annotate mod_srvinjection/mod_srvinjection.lua @ 5298:12f7d8b901e0

mod_audit: Support for adding location (GeoIP) to audit events This can be more privacy-friendly than logging full IP addresses, and also more informative to a user - IP addresses don't mean much to the average person, however if they see activity from outside their expected country, they can immediately identify suspicious activity. As with IPs, this field is configurable for deployments that would like to disable it. Location is also not logged when the geoip library is not available.
author Matthew Wild <mwild1@gmail.com>
date Sat, 01 Apr 2023 13:11:53 +0100
parents 47fb4f36dacd
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
96
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
1
662
b3d130e4b3ae mod_srvinjection: Use module:set_global()
Florian Zeitz <florob@babelmonkeys.de>
parents: 337
diff changeset
2 module:set_global();
96
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
3
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
4 local adns = require "net.adns";
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
5
1248
69f7840923f5 mod_srvinjection: Make the map a shared table so that other plugins can use/modify it
daurnimator <quae@daurnimator.com>
parents: 662
diff changeset
6 local map_config = module:get_option("srvinjection") or {};
69f7840923f5 mod_srvinjection: Make the map a shared table so that other plugins can use/modify it
daurnimator <quae@daurnimator.com>
parents: 662
diff changeset
7 local map = module:shared "s2s_map"
96
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
8
1248
69f7840923f5 mod_srvinjection: Make the map a shared table so that other plugins can use/modify it
daurnimator <quae@daurnimator.com>
parents: 662
diff changeset
9 for host, mapping in pairs(map_config) do
96
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
10 if type(mapping) == "table" and type(mapping[1]) == "string" and (type(mapping[2]) == "number") then
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
11 local connecthost, connectport = mapping[1], mapping[2] or 5269;
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
12 map[host] = {{
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
13 srv = {
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
14 target = connecthost..".";
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
15 port = connectport;
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
16 priority = 1;
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
17 weight = 0;
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
18 };
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
19 }};
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
20 else
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
21 module:log("warn", "Ignoring invalid SRV injection for host '%s'", host);
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
22 map[host] = nil;
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
23 end
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
24 end
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
25
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
26 local original_lookup = adns.lookup;
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
27 function adns.lookup(handler, qname, qtype, qclass)
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
28 if qtype == "SRV" then
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
29 local host = qname:match("^_xmpp%-server%._tcp%.(.*)%.$");
337
beb5073b866a mod_srvinjection: Fix type in variable name.
Waqas Hussain <waqas20@gmail.com>
parents: 336
diff changeset
30 local mapping = map[host] or map["*"];
96
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
31 if mapping then
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
32 handler(mapping);
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
33 return;
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
34 end
1592
47fb4f36dacd Add support for IPv4 addresses in SRV injections
Ashley Ward <ashley.ward@surevine.com>
parents: 1325
diff changeset
35 elseif qtype == "A" then
47fb4f36dacd Add support for IPv4 addresses in SRV injections
Ashley Ward <ashley.ward@surevine.com>
parents: 1325
diff changeset
36 if (qname == "localhost." or qname == "127.0.0.1.") then
47fb4f36dacd Add support for IPv4 addresses in SRV injections
Ashley Ward <ashley.ward@surevine.com>
parents: 1325
diff changeset
37 handler({{ a = "127.0.0.1" }});
47fb4f36dacd Add support for IPv4 addresses in SRV injections
Ashley Ward <ashley.ward@surevine.com>
parents: 1325
diff changeset
38 return;
47fb4f36dacd Add support for IPv4 addresses in SRV injections
Ashley Ward <ashley.ward@surevine.com>
parents: 1325
diff changeset
39 end
47fb4f36dacd Add support for IPv4 addresses in SRV injections
Ashley Ward <ashley.ward@surevine.com>
parents: 1325
diff changeset
40 local ip = qname:match("^(%d+.%d+.%d+.%d+).$");
47fb4f36dacd Add support for IPv4 addresses in SRV injections
Ashley Ward <ashley.ward@surevine.com>
parents: 1325
diff changeset
41 if ip then
47fb4f36dacd Add support for IPv4 addresses in SRV injections
Ashley Ward <ashley.ward@surevine.com>
parents: 1325
diff changeset
42 handler({{ a = ip }});
47fb4f36dacd Add support for IPv4 addresses in SRV injections
Ashley Ward <ashley.ward@surevine.com>
parents: 1325
diff changeset
43 return;
47fb4f36dacd Add support for IPv4 addresses in SRV injections
Ashley Ward <ashley.ward@surevine.com>
parents: 1325
diff changeset
44 end
96
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
45 end
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
46 return original_lookup(handler, qname, qtype, qclass);
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
47 end
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
48
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
49 function module.unload()
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
50 adns.lookup = original_lookup;
c1f4edf3bea7 mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
51 end