annotate mod_firewall/actions.lib.lua @ 5593:6d0574bfbf5d

mod_client_management: Include software version in table (when known) Showing software versions could be useful for statistical reasons, e.g. determining how quickly (or not) users upgrade, but most importantly for revoking vulnerable clients versions in case of a security issue.
author Kim Alvefur <zash@zash.se>
date Thu, 13 Jul 2023 23:26:02 +0200
parents 1249ab2f797c
children bfc35ae9edcb
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3973
df6227e288e5 mod_firewall: Fix use of unpack() on Lua 5.3
Kim Alvefur <zash@zash.se>
parents: 3483
diff changeset
1 local unpack = table.unpack or unpack;
df6227e288e5 mod_firewall: Fix use of unpack() on Lua 5.3
Kim Alvefur <zash@zash.se>
parents: 3483
diff changeset
2
3483
78049e8b5a6b mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents: 3371
diff changeset
3 local interpolation = require "util.interpolation";
78049e8b5a6b mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents: 3371
diff changeset
4 local template = interpolation.new("%b$$", function (s) return ("%q"):format(s) end);
78049e8b5a6b mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents: 3371
diff changeset
5
2125
edf5cf3c474b mod_firewall: Move meta() function to main module, and make it a global so libs can use it
Matthew Wild <mwild1@gmail.com>
parents: 2107
diff changeset
6 --luacheck: globals meta idsafe
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7 local action_handlers = {};
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8
961
f0108ec2b016 mod_firewall/actions: Break out logic into a separate reusable function
Matthew Wild <mwild1@gmail.com>
parents: 960
diff changeset
9
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10 -- Takes an XML string and returns a code string that builds that stanza
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 -- using st.stanza()
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12 local function compile_xml(data)
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 local code = {};
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14 local first, short_close = true, nil;
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 for tagline, text in data:gmatch("<([^>]+)>([^<]*)") do
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16 if tagline:sub(-1,-1) == "/" then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17 tagline = tagline:sub(1, -2);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18 short_close = true;
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 if tagline:sub(1,1) == "/" then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 code[#code+1] = (":up()");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22 else
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23 local name, attr = tagline:match("^(%S*)%s*(.*)$");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 local attr_str = {};
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25 for k, _, v in attr:gmatch("(%S+)=([\"'])([^%2]-)%2") do
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26 if #attr_str == 0 then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 table.insert(attr_str, ", { ");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28 else
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 table.insert(attr_str, ", ");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30 end
2070
2356114ff505 mod_firewall: Optimize string match operations, string.find is faster than .match since no string is returned
Kim Alvefur <zash@zash.se>
parents: 1343
diff changeset
31 if k:find("^%a%w*$") then
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 table.insert(attr_str, string.format("%s = %q", k, v));
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 else
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 table.insert(attr_str, string.format("[%q] = %q", k, v));
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37 if #attr_str > 0 then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
38 table.insert(attr_str, " }");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
40 if first then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 code[#code+1] = (string.format("st.stanza(%q %s)", name, #attr_str>0 and table.concat(attr_str) or ", nil"));
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42 first = nil;
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43 else
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44 code[#code+1] = (string.format(":tag(%q%s)", name, table.concat(attr_str)));
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
45 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46 end
2070
2356114ff505 mod_firewall: Optimize string match operations, string.find is faster than .match since no string is returned
Kim Alvefur <zash@zash.se>
parents: 1343
diff changeset
47 if text and text:find("%S") then
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48 code[#code+1] = (string.format(":text(%q)", text));
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49 elseif short_close then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
50 short_close = nil;
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
51 code[#code+1] = (":up()");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
52 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
53 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
54 return table.concat(code, "");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
55 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
56
957
9b21b91c2d96 mod_firewall/actions: Add PASS
Matthew Wild <mwild1@gmail.com>
parents: 950
diff changeset
57 function action_handlers.PASS()
2558
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
58 return "do return pass_return end"
957
9b21b91c2d96 mod_firewall/actions: Add PASS
Matthew Wild <mwild1@gmail.com>
parents: 950
diff changeset
59 end
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
60
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
61 function action_handlers.DROP()
958
843795020701 mod_firewall/actions: DROP no longer logs, log messages can be emitted with LOG
Matthew Wild <mwild1@gmail.com>
parents: 957
diff changeset
62 return "do return true end";
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
63 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
64
2558
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
65 function action_handlers.DEFAULT()
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
66 return "do return false end";
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
67 end
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
68
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
69 function action_handlers.RETURN()
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
70 return "do return end"
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
71 end
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
72
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
73 function action_handlers.STRIP(tag_desc)
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
74 local code = {};
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
75 local name, xmlns = tag_desc:match("^(%S+) (.+)$");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
76 if not name then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
77 name, xmlns = tag_desc, nil;
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
78 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
79 if name == "*" then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
80 name = nil;
