diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | contrib/README | 7 | ||||
| -rw-r--r-- | contrib/chroot.diff | 61 |
3 files changed, 8 insertions, 66 deletions
| @@ -1,3 +1,7 @@ | |||
| 1 | 20011223 | ||
| 2 | - (bal) Removed contrib/chroot.diff and noted in contrib/README that it | ||
| 3 | was not being maintained. | ||
| 4 | |||
| 1 | 20011222 | 5 | 20011222 |
| 2 | - (djm) Ignore fix & patchlevel in OpenSSL version check. Patch from | 6 | - (djm) Ignore fix & patchlevel in OpenSSL version check. Patch from |
| 3 | solar@openwall.com | 7 | solar@openwall.com |
| @@ -7096,4 +7100,4 @@ | |||
| 7096 | - Wrote replacements for strlcpy and mkdtemp | 7100 | - Wrote replacements for strlcpy and mkdtemp |
| 7097 | - Released 1.0pre1 | 7101 | - Released 1.0pre1 |
| 7098 | 7102 | ||
| 7099 | $Id: ChangeLog,v 1.1706 2001/12/23 14:41:47 djm Exp $ | 7103 | $Id: ChangeLog,v 1.1707 2001/12/24 02:59:19 mouring Exp $ |
diff --git a/contrib/README b/contrib/README index d25545710..648bb2f3a 100644 --- a/contrib/README +++ b/contrib/README | |||
| @@ -11,11 +11,10 @@ or http proxy which supports the CONNECT method (eg. Squid). | |||
| 11 | In this directory | 11 | In this directory |
| 12 | ----------------- | 12 | ----------------- |
| 13 | 13 | ||
| 14 | chroot.diff: | 14 | chroot.diff: |
| 15 | 15 | ||
| 16 | Ricardo Cerqueira's <rmcc@clix.pt> patch to enable chrooting using the | 16 | Due to the fact the patch is never in sync with the rest of the tree. It was |
| 17 | wu-ftpd style magic home directories (containing '/./'). More details in | 17 | removed. |
| 18 | the head of the patch itself. | ||
| 19 | 18 | ||
| 20 | ssh-copy-id: | 19 | ssh-copy-id: |
| 21 | 20 | ||
diff --git a/contrib/chroot.diff b/contrib/chroot.diff deleted file mode 100644 index d2a42d85b..000000000 --- a/contrib/chroot.diff +++ /dev/null | |||
| @@ -1,61 +0,0 @@ | |||
| 1 | From: Ricardo Cerqueira <rmcc@clix.pt> | ||
| 2 | |||
| 3 | A patch to cause sshd to chroot when it encounters the magic token | ||
| 4 | '/./' in a users home directory. The directory portion before the | ||
| 5 | token is the directory to chroot() to, the portion after the | ||
| 6 | token is the user's home directory relative to the new root. | ||
| 7 | |||
| 8 | Index: session.c | ||
| 9 | =================================================================== | ||
| 10 | RCS file: /var/cvs/openssh/session.c,v | ||
| 11 | retrieving revision 1.4 | ||
| 12 | diff -u -r1.4 session.c | ||
| 13 | --- session.c 2000/04/16 02:31:51 1.4 | ||
| 14 | +++ session.c 2000/04/16 02:47:55 | ||
| 15 | @@ -27,6 +27,8 @@ | ||
| 16 | #include "ssh2.h" | ||
| 17 | #include "auth.h" | ||
| 18 | |||
| 19 | +#define CHROOT | ||
| 20 | + | ||
| 21 | /* types */ | ||
| 22 | |||
| 23 | #define TTYSZ 64 | ||
| 24 | @@ -783,6 +785,10 @@ | ||
| 25 | extern char **environ; | ||
| 26 | struct stat st; | ||
| 27 | char *argv[10]; | ||
| 28 | +#ifdef CHROOT | ||
| 29 | + char *user_dir; | ||
| 30 | + char *new_root; | ||
| 31 | +#endif /* CHROOT */ | ||
| 32 | |||
| 33 | #ifndef USE_PAM /* pam_nologin handles this */ | ||
| 34 | f = fopen("/etc/nologin", "r"); | ||
| 35 | @@ -799,6 +805,26 @@ | ||
| 36 | /* Set login name in the kernel. */ | ||
| 37 | if (setlogin(pw->pw_name) < 0) | ||
| 38 | error("setlogin failed: %s", strerror(errno)); | ||
| 39 | + | ||
| 40 | +#ifdef CHROOT | ||
| 41 | + user_dir = xstrdup(pw->pw_dir); | ||
| 42 | + new_root = user_dir + 1; | ||
| 43 | + | ||
| 44 | + while((new_root = strchr(new_root, '.')) != NULL) { | ||
| 45 | + new_root--; | ||
| 46 | + if(strncmp(new_root, "/./", 3) == 0) { | ||
| 47 | + *new_root = '\0'; | ||
| 48 | + new_root += 2; | ||
| 49 | + | ||
| 50 | + if(chroot(user_dir) != 0) | ||
| 51 | + fatal("Couldn't chroot to user directory %s", user_dir); | ||
| 52 | + | ||
| 53 | + pw->pw_dir = new_root; | ||
| 54 | + break; | ||
| 55 | + } | ||
| 56 | + new_root += 2; | ||
| 57 | + } | ||
| 58 | +#endif /* CHROOT */ | ||
| 59 | |||
| 60 | /* Set uid, gid, and groups. */ | ||
| 61 | /* Login(1) does this as well, and it needs uid 0 for the "-h" | ||