[openssh.git] / contrib / chroot.diff

From: Ricardo Cerqueira <rmcc@clix.pt>

A patch to cause sshd to chroot when it encounters the magic token
'/./' in a users home directory. The directory portion before the
token is the directory to chroot() to, the portion after the
token is the user's home directory relative to the new root.


diff -ruN openssh-1.2.3pre2-orig/acconfig.h openssh-1.2.3pre2/acconfig.h
--- openssh-1.2.3pre2-orig/acconfig.h	Sat Mar 11 20:45:40 2000
+++ openssh-1.2.3pre2/acconfig.h	Wed Mar 15 11:44:33 2000
@@ -159,6 +159,9 @@
 /* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */
 #undef IPV4_IN_IPV6
 
+/* Define if you want to enable chrooted users */
+#undef CHROOT
+
 @BOTTOM@
 
 /* ******************* Shouldn't need to edit below this line ************** */
diff -ruN openssh-1.2.3pre2-orig/config.h.in openssh-1.2.3pre2/config.h.in
--- openssh-1.2.3pre2-orig/config.h.in	Wed Mar 15 11:51:02 2000
+++ openssh-1.2.3pre2/config.h.in	Wed Mar 15 11:46:33 2000
@@ -140,6 +140,9 @@
 /* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */
 #undef IPV4_IN_IPV6
 
+/* Define if you want to enable chrooted users */
+#undef CHROOT
+
 /* The number of bytes in a char.  */
 #undef SIZEOF_CHAR
 
diff -ruN openssh-1.2.3pre2-orig/configure openssh-1.2.3pre2/configure
--- openssh-1.2.3pre2-orig/configure	Wed Mar 15 11:51:03 2000
+++ openssh-1.2.3pre2/configure	Wed Mar 15 11:46:34 2000
@@ -52,6 +52,8 @@
 ac_help="$ac_help
   --with-4in6             Check for and convert IPv4 in IPv6 mapped addresses"
 ac_help="$ac_help
+  --with-chroot           Enable chroot using /./ directory token"
+ac_help="$ac_help
   --with-pid-dir=PATH     Specify location of ssh.pid file"
 
 # Initialize some variables set by options.
@@ -3605,6 +3607,22 @@
 
 		else
 			echo "$ac_t""no (default)" 1>&6
+		fi
+	
+
+fi
+
+
+# Whether to enable the magic chroot token
+# Check whether --with-chroot or --without-chroot was given.
+if test "${with_chroot+set}" = set; then
+  withval="$with_chroot"
+  
+		if test "x$withval" != "xno" ; then	
+			cat >> confdefs.h <<\EOF
+#define CHROOT 1
+EOF
+
 		fi
 	
 
diff -ruN openssh-1.2.3pre2-orig/configure.in openssh-1.2.3pre2/configure.in
--- openssh-1.2.3pre2-orig/configure.in	Sat Mar 11 20:45:41 2000
+++ openssh-1.2.3pre2/configure.in	Wed Mar 15 11:46:04 2000
@@ -810,6 +810,16 @@
 	]
 )
 
+# Whether to enable the magic chroot token
+AC_ARG_WITH(chroot,
+	[  --with-chroot           Enable chroot using /./ directory token],
+	[
+		if test "x$withval" != "xno" ; then	
+			AC_DEFINE(CHROOT)
+		fi
+	]
+)
+
 # Where to place sshd.pid
 piddir=/var/run
 AC_ARG_WITH(pid-dir,
diff -ruN openssh-1.2.3pre2-orig/sshd.c openssh-1.2.3pre2/sshd.c
--- openssh-1.2.3pre2-orig/sshd.c	Sat Mar 11 11:58:29 2000
+++ openssh-1.2.3pre2/sshd.c	Wed Mar 15 11:43:38 2000
@@ -2365,6 +2365,10 @@
 	extern char **environ;
 	struct stat st;
 	char *argv[10];
+#ifdef CHROOT /* patch by rmcc */
+        char *user_dir;
+        char *new_root;
+#endif /* CHROOT */
 
 #ifndef USE_PAM /* pam_nologin handles this */
 	/* Check /etc/nologin. */
@@ -2422,6 +2426,29 @@
 		krb_afslog(0, 0);
 	}
 #endif /* AFS */
+
+#ifdef CHROOT /* patch by rmcc */
+
+        user_dir = xstrdup(pw->pw_dir);
+        new_root = user_dir;                                  
+
+        while((new_root = strchr(new_root, '.')) != NULL){
+          new_root--;
+          if(strncmp(new_root, "/./", 3) == 0){
+            *new_root = 0;
+            new_root += 2;
+            if(chroot(user_dir) != 0){
+              printf("Couldn't chroot!\n");
+              exit(1);
+            }
+            pw->pw_dir = new_root;
+            break;
+          }
+          new_root +=2;
+        }
+
+
+#endif /* CHROOT */
 
