Updated

author: Damien Miller <djm@mindrot.org> 2000-04-16 12:50:52 +1000
committer: Damien Miller <djm@mindrot.org> 2000-04-16 12:50:52 +1000
commit: dd034dad949018620cbc69cf35f2beb092de4cdc (patch)
tree: 83cc210711a92b6dfb6fab24a58b23093b84d649 /contrib/chroot.diff
parent: 1d2723f5567f961c9dea61c7db5e0e64879a1d97 (diff)
1 files changed, 46 insertions, 119 deletions
diff --git a/contrib/chroot.diff b/contrib/chroot.diff
index 850bd8ffc..d2a42d85b 100644
--- a/contrib/chroot.diff
+++ b/contrib/chroot.diff
@@ -5,130 +5,57 @@ A patch to cause sshd to chroot when it encounters the magic token
 token is the directory to chroot() to, the portion after the
 token is the user's home directory relative to the new root.
+Index: session.c
+===================================================================
-diff -ruN openssh-1.2.3pre2-orig/acconfig.h openssh-1.2.3pre2/acconfig.h
+RCS file: /var/cvs/openssh/session.c,v
--- openssh-1.2.3pre2-orig/acconfig.h   Sat Mar 11 20:45:40 2000
+retrieving revision 1.4
-+++ openssh-1.2.3pre2/acconfig.h        Wed Mar 15 11:44:33 2000
+diff -u -r1.4 session.c
-@@ -159,6 +159,9 @@
+--- session.c   2000/04/16 02:31:51     1.4
- /* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */
+++ session.c   2000/04/16 02:47:55
- #undef IPV4_IN_IPV6
+@@ -27,6 +27,8 @@
- 
+ #include "ssh2.h"
-+/* Define if you want to enable chrooted users */
+ #include "auth.h"
-+#undef CHROOT
+ 
-+
+#define CHROOT
- @BOTTOM@
+
- 
+ /* types */
- /* ******************* Shouldn't need to edit below this line ************** */
+ 
-diff -ruN openssh-1.2.3pre2-orig/config.h.in openssh-1.2.3pre2/config.h.in
+ #define TTYSZ 64
--- openssh-1.2.3pre2-orig/config.h.in  Wed Mar 15 11:51:02 2000
+@@ -783,6 +785,10 @@
-+++ openssh-1.2.3pre2/config.h.in       Wed Mar 15 11:46:33 2000
-@@ -140,6 +140,9 @@
- /* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */
- #undef IPV4_IN_IPV6
- 
-+/* Define if you want to enable chrooted users */
-+#undef CHROOT
-+
- /* The number of bytes in a char.  */
- #undef SIZEOF_CHAR
- 
-diff -ruN openssh-1.2.3pre2-orig/configure openssh-1.2.3pre2/configure
--- openssh-1.2.3pre2-orig/configure    Wed Mar 15 11:51:03 2000
-+++ openssh-1.2.3pre2/configure Wed Mar 15 11:46:34 2000
-@@ -52,6 +52,8 @@
- ac_help="$ac_help
-   --with-4in6             Check for and convert IPv4 in IPv6 mapped addresses"
- ac_help="$ac_help
-+  --with-chroot           Enable chroot using /./ directory token"
-+ac_help="$ac_help
-   --with-pid-dir=PATH     Specify location of ssh.pid file"
- 
- # Initialize some variables set by options.
-@@ -3605,6 +3607,22 @@
- 
-                else
-                        echo "$ac_t""no (default)" 1>&6
-+               fi
-+       
-+
-+fi
-+
-+
-+# Whether to enable the magic chroot token
-+# Check whether --with-chroot or --without-chroot was given.
