Diff

mod_admin_blocklist/mod_admin_blocklist.lua @ 1735:c2d43b568178

mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
author Kim Alvefur <zash@zash.se>
date Thu, 14 May 2015 00:34:00 +0200
child 2313:5d05139d0555
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_admin_blocklist/mod_admin_blocklist.lua	Thu May 14 00:34:00 2015 +0200
@@ -0,0 +1,59 @@
+-- mod_admin_blocklist
+--
+-- If a local admin has blocked a domain, don't allow s2s to that domain
+--
+-- Copyright (C) 2015 Kim Alvefur
+--
+-- This file is MIT/X11 licensed.
+--
+
+module:depends("blocklist");
+
+local st = require"util.stanza";
+local jid_split = require"util.jid".split;
+
+local admins = module:get_option_inherited_set("admins", {}) /
+	function (admin) -- Filter out non-local admins
+		local user, host = jid_split(admin);
+		if host == module.host then return user; end
+	end
+
+local blocklists = module:open_store("blocklist");
+
+local function is_blocked(host)
+	for admin in admins do
+		local blocklist = blocklists:get(admin);
+		if blocklist and blocklist[host] then
+			return true;
+		end
+	end
+end
+
+module:hook("route/remote", function (event)
+	local origin, stanza = event.origin, event.stanza;
+	if is_blocked(event.to_host) then
+		if origin and stanza then
+			origin.send(st.error_reply(stanza, "cancel", "not-allowed", "Communication with this domain is not allowed"));
+			return true;
+		end
+		return false;
+	end
+end, 1000);
+
+
+module:hook("s2s-stream-features", function (event)
+	local session = event.origin;
+	if is_blocked(session.from_host) then
+		session:close("policy-violation");
+		return false;
+	end
+end, 1000);
+
+module:hook("stanza/http://etherx.jabber.org/streams:features", function (event)
+	local session = event.origin;
+	if is_blocked(session.to_host) then
+		session:close("policy-violation");
+		return true;
+	end
+end, 1000);
+