fixing 1324 commit issue on tagged versions
SVN Revision: 1326
This commit is contained in:
parent
1f91eb0b11
commit
1035e2064d
|
@ -1,11 +1,3 @@
|
||||||
2008-05-05 Mickael Remond <mremond@process-one.net>
|
|
||||||
|
|
||||||
* src/ejabberd_c2s.erl: Added C2S blacklist support (EJAB-625).
|
|
||||||
* src/mod_ip_blacklist.erl: Likewise.
|
|
||||||
* src/jlib.erl: Added IP format tuple to string function.
|
|
||||||
* src/ejabberd_socket.erl: Properly handled c2s start failure (happen
|
|
||||||
for blacklisted IP).
|
|
||||||
|
|
||||||
2008-02-21 Badlop <badlop@process-one.net>
|
2008-02-21 Badlop <badlop@process-one.net>
|
||||||
|
|
||||||
* doc/release_notes_2.0.0.txt: Small fixes and update date
|
* doc/release_notes_2.0.0.txt: Small fixes and update date
|
||||||
|
|
|
@ -174,35 +174,26 @@ init([{SockMod, Socket}, Opts]) ->
|
||||||
(_) -> false
|
(_) -> false
|
||||||
end, Opts),
|
end, Opts),
|
||||||
IP = peerip(SockMod, Socket),
|
IP = peerip(SockMod, Socket),
|
||||||
%% Check if IP is blacklisted:
|
Socket1 =
|
||||||
case is_ip_blacklisted(IP) of
|
if
|
||||||
true ->
|
TLSEnabled ->
|
||||||
?INFO_MSG("Connection attempt from blacklisted IP: ~s",
|
SockMod:starttls(Socket, TLSOpts);
|
||||||
[jlib:ip_to_list(IP)]),
|
true ->
|
||||||
{stop, normal};
|
Socket
|
||||||
false ->
|
end,
|
||||||
Socket1 =
|
SocketMonitor = SockMod:monitor(Socket1),
|
||||||
if
|
{ok, wait_for_stream, #state{socket = Socket1,
|
||||||
TLSEnabled ->
|
sockmod = SockMod,
|
||||||
SockMod:starttls(Socket, TLSOpts);
|
socket_monitor = SocketMonitor,
|
||||||
true ->
|
zlib = Zlib,
|
||||||
Socket
|
tls = TLS,
|
||||||
end,
|
tls_required = StartTLSRequired,
|
||||||
SocketMonitor = SockMod:monitor(Socket1),
|
tls_enabled = TLSEnabled,
|
||||||
{ok, wait_for_stream, #state{socket = Socket1,
|
tls_options = TLSOpts,
|
||||||
sockmod = SockMod,
|
streamid = new_id(),
|
||||||
socket_monitor = SocketMonitor,
|
access = Access,
|
||||||
zlib = Zlib,
|
shaper = Shaper,
|
||||||
tls = TLS,
|
ip = IP}, ?C2S_OPEN_TIMEOUT}.
|
||||||
tls_required = StartTLSRequired,
|
|
||||||
tls_enabled = TLSEnabled,
|
|
||||||
tls_options = TLSOpts,
|
|
||||||
streamid = new_id(),
|
|
||||||
access = Access,
|
|
||||||
shaper = Shaper,
|
|
||||||
ip = IP},
|
|
||||||
?C2S_OPEN_TIMEOUT}
|
|
||||||
end.
|
|
||||||
|
|
||||||
%% Return list of all available resources of contacts,
|
%% Return list of all available resources of contacts,
|
||||||
%% in form [{JID, Caps}].
|
%% in form [{JID, Caps}].
|
||||||
|
@ -851,6 +842,8 @@ wait_for_session(closed, StateData) ->
|
||||||
{stop, normal, StateData}.
|
{stop, normal, StateData}.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
session_established({xmlstreamelement, El}, StateData) ->
|
session_established({xmlstreamelement, El}, StateData) ->
|
||||||
{xmlelement, Name, Attrs, _Els} = El,
|
{xmlelement, Name, Attrs, _Els} = El,
|
||||||
User = StateData#state.user,
|
User = StateData#state.user,
|
||||||
|
@ -1951,7 +1944,3 @@ fsm_reply(Reply, session_established, StateData) ->
|
||||||
{reply, Reply, session_established, StateData, ?C2S_HIBERNATE_TIMEOUT};
|
{reply, Reply, session_established, StateData, ?C2S_HIBERNATE_TIMEOUT};
|
||||||
fsm_reply(Reply, StateName, StateData) ->
|
fsm_reply(Reply, StateName, StateData) ->
|
||||||
{reply, Reply, StateName, StateData, ?C2S_OPEN_TIMEOUT}.
|
{reply, Reply, StateName, StateData, ?C2S_OPEN_TIMEOUT}.
