Merge branch 'master' into develop
This commit is contained in:
commit
9a793f861c
|
@ -1,3 +1,12 @@
|
||||||
|
Changes in synapse v0.31.2 (2018-06-14)
|
||||||
|
=======================================
|
||||||
|
|
||||||
|
SECURITY UPDATE: Prevent unauthorised users from setting state events in a room
|
||||||
|
when there is no ``m.room.power_levels`` event in force in the room. (PR #3397)
|
||||||
|
|
||||||
|
Discussion around the Matrix Spec change proposal for this change can be
|
||||||
|
followed at https://github.com/matrix-org/matrix-doc/issues/1304.
|
||||||
|
|
||||||
Changes in synapse v0.31.1 (2018-06-08)
|
Changes in synapse v0.31.1 (2018-06-08)
|
||||||
=======================================
|
=======================================
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
# Copyright 2014-2016 OpenMarket Ltd
|
# Copyright 2014-2016 OpenMarket Ltd
|
||||||
|
# Copyright 2018 New Vector Ltd
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
# you may not use this file except in compliance with the License.
|
# you may not use this file except in compliance with the License.
|
||||||
|
@ -16,4 +17,4 @@
|
||||||
""" This is a reference implementation of a Matrix home server.
|
""" This is a reference implementation of a Matrix home server.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
__version__ = "0.31.1"
|
__version__ = "0.31.2"
|
||||||
|
|
|
@ -655,7 +655,7 @@ class Auth(object):
|
||||||
auth_events[(EventTypes.PowerLevels, "")] = power_level_event
|
auth_events[(EventTypes.PowerLevels, "")] = power_level_event
|
||||||
|
|
||||||
send_level = event_auth.get_send_level(
|
send_level = event_auth.get_send_level(
|
||||||
EventTypes.Aliases, "", auth_events
|
EventTypes.Aliases, "", power_level_event,
|
||||||
)
|
)
|
||||||
user_level = event_auth.get_user_power_level(user_id, auth_events)
|
user_level = event_auth.get_user_power_level(user_id, auth_events)
|
||||||
|
|
||||||
|
|
|
@ -34,9 +34,11 @@ def check(event, auth_events, do_sig_check=True, do_size_check=True):
|
||||||
event: the event being checked.
|
event: the event being checked.
|
||||||
auth_events (dict: event-key -> event): the existing room state.
|
auth_events (dict: event-key -> event): the existing room state.
|
||||||
|
|
||||||
|
Raises:
|
||||||
|
AuthError if the checks fail
|
||||||
|
|
||||||
Returns:
|
Returns:
|
||||||
True if the auth checks pass.
|
if the auth checks pass.
|
||||||
"""
|
"""
|
||||||
if do_size_check:
|
if do_size_check:
|
||||||
_check_size_limits(event)
|
_check_size_limits(event)
|
||||||
|
@ -71,7 +73,7 @@ def check(event, auth_events, do_sig_check=True, do_size_check=True):
|
||||||
# Oh, we don't know what the state of the room was, so we
|
# Oh, we don't know what the state of the room was, so we
|
||||||
# are trusting that this is allowed (at least for now)
|
# are trusting that this is allowed (at least for now)
|
||||||
logger.warn("Trusting event: %s", event.event_id)
|
logger.warn("Trusting event: %s", event.event_id)
|
||||||
return True
|
return
|
||||||
|
|
||||||
if event.type == EventTypes.Create:
|
if event.type == EventTypes.Create:
|
||||||
room_id_domain = get_domain_from_id(event.room_id)
|
room_id_domain = get_domain_from_id(event.room_id)
|
||||||
|
@ -81,7 +83,8 @@ def check(event, auth_events, do_sig_check=True, do_size_check=True):
|
||||||
"Creation event's room_id domain does not match sender's"
|
"Creation event's room_id domain does not match sender's"
|
||||||
)
|
)
|
||||||
# FIXME
|
# FIXME
|
||||||
return True
|
logger.debug("Allowing! %s", event)
|
||||||
|
return
|
||||||
|
|
||||||
creation_event = auth_events.get((EventTypes.Create, ""), None)
|
creation_event = auth_events.get((EventTypes.Create, ""), None)
|
||||||
|
|
||||||
|
