[packages/openssh.git] / openssh-chroot.patch

diff -urNp -x '*.orig' openssh-8.4p1.org/servconf.c openssh-8.4p1/servconf.c
--- openssh-8.4p1.org/servconf.c	2020-09-27 09:25:01.000000000 +0200
+++ openssh-8.4p1/servconf.c	2021-03-01 11:30:33.634174889 +0100
@@ -92,7 +92,9 @@ initialize_server_options(ServerOptions
 
 	/* Portable-specific options */
 	options->use_pam = -1;
-
+	
+	options->use_chroot = -1;
+	
 	/* Standard Options */
 	options->num_ports = 0;
 	options->ports_from_cmdline = 0;
@@ -301,6 +303,9 @@ fill_default_server_options(ServerOption
 	if (options->use_pam == -1)
 		options->use_pam = 0;
 
+	if (options->use_chroot == -1)
+		options->use_chroot = 0;
+	
 	/* Standard Options */
 	if (options->num_host_key_files == 0) {
 		/* fill default hostkeys for protocols */
@@ -502,6 +507,7 @@ typedef enum {
 	sBadOption,		/* == unknown option */
 	/* Portable-specific options */
 	sUsePAM,
+	sUseChroot,
 	/* Standard Options */
 	sPort, sHostKeyFile, sLoginGraceTime,
 	sPermitRootLogin, sLogFacility, sLogLevel, sLogVerbose,
@@ -556,6 +562,11 @@ static struct {
 #else
 	{ "usepam", sUnsupported, SSHCFG_GLOBAL },
 #endif
+#ifdef CHROOT
+	{ "usechroot", sUseChroot, SSHCFG_GLOBAL },
+#else
+	{ "usechroot", sUnsupported, SSHCFG_GLOBAL },
+#endif /* CHROOT */
 	{ "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL },
 	/* Standard Options */
 	{ "port", sPort, SSHCFG_GLOBAL },
@@ -1319,6 +1330,10 @@ process_server_config_line_depth(ServerO
 		intptr = &options->use_pam;
 		goto parse_flag;
 
+	case sUseChroot:
+		intptr = &options->use_chroot;
+		goto parse_flag;
+
 	/* Standard Options */
 	case sBadOption:
 		return -1;
diff -urNp -x '*.orig' openssh-8.4p1.org/servconf.h openssh-8.4p1/servconf.h
--- openssh-8.4p1.org/servconf.h	2020-09-27 09:25:01.000000000 +0200
+++ openssh-8.4p1/servconf.h	2021-03-01 11:30:33.637508395 +0100
@@ -178,6 +178,7 @@ typedef struct {
 	int	max_authtries;
 	int	max_sessions;
 	char   *banner;			/* SSH-2 banner message */
+	int     use_chroot;		/* Enable chrooted enviroment support */
 	int	use_dns;
 	int	client_alive_interval;	/*
 					 * poke the client this often to
diff -urNp -x '*.orig' openssh-8.4p1.org/session.c openssh-8.4p1/session.c
--- openssh-8.4p1.org/session.c	2020-09-27 09:25:01.000000000 +0200
+++ openssh-8.4p1/session.c	2021-03-01 11:30:33.637508395 +0100
@@ -1367,6 +1367,10 @@ void
 do_setusercontext(struct passwd *pw)
 {
 	char uidstr[32], *chroot_path, *tmp;
+#ifdef CHROOT
+	char *user_dir;
+	char *new_root;
+#endif /* CHROOT */
 
 	platform_setusercontext(pw);
 
@@ -1409,6 +1413,29 @@ do_setusercontext(struct passwd *pw)
 			free(options.chroot_directory);
 			options.chroot_directory = NULL;
 			in_chroot = 1;
+#ifdef CHROOT
+		} else if (!in_chroot && options.use_chroot) {
+			user_dir = xstrdup(pw->pw_dir);
+			new_root = user_dir + 1;
+
+			while ((new_root = strchr(new_root, '.')) != NULL) {
+				new_root--;
+				if (strncmp(new_root, "/./", 3) == 0) {
+					*new_root = '\0';
+					new_root += 2;
+
+					if (chroot(user_dir) != 0)
+						fatal("Couldn't chroot to user directory %s", user_dir);
+					/* NOTE: session->pw comes from pwcopy(), so replace pw_dir this way (incompatible with plain getpwnam() or getpwnam_r()) */
+					free(pw->pw_dir);
+					pw->pw_dir = xstrdup(new_root);
+					in_chroot = 1;
+					break;
+				}
+				new_root += 2;
+			}
+			free(user_dir);
+#endif /* CHROOT */
 		}
 
