From: Matt Rogers <mrogers@redhat.com>
Date: Tue, 26 Apr 2016 18:36:55 +0000 (-0400)
Subject: Skip password prompt when running ksu as root
X-Git-Tag: krb5-1.15-beta1~213
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2f8b9ef90829b031448d4547190c72438a69aacd;p=thirdparty%2Fkrb5.git

Skip password prompt when running ksu as root

A change introduced in 5fd5a67 resulted in root always being prompted for
the target user password when running ksu.  Restore the previous behavior
which is to only prompt if the principal is provided with -n.

ticket: 8396 (new)
target_version: 1.14-next
target_version: 1.13-next
---

diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
index 2f8d8e1122..28342c2d77 100644
--- a/src/clients/ksu/main.c
+++ b/src/clients/ksu/main.c
@@ -116,7 +116,7 @@ main (argc, argv)
     extern char * getpass(), *crypt();
     int pargc;
     char ** pargv;
-    krb5_boolean stored = FALSE, cc_reused = FALSE;
+    krb5_boolean stored = FALSE, cc_reused = FALSE, given_princ = FALSE;
     krb5_boolean zero_password;
     krb5_boolean restrict_creds;
     krb5_deltat lifetime, rlife;
@@ -238,6 +238,7 @@ main (argc, argv)
                 com_err(prog_name, retval, _("when parsing name %s"), optarg);
                 errflg++;
             }
+            given_princ = TRUE;
             break;
 #ifdef DEBUG
         case 'D':
@@ -462,7 +463,7 @@ main (argc, argv)
 
     if ((source_uid == 0) || (target_uid == source_uid)){
 #ifdef GET_TGT_VIA_PASSWD
-        if ((!all_rest_copy) && client != NULL && (stored == FALSE)){
+        if (!all_rest_copy && given_princ && client != NULL && !stored) {
             fprintf(stderr, _("WARNING: Your password may be exposed if you "
                               "enter it here and are logged\n"));
             fprintf(stderr, _("         in remotely using an unsecure "