int use_dns;
int client_alive_interval; /*
* poke the client this often to
---- ./session.c.org 2008-05-05 16:22:11.935003283 +0200
-+++ ./session.c 2008-05-05 16:32:50.025507650 +0200
-@@ -1345,6 +1345,10 @@ void
+--- openssh-7.2p1/session.c.orig 2016-03-05 10:24:44.227756638 +0100
++++ openssh-7.2p1/session.c 2016-03-05 10:24:50.237756386 +0100
+@@ -1381,6 +1381,10 @@ void
do_setusercontext(struct passwd *pw)
{
- char *chroot_path, *tmp;
+ char uidstr[32], *chroot_path, *tmp;
+#ifdef CHROOT
+ char *user_dir;
+ char *new_root;
+#endif /* CHROOT */
- #ifdef WITH_SELINUX
- /* Cache selinux status for later use */
-@@ -1425,8 +1429,28 @@ do_setusercontext(struct passwd *pw)
- safely_chroot(chroot_path, pw->pw_uid);
- free(tmp);
- free(chroot_path);
+ platform_setusercontext(pw);
+
+@@ -1532,6 +1536,29 @@ do_setusercontext(struct passwd *pw)
+ free(options.chroot_directory);
+ options.chroot_directory = NULL;
+ in_chroot = 1;
+#ifdef CHROOT
-+ } else if (options.use_chroot) {
++ } else if (!in_chroot && options.use_chroot) {
+ user_dir = xstrdup(pw->pw_dir);
+ new_root = user_dir + 1;
+
-+ while((new_root = strchr(new_root, '.')) != NULL) {
++ while ((new_root = strchr(new_root, '.')) != NULL) {
+ new_root--;
-+ if(strncmp(new_root, "/./", 3) == 0) {
++ if (strncmp(new_root, "/./", 3) == 0) {
+ *new_root = '\0';
+ new_root += 2;
+
-+ if(chroot(user_dir) != 0)
++ if (chroot(user_dir) != 0)
+ fatal("Couldn't chroot to user directory %s", user_dir);
-+ pw->pw_dir = new_root;
++ /* NOTE: session->pw comes from pwcopy(), so replace pw_dir this way (incompatible with plain getpwnam() or getpwnam_r()) */
++ free(pw->pw_dir);
++ pw->pw_dir = xstrdup(new_root);
++ in_chroot = 1;
+ break;
+ }
+ new_root += 2;
+ }
++ free(user_dir);
+#endif /* CHROOT */
}
-+
#ifdef HAVE_LOGIN_CAP
- if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
- perror("unable to set user context (setuser)");
--- openssh-3.7.1p2/sshd_config 2003-09-02 14:51:18.000000000 +0200
+++ openssh-3.7.1p2.pius/sshd_config 2003-10-07 20:49:08.000000000 +0200
-@@ -71,6 +71,10 @@
- # bypass the setting of 'PasswordAuthentication'
- #UsePAM yes
+@@ -91,6 +91,10 @@
+ # and ChallengeResponseAuthentication to 'no'.
+ UsePAM yes
+# Set this to 'yes' to enable support for chrooted user environment.
-+# You must create such environment before you can use this feature.
++# You must create such environment before you can use this feature.
+#UseChroot yes
+
- #AllowTcpForwarding yes
- #GatewayPorts no
- #X11Forwarding no
+ #AllowAgentForwarding yes
+ # Security advisory:
+ # http://securitytracker.com/alerts/2004/Sep/1011143.html
--- openssh-4.4p1/sshd_config.0.orig 2006-09-26 13:03:48.000000000 +0200
+++ openssh-4.4p1/sshd_config.0 2006-10-05 10:11:41.615971000 +0200
-@@ -451,6 +451,16 @@
- To disable TCP keepalive messages, the value should be set to
- ``no''.
+@@ -921,6 +921,16 @@ DESCRIPTION
+ TrustedUserCAKeys. For more details on certificates, see the
+ CERTIFICATES section in ssh-keygen(1).
+ UseChroot
+ Specifies whether to use chroot-jail environment with ssh/sftp,
+ For this to work properly you have to create special chroot-jail
+ environment in a /path/to/chroot directory.
+
- UseDNS Specifies whether sshd(8) should look up the remote host name and
- check that the resolved host name for the remote IP address maps
- back to the very same IP address. The default is ``yes''.
+ UseDNS Specifies whether sshd(8) should look up the remote host name,
+ and to check that the resolved host name for the remote IP
+ address maps back to the very same IP address.
--- openssh-3.8p1/sshd_config.5.orig 2004-02-18 04:31:24.000000000 +0100
+++ openssh-3.8p1/sshd_config.5 2004-02-25 21:17:23.000000000 +0100
@@ -552,6 +552,16 @@