 #ifdef HAVE_LOGIN_CAP
diff -urNp -x '*.orig' openssh-8.4p1.org/sshd_config openssh-8.4p1/sshd_config
--- openssh-8.4p1.org/sshd_config	2021-03-01 11:30:33.370827964 +0100
+++ openssh-8.4p1/sshd_config	2021-03-01 11:30:33.637508395 +0100
@@ -85,6 +85,10 @@ GSSAPIAuthentication yes
 # and ChallengeResponseAuthentication to 'no'.
 UsePAM yes
 
+# Set this to 'yes' to enable support for chrooted user environment.
+# You must create such environment before you can use this feature.
+#UseChroot yes
+
 #AllowAgentForwarding yes
 # Security advisory:
 # http://securitytracker.com/alerts/2004/Sep/1011143.html
diff -urNp -x '*.orig' openssh-8.4p1.org/sshd_config.0 openssh-8.4p1/sshd_config.0
--- openssh-8.4p1.org/sshd_config.0	2020-09-27 09:42:11.000000000 +0200
+++ openssh-8.4p1/sshd_config.0	2021-03-01 11:30:33.637508395 +0100
@@ -1011,6 +1011,16 @@ DESCRIPTION
              TrustedUserCAKeys.  For more details on certificates, see the
              CERTIFICATES section in ssh-keygen(1).
 