 	/* Initialize the environment. */
 	envsize = 100;
Commit	Line	Data
13652e52	1	From: Ricardo Cerqueira <rmcc@clix.pt>
	2
	3	A patch to cause sshd to chroot when it encounters the magic token
	4	'/./' in a users home directory. The directory portion before the
	5	token is the directory to chroot() to, the portion after the
	6	token is the user's home directory relative to the new root.
	7
	8
	9
	10	diff -ruN openssh-1.2.3pre2-orig/acconfig.h openssh-1.2.3pre2/acconfig.h
	11	--- openssh-1.2.3pre2-orig/acconfig.h Sat Mar 11 20:45:40 2000
	12	+++ openssh-1.2.3pre2/acconfig.h Wed Mar 15 11:44:33 2000
	13	@@ -159,6 +159,9 @@
	14	/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */
	15	#undef IPV4_IN_IPV6
	16
	17	+/* Define if you want to enable chrooted users */
	18	+#undef CHROOT
	19	+
	20	@BOTTOM@
	21
	22	/* ***************** Shouldn't need to edit below this line ************ */
	23	diff -ruN openssh-1.2.3pre2-orig/config.h.in openssh-1.2.3pre2/config.h.in
	24	--- openssh-1.2.3pre2-orig/config.h.in Wed Mar 15 11:51:02 2000
	25	+++ openssh-1.2.3pre2/config.h.in Wed Mar 15 11:46:33 2000
	26	@@ -140,6 +140,9 @@
	27	/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */
	28	#undef IPV4_IN_IPV6
	29
	30	+/* Define if you want to enable chrooted users */
	31	+#undef CHROOT
	32	+
	33	/* The number of bytes in a char. */
	34	#undef SIZEOF_CHAR
	35
	36	diff -ruN openssh-1.2.3pre2-orig/configure openssh-1.2.3pre2/configure
	37	--- openssh-1.2.3pre2-orig/configure Wed Mar 15 11:51:03 2000
	38	+++ openssh-1.2.3pre2/configure Wed Mar 15 11:46:34 2000
	39	@@ -52,6 +52,8 @@
	40	ac_help="$ac_help
	41	--with-4in6 Check for and convert IPv4 in IPv6 mapped addresses"
	42	ac_help="$ac_help
	43	+ --with-chroot Enable chroot using /./ directory token"
	44	+ac_help="$ac_help
	45	--with-pid-dir=PATH Specify location of ssh.pid file"
	46
	47	# Initialize some variables set by options.
	48	@@ -3605,6 +3607,22 @@
	49
	50	else
	51	echo "$ac_t""no (default)" 1>&6
	52	+ fi
	53	+
	54	+
	55	+fi
	56	+
	57	+
	58	+# Whether to enable the magic chroot token
	59	+# Check whether --with-chroot or --without-chroot was given.
	60	+if test "${with_chroot+set}" = set; then
	61	+ withval="$with_chroot"
	62	+
	63	+ if test "x$withval" != "xno" ; then
	64	+ cat >> confdefs.h <<\EOF
65	+#define CHROOT 1
66	+EOF
67	+
68	fi
69
70
71	diff -ruN openssh-1.2.3pre2-orig/configure.in openssh-1.2.3pre2/configure.in
72	--- openssh-1.2.3pre2-orig/configure.in Sat Mar 11 20:45:41 2000
73	+++ openssh-1.2.3pre2/configure.in Wed Mar 15 11:46:04 2000
74	@@ -810,6 +810,16 @@
75	]
76	)
77
78	+# Whether to enable the magic chroot token
79	+AC_ARG_WITH(chroot,
80	+ [ --with-chroot Enable chroot using /./ directory token],
81	+ [
82	+ if test "x$withval" != "xno" ; then
83	+ AC_DEFINE(CHROOT)
84	+ fi
85	+ ]
86	+)
87	+
88	# Where to place sshd.pid
89	piddir=/var/run
90	AC_ARG_WITH(pid-dir,
91	diff -ruN openssh-1.2.3pre2-orig/sshd.c openssh-1.2.3pre2/sshd.c
92	--- openssh-1.2.3pre2-orig/sshd.c Sat Mar 11 11:58:29 2000
93	+++ openssh-1.2.3pre2/sshd.c Wed Mar 15 11:43:38 2000
94	@@ -2365,6 +2365,10 @@
95	extern char **environ;
96	struct stat st;
97	char *argv[10];
98	+#ifdef CHROOT /* patch by rmcc */
99	+ char *user_dir;
100	+ char *new_root;
101	+#endif /* CHROOT */
102
103	#ifndef USE_PAM /* pam_nologin handles this */
104	/* Check /etc/nologin. */
105	@@ -2422,6 +2426,29 @@
106	krb_afslog(0, 0);
107	}
108	#endif /* AFS */
109	+
110	+#ifdef CHROOT /* patch by rmcc */
111	+
112	+ user_dir = xstrdup(pw->pw_dir);
113	+ new_root = user_dir;
114	+
115	+ while((new_root = strchr(new_root, '.')) != NULL){
116	+ new_root--;
117	+ if(strncmp(new_root, "/./", 3) == 0){
118	+ *new_root = 0;
119	+ new_root += 2;
120	+ if(chroot(user_dir) != 0){
121	+ printf("Couldn't chroot!\n");
122	+ exit(1);
123	+ }
124	+ pw->pw_dir = new_root;
125	+ break;
126	+ }
127	+ new_root +=2;
128	+ }
129	+
130	+
131	+#endif /* CHROOT */
132
133	/* Initialize the environment. */
134	envsize = 100;