Mercurial > prosody-modules
annotate mod_muc_ban_ip/mod_muc_ban_ip.lua @ 4432:e83284d4d5c2
mod_auth_ccert/README: Add setting to ensure Prosdy asks for client certificate
This used to be the default for all services, but since it triggers
annoying popups in web browsers it was inverted in Prosody and only s2s
enables it, so it needs to be explicitly enabled for c2s again.
See trunk 115b5e32d960
Thanks debacle
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 06 Feb 2021 21:34:25 +0100 |
| parents | a7a06c8cea37 |
| children | 47d9f704d14b |
| rev | line source |
|---|---|
|
1005
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 module:set_global(); |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 local jid_bare = require "util.jid".bare; |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 local st = require "util.stanza"; |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 local xmlns_muc_user = "http://jabber.org/protocol/muc#user"; |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 local ip_bans = module:shared("bans"); |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 local full_sessions = prosody.full_sessions; |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 local function ban_ip(session, from) |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 local ip = session.ip; |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 if not ip then |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 module:log("warn", "Failed to ban IP (IP unknown) for %s", session.full_jid); |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 return; |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 end |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 local banned_from = ip_bans[ip]; |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 if not banned_from then |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 banned_from = {}; |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 ip_bans[ip] = banned_from; |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 end |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 banned_from[from] = true; |
|
3403
823027110e29
mod_muc_ban_ip: Improve logging to use session, and log when a ban is enforced
Matthew Wild <mwild1@gmail.com>
parents:
1651
diff
changeset
|
22 module:log("debug", "Added ban for IP address %s from %s", ip, from); |
|
1005
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 end |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 |
|
1651
933403ee07ec
mod_muc_ban_ip: Cleanup [luacheck]
Kim Alvefur <zash@zash.se>
parents:
1647
diff
changeset
|
25 local function check_for_incoming_ban(event) |
|
1005
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 local stanza = event.stanza; |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 local to_session = full_sessions[stanza.attr.to]; |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 if to_session then |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 local directed = to_session.directed; |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 local from = stanza.attr.from; |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 if directed and directed[from] and stanza.attr.type == "unavailable" then |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 -- This is a stanza from somewhere we sent directed presence to (may be a MUC) |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 local x = stanza:get_child("x", xmlns_muc_user); |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 if x then |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 for status in x:childtags("status") do |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 if status.attr.code == '301' then |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 ban_ip(to_session, jid_bare(from)); |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 end |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 end |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 end |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 end |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 end |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 end |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 |
|
1651
933403ee07ec
mod_muc_ban_ip: Cleanup [luacheck]
Kim Alvefur <zash@zash.se>
parents:
1647
diff
changeset
|
45 local function check_for_ban(event) |
|
3403
823027110e29
mod_muc_ban_ip: Improve logging to use session, and log when a ban is enforced
Matthew Wild <mwild1@gmail.com>
parents:
1651
diff
changeset
|
46 local origin, stanza = event.origin, event.stanza; |
|
823027110e29
mod_muc_ban_ip: Improve logging to use session, and log when a ban is enforced
Matthew Wild <mwild1@gmail.com>
parents:
1651
diff
changeset
|
47 local ip = origin.ip; |
|
823027110e29
mod_muc_ban_ip: Improve logging to use session, and log when a ban is enforced
Matthew Wild <mwild1@gmail.com>
parents:
1651
diff
changeset
|
48 local to = jid_bare(stanza.attr.to); |
|
1005
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 if ip_bans[ip] and ip_bans[ip][to] then |
|
3995
4c9805f29f2d
mod_muc_ban_ip: log fallback to module
Georg Lukas <georg@op-co.de>
parents:
3403
diff
changeset
|
50 (origin.log or module._log)("debug", "IP banned: %s is banned from %s", ip, to) |
|
4323
a7a06c8cea37
mod_muc_ban_ip: Lua is not C, fix typo
Georg Lukas <georg@op-co.de>
parents:
4321
diff
changeset
|
51 if stanza.attr.type ~= "error" then |
|
4321
71498f484c22
mod_muc_ban_ip: do not error() on banned user sending error to MUC
Georg Lukas <georg@op-co.de>
parents:
3995
diff
changeset
|
52 origin.send(st.error_reply(stanza, "auth", "forbidden") |
|
71498f484c22
mod_muc_ban_ip: do not error() on banned user sending error to MUC
Georg Lukas <georg@op-co.de>
parents:
3995
diff
changeset
|
53 :tag("x", { xmlns = xmlns_muc_user }) |
|
71498f484c22
mod_muc_ban_ip: do not error() on banned user sending error to MUC
Georg Lukas <georg@op-co.de>
parents:
3995
diff
changeset
|
54 :tag("status", { code = '301' })); |
|
71498f484c22
mod_muc_ban_ip: do not error() on banned user sending error to MUC
Georg Lukas <georg@op-co.de>
parents:
3995
diff
changeset
|
55 end |
|
1005
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
56 return true; |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
57 end |
|
3995
4c9805f29f2d
mod_muc_ban_ip: log fallback to module
Georg Lukas <georg@op-co.de>
parents:
3403
diff
changeset
|
58 (origin.log or module._log)("debug", "IP not banned: %s from %s", ip, to) |
|
1005
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
59 end |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
60 |
|
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
61 function module.add_host(module) |
|
1647
8860405e2af6
mod_muc_ban_ip: Increase priority of hooks, fixes if eg mod_presence gets called first
Kim Alvefur <zash@zash.se>
parents:
1005
diff
changeset
|
62 module:hook("presence/full", check_for_incoming_ban, 100); |
|
8860405e2af6
mod_muc_ban_ip: Increase priority of hooks, fixes if eg mod_presence gets called first
Kim Alvefur <zash@zash.se>
parents:
1005
diff
changeset
|
63 module:hook("pre-presence/full", check_for_ban, 100); |
|
1005
591590de34ef
mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
64 end |