mod_audit_auth: Add audit record when a client connects that has not been seen before
--- a/mod_audit_auth/README.md Fri Dec 01 11:34:52 2023 +0000
+++ b/mod_audit_auth/README.md Fri Dec 01 11:59:02 2023 +0000
@@ -7,3 +7,7 @@
This module stores authentication failures and authentication successes in the
audit log provided by `mod_audit`.
+
+If mod_client_management is loaded, it will also record entries when a new
+client is connected to the user's account for the first time. For non-SASL2
+clients, this may have false positives.
--- a/mod_audit_auth/mod_audit_auth.lua Fri Dec 01 11:34:52 2023 +0000
+++ b/mod_audit_auth/mod_audit_auth.lua Fri Dec 01 11:59:02 2023 +0000
@@ -1,4 +1,5 @@
local jid = require"util.jid";
+local st = require "util.stanza";
module:depends("audit");
-- luacheck: read globals module.audit
@@ -21,3 +22,21 @@
session = session,
});
end)
+
+module:hook("client_management/new-client", function (event)
+ local session, client = event.session, event.client;
+
+ local client_info = st.stanza("client", { id = client.id });
+ if client.user_agent then
+ client_info:text_tag("agent", client.user_agent);
+ end
+ if client.legacy then
+ client_info:text_tag("legacy");
+ end
+
+ module:audit(jid.join(session.username, module.host), "new-client", {
+ session = session;
+ custom = {
+ };
+ });
+end);