From 40be6e72a11c6a6fcf49bc66191a3d3a4ffcf996 Mon Sep 17 00:00:00 2001
From: Maxime Dor <max@kamax.io>
Date: Sat, 11 Feb 2017 23:14:12 +0100
Subject: [PATCH] Protect against lookup loops

---
 README.md                                              |  3 ++-
 .../io/kamax/mxisd/lookup/DnsLookupProvider.groovy     | 10 ++++++++++
 .../groovy/io/kamax/mxisd/lookup/LdapProvider.groovy   |  6 ++++++
 .../kamax/mxisd/lookup/PriorityLookupStrategy.groovy   |  6 ++++++
 4 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index f7ab04f..847528e 100644
--- a/README.md
+++ b/README.md
@@ -27,7 +27,8 @@ cd mxisd
 
 ## Configure
 1. Create a new local config: `cp application.example.yaml application.yaml`
-- Edit `application.yaml` to your needs - at least provide the LDAP attributes
+- Set the `server.name` value to the domain value used in your Home Server configuration
+- Provide the LDAP attributes you want to use for lookup
 - Edit an entity in your LDAP database and set the configure attribute with a Matrix ID (e.g. `@john.doe:example.org`)
 
 ## Run
diff --git a/src/main/groovy/io/kamax/mxisd/lookup/DnsLookupProvider.groovy b/src/main/groovy/io/kamax/mxisd/lookup/DnsLookupProvider.groovy
index 90e5adb..edb83b0 100644
--- a/src/main/groovy/io/kamax/mxisd/lookup/DnsLookupProvider.groovy
+++ b/src/main/groovy/io/kamax/mxisd/lookup/DnsLookupProvider.groovy
@@ -21,8 +21,11 @@
 package io.kamax.mxisd.lookup
 
 import io.kamax.mxisd.api.ThreePidType
+import io.kamax.mxisd.config.ServerConfig
+import org.apache.commons.lang.StringUtils
 import org.slf4j.Logger
 import org.slf4j.LoggerFactory
+import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.stereotype.Component
 import org.xbill.DNS.Lookup
 import org.xbill.DNS.SRVRecord
@@ -33,6 +36,9 @@ class DnsLookupProvider extends RemoteIdentityServerProvider {
 
     private Logger log = LoggerFactory.getLogger(DnsLookupProvider.class)
 
+    @Autowired
+    private ServerConfig srvCfg;
+
     @Override
     int getPriority() {
         return 10
@@ -48,6 +54,10 @@ class DnsLookupProvider extends RemoteIdentityServerProvider {
 
         String domain = threePid.substring(threePid.lastIndexOf("@") + 1)
         log.info("Domain name for {}: {}", threePid, domain)
+        if (StringUtils.equals(srvCfg.getName(), domain)) {
+            log.warn("We are authoritative for ${domain}, no remote lookup - is your server.name configured properly?")
+            return Optional.empty()
+        }
 
         log.info("Performing SRV lookup")
         String lookupDns = "_matrix-identity._tcp." + domain
diff --git a/src/main/groovy/io/kamax/mxisd/lookup/LdapProvider.groovy b/src/main/groovy/io/kamax/mxisd/lookup/LdapProvider.groovy
index 263b6a2..81e3968 100644
--- a/src/main/groovy/io/kamax/mxisd/lookup/LdapProvider.groovy
+++ b/src/main/groovy/io/kamax/mxisd/lookup/LdapProvider.groovy
@@ -27,12 +27,16 @@ import org.apache.directory.api.ldap.model.entry.Attribute
 import org.apache.directory.api.ldap.model.message.SearchScope
 import org.apache.directory.ldap.client.api.LdapConnection
 import org.apache.directory.ldap.client.api.LdapNetworkConnection
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.stereotype.Component
 
 @Component
 class LdapProvider implements ThreePidProvider {
 
+    private Logger log = LoggerFactory.getLogger(LdapProvider.class)
+
     @Autowired
     private LdapConfig ldapCfg
 
@@ -43,6 +47,8 @@ class LdapProvider implements ThreePidProvider {
 
     @Override
     Optional<?> find(ThreePidType type, String threePid) {
+        log.info("Performing LDAP lookup ${threePid} of type ${type}")
+
         LdapConnection conn = new LdapNetworkConnection(ldapCfg.getHost(), ldapCfg.getPort())
         try {
             conn.bind(ldapCfg.getBindDn(), ldapCfg.getBindPassword())
diff --git a/src/main/groovy/io/kamax/mxisd/lookup/PriorityLookupStrategy.groovy b/src/main/groovy/io/kamax/mxisd/lookup/PriorityLookupStrategy.groovy
index 740b6d8..6e66010 100644
--- a/src/main/groovy/io/kamax/mxisd/lookup/PriorityLookupStrategy.groovy
+++ b/src/main/groovy/io/kamax/mxisd/lookup/PriorityLookupStrategy.groovy
@@ -21,6 +21,8 @@
 package io.kamax.mxisd.lookup
 
 import io.kamax.mxisd.api.ThreePidType
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
 import org.springframework.beans.factory.InitializingBean
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.stereotype.Component
@@ -28,11 +30,15 @@ import org.springframework.stereotype.Component
 @Component
 class PriorityLookupStrategy implements LookupStrategy, InitializingBean {
 
+    private Logger log = LoggerFactory.getLogger(PriorityLookupStrategy.class)
+
     @Autowired
     private List<ThreePidProvider> providers
 
     @Override
     void afterPropertiesSet() throws Exception {
+        log.info("Found ${providers.size()} providers")
+
         providers.sort(new Comparator<ThreePidProvider>() {
 
             @Override