Mercurial > prosody-modules
annotate mod_host_guard/mod_host_guard.lua @ 5549:01a0b67a9afd
mod_http_oauth2: Add TODO about disabling password grant
Per recommendation in draft-ietf-oauth-security-topics-23 it should at
the very least be disabled by default.
However since this is used by the Snikket web portal some care needs to
be taken not to break this, unless it's already broken by other changes
to this module.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 16 Jun 2023 00:06:53 +0200 |
parents | 7dbde05b48a9 |
children |
rev | line source |
---|---|
493
b1b80319bbf6
mod_host_guard: renamed mod_component_guard to mod_host_guard, as it really works with all hosts, finally decided to wiki it out and not merge it with the s2s_blackwhitelisting module.
Marco Cirillo <maranda@lightwitch.org>
parents:
460
diff
changeset
|
1 -- (C) 2011, Marco Cirillo (LW.Org) |
519
219ffe3541ff
mod_host_guard: updated banner.
Marco Cirillo <maranda@lightwitch.org>
parents:
515
diff
changeset
|
2 -- Block or restrict by blacklist remote access to local components or hosts. |
456
73f06a14390a
mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
3 |
460
9bb9343f3c7a
mod_component_guard: made module global, refactored init.
Marco Cirillo <maranda@lightwitch.org>
parents:
459
diff
changeset
|
4 module:set_global() |
9bb9343f3c7a
mod_component_guard: made module global, refactored init.
Marco Cirillo <maranda@lightwitch.org>
parents:
459
diff
changeset
|
5 |
834
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
6 local hosts = hosts |
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
7 local incoming_s2s = prosody.incoming_s2s |
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
8 |
493
b1b80319bbf6
mod_host_guard: renamed mod_component_guard to mod_host_guard, as it really works with all hosts, finally decided to wiki it out and not merge it with the s2s_blackwhitelisting module.
Marco Cirillo <maranda@lightwitch.org>
parents:
460
diff
changeset
|
9 local guard_blockall = module:get_option_set("host_guard_blockall", {}) |
515
e98fe28c50b0
mod_host_guard: added exceptions/whitelisting to the blockall logic (makes little sense otherwise has s2s_disallow = true does the same)
Marco Cirillo <maranda@lightwitch.org>
parents:
494
diff
changeset
|
10 local guard_ball_wl = module:get_option_set("host_guard_blockall_exceptions", {}) |
493
b1b80319bbf6
mod_host_guard: renamed mod_component_guard to mod_host_guard, as it really works with all hosts, finally decided to wiki it out and not merge it with the s2s_blackwhitelisting module.
Marco Cirillo <maranda@lightwitch.org>
parents:
460
diff
changeset
|
11 local guard_protect = module:get_option_set("host_guard_selective", {}) |
b1b80319bbf6
mod_host_guard: renamed mod_component_guard to mod_host_guard, as it really works with all hosts, finally decided to wiki it out and not merge it with the s2s_blackwhitelisting module.
Marco Cirillo <maranda@lightwitch.org>
parents:
460
diff
changeset
|
12 local guard_block_bl = module:get_option_set("host_guard_blacklist", {}) |
456
73f06a14390a
mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
13 |
724
b94010de43f6
mod_host_guard: referenced configmanager from prosody's _G instead of requiring it.
Marco Cirillo <maranda@lightwitch.org>
parents:
686
diff
changeset
|
14 local config = configmanager |
682
3ab1cf30a848
mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents:
681
diff
changeset
|
15 local error_reply = require "util.stanza".error_reply |
834
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
16 local tostring = tostring |
456
73f06a14390a
mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
17 |
680
a2cea070f2c7
mod_host_guard: removed calls to s2smanager and made the module not dependant on it.
Marco Cirillo <maranda@lightwitch.org>
parents:
537
diff
changeset
|
18 local function s2s_hook (event) |
a2cea070f2c7
mod_host_guard: removed calls to s2smanager and made the module not dependant on it.
Marco Cirillo <maranda@lightwitch.org>
parents:
537
diff
changeset
|
19 local origin, stanza = event.session or event.origin, event.stanza or false |
a2cea070f2c7
mod_host_guard: removed calls to s2smanager and made the module not dependant on it.
Marco Cirillo <maranda@lightwitch.org>
parents:
537
diff
changeset
|
20 local to_host, from_host = (not stanza and origin.to_host) or stanza.attr.to, (not stanza and origin.from_host) or stanza.attr.from |
456
73f06a14390a
mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
21 |
73f06a14390a
mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
22 if origin.type == "s2sin" or origin.type == "s2sin_unauthed" then |
680
a2cea070f2c7
mod_host_guard: removed calls to s2smanager and made the module not dependant on it.
