Bug 84039

Summary: suauth NOPASS option not honored
Product: [Applications] kdesu Reporter: Richard A.Gollub <rgollub>
Component: generalAssignee: kdesu bugs tracker <kdesu-bugs-null>
Status: RESOLVED FIXED    
Severity: normal CC: aacid, adam.richard2023, devil, faure, piterpunk, zencat
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Allow NOPASS in /etc/suauth
Allow NOPASS on suauth (second version)

Description Richard A.Gollub 2004-06-26 16:58:42 UTC 
Version:           unknown (using KDE 3.2.3, compiled sources)
Compiler:          gcc version 3.3.3
OS:                Linux (i686) release 2.4.26-0

Reiterating my own bug report no.83663, which, I think, has not been properly categorised by my mistake.

In KDE 3.0, kdesu honors the NOPASS option in /etc/suauth (shadow su config file).
In KDE 3.2(.3) it does not. It hangs awaiting a reply without dialog.
Temporarily "circumventing" bug by having OWNPASS as option.
If requested can supply strace log in the reported circumstance.

As asked before, I am not sure whether the case is a bug or a FEATURE. In either case, a correction is in order.
Comment 1 Waldo Bastian 2004-06-26 17:21:53 UTC 
*** Bug 83683 has been marked as a duplicate of this bug. ***
Comment 2 Waldo Bastian 2004-06-26 17:23:54 UTC 
Will look at it next week. My su doesn't seem to support suauth so it's a bit hard to reproduce.
Comment 3 Waldo Bastian 2004-07-29 15:23:27 UTC 
Next week came and went... maybe after KDE 3.3
Comment 4 Philip Rodrigues 2006-08-06 21:08:37 UTC 
*** Bug 91059 has been marked as a duplicate of this bug. ***
Comment 5 Robby Workman 2009-08-06 20:19:01 UTC 
Created attachment 35928 [details]
Allow NOPASS in /etc/suauth

I guess this has been forgotten, but we ran across this recently, and piterpunk AT slackware.com worked up the attached patch.  Please consider queuing for 4.3.1
Comment 6 Albert Astals Cid 2009-08-30 23:05:52 UTC 
I'm not a kdesu expert so i'm just going to point out some general stuff i see

if (check == 2)  <-- sucks, use a enum value here

my suggestion would be to use 
int ConverseSU(const char *password, checkMode check=NoCheck);
instead of 
int ConverseSU(const char *password, int check=NoCheck);

Also i wonder how that string comparison works on localized sudo programs
Comment 7 David Faure 2009-09-14 13:16:02 UTC 
Isn't the string "Password authentication bypassed." translated when using another locale than english?
Comment 8 Piter Punk 2009-11-09 08:34:10 UTC 
Created attachment 38202 [details]
Allow NOPASS on suauth (second version)

This patch solves the problem with NOPASS option on /etc/suauth and kdesu, without depends on specific strings.
Comment 9 Piter Punk 2009-11-09 08:44:22 UTC 
Depending on "Password authentication bypassed." is ugly. And not locale wise (well... by now, this message is the same on all locales in "su" from shadow package, but that can change someday).

Studying better the code and the problem, I found a more clever solution.
ConverseSU waits for two kinds of string:

1. kdesu_stub -> if that is found it exits and confirm it don't need password
2. [some lines]+[string]: -> It presumes this is a prompt waiting for password

When "su" is using the NOPASS option, it shows the string "Password authentication bypassed." and then "kdesu_stub". That didn't matches with any of expected patterns.

The patch move the check for "kde_stub". With that change, the pattern 1 now is:

1. [some lines]+kdesu_stub

A similar change is done on ConverseStub

Hope this time the patch is OK to be included.

Piter PUNK
Comment 10 Oswald Buddenhagen 2009-11-29 16:46:47 UTC 
SVN commit 1056186 by ossi:

fix password-less su/sudo authentication

based on a patch by Piter PUNK

BUG: 84039


 M  +13 -22    su.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1056186
Comment 11 Oswald Buddenhagen 2010-11-06 15:43:24 UTC 
*** Bug 99239 has been marked as a duplicate of this bug. ***
Comment 12 Oswald Buddenhagen 2010-11-06 16:25:00 UTC 
*** Bug 116818 has been marked as a duplicate of this bug. ***