aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi
diff options
context:
space:
mode:
Diffstat (limited to 'Mailman/Cgi')
-rw-r--r--Mailman/Cgi/options.py10
-rwxr-xr-xMailman/Cgi/private.py3
2 files changed, 8 insertions, 5 deletions
diff --git a/Mailman/Cgi/options.py b/Mailman/Cgi/options.py
index 6608df4f..e947ff60 100644
--- a/Mailman/Cgi/options.py
+++ b/Mailman/Cgi/options.py
@@ -288,13 +288,15 @@ def main():
# message.
if cgidata.has_key('password'):
doc.addError(_('Authentication failed.'))
+ remote = os.environ.get('HTTP_FORWARDED_FOR',
+ os.environ.get('HTTP_X_FORWARDED_FOR',
+ os.environ.get('REMOTE_ADDR',
+ 'unidentified origin')))
+ syslog('security', 'Authorization failed (private): user=%s
+ list=%s remote=%s', user, listname, remote)
# So as not to allow membership leakage, prompt for the email
# address and the password here.
if mlist.private_roster <> 0:
- remote = os.environ.get('HTTP_FORWARDED_FOR',
- os.environ.get('HTTP_X_FORWARDED_FOR',
- os.environ.get('REMOTE_ADDR',
- 'unidentified origin')))
syslog('mischief',
'Login failure with private rosters: %s from %s',
user, remote)
diff --git a/Mailman/Cgi/private.py b/Mailman/Cgi/private.py
index f5c73821..cb954d3c 100755
--- a/Mailman/Cgi/private.py
+++ b/Mailman/Cgi/private.py
@@ -146,7 +146,8 @@ def main():
os.environ.get('HTTP_X_FORWARDED_FOR',
os.environ.get('REMOTE_ADDR',
'unidentified origin')))
- syslog('security', 'Authorization failed (private): list=%s: remote=%s', listname, remote)
+ syslog('security', 'Authorization failed (private): user=%s list=%s
+ remote=%s', username, listname, remote)
# give an HTTP 401 for authentication failure
print 'Status: 401 Unauthorized'
# Are we processing a password reminder from the login screen?