---- openssh-4.4p1/servconf.c.orig 2006-08-18 16:23:15.000000000 +0200
-+++ openssh-4.4p1/servconf.c 2006-10-05 10:11:17.065971000 +0200
-@@ -56,7 +56,9 @@
+diff -urNp -x '*.orig' openssh-8.8p1.org/servconf.c openssh-8.8p1/servconf.c
+--- openssh-8.8p1.org/servconf.c 2021-09-26 16:03:19.000000000 +0200
++++ openssh-8.8p1/servconf.c 2021-12-09 20:13:16.486586503 +0100
+@@ -92,7 +92,9 @@ initialize_server_options(ServerOptions
/* Portable-specific options */
options->use_pam = -1;
/* Standard Options */
options->num_ports = 0;
options->ports_from_cmdline = 0;
-@@ -131,6 +133,9 @@
+@@ -279,6 +281,9 @@ fill_default_server_options(ServerOption
if (options->use_pam == -1)
options->use_pam = 0;
+ options->use_chroot = 0;
+
/* Standard Options */
- if (options->protocol == SSH_PROTO_UNKNOWN)
- options->protocol = SSH_PROTO_1|SSH_PROTO_2;
-@@ -270,6 +275,7 @@
+ if (options->num_host_key_files == 0) {
+ /* fill default hostkeys for protocols */
+@@ -486,6 +491,7 @@ typedef enum {
sBadOption, /* == unknown option */
/* Portable-specific options */
sUsePAM,
+ sUseChroot,
/* Standard Options */
- sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
- sPermitRootLogin, sLogFacility, sLogLevel,
-@@ -312,6 +318,11 @@
+ sPort, sHostKeyFile, sLoginGraceTime,
+ sPermitRootLogin, sLogFacility, sLogLevel, sLogVerbose,
+@@ -538,6 +544,11 @@ static struct {
#else
{ "usepam", sUnsupported, SSHCFG_GLOBAL },
#endif
{ "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL },
/* Standard Options */
{ "port", sPort, SSHCFG_GLOBAL },
-@@ -662,6 +673,10 @@
+@@ -1332,6 +1343,10 @@ process_server_config_line_depth(ServerO
intptr = &options->use_pam;
goto parse_flag;
+
/* Standard Options */
case sBadOption:
- return -1;
---- openssh-3.7.1p2/servconf.h 2003-09-02 14:58:22.000000000 +0200
-+++ openssh-3.7.1p2.pius/servconf.h 2003-10-07 20:49:08.000000000 +0200
-@@ -109,6 +109,7 @@
- int max_startups_rate;
- int max_startups;
+ goto out;
+diff -urNp -x '*.orig' openssh-8.8p1.org/servconf.h openssh-8.8p1/servconf.h
+--- openssh-8.8p1.org/servconf.h 2021-09-26 16:03:19.000000000 +0200
++++ openssh-8.8p1/servconf.h 2021-12-09 20:13:16.486586503 +0100
+@@ -183,6 +183,7 @@ typedef struct {
+ int max_authtries;
+ int max_sessions;
char *banner; /* SSH-2 banner message */
+ int use_chroot; /* Enable chrooted enviroment support */
int use_dns;
int client_alive_interval; /*
* poke the client this often to
---- ./session.c.org 2008-05-05 16:22:11.935003283 +0200
-+++ ./session.c 2008-05-05 16:32:50.025507650 +0200
-@@ -1492,6 +1492,10 @@ do_setusercontext(struct passwd *pw)
- #ifdef USE_LIBIAF
- int doing_chroot = 0;
- #endif
+diff -urNp -x '*.orig' openssh-8.8p1.org/session.c openssh-8.8p1/session.c
+--- openssh-8.8p1.org/session.c 2021-09-26 16:03:19.000000000 +0200
++++ openssh-8.8p1/session.c 2021-12-09 20:13:16.489919836 +0100
+@@ -1359,6 +1359,10 @@ void
+ do_setusercontext(struct passwd *pw)
+ {
+ char uidstr[32], *chroot_path, *tmp;
+#ifdef CHROOT
+ char *user_dir;
+ char *new_root;
platform_setusercontext(pw);
-@@ -1534,6 +1538,25 @@ do_setusercontext(struct passwd *pw)
- #ifdef USE_LIBIAF
