head 1.16; access; symbols OPENPKG_E1_MP_HEAD:1.9 OPENPKG_E1_MP:1.9 OPENPKG_E1_MP_2_STABLE:1.7.2.1 OPENPKG_E1_FP:1.7.2.1 OPENPKG_2_STABLE_MP:1.10 OPENPKG_2_STABLE_20061018:1.7.2.1 OPENPKG_2_STABLE_20060622:1.7 OPENPKG_2_STABLE:1.7.0.2 OPENPKG_2_STABLE_BP:1.7 OPENPKG_2_5_RELEASE:1.5 OPENPKG_2_5_SOLID:1.5.0.2 OPENPKG_2_5_SOLID_BP:1.5 OPENPKG_2_4_RELEASE:1.4 OPENPKG_2_4_SOLID:1.4.0.2 OPENPKG_2_4_SOLID_BP:1.4 OPENPKG_CW_FP:1.3 OPENPKG_2_3_RELEASE:1.2 OPENPKG_2_3_SOLID:1.2.0.2 OPENPKG_2_3_SOLID_BP:1.2 OPENPKG_2_2_RELEASE:1.1 OPENPKG_2_2_SOLID:1.1.0.4 OPENPKG_2_2_SOLID_BP:1.1 OPENPKG_2_1_RELEASE:1.1 OPENPKG_2_1_SOLID:1.1.0.2 OPENPKG_2_1_SOLID_BP:1.1; locks; strict; comment @# @; 1.16 date 2009.10.02.11.17.28; author rse; state Exp; branches; next 1.15; commitid Xk4IjVbjJ3Tu3X5u; 1.15 date 2009.02.25.11.30.07; author rse; state Exp; branches; next 1.14; commitid bjaokXKw9Z0haODt; 1.14 date 2008.07.22.06.40.11; author rse; state Exp; branches; next 1.13; commitid wzX0cmZIEkegzLbt; 1.13 date 2008.06.09.14.13.51; author rse; state Exp; branches; next 1.12; commitid OU6MDoqgeYcBsh6t; 1.12 date 2008.03.31.07.00.50; author rse; state Exp; branches; next 1.11; commitid AkgVggnP8MUxjfXs; 1.11 date 2007.09.05.06.48.40; author rse; state Exp; branches; next 1.10; commitid WXY9IaCSoN1TVvws; 1.10 date 2007.03.10.08.35.34; author rse; state Exp; branches; next 1.9; commitid jNQ0JCZue7Iihw9s; 1.9 date 2006.11.08.08.03.37; author rse; state Exp; branches; next 1.8; commitid rZGOJbUJEEXr1QTr; 1.8 date 2006.09.28.06.26.20; author rse; state Exp; branches; next 1.7; commitid ewMY8OERO6cONyOr; 1.7 date 2006.02.11.08.29.38; author rse; state Exp; branches 1.7.2.1; next 1.6; commitid jPhEN94SBe8uQ8lr; 1.6 date 2006.02.01.18.49.18; author rse; state Exp; branches; next 1.5; commitid xrZO6IobC2NZAUjr; 1.5 date 2005.09.01.18.21.39; author rse; state Exp; branches; next 1.4; 1.4 date 2005.05.29.08.10.06; author rse; state Exp; branches; next 1.3; 1.3 date 2005.03.12.06.54.54; author rse; state Exp; branches; next 1.2; 1.2 date 2005.02.12.21.39.50; author rse; state Exp; branches; next 1.1; 1.1 date 2004.03.12.11.39.56; author rse; state Exp; branches; next ; 1.7.2.1 date 2006.09.29.06.46.19; author rse; state Exp; branches; next 1.7.2.2; commitid VGQpsUXdDfQESGOr; 1.7.2.2 date 2006.11.08.08.58.50; author rse; state Exp; branches; next 1.7.2.3; commitid L8ZKn0WyVOQpkQTr; 1.7.2.3 date 2007.03.18.23.32.09; author thl; state Exp; branches; next ; commitid j886gsownDQWXCas; desc @@ 1.16 log @upgrading package: openssh 5.2p1 -> 5.3p1 @ text @Index: scp.c --- scp.c.orig 2008-11-03 09:23:45 +0100 +++ scp.c 2009-10-02 13:10:45 +0200 @@@@ -140,6 +140,11 @@@@ /* This is the program to execute for the secured connection. ("ssh" or -S) */ char *ssh_program = _PATH_SSH_PROGRAM; +/* The directory to perform a chroot(2) to before operation (intended for server-side only) */ +#ifdef USE_CHROOT +char *chrootdir = NULL; +#endif + /* This is used to store the pid of ssh_program */ pid_t do_cmd_pid = -1; @@@@ -323,7 +328,11 @@@@ addargs(&args, "-oClearAllForwardings yes"); fflag = tflag = 0; +#ifdef USE_CHROOT + while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246S:o:F:R:")) != -1) +#else while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246S:o:F:")) != -1) +#endif switch (ch) { /* User-visible flags. */ case '1': @@@@ -384,6 +393,11 @@@@ setmode(0, O_BINARY); #endif break; +#ifdef USE_CHROOT + case 'R': + chrootdir = xstrdup(optarg); + break; +#endif default: usage(); } @@@@ -399,6 +413,19 @@@@ remin = STDIN_FILENO; remout = STDOUT_FILENO; +#ifdef USE_CHROOT + if (chrootdir != NULL) { + if (geteuid() != 0) + fatal("chroot(2) not possible: euid %ld != 0", (long)geteuid()); + if (chroot(chrootdir) == -1) + fatal("couldn't chroot(2) to directory \"%s\": %s", chrootdir, strerror(errno)); + if (setuid(getuid()) == -1) + fatal("couldn't drop privileges with setuid(2): %s", strerror(errno)); + if (chdir("/") == -1) + fatal("couldn't change to root directory: %s", strerror(errno)); + } +#endif + if (fflag) { /* Follow "protocol", send data. */ (void) response(); Index: session.c --- session.c.orig 2009-08-20 08:20:50 +0200 +++ session.c 2009-10-02 13:10:45 +0200 @@@@ -1532,6 +1532,25 @@@@ free(tmp); free(chroot_path); } +# ifdef USE_CHROOT + { + char *user_dir; + char *new_root; + user_dir = xstrdup(pw->pw_dir); + new_root = user_dir + 1; + while ((new_root = strchr(new_root, '.')) != NULL) { + new_root--; + if (strncmp(new_root, "/./", 3) == 0) { + *new_root = '\0'; + new_root += 2; + safely_chroot(user_dir, pw->pw_uid); + pw->pw_dir = new_root; + break; + } + new_root += 2; + } + } +# endif /* USE_CHROOT */ #ifdef HAVE_SETPCRED if (setpcred(pw->pw_name, (char **)NULL) == -1) Index: sftp-server.c --- sftp-server.c.orig 2009-08-28 02:43:13 +0200 +++ sftp-server.c 2009-10-02 13:10:45 +0200 @@@@ -1387,6 +1387,38 @@@@ logit("session opened for local user %s from [%s]", pw->pw_name, client_addr); +#ifdef USE_CHROOT +{ + char *user_dir; + char *new_root; + user_dir = getenv("HOME"); + if (user_dir == NULL) + fatal("HOME variable not found in environment"); + new_root = user_dir + 1; + while ((new_root = strchr(new_root, '.')) != NULL) { + new_root--; + if (strncmp(new_root, "/./", 3) == 0) { + *new_root = '\0'; + new_root += 2; + if (geteuid() == 0) { + /* chroot to subdir and adjust HOME for remaining path */ + if (chroot(user_dir) == -1) + fatal("Couldn't chroot to user directory \"%s\": %s", user_dir, strerror(errno)); + if (setuid(getuid()) == -1) + fatal("Couldn't drop privileges: %s", strerror(errno)); + setenv("HOME", new_root, 1); + } + else { + /* ignore chroot request and adjust HOME for preceeding path */ + setenv("HOME", user_dir, 1); + } + break; + } + new_root += 2; + } +} +#endif /* USE_CHROOT */ + in = dup(STDIN_FILENO); out = dup(STDOUT_FILENO); @ 1.15 log @upgrading package: openssh 5.1p1 -> 5.2p1 @ text @d3 1 a3 1 +++ scp.c 2009-02-25 12:22:04 +0100 d61 3 a63 3 --- session.c.orig 2009-01-28 06:29:49 +0100 +++ session.c 2009-02-25 12:22:04 +0100 @@@@ -1539,6 +1539,25 @@@@ d87 2 a88 2 #ifdef HAVE_LOGIN_CAP if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) { d90 2 a91 2 --- sftp-server.c.orig 2008-07-04 06:10:19 +0200 +++ sftp-server.c 2009-02-25 12:22:04 +0100 @ 1.14 log @upgrading package: openssh 5.0p1 -> 5.1p1 @ text @d2 2 a3 2 --- scp.c.orig 2008-07-04 15:10:49 +0200 +++ scp.c 2008-07-22 08:33:00 +0200 d61 3 a63 3 --- session.c.orig 2008-06-16 15:29:18 +0200 +++ session.c 2008-07-22 08:33:00 +0200 @@@@ -1533,6 +1533,25 @@@@ d91 1 a91 1 +++ sftp-server.c 2008-07-22 08:33:00 +0200 @ 1.13 log @try to fix building under with_chroot=yes @ text @d2 2 a3 2 --- scp.c.orig 2008-03-14 01:59:50 +0100 +++ scp.c 2008-03-31 08:37:01 +0200 d61 3 a63 3 --- session.c.orig 2008-03-27 01:03:05 +0100 +++ session.c 2008-03-31 08:39:07 +0200 @@@@ -1426,6 +1426,25 @@@@ d90 3 a92 3 --- sftp-server.c.orig 2008-03-07 08:33:53 +0100 +++ sftp-server.c 2008-03-31 08:37:01 +0200 @@@@ -1302,6 +1302,38 @@@@ @ 1.12 log @upgrading package: openssh 4.7p1 -> 4.9p1 @ text @d78 1 a78 1 + safe_chroot(user_dir, pw->pw_uid); @ 1.11 log @upgrading package: openssh 4.6p1 -> 4.7p1 @ text @d2 3 a4 3 --- scp.c.orig 2007-08-08 06:29:58 +0200 +++ scp.c 2007-09-05 08:41:00 +0200 @@@@ -131,6 +131,11 @@@@ d16 1 a16 1 @@@@ -313,7 +318,11 @@@@ d28 1 a28 1 @@@@ -374,6 +383,11 @@@@ d40 1 a40 1 @@@@ -389,6 +403,19 @@@@ d61 5 a65 4 --- session.c.orig 2007-08-16 15:28:04 +0200 +++ session.c 2007-09-05 08:41:00 +0200 @@@@ -1337,6 +1337,26 @@@@ exit(1); a66 1 endgrent(); d78 1 a78 2 + if (chroot(user_dir) == -1) + fatal("Couldn't chroot to user directory \"%s\"", user_dir); d86 3 a88 3 #ifdef GSSAPI if (options.gss_authentication) { temporarily_use_uid(pw); d90 5 a94 5 --- sftp-server.c.orig 2007-05-20 07:09:05 +0200 +++ sftp-server.c 2007-09-05 08:41:00 +0200 @@@@ -1273,6 +1273,38 @@@@ handle_init(); @ 1.10 log @upgrading package: openssh 4.5p1 -> 4.6p1 @ text @d2 3 a4 3 --- scp.c.orig 2007-02-19 12:14:11 +0100 +++ scp.c 2007-03-10 09:31:17 +0100 @@@@ -128,6 +128,11 @@@@ d16 1 a16 1 @@@@ -310,7 +315,11 @@@@ d28 1 a28 1 @@@@ -371,6 +380,11 @@@@ d40 1 a40 1 @@@@ -386,6 +400,19 @@@@ d61 2 a62 2 --- session.c.orig 2007-02-19 12:10:25 +0100 +++ session.c 2007-03-10 09:31:17 +0100 d91 3 a93 3 --- sftp-server.c.orig 2007-01-05 06:31:03 +0100 +++ sftp-server.c 2007-03-10 09:31:17 +0100 @@@@ -1270,6 +1270,38 @@@@ @ 1.9 log @upgrading package: openssh 4.4p1 -> 4.5p1 @ text @d2 2 a3 2 --- scp.c.orig 2006-08-05 04:39:40 +0200 +++ scp.c 2006-11-08 09:01:03 +0100 d61 2 a62 2 --- session.c.orig 2006-10-23 19:01:56 +0200 +++ session.c 2006-11-08 09:01:03 +0100 d91 2 a92 2 --- sftp-server.c.orig 2006-08-05 04:39:40 +0200 +++ sftp-server.c 