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
81 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
82 code[#code+1] = ("local stanza_xmlns = stanza.attr.xmlns; ");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
83 code[#code+1] = "stanza:maptags(function (tag) if ";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
84 if name then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
85 code[#code+1] = ("tag.name == %q and "):format(name);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
86 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
87 if xmlns then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
88 code[#code+1] = ("(tag.attr.xmlns or stanza_xmlns) == %q "):format(xmlns);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
89 else
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
90 code[#code+1] = ("tag.attr.xmlns == stanza_xmlns ");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
91 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
92 code[#code+1] = "then return nil; end return tag; end );";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
93 return table.concat(code);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
94 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
95
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
96 function action_handlers.INJECT(tag)
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
97 return "stanza:add_child("..compile_xml(tag)..")", { "st" };
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
98 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
99
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
100 local error_types = {
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
101 ["bad-request"] = "modify";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
102 ["conflict"] = "cancel";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
103 ["feature-not-implemented"] = "cancel";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
104 ["forbidden"] = "auth";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
105 ["gone"] = "cancel";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
106 ["internal-server-error"] = "cancel";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
107 ["item-not-found"] = "cancel";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
108 ["jid-malformed"] = "modify";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
109 ["not-acceptable"] = "modify";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
110 ["not-allowed"] = "cancel";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
111 ["not-authorized"] = "auth";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
112 ["payment-required"] = "auth";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
113 ["policy-violation"] = "modify";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
114 ["recipient-unavailable"] = "wait";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
115 ["redirect"] = "modify";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
116 ["registration-required"] = "auth";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
117 ["remote-server-not-found"] = "cancel";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
118 ["remote-server-timeout"] = "wait";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
119 ["resource-constraint"] = "wait";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
120 ["service-unavailable"] = "cancel";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
121 ["subscription-required"] = "auth";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
122 ["undefined-condition"] = "cancel";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
123 ["unexpected-request"] = "wait";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
124 };
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
125
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
126
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
127 local function route_modify(make_new, to, drop)
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
128 local reroute, deps = "session.send(newstanza)", { "st" };
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
129 if to then
2581
0116672348c4 mod_firewall: Fix syntax error in generated code with some route modification actions
Matthew Wild <mwild1@gmail.com>
parents: 2560
diff changeset
130 reroute = ("newstanza.attr.to = %q; core_post_stanza(session, newstanza)"):format(to);
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
131 deps[#deps+1] = "core_post_stanza";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
132 end
2581
0116672348c4 mod_firewall: Fix syntax error in generated code with some route modification actions
Matthew Wild <mwild1@gmail.com>
parents: 2560
diff changeset
133 return ([[do local newstanza = st.%s; %s;%s end]])
0116672348c4 mod_firewall: Fix syntax error in generated code with some route modification actions
Matthew Wild <mwild1@gmail.com>
parents: 2560
diff changeset
134 :format(make_new, reroute, drop and " return true" or ""), deps;
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
135 end
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 1303
diff changeset
136
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
137 function action_handlers.BOUNCE(with)
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
138 local error = with and with:match("^%S+") or "service-unavailable";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
139 local error_type = error:match(":(%S+)");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
140 if not error_type then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
141 error_type = error_types[error] or "cancel";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
142 else
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
143 error = error:match("^[^:]+");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
144 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
145 error, error_type = string.format("%q", error), string.format("%q", error_type);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
146 local text = with and with:match(" %((.+)%)$");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
147 if text then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
148 text = string.format("%q", text);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
149 else
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
150 text = "nil";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
151 end
2094
a1e9ca4cb181 mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents: 2086
diff changeset
152 local route_modify_code, deps = route_modify(("error_reply(stanza, %s, %s, %s)"):format(error_type, error, text), nil, true);
a1e9ca4cb181 mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents: 2086
diff changeset
153 deps[#deps+1] = "type";
a1e9ca4cb181 mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents: 2086
diff changeset
154 deps[#deps+1] = "name";
a1e9ca4cb181 mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents: 2086
diff changeset
155 return [[if type == "error" or (name == "iq" and type == "result") then return true; end -- Don't reply to 'error' stanzas, or iq results
a1e9ca4cb181 mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents: 2086
diff changeset
156 ]]..route_modify_code, deps;
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
157 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
158
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
159 function action_handlers.REDIRECT(where)
950
bea0ef13575c mod_firewall/actions: Remove unused extra argument.
