- (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.c

   monitor_wrap.h] Bug #808: Ensure force_pwchange is correctly initialized
   even if keyboard-interactive is not used by the client.  Prevents segfaults
   in some cases where the user's password is expired (note this is not
   considered a security exposure).  ok djm@

1 files changed, 3 insertions, 3 deletions

diff --git a/auth2.c b/auth2.c
index a9490ccf..1177efa7 100644
--- a/auth2.c
+++ b/auth2.c
@@ -150,24 +150,24 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
 	if (authctxt->attempt++ == 0) {
 		/* setup auth context */
 		authctxt->pw = PRIVSEP(getpwnamallow(user));
+		authctxt->user = xstrdup(user);
 		if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
 			authctxt->valid = 1;
 			debug2("input_userauth_request: setting up authctxt for %s", user);
 #ifdef USE_PAM
 			if (options.use_pam)
-				PRIVSEP(start_pam(authctxt->pw->pw_name));
+				PRIVSEP(start_pam(authctxt));
 #endif
 		} else {
 			logit("input_userauth_request: illegal user %s", user);
 			authctxt->pw = fakepw();
 #ifdef USE_PAM
 			if (options.use_pam)
-				PRIVSEP(start_pam(user));
+				PRIVSEP(start_pam(authctxt));
 #endif
 		}
 		setproctitle("%s%s", authctxt->pw ? user : "unknown",
 		    use_privsep ? " [net]" : "");
-		authctxt->user = xstrdup(user);
 		authctxt->service = xstrdup(service);
 		authctxt->style = style ? xstrdup(style) : NULL;
 		if (use_privsep)