Comparison

mod_firewall/actions.lib.lua @ 5540:1249ab2f797c

mod_firewall: Log warning when attempting to mark/unmark remote users
author Matthew Wild <mwild1@gmail.com>
date Thu, 08 Jun 2023 19:15:12 +0100
parent 5538:40f8b9cc2065
child 5889:bfc35ae9edcb
comparison
equal deleted inserted replaced
5539:fa8435a27f7e 5540:1249ab2f797c
218 function action_handlers.UNMARK_ORIGIN(name) 218 function action_handlers.UNMARK_ORIGIN(name)
219 return [[session.firewall_marked_]]..idsafe(name)..[[ = nil;]] 219 return [[session.firewall_marked_]]..idsafe(name)..[[ = nil;]]
220 end 220 end
221 221
222 function action_handlers.MARK_USER(name) 222 function action_handlers.MARK_USER(name)
223 return ([[fire_event("firewall/marked/user", { 223 return ([[if session.username and session.host == current_host then
224 fire_event("firewall/marked/user", {
224 username = session.username; 225 username = session.username;
225 mark = %q; 226 mark = %q;
226 timestamp = current_timestamp; 227 timestamp = current_timestamp;
227 }); 228 });
228 ]]):format(assert(idsafe(name), "Invalid characters in mark name: "..name)), { "timestamp" }; 229 else
230 log("warn", "Attempt to MARK a remote user - only local users may be marked");
231 end]]):format(assert(idsafe(name), "Invalid characters in mark name: "..name)), {
232 "current_host";
233 "timestamp";
234 };
229 end 235 end
230 236
231 function action_handlers.UNMARK_USER(name) 237 function action_handlers.UNMARK_USER(name)
232 return ([[fire_event("firewall/unmarked/user", { 238 return ([[if session.username and session.host == current_host then
239 fire_event("firewall/unmarked/user", {
233 username = session.username; 240 username = session.username;
234 mark = %q; 241 mark = %q;
235 }); 242 });
236 ]]):format(assert(idsafe(name), "Invalid characters in mark name: "..name)); 243 else
244 log("warn", "Attempt to UNMARK a remote user - only local users may be marked");
245 end]]):format(assert(idsafe(name), "Invalid characters in mark name: "..name));
237 end 246 end
238 247
239 function action_handlers.ADD_TO(spec) 248 function action_handlers.ADD_TO(spec)
240 local list_name, value = spec:match("(%S+) (.+)"); 249 local list_name, value = spec:match("(%S+) (.+)");
241 local meta_deps = {}; 250 local meta_deps = {};