Index: /branches/rel_apv_10_7/usr/click/webui/htdocs/new/src/hive/auth.py =================================================================== --- /branches/rel_apv_10_7/usr/click/webui/htdocs/new/src/hive/auth.py (revision 38698) +++ /branches/rel_apv_10_7/usr/click/webui/htdocs/new/src/hive/auth.py (working copy) @@ -64,8 +64,8 @@ else: return False -def log_auth(access_method, username, client_ip, msg): - lib.exau_log_webui("%s: user \"%s\" from client %s %s" % (access_method, username.encode("utf-8"), client_ip, msg)); +def log_auth(access_method, username, client_ip, msg, to_ip): + lib.exau_log_webui("%s: user \"%s\" from client %s to %s %s" % (access_method, username.encode("utf-8"), client_ip, to_ip, msg)) def apv_check_segment_user(username): sent_user = ffi.new("char[]", username.encode("utf-8")) Index: /branches/rel_apv_10_7/usr/click/webui/htdocs/new/src/hive/session.py =================================================================== --- /branches/rel_apv_10_7/usr/click/webui/htdocs/new/src/hive/session.py (revision 38698) +++ /branches/rel_apv_10_7/usr/click/webui/htdocs/new/src/hive/session.py (working copy) @@ -315,7 +315,9 @@ ANSession._under_clean_process = False except: ANSession._under_clean_process = False - +def get_to_ip(request): + to_ip = request.META['SERVER_NAME'] + return to_ip def current_app(): return an_settings.AN_APPS[0] @@ -324,6 +326,7 @@ django_ctx = RequestContext(request) client_ip = request.META['REMOTE_ADDR'] access_method = "WebUI" + to_ip = get_to_ip(request) if request.method == 'GET': return HttpResponse(json.dumps({"state": False, "msg": "Unsupport GET method."})) @@ -357,12 +360,12 @@ result = seg_session.login('') if seg_session.is_admin_mode_sparation: send_notification('In the role separation mode, user roles need to be bound to execute CLI command.CLI is unprivileged for you.') - log_auth(access_method, username, client_ip, "login failed") + log_auth(access_method, username, client_ip, "login failed", to_ip) return HttpResponse(json.dumps({"state": False, "cli_msg": "In the role separation mode, user roles need to be bound to execute CLI command.CLI is unprivileged for you."})) if result: seg_session.enable_password_checked = True send_notification('success', 'Segment user logged in.', session=seg_session) - log_auth(access_method, username, client_ip, "login successful") + log_auth(access_method, username, client_ip, "login successful", to_ip) response = HttpResponse(json.dumps({"state": True, "msg": ""})) response.set_cookie('django_language', seg_session.pref.get_default_lang(), secure=True, httponly=True) response.set_cookie(an_settings.SESSION_COOKIE_NAME, seg_session.sessid, secure=True, httponly=True) @@ -370,19 +373,20 @@ else: if 'enable_password' in request.POST: send_notification('error', 'segment user %s is trying to login with an invalid enable password.' % username, session=session) - log_auth(access_method, username, client_ip, "segment login failed with an invalid enable password") + log_auth(access_method, username, client_ip, "segment login failed with an invalid enable password", to_ip) error_msg = 'Invalid segment enable password' else: error_msg = '' return HttpResponse(json.dumps({"state": False, "msg": error_msg})) else: send_notification('error', '%s is trying to login with an invalid password.' % username) - log_auth(access_method, username, client_ip, "login failed") + log_auth(access_method, username, client_ip, "login failed", to_ip) return HttpResponse(json.dumps({"state": False, "msg": "Failed to login because invalid password and username."