Mercurial > prosody-modules
comparison mod_privacy/mod_privacy.lua @ 11:529819205379
do the first real blocking actions
| author | Thilo Cestonaro <thilo@cestona.ro> |
|---|---|
| date | Sat, 26 Sep 2009 22:22:51 +0200 |
| parents | 7d70faba234c |
| children | 14b18ef8b554 |
comparison
equal
deleted
inserted
replaced
| 10:7d70faba234c | 11:529819205379 |
|---|---|
| 5 -- | 5 -- |
| 6 -- This project is MIT/X11 licensed. Please see the | 6 -- This project is MIT/X11 licensed. Please see the |
| 7 -- COPYING file in the source package for more information. | 7 -- COPYING file in the source package for more information. |
| 8 -- | 8 -- |
| 9 | 9 |
| 10 | |
| 11 local prosody = prosody; | 10 local prosody = prosody; |
| 12 local helpers = require "util/helpers"; | 11 local helpers = require "util/helpers"; |
| 13 local st = require "util.stanza"; | 12 local st = require "util.stanza"; |
| 14 local datamanager = require "util.datamanager"; | 13 local datamanager = require "util.datamanager"; |
| 15 local bare_sessions = bare_sessions; | 14 local bare_sessions = bare_sessions; |
| 16 | 15 local util_Jid = require "util.jid"; |
| 16 local jid_bare = util_Jid.bare; | |
| 17 local jid_split = util_Jid.split; | |
| 17 | 18 |
| 18 function findNamedList (privacy_lists, name) | 19 function findNamedList (privacy_lists, name) |
| 19 local ret = nil | 20 local ret = nil |
| 20 if privacy_lists.lists == nil then return nil; end | 21 if privacy_lists.lists == nil then |
| 21 | 22 module:log("debug", "no lists loaded.") |
| 23 return nil; | |
| 24 end | |
| 25 | |
| 26 module:log("debug", "searching for list: %s", name); | |
| 22 for i=1, #privacy_lists.lists do | 27 for i=1, #privacy_lists.lists do |
| 23 if privacy_lists.lists[i].name == name then | 28 if privacy_lists.lists[i].name == name then |
| 24 ret = i; | 29 ret = i; |
| 25 break; | 30 break; |
| 26 end | 31 end |
| 141 end | 146 end |
| 142 ret = true; | 147 ret = true; |
| 143 end | 148 end |
| 144 else | 149 else |
| 145 local idx = findNamedList(privacy_lists, name); | 150 local idx = findNamedList(privacy_lists, name); |
| 146 log("debug", "list idx: %d", idx or -1); | 151 module:log("debug", "list idx: %d", idx or -1); |
| 147 if idx ~= nil then | 152 if idx ~= nil then |
| 148 list = privacy_lists.lists[idx]; | 153 list = privacy_lists.lists[idx]; |
| 149 reply = reply:tag("list", {name=list.name}); | 154 reply = reply:tag("list", {name=list.name}); |
| 150 for _,item in ipairs(list.items) do | 155 for _,item in ipairs(list.items) do |
| 151 reply:tag("item", {type=item.type, value=item.value, action=item.action, order=item.order}); | 156 reply:tag("item", {type=item.type, value=item.value, action=item.action, order=item.order}); |
| 222 return true; | 227 return true; |
| 223 end | 228 end |
| 224 return false; | 229 return false; |
| 225 end, 500); | 230 end, 500); |
| 226 | 231 |
| 227 function checkIfNeedToBeBlocked(e) | 232 function checkIfNeedToBeBlocked(e, node_, host_) |
| 228 local origin, stanza = e.origin, e.stanza; | 233 local origin, stanza = e.origin, e.stanza; |
| 229 local privacy_lists = datamanager.load(origin.username, origin.host, "privacy") or {}; | 234 local privacy_lists = datamanager.load(node_, host_, "privacy") or {}; |
| 230 if privacy_lists.lists ~= nil then | 235 local bare_jid = node_.."@"..host_; |
