Software / code / prosody
Annotate
plugins/mod_limits.lua @ 13801:a5d5fefb8b68 13.0
mod_tls: Enable Prosody's certificate checking for incoming s2s connections (fixes #1916) (thanks Damian, Zash)
Various options in Prosody allow control over the behaviour of the certificate
verification process For example, some deployments choose to allow falling
back to traditional "dialback" authentication (XEP-0220), while others verify
via DANE, hard-coded fingerprints, or other custom plugins.
Implementing this flexibility requires us to override OpenSSL's default
certificate verification, to allow Prosody to verify the certificate itself,
apply custom policies and make decisions based on the outcome.
To enable our custom logic, we have to suppress OpenSSL's default behaviour of
aborting the connection with a TLS alert message. With LuaSec, this can be
achieved by using the verifyext "lsec_continue" flag.
We also need to use the lsec_ignore_purpose flag, because XMPP s2s uses server
certificates as "client" certificates (for mutual TLS verification in outgoing
s2s connections).
Commit 99d2100d2918 moved these settings out of the defaults and into mod_s2s,
because we only really need these changes for s2s, and they should be opt-in,
rather than automatically applied to all TLS services we offer.
That commit was incomplete, because it only added the flags for incoming
direct TLS connections. StartTLS connections are handled by mod_tls, which was
not applying the lsec_* flags. It previously worked because they were already
in the defaults.
This resulted in incoming s2s connections with "invalid" certificates being
aborted early by OpenSSL, even if settings such as `s2s_secure_auth = false`
or DANE were present in the config.
Outgoing s2s connections inherit verify "none" from the defaults, which means
OpenSSL will receive the cert but will not terminate the connection when it is
deemed invalid. This means we don't need lsec_continue there, and we also
don't need lsec_ignore_purpose (because the remote peer is a "server").
Wondering why we can't just use verify "none" for incoming s2s? It's because
in that mode, OpenSSL won't request a certificate from the peer for incoming
connections. Setting verify "peer" is how you ask OpenSSL to request a
certificate from the client, but also what triggers its built-in verification.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Tue, 01 Apr 2025 17:26:56 +0100 |
| parent | 13209:c8d949cf6b09 |
| rev | line source |
|---|---|
|
8453
6b3e7fddd723
mod_limits: Fix typo in comment
Kim Alvefur <zash@zash.se>
parents:
8269
diff
changeset
|
1 -- Because we deal with pre-authed sessions and streams we can't be host-specific |
|
8256
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 module:set_global(); |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 |
|
12977
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
11735
diff
changeset
|
4 local filters = require "prosody.util.filters"; |
|
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
11735
diff
changeset
|
5 local throttle = require "prosody.util.throttle"; |
|
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
11735
diff
changeset
|
6 local timer = require "prosody.util.timer"; |
|
8269
25237002aba4
mod_limits: Handle fractional outstanding balance values (caused by e3f7b6fa46ba)
Matthew Wild <mwild1@gmail.com>
parents:
8256
diff
changeset
|
7 local ceil = math.ceil; |
|
8256
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 local limits_cfg = module:get_option("limits", {}); |
|
13209
c8d949cf6b09
plugins: Switch to :get_option_period() for time range options
Kim Alvefur <zash@zash.se>
parents:
12977
diff
changeset
|
10 local limits_resolution = module:get_option_period("limits_resolution", 1); |
|
8256
