Mercurial > prosody-modules
annotate mod_register_dnsbl/mod_register_dnsbl.lua @ 3965:2b10e51d85a6
mod_muc_limits: Add config option to limit to join stanzas only
This is a bit more limited in pre-0.11 MUC modules, because it just
detects stanzas sent to full JIDs (which would include all presence
and nick changes).
This option is useful for setups where users are typically unaffiliated,
but trusted (e.g. if access to the room is gated through some other
means such as password/token auth).
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Fri, 03 Apr 2020 12:26:56 +0100 |
parents | bf9fc41bf7ad |
children | 82482e7e92cb |
rev | line source |
---|---|
2112
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 local adns = require "net.adns"; |
2890
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
2 local async = require "util.async"; |
2891
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2890
diff
changeset
|
3 local inet_pton = require "util.net".pton; |
2892
bf9fc41bf7ad
mod_register_dnsbl: Add support for IPv6 DNSBL
Kim Alvefur <zash@zash.se>
parents:
2891
diff
changeset
|
4 local to_hex = require "util.hex".to; |
2890
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
5 |
2112
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 local rbl = module:get_option_string("registration_rbl"); |
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 |
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 local function reverse(ip, suffix) |
2891
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2890
diff
changeset
|
9 local n, err = inet_pton(ip); |
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2890
diff
changeset
|
10 if not n then return n, err end |
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2890
diff
changeset
|
11 if #n == 4 then |
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2890
diff
changeset
|
12 local a,b,c,d = n:byte(1,4); |
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2890
diff
changeset
|
13 return ("%d.%d.%d.%d.%s"):format(d,c,b,a, suffix); |
2892
bf9fc41bf7ad
mod_register_dnsbl: Add support for IPv6 DNSBL
Kim Alvefur <zash@zash.se>
parents:
2891
diff
changeset
|
14 elseif #n == 16 then |
bf9fc41bf7ad
mod_register_dnsbl: Add support for IPv6 DNSBL
Kim Alvefur <zash@zash.se>
parents:
2891
diff
changeset
|
15 return to_hex(n):reverse():gsub("%x", "%1.") .. suffix; |
2891
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2890
diff
changeset
|
16 end |
2112
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 end |
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 |
2890
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
19 module:hook("user-registering", function (event) |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
20 local session, ip = event.session, event.ip; |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
21 if not ip then |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
22 session.log("debug", "Unable to check DNSBL when IP is unknown"); |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
23 return; |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
24 end |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
25 local rbl_ip, err = reverse(ip, rbl); |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
26 if not rbl_ip then |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
27 session.log("debug", "Unable to check DNSBL for ip %s: %s", ip, err); |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
28 return; |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
29 end |
2112
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 |
2890
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
31 local wait, done = async.waiter(); |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
32 adns.lookup(function (reply) |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
33 if reply and reply[1] and reply[1].a then |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
34 session.log("debug", "DNSBL response: %s IN A %s", rbl_ip, reply[1].a); |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
35 session.log("info", "Blocking %s from registering %s (dnsbl hit)", ip, event.username); |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
36 event.allowed = false; |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
37 event.reason = "Blocked by DNSBL"; |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
38 end |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
39 done(); |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
40 end, rbl_ip); |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
41 wait(); |
2112
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 end); |