diff options
| author | Evgeny Khramtsov <ekhramtsov@process-one.net> | 2019-05-15 18:13:31 +0300 |
|---|---|---|
| committer | Evgeny Khramtsov <ekhramtsov@process-one.net> | 2019-05-15 18:13:31 +0300 |
| commit | a4c3ea0dfb4836405ea16803569b5f081568c33b (patch) | |
| tree | 157cd75494873bb5804c0d1bfc69468186d4cf19 /src | |
| parent | Modify arguments of c2s_auth_result hook (diff) | |
Don't process failed EXTERNAL authentication by mod_fail2ban
This will only lead to confusion because it's not considered
possible to brute force client certificates.
Diffstat (limited to 'src')
| -rw-r--r-- | src/mod_fail2ban.erl | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/mod_fail2ban.erl b/src/mod_fail2ban.erl index 7c59fefc..29247a0d 100644 --- a/src/mod_fail2ban.erl +++ b/src/mod_fail2ban.erl @@ -53,6 +53,9 @@ %%%=================================================================== -spec c2s_auth_result(ejabberd_c2s:state(), true | {false, binary()}, binary()) -> ejabberd_c2s:state() | {stop, ejabberd_c2s:state()}. +c2s_auth_result(#{sasl_mech := Mech} = State, {false, _}, _User) + when Mech == <<"EXTERNAL">> -> + State; c2s_auth_result(#{ip := {Addr, _}, lserver := LServer} = State, {false, _}, _User) -> case is_whitelisted(LServer, Addr) of true -> |