.new_room(room_jid); else origin.send(st.error_reply(stanza, "cancel", "not-allowed")); return true; end end return room[method](room, origin, stanza); end, -2) end function shutdown_component() local x = st.stanza("x", {xmlns = "http://jabber.org/protocol/muc#user"}) :tag("status", { code = "332"}):up(); for room in each_room(true) do room:clear(x); end end module:hook_global("server-stopping", shutdown_component); do -- Ad-hoc commands module:depends "adhoc"; local t_concat = table.concat; local adhoc_new = module:require "adhoc".new; local adhoc_initial = require "util.adhoc".new_initial_data_form; local array = require "util.array"; local dataforms_new = require "util.dataforms".new; local destroy_rooms_layout = dataforms_new { title = "Destroy rooms"; instructions = "Select the rooms to destroy"; { name = "FORM_TYPE", type = "hidden", value = "http://prosody.im/protocol/muc#destroy" }; { name = "rooms", type = "list-multi", required = true, label = "Rooms to destroy:"}; }; local destroy_rooms_handler = adhoc_initial(destroy_rooms_layout, function() return { rooms = array.collect(each_room()):pluck("jid"):sort(); }; end, function(fields, errors) if errors then local errmsg = {}; for name, err in pairs(errors) do errmsg[#errmsg + 1] = name .. ": " .. err; end return { status = "completed", error = { message = t_concat(errmsg, "\n") } }; end for _, room in ipairs(fields.rooms) do get_room_from_jid(room):destroy(); end return { status = "completed", info = "The following rooms were destroyed:\n"..t_concat(fields.rooms, "\n") }; end); local destroy_rooms_desc = adhoc_new("Destroy Rooms", "http://prosody.im/protocol/muc#destroy", destroy_rooms_handler, "admin"); module:provides("adhoc", destroy_rooms_desc); end