|
 |
8c1676 |
From 324342ebf3a6b6e6d69268dc8640c642fdb25778 Mon Sep 17 00:00:00 2001
|
|
|
8c1676 |
From: Robbie Harwood <rharwood@redhat.com>
|
|
|
8c1676 |
Date: Thu, 28 Apr 2016 16:20:22 -0400
|
|
|
8c1676 |
Subject: [PATCH] krb5-1.14.3-ksu_root_prompt.patch
|
|
|
8c1676 |
|
|
|
8c1676 |
Backport: 2f8b9ef90829b031448d4547190c72438a69aacd
|
|
|
8c1676 |
---
|
|
|
8c1676 |
src/clients/ksu/main.c | 5 +++--
|
|
|
8c1676 |
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
8c1676 |
|
|
|
8c1676 |
diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
|
|
|
8c1676 |
index 1b2ca83..cab0c18 100644
|
|
|
8c1676 |
--- a/src/clients/ksu/main.c
|
|
|
8c1676 |
+++ b/src/clients/ksu/main.c
|
|
|
8c1676 |
@@ -122,7 +122,7 @@ main (argc, argv)
|
|
|
8c1676 |
extern char * getpass(), *crypt();
|
|
|
8c1676 |
int pargc;
|
|
|
8c1676 |
char ** pargv;
|
|
|
8c1676 |
- krb5_boolean stored = FALSE, cc_reused = FALSE;
|
|
|
8c1676 |
+ krb5_boolean stored = FALSE, cc_reused = FALSE, given_princ = FALSE;
|
|
|
8c1676 |
krb5_boolean zero_password;
|
|
|
8c1676 |
krb5_boolean restrict_creds;
|
|
|
8c1676 |
krb5_deltat lifetime, rlife;
|
|
|
8c1676 |
@@ -244,6 +244,7 @@ main (argc, argv)
|
|
|
8c1676 |
com_err(prog_name, retval, _("when parsing name %s"), optarg);
|
|
|
8c1676 |
errflg++;
|
|
|
8c1676 |
}
|
|
|
8c1676 |
+ given_princ = TRUE;
|
|
|
8c1676 |
break;
|
|
|
8c1676 |
#ifdef DEBUG
|
|
|
8c1676 |
case 'D':
|
|
|
8c1676 |
@@ -468,7 +469,7 @@ main (argc, argv)
|
|
|
8c1676 |
|
|
|
8c1676 |
if ((source_uid == 0) || (target_uid == source_uid)){
|
|
|
8c1676 |
#ifdef GET_TGT_VIA_PASSWD
|
|
|
8c1676 |
- if ((!all_rest_copy) && client != NULL && (stored == FALSE)){
|
|
|
8c1676 |
+ if (!all_rest_copy && given_princ && client != NULL && !stored) {
|
|
|
8c1676 |
fprintf(stderr, _("WARNING: Your password may be exposed if you "
|
|
|
8c1676 |
"enter it here and are logged\n"));
|
|
|
8c1676 |
fprintf(stderr, _(" in remotely using an unsecure "
|
|
|
8c1676 |
--
|
|
|
8c1676 |
2.8.0.rc3
|
|
|
8c1676 |
|