diff options
Diffstat (limited to 'session.c')
-rw-r--r-- | session.c | 10 |
1 files changed, 5 insertions, 5 deletions
@@ -1364,7 +1364,7 @@ safely_chroot(const char *path, uid_t uid) | |||
1364 | 1364 | ||
1365 | /* Set login name, uid, gid, and groups. */ | 1365 | /* Set login name, uid, gid, and groups. */ |
1366 | void | 1366 | void |
1367 | do_setusercontext(struct passwd *pw) | 1367 | do_setusercontext(struct passwd *pw, const char *role) |
1368 | { | 1368 | { |
1369 | char uidstr[32], *chroot_path, *tmp; | 1369 | char uidstr[32], *chroot_path, *tmp; |
1370 | 1370 | ||
@@ -1392,7 +1392,7 @@ do_setusercontext(struct passwd *pw) | |||
1392 | endgrent(); | 1392 | endgrent(); |
1393 | #endif | 1393 | #endif |
1394 | 1394 | ||
1395 | platform_setusercontext_post_groups(pw); | 1395 | platform_setusercontext_post_groups(pw, role); |
1396 | 1396 | ||
1397 | if (!in_chroot && options.chroot_directory != NULL && | 1397 | if (!in_chroot && options.chroot_directory != NULL && |
1398 | strcasecmp(options.chroot_directory, "none") != 0) { | 1398 | strcasecmp(options.chroot_directory, "none") != 0) { |
@@ -1536,7 +1536,7 @@ do_child(struct ssh *ssh, Session *s, const char *command) | |||
1536 | 1536 | ||
1537 | /* Force a password change */ | 1537 | /* Force a password change */ |
1538 | if (s->authctxt->force_pwchange) { | 1538 | if (s->authctxt->force_pwchange) { |
1539 | do_setusercontext(pw); | 1539 | do_setusercontext(pw, s->authctxt->role); |
1540 | child_close_fds(ssh); | 1540 | child_close_fds(ssh); |
1541 | do_pwchange(s); | 1541 | do_pwchange(s); |
1542 | exit(1); | 1542 | exit(1); |
@@ -1554,7 +1554,7 @@ do_child(struct ssh *ssh, Session *s, const char *command) | |||
1554 | /* When PAM is enabled we rely on it to do the nologin check */ | 1554 | /* When PAM is enabled we rely on it to do the nologin check */ |
1555 | if (!options.use_pam) | 1555 | if (!options.use_pam) |
1556 | do_nologin(pw); | 1556 | do_nologin(pw); |
1557 | do_setusercontext(pw); | 1557 | do_setusercontext(pw, s->authctxt->role); |
1558 | /* | 1558 | /* |
1559 | * PAM session modules in do_setusercontext may have | 1559 | * PAM session modules in do_setusercontext may have |
1560 | * generated messages, so if this in an interactive | 1560 | * generated messages, so if this in an interactive |
@@ -1953,7 +1953,7 @@ session_pty_req(struct ssh *ssh, Session *s) | |||
1953 | sshpkt_fatal(ssh, r, "%s: parse packet", __func__); | 1953 | sshpkt_fatal(ssh, r, "%s: parse packet", __func__); |
1954 | 1954 | ||
1955 | if (!use_privsep) | 1955 | if (!use_privsep) |
1956 | pty_setowner(s->pw, s->tty); | 1956 | pty_setowner(s->pw, s->tty, s->authctxt->role); |
1957 | 1957 | ||
1958 | /* Set window size from the packet. */ | 1958 | /* Set window size from the packet. */ |
1959 | pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); | 1959 | pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); |