1 files changed, 33 insertions, 33 deletions
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch
index 1fa0bf928..da53671e3 100644
--- a/debian/patches/selinux-role.patch
+++ b/debian/patches/selinux-role.patch
@@ -1,4 +1,4 @@
-From c9638aa44d787849cea1ae273f0908c6313fd19b Mon Sep 17 00:00:00 2001
+From b9e97e15e25e4c836cb550213e3ee59b19096f9d Mon Sep 17 00:00:00 2001
 From: Manoj Srivastava <srivasta@debian.org>
 Date: Sun, 9 Feb 2014 16:09:49 +0000
 Subject: Handle SELinux authorisation roles
@@ -9,7 +9,7 @@ SELinux maintainer, so we'll keep it until we have something better.
 Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
 Bug-Debian: http://bugs.debian.org/394795
-Last-Update: 2013-09-14
+Last-Update: 2015-08-19
 Patch-Name: selinux-role.patch
 ---
@@ -32,10 +32,10 @@ Patch-Name: selinux-role.patch
 16 files changed, 104 insertions(+), 31 deletions(-)
 diff --git a/auth.h b/auth.h
-index d081c94..f099e98 100644
+index db86037..4985cd8 100644
 --- a/auth.h
 +++ b/auth.h
-@@ -59,6 +59,7 @@ struct Authctxt {
+@@ -62,6 +62,7 @@ struct Authctxt {
        char            *service;
        struct passwd   *pw;            /* set if 'valid' */
        char            *style;
@@ -44,10 +44,10 @@ index d081c94..f099e98 100644
        char            *info;          /* Extra info for next auth_log */
 #ifdef BSD_AUTH
 diff --git a/auth1.c b/auth1.c
-index 5038828..52b17db 100644
+index 5073c49..dd00648 100644
 --- a/auth1.c
 +++ b/auth1.c
-@@ -381,7 +381,7 @@ void
+@@ -383,7 +383,7 @@ void
 do_authentication(Authctxt *authctxt)
 {
        u_int ulen;
@@ -56,7 +56,7 @@ index 5038828..52b17db 100644
 
        /* Get the name of the user that we wish to log in as. */
        packet_read_expect(SSH_CMSG_USER);
-@@ -390,11 +390,17 @@ do_authentication(Authctxt *authctxt)
+@@ -392,11 +392,17 @@ do_authentication(Authctxt *authctxt)
        user = packet_get_cstring(&ulen);
        packet_check_eom();
 
@@ -75,10 +75,10 @@ index 5038828..52b17db 100644
        /* Verify that the user is a valid user. */
        if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
 diff --git a/auth2.c b/auth2.c
-index 2f0d565..fa1a588 100644
+index 3f49bdc..6eb3cc7 100644
 --- a/auth2.c
 +++ b/auth2.c
-@@ -217,7 +217,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
+@@ -216,7 +216,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
 {
        Authctxt *authctxt = ctxt;
        Authmethod *m = NULL;
@@ -87,7 +87,7 @@ index 2f0d565..fa1a588 100644
        int authenticated = 0;
 
        if (authctxt == NULL)
-@@ -229,8 +229,13 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
+@@ -228,8 +228,13 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
        debug("userauth-request for user %s service %s method %s", user, service, method);
        debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
 
