2007-07-18 Mickael Remond <mickael.remond@process-one.net>
+ * src/ejabberd_s2s.erl: Implements s2s hosts whitelist / blacklist
+ * src/ejabberd.cfg.example: Likewise
+
* src/ejabberd_s2s_out.erl: Make s2s connections more robust
* src/ejabberd_s2s.erl: Likewise
* src/mod_echo.erl: mod_echo does not reply to other
components. This is to make sure that a component will not
discover its own capabilities (Thanks to Badlop) (EJAB-281).
- * src/ejabberd.cfg: disable mod_echo in the example config
+ * src/ejabberd.cfg.example: disable mod_echo in the example config
file. mod_echo is mainly a development/test module.
2007-07-09 Mickael Remond <mickael.remond@process-one.net>
%{domain_certfile, "example.org", "./example_org.pem"}.
%{domain_certfile, "example.com", "./example_com.pem"}.
+%% S2S Whitelist or blacklist:
+%{s2s_default_policy, allow}. %% Default s2s policy for undefined hosts
+%%{{s2s_host,"goodhost.org"}, allow}.
+%{{s2s_host,"badhost.org"}, deny}.
+
% If SRV lookup fails, then port 5269 is used to communicate with remote server
{outgoing_s2s_port, 5269}.
{'EXIT', Reason} ->
{aborted, Reason};
[] ->
- case is_service(From, To) of
- true ->
- {aborted, error};
- false ->
+ %% We try to establish connection if the host is not a
+ %% service and if the s2s host is not blacklisted or
+ %% is in whitelist:
+ case {is_service(From, To),
+ allow_host(MyServer, Server)} of
+ {false, true} ->
?DEBUG("starting new s2s connection~n", []),
Key = randoms:get_string(),
{ok, Pid} = ejabberd_s2s_out:start(
_ ->
ejabberd_s2s_out:stop_connection(Pid)
end,
- TRes
+ TRes;
+ _ ->
+ {aborted, error}
end;
[El] ->
{atomic, El#s2s.pid}
false ->
ok
end.
+
+%% Check if host is in blacklist or white list
+allow_host(MyServer, S2SHost) ->
+ case ejabberd_config:get_local_option({{s2s_host, S2SHost},MyServer}) of
+ deny -> false;
+ allow -> true;
+ _ ->
+ case ejabberd_config:get_local_option({s2s_default_policy, MyServer}) of
+ deny -> false;
+ allow -> true;
+ _ -> allow %% The default s2s policy is allow
+ end
+ end.
+
+
projects / ejabberd / commitdiff