summaryrefslogtreecommitdiff
path: root/session.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2015-10-24 22:52:22 +0000
committerDamien Miller <djm@mindrot.org>2015-10-25 11:42:06 +1100
commit44fc7cd7dcef6c52c6b7e9ff830dfa32879bd319 (patch)
treec9f0cd011925ee183e50e794b504827d763218b3 /session.c
parenta820a8618ec44735dabc688fab96fba38ad66bb2 (diff)
upstream commit
skip "Could not chdir to home directory" message when chrooted patch from Christian Hesse in bz#2485 ok dtucker@ Upstream-ID: 86783c1953da426dff5b03b03ce46e699d9e5431
Diffstat (limited to 'session.c')
-rw-r--r--session.c34
1 files changed, 15 insertions, 19 deletions
diff --git a/session.c b/session.c
index 5a64715e2..26f474259 100644
--- a/session.c
+++ b/session.c
@@ -160,6 +160,7 @@ login_cap_t *lc;
160#endif 160#endif
161 161
162static int is_child = 0; 162static int is_child = 0;
163static int in_chroot = 0;
163 164
164/* Name and directory of socket for authentication agent forwarding. */ 165/* Name and directory of socket for authentication agent forwarding. */
165static char *auth_sock_name = NULL; 166static char *auth_sock_name = NULL;
@@ -1490,9 +1491,6 @@ void
1490do_setusercontext(struct passwd *pw) 1491do_setusercontext(struct passwd *pw)
1491{ 1492{
1492 char *chroot_path, *tmp; 1493 char *chroot_path, *tmp;
1493#ifdef USE_LIBIAF
1494 int doing_chroot = 0;
1495#endif
1496 1494
1497 platform_setusercontext(pw); 1495 platform_setusercontext(pw);
1498 1496
@@ -1520,7 +1518,7 @@ do_setusercontext(struct passwd *pw)
1520 1518
1521 platform_setusercontext_post_groups(pw); 1519 platform_setusercontext_post_groups(pw);
1522 1520
1523 if (options.chroot_directory != NULL && 1521 if (!in_chroot && options.chroot_directory != NULL &&
1524 strcasecmp(options.chroot_directory, "none") != 0) { 1522 strcasecmp(options.chroot_directory, "none") != 0) {
1525 tmp = tilde_expand_filename(options.chroot_directory, 1523 tmp = tilde_expand_filename(options.chroot_directory,
1526 pw->pw_uid); 1524 pw->pw_uid);
@@ -1532,9 +1530,7 @@ do_setusercontext(struct passwd *pw)
1532 /* Make sure we don't attempt to chroot again */ 1530 /* Make sure we don't attempt to chroot again */
1533 free(options.chroot_directory); 1531 free(options.chroot_directory);
1534 options.chroot_directory = NULL; 1532 options.chroot_directory = NULL;
1535#ifdef USE_LIBIAF 1533 in_chroot = 1;
1536 doing_chroot = 1;
1537#endif
1538 } 1534 }
1539 1535
1540#ifdef HAVE_LOGIN_CAP 1536#ifdef HAVE_LOGIN_CAP
@@ -1549,16 +1545,16 @@ do_setusercontext(struct passwd *pw)
1549 (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK); 1545 (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK);
1550#else 1546#else
1551# ifdef USE_LIBIAF 1547# ifdef USE_LIBIAF
1552/* In a chroot environment, the set_id() will always fail; typically 1548 /*
1553 * because of the lack of necessary authentication services and runtime 1549 * In a chroot environment, the set_id() will always fail;
1554 * such as ./usr/lib/libiaf.so, ./usr/lib/libpam.so.1, and ./etc/passwd 1550 * typically because of the lack of necessary authentication
1555 * We skip it in the internal sftp chroot case. 1551 * services and runtime such as ./usr/lib/libiaf.so,
1556 * We'll lose auditing and ACLs but permanently_set_uid will 1552 * ./usr/lib/libpam.so.1, and ./etc/passwd We skip it in the
1557 * take care of the rest. 1553 * internal sftp chroot case. We'll lose auditing and ACLs but
1558 */ 1554 * permanently_set_uid will take care of the rest.
1559 if ((doing_chroot == 0) && set_id(pw->pw_name) != 0) { 1555 */
1560 fatal("set_id(%s) Failed", pw->pw_name); 1556 if (!in_chroot && set_id(pw->pw_name) != 0)
1561 } 1557 fatal("set_id(%s) Failed", pw->pw_name);
1562# endif /* USE_LIBIAF */ 1558# endif /* USE_LIBIAF */
1563 /* Permanently switch to the desired uid. */ 1559 /* Permanently switch to the desired uid. */
1564 permanently_set_uid(pw); 1560 permanently_set_uid(pw);
@@ -1790,11 +1786,11 @@ do_child(Session *s, const char *command)
1790#ifdef HAVE_LOGIN_CAP 1786#ifdef HAVE_LOGIN_CAP
1791 r = login_getcapbool(lc, "requirehome", 0); 1787 r = login_getcapbool(lc, "requirehome", 0);
1792#endif 1788#endif
1793 if (r || options.chroot_directory == NULL || 1789 if (r || !in_chroot) {
1794 strcasecmp(options.chroot_directory, "none") == 0)
1795 fprintf(stderr, "Could not chdir to home " 1790 fprintf(stderr, "Could not chdir to home "
1796 "directory %s: %s\n", pw->pw_dir, 1791 "directory %s: %s\n", pw->pw_dir,
1797 strerror(errno)); 1792 strerror(errno));
1793 }
1798 if (r) 1794 if (r)
1799 exit(1); 1795 exit(1);
1800 } 1796 }