[gssapi-openssh.git] / openssh / contrib / chroot.diff

From: Ricardo Cerqueira <rmcc@clix.pt>

A patch to cause sshd to chroot when it encounters the magic token
'/./' in a users home directory. The directory portion before the
token is the directory to chroot() to, the portion after the
token is the user's home directory relative to the new root.

Index: session.c
===================================================================
RCS file: /var/cvs/openssh/session.c,v
retrieving revision 1.4
diff -u -r1.4 session.c
--- session.c	2000/04/16 02:31:51	1.4
+++ session.c	2000/04/16 02:47:55
@@ -27,6 +27,8 @@
 #include "ssh2.h"
 #include "auth.h"
 
+#define CHROOT
+
 /* types */
 
 #define TTYSZ 64
@@ -783,6 +785,10 @@
 	extern char **environ;
 	struct stat st;
 	char *argv[10];
+#ifdef CHROOT
+	char *user_dir;
+	char *new_root;
+#endif /* CHROOT */
 
 #ifndef USE_PAM /* pam_nologin handles this */
 	f = fopen("/etc/nologin", "r");
@@ -799,6 +805,26 @@
 	/* Set login name in the kernel. */
 	if (setlogin(pw->pw_name) < 0)
 		error("setlogin failed: %s", strerror(errno));
+
+#ifdef CHROOT
+	user_dir = xstrdup(pw->pw_dir);
+	new_root = user_dir + 1;  										  
+
+	while((new_root = strchr(new_root, '.')) != NULL) {
+		new_root--;
+		if(strncmp(new_root, "/./", 3) == 0) {
+			*new_root = '\0';
+			new_root += 2;
+
+			if(chroot(user_dir) != 0)
+				fatal("Couldn't chroot to user directory %s", user_dir);
+
+			pw->pw_dir = new_root;
+			break;
+		}
+		new_root += 2;
+	}
+#endif /* CHROOT */
 
 	/* Set uid, gid, and groups. */
 	/* Login(1) does this as well, and it needs uid 0 for the "-h"
Commit	Line	Data
3c0ef626	1	From: Ricardo Cerqueira <rmcc@clix.pt>
	2
	3	A patch to cause sshd to chroot when it encounters the magic token
	4	'/./' in a users home directory. The directory portion before the
	5	token is the directory to chroot() to, the portion after the
	6	token is the user's home directory relative to the new root.
	7
	8	Index: session.c
	9	===================================================================
	10	RCS file: /var/cvs/openssh/session.c,v
	11	retrieving revision 1.4
	12	diff -u -r1.4 session.c
	13	--- session.c 2000/04/16 02:31:51 1.4
	14	+++ session.c 2000/04/16 02:47:55
	15	@@ -27,6 +27,8 @@
	16	#include "ssh2.h"
	17	#include "auth.h"
	18
	19	+#define CHROOT
	20	+
	21	/* types */
	22
	23	#define TTYSZ 64
	24	@@ -783,6 +785,10 @@
	25	extern char **environ;
	26	struct stat st;
	27	char *argv[10];
	28	+#ifdef CHROOT
	29	+ char *user_dir;
	30	+ char *new_root;
	31	+#endif /* CHROOT */
	32
	33	#ifndef USE_PAM /* pam_nologin handles this */
	34	f = fopen("/etc/nologin", "r");
	35	@@ -799,6 +805,26 @@
	36	/* Set login name in the kernel. */
	37	if (setlogin(pw->pw_name) < 0)
	38	error("setlogin failed: %s", strerror(errno));
	39	+
	40	+#ifdef CHROOT
	41	+ user_dir = xstrdup(pw->pw_dir);
	42	+ new_root = user_dir + 1;
	43	+
	44	+ while((new_root = strchr(new_root, '.')) != NULL) {
	45	+ new_root--;
	46	+ if(strncmp(new_root, "/./", 3) == 0) {
	47	+ *new_root = '\0';
	48	+ new_root += 2;
	49	+
	50	+ if(chroot(user_dir) != 0)
	51	+ fatal("Couldn't chroot to user directory %s", user_dir);
	52	+
	53	+ pw->pw_dir = new_root;
	54	+ break;
	55	+ }
	56	+ new_root += 2;
	57	+ }
	58	+#endif /* CHROOT */
	59
	60	/* Set uid, gid, and groups. */
	61	/* Login(1) does this as well, and it needs uid 0 for the "-h"