From c5bf32e67c40b2b56bf2e237322c7843b5749108 Mon Sep 17 00:00:00 2001 From: djm Date: Sun, 10 Feb 2008 11:48:55 +0000 Subject: [PATCH] - djm@cvs.openbsd.org 2008/02/10 10:54:29 [servconf.c session.c] delay ~ expansion for ChrootDirectory so it expands to the logged-in user's home, rather than the user who starts sshd (probably root) --- ChangeLog | 4 ++++ servconf.c | 11 +++++++++-- session.c | 13 ++++++++----- 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 99f57211..d9fc1f9f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -78,6 +78,10 @@ - djm@cvs.openbsd.org 2008/02/10 09:55:37 [sshd_config.5] mantion that "internal-sftp" is useful with ForceCommand too + - djm@cvs.openbsd.org 2008/02/10 10:54:29 + [servconf.c session.c] + delay ~ expansion for ChrootDirectory so it expands to the logged-in user's + home, rather than the user who starts sshd (probably root) 20080119 - (djm) Silence noice from expr in ssh-copy-id; patch from diff --git a/servconf.c b/servconf.c index d38d0bfb..9add96ca 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.176 2008/02/08 23:24:08 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.177 2008/02/10 10:54:28 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1260,7 +1260,14 @@ parse_flag: case sChrootDirectory: charptr = &options->chroot_directory; - goto parse_filename; + + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: missing file name.", + filename, linenum); + if (*activep && *charptr == NULL) + *charptr = xstrdup(arg); + break; case sDeprecated: logit("%s line %d: Deprecated option %s", diff --git a/session.c b/session.c index 1768c8c2..545e27fb 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.226 2008/02/08 23:24:07 djm Exp $ */ +/* $OpenBSD: session.c,v 1.227 2008/02/10 10:54:29 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1359,6 +1359,8 @@ safely_chroot(const char *path, uid_t uid) void do_setusercontext(struct passwd *pw) { + char *chroot_path, *tmp; + #ifndef HAVE_CYGWIN if (getuid() == 0 || geteuid() == 0) #endif /* HAVE_CYGWIN */ @@ -1442,11 +1444,12 @@ do_setusercontext(struct passwd *pw) if (options.chroot_directory != NULL && strcasecmp(options.chroot_directory, "none") != 0) { - char *chroot_path; - - chroot_path = percent_expand(options.chroot_directory, - "h", pw->pw_dir, "u", pw->pw_name, (char *)NULL); + tmp = tilde_expand_filename(options.chroot_directory, + pw->pw_uid); + chroot_path = percent_expand(tmp, "h", pw->pw_dir, + "u", pw->pw_name, (char *)NULL); safely_chroot(chroot_path, pw->pw_uid); + free(tmp); free(chroot_path); } -- 2.45.2