prosody-modules
694f8fab07d4
mod_limit_auth/mod_limit_auth.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_limit_auth/mod_limit_auth.lua @ 6251:694f8fab07d4

: mod_sasl2*** : Update Compability for all of them diff --git a/mod_sasl2/README.md b/mod_sasl2/README.md --- a/mod_sasl2/README.md +++ b/mod_sasl2/README.md @@ -31,6 +31,7 @@ This module requires Prosody **trunk** a Prosody Version Status ----------------------- ---------------- - trunk as of 2024-11-24 Works + trunk as of 2025-05-25 Works + 0.13 Works 0.12 Does not work ----------------------- ---------------- diff --git a/mod_sasl2_bind2/README.md b/mod_sasl2_bind2/README.md --- a/mod_sasl2_bind2/README.md +++ b/mod_sasl2_bind2/README.md @@ -16,5 +16,6 @@ This module depends on [mod_sasl2]. It e Prosody-Version Status --------------- ---------------------- - trunk Works as of 2024-12-21 + trunk Works as of 2025-05-25 + 0.13 Works 0.12 Does not work diff --git a/mod_sasl2_fast/README.md b/mod_sasl2_fast/README.md --- a/mod_sasl2_fast/README.md +++ b/mod_sasl2_fast/README.md @@ -33,5 +33,6 @@ clients being logged out unexpectedly. Prosody-Version Status --------------- ---------------------- - trunk Works as of 2024-12-21 + trunk Works as of 2025-05-25 + 0.13 Work 0.12 Does not work diff --git a/mod_sasl2_sm/README.md b/mod_sasl2_sm/README.md --- a/mod_sasl2_sm/README.md +++ b/mod_sasl2_sm/README.md @@ -17,5 +17,6 @@ configuration options. Prosody-Version Status --------------- ---------------------- - trunk Works as of 2024-12-21 + trunk Works as of 2025-05-25 + 0.13 Work 0.12 Does not work diff --git a/mod_sasl_ssdp/README.md b/mod_sasl_ssdp/README.md --- a/mod_sasl_ssdp/README.md +++ b/mod_sasl_ssdp/README.md @@ -18,8 +18,8 @@ There are no configuration options for t # Compatibility -For SASL2 (XEP-0388) clients, it is compatible with the mod_sasl2 community module. - -For clients using RFC 6120 SASL, it requires Prosody trunk 33e5edbd6a4a or -later. It is not compatible with Prosody 0.12 (it will load, but simply -won't do anything) for "legacy SASL". + Prosody-Version Status + --------------- ---------------------- + trunk Works as of 2025-05-25 + 0.13 Works + 0.12 Does not work
author Menel <menel@snikket.de>
date Mon, 12 May 2025 11:07:45 +0200
parent 1941:2a5a44d5b935
line wrap: on
line source

-- mod_limit_auth

local st = require"util.stanza";
local new_throttle = require "util.throttle".create;

local period = math.max(module:get_option_number(module.name.."_period", 30), 0);
local max = math.max(module:get_option_number(module.name.."_max", 5), 1);

local tarpit_delay = module:get_option_number(module.name.."_tarpit_delay", nil);
if tarpit_delay then
	local waiter = require "util.async".waiter;
	local delay = tarpit_delay;
	function tarpit_delay()
		local wait, done = waiter();
		module:add_timer(delay, done);
		wait();
	end
else
	function tarpit_delay() end
end

local throttles = module:shared"throttles";

local reply = st.stanza("failure", { xmlns = "urn:ietf:params:xml:ns:xmpp-sasl" }):tag("temporary-auth-failure");

local function get_throttle(ip)
	local throttle = throttles[ip];
	if not throttle then
		throttle = new_throttle(max, period);
		throttles[ip] = throttle;
	end
	return throttle;
end

module:hook("stanza/urn:ietf:params:xml:ns:xmpp-sasl:auth", function (event)
	local origin = event.origin;
	if origin.type ~= "c2s_unauthed" then return end
	if not get_throttle(origin.ip):peek(1) then
		origin.log("warn", "Too many authentication attepmts for ip %s", origin.ip);
		tarpit_delay();
		origin.send(reply);
		return true;
	end
end, 10);

module:hook("authentication-failure", function (event)
	get_throttle(event.session.ip):poll(1);
end);

module:add_timer(14400, function (now)
	local old = now - 86400;
	for ip, throttle in pairs(throttles) do
		if throttle.t < old then
			throttles[ip] = nil;
		end
	end
end);