From 1ac9246a498027a190b389a70e46429aa83d96f0 Mon Sep 17 00:00:00 2001 From: Christophe Romain Date: Sun, 11 Jan 2009 04:08:10 +0000 Subject: [PATCH] prevent unauthorized entity to gain none-affiliation for given entity SVN Revision: 1802 --- ChangeLog | 3 +++ src/mod_pubsub/node_default.erl | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7ff49b086..c0b59c9f9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,9 @@ permissions (thanks to Andy Skelton)(EJAB-840) * src/mod_pubsub/node_default.erl: Likewise + * src/mod_pubsub/node_default.erl: prevent unauthorized entity to gain + none-affiliation for given entity (EJAB-840) + 2009-01-10 Christophe Romain * src/mod_pubsub/node_default.erl: fix unsubscription of full jid diff --git a/src/mod_pubsub/node_default.erl b/src/mod_pubsub/node_default.erl index a92c49aa8..e1d4fd6ea 100644 --- a/src/mod_pubsub/node_default.erl +++ b/src/mod_pubsub/node_default.erl @@ -356,6 +356,9 @@ unsubscribe_node(Host, Node, Sender, Subscriber, _SubId) -> _ -> get_state(Host, Node, SubKey) end, if + %% Requesting entity is prohibited from unsubscribing entity + not Authorized -> + {error, ?ERR_FORBIDDEN}; %% Entity did not specify SubID %%SubID == "", ?? -> %% {error, ?ERR_EXTENDED(?ERR_BAD_REQUEST, "subid-required")}; @@ -365,9 +368,6 @@ unsubscribe_node(Host, Node, Sender, Subscriber, _SubId) -> %% Requesting entity is not a subscriber SubState#pubsub_state.subscription == none -> {error, ?ERR_EXTENDED(?ERR_UNEXPECTED_REQUEST, "not-subscribed")}; - %% Requesting entity is prohibited from unsubscribing entity - not Authorized -> - {error, ?ERR_FORBIDDEN}; %% Was just subscriber, remove the record SubState#pubsub_state.affiliation == none -> del_state(SubState#pubsub_state.stateid),