@@ -101,7 +101,7 @@ index 2f0d565..fa1a588 100644
 
        if (authctxt->attempt++ == 0) {
                /* setup auth context */
-@@ -254,8 +259,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
+@@ -253,8 +258,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
                    use_privsep ? " [net]" : "");
                authctxt->service = xstrdup(service);
                authctxt->style = style ? xstrdup(style) : NULL;
@@ -113,10 +113,10 @@ index 2f0d565..fa1a588 100644
                if (auth2_setup_methods_lists(authctxt) != 0)
                        packet_disconnect("no authentication methods enabled");
 diff --git a/monitor.c b/monitor.c
-index b0896ef..94b194d 100644
+index a2027e5..6ff05e4 100644
 --- a/monitor.c
 +++ b/monitor.c
-@@ -148,6 +148,7 @@ int mm_answer_sign(int, Buffer *);
+@@ -127,6 +127,7 @@ int mm_answer_sign(int, Buffer *);
 int mm_answer_pwnamallow(int, Buffer *);
 int mm_answer_auth2_read_banner(int, Buffer *);
 int mm_answer_authserv(int, Buffer *);
@@ -124,7 +124,7 @@ index b0896ef..94b194d 100644
 int mm_answer_authpassword(int, Buffer *);
 int mm_answer_bsdauthquery(int, Buffer *);
 int mm_answer_bsdauthrespond(int, Buffer *);
-@@ -229,6 +230,7 @@ struct mon_table mon_dispatch_proto20[] = {
+@@ -208,6 +209,7 @@ struct mon_table mon_dispatch_proto20[] = {
     {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
     {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
     {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@@ -132,7 +132,7 @@ index b0896ef..94b194d 100644
     {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
     {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
 #ifdef USE_PAM
-@@ -841,6 +843,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
+@@ -879,6 +881,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
        else {
                /* Allow service/style information on the auth context */
                monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
@@ -140,7 +140,7 @@ index b0896ef..94b194d 100644
                monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
        }
 #ifdef USE_PAM
-@@ -871,14 +874,37 @@ mm_answer_authserv(int sock, Buffer *m)
+@@ -909,14 +912,37 @@ mm_answer_authserv(int sock, Buffer *m)
 
        authctxt->service = buffer_get_string(m, NULL);
        authctxt->style = buffer_get_string(m, NULL);
@@ -180,7 +180,7 @@ index b0896ef..94b194d 100644
        return (0);
 }
 
-@@ -1485,7 +1511,7 @@ mm_answer_pty(int sock, Buffer *m)
+@@ -1540,7 +1566,7 @@ mm_answer_pty(int sock, Buffer *m)
        res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
        if (res == 0)
                goto error;
@@ -190,7 +190,7 @@ index b0896ef..94b194d 100644
        buffer_put_int(m, 1);
        buffer_put_cstring(m, s->tty);
 diff --git a/monitor.h b/monitor.h
-index 7f32b0c..4d5e8fa 100644
+index bc50ade..2d82b8b 100644
 --- a/monitor.h
 +++ b/monitor.h
 @@ -68,6 +68,8 @@ enum monitor_reqtype {
@@ -203,10 +203,10 @@ index 7f32b0c..4d5e8fa 100644
 
 struct mm_master;
 diff --git a/monitor_wrap.c b/monitor_wrap.c
-index e476f0d..6dc890a 100644
+index b667218..5aa9c47 100644
 --- a/monitor_wrap.c
 +++ b/monitor_wrap.c
-@@ -324,10 +324,10 @@ mm_auth2_read_banner(void)
+@@ -329,10 +329,10 @@ mm_auth2_read_banner(void)
        return (banner);
 }
 
@@ -219,7 +219,7 @@ index e476f0d..6dc890a 100644
 {
        Buffer m;
 
-@@ -336,12 +336,30 @@ mm_inform_authserv(char *service, char *style)
+@@ -341,12 +341,30 @@ mm_inform_authserv(char *service, char *style)
        buffer_init(&m);
        buffer_put_cstring(&m, service);
        buffer_put_cstring(&m, style ? style : "");
@@ -251,13 +251,13 @@ index e476f0d..6dc890a 100644
 int
 mm_auth_password(Authctxt *authctxt, char *password)
 diff --git a/monitor_wrap.h b/monitor_wrap.h
-index a4e9d24..9c2ee49 100644
+index 0c770e8..4d1e899 100644
 --- a/monitor_wrap.h
 +++ b/monitor_wrap.h
 @@ -41,7 +41,8 @@ void mm_log_handler(LogLevel, const char *, void *);
 int mm_is_monitor(void);
 DH *mm_choose_dh(int, int, int);
- int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int);
+ int mm_key_sign(Key *, u_char **, u_int *, const u_char *, u_int);
 -void mm_inform_authserv(char *, char *);
 +void mm_inform_authserv(char *, char *, char *);
 +void mm_inform_authrole(char *);
@@ -396,10 +396,10 @@ index 1c7a45d..436ae7c 100644
 char *platform_krb5_get_principal_name(const char *);
 int platform_sys_dir_uid(uid_t);
 diff --git a/session.c b/session.c
-index 3e96557..6f389ac 100644
+index 54bac36..d4b7725 100644
 --- a/session.c
 +++ b/session.c
-@@ -1486,7 +1486,7 @@ safely_chroot(const char *path, uid_t uid)
+@@ -1487,7 +1487,7 @@ safely_chroot(const char *path, uid_t uid)
 