|
||||||
|
|
||||||
%% Used by c2s blacklist plugins
|
|
||||||
is_ip_blacklisted({IP,_Port}) ->
|
|
||||||
ejabberd_hooks:run_fold(check_bl_c2s, false, [IP]).
|
|
||||||
|
|
|
@ -65,27 +65,19 @@ start(Module, SockMod, Socket, Opts) ->
|
||||||
SocketData = #socket_state{sockmod = SockMod,
|
SocketData = #socket_state{sockmod = SockMod,
|
||||||
socket = Socket,
|
socket = Socket,
|
||||||
receiver = Receiver},
|
receiver = Receiver},
|
||||||
case Module:start({?MODULE, SocketData}, Opts) of
|
{ok, Pid} = Module:start({?MODULE, SocketData}, Opts),
|
||||||
{ok, Pid} ->
|
case SockMod:controlling_process(Socket, Receiver) of
|
||||||
case SockMod:controlling_process(Socket, Receiver) of
|
ok ->
|
||||||
ok ->
|
ok;
|
||||||
ok;
|
|
||||||
{error, _Reason} ->
|
|
||||||
SockMod:close(Socket)
|
|
||||||
end,
|
|
||||||
ejabberd_receiver:become_controller(Receiver, Pid);
|
|
||||||
{error, _Reason} ->
|
{error, _Reason} ->
|
||||||
SockMod:close(Socket)
|
SockMod:close(Socket)
|
||||||
end;
|
end,
|
||||||
|
ejabberd_receiver:become_controller(Receiver, Pid);
|
||||||
raw ->
|
raw ->
|
||||||
case Module:start({SockMod, Socket}, Opts) of
|
{ok, Pid} = Module:start({SockMod, Socket}, Opts),
|
||||||
{ok, Pid} ->
|
case SockMod:controlling_process(Socket, Pid) of
|
||||||
case SockMod:controlling_process(Socket, Pid) of
|
ok ->
|
||||||
ok ->
|
ok;
|
||||||
ok;
|
|
||||||
{error, _Reason} ->
|
|
||||||
SockMod:close(Socket)
|
|
||||||
end;
|
|
||||||
{error, _Reason} ->
|
{error, _Reason} ->
|
||||||
SockMod:close(Socket)
|
SockMod:close(Socket)
|
||||||
end
|
end
|
||||||
|
|
|
@ -59,8 +59,7 @@
|
||||||
now_to_local_string/1,
|
now_to_local_string/1,
|
||||||
datetime_string_to_timestamp/1,
|
datetime_string_to_timestamp/1,
|
||||||
decode_base64/1,
|
decode_base64/1,
|
||||||
encode_base64/1,
|
encode_base64/1]).
|
||||||
ip_to_list/1]).
|
|
||||||
|
|
||||||
-include("jlib.hrl").
|
-include("jlib.hrl").
|
||||||
|
|
||||||
|
@ -677,9 +676,3 @@ e(X) when X>51, X<62 -> X-4;
|
||||||
e(62) -> $+;
|
e(62) -> $+;
|
||||||
e(63) -> $/;
|
e(63) -> $/;
|
||||||
e(X) -> exit({bad_encode_base64_token, X}).
|
e(X) -> exit({bad_encode_base64_token, X}).
|
||||||
|
|
||||||
%% Convert Erlang inet IP to list
|
|
||||||
ip_to_list({IP, _Port}) ->
|
|
||||||
ip_to_list(IP);
|
|
||||||
ip_to_list({A,B,C,D}) ->
|
|
||||||
lists:flatten(io_lib:format("~w.~w.~w.~w",[A,B,C,D])).
|
|
||||||
|
|
|
@ -1,113 +0,0 @@
|
||||||
%%%----------------------------------------------------------------------
|
|
||||||
%%% File : mod_ip_blacklist.erl
|
|
||||||
%%% Author : Mickael Remond <mremond@process-one.net>
|
|
||||||
%%% Purpose : Download blacklists from ProcessOne
|
|
||||||
%%% Created : 5 May 2008 by Mickael Remond <mremond@process-one.net>
|
|
||||||
%%% Usage : Add the following line in modules section of ejabberd.cfg:
|
|
||||||
%%% {mod_ip_blacklist, []}
|
|
||||||
%%%
|
|
||||||
%%%
|
|
||||||
%%% ejabberd, Copyright (C) 2002-2008 Process-one
|
|
||||||
%%%
|
|
||||||
%%% This program is free software; you can redistribute it and/or
|
|
||||||
%%% modify it under the terms of the GNU General Public License as
|
|
||||||
%%% published by the Free Software Foundation; either version 2 of the
|
|
||||||
%%% License, or (at your option) any later version.
|
|
||||||
%%%
|
|
||||||
%%% This program is distributed in the hope that it will be useful,
|
|
||||||
%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
%%% General Public License for more details.
