comparison mod_host_guard/mod_host_guard.lua @ 528:1737c08fde30

mod_host_guard: stick to one code "punctuation" style.
author Marco Cirillo <maranda@lightwitch.org>
date Sat, 07 Jan 2012 18:09:48 +0000
parents 219ffe3541ff
children 47b9053dba38
comparison
equal deleted inserted replaced
527:caf28c2c56a1 528:1737c08fde30
6 local guard_blockall = module:get_option_set("host_guard_blockall", {}) 6 local guard_blockall = module:get_option_set("host_guard_blockall", {})
7 local guard_ball_wl = module:get_option_set("host_guard_blockall_exceptions", {}) 7 local guard_ball_wl = module:get_option_set("host_guard_blockall_exceptions", {})
8 local guard_protect = module:get_option_set("host_guard_selective", {}) 8 local guard_protect = module:get_option_set("host_guard_selective", {})
9 local guard_block_bl = module:get_option_set("host_guard_blacklist", {}) 9 local guard_block_bl = module:get_option_set("host_guard_blacklist", {})
10 10
11 local s2smanager = require "core.s2smanager"; 11 local s2smanager = require "core.s2smanager"
12 local config = require "core.configmanager"; 12 local config = require "core.configmanager"
13 local nameprep = require "util.encodings".stringprep.nameprep; 13 local nameprep = require "util.encodings".stringprep.nameprep
14 14
15 local _make_connect = s2smanager.make_connect; 15 local _make_connect = s2smanager.make_connect
16 function s2smanager.make_connect(session, connect_host, connect_port) 16 function s2smanager.make_connect(session, connect_host, connect_port)
17 if not session.s2sValidation then 17 if not session.s2sValidation then
18 if guard_blockall:contains(session.from_host) and not guard_ball_wl:contains(session.to_host) or 18 if guard_blockall:contains(session.from_host) and not guard_ball_wl:contains(session.to_host) or
19 guard_block_bl:contains(session.to_host) and guard_protect:contains(session.from_host) then 19 guard_block_bl:contains(session.to_host) and guard_protect:contains(session.from_host) then
20 module:log("error", "remote service %s attempted to access restricted host %s", session.to_host, session.from_host); 20 module:log("error", "remote service %s attempted to access restricted host %s", session.to_host, session.from_host)
21 s2smanager.destroy_session(session, "You're not authorized, good bye."); 21 s2smanager.destroy_session(session, "You're not authorized, good bye.")
22 return false; 22 return false;
23 end 23 end
24 end 24 end
25 return _make_connect(session, connect_host, connect_port); 25 return _make_connect(session, connect_host, connect_port)
26 end 26 end
27 27
28 local _stream_opened = s2smanager.streamopened; 28 local _stream_opened = s2smanager.streamopened
29 function s2smanager.streamopened(session, attr) 29 function s2smanager.streamopened(session, attr)
30 local host = attr.to and nameprep(attr.to); 30 local host = attr.to and nameprep(attr.to)
31 local from = attr.from and nameprep(attr.from); 31 local from = attr.from and nameprep(attr.from)
32 if not from then 32 if not from then
33 session.s2sValidation = false; 33 session.s2sValidation = false
34 else 34 else
35 session.s2sValidation = true; 35 session.s2sValidation = true
36 end 36 end
37 37
38 if guard_blockall:contains(host) and not guard_ball_wl:contains(from) or 38 if guard_blockall:contains(host) and not guard_ball_wl:contains(from) or
39 guard_block_bl:contains(from) and guard_protect:contains(host) then 39 guard_block_bl:contains(from) and guard_protect:contains(host) then
40 module:log("error", "remote service %s attempted to access restricted host %s", from, host); 40 module:log("error", "remote service %s attempted to access restricted host %s", from, host)
41 session:close({condition = "policy-violation", text = "You're not authorized, good bye."}); 41 session:close({condition = "policy-violation", text = "You're not authorized, good bye."})
42 return false; 42 return false;
43 end 43 end
44 _stream_opened(session, attr); 44 _stream_opened(session, attr)
45 end 45 end
46 46
47 local function sdr_hook (event) 47 local function sdr_hook (event)
48 local origin, stanza = event.origin, event.stanza; 48 local origin, stanza = event.origin, event.stanza
49 49
50 if origin.type == "s2sin" or origin.type == "s2sin_unauthed" then 50 if origin.type == "s2sin" or origin.type == "s2sin_unauthed" then