Marco Cirillo <maranda@lightwitch.org>
parents:
537
diff
changeset
|
23 if guard_blockall:contains(to_host) and not guard_ball_wl:contains(from_host) or |
a2cea070f2c7
mod_host_guard: removed calls to s2smanager and made the module not dependant on it.
Marco Cirillo <maranda@lightwitch.org>
parents:
537
diff
changeset
|
24 guard_block_bl:contains(from_host) and guard_protect:contains(to_host) then |
682
3ab1cf30a848
mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents:
681
diff
changeset
|
25 module:log("error", "remote service %s attempted to access restricted host %s", from_host, to_host) |
528
1737c08fde30
mod_host_guard: stick to one code "punctuation" style.
Marco Cirillo <maranda@lightwitch.org>
parents:
519
diff
changeset
|
26 origin:close({condition = "policy-violation", text = "You're not authorized, good bye."}) |
1737c08fde30
mod_host_guard: stick to one code "punctuation" style.
Marco Cirillo <maranda@lightwitch.org>
parents:
519
diff
changeset
|
27 return false |
456
73f06a14390a
mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
28 end |
73f06a14390a
mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
29 end |
73f06a14390a
mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
30 |
528
1737c08fde30
mod_host_guard: stick to one code "punctuation" style.
Marco Cirillo <maranda@lightwitch.org>
parents:
519
diff
changeset
|
31 return nil |
456
73f06a14390a
mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
32 end |
73f06a14390a
mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
33 |
682
3ab1cf30a848
mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents:
681
diff
changeset
|
34 local function rr_hook (event) |
685
19698c5f3ab3
mod_host_guard: prevent possible traces in case there isn't a conn object on the session by adding a dummy replacement function.
Marco Cirillo <maranda@lightwitch.org>
parents:
684
diff
changeset
|
35 local from_host, to_host, send, stanza = event.from_host, event.to_host, (event.origin and event.origin.send) or function() end, event.stanza |
682
3ab1cf30a848
mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents:
681
diff
changeset
|
36 |
3ab1cf30a848
mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents:
681
diff
changeset
|
37 if guard_blockall:contains(from_host) and not guard_ball_wl:contains(to_host) or |
3ab1cf30a848
mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents:
681
diff
changeset
|
38 guard_block_bl:contains(to_host) and guard_protect:contains(from_host) then |
3ab1cf30a848
mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents:
681
diff
changeset
|
39 module:log("info", "attempted to connect to a filtered remote host %s", to_host) |
684
27529031890b
mod_host_guard: now a proper error is returned when stanzas are routed to a filtered remote server (thanks Zash)
Marco Cirillo <maranda@lightwitch.org>
parents:
683
diff
changeset
|
40 if stanza.attr.type ~= "error" then send(error_reply(event.stanza, "cancel", "policy-violation", "Communicating with a filtered remote server is not allowed.")) end |
27529031890b
mod_host_guard: now a proper error is returned when stanzas are routed to a filtered remote server (thanks Zash)
Marco Cirillo <maranda@lightwitch.org>
parents:
683
diff
changeset
|
41 return true |
682
3ab1cf30a848
mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents:
681
diff
changeset
|
42 end |
3ab1cf30a848
mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents:
681
diff
changeset
|
43 |
3ab1cf30a848
mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents:
681
diff
changeset
|
44 return nil |
3ab1cf30a848
mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents:
681
diff
changeset
|
45 end |
3ab1cf30a848
mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents:
681
diff
changeset
|
46 |
728
8ad2e24f5efd
mod_host_guard: reduced code duplication and added better logging.
Marco Cirillo <maranda@lightwitch.org>
parents:
727
diff
changeset
|
47 local function handle_activation (host, u) |
456
73f06a14390a
mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
48 if guard_blockall:contains(host) or guard_protect:contains(host) then |
818
bf23a8966e20
mod_host_guard: fix typos into the code, the operators were supposed to be "not equal".
Marco Cirillo <maranda@lightwitch.org>
parents:
817
diff
changeset
|
49 if hosts[host] and config.get(host, "core", "authentication") ~= "anonymous" then |
680
a2cea070f2c7
mod_host_guard: removed calls to s2smanager and made the module not dependant on it.
Marco Cirillo <maranda@lightwitch.org>
parents:
537
diff
changeset
|
50 hosts[host].events.add_handler("s2sin-established", s2s_hook, 500) |
682
3ab1cf30a848
mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents:
681
diff
changeset
|
51 hosts[host].events.add_handler("route/remote", rr_hook, 500) |
680
a2cea070f2c7
mod_host_guard: removed calls to s2smanager and made the module not dependant on it.