 /* Set login name, uid, gid, and groups. */
 void
@@ -408,7 +408,7 @@ index 3e96557..6f389ac 100644
 {
        char *chroot_path, *tmp;
 #ifdef USE_LIBIAF
-@@ -1517,7 +1517,7 @@ do_setusercontext(struct passwd *pw)
+@@ -1518,7 +1518,7 @@ do_setusercontext(struct passwd *pw)
                endgrent();
 #endif
 
@@ -417,7 +417,7 @@ index 3e96557..6f389ac 100644
 
                if (options.chroot_directory != NULL &&
                    strcasecmp(options.chroot_directory, "none") != 0) {
-@@ -1676,7 +1676,7 @@ do_child(Session *s, const char *command)
+@@ -1677,7 +1677,7 @@ do_child(Session *s, const char *command)
 
        /* Force a password change */
        if (s->authctxt->force_pwchange) {
@@ -426,7 +426,7 @@ index 3e96557..6f389ac 100644
                child_close_fds();
                do_pwchange(s);
                exit(1);
-@@ -1703,7 +1703,7 @@ do_child(Session *s, const char *command)
+@@ -1704,7 +1704,7 @@ do_child(Session *s, const char *command)
                /* When PAM is enabled we rely on it to do the nologin check */
                if (!options.use_pam)
                        do_nologin(pw);
@@ -435,7 +435,7 @@ index 3e96557..6f389ac 100644
                /*
                 * PAM session modules in do_setusercontext may have
                 * generated messages, so if this in an interactive
-@@ -2114,7 +2114,7 @@ session_pty_req(Session *s)
+@@ -2115,7 +2115,7 @@ session_pty_req(Session *s)
        tty_parse_modes(s->ttyfd, &n_bytes);
 
        if (!use_privsep)
@@ -458,10 +458,10 @@ index 6a2f35e..ef6593c 100644
                       const char *value);
 
 diff --git a/sshd.c b/sshd.c
-index 3a6be65..48a14dd 100644
+index 9cbe8c4..3b4e97c 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -772,7 +772,7 @@ privsep_postauth(Authctxt *authctxt)
+@@ -781,7 +781,7 @@ privsep_postauth(Authctxt *authctxt)
        explicit_bzero(rnd, sizeof(rnd));
 
        /* Drop privileges */
@@ -471,7 +471,7 @@ index 3a6be65..48a14dd 100644
  skip:
        /* It is safe now to apply the key state */
 diff --git a/sshpty.c b/sshpty.c
-index a2059b7..3512ec8 100644
+index d2ff8c1..f7b1f6d 100644
 --- a/sshpty.c
 +++ b/sshpty.c
 @@ -187,7 +187,7 @@ pty_change_window_size(int ptyfd, u_int row, u_int col,
@@ -483,7 +483,7 @@ index a2059b7..3512ec8 100644
 {
        struct group *grp;
        gid_t gid;
-@@ -214,7 +214,7 @@ pty_setowner(struct passwd *pw, const char *tty)
+@@ -209,7 +209,7 @@ pty_setowner(struct passwd *pw, const char *tty)
                    strerror(errno));
 
