2008-05-05 18:25:52 +02:00
|
|
|
%%%----------------------------------------------------------------------
|
|
|
|
%%% File : mod_ip_blacklist.erl
|
|
|
|
%%% Author : Mickael Remond <mremond@process-one.net>
|
|
|
|
%%% Purpose : Download blacklists from ProcessOne
|
|
|
|
%%% Created : 5 May 2008 by Mickael Remond <mremond@process-one.net>
|
|
|
|
%%% Usage : Add the following line in modules section of ejabberd.cfg:
|
|
|
|
%%% {mod_ip_blacklist, []}
|
|
|
|
%%%
|
|
|
|
%%%
|
2016-01-13 12:29:14 +01:00
|
|
|
%%% ejabberd, Copyright (C) 2002-2016 ProcessOne
|
2008-05-05 18:25:52 +02:00
|
|
|
%%%
|
|
|
|
%%% This program is free software; you can redistribute it and/or
|
|
|
|
%%% modify it under the terms of the GNU General Public License as
|
|
|
|
%%% published by the Free Software Foundation; either version 2 of the
|
|
|
|
%%% License, or (at your option) any later version.
|
|
|
|
%%%
|
|
|
|
%%% This program is distributed in the hope that it will be useful,
|
|
|
|
%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
%%% General Public License for more details.
|
2009-01-12 15:44:42 +01:00
|
|
|
%%%
|
2014-02-22 11:27:40 +01:00
|
|
|
%%% You should have received a copy of the GNU General Public License along
|
|
|
|
%%% with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
|
%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
2008-05-05 18:25:52 +02:00
|
|
|
%%%
|
|
|
|
%%%----------------------------------------------------------------------
|
|
|
|
|
|
|
|
-module(mod_ip_blacklist).
|
2013-03-14 10:33:02 +01:00
|
|
|
|
2008-05-05 18:25:52 +02:00
|
|
|
-author('mremond@process-one.net').
|
|
|
|
|
|
|
|
-behaviour(gen_mod).
|
|
|
|
|
|
|
|
%% API:
|
2013-03-14 10:33:02 +01:00
|
|
|
-export([start/2, preinit/2, init/1, stop/1]).
|
|
|
|
|
2008-05-05 18:25:52 +02:00
|
|
|
-export([update_bl_c2s/0]).
|
2013-03-14 10:33:02 +01:00
|
|
|
|
2015-06-01 14:38:27 +02:00
|
|
|
-export([is_ip_in_c2s_blacklist/3, mod_opt_type/1]).
|
2008-05-05 18:25:52 +02:00
|
|
|
|
|
|
|
-include("ejabberd.hrl").
|
2013-04-08 11:12:54 +02:00
|
|
|
-include("logger.hrl").
|
2008-05-05 18:25:52 +02:00
|
|
|
|
|
|
|
-define(PROCNAME, ?MODULE).
|
2013-03-14 10:33:02 +01:00
|
|
|
|
|
|
|
-define(BLC2S,
|
|
|
|
<<"http://xaai.process-one.net/bl_c2s.txt">>).
|
|
|
|
|
|
|
|
-define(UPDATE_INTERVAL, 6).
|
2008-05-05 18:25:52 +02:00
|
|
|
|
|
|
|
-record(state, {timer}).
|
|
|
|
|
|
|
|
%% Start once for all vhost
|
2013-03-14 10:33:02 +01:00
|
|
|
-record(bl_c2s, {ip = <<"">> :: binary()}).
|
|
|
|
|
2011-11-26 17:03:24 +01:00
|
|
|
start(_Host, _Opts) ->
|
2013-03-14 10:33:02 +01:00
|
|
|
Pid = spawn(?MODULE, preinit, [self(), #state{}]),
|
|
|
|
receive {ok, Pid, PreinitResult} -> PreinitResult end.
|
2011-11-26 17:03:24 +01:00
|
|
|
|
|
|
|
preinit(Parent, State) ->
|
|
|
|
Pid = self(),
|
|
|
|
try register(?PROCNAME, Pid) of
|
2013-03-14 10:33:02 +01:00
|
|
|
true -> Parent ! {ok, Pid, true}, init(State)
|
|
|
|
catch
|
|
|
|
error:_ -> Parent ! {ok, Pid, true}
|
2008-05-05 18:25:52 +02:00
|
|
|
end.
|
|
|
|
|
|
|
|
%% TODO:
|
2013-03-14 10:33:02 +01:00
|
|
|
stop(_Host) -> ok.
|
2008-05-05 18:25:52 +02:00
|
|
|
|
2013-03-14 10:33:02 +01:00
|
|
|
init(State) ->
|
|
|
|
ets:new(bl_c2s,
|
|
|
|
[named_table, public, {keypos, #bl_c2s.ip}]),
|
2008-05-05 18:25:52 +02:00
|
|
|
update_bl_c2s(),
|
2013-03-14 10:33:02 +01:00
|
|
|
ejabberd_hooks:add(check_bl_c2s, ?MODULE,
|
|
|
|
is_ip_in_c2s_blacklist, 50),
|
|
|
|
timer:apply_interval(timer:hours(?UPDATE_INTERVAL),
|
|
|
|
?MODULE, update_bl_c2s, []),
|
2008-05-05 18:25:52 +02:00
|
|
|
loop(State).
|
|
|
|
|
|
|
|
%% Remove timer when stop is received.
|
2013-03-14 10:33:02 +01:00
|
|
|
loop(_State) -> receive stop -> ok end.
|
2008-05-05 18:25:52 +02:00
|
|
|
|
|
|
|
%% Download blacklist file from ProcessOne XAAI
|
|
|
|
%% and update the table internal table
|
|
|
|
%% TODO: Support comment lines starting by %
|
|
|
|
update_bl_c2s() ->
|
|
|
|
?INFO_MSG("Updating C2S Blacklist", []),
|
2011-11-26 17:20:06 +01:00
|
|
|
case httpc:request(?BLC2S) of
|
2013-03-14 10:33:02 +01:00
|
|
|
{ok, 200, _Headers, Body} ->
|
|
|
|
IPs = str:tokens(Body, <<"\n">>),
|
|
|
|
ets:delete_all_objects(bl_c2s),
|
|
|
|
lists:foreach(fun (IP) ->
|
|
|
|
ets:insert(bl_c2s,
|
|
|
|
#bl_c2s{ip = IP})
|
|
|
|
end,
|
|
|
|
IPs);
|
|
|
|
{error, Reason} ->
|
|
|
|
?ERROR_MSG("Cannot download C2S blacklist file. "
|
|
|
|
"Reason: ~p",
|
|
|
|
[Reason])
|
2008-05-09 21:53:06 +02:00
|
|
|
end.
|
2008-05-05 18:25:52 +02:00
|
|
|
|
|
|
|
%% Hook is run with:
|
|
|
|
%% ejabberd_hooks:run_fold(check_bl_c2s, false, [IP]),
|
|
|
|
%% Return: false: IP not blacklisted
|
|
|
|
%% true: IP is blacklisted
|
|
|
|
%% IPV4 IP tuple:
|
2014-08-17 15:38:38 +02:00
|
|
|
is_ip_in_c2s_blacklist(_Val, IP, Lang) when is_tuple(IP) ->
|
2013-03-14 10:33:02 +01:00
|
|
|
BinaryIP = jlib:ip_to_list(IP),
|
2008-05-05 18:25:52 +02:00
|
|
|
case ets:lookup(bl_c2s, BinaryIP) of
|
2013-03-14 10:33:02 +01:00
|
|
|
[] -> %% Not in blacklist
|
|
|
|
false;
|
2014-08-17 15:38:38 +02:00
|
|
|
[_] ->
|
|
|
|
LogReason = io_lib:fwrite(
|
|
|
|
"This IP address is blacklisted in ~s",
|
|
|
|
[?BLC2S]),
|
|
|
|
ReasonT = io_lib:fwrite(
|
|
|
|
translate:translate(
|
|
|
|
Lang,
|
|
|
|
<<"This IP address is blacklisted in ~s">>),
|
|
|
|
[?BLC2S]),
|
|
|
|
{stop, {true, LogReason, ReasonT}}
|
2008-05-08 16:55:06 +02:00
|
|
|
end;
|
2014-08-17 15:38:38 +02:00
|
|
|
is_ip_in_c2s_blacklist(_Val, _IP, _Lang) -> false.
|
2008-05-05 18:25:52 +02:00
|
|
|
|
|
|
|
%% TODO:
|
|
|
|
%% - For now, we do not kick user already logged on a given IP after
|
|
|
|
%% we update the blacklist.
|
2013-03-14 10:33:02 +01:00
|
|
|
|
2015-06-01 14:38:27 +02:00
|
|
|
|
|
|
|
mod_opt_type(_) -> [].
|