- (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.c

   monitor_wrap.h] Bug #808: Ensure force_pwchange is correctly initialized
   even if keyboard-interactive is not used by the client.  Prevents segfaults
   in some cases where the user's password is expired (note this is not
   considered a security exposure).  ok djm@

1 files changed, 3 insertions, 3 deletions

diff --git a/auth2.c b/auth2.c
index a9490ccfd..1177efa73 100644
--- a/auth2.c
+++ b/auth2.c
@@ -150,24 +150,24 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
         if (authctxt->attempt++ == 0) {
                 /* setup auth context */
                 authctxt->pw = PRIVSEP(getpwnamallow(user));
+                authctxt->user = xstrdup(user);
                 if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
                         authctxt->valid = 1;
                         debug2("input_userauth_request: setting up authctxt for %s", user);
 #ifdef USE_PAM
                         if (options.use_pam)
-                                PRIVSEP(start_pam(authctxt->pw->pw_name));
+                                PRIVSEP(start_pam(authctxt));
 #endif
                 } else {
                         logit("input_userauth_request: illegal user %s", user);
                         authctxt->pw = fakepw();
 #ifdef USE_PAM
                         if (options.use_pam)
-                                PRIVSEP(start_pam(user));
+                                PRIVSEP(start_pam(authctxt));
 #endif
                 }
                 setproctitle("%s%s", authctxt->pw ? user : "unknown",
                     use_privsep ? " [net]" : "");
-                authctxt->user = xstrdup(user);
                 authctxt->service = xstrdup(service);
                 authctxt->style = style ? xstrdup(style) : NULL;
                 if (use_privsep)