annotate mod_register_dnsbl_firewall_mark/mod_register_dnsbl_firewall_mark.lua @ 5773:3a7349aa95c7

mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
author Matthew Wild <mwild1@gmail.com>
date Tue, 05 Dec 2023 12:39:00 +0000
parents de40686ae9c8
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2112
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 local adns = require "net.adns";
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 local rbl = module:get_option_string("registration_rbl");
4011
de40686ae9c8 mod_register_dnsbl_firewall_mark: introduce optional registration_rbl_message with mod_welcome inspired syntax
Georg Lukas <georg@op-co.de>
parents: 3993
diff changeset
3 local rbl_message = module:get_option_string("registration_rbl_message");
de40686ae9c8 mod_register_dnsbl_firewall_mark: introduce optional registration_rbl_message with mod_welcome inspired syntax
Georg Lukas <georg@op-co.de>
parents: 3993
diff changeset
4 local st = require "util.stanza";
de40686ae9c8 mod_register_dnsbl_firewall_mark: introduce optional registration_rbl_message with mod_welcome inspired syntax
Georg Lukas <georg@op-co.de>
parents: 3993
diff changeset
5
de40686ae9c8 mod_register_dnsbl_firewall_mark: introduce optional registration_rbl_message with mod_welcome inspired syntax
Georg Lukas <georg@op-co.de>
parents: 3993
diff changeset
6
de40686ae9c8 mod_register_dnsbl_firewall_mark: introduce optional registration_rbl_message with mod_welcome inspired syntax
Georg Lukas <georg@op-co.de>
parents: 3993
diff changeset
7 local function cleanup_ip(ip)
de40686ae9c8 mod_register_dnsbl_firewall_mark: introduce optional registration_rbl_message with mod_welcome inspired syntax
Georg Lukas <georg@op-co.de>
parents: 3993
diff changeset
8 if ip:sub(1,7):lower() == "::ffff:" then
de40686ae9c8 mod_register_dnsbl_firewall_mark: introduce optional registration_rbl_message with mod_welcome inspired syntax
Georg Lukas <georg@op-co.de>
parents: 3993
diff changeset
9 return ip:sub(8);
de40686ae9c8 mod_register_dnsbl_firewall_mark: introduce optional registration_rbl_message with mod_welcome inspired syntax
Georg Lukas <georg@op-co.de>
parents: 3993
diff changeset
10 end
de40686ae9c8 mod_register_dnsbl_firewall_mark: introduce optional registration_rbl_message with mod_welcome inspired syntax
Georg Lukas <georg@op-co.de>
parents: 3993
diff changeset
11 return ip;
de40686ae9c8 mod_register_dnsbl_firewall_mark: introduce optional registration_rbl_message with mod_welcome inspired syntax
Georg Lukas <georg@op-co.de>
parents: 3993
diff changeset
12 end
2112
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 local function reverse(ip, suffix)
2135
42b095dab626 mod_register_dnsbl: Fix matching pattern (Thanks Ge0rG)
Kim Alvefur <zash@zash.se>
parents: 2112
diff changeset
15 local a,b,c,d = ip:match("^(%d+).(%d+).(%d+).(%d+)$");
2112
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 if not a then return end
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 return ("%d.%d.%d.%d.%s"):format(d,c,b,a, suffix);
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 end
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 module:hook("user-registered", function (event)
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 local session = event.session;
4011
de40686ae9c8 mod_register_dnsbl_firewall_mark: introduce optional registration_rbl_message with mod_welcome inspired syntax
Georg Lukas <georg@op-co.de>
parents: 3993
diff changeset
22 local ip = session and session.ip and cleanup_ip(session.ip);
2112
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 local rbl_ip = ip and reverse(ip, rbl);
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 if rbl_ip then
2895
589cc51209f7 mod_register_dnsbl_firewall_mark: Another copy of DNSBL module, this time creating "user marks" for mod_firewall
Kim Alvefur <zash@zash.se>
parents: 2889
diff changeset
25 local registration_time = os.time();
