comparison mod_proxy65/mod_proxy65.lua @ 80:bed9a6b40fae

mod_proxy65: basic white list - access control list
author Thilo Cestonaro <thilo@cestona.ro>
date Sun, 01 Nov 2009 16:42:04 +0100
parents 34f5818c90e9
children 608dc38b6580
comparison
equal deleted inserted replaced
79:34f5818c90e9 80:bed9a6b40fae
19 local sessions, transfers, component, replies_cache = {}, {}, nil, {}; 19 local sessions, transfers, component, replies_cache = {}, {}, nil, {};
20 20
21 local proxy_port = config_get(host, "core", "proxy65_port") or 5000; 21 local proxy_port = config_get(host, "core", "proxy65_port") or 5000;
22 local proxy_interface = config_get(host, "core", "proxy65_interface") or "*"; 22 local proxy_interface = config_get(host, "core", "proxy65_interface") or "*";
23 local proxy_address = config_get(host, "core", "proxy65_address") or (proxy_interface ~= "*" and proxy_interface) or host; 23 local proxy_address = config_get(host, "core", "proxy65_address") or (proxy_interface ~= "*" and proxy_interface) or host;
24 local proxy_acl = config_get(host, "core", "proxy65_acl");
24 25
25 local connlistener = { default_port = proxy_port, default_interface = proxy_interface, default_mode = "*a" }; 26 local connlistener = { default_port = proxy_port, default_interface = proxy_interface, default_mode = "*a" };
26 27
27 function connlistener.listener(conn, data) 28 function connlistener.listener(conn, data)
28 local session = sessions[conn] or {}; 29 local session = sessions[conn] or {};
124 reply.attr.id = stanza.attr.id; 125 reply.attr.id = stanza.attr.id;
125 reply.attr.to = stanza.attr.from; 126 reply.attr.to = stanza.attr.from;
126 return reply; 127 return reply;
127 end 128 end
128 129
129 local function get_stream_host(stanza) 130 local function get_stream_host(origin, stanza)
130 local reply = replies_cache.stream_host; 131 local reply = replies_cache.stream_host;
132 local err_reply = replies_cache.stream_host_err;
131 local sid = stanza.tags[1].attr.sid; 133 local sid = stanza.tags[1].attr.sid;
132 if reply == nil then 134 local allow = false;
133 reply = st.iq({type="result", from=host})
134 :query("http://jabber.org/protocol/bytestreams")
135 :tag("streamhost", {jid=host, host=proxy_address, port=proxy_port}); -- TODO get the correct data
136 replies_cache.stream_host = reply;
137 end
138 135
136 if proxy_acl then
137 for _, acl in ipairs(proxy_acl) do
138 local acl_node, acl_host, acl_resource = jid_split(acl);
139 if ((acl_node ~= nil and acl_node == origin.username) or acl_node == nil) and
140 ((acl_host ~= nil and acl_host == origin.host) or acl_host == nil) and
141 ((acl_resource ~= nil and acl_resource == origin.resource) or acl_resource == nil) then
142 allow = true;
143 end
144 end
145 else
146 allow = true;
147 end
148 if allow == true then
149 if reply == nil then
150 reply = st.iq({type="result", from=host})
151 :query("http://jabber.org/protocol/bytestreams")
152 :tag("streamhost", {jid=host, host=proxy_address, port=proxy_port});
153 replies_cache.stream_host = reply;
154 end
155 else
156 module:log("debug", "Denying use of proxy for %s@%s/%s", tostring(origin.username), tostring(origin.host), tostring(origin.resource));
157 if err_reply == nil then
158 err_reply = st.iq({type="error", from=host})
159 :query("http://jabber.org/protocol/bytestreams")
160 :tag("error", {code='403', type='auth'})
161 :tag("forbidden", {xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'});
162 replies_cache.stream_host_err = err_reply;
163 end
164 reply = err_reply;
165 end
139 reply.attr.id = stanza.attr.id; 166 reply.attr.id = stanza.attr.id;
140 reply.attr.to = stanza.attr.from; 167 reply.attr.to = stanza.attr.from;
141 reply.tags[1].attr.sid = sid; 168 reply.tags[1].attr.sid = sid;
142 return reply; 169 return reply;
143 end 170 end
177 return true; 204 return true;
178 elseif xmlns == "http://jabber.org/protocol/disco#items" then 205 elseif xmlns == "http://jabber.org/protocol/disco#items" then
179 origin.send(get_disco_items(stanza)); 206 origin.send(get_disco_items(stanza));
180 return true; 207 return true;
181 elseif xmlns == "http://jabber.org/protocol/bytestreams" then 208 elseif xmlns == "http://jabber.org/protocol/bytestreams" then
182 origin.send(get_stream_host(stanza)); 209 origin.send(get_stream_host(origin, stanza));
183 return true; 210 return true;
184 end 211 end
185 elseif stanza.name == "iq" and type == "set" then 212 elseif stanza.name == "iq" and type == "set" then
186 local reply, from, to, sid = set_activation(stanza); 213 local reply, from, to, sid = set_activation(stanza);
187 if reply ~= nil and from ~= nil and to ~= nil and sid ~= nil then 214 if reply ~= nil and from ~= nil and to ~= nil and sid ~= nil then