diff options
| author | Mickaël Rémond <mickael.remond@process-one.net> | 2007-07-18 17:42:53 +0000 |
|---|---|---|
| committer | Mickaël Rémond <mickael.remond@process-one.net> | 2007-07-18 17:42:53 +0000 |
| commit | 9da2c78eb489b8d1e355f3ddd094463fdea29196 (patch) | |
| tree | ff760bba40d94126b3efa64e9187dd2599f2ed29 /src | |
| parent | * src/ejabberd_s2s_out.erl: Make s2s connections more robust (diff) | |
* src/ejabberd_s2s.erl: Implements s2s hosts whitelist / blacklist
* src/ejabberd.cfg.example: Likewise
SVN Revision: 818
Diffstat (limited to 'src')
| -rw-r--r-- | src/ejabberd.cfg.example | 5 | ||||
| -rw-r--r-- | src/ejabberd_s2s.erl | 29 |
2 files changed, 29 insertions, 5 deletions
diff --git a/src/ejabberd.cfg.example b/src/ejabberd.cfg.example index f649d71b5..91f4fe870 100644 --- a/src/ejabberd.cfg.example +++ b/src/ejabberd.cfg.example @@ -152,6 +152,11 @@ %{domain_certfile, "example.org", "./example_org.pem"}. %{domain_certfile, "example.com", "./example_com.pem"}. +%% S2S Whitelist or blacklist: +%{s2s_default_policy, allow}. %% Default s2s policy for undefined hosts +%%{{s2s_host,"goodhost.org"}, allow}. +%{{s2s_host,"badhost.org"}, deny}. + % If SRV lookup fails, then port 5269 is used to communicate with remote server {outgoing_s2s_port, 5269}. diff --git a/src/ejabberd_s2s.erl b/src/ejabberd_s2s.erl index 2c73daa36..4749732d6 100644 --- a/src/ejabberd_s2s.erl +++ b/src/ejabberd_s2s.erl @@ -243,10 +243,12 @@ find_connection(From, To) -> {'EXIT', Reason} -> {aborted, Reason}; [] -> - case is_service(From, To) of - true -> - {aborted, error}; - false -> + %% We try to establish connection if the host is not a + %% service and if the s2s host is not blacklisted or + %% is in whitelist: + case {is_service(From, To), + allow_host(MyServer, Server)} of + {false, true} -> ?DEBUG("starting new s2s connection~n", []), Key = randoms:get_string(), {ok, Pid} = ejabberd_s2s_out:start( @@ -269,7 +271,9 @@ find_connection(From, To) -> _ -> ejabberd_s2s_out:stop_connection(Pid) end, - TRes + TRes; + _ -> + {aborted, error} end; [El] -> {atomic, El#s2s.pid} @@ -331,3 +335,18 @@ update_tables() -> false -> ok end. + +%% Check if host is in blacklist or white list +allow_host(MyServer, S2SHost) -> + case ejabberd_config:get_local_option({{s2s_host, S2SHost},MyServer}) of + deny -> false; + allow -> true; + _ -> + case ejabberd_config:get_local_option({s2s_default_policy, MyServer}) of + deny -> false; + allow -> true; + _ -> allow %% The default s2s policy is allow + end + end. + + |