Mercurial > prosody-modules
comparison mod_proxy65/mod_proxy65.lua @ 80:bed9a6b40fae
mod_proxy65: basic white list - access control list
author | Thilo Cestonaro <thilo@cestona.ro> |
---|---|
date | Sun, 01 Nov 2009 16:42:04 +0100 |
parents | 34f5818c90e9 |
children | 608dc38b6580 |
comparison
equal
deleted
inserted
replaced
79:34f5818c90e9 | 80:bed9a6b40fae |
---|---|
19 local sessions, transfers, component, replies_cache = {}, {}, nil, {}; | 19 local sessions, transfers, component, replies_cache = {}, {}, nil, {}; |
20 | 20 |
21 local proxy_port = config_get(host, "core", "proxy65_port") or 5000; | 21 local proxy_port = config_get(host, "core", "proxy65_port") or 5000; |
22 local proxy_interface = config_get(host, "core", "proxy65_interface") or "*"; | 22 local proxy_interface = config_get(host, "core", "proxy65_interface") or "*"; |
23 local proxy_address = config_get(host, "core", "proxy65_address") or (proxy_interface ~= "*" and proxy_interface) or host; | 23 local proxy_address = config_get(host, "core", "proxy65_address") or (proxy_interface ~= "*" and proxy_interface) or host; |
24 local proxy_acl = config_get(host, "core", "proxy65_acl"); | |
24 | 25 |
25 local connlistener = { default_port = proxy_port, default_interface = proxy_interface, default_mode = "*a" }; | 26 local connlistener = { default_port = proxy_port, default_interface = proxy_interface, default_mode = "*a" }; |
26 | 27 |
27 function connlistener.listener(conn, data) | 28 function connlistener.listener(conn, data) |
28 local session = sessions[conn] or {}; | 29 local session = sessions[conn] or {}; |
124 reply.attr.id = stanza.attr.id; | 125 reply.attr.id = stanza.attr.id; |
125 reply.attr.to = stanza.attr.from; | 126 reply.attr.to = stanza.attr.from; |
126 return reply; | 127 return reply; |
127 end | 128 end |
128 | 129 |
129 local function get_stream_host(stanza) | 130 local function get_stream_host(origin, stanza) |
130 local reply = replies_cache.stream_host; | 131 local reply = replies_cache.stream_host; |
132 local err_reply = replies_cache.stream_host_err; | |
131 local sid = stanza.tags[1].attr.sid; | 133 local sid = stanza.tags[1].attr.sid; |
132 if reply == nil then | 134 local allow = false; |
133 reply = st.iq({type="result", from=host}) | |
134 :query("http://jabber.org/protocol/bytestreams") | |
135 :tag("streamhost", {jid=host, host=proxy_address, port=proxy_port}); -- TODO get the correct data | |
136 replies_cache.stream_host = reply; | |
137 end | |
138 | 135 |
136 if proxy_acl then | |
137 for _, acl in ipairs(proxy_acl) do | |
138 local acl_node, acl_host, acl_resource = jid_split(acl); | |
139 if ((acl_node ~= nil and acl_node == origin.username) or acl_node == nil) and | |
140 ((acl_host ~= nil and acl_host == origin.host) or acl_host == nil) and | |
141 ((acl_resource ~= nil and acl_resource == origin.resource) or acl_resource == nil) then | |
142 allow = true; | |
143 end | |
144 end | |
145 else | |
146 allow = true; | |
147 end | |
148 if allow == true then | |
149 if reply == nil then | |
150 reply = st.iq({type="result", from=host}) | |
151 :query("http://jabber.org/protocol/bytestreams") | |
152 :tag("streamhost", {jid=host, host=proxy_address, port=proxy_port}); | |
153 replies_cache.stream_host = reply; | |
154 end | |
155 else | |
156 module:log("debug", "Denying use of proxy for %s@%s/%s", tostring(origin.username), tostring(origin.host), tostring(origin.resource)); | |
157 if err_reply == nil then | |
158 err_reply = st.iq({type="error", from=host}) | |
159 :query("http://jabber.org/protocol/bytestreams") | |
160 :tag("error", {code='403', type='auth'}) | |
161 :tag("forbidden", {xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'}); | |
162 replies_cache.stream_host_err = err_reply; | |
163 end | |
164 reply = err_reply; | |
165 end | |
139 reply.attr.id = stanza.attr.id; | 166 reply.attr.id = stanza.attr.id; |
140 reply.attr.to = stanza.attr.from; | 167 reply.attr.to = stanza.attr.from; |
141 reply.tags[1].attr.sid = sid; | 168 reply.tags[1].attr.sid = sid; |
142 return reply; | 169 return reply; |
143 end | 170 end |
177 return true; | 204 return true; |
178 elseif xmlns == "http://jabber.org/protocol/disco#items" then | 205 elseif xmlns == "http://jabber.org/protocol/disco#items" then |
179 origin.send(get_disco_items(stanza)); | 206 origin.send(get_disco_items(stanza)); |
180 return true; | 207 return true; |
181 elseif xmlns == "http://jabber.org/protocol/bytestreams" then | 208 elseif xmlns == "http://jabber.org/protocol/bytestreams" then |
182 origin.send(get_stream_host(stanza)); | 209 origin.send(get_stream_host(origin, stanza)); |
183 return true; | 210 return true; |
184 end | 211 end |
185 elseif stanza.name == "iq" and type == "set" then | 212 elseif stanza.name == "iq" and type == "set" then |
186 local reply, from, to, sid = set_activation(stanza); | 213 local reply, from, to, sid = set_activation(stanza); |
187 if reply ~= nil and from ~= nil and to ~= nil and sid ~= nil then | 214 if reply ~= nil and from ~= nil and to ~= nil and sid ~= nil then |