aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi
diff options
context:
space:
mode:
authorMark Sapiro <mark@msapiro.net>2018-06-11 09:59:26 -0700
committerMark Sapiro <mark@msapiro.net>2018-06-11 09:59:26 -0700
commitd363c183a208a1ef34847656533cb818d7a7cf50 (patch)
tree1481f31598316e141fba03af3e549b28fbef349b /Mailman/Cgi
parent0c2912a8d2a295a00260262cf6b7c01559d368b0 (diff)
parent540452e22108455e4efebc8fa7340760a68607f7 (diff)
downloadmailman2-d363c183a208a1ef34847656533cb818d7a7cf50.tar.gz
mailman2-d363c183a208a1ef34847656533cb818d7a7cf50.tar.xz
mailman2-d363c183a208a1ef34847656533cb818d7a7cf50.zip
Implement security log.
Diffstat (limited to 'Mailman/Cgi')
-rw-r--r--Mailman/Cgi/admin.py7
-rw-r--r--Mailman/Cgi/admindb.py7
-rw-r--r--Mailman/Cgi/edithtml.py7
-rw-r--r--Mailman/Cgi/options.py11
-rwxr-xr-xMailman/Cgi/private.py7
-rw-r--r--Mailman/Cgi/roster.py7
6 files changed, 42 insertions, 4 deletions
diff --git a/Mailman/Cgi/admin.py b/Mailman/Cgi/admin.py
index eeefc056..174cf34f 100644
--- a/Mailman/Cgi/admin.py
+++ b/Mailman/Cgi/admin.py
@@ -119,6 +119,13 @@ def main():
if cgidata.has_key('adminpw'):
# This is a re-authorization attempt
msg = Bold(FontSize('+1', _('Authorization failed.'))).Format()
+ remote = os.environ.get('HTTP_FORWARDED_FOR',
+ os.environ.get('HTTP_X_FORWARDED_FOR',
+ os.environ.get('REMOTE_ADDR',
+ 'unidentified origin')))
+ syslog('security',
+ 'Authorization failed (admin): list=%s: remote=%s',
+ listname, remote)
else:
msg = ''
Auth.loginpage(mlist, 'admin', msg=msg)
diff --git a/Mailman/Cgi/admindb.py b/Mailman/Cgi/admindb.py
index cc863306..010d8aae 100644
--- a/Mailman/Cgi/admindb.py
+++ b/Mailman/Cgi/admindb.py
@@ -159,6 +159,13 @@ def main():
if cgidata.has_key('adminpw'):
# This is a re-authorization attempt
msg = Bold(FontSize('+1', _('Authorization failed.'))).Format()
+ remote = os.environ.get('HTTP_FORWARDED_FOR',
+ os.environ.get('HTTP_X_FORWARDED_FOR',
+ os.environ.get('REMOTE_ADDR',
+ 'unidentified origin')))
+ syslog('security',
+ 'Authorization failed (admindb): list=%s: remote=%s',
+ listname, remote)
else:
msg = ''
Auth.loginpage(mlist, 'admindb', msg=msg)
diff --git a/Mailman/Cgi/edithtml.py b/Mailman/Cgi/edithtml.py
index d3d04a31..8bf1652a 100644
--- a/Mailman/Cgi/edithtml.py
+++ b/Mailman/Cgi/edithtml.py
@@ -126,6 +126,13 @@ def main():
if cgidata.has_key('admlogin'):
# This is a re-authorization attempt
msg = Bold(FontSize('+1', _('Authorization failed.'))).Format()
+ remote = os.environ.get('HTTP_FORWARDED_FOR',
+ os.environ.get('HTTP_X_FORWARDED_FOR',
+ os.environ.get('REMOTE_ADDR',
+ 'unidentified origin')))
+ syslog('security',
+ 'Authorization failed (edithtml): list=%s: remote=%s',
+ listname, remote)
else:
msg = ''
Auth.loginpage(mlist, 'admin', msg=msg)
diff --git a/Mailman/Cgi/options.py b/Mailman/Cgi/options.py
index 6608df4f..4f128baf 100644
--- a/Mailman/Cgi/options.py
+++ b/Mailman/Cgi/options.py
@@ -288,13 +288,16 @@ def main():
# message.
if cgidata.has_key('password'):
doc.addError(_('Authentication failed.'))
+ remote = os.environ.get('HTTP_FORWARDED_FOR',
+ os.environ.get('HTTP_X_FORWARDED_FOR',
+ os.environ.get('REMOTE_ADDR',
+ 'unidentified origin')))
+ syslog('security',
+ 'Authorization failed (private): user=%s: list=%s: remote=%s',
+ user, listname, remote)
# So as not to allow membership leakage, prompt for the email
# address and the password here.
if mlist.private_roster <> 0:
- remote = os.environ.get('HTTP_FORWARDED_FOR',
- os.environ.get('HTTP_X_FORWARDED_FOR',
- os.environ.get('REMOTE_ADDR',
- 'unidentified origin')))
syslog('mischief',
'Login failure with private rosters: %s from %s',
user, remote)
diff --git a/Mailman/Cgi/private.py b/Mailman/Cgi/private.py
index 80369e84..131c5de8 100755
--- a/Mailman/Cgi/private.py
+++ b/Mailman/Cgi/private.py
@@ -142,6 +142,13 @@ def main():
if cgidata.has_key('submit'):
# This is a re-authorization attempt
message = Bold(FontSize('+1', _('Authorization failed.'))).Format()
+ remote = os.environ.get('HTTP_FORWARDED_FOR',
+ os.environ.get('HTTP_X_FORWARDED_FOR',
+ os.environ.get('REMOTE_ADDR',
+ 'unidentified origin')))
+ syslog('security',
+ 'Authorization failed (private): user=%s: list=%s: remote=%s',
+ username, listname, remote)
# give an HTTP 401 for authentication failure
print 'Status: 401 Unauthorized'
# Are we processing a password reminder from the login screen?
diff --git a/Mailman/Cgi/roster.py b/Mailman/Cgi/roster.py
index 739d4fff..02286c09 100644
--- a/Mailman/Cgi/roster.py
+++ b/Mailman/Cgi/roster.py
@@ -118,6 +118,13 @@ def main():
error_page_doc(doc, _('%(realname)s roster authentication failed.'))
doc.AddItem(mlist.GetMailmanFooter())
print doc.Format()
+ remote = os.environ.get('HTTP_FORWARDED_FOR',
+ os.environ.get('HTTP_X_FORWARDED_FOR',
+ os.environ.get('REMOTE_ADDR',
+ 'unidentified origin')))
+ syslog('security',
+ 'Authorization failed (roster): list=%s: remote=%s',
+ listname, remote)
return
# The document and its language