51 if guard_blockall:contains(stanza.attr.to) and not guard_ball_wl:contains(stanza.attr.from) or 51 if guard_blockall:contains(stanza.attr.to) and not guard_ball_wl:contains(stanza.attr.from) or
52 guard_block_bl:contains(stanza.attr.from) and guard_protect:contains(stanza.attr.to) then 52 guard_block_bl:contains(stanza.attr.from) and guard_protect:contains(stanza.attr.to) then
53 module:log("error", "remote service %s attempted to access restricted host %s", stanza.attr.from, stanza.attr.to); 53 module:log("error", "remote service %s attempted to access restricted host %s", stanza.attr.from, stanza.attr.to)
54 origin:close({condition = "policy-violation", text = "You're not authorized, good bye."}); 54 origin:close({condition = "policy-violation", text = "You're not authorized, good bye."})
55 return false; 55 return false
56 end 56 end
57 end 57 end
58 58
59 return nil; 59 return nil
60 end 60 end
61 61
62 local function handle_activation (host) 62 local function handle_activation (host)
63 if guard_blockall:contains(host) or guard_protect:contains(host) then 63 if guard_blockall:contains(host) or guard_protect:contains(host) then
64 if hosts[host] and hosts[host].events then 64 if hosts[host] and hosts[host].events then
65 hosts[host].events.add_handler("stanza/jabber:server:dialback:result", sdr_hook, 100); 65 hosts[host].events.add_handler("stanza/jabber:server:dialback:result", sdr_hook, 100)
66 module:log ("debug", "adding host protection for: "..host); 66 module:log ("debug", "adding host protection for: "..host)
67 end 67 end
68 end 68 end
69 end 69 end
70 70
71 local function handle_deactivation (host) 71 local function handle_deactivation (host)
72 if guard_blockall:contains(host) or guard_protect:contains(host) then 72 if guard_blockall:contains(host) or guard_protect:contains(host) then
73 if hosts[host] and hosts[host].events then 73 if hosts[host] and hosts[host].events then
74 hosts[host].events.remove_handler("stanza/jabber:server:dialback:result", sdr_hook); 74 hosts[host].events.remove_handler("stanza/jabber:server:dialback:result", sdr_hook)
75 module:log ("debug", "removing host protection for: "..host); 75 module:log ("debug", "removing host protection for: "..host)
76 end 76 end
77 end 77 end
78 end 78 end
79 79
80 local function reload() 80 local function reload()
81 module:log ("debug", "server configuration reloaded, rehashing plugin tables..."); 81 module:log ("debug", "server configuration reloaded, rehashing plugin tables...")
82 guard_blockall = module:get_option_set("host_guard_blockall", {}); 82 guard_blockall = module:get_option_set("host_guard_blockall", {})
83 guard_ball_wl = module:get_option_set("host_guard_blockall_exceptions", {}); 83 guard_ball_wl = module:get_option_set("host_guard_blockall_exceptions", {})
84 guard_protect = module:get_option_set("host_guard_components", {}); 84 guard_protect = module:get_option_set("host_guard_components", {})
85 guard_block_bl = module:get_option_set("host_guard_blacklist", {}); 85 guard_block_bl = module:get_option_set("host_guard_blacklist", {})
86 end 86 end
87 87
88 local function setup() 88 local function setup()
89 module:log ("debug", "initializing host guard module..."); 89 module:log ("debug", "initializing host guard module...")
90 90
91 module:hook ("component-activated", handle_activation); 91 module:hook ("component-activated", handle_activation)
92 module:hook ("component-deactivated", handle_deactivation); 92 module:hook ("component-deactivated", handle_deactivation)
93 module:hook ("config-reloaded", reload); 93 module:hook ("config-reloaded", reload)
94 94
95 for n,table in pairs(hosts) do 95 for n,table in pairs(hosts) do
96 if table.type == "component" then 96 if table.type == "component" then
97 if guard_blockall:contains(n) or guard_protect:contains(n) then 97 if guard_blockall:contains(n) or guard_protect:contains(n) then
98 hosts[n].events.remove_handler("stanza/jabber:server:dialback:result", sdr_hook); 98 hosts[n].events.remove_handler("stanza/jabber:server:dialback:result", sdr_hook)
99 handle_activation(n); 99 handle_activation(n)
100 end 100 end
101 end 101 end
102 end 102 end
103 end 103 end
104 104
105 if prosody.start_time then 105 if prosody.start_time then
106 setup(); 106 setup()
107 else 107 else
108 prosody.events.add_handler("server-started", setup); 108 prosody.events.add_handler("server-started", setup)
109 end 109 end