From 1cf2dfe63afe0994988e756dfbb82524f50f6af8 Mon Sep 17 00:00:00 2001 From: Badlop Date: Wed, 17 Jun 2015 11:32:42 +0200 Subject: [PATCH] New hide_sensitive_log_data option to hide client IP in log (#452 #471) --- src/ejabberd_c2s.erl | 16 ++++++++-------- src/ejabberd_config.erl | 17 ++++++++++++++++- src/ejabberd_listener.erl | 2 +- src/ejabberd_web_admin.erl | 4 ++-- 4 files changed, 27 insertions(+), 12 deletions(-) diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl index 563a7df35..9655a2ab1 100644 --- a/src/ejabberd_c2s.erl +++ b/src/ejabberd_c2s.erl @@ -639,7 +639,7 @@ wait_for_auth({xmlstreamelement, El}, StateData) -> ?INFO_MSG("(~w) Accepted legacy authentication for ~s by ~p from ~s", [StateData#state.socket, jlib:jid_to_string(JID), AuthModule, - jlib:ip_to_list(StateData#state.ip)]), + ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]), ejabberd_hooks:run(c2s_auth_result, StateData#state.server, [true, U, StateData#state.server, StateData#state.ip]), @@ -680,7 +680,7 @@ wait_for_auth({xmlstreamelement, El}, StateData) -> ?INFO_MSG("(~w) Failed legacy authentication for ~s from ~s", [StateData#state.socket, jlib:jid_to_string(JID), - jlib:ip_to_list(StateData#state.ip)]), + ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]), ejabberd_hooks:run(c2s_auth_result, StateData#state.server, [false, U, StateData#state.server, StateData#state.ip]), @@ -701,7 +701,7 @@ wait_for_auth({xmlstreamelement, El}, StateData) -> "for ~s from ~s", [StateData#state.socket, jlib:jid_to_string(JID), - jlib:ip_to_list(StateData#state.ip)]), + ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]), ejabberd_hooks:run(c2s_auth_result, StateData#state.server, [false, U, StateData#state.server, StateData#state.ip]), @@ -756,7 +756,7 @@ wait_for_feature_request({xmlstreamelement, El}, ?INFO_MSG("(~w) Accepted authentication for ~s " "by ~p from ~s", [StateData#state.socket, U, AuthModule, - jlib:ip_to_list(StateData#state.ip)]), + ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]), ejabberd_hooks:run(c2s_auth_result, StateData#state.server, [true, U, StateData#state.server, StateData#state.ip]), @@ -783,7 +783,7 @@ wait_for_feature_request({xmlstreamelement, El}, ?INFO_MSG("(~w) Failed authentication for ~s@~s from ~s", [StateData#state.socket, Username, StateData#state.server, - jlib:ip_to_list(StateData#state.ip)]), + ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]), ejabberd_hooks:run(c2s_auth_result, StateData#state.server, [false, Username, StateData#state.server, StateData#state.ip]), @@ -909,7 +909,7 @@ wait_for_sasl_response({xmlstreamelement, El}, ?INFO_MSG("(~w) Accepted authentication for ~s " "by ~p from ~s", [StateData#state.socket, U, AuthModule, - jlib:ip_to_list(StateData#state.ip)]), + ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]), ejabberd_hooks:run(c2s_auth_result, StateData#state.server, [true, U, StateData#state.server, StateData#state.ip]), @@ -932,7 +932,7 @@ wait_for_sasl_response({xmlstreamelement, El}, ?INFO_MSG("(~w) Accepted authentication for ~s " "by ~p from ~s", [StateData#state.socket, U, AuthModule, - jlib:ip_to_list(StateData#state.ip)]), + ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]), ejabberd_hooks:run(c2s_auth_result, StateData#state.server, [true, U, StateData#state.server, StateData#state.ip]), @@ -961,7 +961,7 @@ wait_for_sasl_response({xmlstreamelement, El}, ?INFO_MSG("(~w) Failed authentication for ~s@~s from ~s", [StateData#state.socket, Username, StateData#state.server, - jlib:ip_to_list(StateData#state.ip)]), + ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]), ejabberd_hooks:run(c2s_auth_result, StateData#state.server, [false, Username, StateData#state.server, StateData#state.ip]), diff --git a/src/ejabberd_config.erl b/src/ejabberd_config.erl index 2ea35ed83..d049e4112 100644 --- a/src/ejabberd_config.erl +++ b/src/ejabberd_config.erl @@ -36,7 +36,7 @@ prepare_opt_val/4, convert_table_to_binary/5, transform_options/1, collect_options/1, convert_to_yaml/1, convert_to_yaml/2, - env_binary_to_list/2, opt_type/1]). + env_binary_to_list/2, opt_type/1, may_hide_data/1]). -include("ejabberd.hrl"). -include("logger.hrl"). @@ -1154,3 +1154,18 @@ opt_type(language) -> fun iolist_to_binary/1; opt_type(_) -> [hosts, language]. + +-spec may_hide_data(string()) -> string(). + +may_hide_data(Data) -> + case ejabberd_config:get_option( + hide_sensitive_log_data, + fun(false) -> false; + (true) -> true + end, + false) of + false -> + Data; + true -> + "hidden_by_ejabberd" + end. diff --git a/src/ejabberd_listener.erl b/src/ejabberd_listener.erl index 81256cc18..8660cc2f8 100644 --- a/src/ejabberd_listener.erl +++ b/src/ejabberd_listener.erl @@ -297,7 +297,7 @@ accept(ListenSocket, Module, Opts) -> case {inet:sockname(Socket), inet:peername(Socket)} of {{ok, {Addr, Port}}, {ok, {PAddr, PPort}}} -> ?INFO_MSG("(~w) Accepted connection ~s:~p -> ~s:~p", - [Socket, inet_parse:ntoa(PAddr), PPort, + [Socket, ejabberd_config:may_hide_data(inet_parse:ntoa(PAddr)), PPort, inet_parse:ntoa(Addr), Port]); _ -> ok diff --git a/src/ejabberd_web_admin.erl b/src/ejabberd_web_admin.erl index 239c8bac5..da166581c 100644 --- a/src/ejabberd_web_admin.erl +++ b/src/ejabberd_web_admin.erl @@ -203,7 +203,7 @@ process([<<"server">>, SHost | RPath] = Path, {unauthorized, Error} -> {BadUser, _BadPass} = Auth, {IPT, _Port} = Request#request.ip, - IPS = jlib:ip_to_list(IPT), + IPS = ejabberd_config:may_hide_data(jlib:ip_to_list(IPT)), ?WARNING_MSG("Access of ~p from ~p failed with error: ~p", [BadUser, IPS, Error]), {401, @@ -235,7 +235,7 @@ process(RPath, {unauthorized, Error} -> {BadUser, _BadPass} = Auth, {IPT, _Port} = Request#request.ip, - IPS = jlib:ip_to_list(IPT), + IPS = ejabberd_config:may_hide_data(jlib:ip_to_list(IPT)), ?WARNING_MSG("Access of ~p from ~p failed with error: ~p", [BadUser, IPS, Error]), {401,