powered by Jive Software

Openfire 4.0.2: S2S Permission policy (blacklist/whitelist) configuration is broken


#1

Seems that in 4.0.2 the “Server to Server Settings” (connection-settings-socket-s2s.jsp) code does not handle at all the global permission mode for blacklist/whitelist . It does not handle the “permissionFilter” attribute which when changed should result in calling the RemoteServerManager.setPermissionPolicy(String policy) method.

As a workarround, the administrator must manually add the property “xmpp.server.permission” with a value of “whitelist” or “blacklist”


#2

Hi,

I’ve the same Problem with Unify OpenScape UC V9R2 in a Very large deployment. Howis the correct way to fix the Problem with the withelist.

Have you any hints ?

Best regards

Joachim Silvestri


#3

Problem still exists in 4.1.2 (and most probably in later 4.1.x versions).

Any solution to this?

To reproduce:

  1. Setup 2 OF servers
  2. On each one of them, click on Server -> Server Settings -> Server to Server
    2.1. Add the domain of the other OF server in the Domain text field and click on Add Server button
    2.1. Select White List and click on Save Settings button

These steps correctly set xmpp.server.permission='whitelist' and update the OFREMOTESERVERCONF table with the FQDN of the remote server, the port and the entry 'allowed'.

However, you can not communicate between the two servers anymore; e.g. you cannot add a remote room or talk to a remote user. There is a PTR in JIRA which is supposed to have been fixed in 4.0.4.

As you understand, allowing any server to connect can be a security problem for some projects.

Any solution/workaround to this?


#4

After more investigation, it looks that the is no issue. After adding correct entries in Domain text field, communication between remote servers was possible (with ‘White List’ selected). E.g. to access conference rooms, we had to add conference.<FQDN>, too, as this is how our DNS is structured.

I apologize for the false info.