From 9da2c78eb489b8d1e355f3ddd094463fdea29196 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micka=C3=ABl=20R=C3=A9mond?=
 <mickael.remond@process-one.net>
Date: Wed, 18 Jul 2007 17:42:53 +0000
Subject: [PATCH] * src/ejabberd_s2s.erl: Implements s2s hosts whitelist /
 blacklist * src/ejabberd.cfg.example: Likewise

SVN Revision: 818
---
 ChangeLog                |  5 ++++-
 src/ejabberd.cfg.example |  5 +++++
 src/ejabberd_s2s.erl     | 29 ++++++++++++++++++++++++-----
 3 files changed, 33 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 3cc8e13f2..ce6c3bb01 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 2007-07-18  Mickael Remond  <mickael.remond@process-one.net>
 
+	* src/ejabberd_s2s.erl: Implements s2s hosts whitelist / blacklist
+	* src/ejabberd.cfg.example: Likewise
+
 	* src/ejabberd_s2s_out.erl: Make s2s connections more robust
 	* src/ejabberd_s2s.erl: Likewise
 
@@ -32,7 +35,7 @@
 	* src/mod_echo.erl: mod_echo does not reply to other
 	components. This is to make sure that a component will not
 	discover its own capabilities (Thanks to Badlop) (EJAB-281).
-	* src/ejabberd.cfg: disable mod_echo in the example config
+	* src/ejabberd.cfg.example: disable mod_echo in the example config
 	file. mod_echo is mainly a development/test module.
 
 2007-07-09  Mickael Remond  <mickael.remond@process-one.net>
diff --git a/src/ejabberd.cfg.example b/src/ejabberd.cfg.example
index f649d71b5..91f4fe870 100644
--- a/src/ejabberd.cfg.example
+++ b/src/ejabberd.cfg.example
@@ -152,6 +152,11 @@
 %{domain_certfile, "example.org", "./example_org.pem"}.
 %{domain_certfile, "example.com", "./example_com.pem"}.
 
+%% S2S Whitelist or blacklist:
+%{s2s_default_policy, allow}. %% Default s2s policy for undefined hosts
+%%{{s2s_host,"goodhost.org"}, allow}.
+%{{s2s_host,"badhost.org"}, deny}. 
+
 % If SRV lookup fails, then port 5269 is used to communicate with remote server
 {outgoing_s2s_port, 5269}.
 
diff --git a/src/ejabberd_s2s.erl b/src/ejabberd_s2s.erl
index 2c73daa36..4749732d6 100644
--- a/src/ejabberd_s2s.erl
+++ b/src/ejabberd_s2s.erl
@@ -243,10 +243,12 @@ find_connection(From, To) ->
 	{'EXIT', Reason} ->
 	    {aborted, Reason};
 	[] ->
-	    case is_service(From, To) of
-		true ->
-		    {aborted, error};
-		false ->
+	    %% We try to establish connection if the host is not a
+	    %% service and if the s2s host is not blacklisted or
+	    %% is in whitelist:
+	    case {is_service(From, To),
+		  allow_host(MyServer, Server)} of
+		{false, true} ->
 		    ?DEBUG("starting new s2s connection~n", []),
 		    Key = randoms:get_string(),
 		    {ok, Pid} = ejabberd_s2s_out:start(
@@ -269,7 +271,9 @@ find_connection(From, To) ->
 			_ ->
 			    ejabberd_s2s_out:stop_connection(Pid)
 		    end,
-		    TRes
+		    TRes;
+		_ ->
+		    {aborted, error}
 	    end;
 	[El] ->
 	    {atomic, El#s2s.pid}
@@ -331,3 +335,18 @@ update_tables() ->
 	false ->
 	    ok
     end.
+
+%% Check if host is in blacklist or white list
+allow_host(MyServer, S2SHost) ->
+    case ejabberd_config:get_local_option({{s2s_host, S2SHost},MyServer}) of
+	deny -> false;
+	allow -> true;
+	_ ->
+	    case ejabberd_config:get_local_option({s2s_default_policy, MyServer}) of
+		deny -> false;
+		allow -> true;
+		_ -> allow %% The default s2s policy is allow
+	    end
+    end.
+    
+