- doing_chroot = 1;
- #endif
+@@ -1401,6 +1405,29 @@ do_setusercontext(struct passwd *pw)
+ free(options.chroot_directory);
+ options.chroot_directory = NULL;
+ in_chroot = 1;
+#ifdef CHROOT
-+ } else if (options.use_chroot) {
++ } else if (!in_chroot && options.use_chroot) {
+ user_dir = xstrdup(pw->pw_dir);
+ new_root = user_dir + 1;
+
-+ while((new_root = strchr(new_root, '.')) != NULL) {
++ while ((new_root = strchr(new_root, '.')) != NULL) {
+ new_root--;
-+ if(strncmp(new_root, "/./", 3) == 0) {
++ if (strncmp(new_root, "/./", 3) == 0) {
+ *new_root = '\0';
+ new_root += 2;
+
-+ if(chroot(user_dir) != 0)
++ if (chroot(user_dir) != 0)
+ fatal("Couldn't chroot to user directory %s", user_dir);
-+ pw->pw_dir = new_root;
++ /* NOTE: session->pw comes from pwcopy(), so replace pw_dir this way (incompatible with plain getpwnam() or getpwnam_r()) */
++ free(pw->pw_dir);
++ pw->pw_dir = xstrdup(new_root);
++ in_chroot = 1;
+ break;
+ }
+ new_root += 2;
+ }
++ free(user_dir);
+#endif /* CHROOT */
}
#ifdef HAVE_LOGIN_CAP
---- openssh-3.7.1p2/sshd_config 2003-09-02 14:51:18.000000000 +0200
-+++ openssh-3.7.1p2.pius/sshd_config 2003-10-07 20:49:08.000000000 +0200
-@@ -91,6 +91,10 @@
- # and ChallengeResponseAuthentication to 'no'.
+diff -urNp -x '*.orig' openssh-8.8p1.org/sshd_config openssh-8.8p1/sshd_config
+--- openssh-8.8p1.org/sshd_config 2021-12-09 20:13:16.326586503 +0100
++++ openssh-8.8p1/sshd_config 2021-12-09 20:13:16.489919836 +0100
+@@ -85,6 +85,10 @@ GSSAPIAuthentication yes
+ # and KbdInteractiveAuthentication to 'no'.
UsePAM yes
+# Set this to 'yes' to enable support for chrooted user environment.
+#UseChroot yes
+
#AllowAgentForwarding yes
- # Security advisory:
- # http://securitytracker.com/alerts/2004/Sep/1011143.html
---- openssh-4.4p1/sshd_config.0.orig 2006-09-26 13:03:48.000000000 +0200
-+++ openssh-4.4p1/sshd_config.0 2006-10-05 10:11:41.615971000 +0200
-@@ -921,6 +921,16 @@ DESCRIPTION
+ #AllowTcpForwarding yes
+ #GatewayPorts no
+diff -urNp -x '*.orig' openssh-8.8p1.org/sshd_config.0 openssh-8.8p1/sshd_config.0
+--- openssh-8.8p1.org/sshd_config.0 2021-09-26 16:06:42.000000000 +0200
++++ openssh-8.8p1/sshd_config.0 2021-12-09 20:13:16.489919836 +0100
+@@ -1053,6 +1053,16 @@ DESCRIPTION
TrustedUserCAKeys. For more details on certificates, see the
CERTIFICATES section in ssh-keygen(1).
UseDNS Specifies whether sshd(8) should look up the remote host name,
and to check that the resolved host name for the remote IP
address maps back to the very same IP address.
---- openssh-3.8p1/sshd_config.5.orig 2004-02-18 04:31:24.000000000 +0100
-+++ openssh-3.8p1/sshd_config.5 2004-02-25 21:17:23.000000000 +0100
-@@ -552,6 +552,16 @@
+diff -urNp -x '*.orig' openssh-8.8p1.org/sshd_config.5 openssh-8.8p1/sshd_config.5
+--- openssh-8.8p1.org/sshd_config.5 2021-09-26 16:03:19.000000000 +0200
++++ openssh-8.8p1/sshd_config.5 2021-12-09 20:13:16.489919836 +0100
+@@ -1697,6 +1697,16 @@ Gives the facility code that is used whe
The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
The default is AUTH.
projects / packages / openssh.git / blobdiff