@ -118,7 +121,8 @@ def check(event, auth_events, do_sig_check=True, do_size_check=True):
|
||||||
403,
|
403,
|
||||||
"Alias event's state_key does not match sender's domain"
|
"Alias event's state_key does not match sender's domain"
|
||||||
)
|
)
|
||||||
return True
|
logger.debug("Allowing! %s", event)
|
||||||
|
return
|
||||||
|
|
||||||
if logger.isEnabledFor(logging.DEBUG):
|
if logger.isEnabledFor(logging.DEBUG):
|
||||||
logger.debug(
|
logger.debug(
|
||||||
|
@ -127,14 +131,9 @@ def check(event, auth_events, do_sig_check=True, do_size_check=True):
|
||||||
)
|
)
|
||||||
|
|
||||||
if event.type == EventTypes.Member:
|
if event.type == EventTypes.Member:
|
||||||
allowed = _is_membership_change_allowed(
|
_is_membership_change_allowed(event, auth_events)
|
||||||
event, auth_events
|
|
||||||
)
|
|
||||||
if allowed:
|
|
||||||
logger.debug("Allowing! %s", event)
|
logger.debug("Allowing! %s", event)
|
||||||
else:
|
return
|
||||||
logger.debug("Denying! %s", event)
|
|
||||||
return allowed
|
|
||||||
|
|
||||||
_check_event_sender_in_room(event, auth_events)
|
_check_event_sender_in_room(event, auth_events)
|
||||||
|
|
||||||
|
@ -153,7 +152,8 @@ def check(event, auth_events, do_sig_check=True, do_size_check=True):
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
else:
|
else:
|
||||||
return True
|
logger.debug("Allowing! %s", event)
|
||||||
|
return
|
||||||
|
|
||||||
_can_send_event(event, auth_events)
|
_can_send_event(event, auth_events)
|
||||||
|
|
||||||
|
@ -200,7 +200,7 @@ def _is_membership_change_allowed(event, auth_events):
|
||||||
create = auth_events.get(key)
|
create = auth_events.get(key)
|
||||||
if create and event.prev_events[0][0] == create.event_id:
|
if create and event.prev_events[0][0] == create.event_id:
|
||||||
if create.content["creator"] == event.state_key:
|
if create.content["creator"] == event.state_key:
|
||||||
return True
|
return
|
||||||
|
|
||||||
target_user_id = event.state_key
|
target_user_id = event.state_key
|
||||||
|
|
||||||
|
@ -265,13 +265,13 @@ def _is_membership_change_allowed(event, auth_events):
|
||||||
raise AuthError(
|
raise AuthError(
|
||||||
403, "%s is banned from the room" % (target_user_id,)
|
403, "%s is banned from the room" % (target_user_id,)
|
||||||
)
|
)
|
||||||
return True
|
return
|
||||||
|
|
||||||
if Membership.JOIN != membership:
|
if Membership.JOIN != membership:
|
||||||
if (caller_invited
|
if (caller_invited
|
||||||
and Membership.LEAVE == membership
|
and Membership.LEAVE == membership
|
||||||
and target_user_id == event.user_id):
|
and target_user_id == event.user_id):
|
||||||
return True
|
return
|
||||||
|
|
||||||
if not caller_in_room: # caller isn't joined
|
if not caller_in_room: # caller isn't joined
|
||||||
raise AuthError(
|
raise AuthError(
|
||||||
|
@ -334,8 +334,6 @@ def _is_membership_change_allowed(event, auth_events):
|
||||||
else:
|
else:
|
||||||
raise AuthError(500, "Unknown membership %s" % membership)
|
raise AuthError(500, "Unknown membership %s" % membership)
|
||||||
|
|
||||||
return True
|
|
||||||
|
|
||||||
|
|
||||||
def _check_event_sender_in_room(event, auth_events):
|
def _check_event_sender_in_room(event, auth_events):
|
||||||
key = (EventTypes.Member, event.user_id, )
|
key = (EventTypes.Member, event.user_id, )
|
||||||
|
@ -355,35 +353,46 @@ def _check_joined_room(member, user_id, room_id):
|
||||||
))
|
))
|
||||||
|
|
||||||
|
|
||||||
def get_send_level(etype, state_key, auth_events):
|
def get_send_level(etype, state_key, power_levels_event):
|
||||||
key = (EventTypes.PowerLevels, "", )
|
"""Get the power level required to send an event of a given type
|
||||||
send_level_event = auth_events.get(key)
|
|
||||||
send_level = None
|
The federation spec [1] refers to this as "Required Power Level".
