2009-04-22 Badlop <badlop@process-one.net>
+ * src/mod_muc/mod_muc.erl: Limit number of characters in Room ID,
+ Name and Description (EJAB-899)
+ * src/mod_muc/mod_muc_room.erl: Likewise
+ * doc/guide.tex: Likewise
+ * doc/guide.html: Likewise
+
* src/cyrsasl.erl: Change API of check_password: pass a function
to generate the digest (thanks to Graham Whitted)(EJAB-863)
* src/cyrsasl_anonymous.erl: Likewise
is 10. This option is used to prevent possible abuses. Note that
this is a soft limit: some users can sometimes join more conferences
in cluster configurations.
+</DD><DT CLASS="dt-description"><B><TT>max_room_id</TT></B></DT><DD CLASS="dd-description">
+This option defines the maximum number of characters that Room ID
+can have when creating a new room.
+The default value is to not limit: infinite.
+</DD><DT CLASS="dt-description"><B><TT>max_room_name</TT></B></DT><DD CLASS="dd-description">
+This option defines the maximum number of characters that Room Name
+can have when configuring the room.
+The default value is to not limit: infinite.
+</DD><DT CLASS="dt-description"><B><TT>max_room_desc</TT></B></DT><DD CLASS="dd-description">
+This option defines the maximum number of characters that Room Description
+can have when configuring the room.
+The default value is to not limit: infinite.
</DD><DT CLASS="dt-description"><B><TT>min_message_interval</TT></B></DT><DD CLASS="dd-description">
This option defines the minimum interval between two messages send
by an occupant in seconds. This option is global and valid for all
]}.
</PRE></LI><LI CLASS="li-itemize">In the following example, MUC anti abuse options are used. An
occupant cannot send more than one message every 0.4 seconds and cannot
-change its presence more than once every 4 seconds. No ACLs are
+change its presence more than once every 4 seconds.
+The length of Room IDs and Room Names are limited to 20 characters,
+and Room Description to 300 characters. No ACLs are
defined, but some user restriction could be added as well:<PRE CLASS="verbatim">{modules,
[
...
{mod_muc, [{min_message_interval, 0.4},
- {min_presence_interval, 4}]},
+ {min_presence_interval, 4},
+ {max_room_id, 20},
+ {max_room_name, 20},
+ {max_room_desc, 300}]},
...
]}.
</PRE></LI><LI CLASS="li-itemize">This example shows how to use <TT>default_room_options</TT> to make sure
is 10. This option is used to prevent possible abuses. Note that
this is a soft limit: some users can sometimes join more conferences
in cluster configurations.
+\titem{max\_room\_id} \ind{options!max\_room\_id}
+ This option defines the maximum number of characters that Room ID
+ can have when creating a new room.
+ The default value is to not limit: infinite.
+\titem{max\_room\_name} \ind{options!max\_room\_name}
+ This option defines the maximum number of characters that Room Name
+ can have when configuring the room.
+ The default value is to not limit: infinite.
+\titem{max\_room\_desc} \ind{options!max\_room\_desc}
+ This option defines the maximum number of characters that Room Description
+ can have when configuring the room.
+ The default value is to not limit: infinite.
\titem{min\_message\_interval} \ind{options!min\_message\_interval}
This option defines the minimum interval between two messages send
by an occupant in seconds. This option is global and valid for all
\item In the following example, MUC anti abuse options are used. An
occupant cannot send more than one message every 0.4 seconds and cannot
-change its presence more than once every 4 seconds. No ACLs are
+change its presence more than once every 4 seconds.
+The length of Room IDs and Room Names are limited to 20 characters,
+and Room Description to 300 characters. No ACLs are
defined, but some user restriction could be added as well:
\begin{verbatim}
[
...
{mod_muc, [{min_message_interval, 0.4},
- {min_presence_interval, 4}]},
+ {min_presence_interval, 4},
+ {max_room_id, 20},
+ {max_room_name, 20},
+ {max_room_desc, 300}]},
...
]}.