| 231 end | 236 |
| 232 return false; | 237 module:log("debug", "checkIfNeedToBeBlocked: username: %s, host: %s", node_, host_); |
| 233 end | 238 module:log("debug", "stanza: %s, to: %s, form: %s", stanza.name, stanza.attr.to or "nil", stanza.attr.from or "nil"); |
| 234 | 239 |
| 235 module:hook("pre-message/full", checkIfNeedToBeBlocked, 500); | 240 if privacy_lists.lists ~= nil and stanza.attr.to ~= nil and stanza.attr.from ~= nil then |
| 236 module:hook("pre-iq/bare", checkIfNeedToBeBlocked, 500); | 241 if privacy_lists.active == nil and privacy_lists.default == nil then |
| 237 module:hook("pre-presence/bare", checkIfNeedToBeBlocked, 500); | 242 return; -- Nothing to block, default is Allow all |
| 243 end | |
| 244 | |
| 245 local idx; | |
| 246 local list; | |
| 247 local item; | |
| 248 local block = false; | |
| 249 local apply = false; | |
| 250 local listname = privacy_lists.active; | |
| 251 if listname == nil then | |
| 252 listname = privacy_lists.default; -- no active list selected, use default list | |
| 253 end | |
| 254 idx = findNamedList(privacy_lists, listname); | |
| 255 if idx == nil then | |
| 256 module:log("info", "given privacy listname not found."); | |
| 257 return; | |
| 258 end | |
| 259 list = privacy_lists.lists[idx]; | |
| 260 if list == nil then | |
| 261 module:log("info", "privacy list index wrong."); | |
| 262 return; | |
| 263 end | |
| 264 for _,item in ipairs(list.items) do | |
| 265 local apply = false; | |
| 266 block = false; | |
| 267 if (stanza.name == "message" and item.message) or | |
| 268 (stanza.name == "iq" and item.iq) or | |
| 269 (stanza.name == "presence" and jid_bare(stanza.attr.to) == bare_jid and item["presence-in"]) or | |
| 270 (stanza.name == "presence" and jid_bare(stanza.attr.from) == bare_jid and item["presence-out"]) or | |
| 271 (item.message == false and item.iq == false and item["presence-in"] == false and item["presence-in"] == false) then | |
| 272 module:log("debug", "stanza type matched."); | |
| 273 apply = true; | |
| 274 end | |
| 275 if apply then | |
| 276 local evilJid = {}; | |
| 277 apply = false; | |
| 278 if jid_bare(stanza.attr.to) == bare_jid then | |
| 279 evilJid.node, evilJid.host, evilJid.resource = jid_split(stanza.attr.from); | |
| 280 else | |
| 281 evilJid.node, evilJid.host, evilJid.resource = jid_split(stanza.attr.to); | |
| 282 end | |
| 283 if item.type == "jid" and | |
| 284 (evilJid.node and evilJid.host and evilJid.resource and item.value == evilJid.node.."@"..evilJid.host.."/"..evilJid.resource) or | |
| 285 (evilJid.node and evilJid.host and item.value == evilJid.node.."@"..evilJid.host) or | |
| 286 (evilJid.host and evilJid.resource and item.value == evilJid.host.."/"..evilJid.resource) or | |
| 287 (evilJid.host and item.value == evilJid.host) then | |
| 288 module:log("debug", "jid matched."); | |
| 289 apply = true; | |
| 290 block = (item.action == "deny"); | |
| 291 elseif item.type == "group" then | |
| 292 local groups = origin.roster[jid_bare(stanza.from)].groups; | |
| 293 for _,group in ipairs(groups) do | |
| 294 if group == item.value then | |
| 295 module:log("debug", "group matched."); | |
| 296 apply = true; | |
| 297 block = (item.action == "deny"); | |
| 298 break; | |
| 299 end | |
| 300 end | |
| 301 elseif item.type == "subscription" then | |