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 local default_bytes_per_second = 3000; |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 local default_burst = 2; |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 local rate_units = { b = 1, k = 3, m = 6, g = 9, t = 12 } -- Plan for the future. |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 local function parse_rate(rate, sess_type) |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 local quantity, unit, exp; |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 if rate then |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 quantity, unit = rate:match("^(%d+) ?([^/]+)/s$"); |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 exp = quantity and rate_units[unit:sub(1,1):lower()]; |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 end |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 if not exp then |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 module:log("error", "Error parsing rate for %s: %q, using default rate (%d bytes/s)", sess_type, rate, default_bytes_per_second); |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 return default_bytes_per_second; |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 end |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 return quantity*(10^exp); |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 end |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 local function parse_burst(burst, sess_type) |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 if type(burst) == "string" then |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 burst = burst:match("^(%d+) ?s$"); |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 end |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 local n_burst = tonumber(burst); |
|
11550
929de6ade6b6
mod_limits: Don't emit error when no burst period is configured
Matthew Wild <mwild1@gmail.com>
parents:
8803
diff
changeset
|
34 if burst and not n_burst then |
|
10111
0f335815244f
plugins: Remove tostring call from logging
Kim Alvefur <zash@zash.se>
parents:
10099
diff
changeset
|
35 module:log("error", "Unable to parse burst for %s: %q, using default burst interval (%ds)", sess_type, burst, default_burst); |
|
8256
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 end |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 return n_burst or default_burst; |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 end |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 -- Process config option into limits table: |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 -- limits = { c2s = { bytes_per_second = X, burst_seconds = Y } } |
|
11554
db8e41eb6eff
mod_limits: Use default limits if none configured
Matthew Wild <mwild1@gmail.com>
parents:
11550
diff
changeset
|
42 local limits = { |
|
db8e41eb6eff
mod_limits: Use default limits if none configured
Matthew Wild <mwild1@gmail.com>
parents:
11550
diff
changeset
|
43 c2s = { |
|
db8e41eb6eff
mod_limits: Use default limits if none configured
Matthew Wild <mwild1@gmail.com>
parents:
11550
diff
changeset
|
44 bytes_per_second = 10 * 1024; |
|
db8e41eb6eff
mod_limits: Use default limits if none configured
Matthew Wild <mwild1@gmail.com>
parents:
11550
diff
changeset
|
45 burst_seconds = 2; |
|
db8e41eb6eff
mod_limits: Use default limits if none configured
Matthew Wild <mwild1@gmail.com>
parents:
11550
diff
changeset
|
46 }; |
|
db8e41eb6eff
mod_limits: Use default limits if none configured
Matthew Wild <mwild1@gmail.com>
parents:
11550
diff
changeset
|
47 s2sin = { |
|
db8e41eb6eff
mod_limits: Use default limits if none configured
Matthew Wild <mwild1@gmail.com>
parents:
11550
diff
changeset
|
48 bytes_per_second = 30 * 1024; |
|
db8e41eb6eff
mod_limits: Use default limits if none configured
Matthew Wild <mwild1@gmail.com>
parents:
11550
diff
changeset
|
49 burst_seconds = 2; |
|
db8e41eb6eff
mod_limits: Use default limits if none configured
Matthew Wild <mwild1@gmail.com>
parents:
11550
diff
changeset
|
50 }; |
|
db8e41eb6eff
mod_limits: Use default limits if none configured
Matthew Wild <mwild1@gmail.com>
parents:
11550
diff
changeset
|
51 }; |
|
8256
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 for sess_type, sess_limits in pairs(limits_cfg) do |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
54 limits[sess_type] = { |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
55 bytes_per_second = parse_rate(sess_limits.rate, sess_type); |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
56 burst_seconds = parse_burst(sess_limits.burst, sess_type); |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
