- (bal) Removed contrib/chroot.diff and noted in contrib/README that it
was not being maintained.
This commit is contained in:
parent
62116dcc0a
commit
2ad31ee68a
|
@ -1,3 +1,7 @@
|
|||
20011223
|
||||
- (bal) Removed contrib/chroot.diff and noted in contrib/README that it
|
||||
was not being maintained.
|
||||
|
||||
20011222
|
||||
- (djm) Ignore fix & patchlevel in OpenSSL version check. Patch from
|
||||
solar@openwall.com
|
||||
|
@ -7096,4 +7100,4 @@
|
|||
- Wrote replacements for strlcpy and mkdtemp
|
||||
- Released 1.0pre1
|
||||
|
||||
$Id: ChangeLog,v 1.1706 2001/12/23 14:41:47 djm Exp $
|
||||
$Id: ChangeLog,v 1.1707 2001/12/24 02:59:19 mouring Exp $
|
||||
|
|
|
@ -11,11 +11,10 @@ or http proxy which supports the CONNECT method (eg. Squid).
|
|||
In this directory
|
||||
-----------------
|
||||
|
||||
chroot.diff:
|
||||
chroot.diff:
|
||||
|
||||
Ricardo Cerqueira's <rmcc@clix.pt> patch to enable chrooting using the
|
||||
wu-ftpd style magic home directories (containing '/./'). More details in
|
||||
the head of the patch itself.
|
||||
Due to the fact the patch is never in sync with the rest of the tree. It was
|
||||
removed.
|
||||
|
||||
ssh-copy-id:
|
||||
|
||||
|
|
|
@ -1,61 +0,0 @@
|
|||
From: Ricardo Cerqueira <rmcc@clix.pt>
|
||||
|
||||
A patch to cause sshd to chroot when it encounters the magic token
|
||||
'/./' in a users home directory. The directory portion before the
|
||||
token is the directory to chroot() to, the portion after the
|
||||
token is the user's home directory relative to the new root.
|
||||
|
||||
Index: session.c
|
||||
===================================================================
|
||||
RCS file: /var/cvs/openssh/session.c,v
|
||||
retrieving revision 1.4
|
||||
diff -u -r1.4 session.c
|
||||
--- session.c 2000/04/16 02:31:51 1.4
|
||||
+++ session.c 2000/04/16 02:47:55
|
||||
@@ -27,6 +27,8 @@
|
||||
#include "ssh2.h"
|
||||
#include "auth.h"
|
||||
|
||||
+#define CHROOT
|
||||
+
|
||||
/* types */
|
||||
|
||||
#define TTYSZ 64
|
||||
@@ -783,6 +785,10 @@
|
||||
extern char **environ;
|
||||
struct stat st;
|
||||
char *argv[10];
|
||||
+#ifdef CHROOT
|
||||
+ char *user_dir;
|
||||
+ char *new_root;
|
||||
+#endif /* CHROOT */
|
||||
|
||||
#ifndef USE_PAM /* pam_nologin handles this */
|
||||
f = fopen("/etc/nologin", "r");
|
||||
@@ -799,6 +805,26 @@
|
||||
/* Set login name in the kernel. */
|
||||
if (setlogin(pw->pw_name) < 0)
|
||||
error("setlogin failed: %s", strerror(errno));
|
||||
+
|
||||
+#ifdef CHROOT
|
||||
+ user_dir = xstrdup(pw->pw_dir);
|
||||
+ new_root = user_dir + 1;
|
||||
+
|
||||
+ while((new_root = strchr(new_root, '.')) != NULL) {
|
||||
+ new_root--;
|
||||
+ if(strncmp(new_root, "/./", 3) == 0) {
|
||||
+ *new_root = '\0';
|
||||
+ new_root += 2;
|
||||
+
|
||||
+ if(chroot(user_dir) != 0)
|
||||
+ fatal("Couldn't chroot to user directory %s", user_dir);
|
||||
+
|
||||
+ pw->pw_dir = new_root;
|
||||
+ break;
|
||||
+ }
|
||||
+ new_root += 2;
|
||||
+ }
|
||||
+#endif /* CHROOT */
|
||||
|
||||
/* Set uid, gid, and groups. */
|
||||
/* Login(1) does this as well, and it needs uid 0 for the "-h"
|
Loading…
Reference in New Issue