--- a/mod_host_guard/mod_host_guard.lua Sat May 26 22:48:03 2012 +0000
+++ b/mod_host_guard/mod_host_guard.lua Sun May 27 01:34:53 2012 +0000
@@ -9,6 +9,7 @@
local guard_block_bl = module:get_option_set("host_guard_blacklist", {})
local config = require "core.configmanager"
+local error_reply = require "util.stanza".error_reply
local nameprep = require "util.encodings".stringprep.nameprep
local function s2s_hook (event)
@@ -18,7 +19,7 @@
if origin.type == "s2sin" or origin.type == "s2sin_unauthed" then
if guard_blockall:contains(to_host) and not guard_ball_wl:contains(from_host) or
guard_block_bl:contains(from_host) and guard_protect:contains(to_host) then
- module:log("error", "remote service %s attempted to access restricted host %s", stanza.attr.from, stanza.attr.to)
+ module:log("error", "remote service %s attempted to access restricted host %s", from_host, to_host)
origin:close({condition = "policy-violation", text = "You're not authorized, good bye."})
return false
end
@@ -27,10 +28,23 @@
return nil
end
+local function rr_hook (event)
+ local from_host, to_host, stanza = event.from_host, event.to_host, event.stanza
+
+ if guard_blockall:contains(from_host) and not guard_ball_wl:contains(to_host) or
+ guard_block_bl:contains(to_host) and guard_protect:contains(from_host) then
+ module:log("info", "attempted to connect to a filtered remote host %s", to_host)
+ return false
+ end
+
+ return nil
+end
+
local function handle_activation (host)
if guard_blockall:contains(host) or guard_protect:contains(host) then
if hosts[host] and hosts[host].events then
hosts[host].events.add_handler("s2sin-established", s2s_hook, 500)
+ hosts[host].events.add_handler("route/remote", rr_hook, 500)
hosts[host].events.add_handler("stanza/jabber:server:dialback:result", s2s_hook, 500)
module:log ("debug", "adding host protection for: "..host)
end
@@ -41,6 +55,7 @@
if guard_blockall:contains(host) or guard_protect:contains(host) then
if hosts[host] and hosts[host].events then
hosts[host].events.remove_handler("s2sin-established", s2s_hook)
+ hosts[host].events.remove_handler("route/remote", rr_hook)
hosts[host].events.remove_handler("stanza/jabber:server:dialback:result", s2s_hook)
module:log ("debug", "removing host protection for: "..host)
end
@@ -50,6 +65,7 @@
local function init_hosts()
for n,table in pairs(hosts) do
hosts[n].events.remove_handler("s2sin-established", s2s_hook)
+ hosts[n].events.remove_handler("route/remote", rr_hook)
hosts[n].events.remove_handler("stanza/jabber:server:dialback:result", s2s_hook)
if guard_blockall:contains(n) or guard_protect:contains(n) then handle_activation(n) end
end