1 files changed, 5 insertions, 5 deletions
diff --git a/session.c b/session.c
index 857f17b3c..b1796a803 100644
--- a/session.c
+++ b/session.c
@@ -1364,7 +1364,7 @@ safely_chroot(const char *path, uid_t uid)
 /* Set login name, uid, gid, and groups. */
 void
-do_setusercontext(struct passwd *pw)
+do_setusercontext(struct passwd *pw, const char *role)
 {
        char uidstr[32], *chroot_path, *tmp;
@@ -1392,7 +1392,7 @@ do_setusercontext(struct passwd *pw)
                endgrent();
 #endif
-                platform_setusercontext_post_groups(pw);
+                platform_setusercontext_post_groups(pw, role);
                if (!in_chroot && options.chroot_directory != NULL &&
                    strcasecmp(options.chroot_directory, "none") != 0) {
@@ -1536,7 +1536,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
        /* Force a password change */
        if (s->authctxt->force_pwchange) {
-                do_setusercontext(pw);
+                do_setusercontext(pw, s->authctxt->role);
                child_close_fds(ssh);
                do_pwchange(s);
                exit(1);
@@ -1554,7 +1554,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
        /* When PAM is enabled we rely on it to do the nologin check */
        if (!options.use_pam)
                do_nologin(pw);
-        do_setusercontext(pw);
+        do_setusercontext(pw, s->authctxt->role);
        /*
         * PAM session modules in do_setusercontext may have
         * generated messages, so if this in an interactive
@@ -1953,7 +1953,7 @@ session_pty_req(struct ssh *ssh, Session *s)
                sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
        if (!use_privsep)
-                pty_setowner(s->pw, s->tty);
+                pty_setowner(s->pw, s->tty, s->authctxt->role);
        /* Set window size from the packet. */
        pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);

diff --git a/session.c b/session.c index 857f17b3c..b1796a803 100644 --- a/session.c +++ b/session.c
@@ -1364,7 +1364,7 @@ safely_chroot(const char *path, uid_t uid)
1364		1364
1365	/* Set login name, uid, gid, and groups. */	1365	/* Set login name, uid, gid, and groups. */
1366	void	1366	void
1367	do_setusercontext(struct passwd *pw)	1367	do_setusercontext(struct passwd pw, const char role)
1368	{	1368	{
1369	char uidstr[32], chroot_path, tmp;	1369	char uidstr[32], chroot_path, tmp;
1370		1370
@@ -1392,7 +1392,7 @@ do_setusercontext(struct passwd *pw)
1392	endgrent();	1392	endgrent();
1393	#endif	1393	#endif
1394		1394
1395	platform_setusercontext_post_groups(pw);	1395	platform_setusercontext_post_groups(pw, role);
1396		1396
1397	if (!in_chroot && options.chroot_directory != NULL &&	1397	if (!in_chroot && options.chroot_directory != NULL &&
1398	strcasecmp(options.chroot_directory, "none") != 0) {	1398	strcasecmp(options.chroot_directory, "none") != 0) {
@@ -1536,7 +1536,7 @@ do_child(struct ssh ssh, Session s, const char *command)
1536		1536
1537	/* Force a password change */	1537	/* Force a password change */
1538	if (s->authctxt->force_pwchange) {	1538	if (s->authctxt->force_pwchange) {
1539	do_setusercontext(pw);	1539	do_setusercontext(pw, s->authctxt->role);
1540	child_close_fds(ssh);	1540	child_close_fds(ssh);
1541	do_pwchange(s);	1541	do_pwchange(s);
1542	exit(1);	1542	exit(1);
@@ -1554,7 +1554,7 @@ do_child(struct ssh ssh, Session s, const char *command)
1554	/* When PAM is enabled we rely on it to do the nologin check */	1554	/* When PAM is enabled we rely on it to do the nologin check */
1555	if (!options.use_pam)	1555	if (!options.use_pam)
1556	do_nologin(pw);	1556	do_nologin(pw);
1557	do_setusercontext(pw);	1557	do_setusercontext(pw, s->authctxt->role);
1558	/*	1558	/*
1559	* PAM session modules in do_setusercontext may have	1559	* PAM session modules in do_setusercontext may have
1560	* generated messages, so if this in an interactive	1560	* generated messages, so if this in an interactive
@@ -1953,7 +1953,7 @@ session_pty_req(struct ssh ssh, Session s)
1953	sshpkt_fatal(ssh, r, "%s: parse packet", __func__);	1953	sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
1954		1954
1955	if (!use_privsep)	1955	if (!use_privsep)
1956	pty_setowner(s->pw, s->tty);	1956	pty_setowner(s->pw, s->tty, s->authctxt->role);
1957		1957
1958	/* Set window size from the packet. */	1958	/* Set window size from the packet. */
1959	pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);	1959	pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);