krb5 commit: Skip password prompt when running ksu as root
Greg Hudson
ghudson at mit.edu
Tue Apr 26 15:02:52 EDT 2016
https://github.com/krb5/krb5/commit/2f8b9ef90829b031448d4547190c72438a69aacd
commit 2f8b9ef90829b031448d4547190c72438a69aacd
Author: Matt Rogers <mrogers at redhat.com>
Date: Tue Apr 26 14:36:55 2016 -0400
Skip password prompt when running ksu as root
A change introduced in 5fd5a67 resulted in root always being prompted for
the target user password when running ksu. Restore the previous behavior
which is to only prompt if the principal is provided with -n.
ticket: 8396 (new)
target_version: 1.14-next
target_version: 1.13-next
src/clients/ksu/main.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
index 2f8d8e1..28342c2 100644
--- a/src/clients/ksu/main.c
+++ b/src/clients/ksu/main.c
@@ -116,7 +116,7 @@ main (argc, argv)
extern char * getpass(), *crypt();
int pargc;
char ** pargv;
- krb5_boolean stored = FALSE, cc_reused = FALSE;
+ krb5_boolean stored = FALSE, cc_reused = FALSE, given_princ = FALSE;
krb5_boolean zero_password;
krb5_boolean restrict_creds;
krb5_deltat lifetime, rlife;
@@ -238,6 +238,7 @@ main (argc, argv)
com_err(prog_name, retval, _("when parsing name %s"), optarg);
errflg++;
}
+ given_princ = TRUE;
break;
#ifdef DEBUG
case 'D':
@@ -462,7 +463,7 @@ main (argc, argv)
if ((source_uid == 0) || (target_uid == source_uid)){
#ifdef GET_TGT_VIA_PASSWD
- if ((!all_rest_copy) && client != NULL && (stored == FALSE)){
+ if (!all_rest_copy && given_princ && client != NULL && !stored) {
fprintf(stderr, _("WARNING: Your password may be exposed if you "
"enter it here and are logged\n"));
fprintf(stderr, _(" in remotely using an unsecure "
More information about the cvs-krb5
mailing list