1 files changed, 5 insertions, 5 deletions
diff --git a/session.c b/session.c
index ac3d9d19d..d87ea4d44 100644
--- a/session.c
+++ b/session.c
@@ -1356,7 +1356,7 @@ safely_chroot(const char *path, uid_t uid)
 /* Set login name, uid, gid, and groups. */
 void
-do_setusercontext(struct passwd *pw)
+do_setusercontext(struct passwd *pw, const char *role)
 {
        char uidstr[32], *chroot_path, *tmp;
@@ -1384,7 +1384,7 @@ do_setusercontext(struct passwd *pw)
                endgrent();
 #endif
-                platform_setusercontext_post_groups(pw);
+                platform_setusercontext_post_groups(pw, role);
                if (!in_chroot && options.chroot_directory != NULL &&
                    strcasecmp(options.chroot_directory, "none") != 0) {
@@ -1525,7 +1525,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
        /* Force a password change */
        if (s->authctxt->force_pwchange) {
-                do_setusercontext(pw);
+                do_setusercontext(pw, s->authctxt->role);
                child_close_fds(ssh);
                do_pwchange(s);
                exit(1);
@@ -1543,7 +1543,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
        /* When PAM is enabled we rely on it to do the nologin check */
        if (!options.use_pam)
                do_nologin(pw);
-        do_setusercontext(pw);
+        do_setusercontext(pw, s->authctxt->role);
        /*
         * PAM session modules in do_setusercontext may have
         * generated messages, so if this in an interactive
@@ -1942,7 +1942,7 @@ session_pty_req(struct ssh *ssh, Session *s)
                sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
        if (!use_privsep)
-                pty_setowner(s->pw, s->tty);
+                pty_setowner(s->pw, s->tty, s->authctxt->role);
        /* Set window size from the packet. */
        pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);

diff --git a/session.c b/session.c index ac3d9d19d..d87ea4d44 100644 --- a/session.c +++ b/session.c
@@ -1356,7 +1356,7 @@ safely_chroot(const char *path, uid_t uid)
1356		1356
1357	/* Set login name, uid, gid, and groups. */	1357	/* Set login name, uid, gid, and groups. */
1358	void	1358	void
1359	do_setusercontext(struct passwd *pw)	1359	do_setusercontext(struct passwd pw, const char role)
1360	{	1360	{
1361	char uidstr[32], chroot_path, tmp;	1361	char uidstr[32], chroot_path, tmp;
1362		1362
@@ -1384,7 +1384,7 @@ do_setusercontext(struct passwd *pw)
1384	endgrent();	1384	endgrent();
1385	#endif	1385	#endif
1386		1386
1387	platform_setusercontext_post_groups(pw);	1387	platform_setusercontext_post_groups(pw, role);
1388		1388
1389	if (!in_chroot && options.chroot_directory != NULL &&	1389	if (!in_chroot && options.chroot_directory != NULL &&
1390	strcasecmp(options.chroot_directory, "none") != 0) {	1390	strcasecmp(options.chroot_directory, "none") != 0) {
@@ -1525,7 +1525,7 @@ do_child(struct ssh ssh, Session s, const char *command)
1525		1525
1526	/* Force a password change */	1526	/* Force a password change */
1527	if (s->authctxt->force_pwchange) {	1527	if (s->authctxt->force_pwchange) {
1528	do_setusercontext(pw);	1528	do_setusercontext(pw, s->authctxt->role);
1529	child_close_fds(ssh);	1529	child_close_fds(ssh);
1530	do_pwchange(s);	1530	do_pwchange(s);
1531	exit(1);	1531	exit(1);
@@ -1543,7 +1543,7 @@ do_child(struct ssh ssh, Session s, const char *command)
1543	/* When PAM is enabled we rely on it to do the nologin check */	1543	/* When PAM is enabled we rely on it to do the nologin check */
1544	if (!options.use_pam)	1544	if (!options.use_pam)
1545	do_nologin(pw);	1545	do_nologin(pw);
1546	do_setusercontext(pw);	1546	do_setusercontext(pw, s->authctxt->role);
1547	/*	1547	/*
1548	* PAM session modules in do_setusercontext may have	1548	* PAM session modules in do_setusercontext may have
1549	* generated messages, so if this in an interactive	1549	* generated messages, so if this in an interactive
@@ -1942,7 +1942,7 @@ session_pty_req(struct ssh ssh, Session s)
1942	sshpkt_fatal(ssh, r, "%s: parse packet", __func__);	1942	sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
1943		1943
1944	if (!use_privsep)	1944	if (!use_privsep)
1945	pty_setowner(s->pw, s->tty);	1945	pty_setowner(s->pw, s->tty, s->authctxt->role);
1946		1946
1947	/* Set window size from the packet. */	1947	/* Set window size from the packet. */
1948	pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);	1948	pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);