Marco Cirillo <maranda@lightwitch.org>
parents:
537
diff
changeset
|
52 hosts[host].events.add_handler("stanza/jabber:server:dialback:result", s2s_hook, 500) |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
834
diff
changeset
|
53 if not u then |
728
8ad2e24f5efd
mod_host_guard: reduced code duplication and added better logging.
Marco Cirillo <maranda@lightwitch.org>
parents:
727
diff
changeset
|
54 module:log ("debug", "adding host protection for: "..host) |
8ad2e24f5efd
mod_host_guard: reduced code duplication and added better logging.
Marco Cirillo <maranda@lightwitch.org>
parents:
727
diff
changeset
|
55 else |
729
ce8e7b784be0
mod_host_guard: adjusted log message.
Marco Cirillo <maranda@lightwitch.org>
parents:
728
diff
changeset
|
56 module:log ("debug", "updating or adding host protection for: "..host) |
728
8ad2e24f5efd
mod_host_guard: reduced code duplication and added better logging.
Marco Cirillo <maranda@lightwitch.org>
parents:
727
diff
changeset
|
57 end |
456
73f06a14390a
mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
58 end |
73f06a14390a
mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
59 end |
73f06a14390a
mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
60 end |
73f06a14390a
mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
61 |
728
8ad2e24f5efd
mod_host_guard: reduced code duplication and added better logging.
Marco Cirillo <maranda@lightwitch.org>
parents:
727
diff
changeset
|
62 local function handle_deactivation (host, u, i) |
456
73f06a14390a
mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
63 if guard_blockall:contains(host) or guard_protect:contains(host) then |
818
bf23a8966e20
mod_host_guard: fix typos into the code, the operators were supposed to be "not equal".
Marco Cirillo <maranda@lightwitch.org>
parents:
817
diff
changeset
|
64 if hosts[host] and config.get(host, "core", "authentication") ~= "anonymous" then |
680
a2cea070f2c7
mod_host_guard: removed calls to s2smanager and made the module not dependant on it.
Marco Cirillo <maranda@lightwitch.org>
parents:
537
diff
changeset
|
65 hosts[host].events.remove_handler("s2sin-established", s2s_hook) |
682
3ab1cf30a848
mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents:
681
diff
changeset
|
66 hosts[host].events.remove_handler("route/remote", rr_hook) |
680
a2cea070f2c7
mod_host_guard: removed calls to s2smanager and made the module not dependant on it.
Marco Cirillo <maranda@lightwitch.org>
parents:
537
diff
changeset
|
67 hosts[host].events.remove_handler("stanza/jabber:server:dialback:result", s2s_hook) |
728
8ad2e24f5efd
mod_host_guard: reduced code duplication and added better logging.
Marco Cirillo <maranda@lightwitch.org>
parents:
727
diff
changeset
|
68 if not u and not i then module:log ("debug", "removing host protection for: "..host) end |
456
73f06a14390a
mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
69 end |
73f06a14390a
mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
70 end |
73f06a14390a
mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
71 end |
73f06a14390a
mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
72 |
834
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
73 local function close_filtered() |
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
74 for _, host in pairs(hosts) do |
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
75 for name, session in pairs(host.s2sout) do |
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
76 if guard_blockall:contains(session.host) and not guard_ball_wl:contains(session.to_host) or |
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
77 guard_block_bl:contains(session.to_host) and guard_protect:contains(session.host) then |
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
78 module:log("info", "closing down s2s outgoing stream to filtered entity %s", tostring(session.to_host)) |
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
79 session:close() |
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
80 end |
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
81 end |
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
82 end |
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
83 for session in pairs(incoming_s2s) do |
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
84 if session.to_host and session.from_host and |
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
85 (guard_blockall:contains(session.to_host) and not guard_ball_wl:contains(session.from_host) or |
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
86 guard_block_bl:contains(session.from_host) and guard_protect:contains(session.to_host)) then |
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
87 module:log("info", "closing down s2s incoming stream from filtered entity %s", tostring(session.from_host)) |
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
88 session:close() |
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
89 end |
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
90 end |
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
91 end |
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
92 |
728
8ad2e24f5efd
mod_host_guard: reduced code duplication and added better logging.
Marco Cirillo <maranda@lightwitch.org>
parents:
727
diff
changeset
|
93 local function init_hosts(u, i) |
725
f79fda2d7e51
mod_host_guard: host handlers are now cleaned properly on module unload (and also still on re/load to be safe).
