Software / code / prosody
Changeset
11246:ab189e707705
MUC: Reject probes from non-occupants
Also test for self-probes
| author | JC Brand <jc@opkode.com> |
|---|---|
| date | Fri, 02 Oct 2020 16:12:47 +0200 |
| parents | 11245:43b43e7156b8 |
| children | 11247:4e803e80d7b1 |
| files | plugins/muc/muc.lib.lua spec/scansion/muc_presence_probe.scs |
| diffstat | 2 files changed, 85 insertions(+), 13 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/muc/muc.lib.lua Sun Apr 19 21:49:45 2020 +0200 +++ b/plugins/muc/muc.lib.lua Fri Oct 02 16:12:47 2020 +0200 @@ -595,6 +595,26 @@ return event.stanza; end +function room_mt:respond_to_probe(origin, stanza, probing_occupant) + if probing_occupant == nil then + origin.send(st.error_reply(stanza, "cancel", "not-acceptable", "You are not currently connected to this chat", self.jid)); + return; + end + + local from_muc_jid = stanza.attr.to; + local probed_occupant = self:get_occupant_by_nick(from_muc_jid); + if probed_occupant == nil then + local to_jid = stanza.attr.from; + local pr = self:build_unavailable_presence(from_muc_jid, to_jid); + if pr then + self:route_stanza(pr); + end + return; + end + local x = st.stanza("x", {xmlns = "http://jabber.org/protocol/muc#user"}); + self:publicise_occupant_status(probed_occupant, x, nil, nil, nil, nil, false, probing_occupant); +end + function room_mt:handle_normal_presence(origin, stanza) local type = stanza.attr.type; @@ -616,18 +636,7 @@ if orig_occupant == nil then return true; end -- Unavailable from someone not in the room -- dest_occupant = nil elseif type == "probe" then - local occupant = self:get_occupant_by_nick(stanza.attr.to); - if occupant == nil then - local from_muc_jid = stanza.attr.to; - local to_jid = real_jid; - local pr = self:build_unavailable_presence(from_muc_jid, to_jid); - if pr then - self:route_stanza(pr); - end - return true; - end - local x = st.stanza("x", {xmlns = "http://jabber.org/protocol/muc#user"}); - self:publicise_occupant_status(occupant, x, nil, nil, nil, nil, false, orig_occupant); + self:respond_to_probe(origin, stanza, orig_occupant) return true; elseif orig_occupant and orig_occupant.nick == stanza.attr.to then -- Just a presence update log("debug", "presence update for %s from session %s", orig_occupant.nick, real_jid);
--- a/spec/scansion/muc_presence_probe.scs Sun Apr 19 21:49:45 2020 +0200 +++ b/spec/scansion/muc_presence_probe.scs Fri Oct 02 16:12:47 2020 +0200 @@ -16,6 +16,8 @@ Romeo connects +# Romeo joins the MUC + Romeo sends: <presence to="room@conference.localhost/Romeo"> <x xmlns="http://jabber.org/protocol/muc"/> @@ -52,10 +54,53 @@ <iq id="config1" from="room@conference.localhost" type="result"> </iq> -# Juliet connects, and joins the room +# Romeo probes himself + +Romeo sends: + <presence to="room@conference.localhost/Romeo" type="probe"> + <x xmlns="http://jabber.org/protocol/muc"/> + </presence> + +Romeo receives: + <presence from='room@conference.localhost/Romeo'> + <x xmlns='http://jabber.org/protocol/muc#user'> + <item jid="${Romeo's full JID}" affiliation='owner' role='moderator'/> + </x> + </presence> + +# Juliet tries to probe Romeo before joining the room + Juliet connects Juliet sends: + <presence to="room@conference.localhost/Romeo" type="probe"> + <x xmlns="http://jabber.org/protocol/muc"/> + </presence> + +Juliet receives: + <presence from="room@conference.localhost/Romeo" type="error"> + <error type="cancel"> + <not-acceptable xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/> + </error> + </presence> + +# Juliet tries to probe Mercutio (who's not in the MUC) before joining the room + +Juliet sends: + <presence to="room@conference.localhost/Mercutio" type="probe"> + <x xmlns="http://jabber.org/protocol/muc"/> + </presence> + +Juliet receives: + <presence from="room@conference.localhost/Mercutio" type="error"> + <error type="cancel"> + <not-acceptable xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/> + </error> + </presence> + +# Juliet joins the room + +Juliet sends: <presence to="room@conference.localhost/Juliet"> <x xmlns="http://jabber.org/protocol/muc"/> </presence> @@ -80,6 +125,24 @@ </x> </presence> + +# Mercutio tries to probe himself in a MUC before joining + +Mercutio connects + +Mercutio sends: + <presence to="room@conference.localhost/Mercutio" type="probe"> + <x xmlns="http://jabber.org/protocol/muc"/> + </presence> + +Mercutio receives: + <presence from="room@conference.localhost/Mercutio" type="error"> + <error type="cancel"> + <not-acceptable xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/> + </error> + </presence> + + # Romeo makes Mercutio a member and registers his nickname Romeo sends:
