1 files changed, 5 insertions, 5 deletions
diff --git a/session.c b/session.c
index fff31b02e..1eaacb528 100644
--- a/session.c
+++ b/session.c
@@ -1467,7 +1467,7 @@ safely_chroot(const char *path, uid_t uid)
 /* Set login name, uid, gid, and groups. */
 void
-do_setusercontext(struct passwd *pw)
+do_setusercontext(struct passwd *pw, const char *role)
 {
        char *chroot_path, *tmp;
@@ -1495,7 +1495,7 @@ do_setusercontext(struct passwd *pw)
                endgrent();
 #endif
-                platform_setusercontext_post_groups(pw);
+                platform_setusercontext_post_groups(pw, role);
                if (options.chroot_directory != NULL &&
                    strcasecmp(options.chroot_directory, "none") != 0) {
@@ -1618,7 +1618,7 @@ do_child(Session *s, const char *command)
        /* Force a password change */
        if (s->authctxt->force_pwchange) {
-                do_setusercontext(pw);
+                do_setusercontext(pw, s->authctxt->role);
                child_close_fds();
                do_pwchange(s);
                exit(1);
@@ -1645,7 +1645,7 @@ do_child(Session *s, const char *command)
                /* When PAM is enabled we rely on it to do the nologin check */
                if (!options.use_pam)
                        do_nologin(pw);
-                do_setusercontext(pw);
+                do_setusercontext(pw, s->authctxt->role);
                /*
                 * PAM session modules in do_setusercontext may have
                 * generated messages, so if this in an interactive
@@ -2057,7 +2057,7 @@ session_pty_req(Session *s)
        tty_parse_modes(s->ttyfd, &n_bytes);
        if (!use_privsep)
-                pty_setowner(s->pw, s->tty);
+                pty_setowner(s->pw, s->tty, s->authctxt->role);
        /* Set window size from the packet. */
        pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);

diff --git a/session.c b/session.c index fff31b02e..1eaacb528 100644 --- a/session.c +++ b/session.c
@@ -1467,7 +1467,7 @@ safely_chroot(const char *path, uid_t uid)
1467		1467
1468	/* Set login name, uid, gid, and groups. */	1468	/* Set login name, uid, gid, and groups. */
1469	void	1469	void
1470	do_setusercontext(struct passwd *pw)	1470	do_setusercontext(struct passwd pw, const char role)
1471	{	1471	{
1472	char chroot_path, tmp;	1472	char chroot_path, tmp;
1473		1473
@@ -1495,7 +1495,7 @@ do_setusercontext(struct passwd *pw)
1495	endgrent();	1495	endgrent();
1496	#endif	1496	#endif
1497		1497
1498	platform_setusercontext_post_groups(pw);	1498	platform_setusercontext_post_groups(pw, role);
1499		1499
1500	if (options.chroot_directory != NULL &&	1500	if (options.chroot_directory != NULL &&
1501	strcasecmp(options.chroot_directory, "none") != 0) {	1501	strcasecmp(options.chroot_directory, "none") != 0) {
@@ -1618,7 +1618,7 @@ do_child(Session s, const char command)
1618		1618
1619	/* Force a password change */	1619	/* Force a password change */
1620	if (s->authctxt->force_pwchange) {	1620	if (s->authctxt->force_pwchange) {
1621	do_setusercontext(pw);	1621	do_setusercontext(pw, s->authctxt->role);
1622	child_close_fds();	1622	child_close_fds();
1623	do_pwchange(s);	1623	do_pwchange(s);
1624	exit(1);	1624	exit(1);
@@ -1645,7 +1645,7 @@ do_child(Session s, const char command)
1645	/* When PAM is enabled we rely on it to do the nologin check */	1645	/* When PAM is enabled we rely on it to do the nologin check */
1646	if (!options.use_pam)	1646	if (!options.use_pam)
1647	do_nologin(pw);	1647	do_nologin(pw);
1648	do_setusercontext(pw);	1648	do_setusercontext(pw, s->authctxt->role);
1649	/*	1649	/*
1650	* PAM session modules in do_setusercontext may have	1650	* PAM session modules in do_setusercontext may have
1651	* generated messages, so if this in an interactive	1651	* generated messages, so if this in an interactive
@@ -2057,7 +2057,7 @@ session_pty_req(Session *s)
2057	tty_parse_modes(s->ttyfd, &n_bytes);	2057	tty_parse_modes(s->ttyfd, &n_bytes);
2058		2058
2059	if (!use_privsep)	2059	if (!use_privsep)
2060	pty_setowner(s->pw, s->tty);	2060	pty_setowner(s->pw, s->tty, s->authctxt->role);
2061		2061
2062	/* Set window size from the packet. */	2062	/* Set window size from the packet. */
2063	pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);	2063	pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);