Marco Cirillo <maranda@lightwitch.org>
parents:
724
diff
changeset
|
94 for n in pairs(hosts) do |
727
99f5846bcd85
mod_host_guard: during configuration reload the host handlers should be reinitialized as well, so reverted changed and added back the "redundant code".
Marco Cirillo <maranda@lightwitch.org>
parents:
726
diff
changeset
|
95 if guard_blockall:contains(n) or guard_protect:contains(n) then |
834
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
96 handle_deactivation(n, u, i) ; handle_activation(n, u) |
727
99f5846bcd85
mod_host_guard: during configuration reload the host handlers should be reinitialized as well, so reverted changed and added back the "redundant code".
Marco Cirillo <maranda@lightwitch.org>
parents:
726
diff
changeset
|
97 end |
537
50be30f203f3
mod_host_guard: fixed plugin, minor code refactor.
Marco Cirillo <maranda@lightwitch.org>
parents:
533
diff
changeset
|
98 end |
834
21e99dc949ee
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents:
818
diff
changeset
|
99 close_filtered() |
537
50be30f203f3
mod_host_guard: fixed plugin, minor code refactor.
Marco Cirillo <maranda@lightwitch.org>
parents:
533
diff
changeset
|
100 end |
50be30f203f3
mod_host_guard: fixed plugin, minor code refactor.
Marco Cirillo <maranda@lightwitch.org>
parents:
533
diff
changeset
|
101 |
458
4149fcacbbf1
mod_component_guard: refactored init code, added reloading logic to prevent events pollution with stale dupes.
Marco Cirillo <maranda@lightwitch.org>
parents:
457
diff
changeset
|
102 local function reload() |
528
1737c08fde30
mod_host_guard: stick to one code "punctuation" style.
Marco Cirillo <maranda@lightwitch.org>
parents:
519
diff
changeset
|
103 module:log ("debug", "server configuration reloaded, rehashing plugin tables...") |
1737c08fde30
mod_host_guard: stick to one code "punctuation" style.
Marco Cirillo <maranda@lightwitch.org>
parents:
519
diff
changeset
|
104 guard_blockall = module:get_option_set("host_guard_blockall", {}) |
1737c08fde30
mod_host_guard: stick to one code "punctuation" style.
Marco Cirillo <maranda@lightwitch.org>
parents:
519
diff
changeset
|
105 guard_ball_wl = module:get_option_set("host_guard_blockall_exceptions", {}) |
537
50be30f203f3
mod_host_guard: fixed plugin, minor code refactor.
Marco Cirillo <maranda@lightwitch.org>
parents:
533
diff
changeset
|
106 guard_protect = module:get_option_set("host_guard_selective", {}) |
528
1737c08fde30
mod_host_guard: stick to one code "punctuation" style.
Marco Cirillo <maranda@lightwitch.org>
parents:
519
diff
changeset
|
107 guard_block_bl = module:get_option_set("host_guard_blacklist", {}) |
537
50be30f203f3
mod_host_guard: fixed plugin, minor code refactor.
Marco Cirillo <maranda@lightwitch.org>
parents:
533
diff
changeset
|
108 |
728
8ad2e24f5efd
mod_host_guard: reduced code duplication and added better logging.
Marco Cirillo <maranda@lightwitch.org>
parents:
727
diff
changeset
|
109 init_hosts(true) |
458
4149fcacbbf1
mod_component_guard: refactored init code, added reloading logic to prevent events pollution with stale dupes.
Marco Cirillo <maranda@lightwitch.org>
parents:
457
diff
changeset
|
110 end |
4149fcacbbf1
mod_component_guard: refactored init code, added reloading logic to prevent events pollution with stale dupes.
Marco Cirillo <maranda@lightwitch.org>
parents:
457
diff
changeset
|
111 |
4149fcacbbf1
mod_component_guard: refactored init code, added reloading logic to prevent events pollution with stale dupes.
Marco Cirillo <maranda@lightwitch.org>
parents:
457
diff
changeset
|
112 local function setup() |
528
1737c08fde30
mod_host_guard: stick to one code "punctuation" style.
Marco Cirillo <maranda@lightwitch.org>
parents:
519
diff
changeset
|
113 module:log ("debug", "initializing host guard module...") |
537
50be30f203f3
mod_host_guard: fixed plugin, minor code refactor.
Marco Cirillo <maranda@lightwitch.org>
parents:
533
diff
changeset
|
114 module:hook ("host-activated", handle_activation) |
50be30f203f3
mod_host_guard: fixed plugin, minor code refactor.
