annotate mod_host_guard/mod_host_guard.lua @ 5193:2bb29ece216b

mod_http_oauth2: Implement stateless dynamic client registration Replaces previous explicit registration that required either the additional module mod_adhoc_oauth2_client or manually editing the database. That method was enough to have something to test with, but would not probably not scale easily. Dynamic client registration allows creating clients on the fly, which may be even easier in theory. In order to not allow basically unauthenticated writes to the database, we implement a stateless model here. per_host_key := HMAC(config -> oauth2_registration_key, hostname) client_id := JWT { client metadata } signed with per_host_key client_secret := HMAC(per_host_key, client_id) This should ensure everything we need to know is part of the client_id, allowing redirects etc to be validated, and the client_secret can be validated with only the client_id and the per_host_key. A nonce injected into the client_id JWT should ensure nobody can submit the same client metadata and retrieve the same client_secret
author Kim Alvefur <zash@zash.se>
date Fri, 03 Mar 2023 21:14:19 +0100
parents 7dbde05b48a9
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
493
b1b80319bbf6 mod_host_guard: renamed mod_component_guard to mod_host_guard, as it really works with all hosts, finally decided to wiki it out and not merge it with the s2s_blackwhitelisting module.
Marco Cirillo <maranda@lightwitch.org>
parents: 460
diff changeset
1 -- (C) 2011, Marco Cirillo (LW.Org)
519
219ffe3541ff mod_host_guard: updated banner.
Marco Cirillo <maranda@lightwitch.org>
parents: 515
diff changeset
2 -- Block or restrict by blacklist remote access to local components or hosts.
456
73f06a14390a mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
3
460
9bb9343f3c7a mod_component_guard: made module global, refactored init.
Marco Cirillo <maranda@lightwitch.org>
parents: 459
diff changeset
4 module:set_global()
9bb9343f3c7a mod_component_guard: made module global, refactored init.
Marco Cirillo <maranda@lightwitch.org>
parents: 459
diff changeset
5
834
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
6 local hosts = hosts
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
7 local incoming_s2s = prosody.incoming_s2s
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
8
493
b1b80319bbf6 mod_host_guard: renamed mod_component_guard to mod_host_guard, as it really works with all hosts, finally decided to wiki it out and not merge it with the s2s_blackwhitelisting module.
Marco Cirillo <maranda@lightwitch.org>
parents: 460
diff changeset
9 local guard_blockall = module:get_option_set("host_guard_blockall", {})
515
e98fe28c50b0 mod_host_guard: added exceptions/whitelisting to the blockall logic (makes little sense otherwise has s2s_disallow = true does the same)
Marco Cirillo <maranda@lightwitch.org>
parents: 494
diff changeset
10 local guard_ball_wl = module:get_option_set("host_guard_blockall_exceptions", {})
493
b1b80319bbf6 mod_host_guard: renamed mod_component_guard to mod_host_guard, as it really works with all hosts, finally decided to wiki it out and not merge it with the s2s_blackwhitelisting module.
Marco Cirillo <maranda@lightwitch.org>
parents: 460
diff changeset
11 local guard_protect = module:get_option_set("host_guard_selective", {})
b1b80319bbf6 mod_host_guard: renamed mod_component_guard to mod_host_guard, as it really works with all hosts, finally decided to wiki it out and not merge it with the s2s_blackwhitelisting module.
Marco Cirillo <maranda@lightwitch.org>
parents: 460
diff changeset
12 local guard_block_bl = module:get_option_set("host_guard_blacklist", {})
456
73f06a14390a mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
13
724
b94010de43f6 mod_host_guard: referenced configmanager from prosody's _G instead of requiring it.
Marco Cirillo <maranda@lightwitch.org>
parents: 686
diff changeset
14 local config = configmanager
682
3ab1cf30a848 mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents: 681
diff changeset
15 local error_reply = require "util.stanza".error_reply
834
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
16 local tostring = tostring
456
73f06a14390a mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
17
680
a2cea070f2c7 mod_host_guard: removed calls to s2smanager and made the module not dependant on it.
Marco Cirillo <maranda@lightwitch.org>
parents: 537
diff changeset
18 local function s2s_hook (event)
a2cea070f2c7 mod_host_guard: removed calls to s2smanager and made the module not dependant on it.
Marco Cirillo <maranda@lightwitch.org>
parents: 537
diff changeset
19 local origin, stanza = event.session or event.origin, event.stanza or false
a2cea070f2c7 mod_host_guard: removed calls to s2smanager and made the module not dependant on it.