Kim Alvefur <zash@zash.se>
parents: 949
diff changeset
160 return route_modify("clone(stanza)", where, true);
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
161 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
162
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
163 function action_handlers.COPY(where)
950
bea0ef13575c mod_firewall/actions: Remove unused extra argument.
Kim Alvefur <zash@zash.se>
parents: 949
diff changeset
164 return route_modify("clone(stanza)", where, false);
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
165 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
166
959
6ef334596276 mod_firewall/actions: Add REPLY
Matthew Wild <mwild1@gmail.com>
parents: 958
diff changeset
167 function action_handlers.REPLY(with)
6ef334596276 mod_firewall/actions: Add REPLY
Matthew Wild <mwild1@gmail.com>
parents: 958
diff changeset
168 return route_modify(("reply(stanza):body(%q)"):format(with));
6ef334596276 mod_firewall/actions: Add REPLY
Matthew Wild <mwild1@gmail.com>
parents: 958
diff changeset
169 end
6ef334596276 mod_firewall/actions: Add REPLY
Matthew Wild <mwild1@gmail.com>
parents: 958
diff changeset
170
2541
76f03d514b13 mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents: 2531
diff changeset
171 function action_handlers.FORWARD(where)
76f03d514b13 mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents: 2531
diff changeset
172 local code = [[
2551
9392f45b0364 mod_firewall: Fix FORWARD to send from current module's host
Matthew Wild <mwild1@gmail.com>
parents: 2542
diff changeset
173 local newstanza = st.stanza("message", { to = %q, from = current_host }):tag("forwarded", { xmlns = "urn:xmpp:forward:0" });
2541
76f03d514b13 mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents: 2531
diff changeset
174 local tmp_stanza = st.clone(stanza); tmp_stanza.attr.xmlns = "jabber:client"; newstanza:add_child(tmp_stanza);
76f03d514b13 mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents: 2531
diff changeset
175 core_post_stanza(session, newstanza);
76f03d514b13 mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents: 2531
diff changeset
176 ]];
2551
9392f45b0364 mod_firewall: Fix FORWARD to send from current module's host
Matthew Wild <mwild1@gmail.com>
parents: 2542
diff changeset
177 return code:format(where), { "core_post_stanza", "current_host" };
2541
76f03d514b13 mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents: 2531
diff changeset
178 end
76f03d514b13 mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents: 2531
diff changeset
179
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
180 function action_handlers.LOG(string)
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
181 local level = string:match("^%[(%a+)%]") or "info";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
182 string = string:gsub("^%[%a+%] ?", "");
2519
d4bc434a60a4 mod_firewall: Update functions that use meta() to allow functions with deps inside expressions
Matthew Wild <mwild1@gmail.com>
parents: 2415
diff changeset
183 local meta_deps = {};
2782
8fd37f0e108c mod_firewall: Don't interpret format specifiers in LOG
Matthew Wild <mwild1@gmail.com>
parents: 2581
diff changeset
184 local code = meta(("(session.log or log)(%q, '%%s', %q);"):format(level, string), meta_deps);
2519
d4bc434a60a4 mod_firewall: Update functions that use meta() to allow functions with deps inside expressions
Matthew Wild <mwild1@gmail.com>
parents: 2415
diff changeset
185 return code, meta_deps;
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
186 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
187
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
188 function action_handlers.RULEDEP(dep)
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
189 return "", { dep };
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
190 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
191
960
d773a51af9b1 mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents: 959
diff changeset
192 function action_handlers.EVENT(name)
d773a51af9b1 mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents: 959
diff changeset
193 return ("fire_event(%q, event)"):format(name);
d773a51af9b1 mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents: 959
diff changeset
194 end
d773a51af9b1 mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents: 959
diff changeset
195
d773a51af9b1 mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents: 959
diff changeset
196 function action_handlers.JUMP_EVENT(name)
d773a51af9b1 mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents: 959
diff changeset
197 return ("do return fire_event(%q, event); end"):format(name);
d773a51af9b1 mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents: 959
diff changeset
198 end
