search

processone / ejabberd-contrib

Growing and curated ejabberd contributions repository - PR or ask to join !
http://ejabberd.im
250 stars 137 forks source link

mod_filter crash #259

Closed slesru closed 6 years ago

slesru commented 6 years ago

Hello!

I need to filter messages for most of users, so they will be able to send/receive messages only from local domain, some list of users need an ability to send/receive external messages, so old type of config was:

%% mod_filter supports only old style config

%mod_filter default

{access, mod_filter, [{allow, all}]}.
{access, mod_filter_presence, [{allow, all}]}.
%{access, mod_filter_message, [{allow, all}]}.
{access, mod_filter_iq, [{allow, all}]}.

% external access
{acl, internal_services, {server_glob, "*.domain.com"}}.
{access, mod_filter_message, [{allow,extuser},{restrict_local,internal_services},{restrict_external,all}]}.
%{access, mod_filter_presence, [{allow,extuser},{restrict_local,internal_services},{restrict_external,all}]}.
%{access, mod_filter_iq, [{allow,extuser},{restrict_local,internal_services},{restrict_external,all}]}.
{access, restrict_local, [{allow, internal_services}, {deny, all}]}.
{access, restrict_external, [{allow,extuser}, {deny, all}]}.

where extuser is acl , containing user names. I guess something can be wrong here- I wrote this many years ago :-)

Now I rewrote it to:

  ## users with external access
  extuser:
     user:
         - "dm"

dm is my account.

Then I created config for mod_filter:

acl:
  internal_services:
     server_glob:
       - "*.domain.com"

access_rules:
  restrict_local:
    -allow: internal_services
    -deny: all
  restrict_external:
    - allow: extuser
    - deny: all
  mod_filter:
    - all: allow
  mod_filter_iq:
    - all: allow
  mod_filter_message:
    - allow: extuser
    - restrict_local: internal_services
##    - restrict_external: all
  mod_filter_presense:
     - allow: all

I guess I don't need allow extuser twice - in allow: extuser and restrict_external: al, anyway if any or both presents I have the same problem:

I user dm is in extuser then everything looks fine, but if not then I get 

2018-09-19 14:28:54.691 [error] <0.823.0>@ejabberd_hooks:safe_apply:383 Hook filter_packet crashed when running mod_filter:filter_packet/1:
** Reason = {error,{case_clause,'-allow'},
[{mod_filter,check_stanza_type,[{file,"mod_filter.erl"},{line,67}],2},
{mod_filter,filter_packet,[{file,"mod_filter.erl"},{line,37}],1},
{ejabberd_hooks,safe_apply,[{file,"src/ejabberd_hooks.erl"},{line,380}],4},
{ejabberd_hooks,run_fold1,[{file,"src/ejabberd_hooks.erl"},{line,364}],4},
{ejabberd_router,do_route,[{file,"src/ejabberd_router.erl"},{line,358}],1},
{ejabberd_router,route,[{file,"src/ejabberd_router.erl"},{line,93}],1},
{ejabberd_c2s,check_privacy_then_route,[{file,"src/ejabberd_c2s.erl"},{line,821}],2},
{xmpp_stream_in,process_authenticated_packet,[{file,"src/xmpp_stream_in.erl"},{line,618}],2}]}
** Arguments = [{message,<<"ab42a">>,normal,<<"ru">>,{jid,<<"dm">>,<<"jabber.domain.com">>,<<"dm">>,<<"dm">>,<<"jabber.domain.com">>,<<"dm">>},{jid,<<"jnk">>,<<"jabber.domain.com">>,<<>>,<<"
jnk">>,<<"jabber.domain.com">>,<<>>},[{text,<<>>,<<>>}],[{text,<<>>,<<"dd">>}],undefined,[],#{ip => {0,0,0,0,0,65535,49320,5861}}}]

if I send message to local user ( i.e. in jabber.domain.com) or

** Reason = {error,{case_clause,'-deny'},
[{mod_filter,check_stanza_type,[{file,"mod_filter.erl"},{line,67}],2},
{mod_filter,filter_packet,[{file,"mod_filter.erl"},{line,37}],1},
{ejabberd_hooks,safe_apply,[{file,"src/ejabberd_hooks.erl"},{line,380}],4},
{ejabberd_hooks,run_fold1,[{file,"src/ejabberd_hooks.erl"},{line,364}],4},
{ejabberd_router,do_route,[{file,"src/ejabberd_router.erl"},{line,358}],1},
{ejabberd_router,route,[{file,"src/ejabberd_router.erl"},{line,93}],1},
{ejabberd_c2s,check_privacy_then_route,[{file,"src/ejabberd_c2s.erl"},{line,821}],2},
{xmpp_stream_in,process_authenticated_packet,[{file,"src/xmpp_stream_in.erl"},{line,618}],2}]}
** Arguments = [{message,<<"ab43a">>,normal,<<"ru">>,{jid,<<"dm">>,<<"jabber.domain.com">>,<<"dm">>,<<"dm">>,<<"jabber.domain.com">>,<<"dm">>},{jid,<<"slesru">>,<<"xmpp.ru">>,<<>>,<<"slesru"
>>,<<"xmpp.ru">>,<<>>},[{text,<<>>,<<>>}],[{text,<<>>,<<"test">>}],undefined,[],#{ip => {0,0,0,0,0,65535,49320,5861}}}]

if to external user.

May be my configuration is wrong, but looks like bug to me.

Thank you!

zinid commented 6 years ago

The crash is definitely due to a bug in the module.

slesru commented 6 years ago

Thank you! Hope it will be fixed...

badlop commented 6 years ago

This is wrong, it lacks a space after the - character:

access_rules:
  restrict_local:
    -allow: internal_services
    -deny: all

This is wrong, see examples in https://github.com/processone/ejabberd-contrib/tree/master/mod_filter

  mod_filter:
    - all: allow

I think this configuration works as you intented, at least works in my simple tests:

acl:
  extuser:
     user:
       - "dm"
  internal_services:
     server_glob:
       - "*domain.com"

access_rules:
  restrict_local:
    - allow: internal_services
    - deny: all
  restrict_external:
    - allow: extuser
    - deny: all
  mod_filter:
    - allow: all
  mod_filter_iq:
    - allow: all
  mod_filter_message:
    - allow: extuser
    - restrict_local: internal_services
    - restrict_external: all
  mod_filter_presense:
     - allow: all

Try it, if then it works as expected, you can close the ticket. The module probably has bugs, and the documentation and examples may have inaccurancies, so please fill a new ticket if you find anything strange when using mod_filter. Thanks!

slesru commented 6 years ago

Thank you very much, it works! As I though this was misconfiguration...