diff options
| author | Evgeny Khramtsov <ekhramtsov@process-one.net> | 2019-05-15 17:21:09 +0300 |
|---|---|---|
| committer | Evgeny Khramtsov <ekhramtsov@process-one.net> | 2019-05-15 17:21:09 +0300 |
| commit | 3c95764d1ae9d5849c3fd07c8ee4a757db238dc9 (patch) | |
| tree | a20ae2d4659bf723f75862f82dbf26c1b8ea6e23 | |
| parent | Preliminary support for SQL in process_rosteritems, and move code (#2448) (diff) | |
Modify arguments of c2s_auth_result hook
The hook now accepts `true | {false, Reason :: binary()}` arguments
instead of just `true | false`
| -rw-r--r-- | src/ejabberd_c2s.erl | 47 | ||||
| -rw-r--r-- | src/mod_fail2ban.erl | 6 |
2 files changed, 32 insertions, 21 deletions
diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl index 25e6ee4d..492e2d89 100644 --- a/src/ejabberd_c2s.erl +++ b/src/ejabberd_c2s.erl @@ -42,7 +42,7 @@ handle_auth_success/4, handle_auth_failure/4, handle_send/3, handle_recv/3, handle_cdata/2, handle_unbinded_packet/2]). %% Hooks --export([handle_unexpected_cast/2, +-export([handle_unexpected_cast/2, process_auth_result/3, reject_unauthenticated_packet/2, process_closed/2, process_terminated/2, process_info/2]). %% API @@ -159,6 +159,8 @@ host_up(Host) -> reject_unauthenticated_packet, 100), ejabberd_hooks:add(c2s_handle_info, Host, ?MODULE, process_info, 100), + ejabberd_hooks:add(c2s_auth_result, Host, ?MODULE, + process_auth_result, 100), ejabberd_hooks:add(c2s_handle_cast, Host, ?MODULE, handle_unexpected_cast, 100). @@ -171,6 +173,8 @@ host_down(Host) -> reject_unauthenticated_packet, 100), ejabberd_hooks:delete(c2s_handle_info, Host, ?MODULE, process_info, 100), + ejabberd_hooks:delete(c2s_auth_result, Host, ?MODULE, + process_auth_result, 100), ejabberd_hooks:delete(c2s_handle_cast, Host, ?MODULE, handle_unexpected_cast, 100). @@ -257,6 +261,25 @@ reject_unauthenticated_packet(State, _Pkt) -> Err = xmpp:serr_not_authorized(), send(State, Err). +process_auth_result(#{sasl_mech := Mech, auth_module := AuthModule, + socket := Socket, ip := IP, lserver := LServer} = State, + true, User) -> + ?INFO_MSG("(~s) Accepted c2s ~s authentication for ~s@~s by ~s backend from ~s", + [xmpp_socket:pp(Socket), Mech, User, LServer, + ejabberd_auth:backend_type(AuthModule), + ejabberd_config:may_hide_data(misc:ip_to_list(IP))]), + State; +process_auth_result(#{sasl_mech := Mech, + socket := Socket, ip := IP, lserver := LServer} = State, + {false, Reason}, User) -> + ?WARNING_MSG("(~s) Failed c2s ~s authentication ~sfrom ~s: ~s", + [xmpp_socket:pp(Socket), Mech, + if User /= <<"">> -> ["for ", User, "@", LServer, " "]; + true -> "" + end, + ejabberd_config:may_hide_data(misc:ip_to_list(IP)), Reason]), + State. + process_closed(State, Reason) -> stop(State#{stop_reason => Reason}). @@ -436,26 +459,14 @@ handle_stream_end(Reason, #{lserver := LServer} = State) -> State1 = State#{stop_reason => Reason}, ejabberd_hooks:run_fold(c2s_closed, LServer, State1, [Reason]). -handle_auth_success(User, Mech, AuthModule, - #{socket := Socket, - ip := IP, lserver := LServer} = State) -> - ?INFO_MSG("(~s) Accepted c2s ~s authentication for ~s@~s by ~s backend from ~s", - [xmpp_socket:pp(Socket), Mech, User, LServer, - ejabberd_auth:backend_type(AuthModule), - ejabberd_config:may_hide_data(misc:ip_to_list(IP))]), +handle_auth_success(User, _Mech, AuthModule, + #{lserver := LServer} = State) -> State1 = State#{auth_module => AuthModule}, ejabberd_hooks:run_fold(c2s_auth_result, LServer, State1, [true, User]). -handle_auth_failure(User, Mech, Reason, - #{socket := Socket, - ip := IP, lserver := LServer} = State) -> - ?WARNING_MSG("(~s) Failed c2s ~s authentication ~sfrom ~s: ~s", - [xmpp_socket:pp(Socket), Mech, - if User /= <<"">> -> ["for ", User, "@", LServer, " "]; - true -> "" - end, - ejabberd_config:may_hide_data(misc:ip_to_list(IP)), Reason]), - ejabberd_hooks:run_fold(c2s_auth_result, LServer, State, [false, User]). +handle_auth_failure(User, _Mech, Reason, + #{lserver := LServer} = State) -> + ejabberd_hooks:run_fold(c2s_auth_result, LServer, State, [{false, Reason}, User]). handle_unbinded_packet(Pkt, #{lserver := LServer} = State) -> ejabberd_hooks:run_fold(c2s_unbinded_packet, LServer, State, [Pkt]). diff --git a/src/mod_fail2ban.erl b/src/mod_fail2ban.erl index 3e3d7c57..7c59fefc 100644 --- a/src/mod_fail2ban.erl +++ b/src/mod_fail2ban.erl @@ -1,7 +1,7 @@ %%%------------------------------------------------------------------- %%% File : mod_fail2ban.erl %%% Author : Evgeny Khramtsov <ekhramtsov@process-one.net> -%%% Purpose : +%%% Purpose : %%% Created : 15 Aug 2014 by Evgeny Khramtsov <ekhramtsov@process-one.net> %%% %%% @@ -51,9 +51,9 @@ %%%=================================================================== %%% API %%%=================================================================== --spec c2s_auth_result(ejabberd_c2s:state(), boolean(), binary()) +-spec c2s_auth_result(ejabberd_c2s:state(), true | {false, binary()}, binary()) -> ejabberd_c2s:state() | {stop, ejabberd_c2s:state()}. -c2s_auth_result(#{ip := {Addr, _}, lserver := LServer} = State, false, _User) -> +c2s_auth_result(#{ip := {Addr, _}, lserver := LServer} = State, {false, _}, _User) -> case is_whitelisted(LServer, Addr) of true -> State; |