--- Mailman/Cgi/admin.py.orig Sun Nov 13 14:54:56 2005 +++ Mailman/Cgi/admin.py Sun Nov 13 18:12:05 2005 @@ -86,6 +86,9 @@ cgidata.getvalue('adminpw', '')): if cgidata.has_key('adminpw'): # This is a re-authorization attempt + syslog('auth', + 'failed auth from %s for admin/%s interface', + os.environ.get('REMOTE_ADDR'), listname) msg = Bold(FontSize('+1', _('Authorization failed.'))).Format() else: msg = '' @@ -112,6 +115,13 @@ # Sanity check if category not in mlist.GetConfigCategories().keys(): category = 'general' + + if subcat == None: + syslog('auth', 'succeeded auth from %s for admin/%s/%s', + os.environ.get('REMOTE_ADDR'), listname, category) + else: + syslog('auth', 'succeeded auth from %s for admin/%s/%s/%s', + os.environ.get('REMOTE_ADDR'), listname, category, subcat) # Is the request for variable details? varhelp = None --- Mailman/Cgi/admindb.py.orig Sun Nov 13 14:55:02 2005 +++ Mailman/Cgi/admindb.py Sun Nov 13 18:17:18 2005 @@ -102,11 +102,17 @@ cgidata.getvalue('adminpw', '')): if cgidata.has_key('adminpw'): # This is a re-authorization attempt + syslog('auth', + 'failed auth from %s for admindb/%s interface', + os.environ.get('REMOTE_ADDR'), listname) msg = Bold(FontSize('+1', _('Authorization failed.'))).Format() else: msg = '' Auth.loginpage(mlist, 'admindb', msg=msg) return + + syslog('auth', 'succeeded auth from %s for admindb/%s', + os.environ.get('REMOTE_ADDR'), listname) # Set up the results document doc = Document() --- Mailman/Cgi/options.py.orig Sun Nov 13 17:00:15 2005 +++ Mailman/Cgi/options.py Sun Nov 13 18:01:47 2005 @@ -228,6 +228,9 @@ # to authenticate via cgi (instead of cookie), then print an error # message. if cgidata.has_key('password'): + syslog('auth', + 'failed auth from %s for options/%s/%s', + os.environ.get('REMOTE_ADDR'), listname, user) doc.addError(_('Authentication failed.')) # So as not to allow membership leakage, prompt for the email # address and the password here. @@ -239,6 +242,9 @@ loginpage(mlist, doc, user, language) print doc.Format() return + + syslog('auth', 'succeeded auth from %s for options/%s/%s', + os.environ.get('REMOTE_ADDR'), listname, user) # From here on out, the user is okay to view and modify their membership # options. The first set of checks does not require the list to be