Skip to content
Snippets Groups Projects
Commit dc78c336 authored by Bob Mottram's avatar Bob Mottram
Browse files

xmpp uses blocked domains list

parent ac956853
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/freedombone-app-xmpp
+ 29
2
View file @ dc78c336
...@@ -500,6 +500,7 @@ function upgrade_xmpp { ...@@ -500,6 +500,7 @@ function upgrade_xmpp {
xmpp_onion_addresses /etc/prosody/prosody.cfg.lua xmpp_onion_addresses /etc/prosody/prosody.cfg.lua
xmpp_contact_info /etc/prosody/prosody.cfg.lua xmpp_contact_info /etc/prosody/prosody.cfg.lua
xmpp_broadcast /etc/prosody/prosody.cfg.lua xmpp_broadcast /etc/prosody/prosody.cfg.lua
xmpp_server_blacklist /etc/prosody/prosody.cfg.lua
if grep -q "/etc/ssl/certs/xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then if grep -q "/etc/ssl/certs/xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
cp /etc/ssl/certs/xmpp.dhparam /etc/prosody/xmpp.dhparam cp /etc/ssl/certs/xmpp.dhparam /etc/prosody/xmpp.dhparam
...@@ -775,10 +776,10 @@ function xmpp_modules { ...@@ -775,10 +776,10 @@ function xmpp_modules {
echo ' "pep"; -- Personal Eventing Protocol (to support OMEMO)'; echo ' "pep"; -- Personal Eventing Protocol (to support OMEMO)';
echo ' "omemo_all_access"; -- Fix for PEP with OMEMO'; echo ' "omemo_all_access"; -- Fix for PEP with OMEMO';
echo ' "vcard"; -- Personal Eventing Protocol (to support OMEMO)'; echo ' "vcard"; -- Personal Eventing Protocol (to support OMEMO)';
echo ' "vcard_muc"; -- Avatars for chat rooms';
echo ' "e2e_policy"; -- To support OMEMO'; echo ' "e2e_policy"; -- To support OMEMO';
echo ' "pep_vcard_avatar"; -- Personal Eventing Protocol (to support OMEMO)'; echo ' "pep_vcard_avatar"; -- Personal Eventing Protocol (to support OMEMO)';
echo ' "blocklist"; -- Privacy lists'; echo ' "blocklist"; -- Privacy lists';
echo ' "s2s_blacklist"; -- Blacklist particular servers';
echo ' "privacy_lists"; -- Privacy lists'; echo ' "privacy_lists"; -- Privacy lists';
echo ' "blocking"; -- Blocking command'; echo ' "blocking"; -- Blocking command';
echo ' "block_strangers"; -- Dont allow messages from strangers'; echo ' "block_strangers"; -- Dont allow messages from strangers';
...@@ -850,6 +851,30 @@ function xmpp_broadcast { ...@@ -850,6 +851,30 @@ function xmpp_broadcast {
fi fi
} }
function xmpp_server_blacklist {
filename="$1"
blacklisted_domains=
while read -r blocked; do
if [[ "$blocked" == *"."* && "$blocked" != *"@"* ]]; then
if [ ${#blocked} -gt 4 ]; then
if [ "$blacklisted_domains" ]; then
blacklisted_domains="${blacklisted_domains}, \"$blocked\""
else
blacklisted_domains="\"$blocked\""
fi
fi
fi
done <"$FIREWALL_DOMAINS"
if ! grep -q "s2s_blacklist" "$filename"; then
echo "s2s_blacklist = { $blacklisted_domains }" >> "$filename"
else
sed -i "s|s2s_blacklist =.*|s2s_blacklist = { $blacklisted_domains }|g" "$filename"
fi
}
function xmpp_create_config { function xmpp_create_config {
