OF-2189: Apply privacy lists to CC'ed stanzas.

This prevents stanzas to bypass a privacy list or blocklist, when they're included in a carbon copy.

xmppserver/src/main/java/org/jivesoftware/openfire/carbons/Received.java

@@ -1,7 +1,10 @@
 package org.jivesoftware.openfire.carbons;
 
+import org.dom4j.Element;
 import org.jivesoftware.openfire.forward.Forwarded;
-import org.xmpp.packet.PacketExtension;
+import org.xmpp.packet.*;
+
+import javax.annotation.Nonnull;
 
 /**
  * The implementation of the {@code <received xmlns="urn:xmpp:carbons:2"/>} extension.
@@ -14,8 +17,28 @@ public final class Received extends PacketExtension {
     public static final String NAME = "received";
     public static final String NAMESPACE = "urn:xmpp:carbons:2";
 
-    public Received(Forwarded forwarded) {
+    public Received(@Nonnull final Forwarded forwarded) {
         super(NAME, NAMESPACE);
         element.add(forwarded.getElement());
     }
+
+    public Packet getForwardedStanza() {
+        if (element.element("forwarded") == null) {
+            return null;
+        }
+        if (element.element("forwarded").elements() == null) {
+            return null;
+        }
+        final Element originalStanza = element.element("forwarded").elements().get(0);
+        switch (originalStanza.getName()) {
+            case "message":
+                return new Message(originalStanza, true);
+            case "iq":
+                return new IQ(originalStanza, true);
+            case "presence":
+                return new Presence(originalStanza, true);
+            default:
+                throw new IllegalArgumentException("A 'forwarded' stanza must by of type 'message', 'iq' or 'presence', not: " + originalStanza.getName());
+        }
+    }
 }

xmppserver/src/main/java/org/jivesoftware/openfire/session/LocalClientSession.java

@@ -19,12 +19,14 @@
 import java.net.UnknownHostException;
 import java.util.*;
 
+import org.dom4j.Element;
 import org.jivesoftware.openfire.Connection;
 import org.jivesoftware.openfire.SessionManager;
 import org.jivesoftware.openfire.StreamID;
 import org.jivesoftware.openfire.XMPPServer;
 import org.jivesoftware.openfire.auth.AuthToken;
 import org.jivesoftware.openfire.auth.UnauthorizedException;
+import org.jivesoftware.openfire.carbons.Received;
 import org.jivesoftware.openfire.cluster.ClusterManager;
 import org.jivesoftware.openfire.entitycaps.EntityCapabilitiesManager;
 import org.jivesoftware.openfire.net.SASLAuthentication;
@@ -969,6 +971,21 @@ public void setHasRequestedBlocklist(boolean hasRequestedBlocklist) {
     @Override
     public boolean canProcess(Packet packet) {
 
+        // If the packet is a forwarded stanza (eg: carbon copy), ensure that the forwarded message would have
+        // passed the privacy lists that are active for _this_ session. Note that the active list could differ
+        // for each session of a particular user! (OF-2189)
+        // Implementation note: it might be tempting to implement this in org.jivesoftware.openfire.spi.RoutingTableImpl.ccMessage
+        // There is, however, no way to check the active privacy list for sessions on remote cluster nodes there.
+        final Received received = (Received) packet.getExtension(Received.NAME, Received.NAMESPACE);
+        if (received != null) {
+            final Packet forwardedStanza = received.getForwardedStanza();
+            if (forwardedStanza != null) {
+                if (!canProcess(forwardedStanza)) {
+                    return false;
+                }
+            }
+        }
+
         PrivacyList list = getActiveList();
         if (list != null) {
             // If a privacy list is active then make sure that the packet is not blocked