Commit 732b7676 authored by Guus der Kinderen's avatar Guus der Kinderen Committed by daryl herzmann

OF-1208: Disallow (by default) S2S for anonymous users. (#852)

* OF-1208: Disallow (by default) S2S for anonymous users.
parent f5eb85c3
......@@ -59,6 +59,7 @@ public final class ConnectionSettings {
public static final String PERMISSION_SETTINGS = "xmpp.server.permission";
public static final String AUTH_PER_CLIENTCERT_POLICY = "xmpp.server.cert.policy";
public static final String ALLOW_ANONYMOUS_OUTBOUND_DATA = "xmpp.server.allow-anonymous-outbound-data";
}
public static final class Multiplex {
......
......@@ -454,8 +454,19 @@ public class RoutingTableImpl extends BasicModule implements RoutingTable, Clust
* @return <tt>true</tt> if the packet was routed successfully,
* <tt>false</tt> otherwise.
*/
private boolean routeToRemoteDomain(JID jid, Packet packet,
boolean routed) {
private boolean routeToRemoteDomain(JID jid, Packet packet, boolean routed)
{
if ( !JiveGlobals.getBooleanProperty( ConnectionSettings.Server.ALLOW_ANONYMOUS_OUTBOUND_DATA, false ) )
{
// Disallow anonymous local users to send data to other domains than the local domain.
if ( isAnonymousRoute( packet.getFrom() ) )
{
Log.info( "The anonymous user '{}' attempted to send data to '{}', which is on a remote domain. Openfire is configured to not allow anonymous users to send data to remote domains.", packet.getFrom(), jid );
routed = false;
return routed;
}
}
byte[] nodeID = serversCache.get(jid.getDomain());
if (nodeID != null) {
if (server.getNodeID().equals(nodeID)) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment