diff options
author | Damien Miller <djm@mindrot.org> | 2008-02-10 22:40:12 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2008-02-10 22:40:12 +1100 |
commit | d8cb1f184f9acaae02bb4d15ce1e00ffbeeeac88 (patch) | |
tree | fb0100a74a6c870e835706aa487b54500510c5e1 /servconf.c | |
parent | dfc24258a75a06ea8a3f56d99d3669e1a012a1dc (diff) |
- djm@cvs.openbsd.org 2008/02/08 23:24:07
[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config]
[sshd_config.5]
add sshd_config ChrootDirectory option to chroot(2) users to a directory
and tweak internal sftp server to work with it (no special files in
chroot required). ok markus@
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/servconf.c b/servconf.c index 19c286c18..d38d0bfb1 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.c,v 1.175 2008/01/01 09:27:33 dtucker Exp $ */ | 1 | /* $OpenBSD: servconf.c,v 1.176 2008/02/08 23:24:08 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -122,6 +122,7 @@ initialize_server_options(ServerOptions *options) | |||
122 | options->permit_tun = -1; | 122 | options->permit_tun = -1; |
123 | options->num_permitted_opens = -1; | 123 | options->num_permitted_opens = -1; |
124 | options->adm_forced_command = NULL; | 124 | options->adm_forced_command = NULL; |
125 | options->chroot_directory = NULL; | ||
125 | } | 126 | } |
126 | 127 | ||
127 | void | 128 | void |
@@ -291,7 +292,7 @@ typedef enum { | |||
291 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, | 292 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
292 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, | 293 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, |
293 | sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, | 294 | sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, |
294 | sMatch, sPermitOpen, sForceCommand, | 295 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
295 | sUsePrivilegeSeparation, | 296 | sUsePrivilegeSeparation, |
296 | sDeprecated, sUnsupported | 297 | sDeprecated, sUnsupported |
297 | } ServerOpCodes; | 298 | } ServerOpCodes; |
@@ -403,6 +404,7 @@ static struct { | |||
403 | { "match", sMatch, SSHCFG_ALL }, | 404 | { "match", sMatch, SSHCFG_ALL }, |
404 | { "permitopen", sPermitOpen, SSHCFG_ALL }, | 405 | { "permitopen", sPermitOpen, SSHCFG_ALL }, |
405 | { "forcecommand", sForceCommand, SSHCFG_ALL }, | 406 | { "forcecommand", sForceCommand, SSHCFG_ALL }, |
407 | { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, | ||
406 | { NULL, sBadOption, 0 } | 408 | { NULL, sBadOption, 0 } |
407 | }; | 409 | }; |
408 | 410 | ||
@@ -1147,6 +1149,7 @@ parse_flag: | |||
1147 | case sBanner: | 1149 | case sBanner: |
1148 | charptr = &options->banner; | 1150 | charptr = &options->banner; |
1149 | goto parse_filename; | 1151 | goto parse_filename; |
1152 | |||
1150 | /* | 1153 | /* |
1151 | * These options can contain %X options expanded at | 1154 | * These options can contain %X options expanded at |
1152 | * connect time, so that you can specify paths like: | 1155 | * connect time, so that you can specify paths like: |
@@ -1255,6 +1258,10 @@ parse_flag: | |||
1255 | options->adm_forced_command = xstrdup(cp + len); | 1258 | options->adm_forced_command = xstrdup(cp + len); |
1256 | return 0; | 1259 | return 0; |
1257 | 1260 | ||
1261 | case sChrootDirectory: | ||
1262 | charptr = &options->chroot_directory; | ||
1263 | goto parse_filename; | ||
1264 | |||
1258 | case sDeprecated: | 1265 | case sDeprecated: |
1259 | logit("%s line %d: Deprecated option %s", | 1266 | logit("%s line %d: Deprecated option %s", |
1260 | filename, linenum, arg); | 1267 | filename, linenum, arg); |
@@ -1363,6 +1370,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
1363 | if (preauth) | 1370 | if (preauth) |
1364 | return; | 1371 | return; |
1365 | M_CP_STROPT(adm_forced_command); | 1372 | M_CP_STROPT(adm_forced_command); |
1373 | M_CP_STROPT(chroot_directory); | ||
1366 | } | 1374 | } |
1367 | 1375 | ||
1368 | #undef M_CP_INTOPT | 1376 | #undef M_CP_INTOPT |