-+if test "${with_chroot+set}" = set; then
-+  withval="$with_chroot"
-+  
-+               if test "x$withval" != "xno" ; then     
-+                       cat >> confdefs.h <<\EOF
-+#define CHROOT 1
-+EOF
-+
-                fi
-        
- 
-diff -ruN openssh-1.2.3pre2-orig/configure.in openssh-1.2.3pre2/configure.in
--- openssh-1.2.3pre2-orig/configure.in Sat Mar 11 20:45:41 2000
-+++ openssh-1.2.3pre2/configure.in      Wed Mar 15 11:46:04 2000
-@@ -810,6 +810,16 @@
-        ]
- )
- 
-+# Whether to enable the magic chroot token
-+AC_ARG_WITH(chroot,
-+       [  --with-chroot           Enable chroot using /./ directory token],
-+       [
-+               if test "x$withval" != "xno" ; then     
-+                       AC_DEFINE(CHROOT)
-+               fi
-+       ]
-+)
-+
- # Where to place sshd.pid
- piddir=/var/run
- AC_ARG_WITH(pid-dir,
-diff -ruN openssh-1.2.3pre2-orig/sshd.c openssh-1.2.3pre2/sshd.c
--- openssh-1.2.3pre2-orig/sshd.c       Sat Mar 11 11:58:29 2000
-+++ openssh-1.2.3pre2/sshd.c    Wed Mar 15 11:43:38 2000
-@@ -2365,6 +2365,10 @@
        extern char **environ;
        struct stat st;
        char *argv[10];
-+#ifdef CHROOT /* patch by rmcc */
+#ifdef CHROOT
-+        char *user_dir;
+       char *user_dir;
-+        char *new_root;
+       char *new_root;
 +#endif /* CHROOT */
 
 #ifndef USE_PAM /* pam_nologin handles this */
-        /* Check /etc/nologin. */
+        f = fopen("/etc/nologin", "r");
-@@ -2422,6 +2426,29 @@
+@@ -799,6 +805,26 @@
-                krb_afslog(0, 0);
+        /* Set login name in the kernel. */
-        }
+        if (setlogin(pw->pw_name) < 0)
- #endif /* AFS */
+                error("setlogin failed: %s", strerror(errno));
-+
+
-+#ifdef CHROOT /* patch by rmcc */
+#ifdef CHROOT
-+
+       user_dir = xstrdup(pw->pw_dir);
-+        user_dir = xstrdup(pw->pw_dir);
+       new_root = user_dir + 1;                                                                                  
-+        new_root = user_dir;                                  
+
-+
+       while((new_root = strchr(new_root, '.')) != NULL) {
-+        while((new_root = strchr(new_root, '.')) != NULL){
+               new_root--;
-+          new_root--;
+               if(strncmp(new_root, "/./", 3) == 0) {
-+          if(strncmp(new_root, "/./", 3) == 0){
+                       *new_root = '\0';
-+            *new_root = 0;
+                       new_root += 2;
-+            new_root += 2;
+
-+            if(chroot(user_dir) != 0){
+                       if(chroot(user_dir) != 0)
-+              printf("Couldn't chroot!\n");
+                               fatal("Couldn't chroot to user directory %s", user_dir);
-+              exit(1);
+
-+            }
+                       pw->pw_dir = new_root;
-+            pw->pw_dir = new_root;
+                       break;
-+            break;
+               }
-+          }
+               new_root += 2;
-+          new_root +=2;
+       }
-+        }
-+
-+
 +#endif /* CHROOT */
 
-        /* Initialize the environment. */
+        /* Set uid, gid, and groups. */
-        envsize = 100;
+        /* Login(1) does this as well, and it needs uid 0 for the "-h"
author	Damien Miller <djm@mindrot.org>	2000-04-16 12:50:52 +1000
committer	Damien Miller <djm@mindrot.org>	2000-04-16 12:50:52 +1000
commit	dd034dad949018620cbc69cf35f2beb092de4cdc (patch)
tree	83cc210711a92b6dfb6fab24a58b23093b84d649 /contrib/chroot.diff
parent	1d2723f5567f961c9dea61c7db5e0e64879a1d97 (diff)

diff --git a/contrib/chroot.diff b/contrib/chroot.diff index 850bd8ffc..d2a42d85b 100644 --- a/contrib/chroot.diff +++ b/contrib/chroot.diff
@@ -5,130 +5,57 @@ A patch to cause sshd to chroot when it encounters the magic token
5	token is the directory to chroot() to, the portion after the	5	token is the directory to chroot() to, the portion after the
6	token is the user's home directory relative to the new root.	6	token is the user's home directory relative to the new root.
7		7
8		8	Index: session.c
9		9	===================================================================
10	diff -ruN openssh-1.2.3pre2-orig/acconfig.h openssh-1.2.3pre2/acconfig.h	10	RCS file: /var/cvs/openssh/session.c,v
11	--- openssh-1.2.3pre2-orig/acconfig.h Sat Mar 11 20:45:40 2000	11	retrieving revision 1.4
12	+++ openssh-1.2.3pre2/acconfig.h Wed Mar 15 11:44:33 2000	12	diff -u -r1.4 session.c
13	@@ -159,6 +159,9 @@	13	--- session.c 2000/04/16 02:31:51 1.4
14	/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */	14	+++ session.c 2000/04/16 02:47:55
15	#undef IPV4_IN_IPV6	15	@@ -27,6 +27,8 @@
16		16	#include "ssh2.h"
17	+/* Define if you want to enable chrooted users */	17	#include "auth.h"
18	+#undef CHROOT	18
19	+	19	+#define CHROOT
20	@BOTTOM@	20	+
21		21	/* types */
22	/* ***************** Shouldn't need to edit below this line ************ */	22
23	diff -ruN openssh-1.2.3pre2-orig/config.h.in openssh-1.2.3pre2/config.h.in	23	#define TTYSZ 64
24	--- openssh-1.2.3pre2-orig/config.h.in Wed Mar 15 11:51:02 2000	24	@@ -783,6 +785,10 @@
25	+++ openssh-1.2.3pre2/config.h.in Wed Mar 15 11:46:33 2000
26	@@ -140,6 +140,9 @@
27	/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */
28	#undef IPV4_IN_IPV6
29
30	+/* Define if you want to enable chrooted users */
31	+#undef CHROOT
32	+
33	/* The number of bytes in a char. */
34	#undef SIZEOF_CHAR
35
36	diff -ruN openssh-1.2.3pre2-orig/configure openssh-1.2.3pre2/configure
37	--- openssh-1.2.3pre2-orig/configure Wed Mar 15 11:51:03 2000
38	+++ openssh-1.2.3pre2/configure Wed Mar 15 11:46:34 2000
39	@@ -52,6 +52,8 @@
40	ac_help="$ac_help
41	--with-4in6 Check for and convert IPv4 in IPv6 mapped addresses"
42	ac_help="$ac_help
43	+ --with-chroot Enable chroot using /./ directory token"
44	+ac_help="$ac_help
45	--with-pid-dir=PATH Specify location of ssh.pid file"
46
47	# Initialize some variables set by options.
