Goal: ???

Notes:
 * It still needs more investigation.
   I don't know what this patch is used for. IMO, the user name is
   already known before calling pam_get_item(pamh, PAM_USER, ...)

Index: shadow-4.1.0/src/su.c
===================================================================
--- shadow-4.1.0.orig/src/su.c
+++ shadow-4.1.0/src/su.c
@@ -309,6 +309,8 @@
 	struct passwd *pw = 0;
 	char **envp = environ;
 	char *shellstr = 0, *command = 0;
+	char *tmp_name;
+	char **ptr_tmp_name = &tmp_name;
 
 #ifdef USE_PAM
 	char **envcp;
@@ -674,6 +676,14 @@
 			su_failure (tty);
 		}
 	}
+	ret = pam_get_item(pamh, PAM_USER, (const void **) ptr_tmp_name);
+	if (ret != PAM_SUCCESS) {
+		SYSLOG((LOG_ERR, "pam_get_item: internal PAM error\n"));
+		fprintf(stderr, "%s: Internal PAM error retrieving username\n", Prog);
+		pam_end(pamh, ret);
+		su_failure(tty);
+	}
+	strncpy(name, tmp_name, sizeof(name) - 1);
 #else				/* !USE_PAM */
 	/*
 	 * Set up a signal handler in case the user types QUIT.
