1 files changed, 8 insertions, 2 deletions

diff --git a/auth2.c b/auth2.c
index 54070e3a9..1f9ec6327 100644
--- a/auth2.c
+++ b/auth2.c
@@ -221,7 +221,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
 {
         Authctxt *authctxt = ssh->authctxt;
         Authmethod *m = NULL;
-        char *user, *service, *method, *style = NULL;
+        char *user, *service, *method, *style = NULL, *role = NULL;
         int authenticated = 0;
 
         if (authctxt == NULL)
@@ -233,8 +233,13 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
         debug("userauth-request for user %s service %s method %s", user, service, method);
         debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
 
+        if ((role = strchr(user, '/')) != NULL)
+                *role++ = 0;
+
         if ((style = strchr(user, ':')) != NULL)
                 *style++ = 0;
+        else if (role && (style = strchr(role, ':')) != NULL)
+                *style++ = '\0';
 
         if (authctxt->attempt++ == 0) {
                 /* setup auth context */
@@ -261,8 +266,9 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
                     use_privsep ? " [net]" : "");
                 authctxt->service = xstrdup(service);
                 authctxt->style = style ? xstrdup(style) : NULL;
+                authctxt->role = role ? xstrdup(role) : NULL;
                 if (use_privsep)
-                        mm_inform_authserv(service, style);
+                        mm_inform_authserv(service, style, role);
                 userauth_banner();
                 if (auth2_setup_methods_lists(authctxt) != 0)
                         packet_disconnect("no authentication methods enabled");