From e497100c07aa95e315c4c881d54cb88e57675e80 Mon Sep 17 00:00:00 2001
From: Byron Jones <glob@mozilla.com>
Date: Thu, 23 Jul 2015 12:24:32 +0800
Subject: Bug 1185823 - add additional [audit] syslog entries

---
 Bugzilla/Auth.pm |  1 +
 Bugzilla/Bug.pm  |  6 ++++++
 Bugzilla/User.pm | 13 ++++++-------
 3 files changed, 13 insertions(+), 7 deletions(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm
index e9bd214fd..81b972ac5 100644
--- a/Bugzilla/Auth.pm
+++ b/Bugzilla/Auth.pm
@@ -243,6 +243,7 @@ sub _handle_login_result {
             $template->process('email/lockout.txt.tmpl', $vars, \$message)
                 || ThrowTemplateError($template->error);
             MessageToMTA($message);
+            Bugzilla->audit(sprintf('<%s> triggered lockout of %s after %s attempts', $address, $user, $attempts));
         }
 
         $unlock_at->set_time_zone($user->timezone);
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 042f9c801..76b845f71 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -1028,6 +1028,12 @@ sub update {
         my @added_names   = map { $new_groups{$_}->name } @$added_gr;
         $changes->{'bug_group'} = [join(', ', @removed_names),
                                    join(', ', @added_names)];
+
+        # we only audit when bugs protected with a secure-mail enabled group
+        # are made public
+        if (!scalar @{ $self->groups_in } && any { $old_groups{$_}->secure_mail } @$removed_gr) {
+            Bugzilla->audit(sprintf('%s made Bug %s public (%s)', $user->login, $self->id, $self->short_desc));
+        }
     }
 
     # Comments and comment tags
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index d72009629..b2f913266 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -182,6 +182,7 @@ sub _update_groups {
     my $group_changes = shift;
     my $changes = shift;
     my $dbh = Bugzilla->dbh;
+    my $user = Bugzilla->user;
 
     # Update group settings.
     my $sth_add_mapping = $dbh->prepare(
@@ -203,14 +204,12 @@ sub _update_groups {
         my ($removed, $added) = @{$group_changes->{$is_bless}};
 
         foreach my $group (@$removed) {
-            $sth_remove_mapping->execute(
-                $self->id, $group->id, $is_bless, GRANT_DIRECT
-             );
+            $sth_remove_mapping->execute($self->id, $group->id, $is_bless, GRANT_DIRECT);
+            Bugzilla->audit(sprintf('%s <%s> removed group %s from %s', $user->login, remote_ip(), $group->name, $self->login));
         }
         foreach my $group (@$added) {
-            $sth_add_mapping->execute(
-                $self->id, $group->id, $is_bless, GRANT_DIRECT
-             );
+            $sth_add_mapping->execute($self->id, $group->id, $is_bless, GRANT_DIRECT);
+            Bugzilla->audit(sprintf('%s <%s> added group %s from %s', $user->login, remote_ip(), $group->name, $self->login));
         }
 
         if (! $is_bless) {
@@ -222,7 +221,7 @@ sub _update_groups {
 
             $dbh->do(
                 $query, undef,
-                $self->id, Bugzilla->user->id,
+                $self->id, $user->id,
                 get_field_id('bug_group'),
                 join(', ', map { $_->name } @$removed),
                 join(', ', map { $_->name } @$added)
-- 
cgit v1.2.3-24-g4f1b