Software / code / prosody
Changeset
11555:65dcc175ef5b 0.11
mod_proxy65: Restrict access to local c2s connections by default
Previously no 'proxy65_acl' option would allow unrestricted access by local or
remote JIDs.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Wed, 12 May 2021 13:59:49 +0100 |
| parents | 11554:db8e41eb6eff |
| children | 11556:6f56170ea986 |
| files | plugins/mod_proxy65.lua |
| diffstat | 1 files changed, 12 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_proxy65.lua Tue May 11 14:22:59 2021 +0100 +++ b/plugins/mod_proxy65.lua Wed May 12 13:59:49 2021 +0100 @@ -94,6 +94,7 @@ local proxy_address = module:get_option_string("proxy65_address", host); local proxy_acl = module:get_option_array("proxy65_acl"); + local proxy_open_access = module:get_option_boolean("proxy65_open_access", false); -- COMPAT w/pre-0.9 where proxy65_port was specified in the components section of the config local legacy_config = module:get_option_number("proxy65_port"); @@ -110,13 +111,20 @@ -- check ACL -- using 'while' instead of 'if' so we can break out of it - while proxy_acl and #proxy_acl > 0 do --luacheck: ignore 512 + local allow; + if proxy_acl and #proxy_acl > 0 then local jid = stanza.attr.from; - local allow; for _, acl in ipairs(proxy_acl) do - if jid_compare(jid, acl) then allow = true; break; end + if jid_compare(jid, acl) then + allow = true; + break; + end end - if allow then break; end + elseif proxy_open_access or origin.type == "c2s" then + allow = true; + end + + if not allow then module:log("warn", "Denying use of proxy for %s", tostring(stanza.attr.from)); origin.send(st.error_reply(stanza, "auth", "forbidden")); return true;
