You are still an alternavie to chrsh.c ;)
# cat >patch-chrootssh-openssh-4.1-openbsd-3.7=20
<<EOF_patch-chrootssh-openssh-4.1-openbsd-3.7
--- /usr/src/usr.bin/ssh/session.c Tue Aug 9 11:42:11 2005
+++ /usr/src/usr.bin/ssh/session.c.chrootssh Tue Aug 9 11:41:18 2005
@@ -58,6 +58,8 @@
#include "session.h"
#include "monitor_wrap.h"
+#define CHROOT
+
#ifdef KRB5
#include <kafs.h>
#endif
@@ -996,7 +998,33 @@
void
do_setusercontext(struct passwd *pw)
{
+
+#ifdef CHROOT
+ char *user_dir;
+ char *new_root;
+#endif /* CHROOT */
+
if (getuid() =3D=3D 0 || geteuid() =3D=3D 0) {
+#ifdef CHROOT
+ debug("CHROOT: Enter in chroot patch");
+
+ user_dir =3D xstrdup(pw->pw_dir);
+ new_root =3D user_dir + 1;
+
+ while((new_root =3D strchr(new_root, '.')) !=3D NULL) {
+ new_root--;
+ if(strncmp(new_root, "/./", 3) =3D=3D 0) {
+ *new_root =3D '\0';
+ new_root +=3D 2;
+ debug("CHROOT: Do chroot on %s",user_dir);
+ if(chroot(user_dir) !=3D 0)
+ fatal("Couldn't chroot to user's=20
directory %s",user_dir);
+ pw->pw_dir =3D new_root;
+ break;
+ }
+ new_root +=3D 2;
+ }
+#endif /* CHROOT */
#ifdef HAVE_LOGIN_CAP
if (setusercontext(lc, pw, pw->pw_uid,
(LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
@@ -1016,13 +1044,14 @@
exit(1);
}
endgrent();
-
/* Permanently switch to the desired uid. */
permanently_set_uid(pw);
#endif
+
}
if (getuid() !=3D pw->pw_uid || geteuid() !=3D pw->pw_uid)
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
+
}
static void
EOF_patch-chroot-openssh-4.1-openbsd-3.7
################
# patch -p0 <patch-chrootssh-openssh-4.1-openbsd-3.7
--=20
**************************************************
Sylvain MAURIN - Admin.Sys.
Institut des Sciences Cognitives
UMR 5015 CNRS-Universit=E9 Claude Bernard Lyon 1
67, boulevard Pinel 69675 BRON cedex
Tel: +33 437911218 -- Cel: +33 612399929
Mail: syl...@is...
**************************************************
|