|
||||||
if send_level_event:
|
|
||||||
send_level = send_level_event.content.get("events", {}).get(
|
https://matrix.org/docs/spec/server_server/unstable.html#definitions
|
||||||
etype
|
|
||||||
)
|
Args:
|
||||||
|
etype (str): type of event
|
||||||
|
state_key (str|None): state_key of state event, or None if it is not
|
||||||
|
a state event.
|
||||||
|
power_levels_event (synapse.events.EventBase|None): power levels event
|
||||||
|
in force at this point in the room
|
||||||
|
Returns:
|
||||||
|
int: power level required to send this event.
|
||||||
|
"""
|
||||||
|
|
||||||
|
if power_levels_event:
|
||||||
|
power_levels_content = power_levels_event.content
|
||||||
|
else:
|
||||||
|
power_levels_content = {}
|
||||||
|
|
||||||
|
# see if we have a custom level for this event type
|
||||||
|
send_level = power_levels_content.get("events", {}).get(etype)
|
||||||
|
|
||||||
|
# otherwise, fall back to the state_default/events_default.
|
||||||
if send_level is None:
|
if send_level is None:
|
||||||
if state_key is not None:
|
if state_key is not None:
|
||||||
send_level = send_level_event.content.get(
|
send_level = power_levels_content.get("state_default", 50)
|
||||||
"state_default", 50
|
|
||||||
)
|
|
||||||
else:
|
else:
|
||||||
send_level = send_level_event.content.get(
|
send_level = power_levels_content.get("events_default", 0)
|
||||||
"events_default", 0
|
|
||||||
)
|
|
||||||
|
|
||||||
if send_level:
|
return int(send_level)
|
||||||
send_level = int(send_level)
|
|
||||||
else:
|
|
||||||
send_level = 0
|
|
||||||
|
|
||||||
return send_level
|
|
||||||
|
|
||||||
|
|
||||||
def _can_send_event(event, auth_events):
|
def _can_send_event(event, auth_events):
|
||||||
|
power_levels_event = _get_power_level_event(auth_events)
|
||||||
|
|
||||||
send_level = get_send_level(
|
send_level = get_send_level(
|
||||||
event.type, event.get("state_key", None), auth_events
|
event.type, event.get("state_key"), power_levels_event,
|
||||||
)
|
)
|
||||||
user_level = get_user_power_level(event.user_id, auth_events)
|
user_level = get_user_power_level(event.user_id, auth_events)
|
||||||
|
|
||||||
|
@ -524,13 +533,22 @@ def _check_power_levels(event, auth_events):
|
||||||
|
|
||||||
|
|
||||||
def _get_power_level_event(auth_events):
|
def _get_power_level_event(auth_events):
|
||||||
key = (EventTypes.PowerLevels, "", )
|
return auth_events.get((EventTypes.PowerLevels, ""))
|
||||||
return auth_events.get(key)
|
|
||||||
|
|
||||||
|
|
||||||
def get_user_power_level(user_id, auth_events):
|
def get_user_power_level(user_id, auth_events):
|
||||||
power_level_event = _get_power_level_event(auth_events)
|
"""Get a user's power level
|
||||||
|
|
||||||
|
Args:
|
||||||
|
user_id (str): user's id to look up in power_levels
|
||||||
|
auth_events (dict[(str, str), synapse.events.EventBase]):
|
||||||
|
state in force at this point in the room (or rather, a subset of
|
||||||
|
it including at least the create event and power levels event.
|
||||||
|
|
||||||
|
Returns:
|
||||||
|
int: the user's power level in this room.
|
||||||
|
"""
|
||||||
|
power_level_event = _get_power_level_event(auth_events)
|
||||||
if power_level_event:
|
if power_level_event:
|
||||||
level = power_level_event.content.get("users", {}).get(user_id)
|
level = power_level_event.content.get("users", {}).get(user_id)
|
||||||
if not level:
|
if not level:
|
||||||
|
@ -541,6 +559,11 @@ def get_user_power_level(user_id, auth_events):
|
||||||
else:
|
else:
|
||||||
return int(level)
|
return int(level)
|
||||||
else:
|
else:
|
||||||
|
# if there is no power levels event, the creator gets 100 and everyone
|
||||||
|
# else gets 0.
|
||||||
|
|
||||||
|
# some things which call this don't pass the create event: hack around
|
||||||
|
# that.
|
||||||
key = (EventTypes.Create, "", )
|
key = (EventTypes.Create, "", )
|
||||||
create_event = auth_events.get(key)
|
create_event = auth_events.get(key)
|
||||||
if (create_event is not None and
|
if (create_event is not None and
|
||||||
|
|
|
@ -0,0 +1,151 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
# Copyright 2018 New Vector Ltd
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
from synapse import event_auth
|
||||||
|
from synapse.api.errors import AuthError
|
||||||
|
from synapse.events import FrozenEvent
|
||||||
|
import unittest
|
||||||
|
|
||||||
|
|
||||||
|
class EventAuthTestCase(unittest.TestCase):
|
||||||
|
def test_random_users_cannot_send_state_before_first_pl(self):
|
||||||
|
"""
|
||||||
|
Check that, before the first PL lands, the creator is the only user
|
||||||
|
that can send a state event.
