aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi
diff options
context:
space:
mode:
authorJim Popovitch <jimpop@domainmail.org>2018-06-10 23:01:35 +0000
committerJim Popovitch <jimpop@domainmail.org>2018-06-10 23:01:35 +0000
commit540452e22108455e4efebc8fa7340760a68607f7 (patch)
tree9871e34ce20a7628ba546df6cd919f2b3699e1c0 /Mailman/Cgi
parentcd47d41512f99aff9eaaaaf6e796a34aa00fa8bf (diff)
downloadmailman2-540452e22108455e4efebc8fa7340760a68607f7.tar.gz
mailman2-540452e22108455e4efebc8fa7340760a68607f7.tar.xz
mailman2-540452e22108455e4efebc8fa7340760a68607f7.zip
Changes based on feedback from Mark.
Diffstat (limited to '')
-rw-r--r--Mailman/Cgi/options.py10
-rwxr-xr-xMailman/Cgi/private.py3
2 files changed, 8 insertions, 5 deletions
diff --git a/Mailman/Cgi/options.py b/Mailman/Cgi/options.py
index 6608df4f..e947ff60 100644
--- a/Mailman/Cgi/options.py
+++ b/Mailman/Cgi/options.py
@@ -288,13 +288,15 @@ def main():
# message.
if cgidata.has_key('password'):
doc.addError(_('Authentication failed.'))
+ remote = os.environ.get('HTTP_FORWARDED_FOR',
+ os.environ.get('HTTP_X_FORWARDED_FOR',
+ os.environ.get('REMOTE_ADDR',
+ 'unidentified origin')))
+ syslog('security', 'Authorization failed (private): user=%s
+ list=%s remote=%s', user, listname, remote)
# So as not to allow membership leakage, prompt for the email
# address and the password here.
if mlist.private_roster <> 0:
- remote = os.environ.get('HTTP_FORWARDED_FOR',
- os.environ.get('HTTP_X_FORWARDED_FOR',
- os.environ.get('REMOTE_ADDR',
- 'unidentified origin')))
syslog('mischief',
'Login failure with private rosters: %s from %s',
user, remote)
diff --git a/Mailman/Cgi/private.py b/Mailman/Cgi/private.py
index f5c73821..cb954d3c 100755
--- a/Mailman/Cgi/private.py
+++ b/Mailman/Cgi/private.py
@@ -146,7 +146,8 @@ def main():
os.environ.get('HTTP_X_FORWARDED_FOR',
os.environ.get('REMOTE_ADDR',
'unidentified origin')))
- syslog('security', 'Authorization failed (private): list=%s: remote=%s', listname, remote)
+ syslog('security', 'Authorization failed (private): user=%s list=%s
+ remote=%s', username, listname, remote)
# give an HTTP 401 for authentication failure
print 'Status: 401 Unauthorized'
# Are we processing a password reminder from the login screen?