 #ifdef WITH_SELINUX

diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch index 1fa0bf928..da53671e3 100644 --- a/debian/patches/selinux-role.patch +++ b/debian/patches/selinux-role.patch
@@ -1,4 +1,4 @@
1	From c9638aa44d787849cea1ae273f0908c6313fd19b Mon Sep 17 00:00:00 2001	1	From b9e97e15e25e4c836cb550213e3ee59b19096f9d Mon Sep 17 00:00:00 2001
2	From: Manoj Srivastava <srivasta@debian.org>	2	From: Manoj Srivastava <srivasta@debian.org>
3	Date: Sun, 9 Feb 2014 16:09:49 +0000	3	Date: Sun, 9 Feb 2014 16:09:49 +0000
4	Subject: Handle SELinux authorisation roles	4	Subject: Handle SELinux authorisation roles
@@ -9,7 +9,7 @@ SELinux maintainer, so we'll keep it until we have something better.
9		9
10	Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641	10	Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
11	Bug-Debian: http://bugs.debian.org/394795	11	Bug-Debian: http://bugs.debian.org/394795
12	Last-Update: 2013-09-14	12	Last-Update: 2015-08-19
13		13
14	Patch-Name: selinux-role.patch	14	Patch-Name: selinux-role.patch
15	---	15	---
@@ -32,10 +32,10 @@ Patch-Name: selinux-role.patch
32	16 files changed, 104 insertions(+), 31 deletions(-)	32	16 files changed, 104 insertions(+), 31 deletions(-)
33		33
34	diff --git a/auth.h b/auth.h	34	diff --git a/auth.h b/auth.h
35	index d081c94..f099e98 100644	35	index db86037..4985cd8 100644
36	--- a/auth.h	36	--- a/auth.h
37	+++ b/auth.h	37	+++ b/auth.h
38	@@ -59,6 +59,7 @@ struct Authctxt {	38	@@ -62,6 +62,7 @@ struct Authctxt {
39	char *service;	39	char *service;
40	struct passwd pw; / set if 'valid' */	40	struct passwd pw; / set if 'valid' */
41	char *style;	41	char *style;
@@ -44,10 +44,10 @@ index d081c94..f099e98 100644
44	char info; / Extra info for next auth_log */	44	char info; / Extra info for next auth_log */
45	#ifdef BSD_AUTH	45	#ifdef BSD_AUTH
46	diff --git a/auth1.c b/auth1.c	46	diff --git a/auth1.c b/auth1.c
47	index 5038828..52b17db 100644	47	index 5073c49..dd00648 100644
48	--- a/auth1.c	48	--- a/auth1.c
49	+++ b/auth1.c	49	+++ b/auth1.c
50	@@ -381,7 +381,7 @@ void	50	@@ -383,7 +383,7 @@ void
51	do_authentication(Authctxt *authctxt)	51	do_authentication(Authctxt *authctxt)
52	{	52	{
53	u_int ulen;	53	u_int ulen;
@@ -56,7 +56,7 @@ index 5038828..52b17db 100644
56		56
57	/* Get the name of the user that we wish to log in as. */	57	/* Get the name of the user that we wish to log in as. */
58	packet_read_expect(SSH_CMSG_USER);	58	packet_read_expect(SSH_CMSG_USER);
59	@@ -390,11 +390,17 @@ do_authentication(Authctxt *authctxt)	59	@@ -392,11 +392,17 @@ do_authentication(Authctxt *authctxt)
60	user = packet_get_cstring(&ulen);	60	user = packet_get_cstring(&ulen);
61	packet_check_eom();	61	packet_check_eom();
62		62
@@ -75,10 +75,10 @@ index 5038828..52b17db 100644
75	/* Verify that the user is a valid user. */	75	/* Verify that the user is a valid user. */
76	if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)	76	if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
77	diff --git a/auth2.c b/auth2.c	77	diff --git a/auth2.c b/auth2.c
78	index 2f0d565..fa1a588 100644	78	index 3f49bdc..6eb3cc7 100644
79	--- a/auth2.c	79	--- a/auth2.c
80	+++ b/auth2.c	80	+++ b/auth2.c
81	@@ -217,7 +217,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)	81	@@ -216,7 +216,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
82	{	82	{
83	Authctxt *authctxt = ctxt;	83	Authctxt *authctxt = ctxt;
84	Authmethod *m = NULL;	84	Authmethod *m = NULL;
@@ -87,7 +87,7 @@ index 2f0d565..fa1a588 100644
87	int authenticated = 0;	87	int authenticated = 0;
88		88
89	if (authctxt == NULL)	89	if (authctxt == NULL)
90	@@ -229,8 +229,13 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)	90	@@ -228,8 +228,13 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
