59 – The contrib/chroot.diff patch is out of date and broken

Bug 59 - The contrib/chroot.diff patch is out of date and broken

Summary: The contrib/chroot.diff patch is out of date and broken

Status:	CLOSED WONTFIX

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	-current
Hardware:	All Other

Importance:	P5 enhancement
Assignee:	OpenSSH Bugzilla mailing list

URL:
Keywords:

Depends on:
Blocks:

Reported:	2001-12-24 02:34 AEDT by Nico Kadel-Garcia
Modified:	2004-04-14 12:24 AEST (History)
CC List:	0 users

See Also:

Attachments
chroot patch for openssh-3.0.2p1 (2.25 KB, patch) 2001-12-24 02:35 AEDT, Nico Kadel-Garcia	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Nico Kadel-Garcia 2001-12-24 02:34:15 AEDT

I've generated a new patch that includes fixes for configure.ac, 
config.h.in.orig, and session.c to include a "configure" managable --with-
chroot option. I've also modified the session.c part of the old patch to 
install correctly with the latest version of session.c.

The patch is included below:

bash-2.04$ cat ~/openssh-3.0.2p1-chroot.patch 
--- openssh-3.0.2p1/session.c.orig      Sat Dec  1 18:37:08 2001
+++ openssh-3.0.2p1/session.c   Thu Dec 20 14:35:11 2001
@@ -1038,6 +1038,10 @@
        struct stat st;
        char *argv[10];
        int do_xauth;
+#ifdef HAVE_CHROOT
+       char *user_dir;
+       char *new_root;
+#endif /* HAVE_CHROOT */
 #ifdef WITH_IRIX_PROJECT
        prid_t projid;
 #endif /* WITH_IRIX_PROJECT */
@@ -1111,6 +1115,24 @@
 
                        if (setlogin(pw->pw_name) < 0)
                                error("setlogin failed: %s", strerror(errno));
+#ifdef HAVE_CHROOT
+                       user_dir = xstrdup(pw->pw_dir);
+                       new_root = user_dir + 
1;                                                                              
    
+                       while((new_root = strchr(new_root, '.')) != NULL) {
+                         new_root--;
+                         if(strncmp(new_root, "/./", 3) == 0) {
+                           *new_root = '\0';
+                           new_root += 2;
+
+                           if(chroot(user_dir) != 0)
+                             fatal("Couldn't chroot to user directory %s", 
user_dir);
+
+                           pw->pw_dir = new_root;
+                           break;
+                         }
+                         new_root += 2;
+                       }
+#endif /* HAVE_CHROOT */
                        if (setgid(pw->pw_gid) < 0) {
                                perror("setgid");
                                exit(1);
--- openssh-3.0.2p1/configure.ac.orig   Thu Dec 20 14:25:33 2001
+++ openssh-3.0.2p1/configure.ac        Thu Dec 20 14:28:58 2001
@@ -1721,6 +1721,18 @@
        ]
 )
 
+# Check whether to enable chroot support
+CHROOT_MSG="no" 
+AC_ARG_WITH(chroot,
+       [  --with-chroot           Enable use of chroot home directories],
+       [
+               if test "x$withval" != "xno" ; then
+                       AC_DEFINE(HAVE_CHROOT)
+                       MD5_MSG="yes"
+               fi
+       ]
+)
+
 # Whether to disable shadow password support
 AC_ARG_WITH(shadow,
        [  --without-shadow        Disable shadow password support],
@@ -2207,6 +2219,7 @@
 echo "                 S/KEY support: $SKEY_MSG"
 echo "          TCP Wrappers support: $TCPW_MSG"
 echo "          MD5 password support: $MD5_MSG"
+echo "                chroot support: $CHROOT_MSG"
 echo "   IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
 echo "      Use IPv4 by default hack: $IPV4_HACK_MSG"
 echo "       Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
--- openssh-3.0.2p1/config.h.in.orig    Thu Dec 20 14:43:20 2001
+++ openssh-3.0.2p1/config.h.in Thu Dec 20 14:44:08 2001
@@ -780,6 +780,9 @@
 /* Define if you have the `__b64_ntop' function. */
 #undef HAVE___B64_NTOP
 
+/* Define if you want the chroot capability */
+#undef HAVE_CHROOT
+
 /* The size of a `char', as computed by sizeof. */
 #undef SIZEOF_CHAR

Comment 1 Nico Kadel-Garcia 2001-12-24 02:35:43 AEDT

Created attachment 7 [details]
chroot patch for openssh-3.0.2p1

Comment 2 Ben Lindstrom 2001-12-24 13:41:19 AEDT

As soon as I get get my Linux box to talk to the CVS server again I plan on 
removing this patch from the main OpenSSH portable tree.  It will have to be 
maintained outside of the project.  Anyone who wishes to do so please send me 
your email address and where it will be hosted.  

- Ben

Comment 3 Damien Miller 2004-04-14 12:24:17 AEST

Mass change of RESOLVED bugs to CLOSED