1 files changed, 61 insertions, 0 deletions
diff --git a/other/openssh-2.1.1p4/contrib/chroot.diff b/other/openssh-2.1.1p4/contrib/chroot.diff
new file mode 100644
index 0000000..d2a42d8
--- /dev/null
+++ b/other/openssh-2.1.1p4/contrib/chroot.diff
@@ -0,0 +1,61 @@
+From: Ricardo Cerqueira <rmcc@clix.pt>
+A patch to cause sshd to chroot when it encounters the magic token
+'/./' in a users home directory. The directory portion before the
+token is the directory to chroot() to, the portion after the
+token is the user's home directory relative to the new root.
+Index: session.c
+===================================================================
+RCS file: /var/cvs/openssh/session.c,v
+retrieving revision 1.4
+diff -u -r1.4 session.c
+--- session.c   2000/04/16 02:31:51     1.4
+++ session.c   2000/04/16 02:47:55
+@@ -27,6 +27,8 @@
+ #include "ssh2.h"
+ #include "auth.h"
+ 
+#define CHROOT
+
+ /* types */
+ 
+ #define TTYSZ 64
+@@ -783,6 +785,10 @@
+        extern char **environ;
+        struct stat st;
+        char *argv[10];
+#ifdef CHROOT
+       char *user_dir;
+       char *new_root;
+#endif /* CHROOT */
+ 
+ #ifndef USE_PAM /* pam_nologin handles this */
+        f = fopen("/etc/nologin", "r");
+@@ -799,6 +805,26 @@
+        /* Set login name in the kernel. */
+        if (setlogin(pw->pw_name) < 0)
+                error("setlogin failed: %s", strerror(errno));
+
+#ifdef CHROOT
+       user_dir = xstrdup(pw->pw_dir);
+       new_root = user_dir + 1;                                                                                  
+
+       while((new_root = strchr(new_root, '.')) != NULL) {
+               new_root--;
+               if(strncmp(new_root, "/./", 3) == 0) {
+                       *new_root = '\0';
+                       new_root += 2;
+
+                       if(chroot(user_dir) != 0)
+                               fatal("Couldn't chroot to user directory %s", user_dir);
+
+                       pw->pw_dir = new_root;
+                       break;
+               }
+               new_root += 2;
+       }
+#endif /* CHROOT */
+ 
+        /* Set uid, gid, and groups. */
+        /* Login(1) does this as well, and it needs uid 0 for the "-h"

diff --git a/other/openssh-2.1.1p4/contrib/chroot.diff b/other/openssh-2.1.1p4/contrib/chroot.diff new file mode 100644 index 0000000..d2a42d8 --- /dev/null +++ b/other/openssh-2.1.1p4/contrib/chroot.diff
@@ -0,0 +1,61 @@
	1	From: Ricardo Cerqueira <rmcc@clix.pt>
	2
	3	A patch to cause sshd to chroot when it encounters the magic token
	4	'/./' in a users home directory. The directory portion before the
	5	token is the directory to chroot() to, the portion after the
	6	token is the user's home directory relative to the new root.
	7
	8	Index: session.c
	9	===================================================================
	10	RCS file: /var/cvs/openssh/session.c,v
	11	retrieving revision 1.4
	12	diff -u -r1.4 session.c
	13	--- session.c 2000/04/16 02:31:51 1.4
	14	+++ session.c 2000/04/16 02:47:55
	15	@@ -27,6 +27,8 @@
	16	#include "ssh2.h"
	17	#include "auth.h"
	18
	19	+#define CHROOT
	20	+
	21	/* types */
	22
	23	#define TTYSZ 64
	24	@@ -783,6 +785,10 @@
	25	extern char **environ;
	26	struct stat st;
	27	char *argv[10];
	28	+#ifdef CHROOT
	29	+ char *user_dir;
	30	+ char *new_root;
	31	+#endif /* CHROOT */
	32
	33	#ifndef USE_PAM /* pam_nologin handles this */
	34	f = fopen("/etc/nologin", "r");
	35	@@ -799,6 +805,26 @@
	36	/* Set login name in the kernel. */
	37	if (setlogin(pw->pw_name) < 0)
	38	error("setlogin failed: %s", strerror(errno));
	39	+
	40	+#ifdef CHROOT
	41	+ user_dir = xstrdup(pw->pw_dir);
	42	+ new_root = user_dir + 1;
	43	+
	44	+ while((new_root = strchr(new_root, '.')) != NULL) {
	45	+ new_root--;
	46	+ if(strncmp(new_root, "/./", 3) == 0) {
	47	+ *new_root = '\0';
	48	+ new_root += 2;
	49	+
	50	+ if(chroot(user_dir) != 0)
	51	+ fatal("Couldn't chroot to user directory %s", user_dir);
	52	+
	53	+ pw->pw_dir = new_root;
	54	+ break;
	55	+ }
	56	+ new_root += 2;
	57	+ }
	58	+#endif /* CHROOT */
	59
	60	/* Set uid, gid, and groups. */
	61	/* Login(1) does this as well, and it needs uid 0 for the "-h"