Mercurial > prosody-modules
comparison mod_host_guard/mod_host_guard.lua @ 680:a2cea070f2c7
mod_host_guard: removed calls to s2smanager and made the module not dependant on it.
| author | Marco Cirillo <maranda@lightwitch.org> |
|---|---|
| date | Sat, 26 May 2012 22:45:46 +0000 |
| parents | 50be30f203f3 |
| children | 03ef667c96c3 |
comparison
equal
deleted
inserted
replaced
| 679:dcddd9195098 | 680:a2cea070f2c7 |
|---|---|
| 10 | 10 |
| 11 local s2smanager = require "core.s2smanager" | 11 local s2smanager = require "core.s2smanager" |
| 12 local config = require "core.configmanager" | 12 local config = require "core.configmanager" |
| 13 local nameprep = require "util.encodings".stringprep.nameprep | 13 local nameprep = require "util.encodings".stringprep.nameprep |
| 14 | 14 |
| 15 local _make_connect = s2smanager.make_connect | 15 local function s2s_hook (event) |
| 16 function s2smanager.make_connect(session, connect_host, connect_port) | 16 local origin, stanza = event.session or event.origin, event.stanza or false |
| 17 if not session.s2sValidation then | 17 local to_host, from_host = (not stanza and origin.to_host) or stanza.attr.to, (not stanza and origin.from_host) or stanza.attr.from |
| 18 if guard_blockall:contains(session.from_host) and not guard_ball_wl:contains(session.to_host) or | |
| 19 guard_block_bl:contains(session.to_host) and guard_protect:contains(session.from_host) then | |
| 20 module:log("error", "remote service %s attempted to access restricted host %s", session.to_host, session.from_host) | |
| 21 s2smanager.destroy_session(session, "You're not authorized, good bye.") | |
| 22 return false; | |
| 23 end | |
| 24 end | |
| 25 return _make_connect(session, connect_host, connect_port) | |
| 26 end | |
| 27 | |
| 28 local _stream_opened = s2smanager.streamopened | |
| 29 function s2smanager.streamopened(session, attr) | |
| 30 local host = attr.to and nameprep(attr.to) | |
| 31 local from = attr.from and nameprep(attr.from) | |
| 32 if not from then | |
| 33 session.s2sValidation = false | |
| 34 else | |
| 35 session.s2sValidation = true | |
| 36 end | |
| 37 | |
| 38 if guard_blockall:contains(host) and not guard_ball_wl:contains(from) or | |
| 39 guard_block_bl:contains(from) and guard_protect:contains(host) then | |
| 40 module:log("error", "remote service %s attempted to access restricted host %s", from, host) | |
| 41 session:close({condition = "policy-violation", text = "You're not authorized, good bye."}) | |
| 42 return false; | |
| 43 end | |
| 44 _stream_opened(session, attr) | |
| 45 end | |
| 46 | |
| 47 local function sdr_hook (event) | |
| 48 local origin, stanza = event.origin, event.stanza | |
| 49 | 18 |
| 50 if origin.type == "s2sin" or origin.type == "s2sin_unauthed" then | 19 if origin.type == "s2sin" or origin.type == "s2sin_unauthed" then |
| 51 if guard_blockall:contains(stanza.attr.to) and not guard_ball_wl:contains(stanza.attr.from) or | 20 if guard_blockall:contains(to_host) and not guard_ball_wl:contains(from_host) or |
| 52 guard_block_bl:contains(stanza.attr.from) and guard_protect:contains(stanza.attr.to) then | 21 guard_block_bl:contains(from_host) and guard_protect:contains(to_host) then |
| 53 module:log("error", "remote service %s attempted to access restricted host %s", stanza.attr.from, stanza.attr.to) | 22 module:log("error", "remote service %s attempted to access restricted host %s", stanza.attr.from, stanza.attr.to) |
| 54 origin:close({condition = "policy-violation", text = "You're not authorized, good bye."}) | 23 origin:close({condition = "policy-violation", text = "You're not authorized, good bye."}) |
| 55 return false | 24 return false |
| 56 end | 25 end |
| 57 end | 26 end |
| 60 end | 29 end |
| 61 | 30 |
| 62 local function handle_activation (host) | 31 local function handle_activation (host) |
| 63 if guard_blockall:contains(host) or guard_protect:contains(host) then | 32 if guard_blockall:contains(host) or guard_protect:contains(host) then |
| 64 if hosts[host] and hosts[host].events then | 33 if hosts[host] and hosts[host].events then |
| 65 hosts[host].events.add_handler("stanza/jabber:server:dialback:result", sdr_hook, 100) | 34 hosts[host].events.add_handler("s2sin-established", s2s_hook, 500) |
| 35 hosts[host].events.add_handler("stanza/jabber:server:dialback:result", s2s_hook, 500) | |
| 66 module:log ("debug", "adding host protection for: "..host) | 36 module:log ("debug", "adding host protection for: "..host) |
| 67 end | 37 end |
| 68 end | 38 end |
| 69 end | 39 end |
| 70 | 40 |
| 71 local function handle_deactivation (host) | 41 local function handle_deactivation (host) |
| 72 if guard_blockall:contains(host) or guard_protect:contains(host) then | 42 if guard_blockall:contains(host) or guard_protect:contains(host) then |
| 73 if hosts[host] and hosts[host].events then | 43 if hosts[host] and hosts[host].events then |
| 74 hosts[host].events.remove_handler("stanza/jabber:server:dialback:result", sdr_hook) | 44 hosts[host].events.remove_handler("s2sin-established", s2s_hook) |
| 45 hosts[host].events.remove_handler("stanza/jabber:server:dialback:result", s2s_hook) | |
| 75 module:log ("debug", "removing host protection for: "..host) | 46 module:log ("debug", "removing host protection for: "..host) |
| 76 end | 47 end |
| 77 end | 48 end |
| 78 end | 49 end |
| 79 | 50 |
| 80 local function init_hosts() | 51 local function init_hosts() |
| 81 for n,table in pairs(hosts) do | 52 for n,table in pairs(hosts) do |
| 82 hosts[n].events.remove_handler("stanza/jabber:server:dialback:result", sdr_hook) | 53 hosts[n].events.remove_handler("s2sin-established", s2s_hook) |
| 54 hosts[n].events.remove_handler("stanza/jabber:server:dialback:result", s2s_hook) | |
| 83 if guard_blockall:contains(n) or guard_protect:contains(n) then handle_activation(n) end | 55 if guard_blockall:contains(n) or guard_protect:contains(n) then handle_activation(n) end |
| 84 end | 56 end |
| 85 end | 57 end |
| 86 | 58 |
| 87 local function reload() | 59 local function reload() |