JabberIqStats improperly handles some requests addressed to domain (#1242)

Activities

wojciech.kapcia@tigase.net opened 4 years ago

[2021-04-01 08:28:38:680] [FINEST  ] [              in_3-s2s ] MessageRouter.getServerComponentsForRegex(): Checking routings for: message-archive
[2021-04-01 08:28:38:680] [INFO    ] [              in_3-s2s ] SessionManager.processPacket()   : Impossible happened, please report to developer packet: from=s2s@ip-172-31-2-168.us-west-2.compute.internal, to=sess-man@ip-172-31-2-168.us-west-2.compute.internal, DATA=<iq to="tigase.org" id="H_971" from="jabberworld.stats@jabber.ru/comp" xmlns="jabber:client" type="get"><query xmlns="http://jabber.org/protocol/stats"><stat name="users/total"/><stat name="users/online"/></query></iq>, SIZE=218, XMLNS=jabber:client, PRIORITY=NORMAL, PERMISSION=LOCAL, TYPE=get, STABLE_ID=9c1fbd86-f4b7-41b8-b4e4-857306c6b238, connection: XMPPResourceConnection=[user_jid=sess-man@ip-172-31-2-168.us-west-2.compute.internal, packets=1213, connectioId=null, domain=ip-172-31-2-168.us-west-2.compute.internal, authState=NOT_AUTHORIZED, isAnon=false, isTmp=false, parentSession hash=1798538641, parentSession liveTime=52512268].
[2021-04-01 08:28:38:680] [FINEST  ] [              in_3-s2s ] MessageRouter.getServerComponentsForRegex(): Checking routings for: mix
[2021-04-01 08:28:38:680] [FINEST  ] [              in_3-s2s ] DomainFilter.filter()            : Filtering (packet): from=s2s@ip-172-31-2-168.us-west-2.compute.internal, to=sess-man@ip-172-31-2-168.us-west-2.compute.internal, DATA=<iq to="tigase.org" id="H_971" from="jabberworld.stats@jabber.ru/comp" xmlns="jabber:client" type="get"><query xmlns="http://jabber.org/protocol/stats"><stat name="users/total"/><stat name="users/online"/></query></iq>, SIZE=218, XMLNS=jabber:client, PRIORITY=NORMAL, PERMISSION=LOCAL, TYPE=get, STABLE_ID=9c1fbd86-f4b7-41b8-b4e4-857306c6b238
[2021-04-01 08:28:38:680] [FINEST  ] [              in_3-s2s ] MessageRouter.getServerComponentsForRegex(): Checking routings for: pubsub
[2021-04-01 08:28:38:681] [FINEST  ] [              in_3-s2s ] SessionManager.processPacket()   : Packet processed by: [http://jabber.org/protocol/stats]
[2021-04-01 08:28:38:681] [FINEST  ] [              in_3-s2s ] MessageRouter.getServerComponentsForRegex(): Checking routings for: message-router
[2021-04-01 08:28:38:681] [FINEST  ] [              in_3-s2s ] MessageRouter.processPacket()    : 2. Packet will be processed by: s2s@ip-172-31-2-168.us-west-2.compute.internal, from=jabberworld.stats@jabber.ru/comp, to=ip-172-31-2-168.us-west-2.compute.internal, DATA=<iq id="H_971" to="ip-172-31-2-168.us-west-2.compute.internal" from="jabberworld.stats@jabber.ru/comp" type="get"><command node="GETSTATS" xmlns="http://jabber.org/protocol/commands"/></iq>, SIZE=189, XMLNS=null, PRIORITY=HIGH, PERMISSION=LOCAL, TYPE=get, STABLE_ID=null
…
[2021-04-01 08:28:38:681] [FINEST  ] [              in_3-s2s ] S2SConnectionManager.processPacket(): Connection ID is: jabber.ru@ip-172-31-2-168.us-west-2.compute.internal
[2021-04-01 08:28:38:681] [FINEST  ] [              in_3-s2s ] MessageRouter.processPacket()    : Processing packet: from=ip-172-31-2-168.us-west-2.compute.internal, to=jabberworld.stats@jabber.ru/comp, DATA=<iq id="H_971" to="jabberworld.stats@jabber.ru/comp" from="ip-172-31-2-168.us-west-2.compute.internal" type="error"><command node="GETSTATS" xmlns="http://jabber.org/protocol/commands"/><error code="406" type="modify"><not-acceptable xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/><text xmlns="urn:ietf:params:xml:ns:xmpp-stanzas" xml:lang="en">S2S - Incorrect source address (jabber.ru) - none of any local virtual hosts or components.</text></error></iq>, SIZE=454, XMLNS=null, PRIORITY=HIGH, PERMISSION=NONE, TYPE=error, STABLE_ID=null
[2021-04-01 08:28:38:682] [FINEST  ] [              in_3-s2s ] MessageRouter.getLocalComponent(): Called for : jabberworld.stats@jabber.ru/comp
…
[2021-04-01 08:28:38:684] [WARNING ] [              in_3-s2s ] S2SConnectionManager.processPacket(): Packet processing exception
tigase.xmpp.PacketInvalidTypeException: The packet has already 'error' type: from=ip-172-31-2-168.us-west-2.compute.internal, to=jabberworld.stats@jabber.ru/comp, DATA=<iq id="H_971" to="jabberworld.stats@jabber.ru/comp" from="ip-172-31-2-168.us-west-2.compute.internal" type="error"><command node="GETSTATS" xmlns="http://jabber.org/protocol/commands"/><error code="406" type="modify"><not-acceptable xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/><text xmlns="urn:ietf:params:xml:ns:xmpp-stanzas" xml:lang="en">S2S - Incorrect source address (jabber.ru) - none of any local virtual hosts or components.</text></error></iq>, SIZE=454, XMLNS=null, PRIORITY=HIGH, PERMISSION=NONE, TYPE=error, STABLE_ID=null
	at tigase.xmpp.Authorization.getResponseMessage(Authorization.java:480)
	at tigase.server.xmppserver.S2SConnectionManager.processPacket(S2SConnectionManager.java:215)
	at tigase.server.AbstractMessageReceiver$QueueListener.run(AbstractMessageReceiver.java:1397)

