3 files changed, 22 insertions, 8 deletions
diff --git a/ChangeLog b/ChangeLog
index eb10e1059..e7e1486cd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -78,6 +78,10 @@
   - djm@cvs.openbsd.org 2008/02/10 09:55:37
     [sshd_config.5]
     mantion that "internal-sftp" is useful with ForceCommand too
+   - djm@cvs.openbsd.org 2008/02/10 10:54:29
+     [servconf.c session.c]
+     delay ~ expansion for ChrootDirectory so it expands to the logged-in user's
+     home, rather than the user who starts sshd (probably root)
 20080119
 - (djm) Silence noice from expr in ssh-copy-id; patch from
@@ -3606,4 +3610,4 @@
   OpenServer 6 and add osr5bigcrypt support so when someone migrates
   passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.4836 2008/02/10 11:47:24 djm Exp $
+$Id: ChangeLog,v 1.4837 2008/02/10 11:48:55 djm Exp $
diff --git a/servconf.c b/servconf.c
index d38d0bfb1..9add96ca1 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.176 2008/02/08 23:24:08 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.177 2008/02/10 10:54:28 djm Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@@ -1260,7 +1260,14 @@ parse_flag:
        case sChrootDirectory:
                charptr = &options->chroot_directory;
-                goto parse_filename;
+                arg = strdelim(&cp);
+                if (!arg || *arg == '\0')
+                        fatal("%s line %d: missing file name.",
+                            filename, linenum);
+                if (*activep && *charptr == NULL)
+                        *charptr = xstrdup(arg);
+                break;
        case sDeprecated:
                logit("%s line %d: Deprecated option %s",
diff --git a/session.c b/session.c
index 1768c8c2f..545e27fb7 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.226 2008/02/08 23:24:07 djm Exp $ */
+/* $OpenBSD: session.c,v 1.227 2008/02/10 10:54:29 djm Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@@ -1359,6 +1359,8 @@ safely_chroot(const char *path, uid_t uid)
 void
 do_setusercontext(struct passwd *pw)
 {
+        char *chroot_path, *tmp;
 #ifndef HAVE_CYGWIN
        if (getuid() == 0 || geteuid() == 0)
 #endif /* HAVE_CYGWIN */
@@ -1442,11 +1444,12 @@ do_setusercontext(struct passwd *pw)
                if (options.chroot_directory != NULL &&
                    strcasecmp(options.chroot_directory, "none") != 0) {
-                        char *chroot_path;
+                        tmp = tilde_expand_filename(options.chroot_directory,
+                            pw->pw_uid);
-                        chroot_path = percent_expand(options.chroot_directory,
+                        chroot_path = percent_expand(tmp, "h", pw->pw_dir,
-                            "h", pw->pw_dir, "u", pw->pw_name, (char *)NULL);
+                            "u", pw->pw_name, (char *)NULL);
                        safely_chroot(chroot_path, pw->pw_uid);
+                        free(tmp);
                        free(chroot_path);
                }

diff --git a/ChangeLog b/ChangeLog index eb10e1059..e7e1486cd 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -78,6 +78,10 @@
78	- djm@cvs.openbsd.org 2008/02/10 09:55:37	78	- djm@cvs.openbsd.org 2008/02/10 09:55:37
79	[sshd_config.5]	79	[sshd_config.5]
80	mantion that "internal-sftp" is useful with ForceCommand too	80	mantion that "internal-sftp" is useful with ForceCommand too
		81	- djm@cvs.openbsd.org 2008/02/10 10:54:29
		82	[servconf.c session.c]
		83	delay ~ expansion for ChrootDirectory so it expands to the logged-in user's
		84	home, rather than the user who starts sshd (probably root)
81		85
82	20080119	86	20080119
83	- (djm) Silence noice from expr in ssh-copy-id; patch from	87	- (djm) Silence noice from expr in ssh-copy-id; patch from
@@ -3606,4 +3610,4 @@
3606	OpenServer 6 and add osr5bigcrypt support so when someone migrates	3610	OpenServer 6 and add osr5bigcrypt support so when someone migrates
3607	passwords between UnixWare and OpenServer they will still work. OK dtucker@	3611	passwords between UnixWare and OpenServer they will still work. OK dtucker@
3608		3612
3609	$Id: ChangeLog,v 1.4836 2008/02/10 11:47:24 djm Exp $	3613	$Id: ChangeLog,v 1.4837 2008/02/10 11:48:55 djm Exp $


diff --git a/servconf.c b/servconf.c index d38d0bfb1..9add96ca1 100644 --- a/servconf.c +++ b/servconf.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: servconf.c,v 1.176 2008/02/08 23:24:08 djm Exp $ */	1	/* $OpenBSD: servconf.c,v 1.177 2008/02/10 10:54:28 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4	* All rights reserved	4	* All rights reserved
@@ -1260,7 +1260,14 @@ parse_flag:
1260		1260
1261	case sChrootDirectory:	1261	case sChrootDirectory:
1262	charptr = &options->chroot_directory;	1262	charptr = &options->chroot_directory;
1263	goto parse_filename;	1263
		1264	arg = strdelim(&cp);
		1265	if (!arg \|\| *arg == '\0')
		1266	fatal("%s line %d: missing file name.",
		1267	filename, linenum);
		1268	if (activep && charptr == NULL)
		1269	*charptr = xstrdup(arg);
		1270	break;
1264		1271
1265	case sDeprecated:	1272	case sDeprecated:
1266	logit("%s line %d: Deprecated option %s",	1273	logit("%s line %d: Deprecated option %s",


diff --git a/session.c b/session.c index 1768c8c2f..545e27fb7 100644 --- a/session.c +++ b/session.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: session.c,v 1.226 2008/02/08 23:24:07 djm Exp $ */	1	/* $OpenBSD: session.c,v 1.227 2008/02/10 10:54:29 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4	* All rights reserved	4	* All rights reserved
@@ -1359,6 +1359,8 @@ safely_chroot(const char *path, uid_t uid)
1359	void	1359	void
1360	do_setusercontext(struct passwd *pw)	1360	do_setusercontext(struct passwd *pw)
1361	{	1361	{
		1362	char chroot_path, tmp;
		1363
1362	#ifndef HAVE_CYGWIN	1364	#ifndef HAVE_CYGWIN
1363	if (getuid() == 0 \|\| geteuid() == 0)	1365	if (getuid() == 0 \|\| geteuid() == 0)
1364	#endif /* HAVE_CYGWIN */	1366	#endif /* HAVE_CYGWIN */
@@ -1442,11 +1444,12 @@ do_setusercontext(struct passwd *pw)
1442		1444
1443	if (options.chroot_directory != NULL &&	1445	if (options.chroot_directory != NULL &&
1444	strcasecmp(options.chroot_directory, "none") != 0) {	1446	strcasecmp(options.chroot_directory, "none") != 0) {
1445	char *chroot_path;	1447	tmp = tilde_expand_filename(options.chroot_directory,
1446		1448	pw->pw_uid);
1447	chroot_path = percent_expand(options.chroot_directory,	1449	chroot_path = percent_expand(tmp, "h", pw->pw_dir,
1448	"h", pw->pw_dir, "u", pw->pw_name, (char *)NULL);	1450	"u", pw->pw_name, (char *)NULL);
1449	safely_chroot(chroot_path, pw->pw_uid);	1451	safely_chroot(chroot_path, pw->pw_uid);
		1452	free(tmp);
1450	free(chroot_path);	1453	free(chroot_path);
1451	}	1454	}
1452		1455