91	debug("userauth-request for user %s service %s method %s", user, service, method);	91	debug("userauth-request for user %s service %s method %s", user, service, method);
92	debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);	92	debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
93		93
@@ -101,7 +101,7 @@ index 2f0d565..fa1a588 100644
101		101
102	if (authctxt->attempt++ == 0) {	102	if (authctxt->attempt++ == 0) {
103	/* setup auth context */	103	/* setup auth context */
104	@@ -254,8 +259,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)	104	@@ -253,8 +258,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
105	use_privsep ? " [net]" : "");	105	use_privsep ? " [net]" : "");
106	authctxt->service = xstrdup(service);	106	authctxt->service = xstrdup(service);
107	authctxt->style = style ? xstrdup(style) : NULL;	107	authctxt->style = style ? xstrdup(style) : NULL;
@@ -113,10 +113,10 @@ index 2f0d565..fa1a588 100644
113	if (auth2_setup_methods_lists(authctxt) != 0)	113	if (auth2_setup_methods_lists(authctxt) != 0)
114	packet_disconnect("no authentication methods enabled");	114	packet_disconnect("no authentication methods enabled");
115	diff --git a/monitor.c b/monitor.c	115	diff --git a/monitor.c b/monitor.c
116	index b0896ef..94b194d 100644	116	index a2027e5..6ff05e4 100644
117	--- a/monitor.c	117	--- a/monitor.c
118	+++ b/monitor.c	118	+++ b/monitor.c
119	@@ -148,6 +148,7 @@ int mm_answer_sign(int, Buffer *);	119	@@ -127,6 +127,7 @@ int mm_answer_sign(int, Buffer *);
120	int mm_answer_pwnamallow(int, Buffer *);	120	int mm_answer_pwnamallow(int, Buffer *);
121	int mm_answer_auth2_read_banner(int, Buffer *);	121	int mm_answer_auth2_read_banner(int, Buffer *);
122	int mm_answer_authserv(int, Buffer *);	122	int mm_answer_authserv(int, Buffer *);
@@ -124,7 +124,7 @@ index b0896ef..94b194d 100644
124	int mm_answer_authpassword(int, Buffer *);	124	int mm_answer_authpassword(int, Buffer *);
125	int mm_answer_bsdauthquery(int, Buffer *);	125	int mm_answer_bsdauthquery(int, Buffer *);
126	int mm_answer_bsdauthrespond(int, Buffer *);	126	int mm_answer_bsdauthrespond(int, Buffer *);
127	@@ -229,6 +230,7 @@ struct mon_table mon_dispatch_proto20[] = {	127	@@ -208,6 +209,7 @@ struct mon_table mon_dispatch_proto20[] = {
128	{MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},	128	{MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
129	{MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},	129	{MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
130	{MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},	130	{MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@@ -132,7 +132,7 @@ index b0896ef..94b194d 100644
132	{MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},	132	{MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
133	{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},	133	{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
134	#ifdef USE_PAM	134	#ifdef USE_PAM
135	@@ -841,6 +843,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)	135	@@ -879,6 +881,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
136	else {	136	else {
137	/* Allow service/style information on the auth context */	137	/* Allow service/style information on the auth context */
138	monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);	138	monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
@@ -140,7 +140,7 @@ index b0896ef..94b194d 100644
140	monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);	140	monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
141	}	141	}
142	#ifdef USE_PAM	142	#ifdef USE_PAM
143	@@ -871,14 +874,37 @@ mm_answer_authserv(int sock, Buffer *m)	143	@@ -909,14 +912,37 @@ mm_answer_authserv(int sock, Buffer *m)
