- patch enhanced with UseChroot configuration option

Changed files:
    openssh-chroot.patch -> 1.2

diff --git a/openssh-chroot.patch b/openssh-chroot.patch
index 23f1d8d8130887de745bd5a561f8fc54aeed628a..867dbb80eac04e6635644bb784d4c5cecb465ac7 100644 (file)
--- a/openssh-chroot.patch
+++ b/openssh-chroot.patch
@@ -1,53 +1,157 @@
-diff -uNr openssh-3.7p1/session.c openssh-3.7p1-chroot/session.c
---- openssh-3.7p1/session.c    Mon Sep 15 21:52:19 2003
-+++ openssh-3.7p1-chroot/session.c     Tue Sep 16 14:23:34 2003
-@@ -62,6 +62,8 @@
- #include "ssh-gss.h"
+--- openssh-3.7.1p2/servconf.c 2003-09-23 11:24:21.000000000 +0200
++++ openssh-3.7.1p2.pius/servconf.c    2003-10-07 20:49:08.000000000 +0200
+@@ -41,7 +41,9 @@
+ 
+       /* Portable-specific options */
+       options->use_pam = -1;
+-
++      
++      options->use_chroot = -1;
++      
+       /* Standard Options */
+       options->num_ports = 0;
+       options->ports_from_cmdline = 0;
+@@ -112,6 +114,9 @@
+       if (options->use_pam == -1)
+               options->use_pam = 0;
+ 
++      if (options->use_chroot == -1)
++              options->use_chroot = 0;
++      
+       /* Standard Options */
+       if (options->protocol == SSH_PROTO_UNKNOWN)
+               options->protocol = SSH_PROTO_1|SSH_PROTO_2;
+@@ -245,6 +250,7 @@
+       sBadOption,             /* == unknown option */
+       /* Portable-specific options */
+       sUsePAM,
++      sUseChroot,
+       /* Standard Options */
+       sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
+       sPermitRootLogin, sLogFacility, sLogLevel,
+@@ -278,6 +284,11 @@
+ #else
+       { "usepam", sUnsupported },

  #endif
  #endif

++#ifdef CHROOT
++      { "usechroot", sUseChroot },
++#else
++      { "usechroot", sUnsupported },
++#endif /* CHROOT */
+       { "pamauthenticationviakbdint", sDeprecated },
+       /* Standard Options */
+       { "port", sPort },
+@@ -437,6 +448,10 @@
+               intptr = &options->use_pam;
+               goto parse_flag;

  
  

-+#define CHROOT
++      case sUseChroot:
++              intptr = &options->use_chroot;
++              goto parse_flag;

 +
 +

- /* func */
- 
- Session *session_new(void);
-@@ -1227,6 +1229,12 @@
+       /* Standard Options */
+       case sBadOption:
+               return -1;
+--- openssh-3.7.1p2/servconf.h 2003-09-02 14:58:22.000000000 +0200
++++ openssh-3.7.1p2.pius/servconf.h    2003-10-07 20:49:08.000000000 +0200
+@@ -109,6 +109,7 @@
+       int     max_startups_rate;
+       int     max_startups;
+       char   *banner;                 /* SSH-2 banner message */
++      int     use_chroot;             /* Enable chrooted enviroment support */
+       int     use_dns;
+       int     client_alive_interval;  /*
+                                        * poke the client this often to
+--- openssh-3.7.1p2/session.c  2003-09-23 10:59:08.000000000 +0200
++++ openssh-3.7.1p2.pius/session.c     2003-10-07 20:49:08.000000000 +0200
+@@ -1231,6 +1231,10 @@

  void
  do_setusercontext(struct passwd *pw)
  {
  void
  do_setusercontext(struct passwd *pw)
  {

-+

 +#ifdef CHROOT
 +      char *user_dir;
 +      char *new_root;
 +#endif /* CHROOT */
 +#ifdef CHROOT
 +      char *user_dir;
 +      char *new_root;
 +#endif /* CHROOT */

-+

  #ifndef HAVE_CYGWIN
        if (getuid() == 0 || geteuid() == 0)
  #endif /* HAVE_CYGWIN */
  #ifndef HAVE_CYGWIN
        if (getuid() == 0 || geteuid() == 0)
  #endif /* HAVE_CYGWIN */

