diff options
Diffstat (limited to 'contrib/chroot.diff')
-rw-r--r-- | contrib/chroot.diff | 134 |
1 files changed, 134 insertions, 0 deletions
diff --git a/contrib/chroot.diff b/contrib/chroot.diff new file mode 100644 index 000000000..850bd8ffc --- /dev/null +++ b/contrib/chroot.diff | |||
@@ -0,0 +1,134 @@ | |||
1 | From: Ricardo Cerqueira <rmcc@clix.pt> | ||
2 | |||
3 | A patch to cause sshd to chroot when it encounters the magic token | ||
4 | '/./' in a users home directory. The directory portion before the | ||
5 | token is the directory to chroot() to, the portion after the | ||
6 | token is the user's home directory relative to the new root. | ||
7 | |||
8 | |||
9 | |||
10 | diff -ruN openssh-1.2.3pre2-orig/acconfig.h openssh-1.2.3pre2/acconfig.h | ||
11 | --- openssh-1.2.3pre2-orig/acconfig.h Sat Mar 11 20:45:40 2000 | ||
12 | +++ openssh-1.2.3pre2/acconfig.h Wed Mar 15 11:44:33 2000 | ||
13 | @@ -159,6 +159,9 @@ | ||
14 | /* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */ | ||
15 | #undef IPV4_IN_IPV6 | ||
16 | |||
17 | +/* Define if you want to enable chrooted users */ | ||
18 | +#undef CHROOT | ||
19 | + | ||
20 | @BOTTOM@ | ||
21 | |||
22 | /* ******************* Shouldn't need to edit below this line ************** */ | ||
23 | diff -ruN openssh-1.2.3pre2-orig/config.h.in openssh-1.2.3pre2/config.h.in | ||
24 | --- openssh-1.2.3pre2-orig/config.h.in Wed Mar 15 11:51:02 2000 | ||
25 | +++ openssh-1.2.3pre2/config.h.in Wed Mar 15 11:46:33 2000 | ||
26 | @@ -140,6 +140,9 @@ | ||
27 | /* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */ | ||
28 | #undef IPV4_IN_IPV6 | ||
29 | |||
30 | +/* Define if you want to enable chrooted users */ | ||
31 | +#undef CHROOT | ||
32 | + | ||
33 | /* The number of bytes in a char. */ | ||
34 | #undef SIZEOF_CHAR | ||
35 | |||
36 | diff -ruN openssh-1.2.3pre2-orig/configure openssh-1.2.3pre2/configure | ||
37 | --- openssh-1.2.3pre2-orig/configure Wed Mar 15 11:51:03 2000 | ||
38 | +++ openssh-1.2.3pre2/configure Wed Mar 15 11:46:34 2000 | ||
39 | @@ -52,6 +52,8 @@ | ||
40 | ac_help="$ac_help | ||
41 | --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses" | ||
42 | ac_help="$ac_help | ||
43 | + --with-chroot Enable chroot using /./ directory token" | ||
44 | +ac_help="$ac_help | ||
45 | --with-pid-dir=PATH Specify location of ssh.pid file" | ||
46 | |||
47 | # Initialize some variables set by options. | ||
48 | @@ -3605,6 +3607,22 @@ | ||
49 | |||
50 | else | ||
51 | echo "$ac_t""no (default)" 1>&6 | ||
52 | + fi | ||
53 | + | ||
54 | + | ||
55 | +fi | ||
56 | + | ||
57 | + | ||
58 | +# Whether to enable the magic chroot token | ||
59 | +# Check whether --with-chroot or --without-chroot was given. | ||
60 | +if test "${with_chroot+set}" = set; then | ||
61 | + withval="$with_chroot" | ||
62 | + | ||
63 | + if test "x$withval" != "xno" ; then | ||
64 | + cat >> confdefs.h <<\EOF | ||
65 | +#define CHROOT 1 | ||
66 | +EOF | ||
67 | + | ||
68 | fi | ||
69 | |||
70 | |||
71 | diff -ruN openssh-1.2.3pre2-orig/configure.in openssh-1.2.3pre2/configure.in | ||
72 | --- openssh-1.2.3pre2-orig/configure.in Sat Mar 11 20:45:41 2000 | ||
73 | +++ openssh-1.2.3pre2/configure.in Wed Mar 15 11:46:04 2000 | ||
74 | @@ -810,6 +810,16 @@ | ||
75 | ] | ||
76 | ) | ||
77 | |||
78 | +# Whether to enable the magic chroot token | ||
79 | +AC_ARG_WITH(chroot, | ||
80 | + [ --with-chroot Enable chroot using /./ directory token], | ||
81 | + [ | ||
82 | + if test "x$withval" != "xno" ; then | ||
83 | + AC_DEFINE(CHROOT) | ||
84 | + fi | ||
85 | + ] | ||
86 | +) | ||
87 | + | ||
88 | # Where to place sshd.pid | ||
89 | piddir=/var/run | ||
90 | AC_ARG_WITH(pid-dir, | ||
91 | diff -ruN openssh-1.2.3pre2-orig/sshd.c openssh-1.2.3pre2/sshd.c | ||
92 | --- openssh-1.2.3pre2-orig/sshd.c Sat Mar 11 11:58:29 2000 | ||
93 | +++ openssh-1.2.3pre2/sshd.c Wed Mar 15 11:43:38 2000 | ||
94 | @@ -2365,6 +2365,10 @@ | ||
95 | extern char **environ; | ||
96 | struct stat st; | ||
97 | char *argv[10]; | ||
98 | +#ifdef CHROOT /* patch by rmcc */ | ||
99 | + char *user_dir; | ||
100 | + char *new_root; | ||
101 | +#endif /* CHROOT */ | ||
102 | |||
103 | #ifndef USE_PAM /* pam_nologin handles this */ | ||
104 | /* Check /etc/nologin. */ | ||
105 | @@ -2422,6 +2426,29 @@ | ||
106 | krb_afslog(0, 0); | ||
107 | } | ||
108 | #endif /* AFS */ | ||
109 | + | ||
110 | +#ifdef CHROOT /* patch by rmcc */ | ||
111 | + | ||
112 | + user_dir = xstrdup(pw->pw_dir); | ||
113 | + new_root = user_dir; | ||
114 | + | ||
115 | + while((new_root = strchr(new_root, '.')) != NULL){ | ||
116 | + new_root--; | ||
117 | + if(strncmp(new_root, "/./", 3) == 0){ | ||
118 | + *new_root = 0; | ||
119 | + new_root += 2; | ||
120 | + if(chroot(user_dir) != 0){ | ||
121 | + printf("Couldn't chroot!\n"); | ||
122 | + exit(1); | ||
123 | + } | ||
124 | + pw->pw_dir = new_root; | ||
125 | + break; | ||
126 | + } | ||
127 | + new_root +=2; | ||
128 | + } | ||
129 | + | ||
130 | + | ||
131 | +#endif /* CHROOT */ | ||
132 | |||
133 | /* Initialize the environment. */ | ||
134 | envsize = 100; | ||