In ksu, without the -e flag, also check .k5users

When ksu was explicitly told to spawn a shell, a line in .k5users which
listed "*" as the allowed command would cause the principal named on the
line to be considered as a candidate for authentication.

When ksu was not passed a command to run, which implicitly meant that
the invoking user wanted to run the target user's login shell, knowledge
that the principal was a valid candidate was ignored, which could cause
a less optimal choice of the default target principal.

This doesn't impact the authorization checks which we perform later.

ticket: 7983 (new)

diff --git a/src/clients/ksu/heuristic.c b/src/clients/ksu/heuristic.c
index c7e691cd68fc5d444b06adcbda8d4c27d97ff4dc..99b54e5d221be04182fdba2cf0fb8b383e63537c 100644 (file)
--- a/src/clients/ksu/heuristic.c
+++ b/src/clients/ksu/heuristic.c
@@ -264,20 +264,13 @@ get_authorized_princ_names(luser, cmd, princ_list)
 
     close_time(k5users_flag,users_fp, k5login_flag, login_fp);
 
-    if (cmd) {
-        retval = list_union(k5login_list, k5users_filt_list, &combined_list);
-        if (retval){
-            close_time(k5users_flag,users_fp, k5login_flag,login_fp);
-            return retval;
-        }
-        *princ_list = combined_list;
-        return 0;
-    } else {
-        if (k5users_filt_list != NULL)
-            free(k5users_filt_list);
-        *princ_list = k5login_list;
-        return 0;
+    retval = list_union(k5login_list, k5users_filt_list, &combined_list);
+    if (retval){
+        close_time(k5users_flag,users_fp, k5login_flag,login_fp);
+        return retval;
     }
+    *princ_list = combined_list;
+    return 0;
 }
 
 static void close_time(k5users_flag, users_fp, k5login_flag, login_fp)