openssh-chroot.patch

   1 diff -uNr openssh-3.7p1/session.c openssh-3.7p1-chroot/session.c
   2 --- openssh-3.7p1/session.c     Mon Sep 15 21:52:19 2003
   3 +++ openssh-3.7p1-chroot/session.c      Tue Sep 16 14:23:34 2003
   4 @@ -62,6 +62,8 @@
   5  #include "ssh-gss.h"
   6  #endif
   7
   8 +#define CHROOT
   9 +
  10  /* func */
  11
  12  Session *session_new(void);
  13 @@ -1227,6 +1229,12 @@
  14  void
  15  do_setusercontext(struct passwd *pw)
  16  {
  17 +
  18 +#ifdef CHROOT
  19 +       char *user_dir;
  20 +       char *new_root;
  21 +#endif /* CHROOT */
  22 +
  23  #ifndef HAVE_CYGWIN
  24         if (getuid() == 0 || geteuid() == 0)
  25  #endif /* HAVE_CYGWIN */
  26 @@ -1264,6 +1272,27 @@
  27                         exit(1);
  28                 }
  29                 endgrent();
  30 +
  31 +#ifdef CHROOT
  32 +               user_dir = xstrdup(pw->pw_dir);
  33 +               new_root = user_dir + 1;
  34 +
  35 +               while((new_root = strchr(new_root, '.')) != NULL) {
  36 +                       new_root--;
  37 +                       if(strncmp(new_root, "/./", 3) == 0) {
  38 +                               *new_root = '\0';
  39 +                               new_root += 2;
  40 +
  41 +                               if(chroot(user_dir) != 0)
  42 +                                       fatal("Couldn't chroot to user directory % s", user_dir);
  43 +                                       pw->pw_dir = new_root;
  44 +                                       break;
  45 +                               }
  46 +                               new_root += 2;
  47 +               }
  48 +#endif /* CHROOT */
  49 +
  50 +
  51  # ifdef USE_PAM
  52                 /*
  53                  * PAM credentials may take the form of supplementary groups.