diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2008-02-10 10:54:30 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2008-02-10 10:54:30 +0000 |
commit | d364b7cd22c393722dfd4749339b88d20b47c823 (patch) | |
tree | 3261d4e031baa14ddde5616c27d391da7c9f1ef6 | |
parent | 03bbf97fef7fd2dc33cff76d13c46df4b67f86de (diff) |
delay ~ expansion for ChrootDirectory so it expands to the logged-in user's
home, rather than the user who starts sshd (probably root)
-rw-r--r-- | usr.bin/ssh/servconf.c | 11 | ||||
-rw-r--r-- | usr.bin/ssh/session.c | 13 |
2 files changed, 17 insertions, 7 deletions
diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index 9282d43ebd9..899aa30c603 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.176 2008/02/08 23:24:08 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.177 2008/02/10 10:54:28 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -1217,7 +1217,14 @@ parse_flag: case sChrootDirectory: charptr = &options->chroot_directory; - goto parse_filename; + + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: missing file name.", + filename, linenum); + if (*activep && *charptr == NULL) + *charptr = xstrdup(arg); + break; case sDeprecated: logit("%s line %d: Deprecated option %s", diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c index 6c4451c179f..4064e9d0163 100644 --- a/usr.bin/ssh/session.c +++ b/usr.bin/ssh/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.226 2008/02/08 23:24:07 djm Exp $ */ +/* $OpenBSD: session.c,v 1.227 2008/02/10 10:54:29 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -1016,6 +1016,8 @@ safely_chroot(const char *path, uid_t uid) void do_setusercontext(struct passwd *pw) { + char *chroot_path, *tmp; + if (getuid() == 0 || geteuid() == 0) { /* Prepare groups */ if (setusercontext(lc, pw, pw->pw_uid, @@ -1026,11 +1028,12 @@ do_setusercontext(struct passwd *pw) if (options.chroot_directory != NULL && strcasecmp(options.chroot_directory, "none") != 0) { - char *chroot_path; - - chroot_path = percent_expand(options.chroot_directory, - "h", pw->pw_dir, "u", pw->pw_name, (char *)NULL); + tmp = tilde_expand_filename(options.chroot_directory, + pw->pw_uid); + chroot_path = percent_expand(tmp, "h", pw->pw_dir, + "u", pw->pw_name, (char *)NULL); safely_chroot(chroot_path, pw->pw_uid); + free(tmp); free(chroot_path); } |