aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJim Popovitch <jimpop@domainmail.org>2018-06-06 10:06:19 +0000
committerJim Popovitch <jimpop@domainmail.org>2018-06-06 10:06:19 +0000
commitcd47d41512f99aff9eaaaaf6e796a34aa00fa8bf (patch)
tree11a9319cdd23a725293e77d7f7bbfe1712fe53e5
parent8291c814c54d87c7958304e471a5c5c013417e45 (diff)
downloadmailman2-cd47d41512f99aff9eaaaaf6e796a34aa00fa8bf.tar.gz
mailman2-cd47d41512f99aff9eaaaaf6e796a34aa00fa8bf.tar.xz
mailman2-cd47d41512f99aff9eaaaaf6e796a34aa00fa8bf.zip
Improved logging of security related events
Diffstat (limited to '')
-rw-r--r--Mailman/Cgi/admin.py5
-rw-r--r--Mailman/Cgi/admindb.py5
-rw-r--r--Mailman/Cgi/edithtml.py5
-rwxr-xr-xMailman/Cgi/private.py5
-rw-r--r--Mailman/Cgi/roster.py5
-rwxr-xr-xMailman/MailList.py4
-rw-r--r--Mailman/Utils.py6
7 files changed, 34 insertions, 1 deletions
diff --git a/Mailman/Cgi/admin.py b/Mailman/Cgi/admin.py
index eeefc056..2a86298a 100644
--- a/Mailman/Cgi/admin.py
+++ b/Mailman/Cgi/admin.py
@@ -119,6 +119,11 @@ def main():
if cgidata.has_key('adminpw'):
# This is a re-authorization attempt
msg = Bold(FontSize('+1', _('Authorization failed.'))).Format()
+ remote = os.environ.get('HTTP_FORWARDED_FOR',
+ os.environ.get('HTTP_X_FORWARDED_FOR',
+ os.environ.get('REMOTE_ADDR',
+ 'unidentified origin')))
+ syslog('security', 'Authorization failed (admin): list=%s: remote=%s', listname, remote)
else:
msg = ''
Auth.loginpage(mlist, 'admin', msg=msg)
diff --git a/Mailman/Cgi/admindb.py b/Mailman/Cgi/admindb.py
index cc863306..58afb46a 100644
--- a/Mailman/Cgi/admindb.py
+++ b/Mailman/Cgi/admindb.py
@@ -159,6 +159,11 @@ def main():
if cgidata.has_key('adminpw'):
# This is a re-authorization attempt
msg = Bold(FontSize('+1', _('Authorization failed.'))).Format()
+ remote = os.environ.get('HTTP_FORWARDED_FOR',
+ os.environ.get('HTTP_X_FORWARDED_FOR',
+ os.environ.get('REMOTE_ADDR',
+ 'unidentified origin')))
+ syslog('security', 'Authorization failed (admindb): list=%s: domain=%s', listname, remote)
else:
msg = ''
Auth.loginpage(mlist, 'admindb', msg=msg)
diff --git a/Mailman/Cgi/edithtml.py b/Mailman/Cgi/edithtml.py
index d3d04a31..69421688 100644
--- a/Mailman/Cgi/edithtml.py
+++ b/Mailman/Cgi/edithtml.py
@@ -126,6 +126,11 @@ def main():
if cgidata.has_key('admlogin'):
# This is a re-authorization attempt
msg = Bold(FontSize('+1', _('Authorization failed.'))).Format()
+ remote = os.environ.get('HTTP_FORWARDED_FOR',
+ os.environ.get('HTTP_X_FORWARDED_FOR',
+ os.environ.get('REMOTE_ADDR',
+ 'unidentified origin')))
+ syslog('security', 'Authorization failed (edithtml): list=%s: remote=%s', listname, remote)
else:
msg = ''
Auth.loginpage(mlist, 'admin', msg=msg)
diff --git a/Mailman/Cgi/private.py b/Mailman/Cgi/private.py
index 80369e84..f5c73821 100755
--- a/Mailman/Cgi/private.py
+++ b/Mailman/Cgi/private.py
@@ -142,6 +142,11 @@ def main():
if cgidata.has_key('submit'):
# This is a re-authorization attempt
message = Bold(FontSize('+1', _('Authorization failed.'))).Format()
+ remote = os.environ.get('HTTP_FORWARDED_FOR',
+ os.environ.get('HTTP_X_FORWARDED_FOR',
+ os.environ.get('REMOTE_ADDR',
+ 'unidentified origin')))
+ syslog('security', 'Authorization failed (private): list=%s: remote=%s', listname, remote)
# give an HTTP 401 for authentication failure
print 'Status: 401 Unauthorized'
# Are we processing a password reminder from the login screen?
diff --git a/Mailman/Cgi/roster.py b/Mailman/Cgi/roster.py
index 739d4fff..88391997 100644
--- a/Mailman/Cgi/roster.py
+++ b/Mailman/Cgi/roster.py
@@ -118,6 +118,11 @@ def main():
error_page_doc(doc, _('%(realname)s roster authentication failed.'))
doc.AddItem(mlist.GetMailmanFooter())
print doc.Format()
+ remote = os.environ.get('HTTP_FORWARDED_FOR',
+ os.environ.get('HTTP_X_FORWARDED_FOR',
+ os.environ.get('REMOTE_ADDR',
+ 'unidentified origin')))
+ syslog('security', 'Authorization failed (roster): list=%s: remote=%s', listname, remote)
return
# The document and its language
diff --git a/Mailman/MailList.py b/Mailman/MailList.py
index fdc3802a..7b096bb1 100755
--- a/Mailman/MailList.py
+++ b/Mailman/MailList.py
@@ -1070,6 +1070,8 @@ class MailList(HTMLFormatter, Deliverer, ListAdmin,
{"listname" : realname,
"member" : formataddr((name, email)),
}, mlist=self)
+ if whence:
+ text = "%s\nReason: %s" % (text, whence)
msg = Message.OwnerNotification(self, subject, text)
msg.send(self)
@@ -1106,6 +1108,8 @@ class MailList(HTMLFormatter, Deliverer, ListAdmin,
{'member' : name,
'listname': self.real_name,
}, mlist=self)
+ if whence:
+ text = "%s\nReason: %s" % (text, whence)
msg = Message.OwnerNotification(self, subject, text)
msg.send(self)
if whence:
diff --git a/Mailman/Utils.py b/Mailman/Utils.py
index 6038667b..b38776f8 100644
--- a/Mailman/Utils.py
+++ b/Mailman/Utils.py
@@ -111,7 +111,11 @@ def list_exists(listname):
# But first ensure the list name doesn't contain a path traversal
# attack.
if len(re.sub(mm_cfg.ACCEPTABLE_LISTNAME_CHARACTERS, '', listname)) > 0:
- syslog('mischief', 'Hostile listname: %s', listname)
+ remote = os.environ.get('HTTP_FORWARDED_FOR',
+ os.environ.get('HTTP_X_FORWARDED_FOR',
+ os.environ.get('REMOTE_ADDR',
+ 'unidentified origin')))
+ syslog('mischief', 'Hostile listname: listname=%s remote=%s', listname, remote)
return False
basepath = Site.get_listpath(listname)
for ext in ('.pck', '.pck.last', '.db', '.db.last'):