Mercurial > prosody-modules
annotate mod_log_auth/mod_log_auth.lua @ 5383:df11a2cbc7b7
mod_http_oauth2: Implement RFC 7628 Proof Key for Code Exchange
Likely to become mandatory in OAuth 2.1.
Backwards compatible since the default 'plain' verifier would compare
nil with nil if the relevant parameters are left out.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 29 Apr 2023 13:09:46 +0200 |
parents | 6d1ec8099315 |
children |
rev | line source |
---|---|
1427
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
1 local mode = module:get_option_string("log_auth_ips", "failure"); |
2695
8b21f13b08c5
mod_log_auth: Split some long lines
Kim Alvefur <zash@zash.se>
parents:
2084
diff
changeset
|
2 assert(({ all = true, failure = true, success = true })[mode], |
8b21f13b08c5
mod_log_auth: Split some long lines
Kim Alvefur <zash@zash.se>
parents:
2084
diff
changeset
|
3 "Unknown log mode: "..tostring(mode).." - valid modes are 'all', 'failure', 'success'"); |
407
41feaf7fd8ac
mod_auth_log: New module (currently) to log failed auth attempts and their IP address, requires trunk
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 |
1427
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
5 if mode == "failure" or mode == "all" then |
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
6 module:hook("authentication-failure", function (event) |
2695
8b21f13b08c5
mod_log_auth: Split some long lines
Kim Alvefur <zash@zash.se>
parents:
2084
diff
changeset
|
7 local session = event.session; |
2698
88205b77e385
mod_log_auth: Handle missing sasl handler
Kim Alvefur <zash@zash.se>
parents:
2696
diff
changeset
|
8 local username = session.username or session.sasl_handler and session.sasl_handler.username or "?"; |
3941
6d1ec8099315
mod_log_auth: log hostname, too
tmolitor <thilo@eightysoft.de>
parents:
2699
diff
changeset
|
9 session.log("info", "Failed authentication attempt (%s) for user %s@%s from IP: %s", |
6d1ec8099315
mod_log_auth: log hostname, too
tmolitor <thilo@eightysoft.de>
parents:
2699
diff
changeset
|
10 event.condition or "unknown-condition", username, module.host, session.ip or "?"); |
1427
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
11 end); |
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
12 end |
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
13 |
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
14 if mode == "success" or mode == "all" then |
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
15 module:hook("authentication-success", function (event) |
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
16 local session = event.session; |
3941
6d1ec8099315
mod_log_auth: log hostname, too
tmolitor <thilo@eightysoft.de>
parents:
2699
diff
changeset
|
17 session.log("info", "Successful authentication as %s@%s from IP: %s", session.username, module.host, session.ip or "?"); |
1427
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
18 end); |
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
19 end |