mirror of git://anongit.mindrot.org/openssh.git
Updated
This commit is contained in:
Damien Miller
parent
1d2723f556
commit
dd034dad94
|
|
@ -5,130 +5,57 @@ A patch to cause sshd to chroot when it encounters the magic token
|
|||
token is the directory to chroot() to, the portion after the
|
||||
token is the user's home directory relative to the new root.
|
||||
|
||||
|
||||
|
||||
diff -ruN openssh-1.2.3pre2-orig/acconfig.h openssh-1.2.3pre2/acconfig.h
|
||||
--- openssh-1.2.3pre2-orig/acconfig.h Sat Mar 11 20:45:40 2000
|
||||
+++ openssh-1.2.3pre2/acconfig.h Wed Mar 15 11:44:33 2000
|
||||
@@ -159,6 +159,9 @@
|
||||
/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */
|
||||
#undef IPV4_IN_IPV6
|
||||
Index: session.c
|
||||
===================================================================
|
||||
RCS file: /var/cvs/openssh/session.c,v
|
||||
retrieving revision 1.4
|
||||
diff -u -r1.4 session.c
|
||||
--- session.c 2000/04/16 02:31:51 1.4
|
||||
+++ session.c 2000/04/16 02:47:55
|
||||
@@ -27,6 +27,8 @@
|
||||
#include "ssh2.h"
|
||||
#include "auth.h"
|
||||
|
||||
+/* Define if you want to enable chrooted users */
|
||||
+#undef CHROOT
|
||||
+#define CHROOT
|
||||
+
|
||||
@BOTTOM@
|
||||
/* types */
|
||||
|
||||
/* ******************* Shouldn't need to edit below this line ************** */
|
||||
diff -ruN openssh-1.2.3pre2-orig/config.h.in openssh-1.2.3pre2/config.h.in
|
||||
--- openssh-1.2.3pre2-orig/config.h.in Wed Mar 15 11:51:02 2000
|
||||
+++ openssh-1.2.3pre2/config.h.in Wed Mar 15 11:46:33 2000
|
||||
@@ -140,6 +140,9 @@
|
||||
/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */
|
||||
#undef IPV4_IN_IPV6
|
||||
|
||||
+/* Define if you want to enable chrooted users */
|
||||
+#undef CHROOT
|
||||
+
|
||||
/* The number of bytes in a char. */
|
||||
#undef SIZEOF_CHAR
|
||||
|
||||
diff -ruN openssh-1.2.3pre2-orig/configure openssh-1.2.3pre2/configure
|
||||
--- openssh-1.2.3pre2-orig/configure Wed Mar 15 11:51:03 2000
|
||||
+++ openssh-1.2.3pre2/configure Wed Mar 15 11:46:34 2000
|
||||
@@ -52,6 +52,8 @@
|
||||
ac_help="$ac_help
|
||||
--with-4in6 Check for and convert IPv4 in IPv6 mapped addresses"
|
||||
ac_help="$ac_help
|
||||
+ --with-chroot Enable chroot using /./ directory token"
|
||||
+ac_help="$ac_help
|
||||
--with-pid-dir=PATH Specify location of ssh.pid file"
|
||||
|
||||
# Initialize some variables set by options.
|
||||
@@ -3605,6 +3607,22 @@
|
||||
|
||||
else
|
||||
echo "$ac_t""no (default)" 1>&6
|
||||
+ fi
|
||||
+
|
||||
+
|
||||
+fi
|
||||
+
|
||||
+
|
||||
+# Whether to enable the magic chroot token
|
||||
+# Check whether --with-chroot or --without-chroot was given.
