diff options
| author | Richard van der Hoff <richard@matrix.org> | 2018-02-13 16:45:36 +0000 |
|---|---|---|
| committer | Richard van der Hoff <richard@matrix.org> | 2018-02-13 16:45:36 +0000 |
| commit | ddb6a79b68da119bd91659ab8046553a02a4066e (patch) | |
| tree | 3a92b5c0738163474765a9ce4f1b7894fed9efde /synapse/federation/transport | |
| parent | move search reindex to schema 47 (diff) | |
| parent | Merge branch 'develop' into matthew/gin_work_mem (diff) | |
| download | synapse-ddb6a79b68da119bd91659ab8046553a02a4066e.tar.xz | |
Merge branch 'matthew/gin_work_mem' into matthew/hit_the_gin
Diffstat (limited to 'synapse/federation/transport')
| -rw-r--r-- | synapse/federation/transport/client.py | 3 | ||||
| -rw-r--r-- | synapse/federation/transport/server.py | 9 |
2 files changed, 11 insertions, 1 deletions
diff --git a/synapse/federation/transport/client.py b/synapse/federation/transport/client.py index 1f3ce238f6..5488e82985 100644 --- a/synapse/federation/transport/client.py +++ b/synapse/federation/transport/client.py @@ -212,6 +212,9 @@ class TransportLayerClient(object): Fails with ``NotRetryingDestination`` if we are not yet ready to retry this server. + + Fails with ``FederationDeniedError`` if the remote destination + is not in our federation whitelist """ valid_memberships = {Membership.JOIN, Membership.LEAVE} if membership not in valid_memberships: diff --git a/synapse/federation/transport/server.py b/synapse/federation/transport/server.py index 2b02b021ec..06c16ba4fa 100644 --- a/synapse/federation/transport/server.py +++ b/synapse/federation/transport/server.py @@ -16,7 +16,7 @@ from twisted.internet import defer from synapse.api.urls import FEDERATION_PREFIX as PREFIX -from synapse.api.errors import Codes, SynapseError +from synapse.api.errors import Codes, SynapseError, FederationDeniedError from synapse.http.server import JsonResource from synapse.http.servlet import ( parse_json_object_from_request, parse_integer_from_args, parse_string_from_args, @@ -81,6 +81,7 @@ class Authenticator(object): self.keyring = hs.get_keyring() self.server_name = hs.hostname self.store = hs.get_datastore() + self.federation_domain_whitelist = hs.config.federation_domain_whitelist # A method just so we can pass 'self' as the authenticator to the Servlets @defer.inlineCallbacks @@ -92,6 +93,12 @@ class Authenticator(object): "signatures": {}, } + if ( + self.federation_domain_whitelist is not None and + self.server_name not in self.federation_domain_whitelist + ): + raise FederationDeniedError(self.server_name) + if content is not None: json_request["content"] = content |