+     UseChroot
+             Specifies whether to use chroot-jail environment with ssh/sftp,
+             i.e. restrict users to a particular area in the filesystem. This
+             is done by setting user home directory to, for example,
+             /path/to/chroot/./home/username.  sshd looks for a '.' in the
+             users home directory, then calls chroot(2) to whatever directory
+             was before the . and continues with the normal ssh functionality.
+             For this to work properly you have to create special chroot-jail
+             environment in a /path/to/chroot directory.
+
      UseDNS  Specifies whether sshd(8) should look up the remote host name,
              and to check that the resolved host name for the remote IP
              address maps back to the very same IP address.
diff -urNp -x '*.orig' openssh-8.4p1.org/sshd_config.5 openssh-8.4p1/sshd_config.5
--- openssh-8.4p1.org/sshd_config.5	2020-09-27 09:25:01.000000000 +0200
+++ openssh-8.4p1/sshd_config.5	2021-03-01 11:30:33.637508395 +0100
@@ -1640,6 +1640,16 @@ Gives the facility code that is used whe
 The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
 LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
 The default is AUTH.
+.It Cm UseChroot
+Specifies whether to use chroot-jail environment with ssh/sftp, i.e. restrict
+users to a particular area in the filesystem. This is done by setting user
+home directory to, for example, /path/to/chroot/./home/username.
+.Nm sshd
+looks for a '.' in the users home directory, then calls
+.Xr chroot 2
+to whatever directory was before the . and continues with the normal ssh
+functionality. For this to work properly you have to create special chroot-jail
+environment in a /path/to/chroot directory.
 .It Cm TCPKeepAlive
 Specifies whether the system should send TCP keepalive messages to the
 other side.
Commit	Line	Data
7ae7664a AM	1	diff -urNp -x '*.orig' openssh-8.4p1.org/servconf.c openssh-8.4p1/servconf.c
	2	--- openssh-8.4p1.org/servconf.c 2020-09-27 09:25:01.000000000 +0200
	3	+++ openssh-8.4p1/servconf.c 2021-03-01 11:30:33.634174889 +0100
	4	@@ -92,7 +92,9 @@ initialize_server_options(ServerOptions
f11993b4 PG	5
	6	/* Portable-specific options */
	7	options->use_pam = -1;
	8	-
	9	+
	10	+ options->use_chroot = -1;
	11	+
	12	/* Standard Options */
	13	options->num_ports = 0;
	14	options->ports_from_cmdline = 0;
7ae7664a	15	@@ -301,6 +303,9 @@ fill_default_server_options(ServerOption
f11993b4 PG	16	if (options->use_pam == -1)
	17	options->use_pam = 0;
	18
	19	+ if (options->use_chroot == -1)
	20	+ options->use_chroot = 0;
	21	+
	22	/* Standard Options */
7ae7664a AM	23	if (options->num_host_key_files == 0) {
	24	/* fill default hostkeys for protocols */
	25	@@ -502,6 +507,7 @@ typedef enum {
f11993b4 PG	26	sBadOption, /* == unknown option */
	27	/* Portable-specific options */
	28	sUsePAM,
	29	+ sUseChroot,
	30	/* Standard Options */
7ae7664a	31	sPort, sHostKeyFile, sLoginGraceTime,
cf41b13a	32	sPermitRootLogin, sLogFacility, sLogLevel, sLogVerbose,
7ae7664a	33	@@ -556,6 +562,11 @@ static struct {
f11993b4 PG	34	#else
	35	{ "usepam", sUnsupported, SSHCFG_GLOBAL },
	36	#endif
	37	+#ifdef CHROOT
	38	+ { "usechroot", sUseChroot, SSHCFG_GLOBAL },
	39	+#else
	40	+ { "usechroot", sUnsupported, SSHCFG_GLOBAL },
	41	+#endif /* CHROOT */
	42	{ "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL },
	43	/* Standard Options */
	44	{ "port", sPort, SSHCFG_GLOBAL },
7ae7664a	45	@@ -1319,6 +1330,10 @@ process_server_config_line_depth(ServerO
f11993b4 PG	46	intptr = &options->use_pam;
	47	goto parse_flag;
	48
	49	+ case sUseChroot:
	50	+ intptr = &options->use_chroot;
	51	+ goto parse_flag;
	52	+
	53	/* Standard Options */
	54	case sBadOption:
	55	return -1;
7ae7664a AM	56	diff -urNp -x '*.orig' openssh-8.4p1.org/servconf.h openssh-8.4p1/servconf.h
	57	--- openssh-8.4p1.org/servconf.h 2020-09-27 09:25:01.000000000 +0200
	58	+++ openssh-8.4p1/servconf.h 2021-03-01 11:30:33.637508395 +0100
	59	@@ -178,6 +178,7 @@ typedef struct {
	60	int max_authtries;
	61	int max_sessions;
f11993b4 PG	62	char banner; / SSH-2 banner message */
	63	+ int use_chroot; /* Enable chrooted enviroment support */
	64	int use_dns;
	65	int client_alive_interval; /*
	66	* poke the client this often to
7ae7664a AM	67	diff -urNp -x '*.orig' openssh-8.4p1.org/session.c openssh-8.4p1/session.c
	68	--- openssh-8.4p1.org/session.c 2020-09-27 09:25:01.000000000 +0200
	69	+++ openssh-8.4p1/session.c 2021-03-01 11:30:33.637508395 +0100
