* src/mod_muc/mod_muc.erl: Limit number of characters in Room ID,

Name and Description (EJAB-899) * src/mod_muc/mod_muc_room.erl: Likewise * doc/guide.tex: Likewise * doc/guide.html: Likewise SVN Revision: 2034
2024-11-24 16:23:40 +01:00 · 2009-04-22 12:05:10 +00:00 · 2009-04-22 12:05:10 +00:00 · b59ecb83e8
commit b59ecb83e8
parent aedb847a81
5 changed files with 98 additions and 19 deletions
--- a/6
+++ b/6
@ -1,5 +1,11 @@
 2009-04-22  Badlop  <badlop@process-one.net>

+	* src/mod_muc/mod_muc.erl: Limit number of characters in Room ID,
+	Name and Description (EJAB-899)
+	* src/mod_muc/mod_muc_room.erl: Likewise
+	* doc/guide.tex: Likewise
+	* doc/guide.html: Likewise
+
 	* src/cyrsasl.erl: Change API of check_password: pass a function
 	to generate the digest (thanks to Graham Whitted)(EJAB-863)
 	* src/cyrsasl_anonymous.erl: Likewise
--- a/doc/guide.html
+++ b/doc/guide.html
@ -2134,6 +2134,18 @@ number of rooms that any given user can join. The default value
 is 10. This option is used to prevent possible abuses. Note that
 this is a soft limit: some users can sometimes join more conferences
 in cluster configurations.
+</DD><DT CLASS="dt-description"><B><TT>max_room_id</TT></B></DT><DD CLASS="dd-description"> 
+This option defines the maximum number of characters that Room ID
+can have when creating a new room.
+The default value is to not limit: infinite.
+</DD><DT CLASS="dt-description"><B><TT>max_room_name</TT></B></DT><DD CLASS="dd-description"> 
+This option defines the maximum number of characters that Room Name
+can have when configuring the room.
+The default value is to not limit: infinite.
+</DD><DT CLASS="dt-description"><B><TT>max_room_desc</TT></B></DT><DD CLASS="dd-description"> 
+This option defines the maximum number of characters that Room Description
+can have when configuring the room.
+The default value is to not limit: infinite.
 </DD><DT CLASS="dt-description"><B><TT>min_message_interval</TT></B></DT><DD CLASS="dd-description"> 
 This option defines the minimum interval between two messages send
 by an occupant in seconds. This option is global and valid for all
@ -2245,12 +2257,17 @@ and the default value of 20 history messages will be send to the users.
 ]}.
 </PRE></LI><LI CLASS="li-itemize">In the following example, MUC anti abuse options are used. An
 occupant cannot send more than one message every 0.4 seconds and cannot
-change its presence more than once every 4 seconds. No ACLs are
+change its presence more than once every 4 seconds.
+The length of Room IDs and Room Names are limited to 20 characters,
+and Room Description to 300 characters. No ACLs are
 defined, but some user restriction could be added as well:<PRE CLASS="verbatim">{modules,
 [
  ...
  {mod_muc, [{min_message_interval, 0.4},
-             {min_presence_interval, 4}]},
+             {min_presence_interval, 4},
+             {max_room_id, 20},
+             {max_room_name, 20},
+             {max_room_desc, 300}]},
  ...
 ]}.
 </PRE></LI><LI CLASS="li-itemize">This example shows how to use <TT>default_room_options</TT> to make sure
--- a/doc/guide.tex
+++ b/doc/guide.tex
@ -2811,6 +2811,18 @@ Module options:
  is 10. This option is used to prevent possible abuses. Note that
  this is a soft limit: some users can sometimes join more conferences
  in cluster configurations.
+\titem{max\_room\_id} \ind{options!max\_room\_id}
+  This option defines the maximum number of characters that Room ID
+  can have when creating a new room.
+  The default value is to not limit: infinite.
+\titem{max\_room\_name} \ind{options!max\_room\_name}
+  This option defines the maximum number of characters that Room Name
+  can have when configuring the room.
+  The default value is to not limit: infinite.
+\titem{max\_room\_desc} \ind{options!max\_room\_desc}
+  This option defines the maximum number of characters that Room Description
+  can have when configuring the room.
+  The default value is to not limit: infinite.
 \titem{min\_message\_interval} \ind{options!min\_message\_interval}
  This option defines the minimum interval between two messages send
  by an occupant in seconds. This option is global and valid for all
@ -2929,7 +2941,9 @@ Examples:

 \item In the following example, MUC anti abuse options are used. An
 occupant cannot send more than one message every 0.4 seconds and cannot
-change its presence more than once every 4 seconds. No ACLs are
+change its presence more than once every 4 seconds.
+The length of Room IDs and Room Names are limited to 20 characters,
+and Room Description to 300 characters. No ACLs are
 defined, but some user restriction could be added as well:

