Merge pull request #919 from matrix-org/erikj/auth_fix

Various auth.py fixes.
This commit is contained in:
Erik Johnston 2016-07-15 11:38:33 +01:00 committed by GitHub
commit bd7c51921d
3 changed files with 35 additions and 5 deletions

View File

@ -63,7 +63,7 @@ class Auth(object):
"user_id = ", "user_id = ",
]) ])
def check(self, event, auth_events): def check(self, event, auth_events, do_sig_check=True):
""" Checks if this event is correctly authed. """ Checks if this event is correctly authed.
Args: Args:
@ -79,6 +79,13 @@ class Auth(object):
if not hasattr(event, "room_id"): if not hasattr(event, "room_id"):
raise AuthError(500, "Event has no room_id: %s" % event) raise AuthError(500, "Event has no room_id: %s" % event)
sender_domain = get_domain_from_id(event.sender)
# Check the sender's domain has signed the event
if do_sig_check and not event.signatures.get(sender_domain):
raise AuthError(403, "Event not signed by sending server")
if auth_events is None: if auth_events is None:
# Oh, we don't know what the state of the room was, so we # Oh, we don't know what the state of the room was, so we
# are trusting that this is allowed (at least for now) # are trusting that this is allowed (at least for now)
@ -86,6 +93,12 @@ class Auth(object):
return True return True
if event.type == EventTypes.Create: if event.type == EventTypes.Create:
room_id_domain = get_domain_from_id(event.room_id)
if room_id_domain != sender_domain:
raise AuthError(
403,
"Creation event's room_id domain does not match sender's"
)
# FIXME # FIXME
return True return True
@ -108,6 +121,17 @@ class Auth(object):
# FIXME: Temp hack # FIXME: Temp hack
if event.type == EventTypes.Aliases: if event.type == EventTypes.Aliases:
if not event.state_key:
raise AuthError(
403,
"Alias event must have non-empty state_key"
)
sender_domain = get_domain_from_id(event.sender)
if event.state_key != sender_domain:
raise AuthError(
403,
"Alias event's state_key does not match sender's domain"
)
return True return True
logger.debug( logger.debug(

View File

@ -688,7 +688,9 @@ class FederationHandler(BaseHandler):
logger.warn("Failed to create join %r because %s", event, e) logger.warn("Failed to create join %r because %s", event, e)
raise e raise e
self.auth.check(event, auth_events=context.current_state) # The remote hasn't signed it yet, obviously. We'll do the full checks
# when we get the event back in `on_send_join_request`
self.auth.check(event, auth_events=context.current_state, do_sig_check=False)
defer.returnValue(event) defer.returnValue(event)
@ -918,7 +920,9 @@ class FederationHandler(BaseHandler):
) )
try: try:
self.auth.check(event, auth_events=context.current_state) # The remote hasn't signed it yet, obviously. We'll do the full checks
# when we get the event back in `on_send_leave_request`
self.auth.check(event, auth_events=context.current_state, do_sig_check=False)
except AuthError as e: except AuthError as e:
logger.warn("Failed to create new leave %r because %s", event, e) logger.warn("Failed to create new leave %r because %s", event, e)
raise e raise e

View File

@ -379,7 +379,8 @@ class StateHandler(object):
try: try:
# FIXME: hs.get_auth() is bad style, but we need to do it to # FIXME: hs.get_auth() is bad style, but we need to do it to
# get around circular deps. # get around circular deps.
self.hs.get_auth().check(event, auth_events) # The signatures have already been checked at this point
self.hs.get_auth().check(event, auth_events, do_sig_check=False)
prev_event = event prev_event = event
except AuthError: except AuthError:
return prev_event return prev_event
@ -391,7 +392,8 @@ class StateHandler(object):
try: try:
# FIXME: hs.get_auth() is bad style, but we need to do it to # FIXME: hs.get_auth() is bad style, but we need to do it to
# get around circular deps. # get around circular deps.
self.hs.get_auth().check(event, auth_events) # The signatures have already been checked at this point
self.hs.get_auth().check(event, auth_events, do_sig_check=False)
return event return event
except AuthError: except AuthError:
pass pass