blob: d2a42d85beb2a582a5f1fb979e9cca62b0a6fb84 [file] [log] [blame]
Damien Miller8b1c22b2000-03-15 12:13:01 +11001From: Ricardo Cerqueira <rmcc@clix.pt>
2
3A patch to cause sshd to chroot when it encounters the magic token
4'/./' in a users home directory. The directory portion before the
5token is the directory to chroot() to, the portion after the
6token is the user's home directory relative to the new root.
7
Damien Millerdd034da2000-04-16 12:50:52 +10008Index: session.c
9===================================================================
10RCS file: /var/cvs/openssh/session.c,v
11retrieving revision 1.4
12diff -u -r1.4 session.c
13--- session.c 2000/04/16 02:31:51 1.4
14+++ session.c 2000/04/16 02:47:55
15@@ -27,6 +27,8 @@
16 #include "ssh2.h"
17 #include "auth.h"
Damien Miller8b1c22b2000-03-15 12:13:01 +110018
Damien Millerdd034da2000-04-16 12:50:52 +100019+#define CHROOT
Damien Miller8b1c22b2000-03-15 12:13:01 +110020+
Damien Millerdd034da2000-04-16 12:50:52 +100021 /* types */
Damien Miller8b1c22b2000-03-15 12:13:01 +110022
Damien Millerdd034da2000-04-16 12:50:52 +100023 #define TTYSZ 64
24@@ -783,6 +785,10 @@
Damien Miller8b1c22b2000-03-15 12:13:01 +110025 extern char **environ;
26 struct stat st;
27 char *argv[10];
Damien Millerdd034da2000-04-16 12:50:52 +100028+#ifdef CHROOT
29+ char *user_dir;
30+ char *new_root;
Damien Miller8b1c22b2000-03-15 12:13:01 +110031+#endif /* CHROOT */
32
33 #ifndef USE_PAM /* pam_nologin handles this */
Damien Millerdd034da2000-04-16 12:50:52 +100034 f = fopen("/etc/nologin", "r");
35@@ -799,6 +805,26 @@
36 /* Set login name in the kernel. */
37 if (setlogin(pw->pw_name) < 0)
38 error("setlogin failed: %s", strerror(errno));
Damien Miller8b1c22b2000-03-15 12:13:01 +110039+
Damien Millerdd034da2000-04-16 12:50:52 +100040+#ifdef CHROOT
41+ user_dir = xstrdup(pw->pw_dir);
42+ new_root = user_dir + 1;
Damien Miller8b1c22b2000-03-15 12:13:01 +110043+
Damien Millerdd034da2000-04-16 12:50:52 +100044+ while((new_root = strchr(new_root, '.')) != NULL) {
45+ new_root--;
46+ if(strncmp(new_root, "/./", 3) == 0) {
47+ *new_root = '\0';
48+ new_root += 2;
Damien Miller8b1c22b2000-03-15 12:13:01 +110049+
Damien Millerdd034da2000-04-16 12:50:52 +100050+ if(chroot(user_dir) != 0)
51+ fatal("Couldn't chroot to user directory %s", user_dir);
Damien Miller8b1c22b2000-03-15 12:13:01 +110052+
Damien Millerdd034da2000-04-16 12:50:52 +100053+ pw->pw_dir = new_root;
54+ break;
55+ }
56+ new_root += 2;
57+ }
Damien Miller8b1c22b2000-03-15 12:13:01 +110058+#endif /* CHROOT */
59
Damien Millerdd034da2000-04-16 12:50:52 +100060 /* Set uid, gid, and groups. */
61 /* Login(1) does this as well, and it needs uid 0 for the "-h"