diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | servconf.c | 11 | ||||
-rw-r--r-- | session.c | 13 |
3 files changed, 22 insertions, 8 deletions
@@ -78,6 +78,10 @@ | |||
78 | - djm@cvs.openbsd.org 2008/02/10 09:55:37 | 78 | - djm@cvs.openbsd.org 2008/02/10 09:55:37 |
79 | [sshd_config.5] | 79 | [sshd_config.5] |
80 | mantion that "internal-sftp" is useful with ForceCommand too | 80 | mantion that "internal-sftp" is useful with ForceCommand too |
81 | - djm@cvs.openbsd.org 2008/02/10 10:54:29 | ||
82 | [servconf.c session.c] | ||
83 | delay ~ expansion for ChrootDirectory so it expands to the logged-in user's | ||
84 | home, rather than the user who starts sshd (probably root) | ||
81 | 85 | ||
82 | 20080119 | 86 | 20080119 |
83 | - (djm) Silence noice from expr in ssh-copy-id; patch from | 87 | - (djm) Silence noice from expr in ssh-copy-id; patch from |
@@ -3606,4 +3610,4 @@ | |||
3606 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 3610 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
3607 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 3611 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
3608 | 3612 | ||
3609 | $Id: ChangeLog,v 1.4836 2008/02/10 11:47:24 djm Exp $ | 3613 | $Id: ChangeLog,v 1.4837 2008/02/10 11:48:55 djm Exp $ |
diff --git a/servconf.c b/servconf.c index d38d0bfb1..9add96ca1 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.c,v 1.176 2008/02/08 23:24:08 djm Exp $ */ | 1 | /* $OpenBSD: servconf.c,v 1.177 2008/02/10 10:54:28 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -1260,7 +1260,14 @@ parse_flag: | |||
1260 | 1260 | ||
1261 | case sChrootDirectory: | 1261 | case sChrootDirectory: |
1262 | charptr = &options->chroot_directory; | 1262 | charptr = &options->chroot_directory; |
1263 | goto parse_filename; | 1263 | |
1264 | arg = strdelim(&cp); | ||
1265 | if (!arg || *arg == '\0') | ||
1266 | fatal("%s line %d: missing file name.", | ||
1267 | filename, linenum); | ||
1268 | if (*activep && *charptr == NULL) | ||
1269 | *charptr = xstrdup(arg); | ||
1270 | break; | ||
1264 | 1271 | ||
1265 | case sDeprecated: | 1272 | case sDeprecated: |
1266 | logit("%s line %d: Deprecated option %s", | 1273 | logit("%s line %d: Deprecated option %s", |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: session.c,v 1.226 2008/02/08 23:24:07 djm Exp $ */ | 1 | /* $OpenBSD: session.c,v 1.227 2008/02/10 10:54:29 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -1359,6 +1359,8 @@ safely_chroot(const char *path, uid_t uid) | |||
1359 | void | 1359 | void |
1360 | do_setusercontext(struct passwd *pw) | 1360 | do_setusercontext(struct passwd *pw) |
1361 | { | 1361 | { |
1362 | char *chroot_path, *tmp; | ||
1363 | |||
1362 | #ifndef HAVE_CYGWIN | 1364 | #ifndef HAVE_CYGWIN |
1363 | if (getuid() == 0 || geteuid() == 0) | 1365 | if (getuid() == 0 || geteuid() == 0) |
1364 | #endif /* HAVE_CYGWIN */ | 1366 | #endif /* HAVE_CYGWIN */ |
@@ -1442,11 +1444,12 @@ do_setusercontext(struct passwd *pw) | |||
1442 | 1444 | ||
1443 | if (options.chroot_directory != NULL && | 1445 | if (options.chroot_directory != NULL && |
1444 | strcasecmp(options.chroot_directory, "none") != 0) { | 1446 | strcasecmp(options.chroot_directory, "none") != 0) { |
1445 | char *chroot_path; | 1447 | tmp = tilde_expand_filename(options.chroot_directory, |
1446 | 1448 | pw->pw_uid); | |
1447 | chroot_path = percent_expand(options.chroot_directory, | 1449 | chroot_path = percent_expand(tmp, "h", pw->pw_dir, |
1448 | "h", pw->pw_dir, "u", pw->pw_name, (char *)NULL); | 1450 | "u", pw->pw_name, (char *)NULL); |
1449 | safely_chroot(chroot_path, pw->pw_uid); | 1451 | safely_chroot(chroot_path, pw->pw_uid); |
1452 | free(tmp); | ||
1450 | free(chroot_path); | 1453 | free(chroot_path); |
1451 | } | 1454 | } |
1452 | 1455 | ||