Software /
code /
prosody-modules
Changeset
682:3ab1cf30a848
mod_host_guard: using route/remote event hook to stop outgoing connections to filtered entities, yet the returned error is highly misleading.
author | Marco Cirillo <maranda@lightwitch.org> |
---|---|
date | Sun, 27 May 2012 01:34:53 +0000 |
parents | 681:03ef667c96c3 |
children | 683:939f8fc84d49 |
files | mod_host_guard/mod_host_guard.lua |
diffstat | 1 files changed, 17 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_host_guard/mod_host_guard.lua Sat May 26 22:48:03 2012 +0000 +++ b/mod_host_guard/mod_host_guard.lua Sun May 27 01:34:53 2012 +0000 @@ -9,6 +9,7 @@ local guard_block_bl = module:get_option_set("host_guard_blacklist", {}) local config = require "core.configmanager" +local error_reply = require "util.stanza".error_reply local nameprep = require "util.encodings".stringprep.nameprep local function s2s_hook (event) @@ -18,7 +19,7 @@ if origin.type == "s2sin" or origin.type == "s2sin_unauthed" then if guard_blockall:contains(to_host) and not guard_ball_wl:contains(from_host) or guard_block_bl:contains(from_host) and guard_protect:contains(to_host) then - module:log("error", "remote service %s attempted to access restricted host %s", stanza.attr.from, stanza.attr.to) + module:log("error", "remote service %s attempted to access restricted host %s", from_host, to_host) origin:close({condition = "policy-violation", text = "You're not authorized, good bye."}) return false end @@ -27,10 +28,23 @@ return nil end +local function rr_hook (event) + local from_host, to_host, stanza = event.from_host, event.to_host, event.stanza + + if guard_blockall:contains(from_host) and not guard_ball_wl:contains(to_host) or + guard_block_bl:contains(to_host) and guard_protect:contains(from_host) then + module:log("info", "attempted to connect to a filtered remote host %s", to_host) + return false + end + + return nil +end + local function handle_activation (host) if guard_blockall:contains(host) or guard_protect:contains(host) then if hosts[host] and hosts[host].events then hosts[host].events.add_handler("s2sin-established", s2s_hook, 500) + hosts[host].events.add_handler("route/remote", rr_hook, 500) hosts[host].events.add_handler("stanza/jabber:server:dialback:result", s2s_hook, 500) module:log ("debug", "adding host protection for: "..host) end @@ -41,6 +55,7 @@ if guard_blockall:contains(host) or guard_protect:contains(host) then if hosts[host] and hosts[host].events then hosts[host].events.remove_handler("s2sin-established", s2s_hook) + hosts[host].events.remove_handler("route/remote", rr_hook) hosts[host].events.remove_handler("stanza/jabber:server:dialback:result", s2s_hook) module:log ("debug", "removing host protection for: "..host) end @@ -50,6 +65,7 @@ local function init_hosts() for n,table in pairs(hosts) do hosts[n].events.remove_handler("s2sin-established", s2s_hook) + hosts[n].events.remove_handler("route/remote", rr_hook) hosts[n].events.remove_handler("stanza/jabber:server:dialback:result", s2s_hook) if guard_blockall:contains(n) or guard_protect:contains(n) then handle_activation(n) end end