-/* $OpenBSD: pathnames.h,v 1.11 2002/02/09 17:37:34 deraadt Exp $ */
+/* $OpenBSD: pathnames.h,v 1.12 2002/03/19 03:03:43 stevesk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
#ifndef _PATH_SFTP_SERVER
#define _PATH_SFTP_SERVER "/usr/libexec/sftp-server"
#endif
+
+/* chroot directory for unprivileged user when UsePrivilegeSeparation=yes */
+#define _PATH_PRIVSEP_CHROOT_DIR "/var/empty"
#ifndef _PATH_LS
#define _PATH_LS "ls"
#endif
*/
#include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.103 2002/03/18 23:52:51 stevesk Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.104 2002/03/19 03:03:43 stevesk Exp $");
#if defined(KRB4) || defined(KRB5)
#include <krb.h>
options->unprivileged_user = -1;
options->unprivileged_group = -1;
- options->unprivileged_dir = NULL;
/* Needs to be accessable in many places */
use_privsep = -1;
options->unprivileged_user = 32767;
if (options->unprivileged_group == -1)
options->unprivileged_group = 32767;
- if (options->unprivileged_dir == NULL)
- options->unprivileged_dir = "/var/empty";
}
/* Keyword tokens. */
sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
- sUsePrivilegeSeparation, sUnprivUser, sUnprivGroup, sUnprivDir,
+ sUsePrivilegeSeparation, sUnprivUser, sUnprivGroup,
sDeprecated
} ServerOpCodes;
{ "useprivilegeseparation", sUsePrivilegeSeparation},
{ "unprivuser", sUnprivUser},
{ "unprivgroup", sUnprivGroup},
- { "unprivdir", sUnprivDir},
{ NULL, sBadOption }
};
intptr = &options->unprivileged_group;
goto parse_int;
- case sUnprivDir:
- charptr = &options->unprivileged_dir;
- goto parse_filename;
-
case sAllowUsers:
while ((arg = strdelim(&cp)) && *arg != '\0') {
if (options->num_allow_users >= MAX_ALLOW_USERS)
-/* $OpenBSD: servconf.h,v 1.55 2002/03/18 17:50:31 provos Exp $ */
+/* $OpenBSD: servconf.h,v 1.56 2002/03/19 03:03:43 stevesk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
int unprivileged_user; /* User unprivileged child uses */
int unprivileged_group; /* Group unprivileged child uses */
- char *unprivileged_dir; /* Chroot dir for unprivileged user */
} ServerOptions;
void initialize_server_options(ServerOptions *);
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.231 2002/03/18 17:50:31 provos Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.232 2002/03/19 03:03:43 stevesk Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
demote_sensitive_data();
/* Change our root directory*/
- if (chroot(options.unprivileged_dir) == -1)
- fatal("chroot(/var/empty)");
+ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
+ fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
+ strerror(errno));
if (chdir("/") == -1)
fatal("chdir(/)");