Chapril/xmpp.chapril.org-ejabberd
25
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-12-26 17:38:45 +01:00
Code Releases Activity

mod_fail2ban: Add 'access' option for whitelisting

Browse Source 
Closes #535.
This commit is contained in:
Holger Weiss 2015-04-18 11:08:05 +02:00
parent afdc269825
commit aa36742a40
1 changed files with 25 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
src/mod_fail2ban.erl
View File

@ -53,20 +53,25 @@ start_link(Host, Opts) ->
gen_server:start_link({local, Proc}, ?MODULE, [Host, Opts], []).
c2s_auth_result(false, _User, LServer, {Addr, _Port}) ->
BanLifetime = gen_mod:get_module_opt(
LServer, ?MODULE, c2s_auth_ban_lifetime,
fun(T) when is_integer(T), T > 0 -> T end,
?C2S_AUTH_BAN_LIFETIME),
MaxFailures = gen_mod:get_module_opt(
LServer, ?MODULE, c2s_max_auth_failures,
fun(I) when is_integer(I), I > 0 -> I end,
?C2S_MAX_AUTH_FAILURES),
UnbanTS = unban_timestamp(BanLifetime),
case ets:lookup(failed_auth, Addr) of
[{Addr, N, _, _}] ->
ets:insert(failed_auth, {Addr, N+1, UnbanTS, MaxFailures});
[] ->
ets:insert(failed_auth, {Addr, 1, UnbanTS, MaxFailures})
case is_whitelisted(LServer, Addr) of
true ->
ok;
false ->
BanLifetime = gen_mod:get_module_opt(
LServer, ?MODULE, c2s_auth_ban_lifetime,
fun(T) when is_integer(T), T > 0 -> T end,
?C2S_AUTH_BAN_LIFETIME),
MaxFailures = gen_mod:get_module_opt(
LServer, ?MODULE, c2s_max_auth_failures,
fun(I) when is_integer(I), I > 0 -> I end,
?C2S_MAX_AUTH_FAILURES),
UnbanTS = unban_timestamp(BanLifetime),
case ets:lookup(failed_auth, Addr) of
[{Addr, N, _, _}] ->
ets:insert(failed_auth, {Addr, N+1, UnbanTS, MaxFailures});
[] ->
ets:insert(failed_auth, {Addr, 1, UnbanTS, MaxFailures})
end
end;
c2s_auth_result(true, _User, _Server, _AddrPort) ->
ok.
@ -160,6 +165,12 @@ code_change(_OldVsn, State, _Extra) ->
%%%===================================================================
%%% Internal functions
%%%===================================================================
is_whitelisted(Host, Addr) ->
Access = gen_mod:get_module_opt(Host, ?MODULE, access,
fun(A) when is_atom(A) -> A end,
none),
acl:match_rule(Host, Access, Addr) == allow.
unban_timestamp(BanLifetime) ->
{MegaSecs, MSecs, USecs} = now(),
UnbanSecs = MegaSecs * 1000000 + MSecs + BanLifetime,