--- a/mod_host_guard/mod_host_guard.lua Sat Jan 07 00:37:35 2012 +0000
+++ b/mod_host_guard/mod_host_guard.lua Sat Jan 07 18:09:48 2012 +0000
@@ -8,62 +8,62 @@
local guard_protect = module:get_option_set("host_guard_selective", {})
local guard_block_bl = module:get_option_set("host_guard_blacklist", {})
-local s2smanager = require "core.s2smanager";
-local config = require "core.configmanager";
-local nameprep = require "util.encodings".stringprep.nameprep;
+local s2smanager = require "core.s2smanager"
+local config = require "core.configmanager"
+local nameprep = require "util.encodings".stringprep.nameprep
-local _make_connect = s2smanager.make_connect;
+local _make_connect = s2smanager.make_connect
function s2smanager.make_connect(session, connect_host, connect_port)
if not session.s2sValidation then
if guard_blockall:contains(session.from_host) and not guard_ball_wl:contains(session.to_host) or
guard_block_bl:contains(session.to_host) and guard_protect:contains(session.from_host) then
- module:log("error", "remote service %s attempted to access restricted host %s", session.to_host, session.from_host);
- s2smanager.destroy_session(session, "You're not authorized, good bye.");
+ module:log("error", "remote service %s attempted to access restricted host %s", session.to_host, session.from_host)
+ s2smanager.destroy_session(session, "You're not authorized, good bye.")
return false;
end
end
- return _make_connect(session, connect_host, connect_port);
+ return _make_connect(session, connect_host, connect_port)
end
-local _stream_opened = s2smanager.streamopened;
+local _stream_opened = s2smanager.streamopened
function s2smanager.streamopened(session, attr)
- local host = attr.to and nameprep(attr.to);
- local from = attr.from and nameprep(attr.from);
+ local host = attr.to and nameprep(attr.to)
+ local from = attr.from and nameprep(attr.from)
if not from then
- session.s2sValidation = false;
+ session.s2sValidation = false
else
- session.s2sValidation = true;
+ session.s2sValidation = true
end
if guard_blockall:contains(host) and not guard_ball_wl:contains(from) or
guard_block_bl:contains(from) and guard_protect:contains(host) then
- module:log("error", "remote service %s attempted to access restricted host %s", from, host);
- session:close({condition = "policy-violation", text = "You're not authorized, good bye."});
+ module:log("error", "remote service %s attempted to access restricted host %s", from, host)
+ session:close({condition = "policy-violation", text = "You're not authorized, good bye."})
return false;
end
- _stream_opened(session, attr);
+ _stream_opened(session, attr)
end
local function sdr_hook (event)
- local origin, stanza = event.origin, event.stanza;
+ local origin, stanza = event.origin, event.stanza
if origin.type == "s2sin" or origin.type == "s2sin_unauthed" then
if guard_blockall:contains(stanza.attr.to) and not guard_ball_wl:contains(stanza.attr.from) or
guard_block_bl:contains(stanza.attr.from) and guard_protect:contains(stanza.attr.to) then
- module:log("error", "remote service %s attempted to access restricted host %s", stanza.attr.from, stanza.attr.to);
- origin:close({condition = "policy-violation", text = "You're not authorized, good bye."});
- return false;
+ module:log("error", "remote service %s attempted to access restricted host %s", stanza.attr.from, stanza.attr.to)
+ origin:close({condition = "policy-violation", text = "You're not authorized, good bye."})
+ return false
end
end
- return nil;
+ return nil
end
local function handle_activation (host)
if guard_blockall:contains(host) or guard_protect:contains(host) then
if hosts[host] and hosts[host].events then
- hosts[host].events.add_handler("stanza/jabber:server:dialback:result", sdr_hook, 100);
- module:log ("debug", "adding host protection for: "..host);
+ hosts[host].events.add_handler("stanza/jabber:server:dialback:result", sdr_hook, 100)
+ module:log ("debug", "adding host protection for: "..host)
end
end
end
@@ -71,39 +71,39 @@
local function handle_deactivation (host)
if guard_blockall:contains(host) or guard_protect:contains(host) then
if hosts[host] and hosts[host].events then
- hosts[host].events.remove_handler("stanza/jabber:server:dialback:result", sdr_hook);
- module:log ("debug", "removing host protection for: "..host);
+ hosts[host].events.remove_handler("stanza/jabber:server:dialback:result", sdr_hook)
+ module:log ("debug", "removing host protection for: "..host)
end
end
end
local function reload()
- module:log ("debug", "server configuration reloaded, rehashing plugin tables...");
- guard_blockall = module:get_option_set("host_guard_blockall", {});
- guard_ball_wl = module:get_option_set("host_guard_blockall_exceptions", {});
- guard_protect = module:get_option_set("host_guard_components", {});
- guard_block_bl = module:get_option_set("host_guard_blacklist", {});
+ module:log ("debug", "server configuration reloaded, rehashing plugin tables...")
+ guard_blockall = module:get_option_set("host_guard_blockall", {})
+ guard_ball_wl = module:get_option_set("host_guard_blockall_exceptions", {})
+ guard_protect = module:get_option_set("host_guard_components", {})
+ guard_block_bl = module:get_option_set("host_guard_blacklist", {})
end
local function setup()
- module:log ("debug", "initializing host guard module...");
+ module:log ("debug", "initializing host guard module...")
- module:hook ("component-activated", handle_activation);
- module:hook ("component-deactivated", handle_deactivation);
- module:hook ("config-reloaded", reload);
+ module:hook ("component-activated", handle_activation)
+ module:hook ("component-deactivated", handle_deactivation)
+ module:hook ("config-reloaded", reload)
for n,table in pairs(hosts) do
if table.type == "component" then
if guard_blockall:contains(n) or guard_protect:contains(n) then
- hosts[n].events.remove_handler("stanza/jabber:server:dialback:result", sdr_hook);
- handle_activation(n);
+ hosts[n].events.remove_handler("stanza/jabber:server:dialback:result", sdr_hook)
+ handle_activation(n)
end
end
end
end
if prosody.start_time then
- setup();
+ setup()
else
- prosody.events.add_handler("server-started", setup);
+ prosody.events.add_handler("server-started", setup)
end