Bug 1185823 - add additional [audit] syslog entries

author: Byron Jones <glob@mozilla.com> 2015-07-23 06:24:32 +0200
committer: Byron Jones <glob@mozilla.com> 2015-07-23 06:24:32 +0200
commit: e497100c07aa95e315c4c881d54cb88e57675e80 (patch)
tree: 4a1ac7448dfc1e0c7a5d8dc7352b7f5931eec36f /Bugzilla
parent: 5f8b7d80c6d390d6eb135f8d8bb9f8662524a24b (diff)
download: bugzilla-e497100c07aa95e315c4c881d54cb88e57675e80.tar.gz
bugzilla-e497100c07aa95e315c4c881d54cb88e57675e80.tar.xz
3 files changed, 13 insertions, 7 deletions
diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm
index e9bd214fd..81b972ac5 100644
--- a/Bugzilla/Auth.pm
+++ b/Bugzilla/Auth.pm
@@ -243,6 +243,7 @@ sub _handle_login_result {
             $template->process('email/lockout.txt.tmpl', $vars, \$message)
                 || ThrowTemplateError($template->error);
             MessageToMTA($message);
+            Bugzilla->audit(sprintf('<%s> triggered lockout of %s after %s attempts', $address, $user, $attempts));
         }
 
         $unlock_at->set_time_zone($user->timezone);
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 042f9c801..76b845f71 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -1028,6 +1028,12 @@ sub update {
         my @added_names   = map { $new_groups{$_}->name } @$added_gr;
         $changes->{'bug_group'} = [join(', ', @removed_names),
                                    join(', ', @added_names)];
+
+        # we only audit when bugs protected with a secure-mail enabled group
+        # are made public
+        if (!scalar @{ $self->groups_in } && any { $old_groups{$_}->secure_mail } @$removed_gr) {
+            Bugzilla->audit(sprintf('%s made Bug %s public (%s)', $user->login, $self->id, $self->short_desc));
+        }
     }
 
     # Comments and comment tags
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index d72009629..b2f913266 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -182,6 +182,7 @@ sub _update_groups {
     my $group_changes = shift;
     my $changes = shift;
     my $dbh = Bugzilla->dbh;
+    my $user = Bugzilla->user;
 
     # Update group settings.
     my $sth_add_mapping = $dbh->prepare(
@@ -203,14 +204,12 @@ sub _update_groups {
         my ($removed, $added) = @{$group_changes->{$is_bless}};
 
         foreach my $group (@$removed) {
-            $sth_remove_mapping->execute(
-                $self->id, $group->id, $is_bless, GRANT_DIRECT
-             );
+            $sth_remove_mapping->execute($self->id, $group->id, $is_bless, GRANT_DIRECT);
+            Bugzilla->audit(sprintf('%s <%s> removed group %s from %s', $user->login, remote_ip(), $group->name, $self->login));
         }
         foreach my $group (@$added) {
-            $sth_add_mapping->execute(
-                $self->id, $group->id, $is_bless, GRANT_DIRECT
-             );
+            $sth_add_mapping->execute($self->id, $group->id, $is_bless, GRANT_DIRECT);
+            Bugzilla->audit(sprintf('%s <%s> added group %s from %s', $user->login, remote_ip(), $group->name, $self->login));
         }
 
         if (! $is_bless) {
@@ -222,7 +221,7 @@ sub _update_groups {
 
             $dbh->do(
                 $query, undef,
-                $self->id, Bugzilla->user->id,
+                $self->id, $user->id,
                 get_field_id('bug_group'),
                 join(', ', map { $_->name } @$removed),
                 join(', ', map { $_->name } @$added)
author	Byron Jones <glob@mozilla.com>	2015-07-23 06:24:32 +0200
committer	Byron Jones <glob@mozilla.com>	2015-07-23 06:24:32 +0200
commit	e497100c07aa95e315c4c881d54cb88e57675e80 (patch)
tree	4a1ac7448dfc1e0c7a5d8dc7352b7f5931eec36f /Bugzilla
parent	5f8b7d80c6d390d6eb135f8d8bb9f8662524a24b (diff)
download	bugzilla-e497100c07aa95e315c4c881d54cb88e57675e80.tar.gz bugzilla-e497100c07aa95e315c4c881d54cb88e57675e80.tar.xz