Software /
code /
prosody
Annotate
plugins/mod_mimicking.lua @ 13127:f45a29b32f7a
mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Supporting both methods at the same time may open to spoofing attacks,
whereby a client sends a Forwarded header that is not stripped by a
reverse proxy, leading Prosody to use that instead of the X-Forwarded-*
headers actually sent by the proxy.
By only supporting one at a time, it can be configured to match what the
proxy uses.
Disabled by default since implementations are sparse and X-Forwarded-*
are everywhere.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 03 Jun 2023 21:53:20 +0200 |
parent | 12977:74b9e05af71e |
rev | line source |
---|---|
9980
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 -- Prosody IM |
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 -- Copyright (C) 2012 Florian Zeitz |
9981
8758febbaca2
mod_mimicking: Import skeleton() from current location
Kim Alvefur <zash@zash.se>
parents:
9980
diff
changeset
|
3 -- Copyright (C) 2019 Kim Alvefur |
9980
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 -- |
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 -- This project is MIT/X11 licensed. Please see the |
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 -- COPYING file in the source package for more information. |
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 -- |
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 |
12977
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
11848
diff
changeset
|
9 local encodings = require "prosody.util.encodings"; |
9981
8758febbaca2
mod_mimicking: Import skeleton() from current location
Kim Alvefur <zash@zash.se>
parents:
9980
diff
changeset
|
10 assert(encodings.confusable, "This module requires that Prosody be built with ICU"); |
8758febbaca2
mod_mimicking: Import skeleton() from current location
Kim Alvefur <zash@zash.se>
parents:
9980
diff
changeset
|
11 local skeleton = encodings.confusable.skeleton; |
8758febbaca2
mod_mimicking: Import skeleton() from current location
Kim Alvefur <zash@zash.se>
parents:
9980
diff
changeset
|
12 |
12977
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
11848
diff
changeset
|
13 local usage = require "prosody.util.prosodyctl".show_usage; |
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
11848
diff
changeset
|
14 local usermanager = require "prosody.core.usermanager"; |
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
11848
diff
changeset
|
15 local storagemanager = require "prosody.core.storagemanager"; |
9980
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 |
9984
bbabd35b30ae
mod_mimicking: Update command to work with current code
Kim Alvefur <zash@zash.se>
parents:
9983
diff
changeset
|
17 local skeletons |
bbabd35b30ae
mod_mimicking: Update command to work with current code
Kim Alvefur <zash@zash.se>
parents:
9983
diff
changeset
|
18 function module.load() |
bbabd35b30ae
mod_mimicking: Update command to work with current code
Kim Alvefur <zash@zash.se>
parents:
9983
diff
changeset
|
19 if module.host ~= "*" then |
bbabd35b30ae
mod_mimicking: Update command to work with current code
Kim Alvefur <zash@zash.se>
parents:
9983
diff
changeset
|
20 skeletons = module:open_store("skeletons"); |
bbabd35b30ae
mod_mimicking: Update command to work with current code
Kim Alvefur <zash@zash.se>
parents:
9983
diff
changeset
|
21 end |
bbabd35b30ae
mod_mimicking: Update command to work with current code
Kim Alvefur <zash@zash.se>
parents:
9983
diff
changeset
|
22 end |
9983
f7d11503fdce
mod_mimicking: Use new storage API
Kim Alvefur <zash@zash.se>
parents:
9982
diff
changeset
|
23 |
9980
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 module:hook("user-registered", function(user) |
9986
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
25 local skel = skeleton(user.username); |
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
26 local ok, err = skeletons:set(skel, { username = user.username }); |
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
27 if not ok then |
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
28 module:log("error", "Unable to store mimicry data (%q => %q): %s", user.username, skel, err); |
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
29 end |
9980
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 end); |
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 |
11848
b4d4f0339e16
mod_mimicking: Correctly hook the *global* user-deleted event
Kim Alvefur <zash@zash.se>
parents:
9986
diff
changeset
|
32 module:hook_global("user-deleted", function(user) |
b4d4f0339e16
mod_mimicking: Correctly hook the *global* user-deleted event
Kim Alvefur <zash@zash.se>
parents:
9986
diff
changeset
|
33 if user.host ~= module.host then return end |
9986
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
34 local skel = skeleton(user.username); |
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
35 local ok, err = skeletons:set(skel, nil); |
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
36 if not ok and err then |
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
37 module:log("error", "Unable to clear mimicry data (%q): %s", skel, err); |
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
38 end |
9980
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 end); |
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 |
9982
d09575dae242
mod_mimicking: Hook the correct event names
Kim Alvefur <zash@zash.se>
parents:
9981
diff
changeset
|
41 module:hook("user-registering", function(user) |
9986
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
42 local existing, err = skeletons:get(skeleton(user.username)); |
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
43 if existing then |
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
44 module:log("debug", "Attempt to register username '%s' which could be confused with '%s'", user.username, existing.username); |
9980
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 user.allowed = false; |
9986
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
46 elseif err then |
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
47 module:log("error", "Unable to check if new username '%s' can be confused with any existing user: %s", err); |
9980
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 end |
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 end); |
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 |
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 function module.command(arg) |
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 if (arg[1] ~= "bootstrap" or not arg[2]) then |
9986
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
53 usage("mod_mimicking bootstrap <host>", "Initialize username mimicry database"); |
9980
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 return; |
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 end |
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 |
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 local host = arg[2]; |
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 |
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 local host_session = prosody.hosts[host]; |
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 if not host_session then |
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 return "No such host"; |
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 end |
9984
bbabd35b30ae
mod_mimicking: Update command to work with current code
Kim Alvefur <zash@zash.se>
parents:
9983
diff
changeset
|
63 |
9980
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 storagemanager.initialize_host(host); |
9984
bbabd35b30ae
mod_mimicking: Update command to work with current code
Kim Alvefur <zash@zash.se>
parents:
9983
diff
changeset
|
65 usermanager.initialize_host(host); |
9980
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 |
9984
bbabd35b30ae
mod_mimicking: Update command to work with current code
Kim Alvefur <zash@zash.se>
parents:
9983
diff
changeset
|
67 skeletons = storagemanager.open(host, "skeletons"); |
bbabd35b30ae
mod_mimicking: Update command to work with current code
Kim Alvefur <zash@zash.se>
parents:
9983
diff
changeset
|
68 |
9986
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
69 local count = 0; |
9984
bbabd35b30ae
mod_mimicking: Update command to work with current code
Kim Alvefur <zash@zash.se>
parents:
9983
diff
changeset
|
70 for user in usermanager.users(host) do |
9986
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
71 local skel = skeleton(user); |
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
72 local existing, err = skeletons:get(skel); |
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
73 if existing and existing.username ~= user then |
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
74 module:log("warn", "Existing usernames '%s' and '%s' are confusable", existing.username, user); |
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
75 elseif err then |
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
76 module:log("error", "Error checking for existing mimicry data (%q = %q): %s", user, skel, err); |
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
77 end |
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
78 local ok, err = skeletons:set(skel, { username = user }); |
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
79 if ok then |
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
80 count = count + 1; |
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
81 elseif err then |
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
82 module:log("error", "Unable to store mimicry data (%q => %q): %s", user, skel, err); |
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
83 end |
9980
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
84 end |
9986
9cb639ef5c72
mod_mimicking: Improve error handling
Kim Alvefur <zash@zash.se>
parents:
9985
diff
changeset
|
85 module:log("info", "%d usernames indexed", count); |
9980
73a447249fe4
mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
86 end |