Attachment #1337 for bug #1352




	options->permit_tun = -1;
	options->num_permitted_opens = -1;
	options->adm_forced_command = NULL;
	options->chroot_directory = NULL;
}

void

	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
	sUsePrivilegeSeparation,
	sDeprecated, sUnsupported
} ServerOpCodes;

 	{ "match", sMatch, SSHCFG_ALL },
	{ "permitopen", sPermitOpen, SSHCFG_ALL },
	{ "forcecommand", sForceCommand, SSHCFG_ALL },
	{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
	{ NULL, sBadOption, 0 }
};


			options->adm_forced_command = xstrdup(cp + len);
		return 0;

	case sChrootDirectory:
		charptr = &options->chroot_directory;
		goto parse_filename;

	case sDeprecated:
		logit("%s line %d: Deprecated option %s",
		    filename, linenum, arg);

	if (preauth)
		return;
	M_CP_STROPT(adm_forced_command);
	M_CP_STROPT(chroot_directory);
}

#undef M_CP_INTOPT

Lines 141-146 typedef struct { Link Here

(-)servconf.h (+2 lines)
141	int permit_tun;	141	int permit_tun;
142		142
143	int num_permitted_opens;	143	int num_permitted_opens;
		144
		145	char *chroot_directory;
144	} ServerOptions;	146	} ServerOptions;
145		147
146	void initialize_server_options(ServerOptions *);	148	void initialize_server_options(ServerOptions *);




#include "sshlogin.h"
#include "serverloop.h"
#include "canohost.h"
#include "misc.h"
#include "session.h"
#include "kex.h"
#include "monitor_wrap.h"

const char *original_command = NULL;

/* data */
#define MAX_SESSIONS 20
Session	sessions[MAX_SESSIONS];

#ifdef HAVE_LOGIN_CAP

		PRIVSEP(audit_run_command(shell));
	}
#endif

	if (s->ttyfd != -1)
		do_exec_pty(s, command);
	else

		}
# endif /* USE_PAM */
		if (setusercontext(lc, pw, pw->pw_uid,
		    (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {
			perror("unable to set user context");
			exit(1);
		}

			exit(1);
		}
		endgrent();
# ifdef GSSAPI
		if (options.gss_authentication) {
			temporarily_use_uid(pw);
			ssh_gssapi_storecreds();
			restore_uid();
		}
# endif
# ifdef USE_PAM
		/*
		 * PAM credentials may take the form of supplementary groups.

# endif /* USE_PAM */
# if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
		irix_setusercontext(pw);
# endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
# ifdef _AIX
		aix_usrinfo(pw);
# endif /* _AIX */
# ifdef USE_LIBIAF
		if (set_id(pw->pw_name) != 0) {
			exit(1);
		}
# endif /* USE_LIBIAF */
#endif

		if (options.chroot_directory != NULL) {
			char *chroot_path;

			chroot_path = percent_expand(options.chroot_directory,
			    "h", pw->pw_dir, "u", pw->pw_name, (char *)NULL);
			if (chdir(chroot_path) == -1)
				fatal("Unable to chdir to chroot path \"%s\": "
				    "%s", chroot_path, strerror(errno));
			if (chroot(chroot_path) == -1)
				fatal("chroot(\"%s\"): %s", chroot_path,
				    strerror(errno));
			verbose("Changed root to \"%s\"", chroot_path);
			free(chroot_path);
		}

#ifdef HAVE_LOGIN_CAP
		if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
			perror("unable to set user context (setuser)");
			exit(1);
		}
#else
		/* Permanently switch to the desired uid. */
		permanently_set_uid(pw);
#endif

