#1830 Prosody somehow allows to create a room with a JID without a node name
Reporter
ZEN
Owner
Nobody
Created
Updated
Stars
★★ (2)
Tags
Status-NeedInfo
Priority-Medium
Type-Defect
ZEN
on
Hello,
I have noticed that Prosody in the server's rooms list started to return a subdomain name like conference.example.com.
I grepped for "conference.example.com" in the /var/lib/prosody/ directory and found two files where this room was mentioned:
/var/lib/prosody/conference%2eexample%2ecom/persistent.dat
which simply contained a line like this:
```
return {
...
["conference.example.com"] = true;
...
}
```
and a file with the preferences for this room:
/var/lib/prosody/conference%2eexample%2ecom/config.dat
which had content like this:
```
return {
["_affiliation_data"] = {};
["_data"] = {
["persistent"] = true;
["occupant_id_salt"] = "SOME-UUID-HERE";
["archiving"] = true;
["language"] = "uk";
};
["_jid"] = "conference.example.com";
["some-real-user-jid@example.com"] = "owner";
};
```
I can't say for sure, but it's possible that Thunderbird allowed creating a room with a JID like "@conference.example.com" and for some reason, the create_room function from mod_muc plugin failed to catch this error.
ZEN
on
Here is a minimal script to reproduce the issue:
```
#!/usr/bin/env lua
package.path = package.path:gsub("([^;]*)(?[^;]*)","%1prosody/%2;%1%2");
package.cpath = package.cpath:gsub("([^;]*)(?[^;]*)","%1prosody/%2;%1%2");
local jid_prep = require "util.jid".prep;
local jid_bare = require "util.jid".bare;
-- plugins/muc/mod_muc.lua
-- function create_room(room_jid, config)
-- if jid_bare(room_jid) ~= room_jid or not jid_prep(room_jid, true) then
-- return nil, "invalid-jid";
-- end
local room_jid = "conference.example.com";
print(jid_bare(room_jid) ~= room_jid or not jid_prep(room_jid, true))
```
The expected result should be true because the JID is invalid, but instead, we have false.
```
root@hive:/tmp# lua test.lua
false
```
MattJ
on
Hi, thanks for the report!
We're aware of this functionality, and do not necessarily consider it a bug, though such rooms may behave erratically in a number of ways depending on the client (most probably won't let you join such a room at all).
The JID is not invalid - 'conference.example.com' is a valid JID in XMPP.
The functionality may or may not stay in future versions of Prosody. It's certainly quirky, but there are some (rare) use cases and we've no compelling reason to forbid it.
I'm curious if you have encountered any particular problem with this functionality?
Changes
tags Status-NeedInfo
ZEN
on
Yes, Gajim simply crashes if you try to join this room. 🙂
Menel
on
Using cheogram joining these rooms gives some ad-hoc commands. Gajim crashing should be considered a gajim bug I think.
ZEN
on
Hmm... Why not simply check if the room's JID is not in the list of the virtual hosts and their components? Besides, I haven't noticed a similar issue with other XMPP servers, so I don't think this should be fixed on the client's side.
Menel
on
This is just the jid of the muc component. Like the mother room of all your rooms.
Hello, I have noticed that Prosody in the server's rooms list started to return a subdomain name like conference.example.com. I grepped for "conference.example.com" in the /var/lib/prosody/ directory and found two files where this room was mentioned: /var/lib/prosody/conference%2eexample%2ecom/persistent.dat which simply contained a line like this: ``` return { ... ["conference.example.com"] = true; ... } ``` and a file with the preferences for this room: /var/lib/prosody/conference%2eexample%2ecom/config.dat which had content like this: ``` return { ["_affiliation_data"] = {}; ["_data"] = { ["persistent"] = true; ["occupant_id_salt"] = "SOME-UUID-HERE"; ["archiving"] = true; ["language"] = "uk"; }; ["_jid"] = "conference.example.com"; ["some-real-user-jid@example.com"] = "owner"; }; ``` I can't say for sure, but it's possible that Thunderbird allowed creating a room with a JID like "@conference.example.com" and for some reason, the create_room function from mod_muc plugin failed to catch this error.
Here is a minimal script to reproduce the issue: ``` #!/usr/bin/env lua package.path = package.path:gsub("([^;]*)(?[^;]*)","%1prosody/%2;%1%2"); package.cpath = package.cpath:gsub("([^;]*)(?[^;]*)","%1prosody/%2;%1%2"); local jid_prep = require "util.jid".prep; local jid_bare = require "util.jid".bare; -- plugins/muc/mod_muc.lua -- function create_room(room_jid, config) -- if jid_bare(room_jid) ~= room_jid or not jid_prep(room_jid, true) then -- return nil, "invalid-jid"; -- end local room_jid = "conference.example.com"; print(jid_bare(room_jid) ~= room_jid or not jid_prep(room_jid, true)) ``` The expected result should be true because the JID is invalid, but instead, we have false. ``` root@hive:/tmp# lua test.lua false ```
Hi, thanks for the report! We're aware of this functionality, and do not necessarily consider it a bug, though such rooms may behave erratically in a number of ways depending on the client (most probably won't let you join such a room at all). The JID is not invalid - 'conference.example.com' is a valid JID in XMPP. The functionality may or may not stay in future versions of Prosody. It's certainly quirky, but there are some (rare) use cases and we've no compelling reason to forbid it. I'm curious if you have encountered any particular problem with this functionality?
ChangesYes, Gajim simply crashes if you try to join this room. 🙂
Using cheogram joining these rooms gives some ad-hoc commands. Gajim crashing should be considered a gajim bug I think.
Hmm... Why not simply check if the room's JID is not in the list of the virtual hosts and their components? Besides, I haven't noticed a similar issue with other XMPP servers, so I don't think this should be fixed on the client's side.
This is just the jid of the muc component. Like the mother room of all your rooms.