From b4a621b41b7b6f31eb8777514e8bcb504f6006f1 Mon Sep 17 00:00:00 2001
From: Iain Patterson <me@iain.cx>
Date: Thu, 11 Mar 2010 11:53:25 +0000
Subject: [PATCH] More checks in become.

Check target user is valid before proceeding.
Don't delegate X11 cookie to non-root users by default.
---
 opt/bin/become | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/opt/bin/become b/opt/bin/become
index 9be0b9b..cfc498e 100755
--- a/opt/bin/become
+++ b/opt/bin/become
@@ -1,22 +1,36 @@
 #!/bin/bash
 
 kerberos=0
-while getopts ":k" opt; do
+x11=0
+while getopts ":kx" opt; do
   case $opt in
-    k) kerberos=1
+    k) kerberos=1;;
+    x) x11=1;;
   esac
 done
 shift $((OPTIND-1))
 
 user="$1"; shift
 if [ -z "$user" ]; then
-  echo >&2 "Usage: become [-k] <user>"
+  echo >&2 "Usage: become [-k] [-x] <user>"
   echo >&2 "Options: -k   Delegate Kerberos credentials even if target user is not root."
+  echo >&2 "         -x   Delegate X11 cookie even if target user is not root."
   exit 1
 fi
 
+uid=$(PATH=/usr/xpg4/bin:/usr/bin id -u "$user" 2>/dev/null)
+if [ -z "$uid" ]; then
+  echo >&2 "Who is $user?"
+  exit 2
+fi
+
+if [ $uid = 0 ]; then
+  kerberos=1
+  x11=1
+fi
+
 PRINCIPAL=$(klist 2>/dev/null | sed -n 's/^Default principal: //p')
-if [ -n "$DISPLAY" -a "${DISPLAY##localhost:}" = "$DISPLAY" ]; then
+if [ $x11 = 1 -a -n "$DISPLAY" -a "${DISPLAY##localhost:}" = "$DISPLAY" ]; then
   COOKIE="$(xauth list $DISPLAY)"
 fi
 BECOME="$HOME/.become"
-- 
2.7.4