- (bal) Removed contrib/chroot.diff and noted in contrib/README that it

was not being maintained.
This commit is contained in:
Ben Lindstrom 2001-12-24 02:59:19 +00:00
parent 62116dcc0a
commit 2ad31ee68a
3 changed files with 8 additions and 66 deletions

View File

@ -1,3 +1,7 @@
20011223
- (bal) Removed contrib/chroot.diff and noted in contrib/README that it
was not being maintained.
20011222
- (djm) Ignore fix & patchlevel in OpenSSL version check. Patch from
solar@openwall.com
@ -7096,4 +7100,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
$Id: ChangeLog,v 1.1706 2001/12/23 14:41:47 djm Exp $
$Id: ChangeLog,v 1.1707 2001/12/24 02:59:19 mouring Exp $

View File

@ -11,11 +11,10 @@ or http proxy which supports the CONNECT method (eg. Squid).
In this directory
-----------------
chroot.diff:
chroot.diff:
Ricardo Cerqueira's <rmcc@clix.pt> patch to enable chrooting using the
wu-ftpd style magic home directories (containing '/./'). More details in
the head of the patch itself.
Due to the fact the patch is never in sync with the rest of the tree. It was
removed.
ssh-copy-id:

View File

@ -1,61 +0,0 @@
From: Ricardo Cerqueira <rmcc@clix.pt>
A patch to cause sshd to chroot when it encounters the magic token
'/./' in a users home directory. The directory portion before the
token is the directory to chroot() to, the portion after the
token is the user's home directory relative to the new root.
Index: session.c
===================================================================
RCS file: /var/cvs/openssh/session.c,v
retrieving revision 1.4
diff -u -r1.4 session.c
--- session.c 2000/04/16 02:31:51 1.4
+++ session.c 2000/04/16 02:47:55
@@ -27,6 +27,8 @@
#include "ssh2.h"
#include "auth.h"
+#define CHROOT
+
/* types */
#define TTYSZ 64
@@ -783,6 +785,10 @@
extern char **environ;
struct stat st;
char *argv[10];
+#ifdef CHROOT
+ char *user_dir;
+ char *new_root;
+#endif /* CHROOT */
#ifndef USE_PAM /* pam_nologin handles this */
f = fopen("/etc/nologin", "r");
@@ -799,6 +805,26 @@
/* Set login name in the kernel. */
if (setlogin(pw->pw_name) < 0)
error("setlogin failed: %s", strerror(errno));
+
+#ifdef CHROOT
+ user_dir = xstrdup(pw->pw_dir);
+ new_root = user_dir + 1;
+
+ while((new_root = strchr(new_root, '.')) != NULL) {
+ new_root--;
+ if(strncmp(new_root, "/./", 3) == 0) {
+ *new_root = '\0';
+ new_root += 2;
+
+ if(chroot(user_dir) != 0)
+ fatal("Couldn't chroot to user directory %s", user_dir);
+
+ pw->pw_dir = new_root;
+ break;
+ }
+ new_root += 2;
+ }
+#endif /* CHROOT */
/* Set uid, gid, and groups. */
/* Login(1) does this as well, and it needs uid 0 for the "-h"