144		144
145	authctxt->service = buffer_get_string(m, NULL);	145	authctxt->service = buffer_get_string(m, NULL);
146	authctxt->style = buffer_get_string(m, NULL);	146	authctxt->style = buffer_get_string(m, NULL);
@@ -180,7 +180,7 @@ index b0896ef..94b194d 100644
180	return (0);	180	return (0);
181	}	181	}
182		182
183	@@ -1485,7 +1511,7 @@ mm_answer_pty(int sock, Buffer *m)	183	@@ -1540,7 +1566,7 @@ mm_answer_pty(int sock, Buffer *m)
184	res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));	184	res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
185	if (res == 0)	185	if (res == 0)
186	goto error;	186	goto error;
@@ -190,7 +190,7 @@ index b0896ef..94b194d 100644
190	buffer_put_int(m, 1);	190	buffer_put_int(m, 1);
191	buffer_put_cstring(m, s->tty);	191	buffer_put_cstring(m, s->tty);
192	diff --git a/monitor.h b/monitor.h	192	diff --git a/monitor.h b/monitor.h
193	index 7f32b0c..4d5e8fa 100644	193	index bc50ade..2d82b8b 100644
194	--- a/monitor.h	194	--- a/monitor.h
195	+++ b/monitor.h	195	+++ b/monitor.h
196	@@ -68,6 +68,8 @@ enum monitor_reqtype {	196	@@ -68,6 +68,8 @@ enum monitor_reqtype {
@@ -203,10 +203,10 @@ index 7f32b0c..4d5e8fa 100644
203		203
204	struct mm_master;	204	struct mm_master;
205	diff --git a/monitor_wrap.c b/monitor_wrap.c	205	diff --git a/monitor_wrap.c b/monitor_wrap.c
206	index e476f0d..6dc890a 100644	206	index b667218..5aa9c47 100644
207	--- a/monitor_wrap.c	207	--- a/monitor_wrap.c
208	+++ b/monitor_wrap.c	208	+++ b/monitor_wrap.c
209	@@ -324,10 +324,10 @@ mm_auth2_read_banner(void)	209	@@ -329,10 +329,10 @@ mm_auth2_read_banner(void)
210	return (banner);	210	return (banner);
211	}	211	}
212		212
@@ -219,7 +219,7 @@ index e476f0d..6dc890a 100644
219	{	219	{
220	Buffer m;	220	Buffer m;
221		221
222	@@ -336,12 +336,30 @@ mm_inform_authserv(char service, char style)	222	@@ -341,12 +341,30 @@ mm_inform_authserv(char service, char style)
223	buffer_init(&m);	223	buffer_init(&m);
224	buffer_put_cstring(&m, service);	224	buffer_put_cstring(&m, service);
225	buffer_put_cstring(&m, style ? style : "");	225	buffer_put_cstring(&m, style ? style : "");
@@ -251,13 +251,13 @@ index e476f0d..6dc890a 100644
251	int	251	int
252	mm_auth_password(Authctxt authctxt, char password)	252	mm_auth_password(Authctxt authctxt, char password)
253	diff --git a/monitor_wrap.h b/monitor_wrap.h	253	diff --git a/monitor_wrap.h b/monitor_wrap.h
254	index a4e9d24..9c2ee49 100644	254	index 0c770e8..4d1e899 100644
255	--- a/monitor_wrap.h	255	--- a/monitor_wrap.h
256	+++ b/monitor_wrap.h	256	+++ b/monitor_wrap.h
257	@@ -41,7 +41,8 @@ void mm_log_handler(LogLevel, const char , void );	257	@@ -41,7 +41,8 @@ void mm_log_handler(LogLevel, const char , void );
258	int mm_is_monitor(void);	258	int mm_is_monitor(void);
259	DH *mm_choose_dh(int, int, int);	259	DH *mm_choose_dh(int, int, int);
260	int mm_key_sign(Key , u_char , u_int , u_char *, u_int);	260	int mm_key_sign(Key , u_char , u_int , const u_char *, u_int);
261	-void mm_inform_authserv(char , char );	261	-void mm_inform_authserv(char , char );
262	+void mm_inform_authserv(char , char , char *);	262	+void mm_inform_authserv(char , char , char *);
263	+void mm_inform_authrole(char *);	263	+void mm_inform_authrole(char *);
@@ -396,10 +396,10 @@ index 1c7a45d..436ae7c 100644
396	char platform_krb5_get_principal_name(const char );	396	char platform_krb5_get_principal_name(const char );
397	int platform_sys_dir_uid(uid_t);	397	int platform_sys_dir_uid(uid_t);
398	diff --git a/session.c b/session.c	398	diff --git a/session.c b/session.c
399	index 3e96557..6f389ac 100644	399	index 54bac36..d4b7725 100644
400	--- a/session.c	400	--- a/session.c
401	+++ b/session.c	401	+++ b/session.c
