Don't use getlogin() to determine whether we are root.

(Import of vendor fix.)

1 files changed, 7 insertions, 6 deletions

diff --git a/crypto/heimdal/appl/su/su.c b/crypto/heimdal/appl/su/su.c
index b43894bd8c8a..7dc0c7a2744e 100644
--- a/crypto/heimdal/appl/su/su.c
+++ b/crypto/heimdal/appl/su/su.c
@@ -138,7 +138,11 @@ krb5_verify(struct passwd *login_info, struct passwd *su_info,
 #ifdef KRB5
     krb5_error_code ret;
     krb5_principal p;
+    char *login_name = NULL;
 	
+#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
+    login_name = getlogin();
+#endif
     ret = krb5_init_context (&context);
     if (ret) {
 #if 0
@@ -147,9 +151,11 @@ krb5_verify(struct passwd *login_info, struct passwd *su_info,
 	return 1;
     }
 	
+    if (login_name == NULL || strcmp (login_name, "root") == 0) 
+	login_name = login_info->pw_name;
     if (strcmp (su_info->pw_name, "root") == 0)
 	ret = krb5_make_principal(context, &p, NULL, 
-				  login_info->pw_name,
+				  login_name,
 				  kerberos_instance,
 				  NULL);
     else
@@ -268,7 +274,6 @@ main(int argc, char **argv)
     int i, optind = 0;
     char *su_user;
     struct passwd *su_info;
-    char *login_user = NULL;
     struct passwd *login_info;
 
     struct passwd *pwd;
@@ -309,10 +314,6 @@ main(int argc, char **argv)
     }
     su_info = make_info(pwd);
     
-#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
-    login_user = getlogin();
-#endif
-    if(login_user == NULL || (pwd = getpwnam(login_user)) == NULL)
 	pwd = getpwuid(getuid());
     if(pwd == NULL)
 	errx(1, "who are you?");