+++ /dev/null
-From: Ricardo Cerqueira <rmcc@clix.pt>
-
-A patch to cause sshd to chroot when it encounters the magic token
-'/./' in a users home directory. The directory portion before the
-token is the directory to chroot() to, the portion after the
-token is the user's home directory relative to the new root.
-
-Index: session.c
-===================================================================
-RCS file: /var/cvs/openssh/session.c,v
-retrieving revision 1.4
-diff -u -r1.4 session.c
---- session.c 2000/04/16 02:31:51 1.4
-+++ session.c 2000/04/16 02:47:55
-@@ -27,6 +27,8 @@
- #include "ssh2.h"
- #include "auth.h"
-
-+#define CHROOT
-+
- /* types */
-
- #define TTYSZ 64
-@@ -783,6 +785,10 @@
- extern char **environ;
- struct stat st;
- char *argv[10];
-+#ifdef CHROOT
-+ char *user_dir;
-+ char *new_root;
-+#endif /* CHROOT */
-
- #ifndef USE_PAM /* pam_nologin handles this */
- f = fopen("/etc/nologin", "r");
-@@ -799,6 +805,26 @@
- /* Set login name in the kernel. */
- if (setlogin(pw->pw_name) < 0)
- error("setlogin failed: %s", strerror(errno));
-+
-+#ifdef CHROOT
-+ user_dir = xstrdup(pw->pw_dir);
-+ new_root = user_dir + 1;
-+
-+ while((new_root = strchr(new_root, '.')) != NULL) {
-+ new_root--;
-+ if(strncmp(new_root, "/./", 3) == 0) {
-+ *new_root = '\0';
-+ new_root += 2;
-+
-+ if(chroot(user_dir) != 0)
-+ fatal("Couldn't chroot to user directory %s", user_dir);
-+
-+ pw->pw_dir = new_root;
-+ break;
-+ }
-+ new_root += 2;
-+ }
-+#endif /* CHROOT */
-
- /* Set uid, gid, and groups. */
- /* Login(1) does this as well, and it needs uid 0 for the "-h"
+++ /dev/null
-/* $OpenBSD: regex.h,v 1.3 1997/09/21 10:45:48 niklas Exp $ */
-/* $NetBSD: regex.h,v 1.4.6.1 1996/06/10 18:57:07 explorer Exp $ */
-
-/*-
- * Copyright (c) 1992 Henry Spencer.
- * Copyright (c) 1992, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * This code is derived from software contributed to Berkeley by
- * Henry Spencer of the University of Toronto.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * @(#)regex.h 8.1 (Berkeley) 6/2/93
- */
-
-#ifndef _REGEX_H_
-#define _REGEX_H_
-
-#include <sys/types.h>
-
-/* types */
-typedef off_t regoff_t;
-
-typedef struct {
- int re_magic;
- size_t re_nsub; /* number of parenthesized subexpressions */
- const char *re_endp; /* end pointer for REG_PEND */
- struct re_guts *re_g; /* none of your business :-) */
-} regex_t;
-
-typedef struct {
- regoff_t rm_so; /* start of match */
- regoff_t rm_eo; /* end of match */
-} regmatch_t;
-
-/* regcomp() flags */
-#define REG_BASIC 0000
-#define REG_EXTENDED 0001
-#define REG_ICASE 0002
-#define REG_NOSUB 0004
-#define REG_NEWLINE 0010
-#define REG_NOSPEC 0020
-#define REG_PEND 0040
-#define REG_DUMP 0200
-
-/* regerror() flags */
-#define REG_NOMATCH 1
-#define REG_BADPAT 2
-#define REG_ECOLLATE 3
-#define REG_ECTYPE 4
-#define REG_EESCAPE 5
-#define REG_ESUBREG 6
-#define REG_EBRACK 7
-#define REG_EPAREN 8
-#define REG_EBRACE 9
-#define REG_BADBR 10
-#define REG_ERANGE 11
-#define REG_ESPACE 12
-#define REG_BADRPT 13
-#define REG_EMPTY 14
-#define REG_ASSERT 15
-#define REG_INVARG 16
-#define REG_ATOI 255 /* convert name to number (!) */
-#define REG_ITOA 0400 /* convert number to name (!) */
-
-/* regexec() flags */
-#define REG_NOTBOL 00001
-#define REG_NOTEOL 00002
-#define REG_STARTEND 00004
-#define REG_TRACE 00400 /* tracing of execution */
-#define REG_LARGE 01000 /* force large representation */
-#define REG_BACKR 02000 /* force use of backref code */
-
-int regcomp(regex_t*, const char*, int);
-size_t regerror(int, const regex_t*, char*, size_t);
-int regexec(const regex_t*, const char*, size_t, regmatch_t[], int);
-void regfree(regex_t*);
-
-#endif /* !_REGEX_H_ */
andersk / gssapi-openssh.git / commitdiff
