From 4c2f92118562a0c625ecadd3cf442d8673c669a7 Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@altlinux.org>
Date: Fri, 3 Jul 2020 08:00:00 +0000
Subject: [PATCH] login: do not set PAM_RUSER and PAM_RHOST unnecessarily

Do not set PAM_RUSER to "[system]", it makes no sense.

Do not set PAM_RHOST unless -h option is specified,
this fixes PAM_TTY support in pam_access because
PAM_RHOST has a higher priority than PAM_TTY in pam_access.

Resolves: https://bugzilla.altlinux.org/38655
---
 SimplePAMApps/pamapps/login/login.c | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/SimplePAMApps/pamapps/login/login.c b/SimplePAMApps/pamapps/login/login.c
index 4dee826..815cbb2 100644
--- a/SimplePAMApps/pamapps/login/login.c
+++ b/SimplePAMApps/pamapps/login/login.c
@@ -115,8 +115,7 @@ static pam_handle_t *pamh=NULL;
 static char const *user=NULL;
 static const char *terminal_name=NULL;
 static int login_flags=0;
-static const char *login_remote_host="localhost";
-static const char *login_remote_user="[system]";
+static const char *login_remote_host=NULL;
 static const char *login_prompt = "login: ";    /* default first time round */
 static const char *user_prompt = "login: ";     /* default second, third... */
 
@@ -493,12 +492,12 @@ void main(int argc, const char **argv)
 	    D(("login prompt: %s", login_prompt));
 	    retval = pam_set_item( pamh, PAM_USER_PROMPT
 				 , (const void *) login_prompt );
-	    D(("rhost: %s", login_remote_host));
-	    (void) pam_set_item(pamh, PAM_RHOST
-				  , (const void *) login_remote_host );
-	    D(("requesting user: %s", login_remote_user));
-	    (void) pam_set_item(pamh, PAM_RUSER
-				, (const void *) login_remote_user );
+	    if (login_remote_host)
+	    {
+		D(("rhost: %s", login_remote_host));
+		(void) pam_set_item(pamh, PAM_RHOST
+				    , (const void *) login_remote_host );
+	    }
 	    D(("terminal[%p]: %s", pamh, terminal_name));
 	    (void) pam_set_item( pamh, PAM_TTY, (const void *) terminal_name );
 	}
-- 
ldv