author | Kim Alvefur <zash@zash.se> |
Sun, 03 Dec 2023 23:51:54 +0100 | |
changeset 5771 | a967bb4972c5 |
parent 4122 | 82482e7e92cb |
permissions | -rw-r--r-- |
2116
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 |
local adns = require "net.adns"; |
2894
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2207
diff
changeset
|
2 |
local async = require "util.async"; |
2895
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2894
diff
changeset
|
3 |
local inet_pton = require "util.net".pton; |
2896
bf9fc41bf7ad
mod_register_dnsbl: Add support for IPv6 DNSBL
Kim Alvefur <zash@zash.se>
parents:
2895
diff
changeset
|
4 |
local to_hex = require "util.hex".to; |
2894
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2207
diff
changeset
|
5 |
|
2116
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 |
local rbl = module:get_option_string("registration_rbl"); |
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 |
|
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 |
local function reverse(ip, suffix) |
2895
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2894
diff
changeset
|
9 |
local n, err = inet_pton(ip); |
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2894
diff
changeset
|
10 |
if not n then return n, err end |
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2894
diff
changeset
|
11 |
if #n == 4 then |
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2894
diff
changeset
|
12 |
local a,b,c,d = n:byte(1,4); |
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2894
diff
changeset
|
13 |
return ("%d.%d.%d.%d.%s"):format(d,c,b,a, suffix); |
2896
bf9fc41bf7ad
mod_register_dnsbl: Add support for IPv6 DNSBL
Kim Alvefur <zash@zash.se>
parents:
2895
diff
changeset
|
14 |
elseif #n == 16 then |
bf9fc41bf7ad
mod_register_dnsbl: Add support for IPv6 DNSBL
Kim Alvefur <zash@zash.se>
parents:
2895
diff
changeset
|
15 |
return to_hex(n):reverse():gsub("%x", "%1.") .. suffix; |
2895
84670bac7348
mod_register_dnsbl: Use util.net for IP address parsing
Kim Alvefur <zash@zash.se>
parents:
2894
diff
changeset
|
16 |
end |
2116
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 |
end |
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 |
|
2894
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2207
diff
changeset
|
19 |
module:hook("user-registering", function (event) |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2207
diff
changeset
|
20 |
local session, ip = event.session, event.ip; |
4122
82482e7e92cb
mod_register_dnsbl: Handle missing session in user-registering event (thanks meaz)
Matthew Wild <mwild1@gmail.com>
parents:
2896
diff
changeset
|
21 |
local log = (session and session.log) or module._log; |
2894
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2207
diff
changeset
|
22 |
if not ip then |
4122
82482e7e92cb
mod_register_dnsbl: Handle missing session in user-registering event (thanks meaz)
Matthew Wild <mwild1@gmail.com>
parents:
2896
diff
changeset
|
23 |
log("debug", "Unable to check DNSBL when IP is unknown"); |
2894
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2207
diff
changeset
|
24 |
return; |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2207
diff
changeset
|
25 |
end |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2207
diff
changeset
|
26 |
local rbl_ip, err = reverse(ip, rbl); |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2207
diff
changeset
|
27 |
if not rbl_ip then |
4122
82482e7e92cb
mod_register_dnsbl: Handle missing session in user-registering event (thanks meaz)
Matthew Wild <mwild1@gmail.com>
parents:
2896
diff
changeset
|
28 |
log("debug", "Unable to check DNSBL for ip %s: %s", ip, err); |
2894
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2207
diff
changeset
|
29 |
return; |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2207
diff
changeset
|
30 |
end |
2116
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 |
|
2894
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2207
diff
changeset
|
32 |
local wait, done = async.waiter(); |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2207
diff
changeset
|
33 |
adns.lookup(function (reply) |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2207
diff
changeset
|
34 |
if reply and reply[1] and reply[1].a then |
4122
82482e7e92cb
mod_register_dnsbl: Handle missing session in user-registering event (thanks meaz)
Matthew Wild <mwild1@gmail.com>
parents:
2896
diff
changeset
|
35 |
log("debug", "DNSBL response: %s IN A %s", rbl_ip, reply[1].a); |
82482e7e92cb
mod_register_dnsbl: Handle missing session in user-registering event (thanks meaz)
Matthew Wild <mwild1@gmail.com>
parents:
2896
diff
changeset
|
36 |
log("info", "Blocking %s from registering %s (dnsbl hit)", ip, event.username); |
2894
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2207
diff
changeset
|
37 |
event.allowed = false; |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2207
diff
changeset
|
38 |
event.reason = "Blocked by DNSBL"; |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2207
diff
changeset
|
39 |
end |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2207
diff
changeset
|
40 |
done(); |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2207
diff
changeset
|
41 |
end, rbl_ip); |
6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
Kim Alvefur <zash@zash.se>
parents:
2207
diff
changeset
|
42 |
wait(); |
2116
0890c4860f14
mod_register_dnsbl: Initial commit of module to check users registering against an DNS block list
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 |
end); |