Mercurial > prosody-modules
annotate mod_admin_blocklist/mod_admin_blocklist.lua @ 4980:da151f9af861
replaced 'session' with 'origin' in push_disable
session is not defined in this function, trying to access it
leads to an error.
The correct reference seems to be 'origin'.
(This may have come about by copying from the similar
code in process_stanza_queue.)
author | arcseconds |
---|---|
date | Sat, 30 Jul 2022 21:07:47 +1200 |
parents | 683d1ad16b56 |
children | 964de9997552 |
rev | line source |
---|---|
1735
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 -- mod_admin_blocklist |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 -- |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 -- If a local admin has blocked a domain, don't allow s2s to that domain |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 -- |
4805
683d1ad16b56
mod_admin_blocklist: Update admin check for new 0.12 role API
Kim Alvefur <zash@zash.se>
parents:
2313
diff
changeset
|
5 -- Copyright (C) 2015-2021 Kim Alvefur |
1735
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 -- |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 -- This file is MIT/X11 licensed. |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 -- |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 module:depends("blocklist"); |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 local st = require"util.stanza"; |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 local jid_split = require"util.jid".split; |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 |
4805
683d1ad16b56
mod_admin_blocklist: Update admin check for new 0.12 role API
Kim Alvefur <zash@zash.se>
parents:
2313
diff
changeset
|
15 local usermanager = require "core.usermanager"; |
683d1ad16b56
mod_admin_blocklist: Update admin check for new 0.12 role API
Kim Alvefur <zash@zash.se>
parents:
2313
diff
changeset
|
16 |
683d1ad16b56
mod_admin_blocklist: Update admin check for new 0.12 role API
Kim Alvefur <zash@zash.se>
parents:
2313
diff
changeset
|
17 local admins; |
683d1ad16b56
mod_admin_blocklist: Update admin check for new 0.12 role API
Kim Alvefur <zash@zash.se>
parents:
2313
diff
changeset
|
18 if usermanager.get_jids_with_role then |
683d1ad16b56
mod_admin_blocklist: Update admin check for new 0.12 role API
Kim Alvefur <zash@zash.se>
parents:
2313
diff
changeset
|
19 local set = require "util.set"; |
683d1ad16b56
mod_admin_blocklist: Update admin check for new 0.12 role API
Kim Alvefur <zash@zash.se>
parents:
2313
diff
changeset
|
20 admins = set.new(usermanager.get_jids_with_role("prosody:admin"), module.host); |
683d1ad16b56
mod_admin_blocklist: Update admin check for new 0.12 role API
Kim Alvefur <zash@zash.se>
parents:
2313
diff
changeset
|
21 else -- COMPAT w/pre-0.12 |
683d1ad16b56
mod_admin_blocklist: Update admin check for new 0.12 role API
Kim Alvefur <zash@zash.se>
parents:
2313
diff
changeset
|
22 admins = module:get_option_inherited_set("admins", {}); |
683d1ad16b56
mod_admin_blocklist: Update admin check for new 0.12 role API
Kim Alvefur <zash@zash.se>
parents:
2313
diff
changeset
|
23 end |
683d1ad16b56
mod_admin_blocklist: Update admin check for new 0.12 role API
Kim Alvefur <zash@zash.se>
parents:
2313
diff
changeset
|
24 admins = admins / |
1735
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 function (admin) -- Filter out non-local admins |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 local user, host = jid_split(admin); |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 if host == module.host then return user; end |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 end |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 local blocklists = module:open_store("blocklist"); |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 local function is_blocked(host) |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 for admin in admins do |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 local blocklist = blocklists:get(admin); |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 if blocklist and blocklist[host] then |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 return true; |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 end |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 end |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 end |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 module:hook("route/remote", function (event) |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 local origin, stanza = event.origin, event.stanza; |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 if is_blocked(event.to_host) then |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 if origin and stanza then |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 origin.send(st.error_reply(stanza, "cancel", "not-allowed", "Communication with this domain is not allowed")); |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 return true; |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 end |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 return false; |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 end |
2313
5d05139d0555
mod_admin_blocklist: Do block check only when a stanza is about to trigger a new outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
1735
diff
changeset
|
50 end, -9); |
1735
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 module:hook("s2s-stream-features", function (event) |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 local session = event.origin; |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 if is_blocked(session.from_host) then |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 session:close("policy-violation"); |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 return false; |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 end |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 end, 1000); |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 module:hook("stanza/http://etherx.jabber.org/streams:features", function (event) |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 local session = event.origin; |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 if is_blocked(session.to_host) then |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 session:close("policy-violation"); |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
65 return true; |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 end |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 end, 1000); |
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
68 |