Hi - This patch should be closer in line w/ the below suggestions. Let me know if this looks good/additional suggestions.
I'm only addressing the command loop in this one; will hit the other applicable modules down the road. - Stu > Sat Sep 18 2010 02:48:05 PM EDT from scianos @ Uncensored Subject: Re: >Patch to begin ip address/session ID logging > > > >Most definitely! I'll make the modifications and resubmit for feedback. > >- Stu >> Sat Sep 18 2010 07:08:16 AM EDT from dothebart @ Uncensored Subject: >>Re: Patch to begin ip address/session ID logging >> >> >> >>Stu, >> >>I basically like the idea of your patch. Could you please modify it a >>little bit? >> >>in modules/smtp/srv_smtp.c:smtp_data(void) we have a detection of the >>userid sending the mail; we should have this in the local case of your macro >>too. >> >>and for your macro 'CTDLUSERIP', please try to use the IsEmptyStr() macro >>here... >> >>for the userID thing, probably the printf with the %ld could be done >>somewhere near the place the IP is fetched from the socket properties to a >>static string on CC, so %s in the printf string works out; smtp_data should >>use that string too. >> >>TIA, >> >>dothebart >> >> >>> Sa Sep 18 2010 04:11:40 EDT von scianos @ Uncensored Betreff: Patch >>>to begin ip address/session ID logging >>> >>> >>> >>>Hi - >>> >>>I've been looking at enabling the ability for Citadel to log the session >>>ID, hostname, and user for commands being executed, et al. This will help >>>sysadmins integrate IP blocking for dictionary attacks against the database >>>as well as being able to associate commands being logged (for those of us >>>that do so) with a particular session and IP. This may be particularly >>>helpful for those of us that publish the Citadel server port onto the >>>internet. >>> >>>A diff against trunk is attached. Looking for feedback - does this look >>>like a good path or is there a better way to go about it (better to get >>>feedback before going all out!). Hopefully this could be considered for >>>inclusion down the road if it's deemed helpful. >>> >>>- Stu >>> >>> >>> >>> >> >> >> >> >> >> >> > > > > > > >
diff --git a/citadel/citserver.c b/citadel/citserver.c index 859c25f..1df9585 100644 --- a/citadel/citserver.c +++ b/citadel/citserver.c @@ -1032,10 +1032,10 @@ void do_command_loop(void) { /* Log the server command, but don't show passwords... */ if ( (strncasecmp(cmdbuf, "PASS", 4)) && (strncasecmp(cmdbuf, "SETP", 4)) ) { - CtdlLogPrintf(CTDL_INFO, "%s\n", cmdbuf); + CtdlLogPrintf(CTDL_INFO, "CtdlCommand [%s] [%s] %s\n", CTDLUSERIP, CC->curr_user, cmdbuf); } else { - CtdlLogPrintf(CTDL_INFO, "<password command hidden from log>\n"); + CtdlLogPrintf(CTDL_INFO, "CtdlCommand [%s] [%s] <password command hidden from log>\n", CTDLUSERIP, CC->curr_user); } buffer_output(); diff --git a/citadel/citserver.h b/citadel/citserver.h index 02815f5..437f4b2 100644 --- a/citadel/citserver.h +++ b/citadel/citserver.h @@ -29,6 +29,8 @@ struct UserProcList { char user[64]; }; +#define CTDLUSERIP (IsEmptyStr(CC->cs_addr) ? "localsocket" : CC->cs_addr) + void cit_backtrace(void); void cit_panic_backtrace(int SigNum); void master_startup (void);