57 }; |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
58 end |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
59 |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
60 local default_filter_set = {}; |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
61 |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
62 function default_filter_set.bytes_in(bytes, session) |
| 9941 | 63 local sess_throttle = session.throttle; |
| 64 if sess_throttle then | |
|
10551
27b275633156
mod_limits: Remove an unused variable
Kim Alvefur <zash@zash.se>
parents:
10111
diff
changeset
|
65 local ok, _, outstanding = sess_throttle:poll(#bytes, true); |
|
8256
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
66 if not ok then |
| 9941 | 67 session.log("debug", "Session over rate limit (%d) with %d (by %d), pausing", sess_throttle.max, #bytes, outstanding); |
|
8269
25237002aba4
mod_limits: Handle fractional outstanding balance values (caused by e3f7b6fa46ba)
Matthew Wild <mwild1@gmail.com>
parents:
8256
diff
changeset
|
68 outstanding = ceil(outstanding); |
|
8256
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
69 session.conn:pause(); -- Read no more data from the connection until there is no outstanding data |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
70 local outstanding_data = bytes:sub(-outstanding); |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
71 bytes = bytes:sub(1, #bytes-outstanding); |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 timer.add_task(limits_resolution, function () |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
73 if not session.conn then return; end |
| 9941 | 74 if sess_throttle:peek(#outstanding_data) then |
|
8256
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
75 session.log("debug", "Resuming paused session"); |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 session.conn:resume(); |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
77 end |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 -- Handle what we can of the outstanding data |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
79 session.data(outstanding_data); |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 end); |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
81 end |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
82 end |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
83 return bytes; |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
84 end |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
85 |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
86 local type_filters = { |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
87 c2s = default_filter_set; |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
88 s2sin = default_filter_set; |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
89 s2sout = default_filter_set; |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
90 }; |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
91 |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
92 local function filter_hook(session) |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
93 local session_type = session.type:match("^[^_]+"); |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
94 local filter_set, opts = type_filters[session_type], limits[session_type]; |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
95 if opts then |
|
10099
7e3196e0263e
mod_limits: Use rate limiting in net.server if provided
Kim Alvefur <zash@zash.se>
parents:
9943
diff
changeset
|
96 if session.conn and session.conn.setlimit then |
|
7e3196e0263e
mod_limits: Use rate limiting in net.server if provided
Kim Alvefur <zash@zash.se>
parents:
9943
diff
changeset
|
97 session.conn:setlimit(opts.bytes_per_second); |
|
7e3196e0263e
mod_limits: Use rate limiting in net.server if provided
Kim Alvefur <zash@zash.se>
parents:
9943
diff
changeset
|
98 -- Currently no burst support |
|
7e3196e0263e
mod_limits: Use rate limiting in net.server if provided
Kim Alvefur <zash@zash.se>
parents:
9943
diff
changeset
|
99 else |
|
7e3196e0263e
mod_limits: Use rate limiting in net.server if provided
Kim Alvefur <zash@zash.se>
