prosody
4796fdcb7146
plugins/mod_register.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_register.lua @ 8452:4796fdcb7146

mod_register: Support CIDR notation in white-/blacklists (closes #941)
author Kim Alvefur <zash@zash.se>
date Fri, 01 Dec 2017 07:58:52 +0100
parent 8194:ba9cd8447578
child 8464:1a0b76b07b7a
comparison
equal deleted inserted replaced
8451:770f79a9635c 8452:4796fdcb7146
15 local usermanager_delete_user = require "core.usermanager".delete_user; 15 local usermanager_delete_user = require "core.usermanager".delete_user;
16 local nodeprep = require "util.encodings".stringprep.nodeprep; 16 local nodeprep = require "util.encodings".stringprep.nodeprep;
17 local jid_bare = require "util.jid".bare; 17 local jid_bare = require "util.jid".bare;
18 local create_throttle = require "util.throttle".create; 18 local create_throttle = require "util.throttle".create;
19 local new_cache = require "util.cache".new; 19 local new_cache = require "util.cache".new;
20 local ip_util = require "util.ip";
21 local new_ip = ip_util.new_ip;
22 local match_ip = ip_util.match;
23 local parse_cidr = ip_util.parse_cidr;
20 24
21 local compat = module:get_option_boolean("registration_compat", true); 25 local compat = module:get_option_boolean("registration_compat", true);
22 local allow_registration = module:get_option_boolean("allow_registration", false); 26 local allow_registration = module:get_option_boolean("allow_registration", false);
23 local additional_fields = module:get_option("additional_registration_fields", {}); 27 local additional_fields = module:get_option("additional_registration_fields", {});
24 local require_encryption = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); 28 local require_encryption = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
204 if not throttle then 208 if not throttle then
205 throttle = create_throttle(throttle_max, throttle_period); 209 throttle = create_throttle(throttle_max, throttle_period);
206 end 210 end
207 throttle_cache:set(ip, throttle); 211 throttle_cache:set(ip, throttle);
208 return throttle:poll(1); 212 return throttle:poll(1);
213 end
214
215 local function ip_in_set(set, ip)
216 if set[ip] then
217 return true;
218 end
219 ip = new_ip(ip);
220 for in_set in pairs(set) do
221 if match_ip(ip, parse_cidr(in_set)) then
222 return true;
223 end
224 end
225 return false;
209 end 226 end
210 227
211 -- In-band registration 228 -- In-band registration
212 module:hook("stanza/iq/jabber:iq:register:query", function(event) 229 module:hook("stanza/iq/jabber:iq:register:query", function(event)
213 local session, stanza = event.origin, event.stanza; 230 local session, stanza = event.origin, event.stanza;
237 session.send(st.error_reply(stanza, "modify", "not-acceptable")); 254 session.send(st.error_reply(stanza, "modify", "not-acceptable"));
238 else 255 else
239 -- Check that the user is not blacklisted or registering too often 256 -- Check that the user is not blacklisted or registering too often
240 if not session.ip then 257 if not session.ip then
241 log("debug", "User's IP not known; can't apply blacklist/whitelist"); 258 log("debug", "User's IP not known; can't apply blacklist/whitelist");
242 elseif blacklisted_ips[session.ip] or (whitelist_only and not whitelisted_ips[session.ip]) then 259 elseif ip_in_set(blacklisted_ips, session.ip) or (whitelist_only and not ip_in_set(whitelisted_ips, session.ip)) then
243 session.send(st.error_reply(stanza, "cancel", "not-acceptable", "You are not allowed to register an account.")); 260 session.send(st.error_reply(stanza, "cancel", "not-acceptable", "You are not allowed to register an account."));
244 return true; 261 return true;
245 elseif throttle_max and not whitelisted_ips[session.ip] then 262 elseif throttle_max and not ip_in_set(whitelisted_ips, session.ip) then
246 if not check_throttle(session.ip) then 263 if not check_throttle(session.ip) then
247 log("debug", "Registrations over limit for ip %s", session.ip or "?"); 264 log("debug", "Registrations over limit for ip %s", session.ip or "?");
248 session.send(st.error_reply(stanza, "wait", "not-acceptable")); 265 session.send(st.error_reply(stanza, "wait", "not-acceptable"));
249 return true; 266 return true;
250 end 267 end