RepoMirrors
/
openssh
mirror of git://anongit.mindrot.org/openssh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- djm@cvs.openbsd.org 2008/02/10 10:54:29 

[servconf.c session.c]
     delay ~ expansion for ChrootDirectory so it expands to the logged-in user's
     home, rather than the user who starts sshd (probably root)
This commit is contained in:
Damien Miller 2008-02-10 22:48:55 +11:00
parent cdb6e65175
commit 54e3773ccb
3 changed files with 22 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -78,6 +78,10 @@
- djm@cvs.openbsd.org 2008/02/10 09:55:37 - djm@cvs.openbsd.org 2008/02/10 09:55:37
[sshd_config.5] [sshd_config.5]
mantion that "internal-sftp" is useful with ForceCommand too mantion that "internal-sftp" is useful with ForceCommand too
- djm@cvs.openbsd.org 2008/02/10 10:54:29
[servconf.c session.c]
delay ~ expansion for ChrootDirectory so it expands to the logged-in user's
home, rather than the user who starts sshd (probably root)
20080119 20080119
- (djm) Silence noice from expr in ssh-copy-id; patch from - (djm) Silence noice from expr in ssh-copy-id; patch from
@ -3606,4 +3610,4 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@ passwords between UnixWare and OpenServer they will still work. OK dtucker@
$Id: ChangeLog,v 1.4836 2008/02/10 11:47:24 djm Exp $ $Id: ChangeLog,v 1.4837 2008/02/10 11:48:55 djm Exp $

11
servconf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: servconf.c,v 1.176 2008/02/08 23:24:08 djm Exp $ */ /* $OpenBSD: servconf.c,v 1.177 2008/02/10 10:54:28 djm Exp $ */
/* /*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved * All rights reserved
@ -1260,7 +1260,14 @@ parse_flag:
case sChrootDirectory: case sChrootDirectory:
charptr = &options->chroot_directory; charptr = &options->chroot_directory;
goto parse_filename;
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%s line %d: missing file name.",
filename, linenum);
if (*activep && *charptr == NULL)
*charptr = xstrdup(arg);
break;
case sDeprecated: case sDeprecated:
logit("%s line %d: Deprecated option %s", logit("%s line %d: Deprecated option %s",

13
session.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: session.c,v 1.226 2008/02/08 23:24:07 djm Exp $ */ /* $OpenBSD: session.c,v 1.227 2008/02/10 10:54:29 djm Exp $ */
/* /*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved * All rights reserved
@ -1359,6 +1359,8 @@ safely_chroot(const char *path, uid_t uid)
void void
do_setusercontext(struct passwd *pw) do_setusercontext(struct passwd *pw)
{ {
char *chroot_path, *tmp;
#ifndef HAVE_CYGWIN #ifndef HAVE_CYGWIN
if (getuid() == 0 || geteuid() == 0) if (getuid() == 0 || geteuid() == 0)
#endif /* HAVE_CYGWIN */ #endif /* HAVE_CYGWIN */
@ -1442,11 +1444,12 @@ do_setusercontext(struct passwd *pw)
if (options.chroot_directory != NULL && if (options.chroot_directory != NULL &&
strcasecmp(options.chroot_directory, "none") != 0) { strcasecmp(options.chroot_directory, "none") != 0) {
char *chroot_path; tmp = tilde_expand_filename(options.chroot_directory,
pw->pw_uid);
chroot_path = percent_expand(options.chroot_directory, chroot_path = percent_expand(tmp, "h", pw->pw_dir,
"h", pw->pw_dir, "u", pw->pw_name, (char *)NULL); "u", pw->pw_name, (char *)NULL);
safely_chroot(chroot_path, pw->pw_uid); safely_chroot(chroot_path, pw->pw_uid);
free(tmp);
free(chroot_path); free(chroot_path);
} }