Marco Cirillo <maranda@lightwitch.org>
parents:
533
diff
changeset
|
115 module:hook ("host-deactivated", handle_deactivation) |
528
1737c08fde30
mod_host_guard: stick to one code "punctuation" style.
Marco Cirillo <maranda@lightwitch.org>
parents:
519
diff
changeset
|
116 module:hook ("config-reloaded", reload) |
458
4149fcacbbf1
mod_component_guard: refactored init code, added reloading logic to prevent events pollution with stale dupes.
Marco Cirillo <maranda@lightwitch.org>
parents:
457
diff
changeset
|
117 |
728
8ad2e24f5efd
mod_host_guard: reduced code duplication and added better logging.
Marco Cirillo <maranda@lightwitch.org>
parents:
727
diff
changeset
|
118 init_hosts(false, true) |
456
73f06a14390a
mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
119 end |
458
4149fcacbbf1
mod_component_guard: refactored init code, added reloading logic to prevent events pollution with stale dupes.
Marco Cirillo <maranda@lightwitch.org>
parents:
457
diff
changeset
|
120 |
725
f79fda2d7e51
mod_host_guard: host handlers are now cleaned properly on module unload (and also still on re/load to be safe).
Marco Cirillo <maranda@lightwitch.org>
parents:
724
diff
changeset
|
121 function module.unload() |
f79fda2d7e51
mod_host_guard: host handlers are now cleaned properly on module unload (and also still on re/load to be safe).
Marco Cirillo <maranda@lightwitch.org>
parents:
724
diff
changeset
|
122 module:log ("debug", "removing host handlers as module is being unloaded...") |
f79fda2d7e51
mod_host_guard: host handlers are now cleaned properly on module unload (and also still on re/load to be safe).
Marco Cirillo <maranda@lightwitch.org>
parents:
724
diff
changeset
|
123 for n in pairs(hosts) do |
f79fda2d7e51
mod_host_guard: host handlers are now cleaned properly on module unload (and also still on re/load to be safe).
Marco Cirillo <maranda@lightwitch.org>
parents:
724
diff
changeset
|
124 hosts[n].events.remove_handler("s2sin-established", s2s_hook) |
f79fda2d7e51
mod_host_guard: host handlers are now cleaned properly on module unload (and also still on re/load to be safe).
Marco Cirillo <maranda@lightwitch.org>
parents:
724
diff
changeset
|
125 hosts[n].events.remove_handler("route/remote", rr_hook) |
f79fda2d7e51
mod_host_guard: host handlers are now cleaned properly on module unload (and also still on re/load to be safe).
Marco Cirillo <maranda@lightwitch.org>
parents:
724
diff
changeset
|
126 hosts[n].events.remove_handler("stanza/jabber:server:dialback:result", s2s_hook) |
f79fda2d7e51
mod_host_guard: host handlers are now cleaned properly on module unload (and also still on re/load to be safe).
Marco Cirillo <maranda@lightwitch.org>
parents:
724
diff
changeset
|
127 end |
f79fda2d7e51
mod_host_guard: host handlers are now cleaned properly on module unload (and also still on re/load to be safe).
Marco Cirillo <maranda@lightwitch.org>
parents:
724
diff
changeset
|
128 end |
f79fda2d7e51
mod_host_guard: host handlers are now cleaned properly on module unload (and also still on re/load to be safe).
Marco Cirillo <maranda@lightwitch.org>
parents:
724
diff
changeset
|
129 |
458
4149fcacbbf1
mod_component_guard: refactored init code, added reloading logic to prevent events pollution with stale dupes.
Marco Cirillo <maranda@lightwitch.org>
parents:
457
diff
changeset
|
130 if prosody.start_time then |
528
1737c08fde30
mod_host_guard: stick to one code "punctuation" style.
Marco Cirillo <maranda@lightwitch.org>
parents:
519
diff
changeset
|
131 setup() |
458
4149fcacbbf1
mod_component_guard: refactored init code, added reloading logic to prevent events pollution with stale dupes.
Marco Cirillo <maranda@lightwitch.org>
parents:
457
diff
changeset
|
132 else |
533
47b9053dba38
mod_host_guard: replaced prosody.events.add_handler with module:hook.
Marco Cirillo <maranda@lightwitch.org>
parents:
528
diff
changeset
|
133 module:hook ("server-started", setup) |
458
4149fcacbbf1
mod_component_guard: refactored init code, added reloading logic to prevent events pollution with stale dupes.
Marco Cirillo <maranda@lightwitch.org>
parents:
457
diff
changeset
|
134 end |