#1830 Prosody somehow allows to create a room with a JID without a node name

Reporter ZEN
Owner Nobody
Stars ★★ (2)
  • Status-NeedInfo
  • Priority-Medium
  • Type-Defect
  1. ZEN on

    Hello, I have noticed that Prosody in the server's rooms list started to return a subdomain name like conference.example.com. I grepped for "conference.example.com" in the /var/lib/prosody/ directory and found two files where this room was mentioned: /var/lib/prosody/conference%2eexample%2ecom/persistent.dat which simply contained a line like this: ``` return { ... ["conference.example.com"] = true; ... } ``` and a file with the preferences for this room: /var/lib/prosody/conference%2eexample%2ecom/config.dat which had content like this: ``` return { ["_affiliation_data"] = {}; ["_data"] = { ["persistent"] = true; ["occupant_id_salt"] = "SOME-UUID-HERE"; ["archiving"] = true; ["language"] = "uk"; }; ["_jid"] = "conference.example.com"; ["some-real-user-jid@example.com"] = "owner"; }; ``` I can't say for sure, but it's possible that Thunderbird allowed creating a room with a JID like "@conference.example.com" and for some reason, the create_room function from mod_muc plugin failed to catch this error.

  2. ZEN on

    Here is a minimal script to reproduce the issue: ``` #!/usr/bin/env lua package.path = package.path:gsub("([^;]*)(?[^;]*)","%1prosody/%2;%1%2"); package.cpath = package.cpath:gsub("([^;]*)(?[^;]*)","%1prosody/%2;%1%2"); local jid_prep = require "util.jid".prep; local jid_bare = require "util.jid".bare; -- plugins/muc/mod_muc.lua -- function create_room(room_jid, config) -- if jid_bare(room_jid) ~= room_jid or not jid_prep(room_jid, true) then -- return nil, "invalid-jid"; -- end local room_jid = "conference.example.com"; print(jid_bare(room_jid) ~= room_jid or not jid_prep(room_jid, true)) ``` The expected result should be true because the JID is invalid, but instead, we have false. ``` root@hive:/tmp# lua test.lua false ```

  3. MattJ on

    Hi, thanks for the report! We're aware of this functionality, and do not necessarily consider it a bug, though such rooms may behave erratically in a number of ways depending on the client (most probably won't let you join such a room at all). The JID is not invalid - 'conference.example.com' is a valid JID in XMPP. The functionality may or may not stay in future versions of Prosody. It's certainly quirky, but there are some (rare) use cases and we've no compelling reason to forbid it. I'm curious if you have encountered any particular problem with this functionality?

    • tags Status-NeedInfo
  4. ZEN on

    Yes, Gajim simply crashes if you try to join this room. 🙂

  5. Menel on

    Using cheogram joining these rooms gives some ad-hoc commands. Gajim crashing should be considered a gajim bug I think.

  6. ZEN on

    Hmm... Why not simply check if the room's JID is not in the list of the virtual hosts and their components? Besides, I haven't noticed a similar issue with other XMPP servers, so I don't think this should be fixed on the client's side.

  7. Menel on

    This is just the jid of the muc component. Like the mother room of all your rooms.

New comment

Not published. Used for spam prevention and optional update notifications.