aboutsummaryrefslogtreecommitdiff
path: root/src/ejabberd_c2s.erl
diff options
context:
space:
mode:
Diffstat (limited to 'src/ejabberd_c2s.erl')
-rw-r--r--src/ejabberd_c2s.erl26
1 files changed, 18 insertions, 8 deletions
diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl
index fa8ec3f5b..e5304044a 100644
--- a/src/ejabberd_c2s.erl
+++ b/src/ejabberd_c2s.erl
@@ -1879,10 +1879,7 @@ presence_track(From, To, Packet, StateData) ->
A = remove_element(LTo, StateData#state.pres_a),
StateData#state{pres_a = A};
<<"subscribe">> ->
- ejabberd_hooks:run(roster_out_subscription, Server,
- [User, Server, To, subscribe]),
- check_privacy_route(From, StateData,
- jlib:jid_remove_resource(From), To, Packet),
+ try_roster_subscribe(subscribe, User, Server, From, To, Packet, StateData),
StateData;
<<"subscribed">> ->
ejabberd_hooks:run(roster_out_subscription, Server,
@@ -1891,10 +1888,7 @@ presence_track(From, To, Packet, StateData) ->
jlib:jid_remove_resource(From), To, Packet),
StateData;
<<"unsubscribe">> ->
- ejabberd_hooks:run(roster_out_subscription, Server,
- [User, Server, To, unsubscribe]),
- check_privacy_route(From, StateData,
- jlib:jid_remove_resource(From), To, Packet),
+ try_roster_subscribe(unsubscribe, User, Server, From, To, Packet, StateData),
StateData;
<<"unsubscribed">> ->
ejabberd_hooks:run(roster_out_subscription, Server,
@@ -1943,6 +1937,22 @@ is_privacy_allow(StateData, From, To, Packet, Dir) ->
allow ==
privacy_check_packet(StateData, From, To, Packet, Dir).
+%%% Check ACL before allowing to send a subscription stanza
+try_roster_subscribe(Type, User, Server, From, To, Packet, StateData) ->
+ JID1 = jlib:make_jid(User, Server, <<"">>),
+ Access = gen_mod:get_module_opt(Server, mod_roster, access, fun(A) when is_atom(A) -> A end, all),
+ case acl:match_rule(Server, Access, JID1) of
+ deny ->
+ %% Silently drop this (un)subscription request
+ ok;
+ allow ->
+ ejabberd_hooks:run(roster_out_subscription,
+ Server,
+ [User, Server, To, Type]),
+ check_privacy_route(From, StateData, jlib:jid_remove_resource(From),
+ To, Packet)
+ end.
+
%% Send presence when disconnecting
presence_broadcast(StateData, From, JIDSet, Packet) ->
JIDs = ?SETS:to_list(JIDSet),
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-20 17:49:58 +0000