mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-03 21:27:38 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

MUC: Reject probes from non-occupants

Browse source 
Also test for self-probes
This commit is contained in:
JC Brand 2020-10-02 16:12:47 +02:00
parent 0b783f68d6
commit 25135bbd16
2 changed files with 85 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

33
plugins/muc/muc.lib.lua
View file

@ -595,6 +595,26 @@ function room_mt:build_unavailable_presence(from_muc_jid, to_jid)
return event.stanza; return event.stanza;
end end
function room_mt:respond_to_probe(origin, stanza, probing_occupant)
if probing_occupant == nil then
origin.send(st.error_reply(stanza, "cancel", "not-acceptable", "You are not currently connected to this chat", self.jid));
return;
end
local from_muc_jid = stanza.attr.to;
local probed_occupant = self:get_occupant_by_nick(from_muc_jid);
if probed_occupant == nil then
local to_jid = stanza.attr.from;
local pr = self:build_unavailable_presence(from_muc_jid, to_jid);
if pr then
self:route_stanza(pr);
end
return;
end
local x = st.stanza("x", {xmlns = "http://jabber.org/protocol/muc#user"});
self:publicise_occupant_status(probed_occupant, x, nil, nil, nil, nil, false, probing_occupant);
end
function room_mt:handle_normal_presence(origin, stanza) function room_mt:handle_normal_presence(origin, stanza)
local type = stanza.attr.type; local type = stanza.attr.type;
@ -616,18 +636,7 @@ function room_mt:handle_normal_presence(origin, stanza)
if orig_occupant == nil then return true; end -- Unavailable from someone not in the room if orig_occupant == nil then return true; end -- Unavailable from someone not in the room
-- dest_occupant = nil -- dest_occupant = nil
elseif type == "probe" then elseif type == "probe" then
local occupant = self:get_occupant_by_nick(stanza.attr.to); self:respond_to_probe(origin, stanza, orig_occupant)
if occupant == nil then
local from_muc_jid = stanza.attr.to;
local to_jid = real_jid;
local pr = self:build_unavailable_presence(from_muc_jid, to_jid);
if pr then
self:route_stanza(pr);
end
return true;
end
local x = st.stanza("x", {xmlns = "http://jabber.org/protocol/muc#user"});
self:publicise_occupant_status(occupant, x, nil, nil, nil, nil, false, orig_occupant);
return true; return true;
elseif orig_occupant and orig_occupant.nick == stanza.attr.to then -- Just a presence update elseif orig_occupant and orig_occupant.nick == stanza.attr.to then -- Just a presence update
log("debug", "presence update for %s from session %s", orig_occupant.nick, real_jid); log("debug", "presence update for %s from session %s", orig_occupant.nick, real_jid);

65
spec/scansion/muc_presence_probe.scs
View file

@ -16,6 +16,8 @@
Romeo connects Romeo connects
# Romeo joins the MUC
Romeo sends: Romeo sends:
<presence to="room@conference.localhost/Romeo"> <presence to="room@conference.localhost/Romeo">
<x xmlns="http://jabber.org/protocol/muc"/> <x xmlns="http://jabber.org/protocol/muc"/>
@ -52,9 +54,52 @@ Romeo receives:
<iq id="config1" from="room@conference.localhost" type="result"> <iq id="config1" from="room@conference.localhost" type="result">
</iq> </iq>
# Juliet connects, and joins the room # Romeo probes himself
Romeo sends:
<presence to="room@conference.localhost/Romeo" type="probe">
<x xmlns="http://jabber.org/protocol/muc"/>
</presence>
Romeo receives:
<presence from='room@conference.localhost/Romeo'>
<x xmlns='http://jabber.org/protocol/muc#user'>
<item jid="${Romeo's full JID}" affiliation='owner' role='moderator'/>
</x>
</presence>
# Juliet tries to probe Romeo before joining the room
Juliet connects Juliet connects
Juliet sends:
<presence to="room@conference.localhost/Romeo" type="probe">
<x xmlns="http://jabber.org/protocol/muc"/>
</presence>
Juliet receives:
<presence from="room@conference.localhost/Romeo" type="error">
<error type="cancel">
<not-acceptable xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/>
</error>
</presence>
# Juliet tries to probe Mercutio (who's not in the MUC) before joining the room
Juliet sends:
<presence to="room@conference.localhost/Mercutio" type="probe">
<x xmlns="http://jabber.org/protocol/muc"/>
</presence>
Juliet receives:
<presence from="room@conference.localhost/Mercutio" type="error">
<error type="cancel">
<not-acceptable xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/>
</error>
</presence>
# Juliet joins the room
Juliet sends: Juliet sends:
<presence to="room@conference.localhost/Juliet"> <presence to="room@conference.localhost/Juliet">
<x xmlns="http://jabber.org/protocol/muc"/> <x xmlns="http://jabber.org/protocol/muc"/>
@ -80,6 +125,24 @@ Romeo receives:
</x> </x>
</presence> </presence>
# Mercutio tries to probe himself in a MUC before joining
Mercutio connects
Mercutio sends:
<presence to="room@conference.localhost/Mercutio" type="probe">
<x xmlns="http://jabber.org/protocol/muc"/>
</presence>
Mercutio receives:
<presence from="room@conference.localhost/Mercutio" type="error">
<error type="cancel">
<not-acceptable xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/>
</error>
</presence>
# Romeo makes Mercutio a member and registers his nickname # Romeo makes Mercutio a member and registers his nickname
Romeo sends: Romeo sends: