Software `/` code `/` prosody

Comparison

plugins/mod_admin_adhoc.lua @ 11633:77e38ea34d82

mod_admin_adhoc: Log who performs administrative actions Goal is to have some accountability for these privileged actions.

author	Kim Alvefur <zash@zash.se>
date	Sun, 27 Jun 2021 21:56:45 +0200
parent	11632:21a1b9fb08a1
child	11727:f3aee8a825cc

comparison

equal deleted inserted replaced

-:21a1b9fb08a1
+:77e38ea34d82
 	{ name = "accountjid", type = "jid-single", required = true, label = "The Jabber ID for the account to be added" };
 	{ name = "password", type = "text-private", label = "The password for this account" };
 	{ name = "password-verify", type = "text-private", label = "Retype password" };
 };
-local add_user_command_handler = adhoc_simple(add_user_layout, function(fields, err)
+local add_user_command_handler = adhoc_simple(add_user_layout, function(fields, err, data)
 	if err then
 		return generate_error_message(err);
 	end
 	local username, host = jid.split(fields.accountjid);
 	if module_host ~= host then
 	if (fields["password"] == fields["password-verify"]) and username and host then
 		if usermanager_user_exists(username, host) then
 			return { status = "completed", error = { message = "Account already exists" } };
 		else
 			if usermanager_create_user(username, fields.password, host) then
-				module:log("info", "Created new account %s@%s", username, host);
+				module:log("info", "Created new account %s@%s by %s", username, host, jid.bare(data.from));
 				return { status = "completed", info = "Account successfully created" };
 			else
 				return { status = "completed", error = { message = "Failed to write data to disk" } };
 			end
 		end
 	{ name = "FORM_TYPE", type = "hidden", value = "http://jabber.org/protocol/admin" };
 	{ name = "accountjid", type = "jid-single", required = true, label = "The Jabber ID for this account" };
 	{ name = "password", type = "text-private", required = true, label = "The password for this account" };
 };
-local change_user_password_command_handler = adhoc_simple(change_user_password_layout, function(fields, err)
+local change_user_password_command_handler = adhoc_simple(change_user_password_layout, function(fields, err, data)
 	if err then
 		return generate_error_message(err);
 	end
 	local username, host = jid.split(fields.accountjid);
 	if module_host ~= host then
 				message = "Trying to change the password of a user on " .. host .. " but command was sent to " .. module_host
 			}
 		};
 	end
 	if usermanager_user_exists(username, host) and usermanager_set_password(username, fields.password, host, nil) then
+		module:log("info", "Password of account %s@%s changed by %s", username, host, jid.bare(data.from));
 		return { status = "completed", info = "Password successfully changed" };
 	else
 		return { status = "completed", error = { message = "User does not exist" } };
 	end
 end);
 -- Reloading the config
 local function config_reload_handler(self, data, state)
+	module:log("info", "%s reloads the config", jid.bare(data.from));
 	local ok, err = prosody.reload_config();
 	if ok then
 		return { status = "completed", info = "Configuration reloaded (modules may need to be reloaded for this to have an effect)" };
 	else
 		return { status = "completed", error = { message = "Failed to reload config: " .. tostring(err) } };
 	{ name = "FORM_TYPE", type = "hidden", value = "http://jabber.org/protocol/admin" };
 	{ name = "accountjids", type = "jid-multi", required = true, label = "The Jabber ID(s) to delete" };
 };
-local delete_user_command_handler = adhoc_simple(delete_user_layout, function(fields, err)
+local delete_user_command_handler = adhoc_simple(delete_user_layout, function(fields, err, data)
 	if err then
 		return generate_error_message(err);
 	end
 	local failed = {};
 	local succeeded = {};
 	for _, aJID in ipairs(fields.accountjids) do
 		local username, host = jid.split(aJID);
 		if (host == module_host) and  usermanager_user_exists(username, host) and usermanager_delete_user(username, host) then
-			module:log("debug", "User %s has been deleted", aJID);
+			module:log("info", "User %s has been deleted by %s", aJID, jid.bare(data.from));
 			succeeded[#succeeded+1] = aJID;
 		else
 			module:log("debug", "Tried to delete non-existant user %s", aJID);
 			failed[#failed+1] = aJID;
 		end
 	{ name = "FORM_TYPE", type = "hidden", value = "http://prosody.im/protocol/modules#global-load" };
 	{ name = "module", type = "text-single", required = true, label = "Module to globally load:"};
 };
-local globally_load_module_handler = adhoc_simple(globally_load_module_layout, function(fields, err)
+local globally_load_module_handler = adhoc_simple(globally_load_module_layout, function(fields, err, data)
 	local ok_list, err_list = {}, {};
 	if err then
 		return generate_error_message(err);
 	end
 		err_list[#err_list + 1] = module_host .. " (Error: " .. tostring(err) .. ")";
 	end
 	-- Is this a global module?
 	if modulemanager.is_loaded("*", fields.module) and not modulemanager.is_loaded(module_host, fields.module) then
+		module:log("info", "mod_%s loaded by %s", fields.module, jid.bare(data.from));
 		return { status = "completed", info = 'Global module '..fields.module..' loaded.' };
 	end
 	-- This is either a shared or "normal" module, load it on all other hosts
 	for host_name, host in pairs(hosts) do
 				err_list[#err_list + 1] = host_name .. " (Error: " .. tostring(err) .. ")";
 			end
 		end
 	end
+	module:log("info", "mod_%s loaded by %s", fields.module, jid.bare(data.from));
 	local info = (#ok_list > 0 and ("The module "..fields.module.." was successfully loaded onto the hosts:\n"..t_concat(ok_list, "\n")) or "")
 		.. ((#ok_list > 0 and #err_list > 0) and "\n" or "") ..
 		(#err_list > 0 and ("Failed to load the module "..fields.module.." onto the hosts:\n"..t_concat(err_list, "\n")) or "");
 	return { status = "completed", info = info };
 end);
 	{ name = "modules", type = "list-multi", required = true, label = "Modules to be reloaded:"};
 };
 local reload_modules_handler = adhoc_initial(reload_modules_layout, function()
 	return { modules = array.collect(keys(hosts[module_host].modules)):sort() };
-end, function(fields, err)
+end, function(fields, err, data)
 	if err then
 		return generate_error_message(err);
 	end
 	local ok_list, err_list = {}, {};
 	for _, module in ipairs(fields.modules) do
 			ok_list[#ok_list + 1] = module;
 		else
 			err_list[#err_list + 1] = module .. "(Error: " .. tostring(err) .. ")";
 		end
 	end
+	module:log("info", "mod_%s reloaded by %s", fields.module, jid.bare(data.from));
 	local info = (#ok_list > 0 and ("The following modules were successfully reloaded on host "..module_host..":\n"..t_concat(ok_list, "\n")) or "")
 		.. ((#ok_list > 0 and #err_list > 0) and "\n" or "") ..
 		(#err_list > 0 and ("Failed to reload the following modules on host "..module_host..":\n"..t_concat(err_list, "\n")) or "");
 	return { status = "completed", info = info };
 end);
 	for _, host in pairs(hosts) do
 		loaded_modules:append(array(keys(host.modules)));
 	end
 	loaded_modules = array(set.new(loaded_modules):items()):sort();
 	return { module = loaded_modules };
-end, function(fields, err)
+end, function(fields, err, data)
 	local is_global = false;
 	if err then
 		return generate_error_message(err);
 	end
 		else
 			return { status = "completed", info = 'Module '..fields.module..' not loaded on any host.' };
 		end
 	end
+	module:log("info", "mod_%s reloaded by %s", fields.module, jid.bare(data.from));
 	local info = (#ok_list > 0 and ("The module "..fields.module.." was successfully reloaded on the hosts:\n"..t_concat(ok_list, "\n")) or "")
 		.. ((#ok_list > 0 and #err_list > 0) and "\n" or "") ..
 		(#err_list > 0 and ("Failed to reload the module "..fields.module.." on the hosts:\n"..t_concat(err_list, "\n")) or "");
 	return { status = "completed", info = info };
 end);
 		};
 	};
 	{ name = "announcement", type = "text-multi", label = "Announcement" };
 };
-local shut_down_service_handler = adhoc_simple(shut_down_service_layout, function(fields, err)