JabberIqStats improperly handles the incoming packet (from s2s):

<iq to="tigase.org" id="H_971" from="jabberworld.stats@jabber.ru/comp" xmlns="jabber:client" type="get">
    <query xmlns="http://jabber.org/protocol/stats">
        <stat name="users/total"/>
        <stat name="users/online"/>
    </query>
</iq>

and generates incorrectly addressed query:

[2021-04-01 08:28:38:681] [FINEST  ] [              in_3-s2s ] MessageRouter.processPacket()    : 2. Packet will be processed by: s2s@ip-172-31-2-168.us-west-2.compute.internal, from=jabberworld.stats@jabber.ru/comp, to=ip-172-31-2-168.us-west-2.compute.internal, DATA=<iq id="H_971" to="ip-172-31-2-168.us-west-2.compute.internal" from="jabberworld.stats@jabber.ru/comp" type="get"><command node="GETSTATS" xmlns="http://jabber.org/protocol/commands"/></iq>, SIZE=189, XMLNS=null, PRIORITY=HIGH, PERMISSION=LOCAL, TYPE=get, STABLE_ID=null

<iq id="H_971" to="ip-172-31-2-168.us-west-2.compute.internal" from="jabberworld.stats@jabber.ru/comp" type="get">
    <command node="GETSTATS" xmlns="http://jabber.org/protocol/commands"/>
</iq>

wojciech.kapcia@tigase.net commented 4 years ago

As per :

In most cases the http://jabber.org/protocol/stats would be tied to the component or servers admin JID so that only that JID may query the statistics however there are advantages to having a three tier system where some statistics are available to all JIDs, some to an arbitrary JID listed in the configuration file and all available to the listed admin JID. As the first case can be emulated by the second I propose that when implemented the http://jabber.org/protocol/stats namespace is configured to use the three tier method of authorizing queries.

Currently we don't have any list of stats levels that we could leverage. What's more, even locally for admin user the plugin does't work. Given, that we have abundance of ways to retrieve the statistics (ad-hoc, JMX, etc) and this plugin hasn't been used I decided to disable it. It could be fixed in the future, but this is low priority.

wojciech.kapcia@tigase.net batch edited 6 months ago

Name	Previous Value	Current Value
Iterations	empty	Candidate for next major release

Type	Bug
Priority	Minor
Assignee	wojciech.kapcia@tigase.net
Version	Candidate for next major release
Spent time	2h

Iterations

Candidate for next major release Open

Issue Votes (0)

Watchers (2)

Reference

tigase/_server/server-core#1242