X-Git-Url: http://git.pld-linux.org/?a=blobdiff_plain;f=openssh-chroot.patch;h=92af31d037f6ef9b9a17ea55ec2f53e3a6ad20ee;hb=9a6dd2b656a780727065e29fd582d149d4a96ee6;hp=702c7fb68a35ab219d747779b1d23a8ed05ac99c;hpb=b4c9b3c031a0b6859234434e5394c2b179ebdeaf;p=packages%2Fopenssh.git

diff --git a/openssh-chroot.patch b/openssh-chroot.patch
index 702c7fb..92af31d 100644
--- a/openssh-chroot.patch
+++ b/openssh-chroot.patch
@@ -62,25 +62,25 @@
  	int	use_dns;
  	int	client_alive_interval;	/*
  					 * poke the client this often to
---- openssh-4.0p1/session.c.orig	2005-03-06 12:38:52.000000000 +0100
-+++ openssh-4.0p1/session.c	2005-03-10 15:14:04.000000000 +0100
-@@ -1258,6 +1258,10 @@
- void
+--- ./session.c.org	2008-05-05 16:22:11.935003283 +0200
++++ ./session.c	2008-05-05 16:32:50.025507650 +0200
+@@ -1345,6 +1345,10 @@ void
  do_setusercontext(struct passwd *pw)
  {
+ 	char *chroot_path, *tmp;
 +#ifdef CHROOT
 +	char *user_dir;
 +	char *new_root;
 +#endif /* CHROOT */
- #ifndef HAVE_CYGWIN
- 	if (getuid() == 0 || geteuid() == 0)
- #endif /* HAVE_CYGWIN */
-@@ -1315,6 +1319,26 @@
- 			restore_uid();
- 		}
- #endif
+ 
+ #ifdef WITH_SELINUX
+ 	/* Cache selinux status for later use */
+@@ -1425,8 +1429,28 @@ do_setusercontext(struct passwd *pw)
+ 			safely_chroot(chroot_path, pw->pw_uid);
+ 			free(tmp);
+ 			free(chroot_path);
 +#ifdef CHROOT
-+		if (options.use_chroot) {
++		} else if (options.use_chroot) {
 +			user_dir = xstrdup(pw->pw_dir);
 +			new_root = user_dir + 1;
 +
@@ -92,29 +92,31 @@
 +
 +					if(chroot(user_dir) != 0)
 +						fatal("Couldn't chroot to user directory %s", user_dir);
-+						pw->pw_dir = new_root;
-+						break;
-+					}
-+					new_root += 2;
++					pw->pw_dir = new_root;
++					break;
++				}
++				new_root += 2;
 +			}
-+		}
 +#endif /* CHROOT */
- # ifdef USE_PAM
- 		/*
- 		 * PAM credentials may take the form of supplementary groups.
+ 		}
+ 
++
+ #ifdef HAVE_LOGIN_CAP
+ 		if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
+ 			perror("unable to set user context (setuser)");
 --- openssh-3.7.1p2/sshd_config	2003-09-02 14:51:18.000000000 +0200
 +++ openssh-3.7.1p2.pius/sshd_config	2003-10-07 20:49:08.000000000 +0200
-@@ -71,6 +71,10 @@
- # bypass the setting of 'PasswordAuthentication'
- #UsePAM yes
+@@ -91,6 +91,10 @@
+ # and ChallengeResponseAuthentication to 'no'.
+ UsePAM yes
  
 +# Set this to 'yes' to enable support for chrooted user environment.
-+# You must create such environment before you can use this feature. 
++# You must create such environment before you can use this feature.
 +#UseChroot yes
 +
- #AllowTcpForwarding yes
- #GatewayPorts no
- #X11Forwarding no
+ #AllowAgentForwarding yes
+ # Security advisory:
+ # http://securitytracker.com/alerts/2004/Sep/1011143.html
 --- openssh-4.4p1/sshd_config.0.orig	2006-09-26 13:03:48.000000000 +0200
 +++ openssh-4.4p1/sshd_config.0	2006-10-05 10:11:41.615971000 +0200
 @@ -451,6 +451,16 @@