2006-11-08 09:01:03 +0100 @ 1.8 log @upgrading package: openssh 4.3p2 -> 4.4p1 @ text @d3 1 a3 1 +++ scp.c 2006-09-28 08:02:41 +0200 d61 2 a62 2 --- session.c.orig 2006-09-01 07:38:37 +0200 +++ session.c 2006-09-28 08:02:41 +0200 d92 1 a92 1 +++ sftp-server.c 2006-09-28 08:02:41 +0200 @ 1.7 log @upgrading package: openssh 4.3p1 -> 4.3p2 @ text @d2 3 a4 3 --- scp.c.orig 2006-01-31 12:11:38 +0100 +++ scp.c 2006-02-11 09:27:20 +0100 @@@@ -102,6 +102,11 @@@@ d16 1 a16 1 @@@@ -278,7 +283,11 @@@@ d28 1 a28 1 @@@@ -339,6 +348,11 @@@@ d40 1 a40 1 @@@@ -354,6 +368,19 @@@@ d61 3 a63 3 --- session.c.orig 2006-02-08 00:18:55 +0100 +++ session.c 2006-02-11 09:27:20 +0100 @@@@ -1301,6 +1301,26 @@@@ d91 5 a95 5 --- sftp-server.c.orig 2006-01-02 13:40:51 +0100 +++ sftp-server.c 2006-02-11 09:27:20 +0100 @@@@ -1049,6 +1049,38 @@@@ log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0); #endif @ 1.7.2.1 log @MFC: security fixed version @ text @d2 3 a4 3 --- scp.c.orig 2006-08-05 04:39:40 +0200 +++ scp.c 2006-09-28 08:02:41 +0200 @@@@ -128,6 +128,11 @@@@ d16 1 a16 1 @@@@ -310,7 +315,11 @@@@ d28 1 a28 1 @@@@ -371,6 +380,11 @@@@ d40 1 a40 1 @@@@ -386,6 +400,19 @@@@ d61 3 a63 3 --- session.c.orig 2006-09-01 07:38:37 +0200 +++ session.c 2006-09-28 08:02:41 +0200 @@@@ -1337,6 +1337,26 @@@@ d91 5 a95 5 --- sftp-server.c.orig 2006-08-05 04:39:40 +0200 +++ sftp-server.c 2006-09-28 08:02:41 +0200 @@@@ -1270,6 +1270,38 @@@@ handle_init(); @ 1.7.2.2 log @MFC: security fixed version plus HPN patch related packaging fixes @ text @d3 1 a3 1 +++ scp.c 2006-11-08 09:01:03 +0100 d61 2 a62 2 --- session.c.orig 2006-10-23 19:01:56 +0200 +++ session.c 2006-11-08 09:01:03 +0100 d92 1 a92 1 +++ sftp-server.c 2006-11-08 09:01:03 +0100 @ 1.7.2.3 log @MFC: make up leeway for 2_STABLE by virtue of build-time results @ text @d2 2 a3 2 --- scp.c.orig 2007-02-19 12:14:11 +0100 +++ scp.c 2007-03-10 09:31:17 +0100 d61 2 a62 2 --- session.c.orig 2007-02-19 12:10:25 +0100 +++ session.c 2007-03-10 09:31:17 +0100 d91 2 a92 2 --- sftp-server.c.orig 2007-01-05 06:31:03 +0100 +++ sftp-server.c 2007-03-10 09:31:17 +0100 @ 1.6 log @upgrading package: openssh 4.2p1 -> 4.3p1 @ text @d3 1 a3 1 +++ scp.c 2006-02-01 19:42:17 +0100 d61 2 a62 2 --- session.c.orig 2005-12-24 04:59:12 +0100 +++ session.c 2006-02-01 19:42:17 +0100 d92 1 a92 1 +++ sftp-server.c 2006-02-01 19:42:17 +0100 @ 1.5 log @upgrading package: openssh 4.1p1 -> 4.2p1 @ text @d2 2 a3 2 --- scp.c.orig 2005-08-02 09:07:08 +0200 +++ scp.c 2005-09-01 20:05:53 +0200 d16 1 a16 1 @@@@ -231,7 +236,11 @@@@ d28 1 a28 1 @@@@ -292,6 +301,11 @@@@ d40 1 a40 1 @@@@ -307,6 +321,19 @@@@ d61 3 a63 3 --- session.c.orig 2005-08-31 18:59:49 +0200 +++ session.c 2005-09-01 20:05:53 +0200 @@@@ -1310,6 +1310,26 @@@@ d91 3 a93 3 --- sftp-server.c.orig 2005-06-17 04:59:35 +0200 +++ sftp-server.c 2005-09-01 20:05:53 +0200 @@@@ -1045,6 +1045,38 @@@@ @ 1.4 log @upgrading