[29395] in CVS-changelog-for-Kerberos-V5
krb5 commit: Skip password prompt when running ksu as root
daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Apr 26 15:02:56 2016
Date: Tue, 26 Apr 2016 15:02:52 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201604261902.u3QJ2q5D029719@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/2f8b9ef90829b031448d4547190c72438a69aacd
commit 2f8b9ef90829b031448d4547190c72438a69aacd
Author: Matt Rogers <mrogers@redhat.com>
Date: Tue Apr 26 14:36:55 2016 -0400
Skip password prompt when running ksu as root
A change introduced in 5fd5a67 resulted in root always being prompted for
the target user password when running ksu. Restore the previous behavior
which is to only prompt if the principal is provided with -n.
ticket: 8396 (new)
target_version: 1.14-next
target_version: 1.13-next
src/clients/ksu/main.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
index 2f8d8e1..28342c2 100644
--- a/src/clients/ksu/main.c
+++ b/src/clients/ksu/main.c
@@ -116,7 +116,7 @@ main (argc, argv)
extern char * getpass(), *crypt();
int pargc;
char ** pargv;
- krb5_boolean stored = FALSE, cc_reused = FALSE;
+ krb5_boolean stored = FALSE, cc_reused = FALSE, given_princ = FALSE;
krb5_boolean zero_password;
krb5_boolean restrict_creds;
krb5_deltat lifetime, rlife;
@@ -238,6 +238,7 @@ main (argc, argv)
com_err(prog_name, retval, _("when parsing name %s"), optarg);
errflg++;
}
+ given_princ = TRUE;
break;
#ifdef DEBUG
case 'D':
@@ -462,7 +463,7 @@ main (argc, argv)
if ((source_uid == 0) || (target_uid == source_uid)){
#ifdef GET_TGT_VIA_PASSWD
- if ((!all_rest_copy) && client != NULL && (stored == FALSE)){
+ if (!all_rest_copy && given_princ && client != NULL && !stored) {
fprintf(stderr, _("WARNING: Your password may be exposed if you "
"enter it here and are logged\n"));
fprintf(stderr, _(" in remotely using an unsecure "
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