 \begin{verbatim}
@ -2937,7 +2951,10 @@ defined, but some user restriction could be added as well:
 [
  ...
  {mod_muc, [{min_message_interval, 0.4},
-             {min_presence_interval, 4}]},
+             {min_presence_interval, 4},
+             {max_room_id, 20},
+             {max_room_name, 20},
+             {max_room_desc, 300}]},
  ...
 ]}.
 \end{verbatim}
--- a/src/mod_muc/mod_muc.erl
+++ b/src/mod_muc/mod_muc.erl
@ -460,8 +460,10 @@ do_route1(Host, ServerHost, Access, HistorySize, RoomShaper,
 		    Type = xml:get_attr_s("type", Attrs),
 		    case {Name, Type} of
 			{"presence", ""} ->
-			    case acl:match_rule(ServerHost, AccessCreate, From) of
-				allow ->
+			    case check_user_can_create_room(ServerHost,
+							    AccessCreate, From,
+							    Room) of
+				true ->
 				    ?DEBUG("MUC: open new room '~s'~n", [Room]),
 				    {ok, Pid} = mod_muc_room:start(
 						  Host, ServerHost, Access,
@ -471,7 +473,7 @@ do_route1(Host, ServerHost, Access, HistorySize, RoomShaper,
 				    register_room(Host, Room, Pid),
 				    mod_muc_room:route(Pid, From, Nick, Packet),
 				    ok;
-				_ ->
+				false ->
 				    Lang = xml:get_attr_s("xml:lang", Attrs),
 				    ErrText = "Room creation is denied by service policy",
 				    Err = jlib:make_error_reply(
@ -493,7 +495,14 @@ do_route1(Host, ServerHost, Access, HistorySize, RoomShaper,
 	    end
    end.

-
+check_user_can_create_room(ServerHost, AccessCreate, From, RoomID) ->
+    case acl:match_rule(ServerHost, AccessCreate, From) of
+	allow ->
+	    (length(RoomID) =< gen_mod:get_module_opt(ServerHost, mod_muc,
+						      max_room_id, infinite));
+	_ ->
+	    false
+    end.


 load_permanent_rooms(Host, ServerHost, Access, HistorySize, RoomShaper) ->
--- a/src/mod_muc/mod_muc_room.erl
+++ b/src/mod_muc/mod_muc_room.erl
@ -2625,11 +2625,16 @@ process_iq_owner(From, set, Lang, SubEl, StateData) ->
 			{?NS_XDATA, "cancel"} ->
 			    {result, [], StateData};
 			{?NS_XDATA, "submit"} ->
-			    case {check_allowed_log_change(XEl, StateData, From),
-					check_allowed_persistent_change(XEl, StateData, From)} of
-					{allow, allow} -> set_config(XEl, StateData);
-					_ -> {error, ?ERR_BAD_REQUEST}
-				end;
+			    case is_allowed_log_change(XEl, StateData, From)
+				andalso
+				is_allowed_persistent_change(XEl, StateData,
+							     From)
+				andalso
+				is_allowed_room_name_desc_limits(XEl,
+								 StateData) of
+				true -> set_config(XEl, StateData);
+				false -> {error, ?ERR_BAD_REQUEST}
+			    end;
 			_ ->
 			    {error, ?ERR_BAD_REQUEST}
 		    end;
@ -2681,26 +2686,51 @@ process_iq_owner(From, get, Lang, SubEl, StateData) ->
 	    {error, ?ERRT_FORBIDDEN(Lang, ErrText)}
    end.

-check_allowed_log_change(XEl, StateData, From) ->
+is_allowed_log_change(XEl, StateData, From) ->
    case lists:keymember("muc#roomconfig_enablelogging", 1,
 			 jlib:parse_xdata_submit(XEl)) of
 	false ->
-	    allow;
+	    true;
 	true ->
-	    mod_muc_log:check_access_log(
-	      StateData#state.server_host, From)
+	    (allow == mod_muc_log:check_access_log(
+	      StateData#state.server_host, From))
    end.

-check_allowed_persistent_change(XEl, StateData, From) ->
+is_allowed_persistent_change(XEl, StateData, From) ->
    case lists:keymember("muc#roomconfig_persistentroom", 1,
 			 jlib:parse_xdata_submit(XEl)) of
 	false ->
-	    allow;
+	    true;
 	true ->
 		{_AccessRoute, _AccessCreate, _AccessAdmin, AccessPersistent} = StateData#state.access,
 		acl:match_rule(StateData#state.server_host, AccessPersistent, From)
    end.

+%% Check if the Room Name and Room Description defined in the Data Form
+%% are conformant to the configured limits
+is_allowed_room_name_desc_limits(XEl, StateData) ->
+    IsNameAccepted =
+	case lists:keysearch("muc#roomconfig_roomname", 1,
+			     jlib:parse_xdata_submit(XEl)) of
+	    {value, {_, [N]}} ->
+		length(N) =< gen_mod:get_module_opt(StateData#state.server_host,
+						    mod_muc, max_room_name,
+						    infinite);
+	    _ ->
+		true
+	end,
+    IsDescAccepted =
+	case lists:keysearch("muc#roomconfig_roomdesc", 1,
+			     jlib:parse_xdata_submit(XEl)) of
+	    {value, {_, [D]}} ->
+		length(D) =< gen_mod:get_module_opt(StateData#state.server_host,
+						    mod_muc, max_room_desc,
+						    infinite);
+	    _ ->
+		true
+	end,
+    IsNameAccepted and IsDescAccepted.
+
 -define(XFIELD(Type, Label, Var, Val),
 	{xmlelement, "field", [{"type", Type},
 			       {"label", translate:translate(Lang, Label)},