Use roken_get_loginname() when we want getlogin_r()

2019-09-25 17:58:37 -05:00
parent d02277b45f
commit c9b5a4df90
2 changed files with 15 additions and 8 deletions
--- a/lib/kadm5/init_c.c
+++ b/lib/kadm5/init_c.c
@@ -370,10 +370,13 @@ _kadm5_c_get_cred_cache(krb5_context context,
 	     * determine the client from a credentials cache.
 	     */
            char userbuf[128];
-	    const char *user;
+	    const char *user = NULL;

+            if (geteuid() == 0)
+                user = roken_get_loginname(userbuf, sizeof(userbuf));
+            if (user == NULL)
                user = roken_get_username(userbuf, sizeof(userbuf));
-	    if(user == NULL) {
+	    if (user == NULL) {
 		krb5_set_error_message(context, KADM5_FAILURE, "Unable to find local user name");
 		return KADM5_FAILURE;
 	    }
--- a/lib/krb5/get_default_principal.c
+++ b/lib/krb5/get_default_principal.c
@@ -41,17 +41,21 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
 _krb5_get_default_principal_local (krb5_context context,
 				   krb5_principal *princ)
 {
-    const char *user;
+    const char *user = NULL;
    const char *second_component = NULL;
    char userbuf[128];

    *princ = NULL;

    /*
-     * NOTE: We depend on roken_get_username() preferentially using
-     *       getlogin_r() first when !issuid() && getuid() == 0, otherwise we
-     *       won't figure out to output <username>/root@DEFAULT_REALM.
+     * NOTE: We prefer getlogin_r() (via roken_get_loginname()) to using $USER,
+     *       $LOGNAME, or getpwuid_r() (via roken_get_username()), in that
+     *       order, otherwise we won't figure out to output
+     *       <username>/root@DEFAULT_REALM.
     */
+    if (geteuid() == 0)
+        user = roken_get_loginname(userbuf, sizeof(userbuf));
+    if (user == NULL)
        user = roken_get_username(userbuf, sizeof(userbuf));
    if (user == NULL) {
        krb5_set_error_message(context, ENOTTY,