+local shut_down_service_handler = adhoc_simple(shut_down_service_layout, function(fields, err, data)
 	if err then
 		return generate_error_message(err);
 	end
+	module:log("info", "Server being shut down by %s", jid.bare(data.from));
 	if fields.announcement and #fields.announcement > 0 then
 		local message = st.message({type = "headline"}, fields.announcement):up()
 			:tag("subject"):text("Server is shutting down");
 		send_to_online(message);
 	{ name = "modules", type = "list-multi", required = true, label = "Modules to be unloaded:"};
 };
 local unload_modules_handler = adhoc_initial(unload_modules_layout, function()
 	return { modules = array.collect(keys(hosts[module_host].modules)):sort() };
-end, function(fields, err)
+end, function(fields, err, data)
 	if err then
 		return generate_error_message(err);
 	end
 	local ok_list, err_list = {}, {};
 	for _, module in ipairs(fields.modules) do
 			ok_list[#ok_list + 1] = module;
 		else
 			err_list[#err_list + 1] = module .. "(Error: " .. tostring(err) .. ")";
 		end
 	end
+	module:log("info", "mod_%s unloaded by %s", fields.module, jid.bare(data.from));
 	local info = (#ok_list > 0 and ("The following modules were successfully unloaded on host "..module_host..":\n"..t_concat(ok_list, "\n")) or "")
 		.. ((#ok_list > 0 and #err_list > 0) and "\n" or "") ..
 		(#err_list > 0 and ("Failed to unload the following modules on host "..module_host..":\n"..t_concat(err_list, "\n")) or "");
 	return { status = "completed", info = info };
 end);
 	for _, host in pairs(hosts) do
 		loaded_modules:append(array(keys(host.modules)));
 	end
 	loaded_modules = array(set.new(loaded_modules):items()):sort();
 	return { module = loaded_modules };
-end, function(fields, err)
+end, function(fields, err, data)
 	local is_global = false;
 	if err then
 		return generate_error_message(err);
 	end
 		else
 			return { status = "completed", info = 'Module '..fields.module..' not loaded on any host.' };
 		end
 	end
+	module:log("info", "mod_%s globally unloaded by %s", fields.module, jid.bare(data.from));
 	local info = (#ok_list > 0 and ("The module "..fields.module.." was successfully unloaded on the hosts:\n"..t_concat(ok_list, "\n")) or "")
 		.. ((#ok_list > 0 and #err_list > 0) and "\n" or "") ..
 		(#err_list > 0 and ("Failed to unload the module "..fields.module.." on the hosts:\n"..t_concat(err_list, "\n")) or "");
 	return { status = "completed", info = info };
 end);
 	{ name = "FORM_TYPE", type = "hidden", value = "http://prosody.im/protocol/hosts#activate" };
 	{ name = "host", type = "text-single", required = true, label = "Host:"};
 };
-local activate_host_handler = adhoc_simple(activate_host_layout, function(fields, err)
+local activate_host_handler = adhoc_simple(activate_host_layout, function(fields, err, data)
 	if err then
 		return generate_error_message(err);
 	end
 	local ok, err = hostmanager_activate(fields.host);
 	if ok then
+		module:log("info", "Host '%s' activated by %s", fields.host, jid.bare(data.from));
 		return { status = "completed", info = fields.host .. " activated" };
 	else
 		return { status = "canceled", error = err }
 	end
 end);
 	{ name = "FORM_TYPE", type = "hidden", value = "http://prosody.im/protocol/hosts#activate" };
 	{ name = "host", type = "text-single", required = true, label = "Host:"};
 };
-local deactivate_host_handler = adhoc_simple(deactivate_host_layout, function(fields, err)
+local deactivate_host_handler = adhoc_simple(deactivate_host_layout, function(fields, err, data)
 	if err then
 		return generate_error_message(err);
 	end
 	local ok, err = hostmanager_deactivate(fields.host);
 	if ok then
+		module:log("info", "Host '%s' deactivated by %s", fields.host, jid.bare(data.from));
 		return { status = "completed", info = fields.host .. " deactivated" };
 	else
 		return { status = "canceled", error = err }
 	end
 end);

prosody

77e38ea34d82

plugins/mod_admin_adhoc.lua

Software / code / prosody

Comparison

plugins/mod_admin_adhoc.lua @ 11633:77e38ea34d82

Software `/` code `/` prosody