diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | doc/guide.html | 21 | ||||
| -rw-r--r-- | doc/guide.tex | 21 | ||||
| -rw-r--r-- | src/mod_muc/mod_muc.erl | 17 | ||||
| -rw-r--r-- | src/mod_muc/mod_muc_room.erl | 52 |
5 files changed, 98 insertions, 19 deletions
@@ -1,5 +1,11 @@ 2009-04-22 Badlop <badlop@process-one.net> + * src/mod_muc/mod_muc.erl: Limit number of characters in Room ID, + Name and Description (EJAB-899) + * src/mod_muc/mod_muc_room.erl: Likewise + * doc/guide.tex: Likewise + * doc/guide.html: Likewise + * src/cyrsasl.erl: Change API of check_password: pass a function to generate the digest (thanks to Graham Whitted)(EJAB-863) * src/cyrsasl_anonymous.erl: Likewise diff --git a/doc/guide.html b/doc/guide.html index 8cf7310ec..98db96307 100644 --- a/doc/guide.html +++ b/doc/guide.html @@ -2134,6 +2134,18 @@ number of rooms that any given user can join. The default value is 10. This option is used to prevent possible abuses. Note that this is a soft limit: some users can sometimes join more conferences in cluster configurations. +</DD><DT CLASS="dt-description"><B><TT>max_room_id</TT></B></DT><DD CLASS="dd-description"> +This option defines the maximum number of characters that Room ID +can have when creating a new room. +The default value is to not limit: infinite. +</DD><DT CLASS="dt-description"><B><TT>max_room_name</TT></B></DT><DD CLASS="dd-description"> +This option defines the maximum number of characters that Room Name +can have when configuring the room. +The default value is to not limit: infinite. +</DD><DT CLASS="dt-description"><B><TT>max_room_desc</TT></B></DT><DD CLASS="dd-description"> +This option defines the maximum number of characters that Room Description +can have when configuring the room. +The default value is to not limit: infinite. </DD><DT CLASS="dt-description"><B><TT>min_message_interval</TT></B></DT><DD CLASS="dd-description"> This option defines the minimum interval between two messages send by an occupant in seconds. This option is global and valid for all @@ -2245,12 +2257,17 @@ and the default value of 20 history messages will be send to the users. ]}. </PRE></LI><LI CLASS="li-itemize">In the following example, MUC anti abuse options are used. An occupant cannot send more than one message every 0.4 seconds and cannot -change its presence more than once every 4 seconds. No ACLs are +change its presence more than once every 4 seconds. +The length of Room IDs and Room Names are limited to 20 characters, +and Room Description to 300 characters. No ACLs are defined, but some user restriction could be added as well:<PRE CLASS="verbatim">{modules, [ ... {mod_muc, [{min_message_interval, 0.4}, - {min_presence_interval, 4}]}, + {min_presence_interval, 4}, + {max_room_id, 20}, + {max_room_name, 20}, + {max_room_desc, 300}]}, ... ]}. </PRE></LI><LI CLASS="li-itemize">This example shows how to use <TT>default_room_options</TT> to make sure diff --git a/doc/guide.tex b/doc/guide.tex index ab9d11324..159ac6133 100644 --- a/doc/guide.tex +++ b/doc/guide.tex @@ -2811,6 +2811,18 @@ Module options: is 10. This option is used to prevent possible abuses. Note that this is a soft limit: some users can sometimes join more conferences in cluster configurations. +\titem{max\_room\_id} \ind{options!max\_room\_id} + This option defines the maximum number of characters that Room ID + can have when creating a new room. + The default value is to not limit: infinite. +\titem{max\_room\_name} \ind{options!max\_room\_name} + This option defines the maximum number of characters that Room Name + can have when configuring the room. + The default value is to not limit: infinite. +\titem{max\_room\_desc} \ind{options!max\_room\_desc} + This option defines the maximum number of characters that Room Description + can have when configuring the room. + The default value is to not limit: infinite. \titem{min\_message\_interval} \ind{options!min\_message\_interval} This option defines the minimum interval between two messages send by an occupant in seconds. This option is global and valid for all @@ -2929,7 +2941,9 @@ Examples: \item In the following example, MUC anti abuse options are used. An occupant cannot send more than one message every 0.4 seconds and cannot -change its presence more than once every 4 seconds. No ACLs are +change its presence more than once every 4 seconds. +The length of Room IDs and Room Names are limited to 20 characters, +and Room Description to 300 characters. No ACLs are defined, but some user restriction could be added as well: \begin{verbatim} @@ -2937,7 +2951,10 @@ defined, but some user restriction could be added as well: [ ... {mod_muc, [{min_message_interval, 0.4}, - {min_presence_interval, 4}]}, + {min_presence_interval, 4}, + {max_room_id, 20}, + {max_room_name, 20}, + {max_room_desc, 300}]}, ... ]}. \end{verbatim} diff --git a/src/mod_muc/mod_muc.erl b/src/mod_muc/mod_muc.erl index 6edbbdf82..2a7242fdf 100644 --- a/src/mod_muc/mod_muc.erl +++ b/src/mod_muc/mod_muc.erl @@ -460,8 +460,10 @@ do_route1(Host, ServerHost, Access, HistorySize, RoomShaper, Type = xml:get_attr_s("type", Attrs), case {Name, Type} of {"presence", ""} -> - case acl:match_rule(ServerHost, AccessCreate, From) of - allow -> + case check_user_can_create_room(ServerHost, + AccessCreate, From, + Room) of + true -> ?DEBUG("MUC: open new room '~s'~n", [Room]), {ok, Pid} = mod_muc_room:start( Host, ServerHost, Access, @@ -471,7 +473,7 @@ do_route1(Host, ServerHost, Access, HistorySize, RoomShaper, register_room(Host, Room, Pid), mod_muc_room:route(Pid, From, Nick, Packet), ok; - _ -> + false -> Lang = xml:get_attr_s("xml:lang", Attrs), ErrText = "Room creation is denied by service policy", Err = jlib:make_error_reply( @@ -493,7 +495,14 @@ do_route1(Host, ServerHost, Access, HistorySize, RoomShaper, end end. - +check_user_can_create_room(ServerHost, AccessCreate, From, RoomID) -> + case acl:match_rule(ServerHost, AccessCreate, From) of + allow -> + (length(RoomID) =< gen_mod:get_module_opt(ServerHost, mod_muc, + max_room_id, infinite)); + _ -> + false + end. load_permanent_rooms(Host, ServerHost, Access, HistorySize, RoomShaper) -> diff --git a/src/mod_muc/mod_muc_room.erl b/src/mod_muc/mod_muc_room.erl index 2fc518c80..634552938 100644 --- a/src/mod_muc/mod_muc_room.erl +++ b/src/mod_muc/mod_muc_room.erl @@ -2625,11 +2625,16 @@ process_iq_owner(From, set, Lang, SubEl, StateData) -> {?NS_XDATA, "cancel"} -> {result, [], StateData}; {?NS_XDATA, "submit"} -> - case {check_allowed_log_change(XEl, StateData, From), - check_allowed_persistent_change(XEl, StateData, From)} of - {allow, allow} -> set_config(XEl, StateData); - _ -> {error, ?ERR_BAD_REQUEST} - end; + case is_allowed_log_change(XEl, StateData, From) + andalso + is_allowed_persistent_change(XEl, StateData, + From) + andalso + is_allowed_room_name_desc_limits(XEl, + StateData) of + true -> set_config(XEl, StateData); + false -> {error, ?ERR_BAD_REQUEST} + end; _ -> {error, ?ERR_BAD_REQUEST} end; @@ -2681,26 +2686,51 @@ process_iq_owner(From, get, Lang, SubEl, StateData) -> {error, ?ERRT_FORBIDDEN(Lang, ErrText)} end. -check_allowed_log_change(XEl, StateData, From) -> +is_allowed_log_change(XEl, StateData, From) -> case lists:keymember("muc#roomconfig_enablelogging", 1, jlib:parse_xdata_submit(XEl)) of false -> - allow; + true; true -> - mod_muc_log:check_access_log( - StateData#state.server_host, From) + (allow == mod_muc_log:check_access_log( + StateData#state.server_host, From)) end. -check_allowed_persistent_change(XEl, StateData, From) -> +is_allowed_persistent_change(XEl, StateData, From) -> case lists:keymember("muc#roomconfig_persistentroom", 1, jlib:parse_xdata_submit(XEl)) of false -> - allow; + true; true -> {_AccessRoute, _AccessCreate, _AccessAdmin, AccessPersistent} = StateData#state.access, acl:match_rule(StateData#state.server_host, AccessPersistent, From) end. +%% Check if the Room Name and Room Description defined in the Data Form +%% are conformant to the configured limits +is_allowed_room_name_desc_limits(XEl, StateData) -> + IsNameAccepted = + case lists:keysearch("muc#roomconfig_roomname", 1, + jlib:parse_xdata_submit(XEl)) of + {value, {_, [N]}} -> + length(N) =< gen_mod:get_module_opt(StateData#state.server_host, + mod_muc, max_room_name, + infinite); + _ -> + true + end, + IsDescAccepted = + case lists:keysearch("muc#roomconfig_roomdesc", 1, + jlib:parse_xdata_submit(XEl)) of + {value, {_, [D]}} -> + length(D) =< gen_mod:get_module_opt(StateData#state.server_host, + mod_muc, max_room_desc, + infinite); + _ -> + true + end, + IsNameAccepted and IsDescAccepted. + -define(XFIELD(Type, Label, Var, Val), {xmlelement, "field", [{"type", Type}, {"label", translate:translate(Lang, Label)}, |