|
||||||
|
"""
|
||||||
|
creator = "@creator:example.com"
|
||||||
|
joiner = "@joiner:example.com"
|
||||||
|
auth_events = {
|
||||||
|
("m.room.create", ""): _create_event(creator),
|
||||||
|
("m.room.member", creator): _join_event(creator),
|
||||||
|
("m.room.member", joiner): _join_event(joiner),
|
||||||
|
}
|
||||||
|
|
||||||
|
# creator should be able to send state
|
||||||
|
event_auth.check(
|
||||||
|
_random_state_event(creator), auth_events,
|
||||||
|
do_sig_check=False,
|
||||||
|
)
|
||||||
|
|
||||||
|
# joiner should not be able to send state
|
||||||
|
self.assertRaises(
|
||||||
|
AuthError,
|
||||||
|
event_auth.check,
|
||||||
|
_random_state_event(joiner),
|
||||||
|
auth_events,
|
||||||
|
do_sig_check=False,
|
||||||
|
),
|
||||||
|
|
||||||
|
def test_state_default_level(self):
|
||||||
|
"""
|
||||||
|
Check that users above the state_default level can send state and
|
||||||
|
those below cannot
|
||||||
|
"""
|
||||||
|
creator = "@creator:example.com"
|
||||||
|
pleb = "@joiner:example.com"
|
||||||
|
king = "@joiner2:example.com"
|
||||||
|
|
||||||
|
auth_events = {
|
||||||
|
("m.room.create", ""): _create_event(creator),
|
||||||
|
("m.room.member", creator): _join_event(creator),
|
||||||
|
("m.room.power_levels", ""): _power_levels_event(creator, {
|
||||||
|
"state_default": "30",
|
||||||
|
"users": {
|
||||||
|
pleb: "29",
|
||||||
|
king: "30",
|
||||||
|
},
|
||||||
|
}),
|
||||||
|
("m.room.member", pleb): _join_event(pleb),
|
||||||
|
("m.room.member", king): _join_event(king),
|
||||||
|
}
|
||||||
|
|
||||||
|
# pleb should not be able to send state
|
||||||
|
self.assertRaises(
|
||||||
|
AuthError,
|
||||||
|
event_auth.check,
|
||||||
|
_random_state_event(pleb),
|
||||||
|
auth_events,
|
||||||
|
do_sig_check=False,
|
||||||
|
),
|
||||||
|
|
||||||
|
# king should be able to send state
|
||||||
|
event_auth.check(
|
||||||
|
_random_state_event(king), auth_events,
|
||||||
|
do_sig_check=False,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
# helpers for making events
|
||||||
|
|
||||||
|
TEST_ROOM_ID = "!test:room"
|
||||||
|
|
||||||
|
|
||||||
|
def _create_event(user_id):
|
||||||
|
return FrozenEvent({
|
||||||
|
"room_id": TEST_ROOM_ID,
|
||||||
|
"event_id": _get_event_id(),
|
||||||
|
"type": "m.room.create",
|
||||||
|
"sender": user_id,
|
||||||
|
"content": {
|
||||||
|
"creator": user_id,
|
||||||
|
},
|
||||||
|
})
|
||||||
|
|
||||||
|
|
||||||
|
def _join_event(user_id):
|
||||||
|
return FrozenEvent({
|
||||||
|
"room_id": TEST_ROOM_ID,
|
||||||
|
"event_id": _get_event_id(),
|
||||||
|
"type": "m.room.member",
|
||||||
|
"sender": user_id,
|
||||||
|
"state_key": user_id,
|
||||||
|
"content": {
|
||||||
|
"membership": "join",
|
||||||
|
},
|
||||||
|
})
|
||||||
|
|
||||||
|
|
||||||
|
def _power_levels_event(sender, content):
|
||||||
|
return FrozenEvent({
|
||||||
|
"room_id": TEST_ROOM_ID,
|
||||||
|
"event_id": _get_event_id(),
|
||||||
|
"type": "m.room.power_levels",
|
||||||
|
"sender": sender,
|
||||||
|
"state_key": "",
|
||||||
|
"content": content,
|
||||||
|
})
|
||||||
|
|
||||||
|
|
||||||
|
def _random_state_event(sender):
|
||||||
|
return FrozenEvent({
|
||||||
|
"room_id": TEST_ROOM_ID,
|
