Bug 312441: relogin.cgi allows you to impersonate user accounts you are not allowed to see when 'usevisibilitygroups' is on - Patch by A. Karl Kornel <karl@kornel.name> r=LpSolit a=justdave

4 files changed, 38 insertions, 12 deletions

diff --git a/template/en/default/account/prefs/permissions.html.tmpl b/template/en/default/account/prefs/permissions.html.tmpl
index 2de04328d..dd6e1785b 100644
--- a/template/en/default/account/prefs/permissions.html.tmpl
+++ b/template/en/default/account/prefs/permissions.html.tmpl
@@ -74,7 +74,7 @@
       [% IF user.groups.bz_sudoers %]
         <br>
         You are a member of the <b>bz_sudoers</b> group, so you can 
-        <a href="relogin.cgi?action=sudo">impersonate someone else</a>.
+        <a href="relogin.cgi?action=prepare-sudo">impersonate someone else</a>.
       [% END %]
     </td>
   </tr>
diff --git a/template/en/default/admin/sudo.html.tmpl b/template/en/default/admin/sudo.html.tmpl
index 12aa586a6..4e781796c 100644
--- a/template/en/default/admin/sudo.html.tmpl
+++ b/template/en/default/admin/sudo.html.tmpl
@@ -66,7 +66,8 @@
   
   <p>
     Next, please take a moment to explain why you are doing this:<br>
-    <input type="text" name="reason" size="80" maxlength="200">
+    <input type="text" name="reason" size="80" maxlength="200" value="
+    [%- reason_default FILTER html %]">
   </p>
   
   <p>
@@ -75,21 +76,27 @@
     are impersonating them.
   </p>
   
-  <p>
-    Finally, click the button to begin the session:
-    <input type="submit" value="Begin Session">
-    <input type="hidden" name="action" value="sudo-transition">
-  </p>
-  
-  [% IF will_logout %]
+  [% IF user.get_flag("can_logout") %]
     <p>
-      When you press the button, you may be logged out and asked to log in 
-      again.  This is done for two reasons.  First of all, it is done to reduce 
+      Finally, enter your [% terms.Bugzilla %] password: 
+      <input type="hidden" name="Bugzilla_login" value="
+      [%- user.login FILTER html %]">
+      <input type="password" name="Bugzilla_password" maxlength="20" size="20">
+      <br>
+      This is done for two reasons.  First of all, it is done to reduce 
       the chances of someone doing large amounts of damage using your 
       already-logged-in account.  Second, it is there to force you to take the 
       time to consider if you really need to use this feature.
     </p>
   [% END %]
+  
+  <p>
+    Click the button to begin the session:
+    <input type="submit" value="Begin Session">
+    <input type="hidden" name="action" value="begin-sudo">
+    <input type="hidden" name="token" value="[% token FILTER html %]">
+  </p>
+
 </form>
 
 [% PROCESS global/footer.html.tmpl %]
diff --git a/template/en/default/admin/users/userdata.html.tmpl b/template/en/default/admin/users/userdata.html.tmpl
index f606bb73d..96c9df515 100644
--- a/template/en/default/admin/users/userdata.html.tmpl
+++ b/template/en/default/admin/users/userdata.html.tmpl
@@ -32,7 +32,7 @@
                value="[% otheruser.login FILTER html %]" />
         [% IF !otheruser.groups.bz_sudo_protect %]
           <br />
-          <a href="relogin.cgi?action=sudo&amp;target_login=
+          <a href="relogin.cgi?action=prepare-sudo&amp;target_login=
           [%- otheruser.login FILTER html %]">Impersonate this user</a>
         [% END %]
       [% END %]
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index be86ae506..e911b39d2 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -1128,6 +1128,20 @@
     An sudo session (impersonating [% target FILTER html %]) is in progress.  
     End that session (using the link in the footer) before starting a new one.
 
+  [% ELSIF error == "sudo_password_required" %]
+    [% title = "Password Required" %]
+    Your [% terms.Bugzilla %] password is required to begin a sudo 
+    session. Please <a href="relogin.cgi?action=prepare-sudo&target_login=
+    [%- target_login FILTER html %]&reason=
+    [%- reason FILTER html %]">go back</a> and enter your password</a>.
+    
+  [% ELSIF error == "sudo_preparation_required" %]
+    [% title = "Preparation Required" %]
+    You may not start a sudo session directly.  Please
+    <a href="relogin.cgi?action=prepare-sudo&target_login=
+    [%- target_login FILTER html %]&reason=
+    [%- reason FILTER html %]">start your session normally</a>.
+
   [% ELSIF error == "sudo_protected" %]
     [% title = "User Protected" %]
     The user [% login FILTER html %] may not be impersonated by sudoers.
@@ -1202,6 +1216,11 @@
     [% title = "Login Name Required" %]
     You must enter a login name for the new user.
 
+  [% ELSIF error == "user_match_failed" %]
+    [% title = "Match Failed" %]
+    <tt>[% name FILTER html %]</tt> does not exist or you are not allowed 
+    to see that user.
+
   [% ELSIF error == "votes_must_be_nonnegative" %]
     [% title = "Votes Must Be Non-negative" %]
     Only use non-negative numbers for your [% terms.bug %] votes.