d773a51af9b1 mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents: 959
diff changeset
199
d773a51af9b1 mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents: 959
diff changeset
200 function action_handlers.JUMP_CHAIN(name)
3483
78049e8b5a6b mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents: 3371
diff changeset
201 return template([[do
78049e8b5a6b mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents: 3371
diff changeset
202 local ret = fire_event($chain_event$, event);
2558
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
203 if ret ~= nil then
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
204 if ret == false then
3483
78049e8b5a6b mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents: 3371
diff changeset
205 log("debug", "Chain %q accepted stanza (ret %s)", $chain_name$, tostring(ret));
2558
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
206 return pass_return;
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
207 end
3483
78049e8b5a6b mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents: 3371
diff changeset
208 log("debug", "Chain %q rejected stanza (ret %s)", $chain_name$, tostring(ret));
2558
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
209 return ret;
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
210 end
3483
78049e8b5a6b mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents: 3371
diff changeset
211 end]], { chain_event = "firewall/chains/"..name, chain_name = name });
960
d773a51af9b1 mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents: 959
diff changeset
212 end
d773a51af9b1 mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents: 959
diff changeset
213
2107
f445f43b9ba1 mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents: 2106
diff changeset
214 function action_handlers.MARK_ORIGIN(name)
f445f43b9ba1 mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents: 2106
diff changeset
215 return [[session.firewall_marked_]]..idsafe(name)..[[ = current_timestamp;]], { "timestamp" };
f445f43b9ba1 mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents: 2106
diff changeset
216 end
f445f43b9ba1 mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents: 2106
diff changeset
217
f445f43b9ba1 mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents: 2106
diff changeset
218 function action_handlers.UNMARK_ORIGIN(name)
f445f43b9ba1 mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents: 2106
diff changeset
219 return [[session.firewall_marked_]]..idsafe(name)..[[ = nil;]]
f445f43b9ba1 mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents: 2106
diff changeset
220 end
f445f43b9ba1 mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents: 2106
diff changeset
221
2894
165d2877eeac mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents: 2782
diff changeset
222 function action_handlers.MARK_USER(name)
5540
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
223 return ([[if session.username and session.host == current_host then
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
224 fire_event("firewall/marked/user", {
5536
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 5235
diff changeset
225 username = session.username;
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 5235
diff changeset
226 mark = %q;
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 5235
diff changeset
227 timestamp = current_timestamp;
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 5235
diff changeset
228 });
5540
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
229 else
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
230 log("warn", "Attempt to MARK a remote user - only local users may be marked");
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
231 end]]):format(assert(idsafe(name), "Invalid characters in mark name: "..name)), {
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
232 "current_host";
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
233 "timestamp";
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
234 };
2894
165d2877eeac mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents: 2782
diff changeset
235 end
165d2877eeac mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents: 2782
diff changeset
236
165d2877eeac mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents: 2782
diff changeset
237 function action_handlers.UNMARK_USER(name)
5540
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
238 return ([[if session.username and session.host == current_host then
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
239 fire_event("firewall/unmarked/user", {
5536
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 5235
diff changeset
240 username = session.username;
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 5235
diff changeset
241 mark = %q;
