diff options
| author | Matthew Wild <mwild1@gmail.com> | 2022-08-28 07:51:50 +0100 |
|---|---|---|
| committer | Matthew Wild <mwild1@gmail.com> | 2022-08-28 07:51:50 +0100 |
| commit | a2cabe641854d887bd5814ddf3037a3c4cd7440d (patch) | |
| tree | 10cfc2fda2b0817cf769c8961d442023f25845c7 /plugins | |
| parent | 2b397d14525079172b2c5aaf2b184a7fa66f6d61 (diff) | |
| download | prosody-a2cabe641854d887bd5814ddf3037a3c4cd7440d.tar.gz prosody-a2cabe641854d887bd5814ddf3037a3c4cd7440d.zip | |
mod_component: Require 'from' attribute on stanzas by default
The old behaviour of falling back to the component domain when it is missing
has been merged into the logic for the existing "validate_from_addresses"
option (which is strict by default).
ejabberd already rejects component stanzas with no 'from' (as the XEP
requires), and this has led to compatibility issues for components that were
seemingly working fine with Prosody.
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/mod_component.lua | 29 |
1 files changed, 13 insertions, 16 deletions
diff --git a/plugins/mod_component.lua b/plugins/mod_component.lua index f57c4381..c1c29b5e 100644 --- a/plugins/mod_component.lua +++ b/plugins/mod_component.lua @@ -17,7 +17,7 @@ local logger = require "util.logger"; local sha1 = require "util.hashes".sha1; local st = require "util.stanza"; -local jid_split = require "util.jid".split; +local jid_host = require "util.jid".host; local new_xmpp_stream = require "util.xmppstream".new; local uuid_gen = require "util.uuid".generate; @@ -222,22 +222,19 @@ function stream_callbacks.handlestanza(session, stanza) end if not stanza.attr.xmlns or stanza.attr.xmlns == "jabber:client" then local from = stanza.attr.from; - if from then - if session.component_validate_from then - local _, domain = jid_split(stanza.attr.from); - if domain ~= session.host then - -- Return error - session.log("warn", "Component sent stanza with missing or invalid 'from' address"); - session:close{ - condition = "invalid-from"; - text = "Component tried to send from address <"..tostring(from) - .."> which is not in domain <"..tostring(session.host)..">"; - }; - return; - end + if session.component_validate_from then + if not from or (jid_host(from) ~= session.host) then + -- Return error + session.log("warn", "Component sent stanza with missing or invalid 'from' address"); + session:close{ + condition = "invalid-from"; + text = "Component tried to send from address <"..(from or "< [missing 'from' attribute] >") + .."> which is not in domain <"..tostring(session.host)..">"; + }; + return; end - else - stanza.attr.from = session.host; -- COMPAT: Strictly we shouldn't allow this + elseif not from then + stanza.attr.from = session.host; end if not stanza.attr.to then session.log("warn", "Rejecting stanza with no 'to' address"); |