New hide_sensitive_log_data option to hide client IP in log (#452 #471)

author Badlop <badlop@process-one.net>

Wed, 17 Jun 2015 09:32:42 +0000 (11:32 +0200)

committer Badlop <badlop@process-one.net>

Wed, 17 Jun 2015 09:32:42 +0000 (11:32 +0200)
author Badlop <badlop@process-one.net>
Wed, 17 Jun 2015 09:32:42 +0000 (11:32 +0200)
committer Badlop <badlop@process-one.net>
Wed, 17 Jun 2015 09:32:42 +0000 (11:32 +0200)
diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl

index 563a7df3504d6105c75cb5eeb3376aa79b7b9853..9655a2ab1bc67d13a6021d5c5a50d1c421330ed1 100644 (file)
--- a/src/ejabberd_c2s.erl
+++ b/src/ejabberd_c2s.erl
@@ -639,7 +639,7 @@ wait_for_auth({xmlstreamelement, El}, StateData) ->
                         ?INFO_MSG("(~w) Accepted legacy authentication for ~s by ~p from ~s",
                                   [StateData#state.socket,
                                    jlib:jid_to_string(JID), AuthModule,
-                                  jlib:ip_to_list(StateData#state.ip)]),
+                                  ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]),
                         ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
                                            [true, U, StateData#state.server,
                                             StateData#state.ip]),
@@ -680,7 +680,7 @@ wait_for_auth({xmlstreamelement, El}, StateData) ->
                        ?INFO_MSG("(~w) Failed legacy authentication for ~s from ~s",
                                  [StateData#state.socket,
                                   jlib:jid_to_string(JID),
-                                 jlib:ip_to_list(StateData#state.ip)]),
+                                 ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]),
                       ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
                                          [false, U, StateData#state.server,
                                           StateData#state.ip]),
@@ -701,7 +701,7 @@ wait_for_auth({xmlstreamelement, El}, StateData) ->
                                  "for ~s from ~s",
                                  [StateData#state.socket,
                                   jlib:jid_to_string(JID),
-                                 jlib:ip_to_list(StateData#state.ip)]),
+                                 ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]),
                        ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
                                           [false, U, StateData#state.server,
                                            StateData#state.ip]),
@@ -756,7 +756,7 @@ wait_for_feature_request({xmlstreamelement, El},
                 ?INFO_MSG("(~w) Accepted authentication for ~s "
                           "by ~p from ~s",
                           [StateData#state.socket, U, AuthModule,
-                          jlib:ip_to_list(StateData#state.ip)]),
+                          ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]),
                 ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
                                    [true, U, StateData#state.server,
                                     StateData#state.ip]),
@@ -783,7 +783,7 @@ wait_for_feature_request({xmlstreamelement, El},
                  ?INFO_MSG("(~w) Failed authentication for ~s@~s from ~s",
                            [StateData#state.socket,
                             Username, StateData#state.server,
-                           jlib:ip_to_list(StateData#state.ip)]),
+                           ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]),
                 ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
                                    [false, Username, StateData#state.server,
                                     StateData#state.ip]),
@@ -909,7 +909,7 @@ wait_for_sasl_response({xmlstreamelement, El},
                 ?INFO_MSG("(~w) Accepted authentication for ~s "
                           "by ~p from ~s",
                           [StateData#state.socket, U, AuthModule,
-                          jlib:ip_to_list(StateData#state.ip)]),
+                          ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]),
                 ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
                                    [true, U, StateData#state.server,
                                     StateData#state.ip]),
@@ -932,7 +932,7 @@ wait_for_sasl_response({xmlstreamelement, El},
                 ?INFO_MSG("(~w) Accepted authentication for ~s "
                           "by ~p from ~s",
                           [StateData#state.socket, U, AuthModule,
-                          jlib:ip_to_list(StateData#state.ip)]),
+                          ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]),
                 ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
                                    [true, U, StateData#state.server,
                                     StateData#state.ip]),
@@ -961,7 +961,7 @@ wait_for_sasl_response({xmlstreamelement, El},
                 ?INFO_MSG("(~w) Failed authentication for ~s@~s from ~s",
                            [StateData#state.socket,
                             Username, StateData#state.server,
-                           jlib:ip_to_list(StateData#state.ip)]),
+                           ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]),
                 ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
                                    [false, Username, StateData#state.server,
                                     StateData#state.ip]),
diff --git a/src/ejabberd_config.erl b/src/ejabberd_config.erl