Return to bug 1352

Lines 122-127 initialize_server_options(ServerOptions Link Here

(-)servconf.c (-1 / +8 lines)
122	options->permit_tun = -1;	122	options->permit_tun = -1;
123	options->num_permitted_opens = -1;	123	options->num_permitted_opens = -1;
124	options->adm_forced_command = NULL;	124	options->adm_forced_command = NULL;
		125	options->chroot_directory = NULL;
125	}	126	}
126		127
127	void	128	void
Lines 291-297 typedef enum { Link Here
291	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,	292	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
292	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,	293	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
293	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,	294	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
294	sMatch, sPermitOpen, sForceCommand,	295	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
295	sUsePrivilegeSeparation,	296	sUsePrivilegeSeparation,
296	sDeprecated, sUnsupported	297	sDeprecated, sUnsupported
297	} ServerOpCodes;	298	} ServerOpCodes;
Lines 403-408 static struct { Link Here
403	{ "match", sMatch, SSHCFG_ALL },	404	{ "match", sMatch, SSHCFG_ALL },
404	{ "permitopen", sPermitOpen, SSHCFG_ALL },	405	{ "permitopen", sPermitOpen, SSHCFG_ALL },
405	{ "forcecommand", sForceCommand, SSHCFG_ALL },	406	{ "forcecommand", sForceCommand, SSHCFG_ALL },
		407	{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
406	{ NULL, sBadOption, 0 }	408	{ NULL, sBadOption, 0 }
407	};	409	};
408		410
Lines 1253-1258 parse_flag: Link Here
1253	options->adm_forced_command = xstrdup(cp + len);	1255	options->adm_forced_command = xstrdup(cp + len);
1254	return 0;	1256	return 0;
1255		1257
		1258	case sChrootDirectory:
		1259	charptr = &options->chroot_directory;
		1260	goto parse_filename;
		1261
1256	case sDeprecated:	1262	case sDeprecated:
1257	logit("%s line %d: Deprecated option %s",	1263	logit("%s line %d: Deprecated option %s",
1258	filename, linenum, arg);	1264	filename, linenum, arg);
Lines 1360-1365 copy_set_server_options(ServerOptions *d Link Here
1360	if (preauth)	1366	if (preauth)
1361	return;	1367	return;
1362	M_CP_STROPT(adm_forced_command);	1368	M_CP_STROPT(adm_forced_command);
		1369	M_CP_STROPT(chroot_directory);
1363	}	1370	}
1364		1371
1365	#undef M_CP_INTOPT	1372	#undef M_CP_INTOPT

