summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2008-02-10 10:54:30 +0000
committerDamien Miller <djm@cvs.openbsd.org>2008-02-10 10:54:30 +0000
commitd364b7cd22c393722dfd4749339b88d20b47c823 (patch)
tree3261d4e031baa14ddde5616c27d391da7c9f1ef6
parent03bbf97fef7fd2dc33cff76d13c46df4b67f86de (diff)
delay ~ expansion for ChrootDirectory so it expands to the logged-in user's
home, rather than the user who starts sshd (probably root)
-rw-r--r--usr.bin/ssh/servconf.c11
-rw-r--r--usr.bin/ssh/session.c13
2 files changed, 17 insertions, 7 deletions
diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c
index 9282d43ebd9..899aa30c603 100644
--- a/usr.bin/ssh/servconf.c
+++ b/usr.bin/ssh/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.176 2008/02/08 23:24:08 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.177 2008/02/10 10:54:28 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -1217,7 +1217,14 @@ parse_flag:
case sChrootDirectory:
charptr = &options->chroot_directory;
- goto parse_filename;
+
+ arg = strdelim(&cp);
+ if (!arg || *arg == '\0')
+ fatal("%s line %d: missing file name.",
+ filename, linenum);
+ if (*activep && *charptr == NULL)
+ *charptr = xstrdup(arg);
+ break;
case sDeprecated:
logit("%s line %d: Deprecated option %s",
diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c
index 6c4451c179f..4064e9d0163 100644
--- a/usr.bin/ssh/session.c
+++ b/usr.bin/ssh/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.226 2008/02/08 23:24:07 djm Exp $ */
+/* $OpenBSD: session.c,v 1.227 2008/02/10 10:54:29 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -1016,6 +1016,8 @@ safely_chroot(const char *path, uid_t uid)
void
do_setusercontext(struct passwd *pw)
{
+ char *chroot_path, *tmp;
+
if (getuid() == 0 || geteuid() == 0) {
/* Prepare groups */
if (setusercontext(lc, pw, pw->pw_uid,
@@ -1026,11 +1028,12 @@ do_setusercontext(struct passwd *pw)
if (options.chroot_directory != NULL &&
strcasecmp(options.chroot_directory, "none") != 0) {
- char *chroot_path;
-
- chroot_path = percent_expand(options.chroot_directory,
- "h", pw->pw_dir, "u", pw->pw_name, (char *)NULL);
+ tmp = tilde_expand_filename(options.chroot_directory,
+ pw->pw_uid);
+ chroot_path = percent_expand(tmp, "h", pw->pw_dir,
+ "u", pw->pw_name, (char *)NULL);
safely_chroot(chroot_path, pw->pw_uid);
+ free(tmp);
free(chroot_path);
}