annotate mod_register_dnsbl/mod_register_dnsbl.lua @ 5536:96dec7681af8

mod_firewall: Update user marks to store instantly via map store The original approach was to keep marks in memory only, and persist them at shutdown. That saves I/O, at the cost of potentially losing marks on an unclean shutdown. This change persists marks instantly, which may have some performance overhead but should be more "correct". It also splits the marking/unmarking into an event which may be watched or even fired by other modules.
author Matthew Wild <mwild1@gmail.com>
date Thu, 08 Jun 2023 16:20:42 +0100
parents 82482e7e92cb
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2112
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 local adns = require "net.adns";
2890
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
2 local async = require "util.async";
2891
84670bac7348 mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents: 2890
diff changeset
3 local inet_pton = require "util.net".pton;
2892
bf9fc41bf7ad mod_register_dnsbl: Add support for IPv6 DNSBL
Kim Alvefur <zash@zash.se>
parents: 2891
diff changeset
4 local to_hex = require "util.hex".to;
2890
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
5
2112
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 local rbl = module:get_option_string("registration_rbl");
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 local function reverse(ip, suffix)
2891
84670bac7348 mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents: 2890
diff changeset
9 local n, err = inet_pton(ip);
84670bac7348 mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents: 2890
diff changeset
10 if not n then return n, err end
84670bac7348 mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents: 2890
diff changeset
11 if #n == 4 then
84670bac7348 mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents: 2890
diff changeset
12 local a,b,c,d = n:byte(1,4);
84670bac7348 mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents: 2890
diff changeset
13 return ("%d.%d.%d.%d.%s"):format(d,c,b,a, suffix);
2892
bf9fc41bf7ad mod_register_dnsbl: Add support for IPv6 DNSBL
Kim Alvefur <zash@zash.se>
parents: 2891
diff changeset
14 elseif #n == 16 then
bf9fc41bf7ad mod_register_dnsbl: Add support for IPv6 DNSBL
Kim Alvefur <zash@zash.se>
parents: 2891
diff changeset
15 return to_hex(n):reverse():gsub("%x", "%1.") .. suffix;
2891
84670bac7348 mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents: 2890
diff changeset
16 end
2112
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 end
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18
2890
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
19 module:hook("user-registering", function (event)
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
20 local session, ip = event.session, event.ip;
4118
82482e7e92cb mod_register_dnsbl: Handle missing session in user-registering event (thanks meaz)
Matthew Wild <mwild1@gmail.com>
parents: 2892
diff changeset
21 local log = (session and session.log) or module._log;
2890
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
22 if not ip then
4118
82482e7e92cb mod_register_dnsbl: Handle missing session in user-registering event (thanks meaz)
Matthew Wild <mwild1@gmail.com>
parents: 2892
diff changeset
23 log("debug", "Unable to check DNSBL when IP is unknown");
2890
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
24 return;
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
25 end
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
26 local rbl_ip, err = reverse(ip, rbl);
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
27 if not rbl_ip then
4118
82482e7e92cb mod_register_dnsbl: Handle missing session in user-registering event (thanks meaz)
Matthew Wild <mwild1@gmail.com>
parents: 2892
diff changeset
28 log("debug", "Unable to check DNSBL for ip %s: %s", ip, err);
2890
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
29 return;
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
30 end
2112
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31
2890
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
32 local wait, done = async.waiter();
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
33 adns.lookup(function (reply)
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
34 if reply and reply[1] and reply[1].a then
4118
82482e7e92cb mod_register_dnsbl: Handle missing session in user-registering event (thanks meaz)
Matthew Wild <mwild1@gmail.com>
parents: 2892
diff changeset
35 log("debug", "DNSBL response: %s IN A %s", rbl_ip, reply[1].a);
82482e7e92cb mod_register_dnsbl: Handle missing session in user-registering event (thanks meaz)
Matthew Wild <mwild1@gmail.com>
parents: 2892
diff changeset
36 log("info", "Blocking %s from registering %s (dnsbl hit)", ip, event.username);
2890
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
37 event.allowed = false;
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
38 event.reason = "Blocked by DNSBL";
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
39 end
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
40 done();
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
41 end, rbl_ip);
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
42 wait();
2112
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 end);