	70	@@ -1367,6 +1367,10 @@ void
f685d17f JB	71	do_setusercontext(struct passwd *pw)
f685d17f JB	72	{
c4f5c632	73	char uidstr[32], chroot_path, tmp;
f11993b4 PG	74	+#ifdef CHROOT
	75	+ char *user_dir;
	76	+ char *new_root;
	77	+#endif /* CHROOT */
	78
f6a10c37 AM	79	platform_setusercontext(pw);
f6a10c37 AM	80
7ae7664a	81	@@ -1409,6 +1413,29 @@ do_setusercontext(struct passwd *pw)
f685d17f JB	82	free(options.chroot_directory);
	83	options.chroot_directory = NULL;
	84	in_chroot = 1;
f11993b4	85	+#ifdef CHROOT
f685d17f	86	+ } else if (!in_chroot && options.use_chroot) {
f11993b4 PG	87	+ user_dir = xstrdup(pw->pw_dir);
	88	+ new_root = user_dir + 1;
	89	+
f685d17f	90	+ while ((new_root = strchr(new_root, '.')) != NULL) {
f11993b4	91	+ new_root--;
f685d17f	92	+ if (strncmp(new_root, "/./", 3) == 0) {
f11993b4 PG	93	+ *new_root = '\0';
	94	+ new_root += 2;
	95	+
f685d17f	96	+ if (chroot(user_dir) != 0)
f11993b4	97	+ fatal("Couldn't chroot to user directory %s", user_dir);
f685d17f JB	98	+ /* NOTE: session->pw comes from pwcopy(), so replace pw_dir this way (incompatible with plain getpwnam() or getpwnam_r()) */
	99	+ free(pw->pw_dir);
	100	+ pw->pw_dir = xstrdup(new_root);
	101	+ in_chroot = 1;
f11993b4 PG	102	+ break;
	103	+ }
	104	+ new_root += 2;
	105	+ }
f685d17f	106	+ free(user_dir);
f11993b4 PG	107	+#endif /* CHROOT */
	108	}
	109
08811ee8	110	#ifdef HAVE_LOGIN_CAP
7ae7664a AM	111	diff -urNp -x '*.orig' openssh-8.4p1.org/sshd_config openssh-8.4p1/sshd_config
	112	--- openssh-8.4p1.org/sshd_config 2021-03-01 11:30:33.370827964 +0100
	113	+++ openssh-8.4p1/sshd_config 2021-03-01 11:30:33.637508395 +0100
	114	@@ -85,6 +85,10 @@ GSSAPIAuthentication yes
fc8529e5 AM	115	# and ChallengeResponseAuthentication to 'no'.
fc8529e5 AM	116	UsePAM yes
f11993b4 PG	117
f11993b4 PG	118	+# Set this to 'yes' to enable support for chrooted user environment.
fc8529e5	119	+# You must create such environment before you can use this feature.
f11993b4 PG	120	+#UseChroot yes
f11993b4 PG	121	+
fc8529e5 AM	122	#AllowAgentForwarding yes
	123	# Security advisory:
	124	# http://securitytracker.com/alerts/2004/Sep/1011143.html
7ae7664a AM	125	diff -urNp -x '*.orig' openssh-8.4p1.org/sshd_config.0 openssh-8.4p1/sshd_config.0
	126	--- openssh-8.4p1.org/sshd_config.0 2020-09-27 09:42:11.000000000 +0200
	127	+++ openssh-8.4p1/sshd_config.0 2021-03-01 11:30:33.637508395 +0100
	128	@@ -1011,6 +1011,16 @@ DESCRIPTION
f9d8b6a7 AM	129	TrustedUserCAKeys. For more details on certificates, see the
f9d8b6a7 AM	130	CERTIFICATES section in ssh-keygen(1).
f11993b4 PG	131
	132	+ UseChroot
	133	+ Specifies whether to use chroot-jail environment with ssh/sftp,
	134	+ i.e. restrict users to a particular area in the filesystem. This
	135	+ is done by setting user home directory to, for example,
	136	+ /path/to/chroot/./home/username. sshd looks for a '.' in the
	137	+ users home directory, then calls chroot(2) to whatever directory
	138	+ was before the . and continues with the normal ssh functionality.
	139	+ For this to work properly you have to create special chroot-jail
	140	+ environment in a /path/to/chroot directory.
	141	+
f9d8b6a7 AM	142	UseDNS Specifies whether sshd(8) should look up the remote host name,
	143	and to check that the resolved host name for the remote IP
	144	address maps back to the very same IP address.
7ae7664a AM	145	diff -urNp -x '*.orig' openssh-8.4p1.org/sshd_config.5 openssh-8.4p1/sshd_config.5
	146	--- openssh-8.4p1.org/sshd_config.5 2020-09-27 09:25:01.000000000 +0200
	147	+++ openssh-8.4p1/sshd_config.5 2021-03-01 11:30:33.637508395 +0100
	148	@@ -1640,6 +1640,16 @@ Gives the facility code that is used whe
f11993b4 PG	149	The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
	150	LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
	151	The default is AUTH.
	152	+.It Cm UseChroot
	153	+Specifies whether to use chroot-jail environment with ssh/sftp, i.e. restrict
	154	+users to a particular area in the filesystem. This is done by setting user
	155	+home directory to, for example, /path/to/chroot/./home/username.
	156	+.Nm sshd
	157	+looks for a '.' in the users home directory, then calls
	158	+.Xr chroot 2
	159	+to whatever directory was before the . and continues with the normal ssh
	160	+functionality. For this to work properly you have to create special chroot-jail
	161	+environment in a /path/to/chroot directory.
	162	.It Cm TCPKeepAlive
	163	Specifies whether the system should send TCP keepalive messages to the
	164	other side.