})) def login_handler(request): django_ctx = RequestContext(request) client_ip = request.META['REMOTE_ADDR'] + to_ip = get_to_ip(request) if request.META['REQUEST_URI'].startswith('/rest'): access_method = "Restful" else: @@ -491,11 +495,12 @@ elif session.is_segment_user and session.is_admin_mode_sparation: msg = 'In the role separation mode, user roles need to be bound to execute CLI command.CLI is unprivileged for you.' send_notification('In the role separation mode, user roles need to be bound to execute CLI command.CLI is unprivileged for you.') - log_auth(access_method, username, client_ip, "login failed") + log_auth(access_method, username, client_ip, "login failed", to_ip) return HttpResponse(template.render({'csrf_token': django_ctx['csrf_token'], 'MEDIA': '/media/', 'error': msg,'COPYRIGHT': COMPANY_COPYRIGHT_LOGIN[get_default_lang()],'COPYRIGHT_CN': COMPANY_COPYRIGHT_CN_LOGIN[get_default_lang()], 'local': local_equirement()})) elif result: send_notification('success', 'User logged in.', session=session) - log_auth(access_method, username, client_ip, "login successful") + # andebug("hive.debug", "my_testing: " + to_ip) + log_auth(access_method, username, client_ip, "login successful", to_ip) session.enable_login_check() save_login_info(username, request.META) session.enable_password_checked = True @@ -520,7 +525,7 @@ template = env.get_template('login.html') if 'csrftokeninfoen' in request.POST: send_notification('error', '%s is trying to login with an invalid enable password.' % username, session=session) - log_auth(access_method, username, client_ip, "login failed with an invalid enable password") + log_auth(access_method, username, client_ip, "login failed with an invalid enable password", to_ip) error_msg = 'Invalid enable password' else: error_msg = '' @@ -563,13 +568,14 @@ else: msg = 'Invalid Username or Password.' send_notification('error', '%s is trying to login with an invalid password.' % username) - log_auth(access_method, username, client_ip, "login failed") + log_auth(access_method, username, client_ip, "login failed", to_ip) return HttpResponse(template.render({'csrf_token':django_ctx['csrf_token'], 'MEDIA':'/media/', 'error':msg, 'err_info':err_info, 'COPYRIGHT':COMPANY_COPYRIGHT_LOGIN[get_default_lang()],'COPYRIGHT_CN':COMPANY_COPYRIGHT_CN_LOGIN[get_default_lang()],'local': local_equirement()})) def logout_handler(request): django_ctx = RequestContext(request) env = HiveEnvironment(loader=PackageLoader('hive', 'templates')) template = env.get_template('login.html') + to_ip = get_to_ip(request) if an_settings.SESSION_COOKIE_NAME in request.COOKIES: sess = ANSession.find_session_by_id(request.COOKIES[an_settings.SESSION_COOKIE_NAME]) response = HttpResponse(template.render({'csrf_token':django_ctx['csrf_token'], 'MEDIA':'/media/', 'COPYRIGHT':COMPANY_COPYRIGHT_LOGIN[sess.pref.get_default_lang()],'COPYRIGHT_CN':COMPANY_COPYRIGHT_CN_LOGIN[sess.pref.get_default_lang()],'local': local_equirement()})) @@ -578,7 +584,7 @@ else: access_method = "WebUI" client_ip = request.META['REMOTE_ADDR'] - log_auth(access_method, sess._username, client_ip, "logout") + log_auth(access_method, sess._username, client_ip, "logout",to_ip) send_notification('info', 'User logged out.') sess.logout() response.delete_cookie(an_settings.SESSION_COOKIE_NAME) @@ -606,6 +612,7 @@ @contextmanager def temp_session(request, app): sess = None + to_ip = get_to_ip(request) if 'HTTP_AUTHORIZATION' in request.META: a = request.META['HTTP_AUTHORIZATION'].split() if len(a) == 2: @@ -627,9 +634,9 @@ sess = ANSession(uname, passwd, priv, is_segment_user) sess.cli = ANCLIConn.get_conn(sess._username, sessid=sess._sessid, address=an_settings.LEGACY_CLI_AGENT_IP, conn_type=sess.is_segment_user) _thread_locals.session = sess - log_auth("Restful", uname, client_ip, "login successful") + log_auth("Restful", uname, client_ip, "login successful", to_ip) else: - log_auth("Restful", uname, client_ip, "login failed") + log_auth("Restful", uname, client_ip, "login failed", to_ip) elif a[0].lower() == "base": if is_avx_mode(): cmd = '/ca/bin/backend -c "show restapi"'