upstream commit

skip "Could not chdir to home directory" message when
 chrooted

patch from Christian Hesse in bz#2485 ok dtucker@

Upstream-ID: 86783c1953da426dff5b03b03ce46e699d9e5431
This commit is contained in:
djm@openbsd.org 2015-10-24 22:52:22 +00:00 committed by Damien Miller
parent a820a8618e
commit 44fc7cd7dc
1 changed files with 15 additions and 19 deletions

View File

@ -160,6 +160,7 @@ login_cap_t *lc;
#endif #endif
static int is_child = 0; static int is_child = 0;
static int in_chroot = 0;
/* Name and directory of socket for authentication agent forwarding. */ /* Name and directory of socket for authentication agent forwarding. */
static char *auth_sock_name = NULL; static char *auth_sock_name = NULL;
@ -1490,9 +1491,6 @@ void
do_setusercontext(struct passwd *pw) do_setusercontext(struct passwd *pw)
{ {
char *chroot_path, *tmp; char *chroot_path, *tmp;
#ifdef USE_LIBIAF
int doing_chroot = 0;
#endif
platform_setusercontext(pw); platform_setusercontext(pw);
@ -1520,7 +1518,7 @@ do_setusercontext(struct passwd *pw)
platform_setusercontext_post_groups(pw); platform_setusercontext_post_groups(pw);
if (options.chroot_directory != NULL && if (!in_chroot && options.chroot_directory != NULL &&
strcasecmp(options.chroot_directory, "none") != 0) { strcasecmp(options.chroot_directory, "none") != 0) {
tmp = tilde_expand_filename(options.chroot_directory, tmp = tilde_expand_filename(options.chroot_directory,
pw->pw_uid); pw->pw_uid);
@ -1532,9 +1530,7 @@ do_setusercontext(struct passwd *pw)
/* Make sure we don't attempt to chroot again */ /* Make sure we don't attempt to chroot again */
free(options.chroot_directory); free(options.chroot_directory);
options.chroot_directory = NULL; options.chroot_directory = NULL;
#ifdef USE_LIBIAF in_chroot = 1;
doing_chroot = 1;
#endif
} }
#ifdef HAVE_LOGIN_CAP #ifdef HAVE_LOGIN_CAP
@ -1549,16 +1545,16 @@ do_setusercontext(struct passwd *pw)
(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK); (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK);
#else #else
# ifdef USE_LIBIAF # ifdef USE_LIBIAF
/* In a chroot environment, the set_id() will always fail; typically /*
* because of the lack of necessary authentication services and runtime * In a chroot environment, the set_id() will always fail;
* such as ./usr/lib/libiaf.so, ./usr/lib/libpam.so.1, and ./etc/passwd * typically because of the lack of necessary authentication
* We skip it in the internal sftp chroot case. * services and runtime such as ./usr/lib/libiaf.so,
* We'll lose auditing and ACLs but permanently_set_uid will * ./usr/lib/libpam.so.1, and ./etc/passwd We skip it in the
* take care of the rest. * internal sftp chroot case. We'll lose auditing and ACLs but
* permanently_set_uid will take care of the rest.
*/ */
if ((doing_chroot == 0) && set_id(pw->pw_name) != 0) { if (!in_chroot && set_id(pw->pw_name) != 0)
fatal("set_id(%s) Failed", pw->pw_name); fatal("set_id(%s) Failed", pw->pw_name);
}
# endif /* USE_LIBIAF */ # endif /* USE_LIBIAF */
/* Permanently switch to the desired uid. */ /* Permanently switch to the desired uid. */
permanently_set_uid(pw); permanently_set_uid(pw);
@ -1790,11 +1786,11 @@ do_child(Session *s, const char *command)
#ifdef HAVE_LOGIN_CAP #ifdef HAVE_LOGIN_CAP
r = login_getcapbool(lc, "requirehome", 0); r = login_getcapbool(lc, "requirehome", 0);
#endif #endif
if (r || options.chroot_directory == NULL || if (r || !in_chroot) {
strcasecmp(options.chroot_directory, "none") == 0)
fprintf(stderr, "Could not chdir to home " fprintf(stderr, "Could not chdir to home "
"directory %s: %s\n", pw->pw_dir, "directory %s: %s\n", pw->pw_dir,
strerror(errno)); strerror(errno));
}
if (r) if (r)
exit(1); exit(1);
} }