mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-03 21:27:38 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

mod_s2s: Prevent s2s to and from hosts we serve locally

Browse source
This commit is contained in:
Kim Alvefur 2013-03-27 23:09:47 +01:00
parent fee52c7341
commit cfbd9d02e2
1 changed files with 12 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
plugins/mod_s2s/mod_s2s.lua
View file

@ -80,6 +80,10 @@ function route_to_existing_session(event)
log("warn", "Attempt to send stanza from %s - a host we don't serve", from_host);
return false;
end
if hosts[to_host] then
log("warn", "Attempt to route stanza to a remote %s - a host we do serve?!", from_host);
return false;
end
local host = hosts[from_host].s2sout[to_host];
if host then
-- We have a connection to this host already
@ -188,6 +192,9 @@ function make_authenticated(event)
});
end
end
if hosts[host] then
session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" });
end
if session.type == "s2sout_unauthed" then
session.type = "s2sout";
elseif session.type == "s2sin_unauthed" then
@ -321,6 +328,11 @@ function stream_callbacks.streamopened(session, attr)
end
end
if hosts[from] then
session:close({ condition = "undefined-condition", text = "Attempt to connect from a host we serve" });
return;
end
if session.secure and not session.cert_chain_status then
if check_cert_status(session) == false then
return;