prosody-modules
09d6bbd6c8a4
mod_register_dnsbl/mod_register_dnsbl.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

Annotate

mod_register_dnsbl/mod_register_dnsbl.lua @ 5185:09d6bbd6c8a4

mod_http_oauth2: Fix treatment of 'redirect_uri' parameter in code flow It's optional and the one stored in the client registration should really be used instead. RFC 6749 says an URI provided as parameter MUST be validated against the stored one but does not say how. Given that the client needs their secret to proceed, it seems fine to leave this for later.
author Kim Alvefur <zash@zash.se>
date Thu, 02 Mar 2023 22:00:42 +0100
parent 4118:82482e7e92cb
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2112
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 local adns = require "net.adns";
2890
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
2 local async = require "util.async";
2891
84670bac7348 mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents: 2890
diff changeset
3 local inet_pton = require "util.net".pton;
2892
bf9fc41bf7ad mod_register_dnsbl: Add support for IPv6 DNSBL
Kim Alvefur <zash@zash.se>
parents: 2891
diff changeset
4 local to_hex = require "util.hex".to;
2890
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
5
2112
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 local rbl = module:get_option_string("registration_rbl");
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 local function reverse(ip, suffix)
2891
84670bac7348 mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents: 2890
diff changeset
9 local n, err = inet_pton(ip);
84670bac7348 mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents: 2890
diff changeset
10 if not n then return n, err end
84670bac7348 mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents: 2890
diff changeset
11 if #n == 4 then
84670bac7348 mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents: 2890
diff changeset
12 local a,b,c,d = n:byte(1,4);
84670bac7348 mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents: 2890
diff changeset
13 return ("%d.%d.%d.%d.%s"):format(d,c,b,a, suffix);
2892
bf9fc41bf7ad mod_register_dnsbl: Add support for IPv6 DNSBL
Kim Alvefur <zash@zash.se>
parents: 2891
diff changeset
14 elseif #n == 16 then
bf9fc41bf7ad mod_register_dnsbl: Add support for IPv6 DNSBL
Kim Alvefur <zash@zash.se>
parents: 2891
diff changeset
15 return to_hex(n):reverse():gsub("%x", "%1.") .. suffix;
2891
84670bac7348 mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents: 2890
diff changeset
16 end
2112
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 end
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18
2890
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
19 module:hook("user-registering", function (event)
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
20 local session, ip = event.session, event.ip;
4118
82482e7e92cb mod_register_dnsbl: Handle missing session in user-registering event (thanks meaz)
Matthew Wild <mwild1@gmail.com>
parents: 2892
diff changeset
21 local log = (session and session.log) or module._log;
2890
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
22 if not ip then
4118
82482e7e92cb mod_register_dnsbl: Handle missing session in user-registering event (thanks meaz)
Matthew Wild <mwild1@gmail.com>
parents: 2892
diff changeset
23 log("debug", "Unable to check DNSBL when IP is unknown");
2890
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
24 return;
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
25 end
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
26 local rbl_ip, err = reverse(ip, rbl);
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
27 if not rbl_ip then
4118
82482e7e92cb mod_register_dnsbl: Handle missing session in user-registering event (thanks meaz)
Matthew Wild <mwild1@gmail.com>
parents: 2892
diff changeset
28 log("debug", "Unable to check DNSBL for ip %s: %s", ip, err);
2890
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
29 return;
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
30 end
2112
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31
2890
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
32 local wait, done = async.waiter();
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
33 adns.lookup(function (reply)
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
34 if reply and reply[1] and reply[1].a then
4118
82482e7e92cb mod_register_dnsbl: Handle missing session in user-registering event (thanks meaz)
Matthew Wild <mwild1@gmail.com>
parents: 2892
diff changeset
35 log("debug", "DNSBL response: %s IN A %s", rbl_ip, reply[1].a);
82482e7e92cb mod_register_dnsbl: Handle missing session in user-registering event (thanks meaz)
Matthew Wild <mwild1@gmail.com>
parents: 2892
diff changeset
36 log("info", "Blocking %s from registering %s (dnsbl hit)", ip, event.username);
2890
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
37 event.allowed = false;
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
38 event.reason = "Blocked by DNSBL";
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
39 end
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
40 done();
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
41 end, rbl_ip);
6412595e2046 mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents: 2203
diff changeset
42 wait();
2112
0890c4860f14 mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 end);