Mercurial > prosody-modules
changeset 215:281db5eefcb4
mod_s2s_blackwhitelist: adding blacklist and whitelist plugin for s2s connections
author | Gaurav <gauravsri@gmail.com> |
---|---|
date | Fri, 16 Jul 2010 10:02:31 -0700 |
parents | 7487f8b47662 |
children | ac5289d5ac8c 3da3d6480e65 |
files | mod_s2s_blackwhitelist/mod_s2s_blackwhitelist.lua |
diffstat | 1 files changed, 187 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_s2s_blackwhitelist/mod_s2s_blackwhitelist.lua Fri Jul 16 10:02:31 2010 -0700 @@ -0,0 +1,187 @@ + +local s2smanager = require "core.s2smanager"; +local config = require "core.configmanager"; +local nameprep = require "util.encodings".stringprep.nameprep; + +local s2s_blacklist = module:get_option_array("s2s_blacklist"); +local s2s_whitelist = module:get_option_array("s2s_whitelist"); +local s2s_enable_blackwhitelist = module:get_option_string("s2s_enable_blackwhitelist"); +local is_blacklist_enabled = false; +local is_whitelist_enabled = false; + +if s2s_enable_blackwhitelist == "blacklist" then + if type(s2s_blacklist) == "table" then + is_blacklist_enabled = true; + module:log("debug", "s2s-blacklist is enabled"); + local count=#s2s_blacklist; + for i=1,count do + module:log("debug", "s2s-blacklist adding [%s]", s2s_blacklist[i]); + end + end +elseif s2s_enable_blackwhitelist == "whitelist" then + if type(s2s_whitelist) == "table" then + is_whitelist_enabled = true; + module:log("debug", "s2s-whitelist is enabled"); + local count=#s2s_whitelist; + for i=1,count do + module:log("debug", "s2s-whitelist adding [%s]", s2s_whitelist[i]); + end + end +end + +local function reload_list() + s2s_blacklist = module:get_option_array("s2s_blacklist"); + s2s_whitelist = module:get_option_array("s2s_whitelist"); + s2s_enable_blackwhitelist = module:get_option_string("s2s_enable_blackwhitelist"); + + if s2s_enable_blackwhitelist == "blacklist" then + if type(s2s_blacklist) == "table" then + is_blacklist_enabled = true; + module:log("debug", "s2s-blacklist is enabled"); + local count=#s2s_blacklist; + for i=1,count do + module:log("debug", "s2s-blacklist adding [%s]", s2s_blacklist[i]); + end + end + elseif s2s_enable_blackwhitelist == "whitelist" then + if type(s2s_whitelist) == "table" then + is_whitelist_enabled = true; + module:log("debug", "s2s-whitelist is enabled"); + local count=#s2s_whitelist; + for i=1,count do + module:log("debug", "s2s-whitelist adding [%s]", s2s_whitelist[i]); + end + end + end +end + +local _make_connect = s2smanager.make_connect; +function s2smanager.make_connect(session, connect_host, connect_port) + local host = session.to_host; + if not session.s2sValidation then + if (host and is_blacklist_enabled == true) then + local count=#s2s_blacklist; + for i=1,count do + if s2s_blacklist[i] == host then + module:log ("error", "blacklisted host received %s", s2s_blacklist[i]); + s2smanager.destroy_session(session, "This host does not serve "..host); + return false; + end + end + elseif (host and is_whitelist_enabled == true) then + local count=#s2s_whitelist; + local found=false; + for i=1,count do + if s2s_whitelist[i] == host then + found=true; + end + end + if found == false then + module:log ("error", "host %s couldn't be found in whitelist", host); + s2smanager.destroy_session(session, "This host does not serve "..host); + return false; + end + end + end + return _make_connect(session, connect_host, connect_port); +end + +local _stream_opened = s2smanager.streamopened; +function s2smanager.streamopened(session, attr) + local host = attr.from and nameprep(attr.from); + if not host then + session.s2sValidation = false; + else + session.s2sValidation = true; + end + + if (host and is_blacklist_enabled == true) then + local count=#s2s_blacklist; + for i=1,count do + if s2s_blacklist[i] == host then + module:log ("error", "blacklisted host received %s", s2s_blacklist[i]); + session:close({condition = "host-unknown", text = "This host does not serve " .. host}); + return; + end + end + elseif (host and is_whitelist_enabled == true) then + local count=#s2s_whitelist; + local found=false; + for i=1,count do + if s2s_whitelist[i] == host then + found=true; + end + end + if found == false then + module:log ("error", "host %s couldn't be found in whitelist", host); + session:close({condition = "host-unknown", text = "This host does not serve " .. host}); + return; + end + end + _stream_opened(session, attr); +end + + +local function server_dialback_result_hook (event) + local origin, stanza = event.origin, event.stanza; + + if origin.type == "s2sin" or origin.type == "s2sin_unauthed" then + + local host = stanza.attr.from; + + if (host and is_blacklist_enabled == true) then + local count=#s2s_blacklist; + for i=1,count do + if s2s_blacklist[i] == host then + module:log ("error", "blacklisted host received %s", s2s_blacklist[i]); + origin:close({condition = "host-unknown", text = "This host does not serve " .. host}); + return true; + end + end + elseif (host and is_whitelist_enabled == true) then + local count=#s2s_whitelist; + local found=false; + for i=1,count do + if s2s_whitelist[i] == host then + found=true; + end + end + if found == false then + module:log ("error", "host %s couldn't be found in whitelist", host); + origin:close({condition = "host-unknown", text = "This host does not serve " .. host}); + return true; + end + end + + end + + return nil; +end + +local function handle_activated_host (host) + if (hosts[host] and hosts[host].events) then + hosts[host].events.add_handler("stanza/jabber:server:dialback:result", server_dialback_result_hook, 100); + module:log ("debug", "adding hook for %s", host); + end +end + +local function handle_deactivated_host (host) + if (hosts[host] and hosts[host].events) then + hosts[host].events.remove_handler("stanza/jabber:server:dialback:result", server_dialback_result_hook); + module:log ("debug", "removing hook for %s", host); + end +end + +prosody.events.add_handler("host-activated", handle_activated_host); +prosody.events.add_handler("component-activated", handle_activated_host); +prosody.events.add_handler("host-deactivated", handle_deactivated_host); +prosody.events.add_handler("component-deactivated", handle_deactivated_host); +prosody.events.add_handler("config-reloaded", reload_list); + +for name, host in pairs(hosts) do + if host and host.events then + host.events.add_handler("stanza/jabber:server:dialback:result", server_dialback_result_hook, 100); + module:log ("debug", "adding hook for %s", name); + end +end +