parents:
9943
diff
changeset
|
100 session.throttle = throttle.create(opts.bytes_per_second * opts.burst_seconds, opts.burst_seconds); |
|
7e3196e0263e
mod_limits: Use rate limiting in net.server if provided
Kim Alvefur <zash@zash.se>
parents:
9943
diff
changeset
|
101 filters.add_filter(session, "bytes/in", filter_set.bytes_in, 1000); |
|
7e3196e0263e
mod_limits: Use rate limiting in net.server if provided
Kim Alvefur <zash@zash.se>
parents:
9943
diff
changeset
|
102 end |
|
8256
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
103 end |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
104 end |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
105 |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
106 function module.load() |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
107 filters.add_filter_hook(filter_hook); |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
108 end |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
109 |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
110 function module.unload() |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
111 filters.remove_filter_hook(filter_hook); |
|
cdffe33efae4
mod_limits: Import from prosody-modules 2c59f2f0c37d (fixes #129)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
112 end |
|
9942
b0d5f4ae92b7
mod_limits: Allow configuring a list of unrestricted JIDs (fixes #1323)
Kim Alvefur <zash@zash.se>
parents:
9941
diff
changeset
|
113 |
|
11734
c0fc4ca74046
mod_limits: Factor out function for disabling limits allowing use from shell
Kim Alvefur <zash@zash.se>
parents:
11560
diff
changeset
|
114 function unlimited(session) |
|
c0fc4ca74046
mod_limits: Factor out function for disabling limits allowing use from shell
Kim Alvefur <zash@zash.se>
parents:
11560
diff
changeset
|
115 local session_type = session.type:match("^[^_]+"); |
|
c0fc4ca74046
mod_limits: Factor out function for disabling limits allowing use from shell
Kim Alvefur <zash@zash.se>
parents:
11560
diff
changeset
|
116 if session.conn and session.conn.setlimit then |
|
c0fc4ca74046
mod_limits: Factor out function for disabling limits allowing use from shell
Kim Alvefur <zash@zash.se>
parents:
11560
diff
changeset
|
117 session.conn:setlimit(0); |
|
c0fc4ca74046
mod_limits: Factor out function for disabling limits allowing use from shell
Kim Alvefur <zash@zash.se>
parents:
11560
diff
changeset
|
118 -- Currently no burst support |
|
c0fc4ca74046
mod_limits: Factor out function for disabling limits allowing use from shell
Kim Alvefur <zash@zash.se>
parents:
11560
diff
changeset
|
119 else |
|
c0fc4ca74046
mod_limits: Factor out function for disabling limits allowing use from shell
Kim Alvefur <zash@zash.se>
parents:
11560
diff
changeset
|
120 local filter_set = type_filters[session_type]; |
|
c0fc4ca74046
mod_limits: Factor out function for disabling limits allowing use from shell
Kim Alvefur <zash@zash.se>
parents:
11560
diff
changeset
|
121 filters.remove_filter(session, "bytes/in", filter_set.bytes_in); |
|
c0fc4ca74046
mod_limits: Factor out function for disabling limits allowing use from shell
Kim Alvefur <zash@zash.se>
parents:
11560
diff
changeset
|
122 session.throttle = nil; |
|
c0fc4ca74046
mod_limits: Factor out function for disabling limits allowing use from shell
Kim Alvefur <zash@zash.se>
parents:
11560
diff
changeset
|
123 end |
|
c0fc4ca74046
mod_limits: Factor out function for disabling limits allowing use from shell
Kim Alvefur <zash@zash.se>
parents:
11560
diff
changeset
|
124 end |
|
c0fc4ca74046
mod_limits: Factor out function for disabling limits allowing use from shell
Kim Alvefur <zash@zash.se>
parents:
11560
diff
changeset
|
125 |
|
9942
b0d5f4ae92b7
mod_limits: Allow configuring a list of unrestricted JIDs (fixes #1323)
Kim Alvefur <zash@zash.se>
parents:
9941
diff
changeset
|
126 function module.add_host(module) |
|
b0d5f4ae92b7
mod_limits: Allow configuring a list of unrestricted JIDs (fixes #1323)
Kim Alvefur <zash@zash.se>
parents:
9941
diff
changeset
|
127 local unlimited_jids = module:get_option_inherited_set("unlimited_jids", {}); |
|
b0d5f4ae92b7
mod_limits: Allow configuring a list of unrestricted JIDs (fixes #1323)
