prosody-modules
21e99dc949ee
mod_host_guard/mod_host_guard.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

Comparison

mod_host_guard/mod_host_guard.lua @ 834:21e99dc949ee

mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.
author Marco Cirillo <maranda@lightwitch.org>
date Wed, 19 Sep 2012 01:30:58 +0000
parent 818:bf23a8966e20
child 1343:7dbde05b48a9
comparison
equal deleted inserted replaced
833:30d49c26d219 834:21e99dc949ee
1 -- (C) 2011, Marco Cirillo (LW.Org) 1 -- (C) 2011, Marco Cirillo (LW.Org)
2 -- Block or restrict by blacklist remote access to local components or hosts. 2 -- Block or restrict by blacklist remote access to local components or hosts.
3 3
4 module:set_global() 4 module:set_global()
5
6 local hosts = hosts
7 local incoming_s2s = prosody.incoming_s2s
5 8
6 local guard_blockall = module:get_option_set("host_guard_blockall", {}) 9 local guard_blockall = module:get_option_set("host_guard_blockall", {})
7 local guard_ball_wl = module:get_option_set("host_guard_blockall_exceptions", {}) 10 local guard_ball_wl = module:get_option_set("host_guard_blockall_exceptions", {})
8 local guard_protect = module:get_option_set("host_guard_selective", {}) 11 local guard_protect = module:get_option_set("host_guard_selective", {})
9 local guard_block_bl = module:get_option_set("host_guard_blacklist", {}) 12 local guard_block_bl = module:get_option_set("host_guard_blacklist", {})
10 13
11 local config = configmanager 14 local config = configmanager
12 local error_reply = require "util.stanza".error_reply 15 local error_reply = require "util.stanza".error_reply
16 local tostring = tostring
13 17
14 local function s2s_hook (event) 18 local function s2s_hook (event)
15 local origin, stanza = event.session or event.origin, event.stanza or false 19 local origin, stanza = event.session or event.origin, event.stanza or false
16 local to_host, from_host = (not stanza and origin.to_host) or stanza.attr.to, (not stanza and origin.from_host) or stanza.attr.from 20 local to_host, from_host = (not stanza and origin.to_host) or stanza.attr.to, (not stanza and origin.from_host) or stanza.attr.from
17 21
64 if not u and not i then module:log ("debug", "removing host protection for: "..host) end 68 if not u and not i then module:log ("debug", "removing host protection for: "..host) end
65 end 69 end
66 end 70 end
67 end 71 end
68 72
73 local function close_filtered()
74 for _, host in pairs(hosts) do
75 for name, session in pairs(host.s2sout) do
76 if guard_blockall:contains(session.host) and not guard_ball_wl:contains(session.to_host) or
77 guard_block_bl:contains(session.to_host) and guard_protect:contains(session.host) then
78 module:log("info", "closing down s2s outgoing stream to filtered entity %s", tostring(session.to_host))
79 session:close()
80 end
81 end
82 end
83 for session in pairs(incoming_s2s) do
84 if session.to_host and session.from_host and
85 (guard_blockall:contains(session.to_host) and not guard_ball_wl:contains(session.from_host) or
86 guard_block_bl:contains(session.from_host) and guard_protect:contains(session.to_host)) then
87 module:log("info", "closing down s2s incoming stream from filtered entity %s", tostring(session.from_host))
88 session:close()
89 end
90 end
91 end
92
69 local function init_hosts(u, i) 93 local function init_hosts(u, i)
70 for n in pairs(hosts) do 94 for n in pairs(hosts) do
71 if guard_blockall:contains(n) or guard_protect:contains(n) then 95 if guard_blockall:contains(n) or guard_protect:contains(n) then
72 handle_deactivation(n, u, i) 96 handle_deactivation(n, u, i) ; handle_activation(n, u)
73 handle_activation(n, u)
74 end 97 end
75 end 98 end
99 close_filtered()
76 end 100 end
77 101
78 local function reload() 102 local function reload()
79 module:log ("debug", "server configuration reloaded, rehashing plugin tables...") 103 module:log ("debug", "server configuration reloaded, rehashing plugin tables...")
80 guard_blockall = module:get_option_set("host_guard_blockall", {}) 104 guard_blockall = module:get_option_set("host_guard_blockall", {})