echo "admins = { \"$MY_USERNAME@$DEFAULT_DOMAIN_NAME\", \"notification@$DEFAULT_DOMAIN_NAME\" }" > /etc/prosody/prosody.cfg.lua echo "admins = { \"$MY_USERNAME@$DEFAULT_DOMAIN_NAME\", \"notification@$DEFAULT_DOMAIN_NAME\" }" > /etc/prosody/prosody.cfg.lua
echo 'plugin_paths = { "/var/lib/prosody/prosody-modules" }' >> /etc/prosody/prosody.cfg.lua echo 'plugin_paths = { "/var/lib/prosody/prosody-modules" }' >> /etc/prosody/prosody.cfg.lua
...@@ -858,7 +883,8 @@ function xmpp_create_config { ...@@ -858,7 +883,8 @@ function xmpp_create_config {
echo '' >> /etc/prosody/prosody.cfg.lua echo '' >> /etc/prosody/prosody.cfg.lua
xmpp_onion_addresses /etc/prosody/prosody.cfg.lua xmpp_onion_addresses /etc/prosody/prosody.cfg.lua
xmpp_contact_info /etc/prosody/prosody.cfg.lua xmpp_contact_info /etc/prosody/prosody.cfg.lua
xmpp_broadcast /etc/prosody/prosody.cfg.lua xmpp_broadcast /etc/prosody/prosody.cfg.lua
xmpp_server_blacklist /etc/prosody/prosody.cfg.lua
{ echo ''; { echo '';
echo 'allow_registration = false;'; echo 'allow_registration = false;';
echo ''; echo '';
...@@ -967,6 +993,7 @@ function xmpp_create_config { ...@@ -967,6 +993,7 @@ function xmpp_create_config {
echo ' "muc_log";'; echo ' "muc_log";';
echo ' "mam_muc";'; echo ' "mam_muc";';
echo ' "vcard_muc";'; echo ' "vcard_muc";';
echo ' "s2s_blacklist";';
echo ' "muc_log_http";'; echo ' "muc_log_http";';
echo ' }'; echo ' }';
echo 'storage = { muc_log = "sql"; }'; echo 'storage = { muc_log = "sql"; }';
......
src/freedombone-controlpanel
+ 8
0
View file @ dc78c336
...@@ -1665,6 +1665,10 @@ function domain_blocking_add { ...@@ -1665,6 +1665,10 @@ function domain_blocking_add {
if [ ${#blocked_domain} -gt 2 ]; then if [ ${#blocked_domain} -gt 2 ]; then
if [[ "${blocked_domain}" == *'.'* ]]; then if [[ "${blocked_domain}" == *'.'* ]]; then
firewall_block_domain "$blocked_domain" firewall_block_domain "$blocked_domain"
if [ -d /etc/prosody ]; then
xmpp_server_blacklist /etc/prosody/prosody.cfg.lua
systemctl restart prosody
fi
if [[ "${blocked_domain}" != *'@'* ]]; then if [[ "${blocked_domain}" != *'@'* ]]; then
dialog --title $"Block a domain" \ dialog --title $"Block a domain" \
--msgbox $"The domain $blocked_domain has been blocked" 6 40 --msgbox $"The domain $blocked_domain has been blocked" 6 40
...@@ -1714,6 +1718,10 @@ function domain_blocking_remove { ...@@ -1714,6 +1718,10 @@ function domain_blocking_remove {
if [ ${#unblocked_domain} -gt 2 ]; then if [ ${#unblocked_domain} -gt 2 ]; then
if [[ "${unblocked_domain}" == *'.'* ]]; then if [[ "${unblocked_domain}" == *'.'* ]]; then
firewall_unblock_domain "$unblocked_domain" firewall_unblock_domain "$unblocked_domain"
if [ -d /etc/prosody ]; then
xmpp_server_blacklist /etc/prosody/prosody.cfg.lua
systemctl restart prosody
fi
if [[ "${unblocked_domain}" != *'@'* ]]; then if [[ "${unblocked_domain}" != *'@'* ]]; then
dialog --title $"Unblock a domain" \ dialog --title $"Unblock a domain" \
--msgbox $"The domain $unblocked_domain has been unblocked" 6 40 --msgbox $"The domain $unblocked_domain has been unblocked" 6 40
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment