diff options
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/README | 7 | ||||
-rw-r--r-- | contrib/chroot.diff | 61 |
2 files changed, 3 insertions, 65 deletions
diff --git a/contrib/README b/contrib/README index d25545710..648bb2f3a 100644 --- a/contrib/README +++ b/contrib/README | |||
@@ -11,11 +11,10 @@ or http proxy which supports the CONNECT method (eg. Squid). | |||
11 | In this directory | 11 | In this directory |
12 | ----------------- | 12 | ----------------- |
13 | 13 | ||
14 | chroot.diff: | 14 | chroot.diff: |
15 | 15 | ||
16 | Ricardo Cerqueira's <rmcc@clix.pt> patch to enable chrooting using the | 16 | Due to the fact the patch is never in sync with the rest of the tree. It was |
17 | wu-ftpd style magic home directories (containing '/./'). More details in | 17 | removed. |
18 | the head of the patch itself. | ||
19 | 18 | ||
20 | ssh-copy-id: | 19 | ssh-copy-id: |
21 | 20 | ||
diff --git a/contrib/chroot.diff b/contrib/chroot.diff deleted file mode 100644 index d2a42d85b..000000000 --- a/contrib/chroot.diff +++ /dev/null | |||
@@ -1,61 +0,0 @@ | |||
1 | From: Ricardo Cerqueira <rmcc@clix.pt> | ||
2 | |||
3 | A patch to cause sshd to chroot when it encounters the magic token | ||
4 | '/./' in a users home directory. The directory portion before the | ||
5 | token is the directory to chroot() to, the portion after the | ||
6 | token is the user's home directory relative to the new root. | ||
7 | |||
8 | Index: session.c | ||
9 | =================================================================== | ||
10 | RCS file: /var/cvs/openssh/session.c,v | ||
11 | retrieving revision 1.4 | ||
12 | diff -u -r1.4 session.c | ||
13 | --- session.c 2000/04/16 02:31:51 1.4 | ||
14 | +++ session.c 2000/04/16 02:47:55 | ||
15 | @@ -27,6 +27,8 @@ | ||
16 | #include "ssh2.h" | ||
17 | #include "auth.h" | ||
18 | |||
19 | +#define CHROOT | ||
20 | + | ||
21 | /* types */ | ||
22 | |||
23 | #define TTYSZ 64 | ||
24 | @@ -783,6 +785,10 @@ | ||
25 | extern char **environ; | ||
26 | struct stat st; | ||
27 | char *argv[10]; | ||
28 | +#ifdef CHROOT | ||
29 | + char *user_dir; | ||
30 | + char *new_root; | ||
31 | +#endif /* CHROOT */ | ||
32 | |||
33 | #ifndef USE_PAM /* pam_nologin handles this */ | ||
34 | f = fopen("/etc/nologin", "r"); | ||
35 | @@ -799,6 +805,26 @@ | ||
36 | /* Set login name in the kernel. */ | ||
37 | if (setlogin(pw->pw_name) < 0) | ||
38 | error("setlogin failed: %s", strerror(errno)); | ||
39 | + | ||
40 | +#ifdef CHROOT | ||
41 | + user_dir = xstrdup(pw->pw_dir); | ||
42 | + new_root = user_dir + 1; | ||
43 | + | ||
44 | + while((new_root = strchr(new_root, '.')) != NULL) { | ||
45 | + new_root--; | ||
46 | + if(strncmp(new_root, "/./", 3) == 0) { | ||
47 | + *new_root = '\0'; | ||
48 | + new_root += 2; | ||
49 | + | ||
50 | + if(chroot(user_dir) != 0) | ||
51 | + fatal("Couldn't chroot to user directory %s", user_dir); | ||
52 | + | ||
53 | + pw->pw_dir = new_root; | ||
54 | + break; | ||
55 | + } | ||
56 | + new_root += 2; | ||
57 | + } | ||
58 | +#endif /* CHROOT */ | ||
59 | |||
60 | /* Set uid, gid, and groups. */ | ||
61 | /* Login(1) does this as well, and it needs uid 0 for the "-h" | ||