48	@@ -3605,6 +3607,22 @@
49
50	else
51	echo "$ac_t""no (default)" 1>&6
52	+ fi
53	+
54	+
55	+fi
56	+
57	+
58	+# Whether to enable the magic chroot token
59	+# Check whether --with-chroot or --without-chroot was given.
60	+if test "${with_chroot+set}" = set; then
61	+ withval="$with_chroot"
62	+
63	+ if test "x$withval" != "xno" ; then
64	+ cat >> confdefs.h <<\EOF
65	+#define CHROOT 1
66	+EOF
67	+
68	fi
69
70
71	diff -ruN openssh-1.2.3pre2-orig/configure.in openssh-1.2.3pre2/configure.in
72	--- openssh-1.2.3pre2-orig/configure.in Sat Mar 11 20:45:41 2000
73	+++ openssh-1.2.3pre2/configure.in Wed Mar 15 11:46:04 2000
74	@@ -810,6 +810,16 @@
75	]
76	)
77
78	+# Whether to enable the magic chroot token
79	+AC_ARG_WITH(chroot,
80	+ [ --with-chroot Enable chroot using /./ directory token],
81	+ [
82	+ if test "x$withval" != "xno" ; then
83	+ AC_DEFINE(CHROOT)
84	+ fi
85	+ ]
86	+)
87	+
88	# Where to place sshd.pid
89	piddir=/var/run
90	AC_ARG_WITH(pid-dir,
91	diff -ruN openssh-1.2.3pre2-orig/sshd.c openssh-1.2.3pre2/sshd.c
92	--- openssh-1.2.3pre2-orig/sshd.c Sat Mar 11 11:58:29 2000
93	+++ openssh-1.2.3pre2/sshd.c Wed Mar 15 11:43:38 2000
94	@@ -2365,6 +2365,10 @@
95	extern char **environ;	25	extern char **environ;
96	struct stat st;	26	struct stat st;
97	char *argv[10];	27	char *argv[10];
98	+#ifdef CHROOT /* patch by rmcc */	28	+#ifdef CHROOT
99	+ char *user_dir;	29	+ char *user_dir;
100	+ char *new_root;	30	+ char *new_root;
101	+#endif /* CHROOT */	31	+#endif /* CHROOT */
102		32
103	#ifndef USE_PAM /* pam_nologin handles this */	33	#ifndef USE_PAM /* pam_nologin handles this */
104	/* Check /etc/nologin. */	34	f = fopen("/etc/nologin", "r");
105	@@ -2422,6 +2426,29 @@	35	@@ -799,6 +805,26 @@
106	krb_afslog(0, 0);	36	/* Set login name in the kernel. */
107	}	37	if (setlogin(pw->pw_name) < 0)
108	#endif /* AFS */	38	error("setlogin failed: %s", strerror(errno));
109	+	39	+
110	+#ifdef CHROOT /* patch by rmcc */	40	+#ifdef CHROOT
111	+	41	+ user_dir = xstrdup(pw->pw_dir);
112	+ user_dir = xstrdup(pw->pw_dir);	42	+ new_root = user_dir + 1;
113	+ new_root = user_dir;	43	+
114	+	44	+ while((new_root = strchr(new_root, '.')) != NULL) {
115	+ while((new_root = strchr(new_root, '.')) != NULL){	45	+ new_root--;
116	+ new_root--;	46	+ if(strncmp(new_root, "/./", 3) == 0) {
117	+ if(strncmp(new_root, "/./", 3) == 0){	47	+ *new_root = '\0';
118	+ *new_root = 0;	48	+ new_root += 2;
119	+ new_root += 2;	49	+
120	+ if(chroot(user_dir) != 0){	50	+ if(chroot(user_dir) != 0)
121	+ printf("Couldn't chroot!\n");	51	+ fatal("Couldn't chroot to user directory %s", user_dir);
122	+ exit(1);	52	+
123	+ }	53	+ pw->pw_dir = new_root;
124	+ pw->pw_dir = new_root;	54	+ break;
125	+ break;	55	+ }
126	+ }	56	+ new_root += 2;
127	+ new_root +=2;	57	+ }
128	+ }
129	+
130	+
131	+#endif /* CHROOT */	58	+#endif /* CHROOT */
132		59
133	/* Initialize the environment. */	60	/* Set uid, gid, and groups. */
134	envsize = 100;	61	/* Login(1) does this as well, and it needs uid 0 for the "-h"