-@@ -1264,6 +1272,27 @@
+@@ -1268,6 +1272,28 @@

                        exit(1);
                }
                endgrent();
 +
 +#ifdef CHROOT
                        exit(1);
                }
                endgrent();
 +
 +#ifdef CHROOT

-+              user_dir = xstrdup(pw->pw_dir);
-+              new_root = user_dir + 1;
++              if (options.use_chroot) {
++                      user_dir = xstrdup(pw->pw_dir);
++                      new_root = user_dir + 1;

 +
 +

-+              while((new_root = strchr(new_root, '.')) != NULL) {
-+                      new_root--;
-+                      if(strncmp(new_root, "/./", 3) == 0) {
-+                              *new_root = '\0';
-+                              new_root += 2;
++                      while((new_root = strchr(new_root, '.')) != NULL) {
++                              new_root--;
++                              if(strncmp(new_root, "/./", 3) == 0) {
++                                      *new_root = '\0';
++                                      new_root += 2;

 +
 +

-+                              if(chroot(user_dir) != 0)
-+                                      fatal("Couldn't chroot to user directory % s", user_dir);
-+                                      pw->pw_dir = new_root;
-+                                      break;
-+                              }
-+                              new_root += 2;
++                                      if(chroot(user_dir) != 0)
++                                              fatal("Couldn't chroot to user directory % s", user_dir);
++                                              pw->pw_dir = new_root;
++                                              break;
++                                      }
++                                      new_root += 2;
++                      }

 +              }
 +#endif /* CHROOT */
 +              }
 +#endif /* CHROOT */

-+

 +
  # ifdef USE_PAM
                /*
                 * PAM credentials may take the form of supplementary groups. 
 +
  # ifdef USE_PAM
                /*
                 * PAM credentials may take the form of supplementary groups. 

+--- openssh-3.7.1p2/sshd_config        2003-09-02 14:51:18.000000000 +0200
++++ openssh-3.7.1p2.pius/sshd_config   2003-10-07 20:49:08.000000000 +0200
+@@ -71,6 +71,10 @@
+ # bypass the setting of 'PasswordAuthentication'
+ #UsePAM yes
+ 
++# Set this to 'yes' to enable support for chrooted user environment.
++# You must create such environment before you can use this feature. 
++#UseChroot yes
++
+ #AllowTcpForwarding yes
+ #GatewayPorts no
+ #X11Forwarding no
+--- openssh-3.7.1p2/sshd_config.0      2003-09-23 11:55:19.000000000 +0200
++++ openssh-3.7.1p2.pius/sshd_config.0 2003-10-07 20:49:08.000000000 +0200
+@@ -349,6 +349,16 @@
+              CAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.  The de-
+              fault is AUTH.
+ 
++     UseChroot
++             Specifies whether to use chroot-jail environment with ssh/sftp,
++             i.e. restrict users to a particular area in the filesystem. This
++             is done by setting user home directory to, for example,
++             /path/to/chroot/./home/username.  sshd looks for a '.' in the
++             users home directory, then calls chroot(2) to whatever directory
++             was before the . and continues with the normal ssh functionality.
++             For this to work properly you have to create special chroot-jail
++             environment in a /path/to/chroot directory.
++
+      UseDNS  Specifies whether sshd should lookup the remote host name and
+              check that the resolved host name for the remote IP address maps
+              back to the very same IP address.  The default is ``yes''.
+--- openssh-3.7.1p2/sshd_config.5      2003-09-02 14:57:05.000000000 +0200
++++ openssh-3.7.1p2.pius/sshd_config.5 2003-10-07 20:49:08.000000000 +0200
+@@ -580,6 +580,16 @@
+ The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
+ LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
+ The default is AUTH.
++.It Cm UseChroot
++Specifies whether to use chroot-jail environment with ssh/sftp, i.e. restrict
++users to a particular area in the filesystem. This is done by setting user
++home directory to, for example, /path/to/chroot/./home/username.
++.Nm sshd
++looks for a '.' in the users home directory, then calls
++.Xr chroot 2
++to whatever directory was before the . and continues with the normal ssh
++functionality. For this to work properly you have to create special chroot-jail
++environment in a /path/to/chroot directory.
+ .It Cm UseDNS
+ Specifies whether
+ .Nm sshd