Chapril/xmpp.chapril.org-ejabberd
26
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-12-26 17:38:45 +01:00
Code Releases Activity

mod_fail2ban: Add 'access' option for whitelisting

Browse Source 
Closes #535.
This commit is contained in:
Holger Weiss 2015-04-18 11:08:05 +02:00
parent afdc269825
commit aa36742a40
1 changed files with 25 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
src/mod_fail2ban.erl
View File

@ -53,20 +53,25 @@ start_link(Host, Opts) ->
gen_server:start_link({local, Proc}, ?MODULE, [Host, Opts], []). gen_server:start_link({local, Proc}, ?MODULE, [Host, Opts], []).
c2s_auth_result(false, _User, LServer, {Addr, _Port}) -> c2s_auth_result(false, _User, LServer, {Addr, _Port}) ->
BanLifetime = gen_mod:get_module_opt( case is_whitelisted(LServer, Addr) of
LServer, ?MODULE, c2s_auth_ban_lifetime, true ->
fun(T) when is_integer(T), T > 0 -> T end, ok;
?C2S_AUTH_BAN_LIFETIME), false ->
MaxFailures = gen_mod:get_module_opt( BanLifetime = gen_mod:get_module_opt(
LServer, ?MODULE, c2s_max_auth_failures, LServer, ?MODULE, c2s_auth_ban_lifetime,
fun(I) when is_integer(I), I > 0 -> I end, fun(T) when is_integer(T), T > 0 -> T end,
?C2S_MAX_AUTH_FAILURES), ?C2S_AUTH_BAN_LIFETIME),
UnbanTS = unban_timestamp(BanLifetime), MaxFailures = gen_mod:get_module_opt(
case ets:lookup(failed_auth, Addr) of LServer, ?MODULE, c2s_max_auth_failures,
[{Addr, N, _, _}] -> fun(I) when is_integer(I), I > 0 -> I end,
ets:insert(failed_auth, {Addr, N+1, UnbanTS, MaxFailures}); ?C2S_MAX_AUTH_FAILURES),
[] -> UnbanTS = unban_timestamp(BanLifetime),
ets:insert(failed_auth, {Addr, 1, UnbanTS, MaxFailures}) case ets:lookup(failed_auth, Addr) of
[{Addr, N, _, _}] ->
ets:insert(failed_auth, {Addr, N+1, UnbanTS, MaxFailures});
[] ->
ets:insert(failed_auth, {Addr, 1, UnbanTS, MaxFailures})
end
end; end;
c2s_auth_result(true, _User, _Server, _AddrPort) -> c2s_auth_result(true, _User, _Server, _AddrPort) ->
ok. ok.
@ -160,6 +165,12 @@ code_change(_OldVsn, State, _Extra) ->
%%%=================================================================== %%%===================================================================
%%% Internal functions %%% Internal functions
%%%=================================================================== %%%===================================================================
is_whitelisted(Host, Addr) ->
Access = gen_mod:get_module_opt(Host, ?MODULE, access,
fun(A) when is_atom(A) -> A end,
none),
acl:match_rule(Host, Access, Addr) == allow.
unban_timestamp(BanLifetime) -> unban_timestamp(BanLifetime) ->
{MegaSecs, MSecs, USecs} = now(), {MegaSecs, MSecs, USecs} = now(),
UnbanSecs = MegaSecs * 1000000 + MSecs + BanLifetime, UnbanSecs = MegaSecs * 1000000 + MSecs + BanLifetime,