| 302 if origin.roster[jid_bare(stanza.from)].subscription == item.value then | |
| 303 module:log("debug", "subscription matched."); | |
| 304 apply = true; | |
| 305 block = (item.action == "deny"); | |
| 306 end | |
| 307 elseif item.type == nil then | |
| 308 module:log("debug", "no item.type, so matched."); | |
| 309 apply = true; | |
| 310 block = (item.action == "deny"); | |
| 311 end | |
| 312 end | |
| 313 if apply then | |
| 314 if block then | |
| 315 module:log("info", "stanza blocked: %s, to: %s, from: %s", stanza.name, stanza.attr.to or "nil", stanza.attr.from or "nil"); | |
| 316 if stanza.name == "message" then | |
| 317 origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); | |
| 318 elseif stanza.name == "iq" and (stanza.attr.type == "get" or stanza.attr.type == "set") then | |
| 319 origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); | |
| 320 end | |
| 321 return true; -- stanza blocked ! | |
| 322 else | |
| 323 module:log("info", "stanza explicit allowed!") | |
| 324 end | |
| 325 end | |
| 326 end | |
| 327 end | |
| 328 return; | |
| 329 end | |
| 330 | |
| 331 function preCheckIncoming(e) | |
| 332 if e.stanza.attr.to ~= nil then | |
| 333 local node, host, resource = jid_split(e.stanza.attr.to); | |
| 334 if node == nil or host == nil then | |
| 335 return; | |
| 336 end | |
| 337 return checkIfNeedToBeBlocked(e, node, host); | |
| 338 end | |
| 339 return; | |
| 340 end | |
| 341 | |
| 342 function preCheckOutgoing(e) | |
| 343 if e.stanza.attr.from ~= nil then | |
| 344 local node, host, resource = jid_split(e.stanza.attr.from); | |
| 345 if node == nil or host == nil then | |
| 346 return; | |
| 347 end | |
| 348 return checkIfNeedToBeBlocked(e, node, host); | |
| 349 end | |
| 350 return; | |
| 351 end | |
| 352 | |
| 353 | |
| 354 module:hook("pre-message/full", preCheckOutgoing, 500); | |
| 355 module:hook("pre-message/bare", preCheckOutgoing, 500); | |
| 356 module:hook("pre-message/host", preCheckOutgoing, 500); | |
| 357 module:hook("pre-iq/full", preCheckOutgoing, 500); | |
| 358 module:hook("pre-iq/bare", preCheckOutgoing, 500); | |
| 359 module:hook("pre-iq/host", preCheckOutgoing, 500); | |
| 360 module:hook("pre-presence/full", preCheckOutgoing, 500); | |
| 361 module:hook("pre-presence/bare", preCheckOutgoing, 500); | |
| 362 module:hook("pre-presence/host", preCheckOutgoing, 500); | |
| 363 | |
| 364 module:hook("message/full", preCheckIncoming, 500); | |
| 365 module:hook("message/bare", preCheckIncoming, 500); | |
| 366 module:hook("message/host", preCheckIncoming, 500); | |
| 367 module:hook("iq/full", preCheckIncoming, 500); | |
| 368 module:hook("iq/bare", preCheckIncoming, 500); | |
| 369 module:hook("iq/host", preCheckIncoming, 500); | |
| 370 module:hook("presence/full", preCheckIncoming, 500); | |
| 371 module:hook("presence/bare", preCheckIncoming, 500); | |
| 372 module:hook("presence/host", preCheckIncoming, 500); | |
| 238 | 373 |
| 239 -- helpers.log_events(hosts["albastru.de"].events, "albastru.de"); | 374 -- helpers.log_events(hosts["albastru.de"].events, "albastru.de"); |
| 240 -- helpers.log_events(prosody.events, "*"); | 375 -- helpers.log_events(prosody.events, "*"); |
| 241 | 376 |
| 242 module:log("info", "mod_privacy loaded ..."); | 377 module:log("info", "mod_privacy loaded ..."); |