Hi -
This patch should be closer in line w/ the below suggestions. Let me know if
this looks good/additional suggestions.
I'm only addressing the command loop in this one; will hit the other
applicable modules down the road.
- Stu
> Sat Sep 18 2010 02:48:05 PM EDT from scianos @ Uncensored Subject: Re:
>Patch to begin ip address/session ID logging
>
>
>
>Most definitely! I'll make the modifications and resubmit for feedback.
>
>- Stu
>> Sat Sep 18 2010 07:08:16 AM EDT from dothebart @ Uncensored Subject:
>>Re: Patch to begin ip address/session ID logging
>>
>>
>>
>>Stu,
>>
>>I basically like the idea of your patch. Could you please modify it a
>>little bit?
>>
>>in modules/smtp/srv_smtp.c:smtp_data(void) we have a detection of the
>>userid sending the mail; we should have this in the local case of your macro
>>too.
>>
>>and for your macro 'CTDLUSERIP', please try to use the IsEmptyStr() macro
>>here...
>>
>>for the userID thing, probably the printf with the %ld could be done
>>somewhere near the place the IP is fetched from the socket properties to a
>>static string on CC, so %s in the printf string works out; smtp_data should
>>use that string too.
>>
>>TIA,
>>
>>dothebart
>>
>>
>>> Sa Sep 18 2010 04:11:40 EDT von scianos @ Uncensored Betreff: Patch
>>>to begin ip address/session ID logging
>>>
>>>
>>>
>>>Hi -
>>>
>>>I've been looking at enabling the ability for Citadel to log the session
>>>ID, hostname, and user for commands being executed, et al. This will help
>>>sysadmins integrate IP blocking for dictionary attacks against the database
>>>as well as being able to associate commands being logged (for those of us
>>>that do so) with a particular session and IP. This may be particularly
>>>helpful for those of us that publish the Citadel server port onto the
>>>internet.
>>>
>>>A diff against trunk is attached. Looking for feedback - does this look
>>>like a good path or is there a better way to go about it (better to get
>>>feedback before going all out!). Hopefully this could be considered for
>>>inclusion down the road if it's deemed helpful.
>>>
>>>- Stu
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>>
>>
>
>
>
>
>
>
>
diff --git a/citadel/citserver.c b/citadel/citserver.c
index 859c25f..1df9585 100644
--- a/citadel/citserver.c
+++ b/citadel/citserver.c
@@ -1032,10 +1032,10 @@ void do_command_loop(void) {
/* Log the server command, but don't show passwords... */
if ( (strncasecmp(cmdbuf, "PASS", 4)) && (strncasecmp(cmdbuf, "SETP", 4)) ) {
- CtdlLogPrintf(CTDL_INFO, "%s\n", cmdbuf);
+ CtdlLogPrintf(CTDL_INFO, "CtdlCommand [%s] [%s] %s\n", CTDLUSERIP, CC->curr_user, cmdbuf);
}
else {
- CtdlLogPrintf(CTDL_INFO, "<password command hidden from log>\n");
+ CtdlLogPrintf(CTDL_INFO, "CtdlCommand [%s] [%s] <password command hidden from log>\n", CTDLUSERIP, CC->curr_user);
}
buffer_output();
diff --git a/citadel/citserver.h b/citadel/citserver.h
index 02815f5..437f4b2 100644
--- a/citadel/citserver.h
+++ b/citadel/citserver.h
@@ -29,6 +29,8 @@ struct UserProcList {
char user[64];
};
+#define CTDLUSERIP (IsEmptyStr(CC->cs_addr) ? "localsocket" : CC->cs_addr)
+
void cit_backtrace(void);
void cit_panic_backtrace(int SigNum);
void master_startup (void);