||||||
|
"event_id": _get_event_id(),
|
||||||
|
"type": "test.state",
|
||||||
|
"sender": sender,
|
||||||
|
"state_key": "",
|
||||||
|
"content": {
|
||||||
|
"membership": "join",
|
||||||
|
},
|
||||||
|
})
|
||||||
|
|
||||||
|
|
||||||
|
event_count = 0
|
||||||
|
|
||||||
|
|
||||||
|
def _get_event_id():
|
||||||
|
global event_count
|
||||||
|
c = event_count
|
||||||
|
event_count += 1
|
||||||
|
return "!%i:example.com" % (c, )
|
|
@ -606,6 +606,14 @@ class StateTestCase(unittest.TestCase):
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
power_levels = create_event(
|
||||||
|
type=EventTypes.PowerLevels, state_key="",
|
||||||
|
content={"users": {
|
||||||
|
"@foo:bar": "100",
|
||||||
|
"@user_id:example.com": "100",
|
||||||
|
}}
|
||||||
|
)
|
||||||
|
|
||||||
creation = create_event(
|
creation = create_event(
|
||||||
type=EventTypes.Create, state_key="",
|
type=EventTypes.Create, state_key="",
|
||||||
content={"creator": "@foo:bar"}
|
content={"creator": "@foo:bar"}
|
||||||
|
@ -613,12 +621,14 @@ class StateTestCase(unittest.TestCase):
|
||||||
|
|
||||||
old_state_1 = [
|
old_state_1 = [
|
||||||
creation,
|
creation,
|
||||||
|
power_levels,
|
||||||
member_event,
|
member_event,
|
||||||
create_event(type="test1", state_key="1", depth=1),
|
create_event(type="test1", state_key="1", depth=1),
|
||||||
]
|
]
|
||||||
|
|
||||||
old_state_2 = [
|
old_state_2 = [
|
||||||
creation,
|
creation,
|
||||||
|
power_levels,
|
||||||
member_event,
|
member_event,
|
||||||
create_event(type="test1", state_key="1", depth=2),
|
create_event(type="test1", state_key="1", depth=2),
|
||||||
]
|
]
|
||||||
|
@ -633,7 +643,7 @@ class StateTestCase(unittest.TestCase):
|
||||||
)
|
)
|
||||||
|
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
old_state_2[2].event_id, context.current_state_ids[("test1", "1")]
|
old_state_2[3].event_id, context.current_state_ids[("test1", "1")]
|
||||||
)
|
)
|
||||||
|
|
||||||
# Reverse the depth to make sure we are actually using the depths
|
# Reverse the depth to make sure we are actually using the depths
|
||||||
|
@ -641,12 +651,14 @@ class StateTestCase(unittest.TestCase):
|
||||||
|
|
||||||
old_state_1 = [
|
old_state_1 = [
|
||||||
creation,
|
creation,
|
||||||
|
power_levels,
|
||||||
member_event,
|
member_event,
|
||||||
create_event(type="test1", state_key="1", depth=2),
|
create_event(type="test1", state_key="1", depth=2),
|
||||||
]
|
]
|
||||||
|
|
||||||
old_state_2 = [
|
old_state_2 = [
|
||||||
creation,
|
creation,
|
||||||
|
power_levels,
|
||||||
member_event,
|
member_event,
|
||||||
create_event(type="test1", state_key="1", depth=1),
|
create_event(type="test1", state_key="1", depth=1),
|
||||||
]
|
]
|
||||||
|
@ -659,7 +671,7 @@ class StateTestCase(unittest.TestCase):
|
||||||
)
|
)
|
||||||
|
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
old_state_1[2].event_id, context.current_state_ids[("test1", "1")]
|
old_state_1[3].event_id, context.current_state_ids[("test1", "1")]
|
||||||
)
|
)
|
||||||
|
|
||||||
def _get_context(self, event, prev_event_id_1, old_state_1, prev_event_id_2,
|
def _get_context(self, event, prev_event_id_1, old_state_1, prev_event_id_2,
|
||||||
|
|
Loading…
Reference in New Issue