+++ /dev/null
---- openssh-4.4p1/servconf.c.orig 2006-08-18 16:23:15.000000000 +0200
-+++ openssh-4.4p1/servconf.c 2006-10-05 10:11:17.065971000 +0200
-@@ -56,7 +56,9 @@
-
- /* Portable-specific options */
- options->use_pam = -1;
--
-+
-+ options->use_chroot = -1;
-+
- /* Standard Options */
- options->num_ports = 0;
- options->ports_from_cmdline = 0;
-@@ -131,6 +133,9 @@
- if (options->use_pam == -1)
- options->use_pam = 0;
-
-+ if (options->use_chroot == -1)
-+ options->use_chroot = 0;
-+
- /* Standard Options */
- if (options->protocol == SSH_PROTO_UNKNOWN)
- options->protocol = SSH_PROTO_1|SSH_PROTO_2;
-@@ -270,6 +275,7 @@
- sBadOption, /* == unknown option */
- /* Portable-specific options */
- sUsePAM,
-+ sUseChroot,
- /* Standard Options */
- sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
- sPermitRootLogin, sLogFacility, sLogLevel,
-@@ -312,6 +318,11 @@
- #else
- { "usepam", sUnsupported, SSHCFG_GLOBAL },
- #endif
-+#ifdef CHROOT
-+ { "usechroot", sUseChroot, SSHCFG_GLOBAL },
-+#else
-+ { "usechroot", sUnsupported, SSHCFG_GLOBAL },
-+#endif /* CHROOT */
- { "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL },
- /* Standard Options */
- { "port", sPort, SSHCFG_GLOBAL },
-@@ -662,6 +673,10 @@
- intptr = &options->use_pam;
- goto parse_flag;
-
-+ case sUseChroot:
-+ intptr = &options->use_chroot;
-+ goto parse_flag;
-+
- /* Standard Options */
- case sBadOption:
- return -1;
---- openssh-3.7.1p2/servconf.h 2003-09-02 14:58:22.000000000 +0200
-+++ openssh-3.7.1p2.pius/servconf.h 2003-10-07 20:49:08.000000000 +0200
-@@ -109,6 +109,7 @@
- int max_startups_rate;
- int max_startups;
- char *banner; /* SSH-2 banner message */
-+ int use_chroot; /* Enable chrooted enviroment support */
- int use_dns;
- int client_alive_interval; /*
- * poke the client this often to
---- openssh-4.0p1/session.c.orig 2005-03-06 12:38:52.000000000 +0100
-+++ openssh-4.0p1/session.c 2005-03-10 15:14:04.000000000 +0100
-@@ -1258,6 +1258,10 @@
- void
- do_setusercontext(struct passwd *pw)
- {
-+#ifdef CHROOT
-+ char *user_dir;
-+ char *new_root;
-+#endif /* CHROOT */
- #ifndef HAVE_CYGWIN
- if (getuid() == 0 || geteuid() == 0)
- #endif /* HAVE_CYGWIN */
-@@ -1315,6 +1319,26 @@
- restore_uid();
- }
- #endif
-+#ifdef CHROOT
-+ if (options.use_chroot) {
-+ user_dir = xstrdup(pw->pw_dir);
-+ new_root = user_dir + 1;
-+
-+ while((new_root = strchr(new_root, '.')) != NULL) {
-+ new_root--;
-+ if(strncmp(new_root, "/./", 3) == 0) {
-+ *new_root = '\0';
-+ new_root += 2;
-+
-+ if(chroot(user_dir) != 0)
-+ fatal("Couldn't chroot to user directory %s", user_dir);
-+ pw->pw_dir = new_root;
-+ break;
-+ }
-+ new_root += 2;
-+ }
-+ }
-+#endif /* CHROOT */
- # ifdef USE_PAM
- /*
- * PAM credentials may take the form of supplementary groups.
---- openssh-3.7.1p2/sshd_config 2003-09-02 14:51:18.000000000 +0200
-+++ openssh-3.7.1p2.pius/sshd_config 2003-10-07 20:49:08.000000000 +0200
-@@ -71,6 +71,10 @@
- # bypass the setting of 'PasswordAuthentication'
- #UsePAM yes
-
-+# Set this to 'yes' to enable support for chrooted user environment.
-+# You must create such environment before you can use this feature.
-+#UseChroot yes
-+
- #AllowTcpForwarding yes
- #GatewayPorts no
- #X11Forwarding no
---- openssh-4.4p1/sshd_config.0.orig 2006-09-26 13:03:48.000000000 +0200
-+++ openssh-4.4p1/sshd_config.0 2006-10-05 10:11:41.615971000 +0200
-@@ -451,6 +451,16 @@
- To disable TCP keepalive messages, the value should be set to
- ``no''.
-
-+ UseChroot
-+ Specifies whether to use chroot-jail environment with ssh/sftp,
-+ i.e. restrict users to a particular area in the filesystem. This
-+ is done by setting user home directory to, for example,
-+ /path/to/chroot/./home/username. sshd looks for a '.' in the
-+ users home directory, then calls chroot(2) to whatever directory
-+ was before the . and continues with the normal ssh functionality.
-+ For this to work properly you have to create special chroot-jail
-+ environment in a /path/to/chroot directory.
-+
- UseDNS Specifies whether sshd(8) should look up the remote host name and
- check that the resolved host name for the remote IP address maps
- back to the very same IP address. The default is ``yes''.
---- openssh-3.8p1/sshd_config.5.orig 2004-02-18 04:31:24.000000000 +0100
-+++ openssh-3.8p1/sshd_config.5 2004-02-25 21:17:23.000000000 +0100
-@@ -552,6 +552,16 @@
- The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
- LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
- The default is AUTH.
-+.It Cm UseChroot
-+Specifies whether to use chroot-jail environment with ssh/sftp, i.e. restrict
-+users to a particular area in the filesystem. This is done by setting user
-+home directory to, for example, /path/to/chroot/./home/username.
-+.Nm sshd
-+looks for a '.' in the users home directory, then calls
-+.Xr chroot 2
-+to whatever directory was before the . and continues with the normal ssh
-+functionality. For this to work properly you have to create special chroot-jail
-+environment in a /path/to/chroot directory.
- .It Cm TCPKeepAlive
- Specifies whether the system should send TCP keepalive messages to the
- other side.