]>
Commit | Line | Data |
---|---|---|
13652e52 | 1 | From: Ricardo Cerqueira <rmcc@clix.pt> |
2 | ||
3 | A patch to cause sshd to chroot when it encounters the magic token | |
4 | '/./' in a users home directory. The directory portion before the | |
5 | token is the directory to chroot() to, the portion after the | |
6 | token is the user's home directory relative to the new root. | |
7 | ||
8 | ||
9 | ||
10 | diff -ruN openssh-1.2.3pre2-orig/acconfig.h openssh-1.2.3pre2/acconfig.h | |
11 | --- openssh-1.2.3pre2-orig/acconfig.h Sat Mar 11 20:45:40 2000 | |
12 | +++ openssh-1.2.3pre2/acconfig.h Wed Mar 15 11:44:33 2000 | |
13 | @@ -159,6 +159,9 @@ | |
14 | /* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */ | |
15 | #undef IPV4_IN_IPV6 | |
16 | ||
17 | +/* Define if you want to enable chrooted users */ | |
18 | +#undef CHROOT | |
19 | + | |
20 | @BOTTOM@ | |
21 | ||
22 | /* ******************* Shouldn't need to edit below this line ************** */ | |
23 | diff -ruN openssh-1.2.3pre2-orig/config.h.in openssh-1.2.3pre2/config.h.in | |
24 | --- openssh-1.2.3pre2-orig/config.h.in Wed Mar 15 11:51:02 2000 | |
25 | +++ openssh-1.2.3pre2/config.h.in Wed Mar 15 11:46:33 2000 | |
26 | @@ -140,6 +140,9 @@ | |
27 | /* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */ | |
28 | #undef IPV4_IN_IPV6 | |
29 | ||
30 | +/* Define if you want to enable chrooted users */ | |
31 | +#undef CHROOT | |
32 | + | |
33 | /* The number of bytes in a char. */ | |
34 | #undef SIZEOF_CHAR | |
35 | ||
36 | diff -ruN openssh-1.2.3pre2-orig/configure openssh-1.2.3pre2/configure | |
37 | --- openssh-1.2.3pre2-orig/configure Wed Mar 15 11:51:03 2000 | |
38 | +++ openssh-1.2.3pre2/configure Wed Mar 15 11:46:34 2000 | |
39 | @@ -52,6 +52,8 @@ | |
40 | ac_help="$ac_help | |
41 | --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses" | |
42 | ac_help="$ac_help | |
43 | + --with-chroot Enable chroot using /./ directory token" | |
44 | +ac_help="$ac_help | |
45 | --with-pid-dir=PATH Specify location of ssh.pid file" | |
46 | ||
47 | # Initialize some variables set by options. | |
48 | @@ -3605,6 +3607,22 @@ | |
49 | ||
50 | else | |
51 | echo "$ac_t""no (default)" 1>&6 | |
52 | + fi | |
53 | + | |
54 | + | |
55 | +fi | |
56 | + | |
57 | + | |
58 | +# Whether to enable the magic chroot token | |
59 | +# Check whether --with-chroot or --without-chroot was given. | |
60 | +if test "${with_chroot+set}" = set; then | |
61 | + withval="$with_chroot" | |
62 | + | |
63 | + if test "x$withval" != "xno" ; then | |
64 | + cat >> confdefs.h <<\EOF | |
65 | +#define CHROOT 1 | |
66 | +EOF | |
67 | + | |
68 | fi | |
69 | ||
70 | ||
71 | diff -ruN openssh-1.2.3pre2-orig/configure.in openssh-1.2.3pre2/configure.in | |
72 | --- openssh-1.2.3pre2-orig/configure.in Sat Mar 11 20:45:41 2000 | |
73 | +++ openssh-1.2.3pre2/configure.in Wed Mar 15 11:46:04 2000 | |
74 | @@ -810,6 +810,16 @@ | |
75 | ] | |
76 | ) | |
77 | ||
78 | +# Whether to enable the magic chroot token | |
79 | +AC_ARG_WITH(chroot, | |
80 | + [ --with-chroot Enable chroot using /./ directory token], | |
81 | + [ | |
82 | + if test "x$withval" != "xno" ; then | |
83 | + AC_DEFINE(CHROOT) | |
84 | + fi | |
85 | + ] | |
86 | +) | |
87 | + | |
88 | # Where to place sshd.pid | |
89 | piddir=/var/run | |
90 | AC_ARG_WITH(pid-dir, | |
91 | diff -ruN openssh-1.2.3pre2-orig/sshd.c openssh-1.2.3pre2/sshd.c | |
92 | --- openssh-1.2.3pre2-orig/sshd.c Sat Mar 11 11:58:29 2000 | |
93 | +++ openssh-1.2.3pre2/sshd.c Wed Mar 15 11:43:38 2000 | |
94 | @@ -2365,6 +2365,10 @@ | |
95 | extern char **environ; | |
96 | struct stat st; | |
97 | char *argv[10]; | |
98 | +#ifdef CHROOT /* patch by rmcc */ | |
99 | + char *user_dir; | |
100 | + char *new_root; | |
101 | +#endif /* CHROOT */ | |
102 | ||
103 | #ifndef USE_PAM /* pam_nologin handles this */ | |
104 | /* Check /etc/nologin. */ | |
105 | @@ -2422,6 +2426,29 @@ | |
106 | krb_afslog(0, 0); | |
107 | } | |
108 | #endif /* AFS */ | |
109 | + | |
110 | +#ifdef CHROOT /* patch by rmcc */ | |
111 | + | |
112 | + user_dir = xstrdup(pw->pw_dir); | |
113 | + new_root = user_dir; | |
114 | + | |
115 | + while((new_root = strchr(new_root, '.')) != NULL){ | |
116 | + new_root--; | |
117 | + if(strncmp(new_root, "/./", 3) == 0){ | |
118 | + *new_root = 0; | |
119 | + new_root += 2; | |
120 | + if(chroot(user_dir) != 0){ | |
121 | + printf("Couldn't chroot!\n"); | |
122 | + exit(1); | |
123 | + } | |
124 | + pw->pw_dir = new_root; | |
125 | + break; | |
126 | + } | |
127 | + new_root +=2; | |
128 | + } | |
129 | + | |
130 | + | |
131 | +#endif /* CHROOT */ | |
132 | ||
133 | /* Initialize the environment. */ | |
134 | envsize = 100; |