Kim Alvefur <zash@zash.se>
parents:
9941
diff
changeset
|
128 |
| 9943 | 129 if not unlimited_jids:empty() then |
|
9942
b0d5f4ae92b7
mod_limits: Allow configuring a list of unrestricted JIDs (fixes #1323)
Kim Alvefur <zash@zash.se>
parents:
9941
diff
changeset
|
130 module:hook("authentication-success", function (event) |
|
b0d5f4ae92b7
mod_limits: Allow configuring a list of unrestricted JIDs (fixes #1323)
Kim Alvefur <zash@zash.se>
parents:
9941
diff
changeset
|
131 local session = event.session; |
|
b0d5f4ae92b7
mod_limits: Allow configuring a list of unrestricted JIDs (fixes #1323)
Kim Alvefur <zash@zash.se>
parents:
9941
diff
changeset
|
132 local jid = session.username .. "@" .. session.host; |
|
b0d5f4ae92b7
mod_limits: Allow configuring a list of unrestricted JIDs (fixes #1323)
Kim Alvefur <zash@zash.se>
parents:
9941
diff
changeset
|
133 if unlimited_jids:contains(jid) then |
|
11734
c0fc4ca74046
mod_limits: Factor out function for disabling limits allowing use from shell
Kim Alvefur <zash@zash.se>
parents:
11560
diff
changeset
|
134 unlimited(session); |
|
9942
b0d5f4ae92b7
mod_limits: Allow configuring a list of unrestricted JIDs (fixes #1323)
Kim Alvefur <zash@zash.se>
parents:
9941
diff
changeset
|
135 end |
|
b0d5f4ae92b7
mod_limits: Allow configuring a list of unrestricted JIDs (fixes #1323)
Kim Alvefur <zash@zash.se>
parents:
9941
diff
changeset
|
136 end); |
|
11735
7d29167bfcc3
mod_limits: Extend unlimited_jids to s2s sessions (for Ge0rG)
Kim Alvefur <zash@zash.se>
parents:
11734
diff
changeset
|
137 |
|
7d29167bfcc3
mod_limits: Extend unlimited_jids to s2s sessions (for Ge0rG)
Kim Alvefur <zash@zash.se>
parents:
11734
diff
changeset
|
138 module:hook("s2sout-established", function (event) |
|
7d29167bfcc3
mod_limits: Extend unlimited_jids to s2s sessions (for Ge0rG)
Kim Alvefur <zash@zash.se>
parents:
11734
diff
changeset
|
139 local session = event.session; |
|
7d29167bfcc3
mod_limits: Extend unlimited_jids to s2s sessions (for Ge0rG)
Kim Alvefur <zash@zash.se>
parents:
11734
diff
changeset
|
140 if unlimited_jids:contains(session.to_host) then |
|
7d29167bfcc3
mod_limits: Extend unlimited_jids to s2s sessions (for Ge0rG)
Kim Alvefur <zash@zash.se>
parents:
11734
diff
changeset
|
141 unlimited(session); |
|
7d29167bfcc3
mod_limits: Extend unlimited_jids to s2s sessions (for Ge0rG)
Kim Alvefur <zash@zash.se>
parents:
11734
diff
changeset
|
142 end |
|
7d29167bfcc3
mod_limits: Extend unlimited_jids to s2s sessions (for Ge0rG)
Kim Alvefur <zash@zash.se>
parents:
11734
diff
changeset
|
143 end); |
|
7d29167bfcc3
mod_limits: Extend unlimited_jids to s2s sessions (for Ge0rG)
Kim Alvefur <zash@zash.se>
parents:
11734
diff
changeset
|
144 |
|
7d29167bfcc3
mod_limits: Extend unlimited_jids to s2s sessions (for Ge0rG)
Kim Alvefur <zash@zash.se>
parents:
11734
diff
changeset
|
145 module:hook("s2sin-established", function (event) |
|
7d29167bfcc3
mod_limits: Extend unlimited_jids to s2s sessions (for Ge0rG)
Kim Alvefur <zash@zash.se>
parents:
11734
diff
changeset
|
146 local session = event.session; |
|
7d29167bfcc3
mod_limits: Extend unlimited_jids to s2s sessions (for Ge0rG)
Kim Alvefur <zash@zash.se>
parents:
11734
diff
changeset
|
147 if session.from_host and unlimited_jids:contains(session.from_host) then |
|
7d29167bfcc3
mod_limits: Extend unlimited_jids to s2s sessions (for Ge0rG)
Kim Alvefur <zash@zash.se>
parents:
11734
diff
changeset
|
148 unlimited(session); |
|
7d29167bfcc3
mod_limits: Extend unlimited_jids to s2s sessions (for Ge0rG)
Kim Alvefur <zash@zash.se>
parents:
11734
diff
changeset
|
149 end |
|
7d29167bfcc3
mod_limits: Extend unlimited_jids to s2s sessions (for Ge0rG)
Kim Alvefur <zash@zash.se>
parents:
11734
diff
changeset
|
150 end); |
|
7d29167bfcc3
mod_limits: Extend unlimited_jids to s2s sessions (for Ge0rG)
Kim Alvefur <zash@zash.se>
parents:
11734
diff
changeset
|
151 |
|
9942
b0d5f4ae92b7
mod_limits: Allow configuring a list of unrestricted JIDs (fixes #1323)
Kim Alvefur <zash@zash.se>
parents:
9941
diff
changeset
|
152 end |
|
b0d5f4ae92b7
mod_limits: Allow configuring a list of unrestricted JIDs (fixes #1323)
Kim Alvefur <zash@zash.se>
parents:
9941
diff
changeset
|
153 end |
