Changeset

5772:238c4ac8b735

mod_audit_auth: Add audit record when a client connects that has not been seen before
author Matthew Wild <mwild1@gmail.com>
date Fri, 01 Dec 2023 11:59:02 +0000
parents 5771:dfbced5e54b9
children 5773:c89077b4f46e
files mod_audit_auth/README.md mod_audit_auth/mod_audit_auth.lua
diffstat 2 files changed, 23 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mod_audit_auth/README.md	Fri Dec 01 11:34:52 2023 +0000
+++ b/mod_audit_auth/README.md	Fri Dec 01 11:59:02 2023 +0000
@@ -7,3 +7,7 @@
 
 This module stores authentication failures and authentication successes in the
 audit log provided by `mod_audit`.
+
+If mod_client_management is loaded, it will also record entries when a new
+client is connected to the user's account for the first time. For non-SASL2
+clients, this may have false positives.
--- a/mod_audit_auth/mod_audit_auth.lua	Fri Dec 01 11:34:52 2023 +0000
+++ b/mod_audit_auth/mod_audit_auth.lua	Fri Dec 01 11:59:02 2023 +0000
@@ -1,4 +1,5 @@
 local jid = require"util.jid";
+local st = require "util.stanza";
 
 module:depends("audit");
 -- luacheck: read globals module.audit
@@ -21,3 +22,21 @@
 		session = session,
 	});
 end)
+
+module:hook("client_management/new-client", function (event)
+	local session, client = event.session, event.client;
+
+	local client_info = st.stanza("client", { id = client.id });
+	if client.user_agent then
+		client_info:text_tag("agent", client.user_agent);
+	end
+	if client.legacy then
+		client_info:text_tag("legacy");
+	end
+
+	module:audit(jid.join(session.username, module.host), "new-client", {
+		session = session;
+		custom = {
+		};
+	});
+end);