---- openssh-3.7.1p2/servconf.c 2003-09-23 11:24:21.000000000 +0200
-+++ openssh-3.7.1p2.pius/servconf.c 2003-10-07 20:49:08.000000000 +0200
-@@ -41,7 +41,9 @@
+--- openssh-4.4p1/servconf.c.orig 2006-08-18 16:23:15.000000000 +0200
++++ openssh-4.4p1/servconf.c 2006-10-05 10:11:17.065971000 +0200
+@@ -56,7 +56,9 @@
/* Portable-specific options */
options->use_pam = -1;
/* Standard Options */
options->num_ports = 0;
options->ports_from_cmdline = 0;
-@@ -112,6 +114,9 @@
+@@ -131,6 +133,9 @@
if (options->use_pam == -1)
options->use_pam = 0;
/* Standard Options */
if (options->protocol == SSH_PROTO_UNKNOWN)
options->protocol = SSH_PROTO_1|SSH_PROTO_2;
-@@ -245,6 +250,7 @@
+@@ -270,6 +275,7 @@
sBadOption, /* == unknown option */
/* Portable-specific options */
sUsePAM,
/* Standard Options */
sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
sPermitRootLogin, sLogFacility, sLogLevel,
-@@ -278,6 +284,11 @@
+@@ -312,6 +318,11 @@
#else
- { "usepam", sUnsupported },
+ { "usepam", sUnsupported, SSHCFG_GLOBAL },
#endif
+#ifdef CHROOT
-+ { "usechroot", sUseChroot },
++ { "usechroot", sUseChroot, SSHCFG_GLOBAL },
+#else
-+ { "usechroot", sUnsupported },
++ { "usechroot", sUnsupported, SSHCFG_GLOBAL },
+#endif /* CHROOT */
- { "pamauthenticationviakbdint", sDeprecated },
+ { "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL },
/* Standard Options */
- { "port", sPort },
-@@ -437,6 +448,10 @@
+ { "port", sPort, SSHCFG_GLOBAL },
+@@ -662,6 +673,10 @@
intptr = &options->use_pam;
goto parse_flag;
int use_dns;
int client_alive_interval; /*
* poke the client this often to
---- openssh-4.0p1/session.c.orig 2005-03-06 12:38:52.000000000 +0100
-+++ openssh-4.0p1/session.c 2005-03-10 15:14:04.000000000 +0100
-@@ -1258,6 +1258,10 @@
- void
+--- ./session.c.org 2008-05-05 16:22:11.935003283 +0200
++++ ./session.c 2008-05-05 16:32:50.025507650 +0200
+@@ -1345,6 +1345,10 @@ void
do_setusercontext(struct passwd *pw)
{
+ char *chroot_path, *tmp;
+#ifdef CHROOT
+ char *user_dir;
+ char *new_root;
+#endif /* CHROOT */
- #ifndef HAVE_CYGWIN
- if (getuid() == 0 || geteuid() == 0)
- #endif /* HAVE_CYGWIN */
-@@ -1315,6 +1319,26 @@
- restore_uid();
- }
- #endif
+
+ #ifdef WITH_SELINUX
+ /* Cache selinux status for later use */
+@@ -1425,8 +1429,28 @@ do_setusercontext(struct passwd *pw)
+ safely_chroot(chroot_path, pw->pw_uid);
+ free(tmp);
+ free(chroot_path);
+#ifdef CHROOT
-+ if (options.use_chroot) {
++ } else if (options.use_chroot) {
+ user_dir = xstrdup(pw->pw_dir);
+ new_root = user_dir + 1;
+
+
+ if(chroot(user_dir) != 0)
+ fatal("Couldn't chroot to user directory %s", user_dir);
-+ pw->pw_dir = new_root;
-+ break;
-+ }
-+ new_root += 2;
++ pw->pw_dir = new_root;
++ break;
++ }
++ new_root += 2;
+ }
-+ }
+#endif /* CHROOT */
- # ifdef USE_PAM
- /*
- * PAM credentials may take the form of supplementary groups.
+ }
+
++
+ #ifdef HAVE_LOGIN_CAP
+ if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
+ perror("unable to set user context (setuser)");
--- openssh-3.7.1p2/sshd_config 2003-09-02 14:51:18.000000000 +0200
+++ openssh-3.7.1p2.pius/sshd_config 2003-10-07 20:49:08.000000000 +0200
-@@ -71,6 +71,10 @@
- # bypass the setting of 'PasswordAuthentication'
- #UsePAM yes
+@@ -91,6 +91,10 @@
+ # and ChallengeResponseAuthentication to 'no'.
+ UsePAM yes
+# Set this to 'yes' to enable support for chrooted user environment.
-+# You must create such environment before you can use this feature.
++# You must create such environment before you can use this feature.
+#UseChroot yes
+
- #AllowTcpForwarding yes
- #GatewayPorts no
- #X11Forwarding no
---- openssh-3.7.1p2/sshd_config.0 2003-09-23 11:55:19.000000000 +0200
-+++ openssh-3.7.1p2.pius/sshd_config.0 2003-10-07 20:49:08.000000000 +0200
-@@ -349,6 +349,16 @@
+ #AllowAgentForwarding yes
+ # Security advisory:
+ # http://securitytracker.com/alerts/2004/Sep/1011143.html
+--- openssh-4.4p1/sshd_config.0.orig 2006-09-26 13:03:48.000000000 +0200
++++ openssh-4.4p1/sshd_config.0 2006-10-05 10:11:41.615971000 +0200
+@@ -451,6 +451,16 @@
To disable TCP keepalive messages, the value should be set to
``no''.
+ For this to work properly you have to create special chroot-jail
+ environment in a /path/to/chroot directory.
+
- UseDNS Specifies whether sshd should look up the remote host name and
+ UseDNS Specifies whether sshd(8) should look up the remote host name and
check that the resolved host name for the remote IP address maps
back to the very same IP address. The default is ``yes''.
--- openssh-3.8p1/sshd_config.5.orig 2004-02-18 04:31:24.000000000 +0100
projects / packages / openssh.git / blobdiff