diff options
| -rw-r--r-- | security/openssh-portable/Makefile | 7 | ||||
| -rw-r--r-- | security/openssh-portable/files/patch-session.c | 32 |
2 files changed, 4 insertions, 35 deletions
diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index 551e943734ab..dcef21ca3821 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -40,7 +40,7 @@ SUDO?= # empty MAKE_ENV+= SUDO="${SUDO}" OPTIONS_DEFINE= PAM TCP_WRAPPERS LIBEDIT BSM \ - KERB_GSSAPI OPENSSH_CHROOT HPN LPK X509 \ + KERB_GSSAPI HPN LPK X509 \ OVERWRITE_BASE SCTP OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS OPTIONS_RADIO= KERBEROS @@ -48,7 +48,6 @@ OPTIONS_RADIO_KERBEROS= MIT HEIMDAL HEIMDAL_BASE TCP_WRAPPERS_DESC= Enable tcp_wrappers support BSM_DESC= Enable OpenBSM Auditing KERB_GSSAPI_DESC= Enable Kerberos/GSSAPI patch (req: GSSAPI) -OPENSSH_CHROOT_DESC= Enable CHROOT support HPN_DESC= Enable HPN-SSH patch LPK_DESC= Enable LDAP Public Key (LPK) patch X509_DESC= Enable x509 certificate patch @@ -134,10 +133,6 @@ LDFLAGS= # empty CONFIGURE_ARGS+= --with-ssl-dir=${OPENSSLBASE} .endif -.if ${PORT_OPTIONS:MOPENSSH_CHROOT} -CFLAGS+= -DCHROOT -.endif - # http://www.psc.edu/index.php/hpn-ssh .if ${PORT_OPTIONS:MHPN} PATCHFILES+= ${PORTNAME}-5.8p1-hpn13v11.diff.gz diff --git a/security/openssh-portable/files/patch-session.c b/security/openssh-portable/files/patch-session.c index 226a94c19245..900572b78dff 100644 --- a/security/openssh-portable/files/patch-session.c +++ b/security/openssh-portable/files/patch-session.c @@ -105,33 +105,7 @@ PR: 35904 /* Set custom environment options from RSA authentication. */ if (!options.use_login) { -@@ -1470,14 +1499,35 @@ - void - do_setusercontext(struct passwd *pw) - { -+#ifdef CHROOT -+ char *user_dir, *new_root; -+#endif /* CHROOT */ - char *chroot_path, *tmp; - -+ #ifdef CHROOT -+ user_dir = xstrdup(pw->pw_dir); -+ new_root = user_dir + 1; -+ -+ while((new_root = strchr(new_root, '.')) != NULL) { -+ new_root--; -+ if(strncmp(new_root, "/./", 3) == 0) { -+ *new_root = '\0'; -+ new_root += 2; -+ if(chroot(user_dir) != 0) -+ fatal("Couldn't chroot to user directory %s. %s", user_dir, strerror(errno)); -+ pw->pw_dir = new_root; -+ break; -+ } -+ new_root += 2; -+ } -+ #endif /* CHROOT */ -+ +@@ -1473,9 +1502,9 @@ platform_setusercontext(pw); if (platform_privileged_uidswap()) { @@ -142,7 +116,7 @@ PR: 35904 perror("unable to set user context"); exit(1); } -@@ -1700,6 +1750,10 @@ +@@ -1700,6 +1729,10 @@ */ environ = env; @@ -153,7 +127,7 @@ PR: 35904 #if defined(KRB5) && defined(USE_AFS) /* * At this point, we check to see if AFS is active and if we have -@@ -1729,9 +1783,6 @@ +@@ -1729,9 +1762,6 @@ /* Change current directory to the user's home directory. */ if (chdir(pw->pw_dir) < 0) { /* Suppress missing homedir warning for chroot case */ |