diff options
Diffstat (limited to 'Mailman/Cgi')
-rw-r--r-- | Mailman/Cgi/options.py | 10 | ||||
-rwxr-xr-x | Mailman/Cgi/private.py | 3 |
2 files changed, 8 insertions, 5 deletions
diff --git a/Mailman/Cgi/options.py b/Mailman/Cgi/options.py index 6608df4f..e947ff60 100644 --- a/Mailman/Cgi/options.py +++ b/Mailman/Cgi/options.py @@ -288,13 +288,15 @@ def main(): # message. if cgidata.has_key('password'): doc.addError(_('Authentication failed.')) + remote = os.environ.get('HTTP_FORWARDED_FOR', + os.environ.get('HTTP_X_FORWARDED_FOR', + os.environ.get('REMOTE_ADDR', + 'unidentified origin'))) + syslog('security', 'Authorization failed (private): user=%s + list=%s remote=%s', user, listname, remote) # So as not to allow membership leakage, prompt for the email # address and the password here. if mlist.private_roster <> 0: - remote = os.environ.get('HTTP_FORWARDED_FOR', - os.environ.get('HTTP_X_FORWARDED_FOR', - os.environ.get('REMOTE_ADDR', - 'unidentified origin'))) syslog('mischief', 'Login failure with private rosters: %s from %s', user, remote) diff --git a/Mailman/Cgi/private.py b/Mailman/Cgi/private.py index f5c73821..cb954d3c 100755 --- a/Mailman/Cgi/private.py +++ b/Mailman/Cgi/private.py @@ -146,7 +146,8 @@ def main(): os.environ.get('HTTP_X_FORWARDED_FOR', os.environ.get('REMOTE_ADDR', 'unidentified origin'))) - syslog('security', 'Authorization failed (private): list=%s: remote=%s', listname, remote) + syslog('security', 'Authorization failed (private): user=%s list=%s + remote=%s', username, listname, remote) # give an HTTP 401 for authentication failure print 'Status: 401 Unauthorized' # Are we processing a password reminder from the login screen? |