|
||||
+if test "${with_chroot+set}" = set; then
|
||||
+ withval="$with_chroot"
|
||||
+
|
||||
+ if test "x$withval" != "xno" ; then
|
||||
+ cat >> confdefs.h <<\EOF
|
||||
+#define CHROOT 1
|
||||
+EOF
|
||||
+
|
||||
fi
|
||||
|
||||
|
||||
diff -ruN openssh-1.2.3pre2-orig/configure.in openssh-1.2.3pre2/configure.in
|
||||
--- openssh-1.2.3pre2-orig/configure.in Sat Mar 11 20:45:41 2000
|
||||
+++ openssh-1.2.3pre2/configure.in Wed Mar 15 11:46:04 2000
|
||||
@@ -810,6 +810,16 @@
|
||||
]
|
||||
)
|
||||
|
||||
+# Whether to enable the magic chroot token
|
||||
+AC_ARG_WITH(chroot,
|
||||
+ [ --with-chroot Enable chroot using /./ directory token],
|
||||
+ [
|
||||
+ if test "x$withval" != "xno" ; then
|
||||
+ AC_DEFINE(CHROOT)
|
||||
+ fi
|
||||
+ ]
|
||||
+)
|
||||
+
|
||||
# Where to place sshd.pid
|
||||
piddir=/var/run
|
||||
AC_ARG_WITH(pid-dir,
|
||||
diff -ruN openssh-1.2.3pre2-orig/sshd.c openssh-1.2.3pre2/sshd.c
|
||||
--- openssh-1.2.3pre2-orig/sshd.c Sat Mar 11 11:58:29 2000
|
||||
+++ openssh-1.2.3pre2/sshd.c Wed Mar 15 11:43:38 2000
|
||||
@@ -2365,6 +2365,10 @@
|
||||
#define TTYSZ 64
|
||||
@@ -783,6 +785,10 @@
|
||||
extern char **environ;
|
||||
struct stat st;
|
||||
char *argv[10];
|
||||
+#ifdef CHROOT /* patch by rmcc */
|
||||
+ char *user_dir;
|
||||
+ char *new_root;
|
||||
+#ifdef CHROOT
|
||||
+ char *user_dir;
|
||||
+ char *new_root;
|
||||
+#endif /* CHROOT */
|
||||
|
||||
#ifndef USE_PAM /* pam_nologin handles this */
|
||||
/* Check /etc/nologin. */
|
||||
@@ -2422,6 +2426,29 @@
|
||||
krb_afslog(0, 0);
|
||||
}
|
||||
#endif /* AFS */
|
||||
f = fopen("/etc/nologin", "r");
|
||||
@@ -799,6 +805,26 @@
|
||||
/* Set login name in the kernel. */
|
||||
if (setlogin(pw->pw_name) < 0)
|
||||
error("setlogin failed: %s", strerror(errno));
|
||||
+
|
||||
+#ifdef CHROOT /* patch by rmcc */
|
||||
+#ifdef CHROOT
|
||||
+ user_dir = xstrdup(pw->pw_dir);
|
||||
+ new_root = user_dir + 1;
|
||||
+
|
||||
+ user_dir = xstrdup(pw->pw_dir);
|
||||
+ new_root = user_dir;
|
||||
+
|
||||
+ while((new_root = strchr(new_root, '.')) != NULL){
|
||||
+ new_root--;
|
||||
+ if(strncmp(new_root, "/./", 3) == 0){
|
||||
+ *new_root = 0;
|
||||
+ new_root += 2;
|
||||
+ if(chroot(user_dir) != 0){
|
||||
+ printf("Couldn't chroot!\n");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ pw->pw_dir = new_root;
|
||||
+ break;
|
||||
+ }
|
||||
+ new_root +=2;
|
||||
+ }
|
||||
+ while((new_root = strchr(new_root, '.')) != NULL) {
|
||||
+ new_root--;
|
||||
+ if(strncmp(new_root, "/./", 3) == 0) {
|
||||
+ *new_root = '\0';
|
||||
+ new_root += 2;
|
||||
+
|
||||
+ if(chroot(user_dir) != 0)
|
||||
+ fatal("Couldn't chroot to user directory %s", user_dir);
|
||||
+
|
||||
+ pw->pw_dir = new_root;
|
||||
+ break;
|
||||
+ }
|
||||
+ new_root += 2;
|
||||
+ }
|
||||
+#endif /* CHROOT */
|
||||
|
||||
/* Initialize the environment. */
|
||||
envsize = 100;
|
||||
/* Set uid, gid, and groups. */
|
||||
/* Login(1) does this as well, and it needs uid 0 for the "-h"
|
||||
|
|
|
|||
Loading…
Reference in New Issue