From 6eaaa1b1207c17ce06e97167373e5f9c063b5cae Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@altlinux.org>
Date: Mon, 25 May 2020 08:00:00 +0000
Subject: pam_debug: do not invoke pam_get_user and do not set PAM_USER

pam_debug used to invoke pam_get_user and set PAM_USER to "nobody" when
pam_get_user returns an empty string as the user name.  When either of
these functions returned an error value, it used to return that error
value.  This hasn't been documented, and I couldn't find any rationale
for this behaviour.

* modules/pam_debug/pam_debug.c (pam_sm_authenticate): Do not invoke
pam_get_user and pam_set_item.
---
 modules/pam_debug/pam_debug.c | 23 +----------------------
 1 file changed, 1 insertion(+), 22 deletions(-)

(limited to 'modules/pam_debug')

diff --git a/modules/pam_debug/pam_debug.c b/modules/pam_debug/pam_debug.c
index 61b39d75..414806b2 100644
--- a/modules/pam_debug/pam_debug.c
+++ b/modules/pam_debug/pam_debug.c
@@ -62,28 +62,7 @@ static int parse_args(int retval, const char *event,
 int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
 			int argc, const char **argv)
 {
-    int retval;
-    const char *user=NULL;
-
-    /*
-     * authentication requires we know who the user wants to be
-     */
-    retval = pam_get_user(pamh, &user, NULL);
-    if (retval != PAM_SUCCESS) {
-	D(("get user returned error: %s", pam_strerror(pamh,retval)));
-	return retval;
-    }
-    if (*user == '\0') {
-	D(("username not known"));
-	retval = pam_set_item(pamh, PAM_USER, (const void *) DEFAULT_USER);
-	if (retval != PAM_SUCCESS)
-	    return retval;
-    }
-    user = NULL;                                            /* clean up */
-
-    retval = parse_args(PAM_SUCCESS, "auth", pamh, argc, argv);
-
-    return retval;
+    return parse_args(PAM_SUCCESS, "auth", pamh, argc, argv);
 }
 
 int pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED,
-- 
cgit v1.2.3