25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-24 17:29:28 +01:00

New hide_sensitive_log_data option to hide client IP in log (#452 #471)

This commit is contained in:
Badlop 2015-06-17 11:32:42 +02:00
parent 3c47a5bb75
commit 1cf2dfe63a
4 changed files with 27 additions and 12 deletions

View File

@ -639,7 +639,7 @@ wait_for_auth({xmlstreamelement, El}, StateData) ->
?INFO_MSG("(~w) Accepted legacy authentication for ~s by ~p from ~s",
[StateData#state.socket,
jlib:jid_to_string(JID), AuthModule,
jlib:ip_to_list(StateData#state.ip)]),
ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]),
ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
[true, U, StateData#state.server,
StateData#state.ip]),
@ -680,7 +680,7 @@ wait_for_auth({xmlstreamelement, El}, StateData) ->
?INFO_MSG("(~w) Failed legacy authentication for ~s from ~s",
[StateData#state.socket,
jlib:jid_to_string(JID),
jlib:ip_to_list(StateData#state.ip)]),
ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]),
ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
[false, U, StateData#state.server,
StateData#state.ip]),
@ -701,7 +701,7 @@ wait_for_auth({xmlstreamelement, El}, StateData) ->
"for ~s from ~s",
[StateData#state.socket,
jlib:jid_to_string(JID),
jlib:ip_to_list(StateData#state.ip)]),
ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]),
ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
[false, U, StateData#state.server,
StateData#state.ip]),
@ -756,7 +756,7 @@ wait_for_feature_request({xmlstreamelement, El},
?INFO_MSG("(~w) Accepted authentication for ~s "
"by ~p from ~s",
[StateData#state.socket, U, AuthModule,
jlib:ip_to_list(StateData#state.ip)]),
ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]),
ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
[true, U, StateData#state.server,
StateData#state.ip]),
@ -783,7 +783,7 @@ wait_for_feature_request({xmlstreamelement, El},
?INFO_MSG("(~w) Failed authentication for ~s@~s from ~s",
[StateData#state.socket,
Username, StateData#state.server,
jlib:ip_to_list(StateData#state.ip)]),
ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]),
ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
[false, Username, StateData#state.server,
StateData#state.ip]),
@ -909,7 +909,7 @@ wait_for_sasl_response({xmlstreamelement, El},
?INFO_MSG("(~w) Accepted authentication for ~s "
"by ~p from ~s",
[StateData#state.socket, U, AuthModule,
jlib:ip_to_list(StateData#state.ip)]),
ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]),
ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
[true, U, StateData#state.server,
StateData#state.ip]),
@ -932,7 +932,7 @@ wait_for_sasl_response({xmlstreamelement, El},
?INFO_MSG("(~w) Accepted authentication for ~s "
"by ~p from ~s",
[StateData#state.socket, U, AuthModule,
jlib:ip_to_list(StateData#state.ip)]),
ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]),
ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
[true, U, StateData#state.server,
StateData#state.ip]),
@ -961,7 +961,7 @@ wait_for_sasl_response({xmlstreamelement, El},
?INFO_MSG("(~w) Failed authentication for ~s@~s from ~s",
[StateData#state.socket,
Username, StateData#state.server,
jlib:ip_to_list(StateData#state.ip)]),
ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]),
ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
[false, Username, StateData#state.server,
StateData#state.ip]),

View File

@ -36,7 +36,7 @@
prepare_opt_val/4, convert_table_to_binary/5,
transform_options/1, collect_options/1,
convert_to_yaml/1, convert_to_yaml/2,
env_binary_to_list/2, opt_type/1]).
env_binary_to_list/2, opt_type/1, may_hide_data/1]).
-include("ejabberd.hrl").
-include("logger.hrl").
@ -1154,3 +1154,18 @@ opt_type(language) ->
fun iolist_to_binary/1;
opt_type(_) ->
[hosts, language].
-spec may_hide_data(string()) -> string().
may_hide_data(Data) ->
case ejabberd_config:get_option(
hide_sensitive_log_data,
fun(false) -> false;
(true) -> true
end,
false) of
false ->
Data;
true ->
"hidden_by_ejabberd"
end.

View File

@ -297,7 +297,7 @@ accept(ListenSocket, Module, Opts) ->
case {inet:sockname(Socket), inet:peername(Socket)} of
{{ok, {Addr, Port}}, {ok, {PAddr, PPort}}} ->
?INFO_MSG("(~w) Accepted connection ~s:~p -> ~s:~p",
[Socket, inet_parse:ntoa(PAddr), PPort,
[Socket, ejabberd_config:may_hide_data(inet_parse:ntoa(PAddr)), PPort,
inet_parse:ntoa(Addr), Port]);
_ ->
ok

View File

@ -203,7 +203,7 @@ process([<<"server">>, SHost | RPath] = Path,
{unauthorized, Error} ->
{BadUser, _BadPass} = Auth,
{IPT, _Port} = Request#request.ip,
IPS = jlib:ip_to_list(IPT),
IPS = ejabberd_config:may_hide_data(jlib:ip_to_list(IPT)),
?WARNING_MSG("Access of ~p from ~p failed with error: ~p",
[BadUser, IPS, Error]),
{401,
@ -235,7 +235,7 @@ process(RPath,
{unauthorized, Error} ->
{BadUser, _BadPass} = Auth,
{IPT, _Port} = Request#request.ip,
IPS = jlib:ip_to_list(IPT),
IPS = ejabberd_config:may_hide_data(jlib:ip_to_list(IPT)),
?WARNING_MSG("Access of ~p from ~p failed with error: ~p",
[BadUser, IPS, Error]),
{401,