|
|
||||||
%%%
|
|
||||||
%%% You should have received a copy of the GNU General Public License
|
|
||||||
%%% along with this program; if not, write to the Free Software
|
|
||||||
%%% Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
|
||||||
%%% 02111-1307 USA
|
|
||||||
%%%
|
|
||||||
%%%----------------------------------------------------------------------
|
|
||||||
|
|
||||||
-module(mod_ip_blacklist).
|
|
||||||
-author('mremond@process-one.net').
|
|
||||||
|
|
||||||
-behaviour(gen_mod).
|
|
||||||
|
|
||||||
%% API:
|
|
||||||
-export([start/2,
|
|
||||||
init/1,
|
|
||||||
stop/1]).
|
|
||||||
-export([update_bl_c2s/0]).
|
|
||||||
%% Hooks:
|
|
||||||
-export([is_ip_in_c2s_blacklist/2]).
|
|
||||||
|
|
||||||
-include("ejabberd.hrl").
|
|
||||||
|
|
||||||
-define(PROCNAME, ?MODULE).
|
|
||||||
-define(BLC2S, "http://xaai.process-one.net/bl_c2s.txt").
|
|
||||||
-define(UPDATE_INTERVAL, 6). %% in hours
|
|
||||||
|
|
||||||
-record(state, {timer}).
|
|
||||||
-record(bl_c2s, {ip}).
|
|
||||||
|
|
||||||
%% Start once for all vhost
|
|
||||||
start(Host, Opts) ->
|
|
||||||
case whereis(?PROCNAME) of
|
|
||||||
undefined ->
|
|
||||||
?DEBUG("Starting mod_ip_blacklist ~p ~p~n", [Host, Opts]),
|
|
||||||
register(?PROCNAME,
|
|
||||||
spawn(?MODULE, init, [#state{}]));
|
|
||||||
_ ->
|
|
||||||
ok
|
|
||||||
end.
|
|
||||||
|
|
||||||
%% TODO:
|
|
||||||
stop(_Host) ->
|
|
||||||
ok.
|
|
||||||
|
|
||||||
init(State)->
|
|
||||||
inets:start(),
|
|
||||||
ets:new(bl_c2s, [named_table, public, {keypos, #bl_c2s.ip}]),
|
|
||||||
update_bl_c2s(),
|
|
||||||
%% Register hooks for blacklist
|
|
||||||
ejabberd_hooks:add(check_bl_c2s, ?MODULE, is_ip_in_c2s_blacklist, 50),
|
|
||||||
%% Set timer: Download the blacklist file every 6 hours
|
|
||||||
timer:apply_interval(timer:hours(?UPDATE_INTERVAL), ?MODULE, update_bl_c2s, []),
|
|
||||||
loop(State).
|
|
||||||
|
|
||||||
%% Remove timer when stop is received.
|
|
||||||
loop(_State) ->
|
|
||||||
receive
|
|
||||||
stop ->
|
|
||||||
ok
|
|
||||||
end.
|
|
||||||
|
|
||||||
%% Download blacklist file from ProcessOne XAAI
|
|
||||||
%% and update the table internal table
|
|
||||||
%% TODO: Support comment lines starting by %
|
|
||||||
update_bl_c2s() ->
|
|
||||||
?INFO_MSG("Updating C2S Blacklist", []),
|
|
||||||
{ok, {{_Version, 200, _Reason}, _Headers, Body}} = http:request(?BLC2S),
|
|
||||||
IPs = string:tokens(Body,"\n"),
|
|
||||||
ets:delete_all_objects(bl_c2s),
|
|
||||||
lists:foreach(
|
|
||||||
fun(IP) ->
|
|
||||||
ets:insert(bl_c2s, #bl_c2s{ip=list_to_binary(IP)})
|
|
||||||
end, IPs).
|
|
||||||
|
|
||||||
%% Hook is run with:
|
|
||||||
%% ejabberd_hooks:run_fold(check_bl_c2s, false, [IP]),
|
|
||||||
%% Return: false: IP not blacklisted
|
|
||||||
%% true: IP is blacklisted
|
|
||||||
%% IPV4 IP tuple:
|
|
||||||
is_ip_in_c2s_blacklist(_Val, IP) ->
|
|
||||||
BinaryIP = list_to_binary(jlib:ip_to_list(IP)),
|
|
||||||
case ets:lookup(bl_c2s, BinaryIP) of
|
|
||||||
[] -> %% Not in blacklist
|
|
||||||
false;
|
|
||||||
[_] -> %% Blacklisted!
|
|
||||||
{stop, true}
|
|
||||||
end.
|
|
||||||
|
|
||||||
|
|
||||||
%% TODO:
|
|
||||||
%% - For now, we do not kick user already logged on a given IP after
|
|
||||||
%% we update the blacklist.
|
|
Loading…
Reference in New Issue