Mercurial > prosody-modules
annotate mod_audit_auth/mod_audit_auth.lua @ 5767:a967bb4972c5
mod_http_oauth2: Reject unparsable URLs
This used to be caught by luaPattern=https:// in the schema but that's
been removed for some reason
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 03 Dec 2023 23:51:54 +0100 |
| parents | 238c4ac8b735 |
| children | f199bff16f1f |
| rev | line source |
|---|---|
|
5712
b357ff3d0c8a
mod_audit_auth: Include hostpart with audit events
Kim Alvefur <zash@zash.se>
parents:
4934
diff
changeset
|
1 local jid = require"util.jid"; |
|
5749
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5748
diff
changeset
|
2 local st = require "util.stanza"; |
|
5712
b357ff3d0c8a
mod_audit_auth: Include hostpart with audit events
Kim Alvefur <zash@zash.se>
parents:
4934
diff
changeset
|
3 |
|
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
4 module:depends("audit"); |
|
4934
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4933
diff
changeset
|
5 -- luacheck: read globals module.audit |
|
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
6 |
|
5748
dfbced5e54b9
mod_audit_auth: Ignore FAST authentication events by default
Matthew Wild <mwild1@gmail.com>
parents:
5712
diff
changeset
|
7 local only_passwords = module:get_option_boolean("audit_auth_passwords_only", true); |
|
dfbced5e54b9
mod_audit_auth: Ignore FAST authentication events by default
Matthew Wild <mwild1@gmail.com>
parents:
5712
diff
changeset
|
8 |
|
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
9 module:hook("authentication-failure", function(event) |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
10 local session = event.session; |
|
5712
b357ff3d0c8a
mod_audit_auth: Include hostpart with audit events
Kim Alvefur <zash@zash.se>
parents:
4934
diff
changeset
|
11 module:audit(jid.join(session.sasl_handler.username, module.host), "authentication-failure", { |
|
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
12 session = session, |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
13 }); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
14 end) |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
15 |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
16 module:hook("authentication-success", function(event) |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
17 local session = event.session; |
|
5748
dfbced5e54b9
mod_audit_auth: Ignore FAST authentication events by default
Matthew Wild <mwild1@gmail.com>
parents:
5712
diff
changeset
|
18 if only_passwords and session.sasl_handler.fast then |
|
dfbced5e54b9
mod_audit_auth: Ignore FAST authentication events by default
Matthew Wild <mwild1@gmail.com>
parents:
5712
diff
changeset
|
19 return; |
|
dfbced5e54b9
mod_audit_auth: Ignore FAST authentication events by default
Matthew Wild <mwild1@gmail.com>
parents:
5712
diff
changeset
|
20 end |
|
5712
b357ff3d0c8a
mod_audit_auth: Include hostpart with audit events
Kim Alvefur <zash@zash.se>
parents:
4934
diff
changeset
|
21 module:audit(jid.join(session.sasl_handler.username, module.host), "authentication-success", { |
|
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
22 session = session, |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
23 }); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
24 end) |
|
5749
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5748
diff
changeset
|
25 |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5748
diff
changeset
|
26 module:hook("client_management/new-client", function (event) |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5748
diff
changeset
|
27 local session, client = event.session, event.client; |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5748
diff
changeset
|
28 |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5748
diff
changeset
|
29 local client_info = st.stanza("client", { id = client.id }); |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5748
diff
changeset
|
30 if client.user_agent then |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5748
diff
changeset
|
31 client_info:text_tag("agent", client.user_agent); |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5748
diff
changeset
|
32 end |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5748
diff
changeset
|
33 if client.legacy then |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5748
diff
changeset
|
34 client_info:text_tag("legacy"); |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5748
diff
changeset
|
35 end |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5748
diff
changeset
|
36 |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5748
diff
changeset
|
37 module:audit(jid.join(session.username, module.host), "new-client", { |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5748
diff
changeset
|
38 session = session; |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5748
diff
changeset
|
39 custom = { |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5748
diff
changeset
|
40 }; |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5748
diff
changeset
|
41 }); |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5748
diff
changeset
|
42 end); |