Mercurial > prosody-modules
annotate mod_register_dnsbl/mod_register_dnsbl.lua @ 5536:96dec7681af8
mod_firewall: Update user marks to store instantly via map store
The original approach was to keep marks in memory only, and persist them at
shutdown. That saves I/O, at the cost of potentially losing marks on an
unclean shutdown.
This change persists marks instantly, which may have some performance overhead
but should be more "correct".
It also splits the marking/unmarking into an event which may be watched or
even fired by other modules.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Thu, 08 Jun 2023 16:20:42 +0100 |
parents | 82482e7e92cb |
children |
rev | line source |
---|---|
2112
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 local adns = require "net.adns"; |
2890
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
2 local async = require "util.async"; |
2891
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2890
diff
changeset
|
3 local inet_pton = require "util.net".pton; |
2892
bf9fc41bf7ad
mod_register_dnsbl: Add support for IPv6 DNSBL
Kim Alvefur <zash@zash.se>
parents:
2891
diff
changeset
|
4 local to_hex = require "util.hex".to; |
2890
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
5 |
2112
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 local rbl = module:get_option_string("registration_rbl"); |
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 |
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 local function reverse(ip, suffix) |
2891
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2890
diff
changeset
|
9 local n, err = inet_pton(ip); |
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2890
diff
changeset
|
10 if not n then return n, err end |
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2890
diff
changeset
|
11 if #n == 4 then |
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2890
diff
changeset
|
12 local a,b,c,d = n:byte(1,4); |
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2890
diff
changeset
|
13 return ("%d.%d.%d.%d.%s"):format(d,c,b,a, suffix); |
2892
bf9fc41bf7ad
mod_register_dnsbl: Add support for IPv6 DNSBL
Kim Alvefur <zash@zash.se>
parents:
2891
diff
changeset
|
14 elseif #n == 16 then |
bf9fc41bf7ad
mod_register_dnsbl: Add support for IPv6 DNSBL
Kim Alvefur <zash@zash.se>
parents:
2891
diff
changeset
|
15 return to_hex(n):reverse():gsub("%x", "%1.") .. suffix; |
2891
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2890
diff
changeset
|
16 end |
2112
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 end |
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 |
2890
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
19 module:hook("user-registering", function (event) |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
20 local session, ip = event.session, event.ip; |
4118
82482e7e92cb
mod_register_dnsbl: Handle missing session in user-registering event (thanks meaz)
Matthew Wild <mwild1@gmail.com>
parents:
2892
diff
changeset
|
21 local log = (session and session.log) or module._log; |
2890
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
22 if not ip then |
4118
82482e7e92cb
mod_register_dnsbl: Handle missing session in user-registering event (thanks meaz)
Matthew Wild <mwild1@gmail.com>
parents:
2892
diff
changeset
|
23 log("debug", "Unable to check DNSBL when IP is unknown"); |
2890
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
24 return; |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
25 end |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
26 local rbl_ip, err = reverse(ip, rbl); |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
27 if not rbl_ip then |
4118
82482e7e92cb
mod_register_dnsbl: Handle missing session in user-registering event (thanks meaz)
Matthew Wild <mwild1@gmail.com>
parents:
2892
diff
changeset
|
28 log("debug", "Unable to check DNSBL for ip %s: %s", ip, err); |
2890
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
29 return; |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
30 end |
2112
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 |
2890
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
32 local wait, done = async.waiter(); |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
33 adns.lookup(function (reply) |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
34 if reply and reply[1] and reply[1].a then |
4118
82482e7e92cb
mod_register_dnsbl: Handle missing session in user-registering event (thanks meaz)
Matthew Wild <mwild1@gmail.com>
parents:
2892
diff
changeset
|
35 log("debug", "DNSBL response: %s IN A %s", rbl_ip, reply[1].a); |
82482e7e92cb
mod_register_dnsbl: Handle missing session in user-registering event (thanks meaz)
Matthew Wild <mwild1@gmail.com>
parents:
2892
diff
changeset
|
36 log("info", "Blocking %s from registering %s (dnsbl hit)", ip, event.username); |
2890
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
37 event.allowed = false; |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
38 event.reason = "Blocked by DNSBL"; |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
39 end |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
40 done(); |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
41 end, rbl_ip); |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2203
diff
changeset
|
42 wait(); |
2112
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 end); |