Mercurial > prosody-modules
annotate mod_register_dnsbl/mod_register_dnsbl.lua @ 4340:7cd3b7ec59e9
mod_http_oauth2: Rudimentary support for scopes (but not really)
We don't support limiting access, but this change will inform the
client what permissions the created token has (e.g. is the user an
admin or not).
There is some work in progress on real scope support.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Sat, 16 Jan 2021 19:47:22 +0000 |
parents | 82482e7e92cb |
children |
rev | line source |
---|---|
2112
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 local adns = require "net.adns"; |
2890
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
2 local async = require "util.async"; |
2891
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2890
diff
changeset
|
3 local inet_pton = require "util.net".pton; |
2892
bf9fc41bf7ad
mod_register_dnsbl: Add support for IPv6 DNSBL
Kim Alvefur <zash@zash.se>
parents:
2891
diff
changeset
|
4 local to_hex = require "util.hex".to; |
2890
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
5 |
2112
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 local rbl = module:get_option_string("registration_rbl"); |
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 |
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 local function reverse(ip, suffix) |
2891
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2890
diff
changeset
|
9 local n, err = inet_pton(ip); |
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2890
diff
changeset
|
10 if not n then return n, err end |
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2890
diff
changeset
|
11 if #n == 4 then |
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2890
diff
changeset
|
12 local a,b,c,d = n:byte(1,4); |
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2890
diff
changeset
|
13 return ("%d.%d.%d.%d.%s"):format(d,c,b,a, suffix); |
2892
bf9fc41bf7ad
mod_register_dnsbl: Add support for IPv6 DNSBL
Kim Alvefur <zash@zash.se>
parents:
2891
diff
changeset
|
14 elseif #n == 16 then |
bf9fc41bf7ad
mod_register_dnsbl: Add support for IPv6 DNSBL
Kim Alvefur <zash@zash.se>
parents:
2891
diff
changeset
|
15 return to_hex(n):reverse():gsub("%x", "%1.") .. suffix; |
2891
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2890
diff
changeset
|
16 end |
2112
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 end |
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 |
2890
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
19 module:hook("user-registering", function (event) |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
20 local session, ip = event.session, event.ip; |
4118
82482e7e92cb
mod_register_dnsbl: Handle missing session in user-registering event (thanks meaz)
Matthew Wild <mwild1@gmail.com>
parents:
2892
diff
changeset
|
21 local log = (session and session.log) or module._log; |
2890
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
22 if not ip then |
4118
82482e7e92cb
mod_register_dnsbl: Handle missing session in user-registering event (thanks meaz)
Matthew Wild <mwild1@gmail.com>
parents:
2892
diff
changeset
|
23 log("debug", "Unable to check DNSBL when IP is unknown"); |
2890
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
24 return; |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
25 end |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
26 local rbl_ip, err = reverse(ip, rbl); |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
27 if not rbl_ip then |
4118
82482e7e92cb
mod_register_dnsbl: Handle missing session in user-registering event (thanks meaz)
Matthew Wild <mwild1@gmail.com>
parents:
2892
diff
changeset
|
28 log("debug", "Unable to check DNSBL for ip %s: %s", ip, err); |
2890
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
29 return; |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
30 end |
2112
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 |
2890
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
32 local wait, done = async.waiter(); |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
33 adns.lookup(function (reply) |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
34 if reply and reply[1] and reply[1].a then |
4118
82482e7e92cb
mod_register_dnsbl: Handle missing session in user-registering event (thanks meaz)
Matthew Wild <mwild1@gmail.com>
parents:
2892
diff
changeset
|
35 log("debug", "DNSBL response: %s IN A %s", rbl_ip, reply[1].a); |
82482e7e92cb
mod_register_dnsbl: Handle missing session in user-registering event (thanks meaz)
Matthew Wild <mwild1@gmail.com>
parents:
2892
diff
changeset
|
36 log("info", "Blocking %s from registering %s (dnsbl hit)", ip, event.username); |
2890
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
37 event.allowed = false; |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
38 event.reason = "Blocked by DNSBL"; |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
39 end |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
40 done(); |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
41 end, rbl_ip); |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
42 wait(); |
2112
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 end); |