From 41297ded22efbe10aa0d012bea1a812656508ea2 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 27 Jun 2021 21:56:45 +0200 Subject: mod_admin_adhoc: Log who performs administrative actions Goal is to have some accountability for these privileged actions. --- plugins/mod_admin_adhoc.lua | 38 +++++++++++++++++++++++++------------- 1 file changed, 25 insertions(+), 13 deletions(-) diff --git a/plugins/mod_admin_adhoc.lua b/plugins/mod_admin_adhoc.lua index 49f51a28..0bc27e09 100644 --- a/plugins/mod_admin_adhoc.lua +++ b/plugins/mod_admin_adhoc.lua @@ -54,7 +54,7 @@ local add_user_layout = dataforms_new{ { name = "password-verify", type = "text-private", label = "Retype password" }; }; -local add_user_command_handler = adhoc_simple(add_user_layout, function(fields, err) +local add_user_command_handler = adhoc_simple(add_user_layout, function(fields, err, data) if err then return generate_error_message(err); end @@ -67,7 +67,7 @@ local add_user_command_handler = adhoc_simple(add_user_layout, function(fields, return { status = "completed", error = { message = "Account already exists" } }; else if usermanager_create_user(username, fields.password, host) then - module:log("info", "Created new account %s@%s", username, host); + module:log("info", "Created new account %s@%s by %s", username, host, jid.bare(data.from)); return { status = "completed", info = "Account successfully created" }; else return { status = "completed", error = { message = "Failed to write data to disk" } }; @@ -89,7 +89,7 @@ local change_user_password_layout = dataforms_new{ { name = "password", type = "text-private", required = true, label = "The password for this account" }; }; -local change_user_password_command_handler = adhoc_simple(change_user_password_layout, function(fields, err) +local change_user_password_command_handler = adhoc_simple(change_user_password_layout, function(fields, err, data) if err then return generate_error_message(err); end @@ -103,6 +103,7 @@ local change_user_password_command_handler = adhoc_simple(change_user_password_l }; end if usermanager_user_exists(username, host) and usermanager_set_password(username, fields.password, host, nil) then + module:log("info", "Password of account %s@%s changed by %s", username, host, jid.bare(data.from)); return { status = "completed", info = "Password successfully changed" }; else return { status = "completed", error = { message = "User does not exist" } }; @@ -111,6 +112,7 @@ end); -- Reloading the config local function config_reload_handler(self, data, state) + module:log("info", "%s reloads the config", jid.bare(data.from)); local ok, err = prosody.reload_config(); if ok then return { status = "completed", info = "Configuration reloaded (modules may need to be reloaded for this to have an effect)" }; @@ -128,7 +130,7 @@ local delete_user_layout = dataforms_new{ { name = "accountjids", type = "jid-multi", required = true, label = "The Jabber ID(s) to delete" }; }; -local delete_user_command_handler = adhoc_simple(delete_user_layout, function(fields, err) +local delete_user_command_handler = adhoc_simple(delete_user_layout, function(fields, err, data) if err then return generate_error_message(err); end @@ -137,7 +139,7 @@ local delete_user_command_handler = adhoc_simple(delete_user_layout, function(fi for _, aJID in ipairs(fields.accountjids) do local username, host = jid.split(aJID); if (host == module_host) and usermanager_user_exists(username, host) and usermanager_delete_user(username, host) then - module:log("debug", "User %s has been deleted", aJID); + module:log("info", "User %s has been deleted by %s", aJID, jid.bare(data.from)); succeeded[#succeeded+1] = aJID; else module:log("debug", "Tried to delete non-existant user %s", aJID); @@ -473,7 +475,7 @@ local globally_load_module_layout = dataforms_new { { name = "module", type = "text-single", required = true, label = "Module to globally load:"}; }; -local globally_load_module_handler = adhoc_simple(globally_load_module_layout, function(fields, err) +local globally_load_module_handler = adhoc_simple(globally_load_module_layout, function(fields, err, data) local ok_list, err_list = {}, {}; if err then @@ -489,6 +491,7 @@ local globally_load_module_handler = adhoc_simple(globally_load_module_layout, f -- Is this a global module? if modulemanager.is_loaded("*", fields.module) and not modulemanager.is_loaded(module_host, fields.module) then + module:log("info", "mod_%s loaded by %s", fields.module, jid.bare(data.from)); return { status = "completed", info = 'Global module '..fields.module..' loaded.' }; end @@ -504,6 +507,7 @@ local globally_load_module_handler = adhoc_simple(globally_load_module_layout, f end end + module:log("info", "mod_%s loaded by %s", fields.module, jid.bare(data.from)); local info = (#ok_list > 0 and ("The module "..fields.module.." was successfully loaded onto the hosts:\n"..t_concat(ok_list, "\n")) or "") .. ((#ok_list > 0 and #err_list > 0) and "\n" or "") .. (#err_list > 0 and ("Failed to load the module "..fields.module.." onto the hosts:\n"..t_concat(err_list, "\n")) or ""); @@ -521,7 +525,7 @@ local reload_modules_layout = dataforms_new { local reload_modules_handler = adhoc_initial(reload_modules_layout, function() return { modules = array.collect(keys(hosts[module_host].modules)):sort() }; -end, function(fields, err) +end, function(fields, err, data) if err then return generate_error_message(err); end @@ -534,6 +538,7 @@ end, function(fields, err) err_list[#err_list + 1] = module .. "(Error: " .. tostring(err) .. ")"; end end + module:log("info", "mod_%s reloaded by %s", fields.module, jid.bare(data.from)); local info = (#ok_list > 0 and ("The following modules were successfully reloaded on host "..module_host..":\n"..t_concat(ok_list, "\n")) or "") .. ((#ok_list > 0 and #err_list > 0) and "\n" or "") .. (#err_list > 0 and ("Failed to reload the following modules on host "..module_host..":\n"..t_concat(err_list, "\n")) or ""); @@ -556,7 +561,7 @@ local globally_reload_module_handler = adhoc_initial(globally_reload_module_layo end loaded_modules = array(set.new(loaded_modules):items()):sort(); return { module = loaded_modules }; -end, function(fields, err) +end, function(fields, err, data) local is_global = false; if err then @@ -591,6 +596,7 @@ end, function(fields, err) end end + module:log("info", "mod_%s reloaded by %s", fields.module, jid.bare(data.from)); local info = (#ok_list > 0 and ("The module "..fields.module.." was successfully reloaded on the hosts:\n"..t_concat(ok_list, "\n")) or "") .. ((#ok_list > 0 and #err_list > 0) and "\n" or "") .. (#err_list > 0 and ("Failed to reload the module "..fields.module.." on the hosts:\n"..t_concat(err_list, "\n")) or ""); @@ -640,11 +646,13 @@ local shut_down_service_layout = dataforms_new{ { name = "announcement", type = "text-multi", label = "Announcement" }; }; -local shut_down_service_handler = adhoc_simple(shut_down_service_layout, function(fields, err) +local shut_down_service_handler = adhoc_simple(shut_down_service_layout, function(fields, err, data) if err then return generate_error_message(err); end + module:log("info", "Server being shut down by %s", jid.bare(data.from)); + if fields.announcement and #fields.announcement > 0 then local message = st.message({type = "headline"}, fields.announcement):up() :tag("subject"):text("Server is shutting down"); @@ -667,7 +675,7 @@ local unload_modules_layout = dataforms_new { local unload_modules_handler = adhoc_initial(unload_modules_layout, function() return { modules = array.collect(keys(hosts[module_host].modules)):sort() }; -end, function(fields, err) +end, function(fields, err, data) if err then return generate_error_message(err); end @@ -680,6 +688,7 @@ end, function(fields, err) err_list[#err_list + 1] = module .. "(Error: " .. tostring(err) .. ")"; end end + module:log("info", "mod_%s unloaded by %s", fields.module, jid.bare(data.from)); local info = (#ok_list > 0 and ("The following modules were successfully unloaded on host "..module_host..":\n"..t_concat(ok_list, "\n")) or "") .. ((#ok_list > 0 and #err_list > 0) and "\n" or "") .. (#err_list > 0 and ("Failed to unload the following modules on host "..module_host..":\n"..t_concat(err_list, "\n")) or ""); @@ -702,7 +711,7 @@ local globally_unload_module_handler = adhoc_initial(globally_unload_module_layo end loaded_modules = array(set.new(loaded_modules):items()):sort(); return { module = loaded_modules }; -end, function(fields, err) +end, function(fields, err, data) local is_global = false; if err then return generate_error_message(err); @@ -736,6 +745,7 @@ end, function(fields, err) end end + module:log("info", "mod_%s globally unloaded by %s", fields.module, jid.bare(data.from)); local info = (#ok_list > 0 and ("The module "..fields.module.." was successfully unloaded on the hosts:\n"..t_concat(ok_list, "\n")) or "") .. ((#ok_list > 0 and #err_list > 0) and "\n" or "") .. (#err_list > 0 and ("Failed to unload the module "..fields.module.." on the hosts:\n"..t_concat(err_list, "\n")) or ""); @@ -751,13 +761,14 @@ local activate_host_layout = dataforms_new { { name = "host", type = "text-single", required = true, label = "Host:"}; }; -local activate_host_handler = adhoc_simple(activate_host_layout, function(fields, err) +local activate_host_handler = adhoc_simple(activate_host_layout, function(fields, err, data) if err then return generate_error_message(err); end local ok, err = hostmanager_activate(fields.host); if ok then + module:log("info", "Host '%s' activated by %s", fields.host, jid.bare(data.from)); return { status = "completed", info = fields.host .. " activated" }; else return { status = "canceled", error = err } @@ -773,13 +784,14 @@ local deactivate_host_layout = dataforms_new { { name = "host", type = "text-single", required = true, label = "Host:"}; }; -local deactivate_host_handler = adhoc_simple(deactivate_host_layout, function(fields, err) +local deactivate_host_handler = adhoc_simple(deactivate_host_layout, function(fields, err, data) if err then return generate_error_message(err); end local ok, err = hostmanager_deactivate(fields.host); if ok then + module:log("info", "Host '%s' deactivated by %s", fields.host, jid.bare(data.from)); return { status = "completed", info = fields.host .. " deactivated" }; else return { status = "canceled", error = err } -- cgit v1.2.3