mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-03 21:27:38 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

mod_register: Support CIDR notation in white-/blacklists (closes #941)

Browse source
This commit is contained in:
Kim Alvefur 2017-12-01 07:58:52 +01:00
parent 36ff81d81a
commit 19924222a4
1 changed files with 19 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

21
plugins/mod_register.lua
View file

@ -17,6 +17,10 @@ local nodeprep = require "util.encodings".stringprep.nodeprep;
local jid_bare = require "util.jid".bare; local jid_bare = require "util.jid".bare;
local create_throttle = require "util.throttle".create; local create_throttle = require "util.throttle".create;
local new_cache = require "util.cache".new; local new_cache = require "util.cache".new;
local ip_util = require "util.ip";
local new_ip = ip_util.new_ip;
local match_ip = ip_util.match;
local parse_cidr = ip_util.parse_cidr;
local compat = module:get_option_boolean("registration_compat", true); local compat = module:get_option_boolean("registration_compat", true);
local allow_registration = module:get_option_boolean("allow_registration", false); local allow_registration = module:get_option_boolean("allow_registration", false);
@ -208,6 +212,19 @@ local function check_throttle(ip)
return throttle:poll(1); return throttle:poll(1);
end end
local function ip_in_set(set, ip)
if set[ip] then
return true;
end
ip = new_ip(ip);
for in_set in pairs(set) do
if match_ip(ip, parse_cidr(in_set)) then
return true;
end
end
return false;
end
-- In-band registration -- In-band registration
module:hook("stanza/iq/jabber:iq:register:query", function(event) module:hook("stanza/iq/jabber:iq:register:query", function(event)
local session, stanza = event.origin, event.stanza; local session, stanza = event.origin, event.stanza;
@ -239,10 +256,10 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event)
-- Check that the user is not blacklisted or registering too often -- Check that the user is not blacklisted or registering too often
if not session.ip then if not session.ip then
log("debug", "User's IP not known; can't apply blacklist/whitelist"); log("debug", "User's IP not known; can't apply blacklist/whitelist");
elseif blacklisted_ips[session.ip] or (whitelist_only and not whitelisted_ips[session.ip]) then elseif ip_in_set(blacklisted_ips, session.ip) or (whitelist_only and not ip_in_set(whitelisted_ips, session.ip)) then
session.send(st.error_reply(stanza, "cancel", "not-acceptable", "You are not allowed to register an account.")); session.send(st.error_reply(stanza, "cancel", "not-acceptable", "You are not allowed to register an account."));
return true; return true;
elseif throttle_max and not whitelisted_ips[session.ip] then elseif throttle_max and not ip_in_set(whitelisted_ips, session.ip) then
if not check_throttle(session.ip) then if not check_throttle(session.ip) then
log("debug", "Registrations over limit for ip %s", session.ip or "?"); log("debug", "Registrations over limit for ip %s", session.ip or "?");
session.send(st.error_reply(stanza, "wait", "not-acceptable")); session.send(st.error_reply(stanza, "wait", "not-acceptable"));