From 1baa39515f11f1864a74bf995a87825b9182e8c2 Mon Sep 17 00:00:00 2001
From: Byron Jones <bjones@mozilla.com>
Date: Tue, 5 Nov 2013 00:44:24 +0800
Subject: Bug 917318: for auditing purposes, log the client's ip address when
 an account is created and when a bug is filed

---
 extensions/BMO/Extension.pm | 27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/extensions/BMO/Extension.pm b/extensions/BMO/Extension.pm
index c32da77c5..6c12c4a08 100644
--- a/extensions/BMO/Extension.pm
+++ b/extensions/BMO/Extension.pm
@@ -37,7 +37,6 @@ use Bugzilla::Install::Filesystem;
 use Bugzilla::User;
 use Bugzilla::User::Setting;
 use Bugzilla::Util;
-use Bugzilla::Util qw(html_quote trick_taint trim datetime_from detaint_natural);
 
 use Date::Parse;
 use DateTime;
@@ -516,10 +515,16 @@ sub quicksearch_map {
 
 sub object_end_of_create {
     my ($self, $args) = @_;
-    if ($args->{class} eq 'Bugzilla::User') {
+    my $class = $args->{class};
+
+    if ($class eq 'Bugzilla::User') {
+        my $user = $args->{object};
+
+        # Log real IP addresses for auditing
+        _syslog(sprintf('[audit] <%s> created user %s', remote_ip(), $user->login));
+
         # Add default searches to new user's footer
         my $dbh = Bugzilla->dbh;
-        my $user = $args->{object};
 
         my $sharer = Bugzilla::User->new({ name => 'nobody@mozilla.org' })
             or return;
@@ -534,6 +539,10 @@ sub object_end_of_create {
                 $namedquery_id, $user->id
             );
         }
+
+    } elsif ($class eq 'Bugzilla::Bug') {
+        # Log real IP addresses for auditing
+        _syslog(sprintf('[audit] <%s> created bug %s', remote_ip(), $args->{object}->id));
     }
 }
 
@@ -880,8 +889,13 @@ sub _log_sent_email {
 
     $subject =~ s/[\[\(]Bug \d+[\]\)]\s*//;
 
+    _syslog("[bugmail] $recipient ($message_type) $bug_id $subject");
+}
+
+sub _syslog {
+    my $message = shift;
     openlog('apache', 'cons,pid', 'local4');
-    syslog('notice', encode_utf8("[bugmail] $recipient ($message_type) $bug_id $subject"));
+    syslog('notice', encode_utf8($message));
     closelog();
 }
 
@@ -1055,10 +1069,7 @@ sub query_database {
         }
 
         # log query
-        setlogsock('unix');
-        openlog('apache', 'cons', 'pid', 'local4');
-        syslog('notice', sprintf("[db_query] %s %s", $user->login, $query));
-        closelog();
+        _syslog(sprintf("[db_query] %s %s", $user->login, $query));
 
         # connect to database and execute
         # switching to the shadow db gives us a read-only connection
-- 
cgit v1.2.3-24-g4f1b