view mod_log_auth/mod_log_auth.lua @ 5160:8474a3b80200

mod_firewall: Fix 'is_admin' internal dependency rule #1797 (thanks diane) Looks like the boolean logic was inverted here. Instead, for now, simply check if is_admin is there. It is deprecated in trunk and was briefly removed before being brought back with a 'deprecated' warning as part of the new roles and permissions work. Making this dependency conditioned on the existence of the underlying function should make it work until it actually goes away for real.
author Kim Alvefur <zash@zash.se>
date Fri, 27 Jan 2023 23:06:25 +0100
parents 6d1ec8099315
children
line wrap: on
line source

local mode = module:get_option_string("log_auth_ips", "failure");
assert(({ all = true, failure = true, success = true })[mode],
	"Unknown log mode: "..tostring(mode).." - valid modes are 'all', 'failure', 'success'");

if mode == "failure" or mode == "all" then
	module:hook("authentication-failure", function (event)
		local session = event.session;
		local username = session.username or session.sasl_handler and session.sasl_handler.username or "?";
		session.log("info", "Failed authentication attempt (%s) for user %s@%s from IP: %s",
			event.condition or "unknown-condition", username, module.host,  session.ip or "?");
	end);
end

if mode == "success" or mode == "all" then
	module:hook("authentication-success", function (event)
		local session = event.session;
		session.log("info", "Successful authentication as %s@%s from IP: %s", session.username, module.host, session.ip or "?");
	end);
end