2112
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 local log = session.log;
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 adns.lookup(function (reply)
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 if reply and reply[1] then
2203
2dcc3079572c mod_register_dnsbl: Include more information in log message
Kim Alvefur <zash@zash.se>
parents: 2135
diff changeset
29 log("warn", "Account %s@%s registered from IP %s found in RBL (%s)", event.username, event.host or module.host, ip, reply[1].a);
2895
589cc51209f7 mod_register_dnsbl_firewall_mark: Another copy of DNSBL module, this time creating "user marks" for mod_firewall
Kim Alvefur <zash@zash.se>
parents: 2889
diff changeset
30 local user = prosody.bare_sessions[event.username .. "@" .. module.host];
589cc51209f7 mod_register_dnsbl_firewall_mark: Another copy of DNSBL module, this time creating "user marks" for mod_firewall
Kim Alvefur <zash@zash.se>
parents: 2889
diff changeset
31 if user and user.firewall_marks then
589cc51209f7 mod_register_dnsbl_firewall_mark: Another copy of DNSBL module, this time creating "user marks" for mod_firewall
Kim Alvefur <zash@zash.se>
parents: 2889
diff changeset
32 user.firewall_marks.dnsbl_hit = registration_time;
589cc51209f7 mod_register_dnsbl_firewall_mark: Another copy of DNSBL module, this time creating "user marks" for mod_firewall
Kim Alvefur <zash@zash.se>
parents: 2889
diff changeset
33 else
589cc51209f7 mod_register_dnsbl_firewall_mark: Another copy of DNSBL module, this time creating "user marks" for mod_firewall
Kim Alvefur <zash@zash.se>
parents: 2889
diff changeset
34 module:open_store("firewall_marks", "map"):set(event.username, "dnsbl_hit", registration_time);
589cc51209f7 mod_register_dnsbl_firewall_mark: Another copy of DNSBL module, this time creating "user marks" for mod_firewall
Kim Alvefur <zash@zash.se>
parents: 2889
diff changeset
35 end
4011
de40686ae9c8 mod_register_dnsbl_firewall_mark: introduce optional registration_rbl_message with mod_welcome inspired syntax
Georg Lukas <georg@op-co.de>
parents: 3993
diff changeset
36 if rbl_message then
de40686ae9c8 mod_register_dnsbl_firewall_mark: introduce optional registration_rbl_message with mod_welcome inspired syntax
Georg Lukas <georg@op-co.de>
parents: 3993
diff changeset
37 module:log("debug", "Warning RBL registered user %s@%s", event.username, event.host);
de40686ae9c8 mod_register_dnsbl_firewall_mark: introduce optional registration_rbl_message with mod_welcome inspired syntax
Georg Lukas <georg@op-co.de>
parents: 3993
diff changeset
38 event.ip = ip;
de40686ae9c8 mod_register_dnsbl_firewall_mark: introduce optional registration_rbl_message with mod_welcome inspired syntax
Georg Lukas <georg@op-co.de>
parents: 3993
diff changeset
39 local rbl_stanza =
de40686ae9c8 mod_register_dnsbl_firewall_mark: introduce optional registration_rbl_message with mod_welcome inspired syntax
Georg Lukas <georg@op-co.de>
parents: 3993
diff changeset
40 st.message({ to = event.username.."@"..event.host, from = event.host },
de40686ae9c8 mod_register_dnsbl_firewall_mark: introduce optional registration_rbl_message with mod_welcome inspired syntax
Georg Lukas <georg@op-co.de>
parents: 3993
diff changeset
41 rbl_message:gsub("$(%w+)", event));
de40686ae9c8 mod_register_dnsbl_firewall_mark: introduce optional registration_rbl_message with mod_welcome inspired syntax
Georg Lukas <georg@op-co.de>
parents: 3993
diff changeset
42 module:send(rbl_stanza);
de40686ae9c8 mod_register_dnsbl_firewall_mark: introduce optional registration_rbl_message with mod_welcome inspired syntax
Georg Lukas <georg@op-co.de>
parents: 3993
diff changeset
43 end
2112
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44 end
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 end, rbl_ip);
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46 end
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 end);