Use roken_get_loginname() when we want getlogin_r()

lib/kadm5/init_c.c

@@ -370,8 +370,11 @@ _kadm5_c_get_cred_cache(krb5_context context,
 	     * determine the client from a credentials cache.
 	     */
             char userbuf[128];
-	    const char *user;
+	    const char *user = NULL;
 
+            if (geteuid() == 0)
+                user = roken_get_loginname(userbuf, sizeof(userbuf));
+            if (user == NULL)
                 user = roken_get_username(userbuf, sizeof(userbuf));
 	    if (user == NULL) {
 		krb5_set_error_message(context, KADM5_FAILURE, "Unable to find local user name");

lib/krb5/get_default_principal.c

@@ -41,17 +41,21 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
 _krb5_get_default_principal_local (krb5_context context,
 				   krb5_principal *princ)
 {
-    const char *user;
+    const char *user = NULL;
     const char *second_component = NULL;
     char userbuf[128];
 
     *princ = NULL;
 
     /*
-     * NOTE: We depend on roken_get_username() preferentially using
-     *       getlogin_r() first when !issuid() && getuid() == 0, otherwise we
-     *       won't figure out to output <username>/root@DEFAULT_REALM.
+     * NOTE: We prefer getlogin_r() (via roken_get_loginname()) to using $USER,
+     *       $LOGNAME, or getpwuid_r() (via roken_get_username()), in that
+     *       order, otherwise we won't figure out to output
+     *       <username>/root@DEFAULT_REALM.
      */
+    if (geteuid() == 0)
+        user = roken_get_loginname(userbuf, sizeof(userbuf));
+    if (user == NULL)
         user = roken_get_username(userbuf, sizeof(userbuf));
     if (user == NULL) {
         krb5_set_error_message(context, ENOTTY,