From d48aacae6059b53ff1162fc1290231308be3c497 Mon Sep 17 00:00:00 2001
From: Dylan Hardison <dylan@mozilla.com>
Date: Mon, 14 Mar 2016 23:03:49 -0400
Subject: Bug 1229834 - extend information we [audit] log to the syslog

---
 Bugzilla/Auth/Persist/Cookie.pm    | 10 ++++++++++
 extensions/SecureMail/Extension.pm |  7 ++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/Bugzilla/Auth/Persist/Cookie.pm b/Bugzilla/Auth/Persist/Cookie.pm
index fd910b118..06661101b 100644
--- a/Bugzilla/Auth/Persist/Cookie.pm
+++ b/Bugzilla/Auth/Persist/Cookie.pm
@@ -37,6 +37,7 @@ use Bugzilla::Util;
 use Bugzilla::Token;
 
 use List::Util qw(first);
+use List::MoreUtils qw(any);
 
 sub new {
     my ($class) = @_;
@@ -99,6 +100,15 @@ sub persist_login {
                       -value => $login_cookie,
                       %cookieargs);
 
+    my $securemail_groups = Bugzilla->can('securemail_groups') ? Bugzilla->securemail_groups : [ 'admin' ];
+
+    if (any { $user->in_group($_) } 'mozilla-employee-confidential', @$securemail_groups) {
+        my $auth_method = eval { ref($user->authorizer->successful_info_getter) } // 'unknown';
+
+        Bugzilla->audit(sprintf "successful login of %s from %s using \"%s\", authenticated by %s",
+                        $user->login, $ip_addr, $cgi->user_agent // '', $auth_method);
+    }
+    
     return $login_cookie;
 }
 
diff --git a/extensions/SecureMail/Extension.pm b/extensions/SecureMail/Extension.pm
index d3840357f..3b03f33a6 100644
--- a/extensions/SecureMail/Extension.pm
+++ b/extensions/SecureMail/Extension.pm
@@ -49,7 +49,7 @@ use constant SECURE_ALL  => 2;
 ##############################################################################
 # Creating new columns
 #
-# secure_mail boolean in the 'groups' table - whether to send secure mail
+# secure_mail boolean in the 'gselect id from groups where secure_mailroups' table - whether to send secure mail
 # public_key text in the 'profiles' table - stores public key
 ##############################################################################
 sub install_update_db {
@@ -68,10 +68,15 @@ sub install_update_db {
 BEGIN {
     *Bugzilla::Group::secure_mail = \&_group_secure_mail;
     *Bugzilla::User::public_key   = \&_user_public_key;
+    *Bugzilla::securemail_groups = \&_securemail_groups;
 }
 
 sub _group_secure_mail { return $_[0]->{'secure_mail'}; }
 
+sub _securemail_groups {
+    return Bugzilla->dbh->selectcol_arrayref("SELECT name FROM groups WHERE secure_mail = 1") // [];
+}
+
 # We want to lazy-load the public_key.
 sub _user_public_key {
     my $self = shift;
-- 
cgit v1.2.3-24-g4f1b