Marco Cirillo <maranda@lightwitch.org>
parents: 537
diff changeset
20 local to_host, from_host = (not stanza and origin.to_host) or stanza.attr.to, (not stanza and origin.from_host) or stanza.attr.from
456
73f06a14390a mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
21
73f06a14390a mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
22 if origin.type == "s2sin" or origin.type == "s2sin_unauthed" then
680
a2cea070f2c7 mod_host_guard: removed calls to s2smanager and made the module not dependant on it.
Marco Cirillo <maranda@lightwitch.org>
parents: 537
diff changeset
23 if guard_blockall:contains(to_host) and not guard_ball_wl:contains(from_host) or
a2cea070f2c7 mod_host_guard: removed calls to s2smanager and made the module not dependant on it.
Marco Cirillo <maranda@lightwitch.org>
parents: 537
diff changeset
24 guard_block_bl:contains(from_host) and guard_protect:contains(to_host) then
682
3ab1cf30a848 mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents: 681
diff changeset
25 module:log("error", "remote service %s attempted to access restricted host %s", from_host, to_host)
528
1737c08fde30 mod_host_guard: stick to one code "punctuation" style.
Marco Cirillo <maranda@lightwitch.org>
parents: 519
diff changeset
26 origin:close({condition = "policy-violation", text = "You're not authorized, good bye."})
1737c08fde30 mod_host_guard: stick to one code "punctuation" style.
Marco Cirillo <maranda@lightwitch.org>
parents: 519
diff changeset
27 return false
456
73f06a14390a mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
28 end
73f06a14390a mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
29 end
73f06a14390a mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
30
528
1737c08fde30 mod_host_guard: stick to one code "punctuation" style.
Marco Cirillo <maranda@lightwitch.org>
parents: 519
diff changeset
31 return nil
456
73f06a14390a mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
32 end
73f06a14390a mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
33
682
3ab1cf30a848 mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents: 681
diff changeset
34 local function rr_hook (event)
685
19698c5f3ab3 mod_host_guard: prevent possible traces in case there isn't a conn object on the session by adding a dummy replacement function.
Marco Cirillo <maranda@lightwitch.org>
parents: 684
diff changeset
35 local from_host, to_host, send, stanza = event.from_host, event.to_host, (event.origin and event.origin.send) or function() end, event.stanza
682
3ab1cf30a848 mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents: 681
diff changeset
36
3ab1cf30a848 mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents: 681
diff changeset
37 if guard_blockall:contains(from_host) and not guard_ball_wl:contains(to_host) or
3ab1cf30a848 mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents: 681
diff changeset
38 guard_block_bl:contains(to_host) and guard_protect:contains(from_host) then
3ab1cf30a848 mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents: 681
diff changeset
39 module:log("info", "attempted to connect to a filtered remote host %s", to_host)
684
27529031890b mod_host_guard: now a proper error is returned when stanzas are routed to a filtered remote server (thanks Zash)
Marco Cirillo <maranda@lightwitch.org>
parents: 683
diff changeset
40 if stanza.attr.type ~= "error" then send(error_reply(event.stanza, "cancel", "policy-violation", "Communicating with a filtered remote server is not allowed.")) end
27529031890b mod_host_guard: now a proper error is returned when stanzas are routed to a filtered remote server (thanks Zash)
Marco Cirillo <maranda@lightwitch.org>
parents: 683
diff changeset
41 return true
682
3ab1cf30a848 mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents: 681
diff changeset
42 end
3ab1cf30a848 mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents: 681
diff changeset
43
3ab1cf30a848 mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents: 681
diff changeset
44 return nil
3ab1cf30a848 mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents: 681
diff changeset
45 end
3ab1cf30a848 mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents: 681
diff changeset
46
728
8ad2e24f5efd mod_host_guard: reduced code duplication and added better logging.
Marco Cirillo <maranda@lightwitch.org>
parents: 727
diff changeset
47 local function handle_activation (host, u)
456
73f06a14390a mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
48 if guard_blockall:contains(host) or guard_protect:contains(host) then
818
bf23a8966e20 mod_host_guard: fix typos into the code, the operators were supposed to be "not equal".
Marco Cirillo <maranda@lightwitch.org>
parents: 817
diff changeset
49 if hosts[host] and config.get(host, "core", "authentication") ~= "anonymous" then
680
a2cea070f2c7 mod_host_guard: removed calls to s2smanager and made the module not dependant on it.
Marco Cirillo <maranda@lightwitch.org>
parents: 537
diff changeset
50 hosts[host].events.add_handler("s2sin-established", s2s_hook, 500)
682
3ab1cf30a848 mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents: 681
diff changeset
51 hosts[host].events.add_handler("route/remote", rr_hook, 500)
680
a2cea070f2c7 mod_host_guard: removed calls to s2smanager and made the module not dependant on it.
Marco Cirillo <maranda@lightwitch.org>
parents: 537
diff changeset
52 hosts[host].events.add_handler("stanza/jabber:server:dialback:result", s2s_hook, 500)
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 834
diff changeset
53 if not u then
728
8ad2e24f5efd mod_host_guard: reduced code duplication and added better logging.
Marco Cirillo <maranda@lightwitch.org>
parents: 727
diff changeset
54 module:log ("debug", "adding host protection for: "..host)
8ad2e24f5efd mod_host_guard: reduced code duplication and added better logging.
Marco Cirillo <maranda@lightwitch.org>
parents: 727
diff changeset
55 else
729
ce8e7b784be0 mod_host_guard: adjusted log message.
Marco Cirillo <maranda@lightwitch.org>
parents: 728
diff changeset
56 module:log ("debug", "updating or adding host protection for: "..host)
728
8ad2e24f5efd mod_host_guard: reduced code duplication and added better logging.
Marco Cirillo <maranda@lightwitch.org>
parents: 727
diff changeset
57 end
456
73f06a14390a mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
58 end
73f06a14390a mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
59 end
73f06a14390a mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
60 end
73f06a14390a mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
61
728
8ad2e24f5efd mod_host_guard: reduced code duplication and added better logging.
Marco Cirillo <maranda@lightwitch.org>
parents: 727
diff changeset
62 local function handle_deactivation (host, u, i)
456
73f06a14390a mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
63 if guard_blockall:contains(host) or guard_protect:contains(host) then
818
bf23a8966e20 mod_host_guard: fix typos into the code, the operators were supposed to be "not equal".
Marco Cirillo <maranda@lightwitch.org>
parents: 817
diff changeset
64 if hosts[host] and config.get(host, "core", "authentication") ~= "anonymous" then
680
a2cea070f2c7 mod_host_guard: removed calls to s2smanager and made the module not dependant on it.
Marco Cirillo <maranda@lightwitch.org>
parents: 537
diff changeset
65 hosts[host].events.remove_handler("s2sin-established", s2s_hook)
682
3ab1cf30a848 mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
Marco Cirillo <maranda@lightwitch.org>
parents: 681
diff changeset
66 hosts[host].events.remove_handler("route/remote", rr_hook)
680
a2cea070f2c7 mod_host_guard: removed calls to s2smanager and made the module not dependant on it.
Marco Cirillo <maranda@lightwitch.org>
parents: 537
diff changeset
67 hosts[host].events.remove_handler("stanza/jabber:server:dialback:result", s2s_hook)
728
8ad2e24f5efd mod_host_guard: reduced code duplication and added better logging.
Marco Cirillo <maranda@lightwitch.org>
parents: 727
diff changeset
68 if not u and not i then module:log ("debug", "removing host protection for: "..host) end
456
73f06a14390a mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
69 end
73f06a14390a mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
70 end
73f06a14390a mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
71 end
73f06a14390a mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
72
834
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
73 local function close_filtered()
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
74 for _, host in pairs(hosts) do
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
75 for name, session in pairs(host.s2sout) do
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
76 if guard_blockall:contains(session.host) and not guard_ball_wl:contains(session.to_host) or
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
77 guard_block_bl:contains(session.to_host) and guard_protect:contains(session.host) then
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
78 module:log("info", "closing down s2s outgoing stream to filtered entity %s", tostring(session.to_host))
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
79 session:close()
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
80 end
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
81 end
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
82 end
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
83 for session in pairs(incoming_s2s) do
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
84 if session.to_host and session.from_host and
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
85 (guard_blockall:contains(session.to_host) and not guard_ball_wl:contains(session.from_host) or
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
86 guard_block_bl:contains(session.from_host) and guard_protect:contains(session.to_host)) then
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
87 module:log("info", "closing down s2s incoming stream from filtered entity %s", tostring(session.from_host))
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
88 session:close()
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
89 end
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
90 end
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
91 end
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
92
728
8ad2e24f5efd mod_host_guard: reduced code duplication and added better logging.
Marco Cirillo <maranda@lightwitch.org>
parents: 727
diff changeset
93 local function init_hosts(u, i)
725
f79fda2d7e51 mod_host_guard: host handlers are now cleaned properly on module unload (and also still on re/load to be safe).
Marco Cirillo <maranda@lightwitch.org>
parents: 724
diff changeset
94 for n in pairs(hosts) do
727
99f5846bcd85 mod_host_guard: during configuration reload the host handlers should be reinitialized as well, so reverted changed and added back the "redundant code".
Marco Cirillo <maranda@lightwitch.org>
parents: 726
diff changeset
95 if guard_blockall:contains(n) or guard_protect:contains(n) then
834
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
96 handle_deactivation(n, u, i) ; handle_activation(n, u)
727
99f5846bcd85 mod_host_guard: during configuration reload the host handlers should be reinitialized as well, so reverted changed and added back the "redundant code".
Marco Cirillo <maranda@lightwitch.org>
parents: 726
diff changeset
97 end
537
50be30f203f3 mod_host_guard: fixed plugin, minor code refactor.
Marco Cirillo <maranda@lightwitch.org>
parents: 533
diff changeset
98 end
834
21e99dc949ee mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
Marco Cirillo <maranda@lightwitch.org>
parents: 818
diff changeset
99 close_filtered()
537
50be30f203f3 mod_host_guard: fixed plugin, minor code refactor.
Marco Cirillo <maranda@lightwitch.org>
parents: 533
diff changeset
100 end
50be30f203f3 mod_host_guard: fixed plugin, minor code refactor.
Marco Cirillo <maranda@lightwitch.org>
parents: 533
diff changeset
101
458
4149fcacbbf1 mod_component_guard: refactored init code, added reloading logic to prevent events pollution with stale dupes.
Marco Cirillo <maranda@lightwitch.org>
parents: 457
diff changeset
102 local function reload()
528
1737c08fde30 mod_host_guard: stick to one code "punctuation" style.
Marco Cirillo <maranda@lightwitch.org>
parents: 519
diff changeset
103 module:log ("debug", "server configuration reloaded, rehashing plugin tables...")
1737c08fde30 mod_host_guard: stick to one code "punctuation" style.
Marco Cirillo <maranda@lightwitch.org>
parents: 519
diff changeset
104 guard_blockall = module:get_option_set("host_guard_blockall", {})
1737c08fde30 mod_host_guard: stick to one code "punctuation" style.
Marco Cirillo <maranda@lightwitch.org>
parents: 519
diff changeset
105 guard_ball_wl = module:get_option_set("host_guard_blockall_exceptions", {})
537
50be30f203f3 mod_host_guard: fixed plugin, minor code refactor.
Marco Cirillo <maranda@lightwitch.org>
parents: 533
diff changeset
106 guard_protect = module:get_option_set("host_guard_selective", {})
528
1737c08fde30 mod_host_guard: stick to one code "punctuation" style.
Marco Cirillo <maranda@lightwitch.org>
parents: 519
diff changeset
107 guard_block_bl = module:get_option_set("host_guard_blacklist", {})
537
50be30f203f3 mod_host_guard: fixed plugin, minor code refactor.
Marco Cirillo <maranda@lightwitch.org>
parents: 533
diff changeset
108
728
8ad2e24f5efd mod_host_guard: reduced code duplication and added better logging.
Marco Cirillo <maranda@lightwitch.org>
parents: 727
diff changeset
109 init_hosts(true)
458
4149fcacbbf1 mod_component_guard: refactored init code, added reloading logic to prevent events pollution with stale dupes.
Marco Cirillo <maranda@lightwitch.org>
parents: 457
diff changeset
110 end
4149fcacbbf1 mod_component_guard: refactored init code, added reloading logic to prevent events pollution with stale dupes.
Marco Cirillo <maranda@lightwitch.org>
parents: 457
diff changeset
111
4149fcacbbf1 mod_component_guard: refactored init code, added reloading logic to prevent events pollution with stale dupes.
Marco Cirillo <maranda@lightwitch.org>
parents: 457
diff changeset
112 local function setup()
528
1737c08fde30 mod_host_guard: stick to one code "punctuation" style.
Marco Cirillo <maranda@lightwitch.org>
parents: 519
diff changeset
113 module:log ("debug", "initializing host guard module...")
537
50be30f203f3 mod_host_guard: fixed plugin, minor code refactor.
Marco Cirillo <maranda@lightwitch.org>
parents: 533
diff changeset
114 module:hook ("host-activated", handle_activation)
50be30f203f3 mod_host_guard: fixed plugin, minor code refactor.
Marco Cirillo <maranda@lightwitch.org>
parents: 533
diff changeset
115 module:hook ("host-deactivated", handle_deactivation)
528
1737c08fde30 mod_host_guard: stick to one code "punctuation" style.
Marco Cirillo <maranda@lightwitch.org>
parents: 519
diff changeset
116 module:hook ("config-reloaded", reload)
458
4149fcacbbf1 mod_component_guard: refactored init code, added reloading logic to prevent events pollution with stale dupes.
Marco Cirillo <maranda@lightwitch.org>
parents: 457
diff changeset
117
728
8ad2e24f5efd mod_host_guard: reduced code duplication and added better logging.
Marco Cirillo <maranda@lightwitch.org>
parents: 727
diff changeset
118 init_hosts(false, true)
456
73f06a14390a mod_component_guard: initial commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
119 end
458
4149fcacbbf1 mod_component_guard: refactored init code, added reloading logic to prevent events pollution with stale dupes.
Marco Cirillo <maranda@lightwitch.org>
parents: 457
diff changeset
120
725
f79fda2d7e51 mod_host_guard: host handlers are now cleaned properly on module unload (and also still on re/load to be safe).
Marco Cirillo <maranda@lightwitch.org>
parents: 724
diff changeset
121 function module.unload()
f79fda2d7e51 mod_host_guard: host handlers are now cleaned properly on module unload (and also still on re/load to be safe).
Marco Cirillo <maranda@lightwitch.org>
parents: 724
diff changeset
122 module:log ("debug", "removing host handlers as module is being unloaded...")
f79fda2d7e51 mod_host_guard: host handlers are now cleaned properly on module unload (and also still on re/load to be safe).
Marco Cirillo <maranda@lightwitch.org>
parents: 724
diff changeset
123 for n in pairs(hosts) do
f79fda2d7e51 mod_host_guard: host handlers are now cleaned properly on module unload (and also still on re/load to be safe).
Marco Cirillo <maranda@lightwitch.org>
parents: 724
diff changeset
124 hosts[n].events.remove_handler("s2sin-established", s2s_hook)
f79fda2d7e51 mod_host_guard: host handlers are now cleaned properly on module unload (and also still on re/load to be safe).
Marco Cirillo <maranda@lightwitch.org>
parents: 724
diff changeset
125 hosts[n].events.remove_handler("route/remote", rr_hook)
f79fda2d7e51 mod_host_guard: host handlers are now cleaned properly on module unload (and also still on re/load to be safe).
Marco Cirillo <maranda@lightwitch.org>
parents: 724
diff changeset
126 hosts[n].events.remove_handler("stanza/jabber:server:dialback:result", s2s_hook)
f79fda2d7e51 mod_host_guard: host handlers are now cleaned properly on module unload (and also still on re/load to be safe).
Marco Cirillo <maranda@lightwitch.org>
parents: 724
diff changeset
127 end
f79fda2d7e51 mod_host_guard: host handlers are now cleaned properly on module unload (and also still on re/load to be safe).
Marco Cirillo <maranda@lightwitch.org>
parents: 724
diff changeset
128 end
f79fda2d7e51 mod_host_guard: host handlers are now cleaned properly on module unload (and also still on re/load to be safe).
Marco Cirillo <maranda@lightwitch.org>
parents: 724
diff changeset
129
458
4149fcacbbf1 mod_component_guard: refactored init code, added reloading logic to prevent events pollution with stale dupes.
Marco Cirillo <maranda@lightwitch.org>
parents: 457
diff changeset
130 if prosody.start_time then
528
1737c08fde30 mod_host_guard: stick to one code "punctuation" style.
Marco Cirillo <maranda@lightwitch.org>
parents: 519
diff changeset
131 setup()
458
4149fcacbbf1 mod_component_guard: refactored init code, added reloading logic to prevent events pollution with stale dupes.
Marco Cirillo <maranda@lightwitch.org>
parents: 457
diff changeset
132 else
533
47b9053dba38 mod_host_guard: replaced prosody.events.add_handler with module:hook.
Marco Cirillo <maranda@lightwitch.org>
parents: 528
diff changeset
133 module:hook ("server-started", setup)
458
4149fcacbbf1 mod_component_guard: refactored init code, added reloading logic to prevent events pollution with stale dupes.
Marco Cirillo <maranda@lightwitch.org>
parents: 457
diff changeset
134 end