aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2022-08-28 07:51:50 +0100
committerMatthew Wild <mwild1@gmail.com>2022-08-28 07:51:50 +0100
commita2cabe641854d887bd5814ddf3037a3c4cd7440d (patch)
tree10cfc2fda2b0817cf769c8961d442023f25845c7 /plugins
parent2b397d14525079172b2c5aaf2b184a7fa66f6d61 (diff)
downloadprosody-a2cabe641854d887bd5814ddf3037a3c4cd7440d.tar.gz
prosody-a2cabe641854d887bd5814ddf3037a3c4cd7440d.zip
mod_component: Require 'from' attribute on stanzas by default
The old behaviour of falling back to the component domain when it is missing has been merged into the logic for the existing "validate_from_addresses" option (which is strict by default). ejabberd already rejects component stanzas with no 'from' (as the XEP requires), and this has led to compatibility issues for components that were seemingly working fine with Prosody.
Diffstat (limited to 'plugins')
-rw-r--r--plugins/mod_component.lua29
1 files changed, 13 insertions, 16 deletions
diff --git a/plugins/mod_component.lua b/plugins/mod_component.lua
index f57c4381..c1c29b5e 100644
--- a/plugins/mod_component.lua
+++ b/plugins/mod_component.lua
@@ -17,7 +17,7 @@ local logger = require "util.logger";
local sha1 = require "util.hashes".sha1;
local st = require "util.stanza";
-local jid_split = require "util.jid".split;
+local jid_host = require "util.jid".host;
local new_xmpp_stream = require "util.xmppstream".new;
local uuid_gen = require "util.uuid".generate;
@@ -222,22 +222,19 @@ function stream_callbacks.handlestanza(session, stanza)
end
if not stanza.attr.xmlns or stanza.attr.xmlns == "jabber:client" then
local from = stanza.attr.from;
- if from then
- if session.component_validate_from then
- local _, domain = jid_split(stanza.attr.from);
- if domain ~= session.host then
- -- Return error
- session.log("warn", "Component sent stanza with missing or invalid 'from' address");
- session:close{
- condition = "invalid-from";
- text = "Component tried to send from address <"..tostring(from)
- .."> which is not in domain <"..tostring(session.host)..">";
- };
- return;
- end
+ if session.component_validate_from then
+ if not from or (jid_host(from) ~= session.host) then
+ -- Return error
+ session.log("warn", "Component sent stanza with missing or invalid 'from' address");
+ session:close{
+ condition = "invalid-from";
+ text = "Component tried to send from address <"..(from or "< [missing 'from' attribute] >")
+ .."> which is not in domain <"..tostring(session.host)..">";
+ };
+ return;
end
- else
- stanza.attr.from = session.host; -- COMPAT: Strictly we shouldn't allow this
+ elseif not from then
+ stanza.attr.from = session.host;
end
if not stanza.attr.to then
session.log("warn", "Rejecting stanza with no 'to' address");