package: openssh 4.0p1 -> 4.1p1 @ text @d2 2 a3 2 --- scp.c.orig 2005-04-03 02:16:40 +0200 +++ scp.c 2005-05-29 10:04:09 +0200 d16 1 a16 1 @@@@ -229,7 +234,11 @@@@ d28 1 a28 1 @@@@ -290,6 +299,11 @@@@ d40 1 a40 1 @@@@ -305,6 +319,19 @@@@ d61 3 a63 3 --- session.c.orig 2005-04-21 11:50:55 +0200 +++ session.c 2005-05-29 10:04:09 +0200 @@@@ -1308,6 +1308,26 @@@@ d91 2 a92 2 --- sftp-server.c.orig 2004-07-17 06:07:42 +0200 +++ sftp-server.c 2005-05-29 10:04:09 +0200 @ 1.3 log @port all patches to the new OpenSSH 4.0 source code world order @ text @d2 2 a3 2 --- scp.c.orig 2005-01-24 11:57:40 +0100 +++ scp.c 2005-03-12 07:46:54 +0100 d61 2 a62 2 --- session.c.orig 2005-03-06 12:38:52 +0100 +++ session.c 2005-03-12 07:47:33 +0100 d92 1 a92 1 +++ sftp-server.c 2005-03-12 07:46:54 +0100 @ 1.2 log @add server-side chroot(2) support also to scp(1) command @ text @d1 59 d61 3 a63 3 --- session.c.orig 2004-02-23 14:01:27.000000000 +0100 +++ session.c 2004-02-24 20:25:23.000000000 +0100 @@@@ -1270,6 +1270,26 @@@@ d87 3 a89 3 # ifdef USE_PAM /* * PAM credentials may take the form of supplementary groups. d91 3 a93 3 --- sftp-server.c.orig 2004-02-23 23:19:15.000000000 +0100 +++ sftp-server.c 2004-02-24 20:25:23.000000000 +0100 @@@@ -1029,6 +1029,38 @@@@ a131 59 Index: scp.c --- scp.c.orig 2004-08-13 13:19:38 +0200 +++ scp.c 2005-02-12 22:14:23 +0100 @@@@ -102,6 +102,11 @@@@ /* This is the program to execute for the secured connection. ("ssh" or -S) */ char *ssh_program = _PATH_SSH_PROGRAM; +/* The directory to perform a chroot(2) to before operation (intended for server-side only) */ +#ifdef USE_CHROOT +char *chrootdir = NULL; +#endif + /* This is used to store the pid of ssh_program */ pid_t do_cmd_pid = -1; @@@@ -227,7 +232,11 @@@@ addargs(&args, "-oClearAllForwardings yes"); fflag = tflag = 0; +#ifdef USE_CHROOT + while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246S:o:F:R:")) != -1) +#else while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246S:o:F:")) != -1) +#endif switch (ch) { /* User-visible flags. */ case '1': @@@@ -288,6 +297,11 @@@@ setmode(0, O_BINARY); #endif break; +#ifdef USE_CHROOT + case 'R': + chrootdir = xstrdup(optarg); + break; +#endif default: usage(); } @@@@ -303,6 +317,19 @@@@ remin = STDIN_FILENO; remout = STDOUT_FILENO; +#ifdef USE_CHROOT + if (chrootdir != NULL) { + if (geteuid() != 0) + fatal("chroot(2) not possible: euid %ld != 0", (long)geteuid()); + if (chroot(chrootdir) == -1) + fatal("couldn't chroot(2) to directory \"%s\": %s", chrootdir, strerror(errno)); + if (setuid(getuid()) == -1) + fatal("couldn't drop privileges with setuid(2): %s", strerror(errno)); + if (chdir("/") == -1) + fatal("couldn't change to root directory: %s", strerror(errno)); + } +#endif + if (fflag) { /* Follow "protocol", send data. */ (void) response(); @ 1.1 log @add Alias feature and cleanup ChRoot feature packaging @ text @d73 59 @