\end{verbatim}
Type = xml:get_attr_s("type", Attrs),
case {Name, Type} of
{"presence", ""} ->
- case acl:match_rule(ServerHost, AccessCreate, From) of
- allow ->
+ case check_user_can_create_room(ServerHost,
+ AccessCreate, From,
+ Room) of
+ true ->
?DEBUG("MUC: open new room '~s'~n", [Room]),
{ok, Pid} = mod_muc_room:start(
Host, ServerHost, Access,
register_room(Host, Room, Pid),
mod_muc_room:route(Pid, From, Nick, Packet),
ok;
- _ ->
+ false ->
Lang = xml:get_attr_s("xml:lang", Attrs),
ErrText = "Room creation is denied by service policy",
Err = jlib:make_error_reply(
end
end.
-
+check_user_can_create_room(ServerHost, AccessCreate, From, RoomID) ->
+ case acl:match_rule(ServerHost, AccessCreate, From) of
+ allow ->
+ (length(RoomID) =< gen_mod:get_module_opt(ServerHost, mod_muc,
+ max_room_id, infinite));
+ _ ->
+ false
+ end.
load_permanent_rooms(Host, ServerHost, Access, HistorySize, RoomShaper) ->
{?NS_XDATA, "cancel"} ->
{result, [], StateData};
{?NS_XDATA, "submit"} ->
- case {check_allowed_log_change(XEl, StateData, From),
- check_allowed_persistent_change(XEl, StateData, From)} of
- {allow, allow} -> set_config(XEl, StateData);
- _ -> {error, ?ERR_BAD_REQUEST}
- end;
+ case is_allowed_log_change(XEl, StateData, From)
+ andalso
+ is_allowed_persistent_change(XEl, StateData,
+ From)
+ andalso
+ is_allowed_room_name_desc_limits(XEl,
+ StateData) of
+ true -> set_config(XEl, StateData);
+ false -> {error, ?ERR_BAD_REQUEST}
+ end;
_ ->
{error, ?ERR_BAD_REQUEST}
end;
{error, ?ERRT_FORBIDDEN(Lang, ErrText)}
end.
-check_allowed_log_change(XEl, StateData, From) ->
+is_allowed_log_change(XEl, StateData, From) ->
case lists:keymember("muc#roomconfig_enablelogging", 1,
jlib:parse_xdata_submit(XEl)) of
false ->
- allow;
+ true;
true ->
- mod_muc_log:check_access_log(
- StateData#state.server_host, From)
+ (allow == mod_muc_log:check_access_log(
+ StateData#state.server_host, From))
end.
-check_allowed_persistent_change(XEl, StateData, From) ->
+is_allowed_persistent_change(XEl, StateData, From) ->
case lists:keymember("muc#roomconfig_persistentroom", 1,
jlib:parse_xdata_submit(XEl)) of
false ->
- allow;
+ true;
true ->
{_AccessRoute, _AccessCreate, _AccessAdmin, AccessPersistent} = StateData#state.access,
acl:match_rule(StateData#state.server_host, AccessPersistent, From)
end.
+%% Check if the Room Name and Room Description defined in the Data Form
+%% are conformant to the configured limits
+is_allowed_room_name_desc_limits(XEl, StateData) ->
+ IsNameAccepted =
+ case lists:keysearch("muc#roomconfig_roomname", 1,
+ jlib:parse_xdata_submit(XEl)) of
+ {value, {_, [N]}} ->
+ length(N) =< gen_mod:get_module_opt(StateData#state.server_host,
+ mod_muc, max_room_name,
+ infinite);
+ _ ->
+ true
+ end,
+ IsDescAccepted =
+ case lists:keysearch("muc#roomconfig_roomdesc", 1,
+ jlib:parse_xdata_submit(XEl)) of
+ {value, {_, [D]}} ->
+ length(D) =< gen_mod:get_module_opt(StateData#state.server_host,
+ mod_muc, max_room_desc,
+ infinite);
+ _ ->
+ true
+ end,
+ IsNameAccepted and IsDescAccepted.
+
-define(XFIELD(Type, Label, Var, Val),
{xmlelement, "field", [{"type", Type},
{"label", translate:translate(Lang, Label)},
projects / ejabberd / commitdiff