Commit 277f3f21 authored by Dave Cridland's avatar Dave Cridland

Merge pull request #89 from tevans/master

OF-807 + OF-670: Prep for 3.10.0
parents 27ccb695 8baf255a
...@@ -74,6 +74,7 @@ import org.xmpp.packet.IQ; ...@@ -74,6 +74,7 @@ import org.xmpp.packet.IQ;
import org.xmpp.packet.JID; import org.xmpp.packet.JID;
import org.xmpp.packet.Message; import org.xmpp.packet.Message;
import org.xmpp.packet.Packet; import org.xmpp.packet.Packet;
import org.xmpp.packet.PacketError;
import org.xmpp.packet.Presence; import org.xmpp.packet.Presence;
import org.xmpp.resultsetmanagement.ResultSet; import org.xmpp.resultsetmanagement.ResultSet;
...@@ -308,10 +309,18 @@ public class MultiUserChatServiceImpl implements Component, MultiUserChatService ...@@ -308,10 +309,18 @@ public class MultiUserChatServiceImpl implements Component, MultiUserChatService
return; return;
} }
} }
// The packet is a normal packet that should possibly be sent to the room // OF-670: Kick MUC users who return permanent error conditions;
JID receipient = packet.getTo(); // also detects S2S-based users from non-responsive domains.
String roomName = receipient != null ? receipient.getNode() : null; if (packet.getError() != null &&
getChatUser(packet.getFrom(), roomName).process(packet); packet.getError().getType().equals(PacketError.Type.cancel)) {
removeUser(packet.getFrom());
}
else {
// The packet is a normal packet that should possibly be sent to the room
JID receipient = packet.getTo();
String roomName = receipient != null ? receipient.getNode() : null;
getChatUser(packet.getFrom(), roomName).process(packet);
}
} }
catch (Exception e) { catch (Exception e) {
Log.error(LocaleUtils.getLocalizedString("admin.error"), e); Log.error(LocaleUtils.getLocalizedString("admin.error"), e);
......
...@@ -20,9 +20,11 @@ ...@@ -20,9 +20,11 @@
package org.jivesoftware.util; package org.jivesoftware.util;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.net.IDN;
import java.security.MessageDigest; import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.text.BreakIterator; import java.text.BreakIterator;
import java.text.MessageFormat;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection; import java.util.Collection;
import java.util.Collections; import java.util.Collections;
...@@ -52,7 +54,7 @@ public class StringUtils { ...@@ -52,7 +54,7 @@ public class StringUtils {
private static final char[] AMP_ENCODE = "&".toCharArray(); private static final char[] AMP_ENCODE = "&".toCharArray();
private static final char[] LT_ENCODE = "<".toCharArray(); private static final char[] LT_ENCODE = "<".toCharArray();
private static final char[] GT_ENCODE = ">".toCharArray(); private static final char[] GT_ENCODE = ">".toCharArray();
private StringUtils() { private StringUtils() {
// Not instantiable. // Not instantiable.
} }
...@@ -1118,6 +1120,28 @@ public class StringUtils { ...@@ -1118,6 +1120,28 @@ public class StringUtils {
} }
} }
/**
* Returns a valid domain name, possibly as an ACE-encoded IDN
* (per <a href="http://www.ietf.org/rfc/rfc3490.txt">RFC 3490</a>).
*
* @param domain Proposed domain name
* @return The validated domain name, possibly ACE-encoded
* @throws IllegalArgumentException The given domain name is not valid
*/
public static String validateDomainName(String domain) {
if (domain == null || domain.trim().length() == 0) {
throw new IllegalArgumentException("Domain name cannot be null or empty");
}
String result = IDN.toASCII(domain);
if (result.equals(domain)) {
// no conversion; validate again via USE_STD3_ASCII_RULES
IDN.toASCII(domain, IDN.USE_STD3_ASCII_RULES);
} else {
Log.info(MessageFormat.format("Converted domain name: from '{0}' to '{1}'", domain, result));
}
return result;
}
/** /**
* Removes characters likely to enable Cross Site Scripting attacks from the * Removes characters likely to enable Cross Site Scripting attacks from the
* provided input string. The characters that are removed from the input * provided input string. The characters that are removed from the input
......
package org.jivesoftware.util;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.fail;
import org.junit.Test;
public class StringUtilsTest {
@Test
public void testValidDomainNames() {
assertValidDomainName("www.mycompany.com");
assertValidDomainName("www.my-company.com");
assertValidDomainName("abc.de");
assertValidDomainName("tronçon.be", "xn--tronon-zua.be");
assertValidDomainName("öbb.at", "xn--bb-eka.at");
}
@Test
public void testInvalidDomainNames() {
assertInvalidDomainName("www.my_company.com", "Contains non-LDH characters");
assertInvalidDomainName("www.-dash.com", "Has leading or trailing hyphen");
assertInvalidDomainName("www.dash-.com", "Has leading or trailing hyphen");
assertInvalidDomainName("abc.<test>.de", "Contains non-LDH characters");
}
private void assertValidDomainName(String domain) {
assertValidDomainName(domain, domain);
}
private void assertValidDomainName(String domain, String expected) {
assertEquals("Domain should be valid: " + domain, expected, StringUtils.validateDomainName(domain));
}
private void assertInvalidDomainName(String domain, String expectedCause) {
try {
StringUtils.validateDomainName(domain);
fail("Domain should not be valid: " + domain);
} catch (IllegalArgumentException iae) {
// this is not part of the official API, so leave off for now
//assertEquals("Unexpected cause: " + iae.getMessage(), expectedCause, iae.getMessage());
}
}
}
...@@ -46,11 +46,8 @@ ...@@ -46,11 +46,8 @@
boolean serverAllowed = request.getParameter("serverAllowed") != null; boolean serverAllowed = request.getParameter("serverAllowed") != null;
boolean serverBlocked = request.getParameter("serverBlocked") != null; boolean serverBlocked = request.getParameter("serverBlocked") != null;
String domain = ParamUtils.getParameter(request,"domain"); String domain = ParamUtils.getParameter(request,"domain");
// OF-671 String remotePort = ParamUtils.getParameter(request,"remotePort");
if (domain != null) {
domain = StringUtils.removeXSSCharacters(domain);
}
String remotePort = ParamUtils.getParameter(request,"remotePort");
boolean updateSucess = false; boolean updateSucess = false;
boolean allowSuccess = false; boolean allowSuccess = false;
boolean blockSuccess = false; boolean blockSuccess = false;
...@@ -139,8 +136,10 @@ ...@@ -139,8 +136,10 @@
if (serverAllowed) { if (serverAllowed) {
int intRemotePort = 0; int intRemotePort = 0;
// Validate params // Validate params
if (domain == null || domain.trim().length() == 0) { try {
errors.put("domain",""); StringUtils.validateDomainName(domain);
} catch (IllegalArgumentException iae) {
errors.put("domain", "");
} }
if (remotePort == null || remotePort.trim().length() == 0 || "0".equals(remotePort)) { if (remotePort == null || remotePort.trim().length() == 0 || "0".equals(remotePort)) {
errors.put("remotePort",""); errors.put("remotePort","");
...@@ -167,8 +166,10 @@ ...@@ -167,8 +166,10 @@
if (serverBlocked) { if (serverBlocked) {
// Validate params // Validate params
if (domain == null || domain.trim().length() == 0) { try {
errors.put("domain",""); StringUtils.validateDomainName(domain);
} catch (IllegalArgumentException iae) {
errors.put("domain", "");
} }
// If no errors, continue: // If no errors, continue:
if (errors.isEmpty()) { if (errors.isEmpty()) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment