Mercurial > prosody-modules
annotate mod_s2s_whitelist/mod_s2s_whitelist.lua @ 5285:8e1f1eb00b58
mod_sasl2_fast: Fix harmless off-by-one error (invalidates existing tokens!)
Problem:
This was causing the key to become "<token>--cur" instead of the expected
"<token>-cur". As the same key was used by the code to both set and get, it
still worked.
Rationale for change:
Although it worked, it's unintended, inconsistent and messy. It increases the
chances of future bugs due to the unexpected format.
Side-effects of change:
Existing '--cur' entries will not be checked after this change, and therefore
existing FAST clients will fail to authenticate until they attempt password
auth and obtain a new FAST token.
Existing '--cur' entries in storage will not be cleaned up by this commit, but
this is considered a minor issue, and okay for the relatively few FAST
deployments.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Wed, 29 Mar 2023 16:12:15 +0100 |
| parents | c1a8ce147885 |
| children |
| rev | line source |
|---|---|
|
1288
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 local st = require "util.stanza"; |
|
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 |
|
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 local whitelist = module:get_option_inherited_set("s2s_whitelist", {}); |
|
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 |
|
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 module:hook("route/remote", function (event) |
|
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 if not whitelist:contains(event.to_host) then |
|
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 module:send(st.error_reply(event.stanza, "cancel", "not-allowed", "Communication with this domain is restricted")); |
|
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 return true; |
|
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 end |
|
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 end, 100); |
|
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 |
|
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 module:hook("s2s-stream-features", function (event) |
|
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 if not whitelist:contains(event.origin.from_host) then |
|
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 event.origin:close({ |
|
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 condition = "policy-violation"; |
|
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 text = "Communication with this domain is restricted"; |
|
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 }); |
|
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 end |
|
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 end, 1000); |