Mercurial > prosody-modules
annotate mod_srvinjection/mod_srvinjection.lua @ 5401:c8d04ac200fc
mod_http_oauth2: Reject loopback URIs as client_uri
This really should be a proper website with info, https://localhost is
not good enough. Ideally we'd validate that it's got proper DNS and is
actually reachable, but triggering HTTP or even DNS lookups seems like
it would carry abuse potential that would best to avoid.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 02 May 2023 16:20:55 +0200 |
| parents | 47fb4f36dacd |
| children |
| rev | line source |
|---|---|
|
96
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
1 |
|
662
b3d130e4b3ae
mod_srvinjection: Use module:set_global()
Florian Zeitz <florob@babelmonkeys.de>
parents:
337
diff
changeset
|
2 module:set_global(); |
|
96
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
3 |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
4 local adns = require "net.adns"; |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
5 |
|
1248
69f7840923f5
mod_srvinjection: Make the map a shared table so that other plugins can use/modify it
daurnimator <quae@daurnimator.com>
parents:
662
diff
changeset
|
6 local map_config = module:get_option("srvinjection") or {}; |
|
69f7840923f5
mod_srvinjection: Make the map a shared table so that other plugins can use/modify it
daurnimator <quae@daurnimator.com>
parents:
662
diff
changeset
|
7 local map = module:shared "s2s_map" |
|
96
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
8 |
|
1248
69f7840923f5
mod_srvinjection: Make the map a shared table so that other plugins can use/modify it
daurnimator <quae@daurnimator.com>
parents:
662
diff
changeset
|
9 for host, mapping in pairs(map_config) do |
|
96
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
10 if type(mapping) == "table" and type(mapping[1]) == "string" and (type(mapping[2]) == "number") then |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
11 local connecthost, connectport = mapping[1], mapping[2] or 5269; |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
12 map[host] = {{ |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
13 srv = { |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
14 target = connecthost.."."; |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
15 port = connectport; |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
16 priority = 1; |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
17 weight = 0; |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
18 }; |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
19 }}; |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
20 else |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
21 module:log("warn", "Ignoring invalid SRV injection for host '%s'", host); |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
22 map[host] = nil; |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
23 end |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
24 end |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
25 |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
26 local original_lookup = adns.lookup; |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
27 function adns.lookup(handler, qname, qtype, qclass) |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
28 if qtype == "SRV" then |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
29 local host = qname:match("^_xmpp%-server%._tcp%.(.*)%.$"); |
|
337
beb5073b866a
mod_srvinjection: Fix type in variable name.
Waqas Hussain <waqas20@gmail.com>
parents:
336
diff
changeset
|
30 local mapping = map[host] or map["*"]; |
|
96
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
31 if mapping then |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
32 handler(mapping); |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
33 return; |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
34 end |
|
1592
47fb4f36dacd
Add support for IPv4 addresses in SRV injections
Ashley Ward <ashley.ward@surevine.com>
parents:
1325
diff
changeset
|
35 elseif qtype == "A" then |
|
47fb4f36dacd
Add support for IPv4 addresses in SRV injections
Ashley Ward <ashley.ward@surevine.com>
parents:
1325
diff
changeset
|
36 if (qname == "localhost." or qname == "127.0.0.1.") then |
|
47fb4f36dacd
Add support for IPv4 addresses in SRV injections
Ashley Ward <ashley.ward@surevine.com>
parents:
1325
diff
changeset
|
37 handler({{ a = "127.0.0.1" }}); |
|
47fb4f36dacd
Add support for IPv4 addresses in SRV injections
Ashley Ward <ashley.ward@surevine.com>
parents:
1325
diff
changeset
|
38 return; |
|
47fb4f36dacd
Add support for IPv4 addresses in SRV injections
Ashley Ward <ashley.ward@surevine.com>
parents:
1325
diff
changeset
|
39 end |
|
47fb4f36dacd
Add support for IPv4 addresses in SRV injections
Ashley Ward <ashley.ward@surevine.com>
parents:
1325
diff
changeset
|
40 local ip = qname:match("^(%d+.%d+.%d+.%d+).$"); |
|
47fb4f36dacd
Add support for IPv4 addresses in SRV injections
Ashley Ward <ashley.ward@surevine.com>
parents:
1325
diff
changeset
|
41 if ip then |
|
47fb4f36dacd
Add support for IPv4 addresses in SRV injections
Ashley Ward <ashley.ward@surevine.com>
parents:
1325
diff
changeset
|
42 handler({{ a = ip }}); |
|
47fb4f36dacd
Add support for IPv4 addresses in SRV injections
Ashley Ward <ashley.ward@surevine.com>
parents:
1325
diff
changeset
|
43 return; |
|
47fb4f36dacd
Add support for IPv4 addresses in SRV injections
Ashley Ward <ashley.ward@surevine.com>
parents:
1325
diff
changeset
|
44 end |
|
96
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
45 end |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
46 return original_lookup(handler, qname, qtype, qclass); |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
47 end |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
48 |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
49 function module.unload() |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
50 adns.lookup = original_lookup; |
|
c1f4edf3bea7
mod_srvinjection: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
51 end |