25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-06 16:42:56 +01:00

* src/ejabberd_s2s.erl: Implements s2s hosts whitelist / blacklist

* src/ejabberd.cfg.example: Likewise

SVN Revision: 818
This commit is contained in:
Mickaël Rémond 2007-07-18 17:42:53 +00:00
parent abadd82c66
commit 9da2c78eb4
3 changed files with 33 additions and 6 deletions

View File

@ -1,5 +1,8 @@
2007-07-18 Mickael Remond <mickael.remond@process-one.net>
* src/ejabberd_s2s.erl: Implements s2s hosts whitelist / blacklist
* src/ejabberd.cfg.example: Likewise
* src/ejabberd_s2s_out.erl: Make s2s connections more robust
* src/ejabberd_s2s.erl: Likewise
@ -32,7 +35,7 @@
* src/mod_echo.erl: mod_echo does not reply to other
components. This is to make sure that a component will not
discover its own capabilities (Thanks to Badlop) (EJAB-281).
* src/ejabberd.cfg: disable mod_echo in the example config
* src/ejabberd.cfg.example: disable mod_echo in the example config
file. mod_echo is mainly a development/test module.
2007-07-09 Mickael Remond <mickael.remond@process-one.net>

View File

@ -152,6 +152,11 @@
%{domain_certfile, "example.org", "./example_org.pem"}.
%{domain_certfile, "example.com", "./example_com.pem"}.
%% S2S Whitelist or blacklist:
%{s2s_default_policy, allow}. %% Default s2s policy for undefined hosts
%%{{s2s_host,"goodhost.org"}, allow}.
%{{s2s_host,"badhost.org"}, deny}.
% If SRV lookup fails, then port 5269 is used to communicate with remote server
{outgoing_s2s_port, 5269}.

View File

@ -243,10 +243,12 @@ find_connection(From, To) ->
{'EXIT', Reason} ->
{aborted, Reason};
[] ->
case is_service(From, To) of
true ->
{aborted, error};
false ->
%% We try to establish connection if the host is not a
%% service and if the s2s host is not blacklisted or
%% is in whitelist:
case {is_service(From, To),
allow_host(MyServer, Server)} of
{false, true} ->
?DEBUG("starting new s2s connection~n", []),
Key = randoms:get_string(),
{ok, Pid} = ejabberd_s2s_out:start(
@ -269,7 +271,9 @@ find_connection(From, To) ->
_ ->
ejabberd_s2s_out:stop_connection(Pid)
end,
TRes
TRes;
_ ->
{aborted, error}
end;
[El] ->
{atomic, El#s2s.pid}
@ -331,3 +335,18 @@ update_tables() ->
false ->
ok
end.
%% Check if host is in blacklist or white list
allow_host(MyServer, S2SHost) ->
case ejabberd_config:get_local_option({{s2s_host, S2SHost},MyServer}) of
deny -> false;
allow -> true;
_ ->
case ejabberd_config:get_local_option({s2s_default_policy, MyServer}) of
deny -> false;
allow -> true;
_ -> allow %% The default s2s policy is allow
end
end.