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 5235
diff changeset
242 });
5540
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
243 else
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
244 log("warn", "Attempt to UNMARK a remote user - only local users may be marked");
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
245 end]]):format(assert(idsafe(name), "Invalid characters in mark name: "..name));
2894
165d2877eeac mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents: 2782
diff changeset
246 end
165d2877eeac mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents: 2782
diff changeset
247
2531
9d2bfff515b8 mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents: 2519
diff changeset
248 function action_handlers.ADD_TO(spec)
9d2bfff515b8 mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents: 2519
diff changeset
249 local list_name, value = spec:match("(%S+) (.+)");
9d2bfff515b8 mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents: 2519
diff changeset
250 local meta_deps = {};
9d2bfff515b8 mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents: 2519
diff changeset
251 value = meta(("%q"):format(value), meta_deps);
9d2bfff515b8 mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents: 2519
diff changeset
252 return ("list_%s:add(%s);"):format(list_name, value), { "list:"..list_name, unpack(meta_deps) };
9d2bfff515b8 mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents: 2519
diff changeset
253 end
9d2bfff515b8 mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents: 2519
diff changeset
254
2915
b8f2e86df7ce mod_firewall: Add UNSBSCRIBE SENDER action
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
255 function action_handlers.UNSUBSCRIBE_SENDER()
2996
0fb95dc11bc8 mod_firewall: Handle unsubcription action correctly (fixes #1119)
Kim Alvefur <zash@zash.se>
parents: 2915
diff changeset
256 return "rostermanager.unsubscribed(to_node, to_host, bare_from);\
0fb95dc11bc8 mod_firewall: Handle unsubcription action correctly (fixes #1119)
Kim Alvefur <zash@zash.se>
parents: 2915
diff changeset
257 rostermanager.roster_push(to_node, to_host, bare_from);\
0fb95dc11bc8 mod_firewall: Handle unsubcription action correctly (fixes #1119)
Kim Alvefur <zash@zash.se>
parents: 2915
diff changeset
258 core_post_stanza(session, st.presence({ from = bare_to, to = bare_from, type = \"unsubscribed\" }));",
0fb95dc11bc8 mod_firewall: Handle unsubcription action correctly (fixes #1119)
Kim Alvefur <zash@zash.se>
parents: 2915
diff changeset
259 { "rostermanager", "core_post_stanza", "st", "split_to", "bare_to", "bare_from" };
2915
b8f2e86df7ce mod_firewall: Add UNSBSCRIBE SENDER action
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
260 end
b8f2e86df7ce mod_firewall: Add UNSBSCRIBE SENDER action
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
261
5235
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
262 function action_handlers.REPORT_TO(spec)
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
263 local where, reason, text = spec:match("^%s*(%S+) *(%S*) *(.*)$");
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
264 if reason == "spam" then
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
265 reason = "urn:xmpp:reporting:spam";
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
266 elseif reason == "abuse" or not reason then
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
267 reason = "urn:xmpp:reporting:abuse";
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
268 end
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
269 local code = [[
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
270 local newstanza = st.stanza("message", { to = %q, from = current_host }):tag("forwarded", { xmlns = "urn:xmpp:forward:0" });
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
271 local tmp_stanza = st.clone(stanza); tmp_stanza.attr.xmlns = "jabber:client"; newstanza:add_child(tmp_stanza):up();
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
272 newstanza:tag("report", { xmlns = "urn:xmpp:reporting:1", reason = %q })
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
273 do local text = %q; if text ~= "" then newstanza:text_tag("text", text); end end
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
274 newstanza:up();
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
275 core_post_stanza(session, newstanza);
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
276 ]];
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
277 return code:format(where, reason, text), { "core_post_stanza", "current_host", "st" };
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
278 end
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
279
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
280 return action_handlers;