diff options
author | Jim Popovitch <jimpop@domainmail.org> | 2018-06-10 23:01:35 +0000 |
---|---|---|
committer | Jim Popovitch <jimpop@domainmail.org> | 2018-06-10 23:01:35 +0000 |
commit | 540452e22108455e4efebc8fa7340760a68607f7 (patch) | |
tree | 9871e34ce20a7628ba546df6cd919f2b3699e1c0 /Mailman/Cgi | |
parent | cd47d41512f99aff9eaaaaf6e796a34aa00fa8bf (diff) | |
download | mailman2-540452e22108455e4efebc8fa7340760a68607f7.tar.gz mailman2-540452e22108455e4efebc8fa7340760a68607f7.tar.xz mailman2-540452e22108455e4efebc8fa7340760a68607f7.zip |
Changes based on feedback from Mark.
Diffstat (limited to '')
-rw-r--r-- | Mailman/Cgi/options.py | 10 | ||||
-rwxr-xr-x | Mailman/Cgi/private.py | 3 |
2 files changed, 8 insertions, 5 deletions
diff --git a/Mailman/Cgi/options.py b/Mailman/Cgi/options.py index 6608df4f..e947ff60 100644 --- a/Mailman/Cgi/options.py +++ b/Mailman/Cgi/options.py @@ -288,13 +288,15 @@ def main(): # message. if cgidata.has_key('password'): doc.addError(_('Authentication failed.')) + remote = os.environ.get('HTTP_FORWARDED_FOR', + os.environ.get('HTTP_X_FORWARDED_FOR', + os.environ.get('REMOTE_ADDR', + 'unidentified origin'))) + syslog('security', 'Authorization failed (private): user=%s + list=%s remote=%s', user, listname, remote) # So as not to allow membership leakage, prompt for the email # address and the password here. if mlist.private_roster <> 0: - remote = os.environ.get('HTTP_FORWARDED_FOR', - os.environ.get('HTTP_X_FORWARDED_FOR', - os.environ.get('REMOTE_ADDR', - 'unidentified origin'))) syslog('mischief', 'Login failure with private rosters: %s from %s', user, remote) diff --git a/Mailman/Cgi/private.py b/Mailman/Cgi/private.py index f5c73821..cb954d3c 100755 --- a/Mailman/Cgi/private.py +++ b/Mailman/Cgi/private.py @@ -146,7 +146,8 @@ def main(): os.environ.get('HTTP_X_FORWARDED_FOR', os.environ.get('REMOTE_ADDR', 'unidentified origin'))) - syslog('security', 'Authorization failed (private): list=%s: remote=%s', listname, remote) + syslog('security', 'Authorization failed (private): user=%s list=%s + remote=%s', username, listname, remote) # give an HTTP 401 for authentication failure print 'Status: 401 Unauthorized' # Are we processing a password reminder from the login screen? |