From dd034dad949018620cbc69cf35f2beb092de4cdc Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sun, 16 Apr 2000 12:50:52 +1000
Subject: Updated

---
 contrib/chroot.diff | 165 +++++++++++++++-------------------------------------
 1 file changed, 46 insertions(+), 119 deletions(-)

(limited to 'contrib/chroot.diff')

diff --git a/contrib/chroot.diff b/contrib/chroot.diff
index 850bd8ffc..d2a42d85b 100644
--- a/contrib/chroot.diff
+++ b/contrib/chroot.diff
@@ -5,130 +5,57 @@ A patch to cause sshd to chroot when it encounters the magic token
 token is the directory to chroot() to, the portion after the
 token is the user's home directory relative to the new root.
 
-
-
-diff -ruN openssh-1.2.3pre2-orig/acconfig.h openssh-1.2.3pre2/acconfig.h
---- openssh-1.2.3pre2-orig/acconfig.h	Sat Mar 11 20:45:40 2000
-+++ openssh-1.2.3pre2/acconfig.h	Wed Mar 15 11:44:33 2000
-@@ -159,6 +159,9 @@
- /* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */
- #undef IPV4_IN_IPV6
- 
-+/* Define if you want to enable chrooted users */
-+#undef CHROOT
-+
- @BOTTOM@
- 
- /* ******************* Shouldn't need to edit below this line ************** */
-diff -ruN openssh-1.2.3pre2-orig/config.h.in openssh-1.2.3pre2/config.h.in
---- openssh-1.2.3pre2-orig/config.h.in	Wed Mar 15 11:51:02 2000
-+++ openssh-1.2.3pre2/config.h.in	Wed Mar 15 11:46:33 2000
-@@ -140,6 +140,9 @@
- /* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */
- #undef IPV4_IN_IPV6
- 
-+/* Define if you want to enable chrooted users */
-+#undef CHROOT
-+
- /* The number of bytes in a char.  */
- #undef SIZEOF_CHAR
- 
-diff -ruN openssh-1.2.3pre2-orig/configure openssh-1.2.3pre2/configure
---- openssh-1.2.3pre2-orig/configure	Wed Mar 15 11:51:03 2000
-+++ openssh-1.2.3pre2/configure	Wed Mar 15 11:46:34 2000
-@@ -52,6 +52,8 @@
- ac_help="$ac_help
-   --with-4in6             Check for and convert IPv4 in IPv6 mapped addresses"
- ac_help="$ac_help
-+  --with-chroot           Enable chroot using /./ directory token"
-+ac_help="$ac_help
-   --with-pid-dir=PATH     Specify location of ssh.pid file"
- 
- # Initialize some variables set by options.
-@@ -3605,6 +3607,22 @@
- 
- 		else
- 			echo "$ac_t""no (default)" 1>&6
-+		fi
-+	
-+
-+fi
-+
-+
-+# Whether to enable the magic chroot token
-+# Check whether --with-chroot or --without-chroot was given.
-+if test "${with_chroot+set}" = set; then
-+  withval="$with_chroot"
-+  
-+		if test "x$withval" != "xno" ; then	
-+			cat >> confdefs.h <<\EOF
-+#define CHROOT 1
-+EOF
-+
- 		fi
- 	
- 
-diff -ruN openssh-1.2.3pre2-orig/configure.in openssh-1.2.3pre2/configure.in
---- openssh-1.2.3pre2-orig/configure.in	Sat Mar 11 20:45:41 2000
-+++ openssh-1.2.3pre2/configure.in	Wed Mar 15 11:46:04 2000
-@@ -810,6 +810,16 @@
- 	]
- )
- 
-+# Whether to enable the magic chroot token
-+AC_ARG_WITH(chroot,
-+	[  --with-chroot           Enable chroot using /./ directory token],
-+	[
-+		if test "x$withval" != "xno" ; then	
-+			AC_DEFINE(CHROOT)
-+		fi
-+	]
-+)
-+
- # Where to place sshd.pid
- piddir=/var/run
- AC_ARG_WITH(pid-dir,
-diff -ruN openssh-1.2.3pre2-orig/sshd.c openssh-1.2.3pre2/sshd.c
---- openssh-1.2.3pre2-orig/sshd.c	Sat Mar 11 11:58:29 2000
-+++ openssh-1.2.3pre2/sshd.c	Wed Mar 15 11:43:38 2000
-@@ -2365,6 +2365,10 @@
+Index: session.c
+===================================================================
+RCS file: /var/cvs/openssh/session.c,v
+retrieving revision 1.4
+diff -u -r1.4 session.c
+--- session.c	2000/04/16 02:31:51	1.4
++++ session.c	2000/04/16 02:47:55
+@@ -27,6 +27,8 @@
+ #include "ssh2.h"
+ #include "auth.h"
+ 
++#define CHROOT
++
+ /* types */
+ 
+ #define TTYSZ 64
+@@ -783,6 +785,10 @@
  	extern char **environ;
  	struct stat st;
  	char *argv[10];
-+#ifdef CHROOT /* patch by rmcc */
-+        char *user_dir;
-+        char *new_root;
++#ifdef CHROOT
++	char *user_dir;
++	char *new_root;
 +#endif /* CHROOT */
  
  #ifndef USE_PAM /* pam_nologin handles this */
- 	/* Check /etc/nologin. */
-@@ -2422,6 +2426,29 @@
- 		krb_afslog(0, 0);
- 	}
- #endif /* AFS */
-+
-+#ifdef CHROOT /* patch by rmcc */
-+
-+        user_dir = xstrdup(pw->pw_dir);
-+        new_root = user_dir;                                  
-+
-+        while((new_root = strchr(new_root, '.')) != NULL){
-+          new_root--;
-+          if(strncmp(new_root, "/./", 3) == 0){
-+            *new_root = 0;
-+            new_root += 2;
-+            if(chroot(user_dir) != 0){
-+              printf("Couldn't chroot!\n");
-+              exit(1);
-+            }
-+            pw->pw_dir = new_root;
-+            break;
-+          }
-+          new_root +=2;
-+        }
-+
-+
+ 	f = fopen("/etc/nologin", "r");
+@@ -799,6 +805,26 @@
+ 	/* Set login name in the kernel. */
+ 	if (setlogin(pw->pw_name) < 0)
+ 		error("setlogin failed: %s", strerror(errno));
++
++#ifdef CHROOT
++	user_dir = xstrdup(pw->pw_dir);
++	new_root = user_dir + 1;  										  
++
++	while((new_root = strchr(new_root, '.')) != NULL) {
++		new_root--;
++		if(strncmp(new_root, "/./", 3) == 0) {
++			*new_root = '\0';
++			new_root += 2;
++
++			if(chroot(user_dir) != 0)
++				fatal("Couldn't chroot to user directory %s", user_dir);
++
++			pw->pw_dir = new_root;
++			break;
++		}
++		new_root += 2;
++	}
 +#endif /* CHROOT */
  
- 	/* Initialize the environment. */
- 	envsize = 100;
+ 	/* Set uid, gid, and groups. */
+ 	/* Login(1) does this as well, and it needs uid 0 for the "-h"
-- 
cgit v1.2.3