X-Git-Url: https://git.pld-linux.org/?a=blobdiff_plain;f=openssh-chroot.patch;h=92af31d037f6ef9b9a17ea55ec2f53e3a6ad20ee;hb=6b22dba3883c963cd1161f427664af341ab34266;hp=881f87c26e627d80cb6aebafcf0880e5e2237808;hpb=eb4d14bb493108056951718900140f0bd007a867;p=packages%2Fopenssh.git

diff --git a/openssh-chroot.patch b/openssh-chroot.patch
index 881f87c..92af31d 100644
--- a/openssh-chroot.patch
+++ b/openssh-chroot.patch
@@ -1,6 +1,6 @@
---- openssh-3.7.1p2/servconf.c	2003-09-23 11:24:21.000000000 +0200
-+++ openssh-3.7.1p2.pius/servconf.c	2003-10-07 20:49:08.000000000 +0200
-@@ -41,7 +41,9 @@
+--- openssh-4.4p1/servconf.c.orig	2006-08-18 16:23:15.000000000 +0200
++++ openssh-4.4p1/servconf.c	2006-10-05 10:11:17.065971000 +0200
+@@ -56,7 +56,9 @@
  
  	/* Portable-specific options */
  	options->use_pam = -1;
@@ -11,7 +11,7 @@
  	/* Standard Options */
  	options->num_ports = 0;
  	options->ports_from_cmdline = 0;
-@@ -112,6 +114,9 @@
+@@ -131,6 +133,9 @@
  	if (options->use_pam == -1)
  		options->use_pam = 0;
  
@@ -21,7 +21,7 @@
  	/* Standard Options */
  	if (options->protocol == SSH_PROTO_UNKNOWN)
  		options->protocol = SSH_PROTO_1|SSH_PROTO_2;
-@@ -245,6 +250,7 @@
+@@ -270,6 +275,7 @@
  	sBadOption,		/* == unknown option */
  	/* Portable-specific options */
  	sUsePAM,
@@ -29,19 +29,19 @@
  	/* Standard Options */
  	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
  	sPermitRootLogin, sLogFacility, sLogLevel,
-@@ -278,6 +284,11 @@
+@@ -312,6 +318,11 @@
  #else
- 	{ "usepam", sUnsupported },
+ 	{ "usepam", sUnsupported, SSHCFG_GLOBAL },
  #endif
 +#ifdef CHROOT
-+	{ "usechroot", sUseChroot },
++	{ "usechroot", sUseChroot, SSHCFG_GLOBAL },
 +#else
-+	{ "usechroot", sUnsupported },
++	{ "usechroot", sUnsupported, SSHCFG_GLOBAL },
 +#endif /* CHROOT */
- 	{ "pamauthenticationviakbdint", sDeprecated },
+ 	{ "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL },
  	/* Standard Options */
- 	{ "port", sPort },
-@@ -437,6 +448,10 @@
+ 	{ "port", sPort, SSHCFG_GLOBAL },
+@@ -662,6 +673,10 @@
  		intptr = &options->use_pam;
  		goto parse_flag;
  
@@ -62,25 +62,25 @@
  	int	use_dns;
  	int	client_alive_interval;	/*
  					 * poke the client this often to
---- openssh-4.0p1/session.c.orig	2005-03-06 12:38:52.000000000 +0100
-+++ openssh-4.0p1/session.c	2005-03-10 15:14:04.000000000 +0100
-@@ -1258,6 +1258,10 @@
- void
+--- ./session.c.org	2008-05-05 16:22:11.935003283 +0200
++++ ./session.c	2008-05-05 16:32:50.025507650 +0200
+@@ -1345,6 +1345,10 @@ void
  do_setusercontext(struct passwd *pw)
  {
+ 	char *chroot_path, *tmp;
 +#ifdef CHROOT
 +	char *user_dir;
 +	char *new_root;
 +#endif /* CHROOT */
- #ifndef HAVE_CYGWIN
- 	if (getuid() == 0 || geteuid() == 0)
- #endif /* HAVE_CYGWIN */
-@@ -1315,6 +1319,26 @@
- 			restore_uid();
- 		}
- #endif
+ 
+ #ifdef WITH_SELINUX
+ 	/* Cache selinux status for later use */
+@@ -1425,8 +1429,28 @@ do_setusercontext(struct passwd *pw)
+ 			safely_chroot(chroot_path, pw->pw_uid);
+ 			free(tmp);
+ 			free(chroot_path);
 +#ifdef CHROOT
-+		if (options.use_chroot) {
++		} else if (options.use_chroot) {
 +			user_dir = xstrdup(pw->pw_dir);
 +			new_root = user_dir + 1;
 +
@@ -92,32 +92,34 @@
 +
 +					if(chroot(user_dir) != 0)
 +						fatal("Couldn't chroot to user directory %s", user_dir);
-+						pw->pw_dir = new_root;
-+						break;
-+					}
-+					new_root += 2;
++					pw->pw_dir = new_root;
++					break;
++				}
++				new_root += 2;
 +			}
-+		}
 +#endif /* CHROOT */
- # ifdef USE_PAM
- 		/*
- 		 * PAM credentials may take the form of supplementary groups.
+ 		}
+ 
++
+ #ifdef HAVE_LOGIN_CAP
+ 		if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
+ 			perror("unable to set user context (setuser)");
 --- openssh-3.7.1p2/sshd_config	2003-09-02 14:51:18.000000000 +0200
 +++ openssh-3.7.1p2.pius/sshd_config	2003-10-07 20:49:08.000000000 +0200
-@@ -71,6 +71,10 @@
- # bypass the setting of 'PasswordAuthentication'
- #UsePAM yes
+@@ -91,6 +91,10 @@
+ # and ChallengeResponseAuthentication to 'no'.
+ UsePAM yes
  
 +# Set this to 'yes' to enable support for chrooted user environment.
-+# You must create such environment before you can use this feature. 
++# You must create such environment before you can use this feature.
 +#UseChroot yes
 +
- #AllowTcpForwarding yes
- #GatewayPorts no
- #X11Forwarding no
---- openssh-3.7.1p2/sshd_config.0	2003-09-23 11:55:19.000000000 +0200
-+++ openssh-3.7.1p2.pius/sshd_config.0	2003-10-07 20:49:08.000000000 +0200
-@@ -349,6 +349,16 @@
+ #AllowAgentForwarding yes
+ # Security advisory:
+ # http://securitytracker.com/alerts/2004/Sep/1011143.html
+--- openssh-4.4p1/sshd_config.0.orig	2006-09-26 13:03:48.000000000 +0200
++++ openssh-4.4p1/sshd_config.0	2006-10-05 10:11:41.615971000 +0200
+@@ -451,6 +451,16 @@
               To disable TCP keepalive messages, the value should be set to
               ``no''.
  
@@ -131,7 +133,7 @@
 +             For this to work properly you have to create special chroot-jail
 +             environment in a /path/to/chroot directory.
 +
-      UseDNS  Specifies whether sshd should look up the remote host name and
+      UseDNS  Specifies whether sshd(8) should look up the remote host name and
               check that the resolved host name for the remote IP address maps
               back to the very same IP address.  The default is ``yes''.
 --- openssh-3.8p1/sshd_config.5.orig	2004-02-18 04:31:24.000000000 +0100