1 files changed, 8 insertions, 2 deletions

diff --git a/auth2.c b/auth2.c
index 61b5c0148..04ae2bdb2 100644
--- a/auth2.c
+++ b/auth2.c
@@ -217,7 +217,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
 {
         Authctxt *authctxt = ctxt;
         Authmethod *m = NULL;
-        char *user, *service, *method, *style = NULL;
+        char *user, *service, *method, *style = NULL, *role = NULL;
         int authenticated = 0;
 
         if (authctxt == NULL)
@@ -229,8 +229,13 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
         debug("userauth-request for user %s service %s method %s", user, service, method);
         debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
 
+        if ((role = strchr(user, '/')) != NULL)
+                *role++ = 0;
+
         if ((style = strchr(user, ':')) != NULL)
                 *style++ = 0;
+        else if (role && (style = strchr(role, ':')) != NULL)
+                *style++ = '\0';
 
         if (authctxt->attempt++ == 0) {
                 /* setup auth context */
@@ -254,8 +259,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
                     use_privsep ? " [net]" : "");
                 authctxt->service = xstrdup(service);
                 authctxt->style = style ? xstrdup(style) : NULL;
+                authctxt->role = role ? xstrdup(role) : NULL;
                 if (use_privsep)
-                        mm_inform_authserv(service, style);
+                        mm_inform_authserv(service, style, role);
                 userauth_banner();
         } else if (strcmp(user, authctxt->user) != 0 ||
             strcmp(service, authctxt->service) != 0) {