Lines 84-89 Link Here

(-)session.c (-8 / +31 lines)
84	#include "sshlogin.h"	84	#include "sshlogin.h"
85	#include "serverloop.h"	85	#include "serverloop.h"
86	#include "canohost.h"	86	#include "canohost.h"
		87	#include "misc.h"
87	#include "session.h"	88	#include "session.h"
88	#include "kex.h"	89	#include "kex.h"
89	#include "monitor_wrap.h"	90	#include "monitor_wrap.h"
Lines 129-135 extern Buffer loginmsg; Link Here
129	const char *original_command = NULL;	130	const char *original_command = NULL;
130		131
131	/* data */	132	/* data */
132	#define MAX_SESSIONS 10	133	#define MAX_SESSIONS 20
133	Session sessions[MAX_SESSIONS];	134	Session sessions[MAX_SESSIONS];
134		135
135	#ifdef HAVE_LOGIN_CAP	136	#ifdef HAVE_LOGIN_CAP
Lines 701-707 do_exec(Session s, const char command) Link Here
701	PRIVSEP(audit_run_command(shell));	702	PRIVSEP(audit_run_command(shell));
702	}	703	}
703	#endif	704	#endif
704
705	if (s->ttyfd != -1)	705	if (s->ttyfd != -1)
706	do_exec_pty(s, command);	706	do_exec_pty(s, command);
707	else	707	else
Lines 1314-1320 do_setusercontext(struct passwd *pw) Link Here
1314	}	1314	}
1315	# endif /* USE_PAM */	1315	# endif /* USE_PAM */
1316	if (setusercontext(lc, pw, pw->pw_uid,	1316	if (setusercontext(lc, pw, pw->pw_uid,
1317	(LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {	1317	(LOGIN_SETALL & ~(LOGIN_SETPATH\|LOGIN_SETUSER))) < 0) {
1318	perror("unable to set user context");	1318	perror("unable to set user context");
1319	exit(1);	1319	exit(1);
1320	}	1320	}
Lines 1337-1349 do_setusercontext(struct passwd *pw) Link Here
1337	exit(1);	1337	exit(1);
1338	}	1338	}
1339	endgrent();	1339	endgrent();
1340	#ifdef GSSAPI	1340	# ifdef GSSAPI
1341	if (options.gss_authentication) {	1341	if (options.gss_authentication) {
1342	temporarily_use_uid(pw);	1342	temporarily_use_uid(pw);
1343	ssh_gssapi_storecreds();	1343	ssh_gssapi_storecreds();
1344	restore_uid();	1344	restore_uid();
1345	}	1345	}
1346	#endif	1346	# endif
1347	# ifdef USE_PAM	1347	# ifdef USE_PAM
1348	/*	1348	/*
1349	* PAM credentials may take the form of supplementary groups.	1349	* PAM credentials may take the form of supplementary groups.
Lines 1357-1371 do_setusercontext(struct passwd *pw) Link Here
1357	# endif /* USE_PAM */	1357	# endif /* USE_PAM */
1358	# if defined(WITH_IRIX_PROJECT) \|\| defined(WITH_IRIX_JOBS) \|\| defined(WITH_IRIX_ARRAY)	1358	# if defined(WITH_IRIX_PROJECT) \|\| defined(WITH_IRIX_JOBS) \|\| defined(WITH_IRIX_ARRAY)
1359	irix_setusercontext(pw);	1359	irix_setusercontext(pw);
1360	# endif /* defined(WITH_IRIX_PROJECT) \|\| defined(WITH_IRIX_JOBS) \|\| defined(WITH_IRIX_ARRAY) */	1360	# endif /* defined(WITH_IRIX_PROJECT) \|\| defined(WITH_IRIX_JOBS) \|\| defined(WITH_IRIX_ARRAY) */
1361	# ifdef _AIX	1361	# ifdef _AIX
1362	aix_usrinfo(pw);	1362	aix_usrinfo(pw);
1363	# endif /* _AIX */	1363	# endif /* _AIX */
1364	#ifdef USE_LIBIAF	1364	# ifdef USE_LIBIAF
1365	if (set_id(pw->pw_name) != 0) {	1365	if (set_id(pw->pw_name) != 0) {
1366	exit(1);	1366	exit(1);
1367	}	1367	}
1368	#endif /* USE_LIBIAF */	1368	# endif /* USE_LIBIAF */
		1369	#endif
		1370
		1371	if (options.chroot_directory != NULL) {
		1372	char *chroot_path;
		1373
		1374	chroot_path = percent_expand(options.chroot_directory,
		1375	"h", pw->pw_dir, "u", pw->pw_name, (char *)NULL);
		1376	if (chdir(chroot_path) == -1)
		1377	fatal("Unable to chdir to chroot path \"%s\": "
		1378	"%s", chroot_path, strerror(errno));
		1379	if (chroot(chroot_path) == -1)
		1380	fatal("chroot(\"%s\"): %s", chroot_path,
		1381	strerror(errno));
		1382	verbose("Changed root to \"%s\"", chroot_path);
		1383	free(chroot_path);
		1384	}
		1385
		1386	#ifdef HAVE_LOGIN_CAP
		1387	if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
		1388	perror("unable to set user context (setuser)");
		1389	exit(1);
		1390	}
		1391	#else
1369	/* Permanently switch to the desired uid. */	1392	/* Permanently switch to the desired uid. */
1370	permanently_set_uid(pw);	1393	permanently_set_uid(pw);
1371	#endif	1394	#endif