1 module:set_global(); |
1 module:set_global(); |
2 |
2 |
3 local jid_bare = require "util.jid".bare; |
3 local jid_bare, jid_host = require "util.jid".bare, require "util.jid".host; |
4 local st = require "util.stanza"; |
4 local st = require "util.stanza"; |
5 local xmlns_muc_user = "http://jabber.org/protocol/muc#user"; |
5 local xmlns_muc_user = "http://jabber.org/protocol/muc#user"; |
6 |
6 |
|
7 local trusted_services = module:get_option_inherited_set("muc_ban_ip_trusted_services", {}); |
|
8 local trust_local_restricted_services = module:get_option_boolean("muc_ban_ip_trust_local_restricted_services", true); |
|
9 |
7 local ip_bans = module:shared("bans"); |
10 local ip_bans = module:shared("bans"); |
8 local full_sessions = prosody.full_sessions; |
11 local full_sessions = prosody.full_sessions; |
|
12 |
|
13 local function is_local_restricted_service(host) |
|
14 local muc_service = prosody.hosts[host] and prosody.hosts[host].modules.muc; |
|
15 if muc_service and module:context(host):get_option("restrict_room_creation") ~= nil then -- COMPAT: May need updating post-0.12 |
|
16 return true; |
|
17 end |
|
18 return false; |
|
19 end |
9 |
20 |
10 local function ban_ip(session, from) |
21 local function ban_ip(session, from) |
11 local ip = session.ip; |
22 local ip = session.ip; |
12 if not ip then |
23 if not ip then |
13 module:log("warn", "Failed to ban IP (IP unknown) for %s", session.full_jid); |
24 module:log("warn", "Failed to ban IP (IP unknown) for %s", session.full_jid); |
14 return; |
25 return; |
|
26 end |
|
27 local from_host = jid_host(from); |
|
28 if trusted_services:contains(from_host) or (trust_local_restricted_services and is_local_restricted_service(from_host)) then |
|
29 from = from_host; -- Ban from entire host |
15 end |
30 end |
16 local banned_from = ip_bans[ip]; |
31 local banned_from = ip_bans[ip]; |
17 if not banned_from then |
32 if not banned_from then |
18 banned_from = {}; |
33 banned_from = {}; |
19 ip_bans[ip] = banned_from; |
34 ip_bans[ip] = banned_from; |
43 end |
58 end |
44 |
59 |
45 local function check_for_ban(event) |
60 local function check_for_ban(event) |
46 local origin, stanza = event.origin, event.stanza; |
61 local origin, stanza = event.origin, event.stanza; |
47 local ip = origin.ip; |
62 local ip = origin.ip; |
48 local to = jid_bare(stanza.attr.to); |
63 local to, to_host = jid_bare(stanza.attr.to), jid_host(stanza.attr.to); |
49 if ip_bans[ip] and ip_bans[ip][to] then |
64 if ip_bans[ip] and (ip_bans[ip][to] or ip_bans[ip][to_host]) then |
50 (origin.log or module._log)("debug", "IP banned: %s is banned from %s", ip, to) |
65 (origin.log or module._log)("debug", "IP banned: %s is banned from %s", ip, to) |
51 if stanza.attr.type ~= "error" then |
66 if stanza.attr.type ~= "error" then |
52 origin.send(st.error_reply(stanza, "auth", "forbidden") |
67 origin.send(st.error_reply(stanza, "auth", "forbidden") |
53 :tag("x", { xmlns = xmlns_muc_user }) |
68 :tag("x", { xmlns = xmlns_muc_user }) |
54 :tag("status", { code = '301' })); |
69 :tag("status", { code = '301' })); |