changeset 6047:a9bfc8e99775

abuse logging: add logging for setuid, improve CHANGES entry
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Fri, 06 Jun 2014 14:23:58 +0200
parents f7175dbb081e
children ee7209311a0e
files MoinMoin/auth/__init__.py docs/CHANGES
diffstat 2 files changed, 10 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/auth/__init__.py	Fri Jun 06 14:08:21 2014 +0200
+++ b/MoinMoin/auth/__init__.py	Fri Jun 06 14:23:58 2014 +0200
@@ -468,6 +468,8 @@
         uid = request.session['setuid']
         userobj = user.User(request, uid, auth_method='setuid')
         userobj.valid = True
+        log_attempt("auth: login (setuid from %r)" % old_user.name,
+                    True, request, userobj.name)
     logging.debug("setup_suid returns %r, %r" % (userobj, old_user))
     return (userobj, old_user)
 
--- a/docs/CHANGES	Fri Jun 06 14:08:21 2014 +0200
+++ b/docs/CHANGES	Fri Jun 06 14:23:58 2014 +0200
@@ -43,9 +43,14 @@
     TIME is in seconds, the slowness indicator is "." for sub-second requests
     or N times "!" for requests taking N seconds (so you easily can grep for
     slow stuff).
-  * add "abuse" logging. currently this is only used by authentication system
-    (and there only for "moin" and "given" auth). abuse logging is configured
-    via the logging configuration, see example: wiki/config/logging/abuse
+  * add "abuse" logging. this will log every attempt to login (successful ones
+    as well as unsuccessful ones). abuse logging is configured via the logging
+    configuration, see example in wiki/config/logging/abuse.
+    Currently, abuse logging is implemented for:
+    * authentication system
+      * "moin" auth
+      * "given" auth
+      * setuid (when superuser switches to another user)
   * backlinks performance tuning: the pagename in the theme has historically
     been used to trigger a "linkto:ThisPage" search. While this is a nice
     feature for human users of the wiki (esp. on category pages), it has one