aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMark Sapiro <mark@msapiro.net>2018-12-30 09:40:15 -0800
committerMark Sapiro <mark@msapiro.net>2018-12-30 09:40:15 -0800
commit189515c4d3f1ed52b83d63577ebefec5c991b281 (patch)
tree521707fb0634f57a6ec087b3476b25cee05d1693
parent3567095f4208f3aafce171fd5be2bfa8f5c37088 (diff)
downloadmailman2-189515c4d3f1ed52b83d63577ebefec5c991b281.tar.gz
mailman2-189515c4d3f1ed52b83d63577ebefec5c991b281.tar.xz
mailman2-189515c4d3f1ed52b83d63577ebefec5c991b281.zip
Corrected and augmented some security log messages.
-rw-r--r--Mailman/Cgi/create.py7
-rw-r--r--Mailman/Cgi/options.py2
-rw-r--r--Mailman/Cgi/rmlist.py7
-rw-r--r--Mailman/Cgi/roster.py4
-rw-r--r--NEWS2
5 files changed, 19 insertions, 3 deletions
diff --git a/Mailman/Cgi/create.py b/Mailman/Cgi/create.py
index ebb211ae..d72e6967 100644
--- a/Mailman/Cgi/create.py
+++ b/Mailman/Cgi/create.py
@@ -162,6 +162,13 @@ def process_request(doc, cgidata):
if not ok:
ok = Utils.check_global_password(auth)
if not ok:
+ remote = os.environ.get('HTTP_FORWARDED_FOR',
+ os.environ.get('HTTP_X_FORWARDED_FOR',
+ os.environ.get('REMOTE_ADDR',
+ 'unidentified origin')))
+ syslog('security',
+ 'Authorization failed (create): list=%s: remote=%s',
+ listname, remote)
request_creation(
doc, cgidata,
_('You are not authorized to create new mailing lists'))
diff --git a/Mailman/Cgi/options.py b/Mailman/Cgi/options.py
index 34a7718e..3a3b7841 100644
--- a/Mailman/Cgi/options.py
+++ b/Mailman/Cgi/options.py
@@ -296,7 +296,7 @@ def main():
os.environ.get('REMOTE_ADDR',
'unidentified origin')))
syslog('security',
- 'Authorization failed (private): user=%s: list=%s: remote=%s',
+ 'Authorization failed (options): user=%s: list=%s: remote=%s',
user, listname, remote)
# So as not to allow membership leakage, prompt for the email
# address and the password here.
diff --git a/Mailman/Cgi/rmlist.py b/Mailman/Cgi/rmlist.py
index 4472c1c5..4c37a15d 100644
--- a/Mailman/Cgi/rmlist.py
+++ b/Mailman/Cgi/rmlist.py
@@ -127,6 +127,13 @@ def process_request(doc, cgidata, mlist):
mm_cfg.AuthListAdmin,
mm_cfg.AuthSiteAdmin),
password) == mm_cfg.UnAuthorized:
+ remote = os.environ.get('HTTP_FORWARDED_FOR',
+ os.environ.get('HTTP_X_FORWARDED_FOR',
+ os.environ.get('REMOTE_ADDR',
+ 'unidentified origin')))
+ syslog('security',
+ 'Authorization failed (rmlist): list=%s: remote=%s',
+ mlist.internal_name(), remote)
request_deletion(
doc, mlist,
_('You are not authorized to delete this mailing list'))
diff --git a/Mailman/Cgi/roster.py b/Mailman/Cgi/roster.py
index abf87e08..eddd697b 100644
--- a/Mailman/Cgi/roster.py
+++ b/Mailman/Cgi/roster.py
@@ -123,8 +123,8 @@ def main():
os.environ.get('REMOTE_ADDR',
'unidentified origin')))
syslog('security',
- 'Authorization failed (roster): list=%s: remote=%s',
- listname, remote)
+ 'Authorization failed (roster): user=%s: list=%s: remote=%s',
+ addr, listname, remote)
return
# The document and its language
diff --git a/NEWS b/NEWS
index 2d9bfa68..cfca39a2 100644
--- a/NEWS
+++ b/NEWS
@@ -26,6 +26,8 @@ Here is a history of user visible changes to Mailman.
- Added bounce recognition for a non-compliant opensmtpd DSN with
Action: error. (LP: #1805137)
+ - Corrected and augmented some security log messages. (LP: #1810098)
+
2.1.29 (24-Jul-2018)
Bug Fixes