402	@@ -1486,7 +1486,7 @@ safely_chroot(const char *path, uid_t uid)	402	@@ -1487,7 +1487,7 @@ safely_chroot(const char *path, uid_t uid)
403		403
404	/* Set login name, uid, gid, and groups. */	404	/* Set login name, uid, gid, and groups. */
405	void	405	void
@@ -408,7 +408,7 @@ index 3e96557..6f389ac 100644
408	{	408	{
409	char chroot_path, tmp;	409	char chroot_path, tmp;
410	#ifdef USE_LIBIAF	410	#ifdef USE_LIBIAF
411	@@ -1517,7 +1517,7 @@ do_setusercontext(struct passwd *pw)	411	@@ -1518,7 +1518,7 @@ do_setusercontext(struct passwd *pw)
412	endgrent();	412	endgrent();
413	#endif	413	#endif
414		414
@@ -417,7 +417,7 @@ index 3e96557..6f389ac 100644
417		417
418	if (options.chroot_directory != NULL &&	418	if (options.chroot_directory != NULL &&
419	strcasecmp(options.chroot_directory, "none") != 0) {	419	strcasecmp(options.chroot_directory, "none") != 0) {
420	@@ -1676,7 +1676,7 @@ do_child(Session s, const char command)	420	@@ -1677,7 +1677,7 @@ do_child(Session s, const char command)
421		421
422	/* Force a password change */	422	/* Force a password change */
423	if (s->authctxt->force_pwchange) {	423	if (s->authctxt->force_pwchange) {
@@ -426,7 +426,7 @@ index 3e96557..6f389ac 100644
426	child_close_fds();	426	child_close_fds();
427	do_pwchange(s);	427	do_pwchange(s);
428	exit(1);	428	exit(1);
429	@@ -1703,7 +1703,7 @@ do_child(Session s, const char command)	429	@@ -1704,7 +1704,7 @@ do_child(Session s, const char command)
430	/* When PAM is enabled we rely on it to do the nologin check */	430	/* When PAM is enabled we rely on it to do the nologin check */
431	if (!options.use_pam)	431	if (!options.use_pam)
432	do_nologin(pw);	432	do_nologin(pw);
@@ -435,7 +435,7 @@ index 3e96557..6f389ac 100644
435	/*	435	/*
436	* PAM session modules in do_setusercontext may have	436	* PAM session modules in do_setusercontext may have
437	* generated messages, so if this in an interactive	437	* generated messages, so if this in an interactive
438	@@ -2114,7 +2114,7 @@ session_pty_req(Session *s)	438	@@ -2115,7 +2115,7 @@ session_pty_req(Session *s)
439	tty_parse_modes(s->ttyfd, &n_bytes);	439	tty_parse_modes(s->ttyfd, &n_bytes);
440		440
441	if (!use_privsep)	441	if (!use_privsep)
@@ -458,10 +458,10 @@ index 6a2f35e..ef6593c 100644
458	const char *value);	458	const char *value);
459		459
460	diff --git a/sshd.c b/sshd.c	460	diff --git a/sshd.c b/sshd.c
461	index 3a6be65..48a14dd 100644	461	index 9cbe8c4..3b4e97c 100644
462	--- a/sshd.c	462	--- a/sshd.c
463	+++ b/sshd.c	463	+++ b/sshd.c
464	@@ -772,7 +772,7 @@ privsep_postauth(Authctxt *authctxt)	464	@@ -781,7 +781,7 @@ privsep_postauth(Authctxt *authctxt)
465	explicit_bzero(rnd, sizeof(rnd));	465	explicit_bzero(rnd, sizeof(rnd));
466		466
467	/* Drop privileges */	467	/* Drop privileges */
@@ -471,7 +471,7 @@ index 3a6be65..48a14dd 100644
471	skip:	471	skip:
472	/* It is safe now to apply the key state */	472	/* It is safe now to apply the key state */
473	diff --git a/sshpty.c b/sshpty.c	473	diff --git a/sshpty.c b/sshpty.c
474	index a2059b7..3512ec8 100644	474	index d2ff8c1..f7b1f6d 100644
475	--- a/sshpty.c	475	--- a/sshpty.c
476	+++ b/sshpty.c	476	+++ b/sshpty.c
477	@@ -187,7 +187,7 @@ pty_change_window_size(int ptyfd, u_int row, u_int col,	477	@@ -187,7 +187,7 @@ pty_change_window_size(int ptyfd, u_int row, u_int col,
@@ -483,7 +483,7 @@ index a2059b7..3512ec8 100644
483	{	483	{
484	struct group *grp;	484	struct group *grp;
485	gid_t gid;	485	gid_t gid;
486	@@ -214,7 +214,7 @@ pty_setowner(struct passwd pw, const char tty)	486	@@ -209,7 +209,7 @@ pty_setowner(struct passwd pw, const char tty)
487	strerror(errno));	487	strerror(errno));
488		488
489	#ifdef WITH_SELINUX	489	#ifdef WITH_SELINUX