set PAM_USER, PAM_RUSER and PAM_TTY if available

diff --git a/doas_pam.c b/doas_pam.c
index df6a097eb760b331c2ccd518191dee9da0fa53b8..5c6fb288b9e36d357ba47d44cc3b3f77bce28d2c 100644 (file)
--- a/doas_pam.c
+++ b/doas_pam.c
@@ -116,6 +116,7 @@ doas_pam(char *name, int interactive, int nopass)
                .conv = doas_pam_conv,
                .appdata_ptr = NULL,
        };
+       const char *ttydev, *tty;
        pid_t child;
        int ret;
 
@@ -127,6 +128,28 @@ doas_pam(char *name, int interactive, int nopass)
                errx(1, "pam_start(\"%s\", \"%s\", ?, ?): failed\n",
                                PAM_SERVICE_NAME, name);
 
+       ret = pam_set_item(pamh, PAM_USER, name);
+       if (ret != PAM_SUCCESS)
+               errx(1, "pam_set_item(?, PAM_USER, \"%s\"): %s\n",
+                               name, pam_strerror(pamh, ret));
+
+       ret = pam_set_item(pamh, PAM_RUSER, name);
+       if (ret != PAM_SUCCESS)
+               errx(1, "pam_set_item(?, PAM_RUSER, \"%s\"): %s\n",
+                               name, pam_strerror(pamh, ret));
+
+       if (isatty(0) && (ttydev = ttyname(0)) != NULL) {
+               if (strncmp(ttydev, "/dev/", 5))
+                       tty = ttydev + 5;
+               else
+                       tty = ttydev;
+
+               ret = pam_set_item(pamh, PAM_TTY, tty);
+               if (ret != PAM_SUCCESS)
+                       errx(1, "pam_set_item(?, PAM_TTY, \"%s\"): %s\n",
+                                       tty, pam_strerror(pamh, ret));
+       }
+
        if (!nopass) {
                if (!interactive)
                        errx(1, "Authorization required");