sonic-openssh/contrib/chroot.diff

From: Ricardo Cerqueira <rmcc@clix.pt>

A patch to cause sshd to chroot when it encounters the magic token
'/./' in a users home directory. The directory portion before the
token is the directory to chroot() to, the portion after the
token is the user's home directory relative to the new root.

Index: session.c
===================================================================
RCS file: /var/cvs/openssh/session.c,v
retrieving revision 1.4
diff -u -r1.4 session.c
--- session.c	2000/04/16 02:31:51	1.4
+++ session.c	2000/04/16 02:47:55
@@ -27,6 +27,8 @@
 #include "ssh2.h"
 #include "auth.h"
 
+#define CHROOT
+
 /* types */
 
 #define TTYSZ 64
@@ -783,6 +785,10 @@
 	extern char **environ;
 	struct stat st;
 	char *argv[10];
+#ifdef CHROOT
+	char *user_dir;
+	char *new_root;
+#endif /* CHROOT */
 
 #ifndef USE_PAM /* pam_nologin handles this */
 	f = fopen("/etc/nologin", "r");
@@ -799,6 +805,26 @@
 	/* Set login name in the kernel. */
 	if (setlogin(pw->pw_name) < 0)
 		error("setlogin failed: %s", strerror(errno));
+
+#ifdef CHROOT
+	user_dir = xstrdup(pw->pw_dir);
+	new_root = user_dir + 1;  										  
+
+	while((new_root = strchr(new_root, '.')) != NULL) {
+		new_root--;
+		if(strncmp(new_root, "/./", 3) == 0) {
+			*new_root = '\0';
+			new_root += 2;
+
+			if(chroot(user_dir) != 0)
+				fatal("Couldn't chroot to user directory %s", user_dir);
+
+			pw->pw_dir = new_root;
+			break;
+		}
+		new_root += 2;
+	}
+#endif /* CHROOT */
 
 	/* Set uid, gid, and groups. */
 	/* Login(1) does this as well, and it needs uid 0 for the "-h"
- Created contrib/ subdirectory. Included helpers from Phil Hands' Debian package, README file and chroot patch from Ricardo Cerqueira <rmcc@clix.pt> - Moved gnome-ssh-askpass.c to contrib directory and reomved config option. - Slight cleanup to doc files 2000-03-15 04:13:01 +03:00			`From: Ricardo Cerqueira <rmcc@clix.pt>`

			`A patch to cause sshd to chroot when it encounters the magic token`
			`'/./' in a users home directory. The directory portion before the`
			`token is the directory to chroot() to, the portion after the`
			`token is the user's home directory relative to the new root.`

Updated 2000-04-16 06:50:52 +04:00			`Index: session.c`
			`===================================================================`
			`RCS file: /var/cvs/openssh/session.c,v`
			`retrieving revision 1.4`
			`diff -u -r1.4 session.c`
			`--- session.c 2000/04/16 02:31:51 1.4`
			`+++ session.c 2000/04/16 02:47:55`
			`@@ -27,6 +27,8 @@`
			`#include "ssh2.h"`
			`#include "auth.h"`

			`+#define CHROOT`
			`+`
			`/* types */`

			`#define TTYSZ 64`
			`@@ -783,6 +785,10 @@`
- Created contrib/ subdirectory. Included helpers from Phil Hands' Debian package, README file and chroot patch from Ricardo Cerqueira <rmcc@clix.pt> - Moved gnome-ssh-askpass.c to contrib directory and reomved config option. - Slight cleanup to doc files 2000-03-15 04:13:01 +03:00			`extern char **environ;`
			`struct stat st;`
			`char *argv[10];`
Updated 2000-04-16 06:50:52 +04:00			`+#ifdef CHROOT`
			`+ char *user_dir;`
			`+ char *new_root;`
- Created contrib/ subdirectory. Included helpers from Phil Hands' Debian package, README file and chroot patch from Ricardo Cerqueira <rmcc@clix.pt> - Moved gnome-ssh-askpass.c to contrib directory and reomved config option. - Slight cleanup to doc files 2000-03-15 04:13:01 +03:00			`+#endif /* CHROOT */`

			`#ifndef USE_PAM /* pam_nologin handles this */`
Updated 2000-04-16 06:50:52 +04:00			`f = fopen("/etc/nologin", "r");`
			`@@ -799,6 +805,26 @@`
			`/* Set login name in the kernel. */`
			`if (setlogin(pw->pw_name) < 0)`
			`error("setlogin failed: %s", strerror(errno));`
			`+`
			`+#ifdef CHROOT`
			`+ user_dir = xstrdup(pw->pw_dir);`
			`+ new_root = user_dir + 1;`
			`+`
			`+ while((new_root = strchr(new_root, '.')) != NULL) {`
			`+ new_root--;`
			`+ if(strncmp(new_root, "/./", 3) == 0) {`
			`+ *new_root = '\0';`
			`+ new_root += 2;`
			`+`
			`+ if(chroot(user_dir) != 0)`
			`+ fatal("Couldn't chroot to user directory %s", user_dir);`
			`+`
			`+ pw->pw_dir = new_root;`
			`+ break;`
			`+ }`
			`+ new_root += 2;`
			`+ }`
- Created contrib/ subdirectory. Included helpers from Phil Hands' Debian package, README file and chroot patch from Ricardo Cerqueira <rmcc@clix.pt> - Moved gnome-ssh-askpass.c to contrib directory and reomved config option. - Slight cleanup to doc files 2000-03-15 04:13:01 +03:00			`+#endif /* CHROOT */`

Updated 2000-04-16 06:50:52 +04:00			`/* Set uid, gid, and groups. */`
			`/* Login(1) does this as well, and it needs uid 0 for the "-h"`