index 2ea35ed83c9ed72351bb3115762804db50cc6e55..d049e4112470fd7cf618749cb2f0b29784f4b46e 100644 (file)
--- a/src/ejabberd_config.erl
+++ b/src/ejabberd_config.erl
@@ -36,7 +36,7 @@
           prepare_opt_val/4, convert_table_to_binary/5,
           transform_options/1, collect_options/1,
           convert_to_yaml/1, convert_to_yaml/2,
-         env_binary_to_list/2, opt_type/1]).
+         env_binary_to_list/2, opt_type/1, may_hide_data/1]).
  
  -include("ejabberd.hrl").
  -include("logger.hrl").
@@ -1154,3 +1154,18 @@ opt_type(language) ->
      fun iolist_to_binary/1;
  opt_type(_) ->
      [hosts, language].
+
+-spec may_hide_data(string()) -> string().
+
+may_hide_data(Data) ->
+    case ejabberd_config:get_option(
+       hide_sensitive_log_data,
+           fun(false) -> false;
+              (true) -> true
+           end,
+        false) of
+       false ->
+           Data;
+       true ->
+           "hidden_by_ejabberd"
+    end.
diff --git a/src/ejabberd_listener.erl b/src/ejabberd_listener.erl

index 81256cc18529b98481cc414e74a1e137252e2fdd..8660cc2f8af66d045acd253dc7a88f91d64874de 100644 (file)
--- a/src/ejabberd_listener.erl
+++ b/src/ejabberd_listener.erl
@@ -297,7 +297,7 @@ accept(ListenSocket, Module, Opts) ->
             case {inet:sockname(Socket), inet:peername(Socket)} of
                 {{ok, {Addr, Port}}, {ok, {PAddr, PPort}}} ->
                     ?INFO_MSG("(~w) Accepted connection ~s:~p -> ~s:~p",
-                             [Socket, inet_parse:ntoa(PAddr), PPort,
+                             [Socket, ejabberd_config:may_hide_data(inet_parse:ntoa(PAddr)), PPort,
                                inet_parse:ntoa(Addr), Port]);
                 _ ->
                     ok
diff --git a/src/ejabberd_web_admin.erl b/src/ejabberd_web_admin.erl

index 239c8bac556b31e032571717be9cb786866b7d39..da166581c40eb4237a3f2c6e7bd2355dc11243d2 100644 (file)
--- a/src/ejabberd_web_admin.erl
+++ b/src/ejabberd_web_admin.erl
@@ -203,7 +203,7 @@ process([<<"server">>, SHost | RPath] = Path,
             {unauthorized, Error} ->
                 {BadUser, _BadPass} = Auth,
                 {IPT, _Port} = Request#request.ip,
-               IPS = jlib:ip_to_list(IPT),
+               IPS = ejabberd_config:may_hide_data(jlib:ip_to_list(IPT)),
                 ?WARNING_MSG("Access of ~p from ~p failed with error: ~p",
                              [BadUser, IPS, Error]),
                 {401,
@@ -235,7 +235,7 @@ process(RPath,
        {unauthorized, Error} ->
           {BadUser, _BadPass} = Auth,
           {IPT, _Port} = Request#request.ip,
-         IPS = jlib:ip_to_list(IPT),
+         IPS = ejabberd_config:may_hide_data(jlib:ip_to_list(IPT)),
           ?WARNING_MSG("Access of ~p from ~p failed with error: ~p",
                        [BadUser, IPS, Error]),
           {401,
author	Badlop <badlop@process-one.net>
	Wed, 17 Jun 2015 09:32:42 +0000 (11:32 +0200)
committer	Badlop <badlop@process-one.net>
	Wed, 17 Jun 2015 09:32:42 +0000 (11:32 +0200)
src/ejabberd_c2s.erl		patch \| blob \| history
src/ejabberd_config.erl		patch \| blob \| history
src/ejabberd_listener.erl		patch \| blob \| history
src/ejabberd_web_admin.erl		patch \| blob \| history