repair broken ls in chroot %%h
This commit is contained in:
parent
145212be4d
commit
5503a047df
@ -1,6 +1,16 @@
|
||||
--- openssh-5.2p1/session.c 2009-03-20 18:08:11.263662384 +0100
|
||||
+++ openssh-5.2p1/session.c 2009-03-20 18:26:29.925498409 +0100
|
||||
@@ -1408,6 +1408,7 @@
|
||||
diff -up openssh-5.2p1/session.c.homechroot openssh-5.2p1/session.c
|
||||
--- openssh-5.2p1/session.c.homechroot 2009-06-23 11:33:36.052163641 +0200
|
||||
+++ openssh-5.2p1/session.c 2009-06-23 11:33:36.372159228 +0200
|
||||
@@ -1398,6 +1398,8 @@ do_nologin(struct passwd *pw)
|
||||
}
|
||||
}
|
||||
|
||||
+int chroot_no_tree = 0;
|
||||
+
|
||||
/*
|
||||
* Chroot into a directory after checking it for safety: all path components
|
||||
* must be root-owned directories with strict permissions.
|
||||
@@ -1408,6 +1410,7 @@ safely_chroot(const char *path, uid_t ui
|
||||
const char *cp;
|
||||
char component[MAXPATHLEN];
|
||||
struct stat st;
|
||||
@ -8,7 +18,7 @@
|
||||
|
||||
if (*path != '/')
|
||||
fatal("chroot path does not begin at root");
|
||||
@@ -1419,7 +1420,7 @@
|
||||
@@ -1419,7 +1422,7 @@ safely_chroot(const char *path, uid_t ui
|
||||
* root-owned directory with strict permissions.
|
||||
*/
|
||||
for (cp = path; cp != NULL;) {
|
||||
@ -17,7 +27,7 @@
|
||||
strlcpy(component, path, sizeof(component));
|
||||
else {
|
||||
cp++;
|
||||
@@ -1432,7 +1433,7 @@
|
||||
@@ -1432,13 +1435,15 @@ safely_chroot(const char *path, uid_t ui
|
||||
if (stat(component, &st) != 0)
|
||||
fatal("%s: stat(\"%s\"): %s", __func__,
|
||||
component, strerror(errno));
|
||||
@ -26,3 +36,43 @@
|
||||
fatal("bad ownership or modes for chroot "
|
||||
"directory %s\"%s\"",
|
||||
cp == NULL ? "" : "component ", component);
|
||||
if (!S_ISDIR(st.st_mode))
|
||||
fatal("chroot path %s\"%s\" is not a directory",
|
||||
cp == NULL ? "" : "component ", component);
|
||||
+ if (st.st_uid != uid)
|
||||
+ ++chroot_no_tree;
|
||||
|
||||
}
|
||||
|
||||
diff -up openssh-5.2p1/sftp-server.c.homechroot openssh-5.2p1/sftp-server.c
|
||||
--- openssh-5.2p1/sftp-server.c.homechroot 2008-07-04 06:10:19.000000000 +0200
|
||||
+++ openssh-5.2p1/sftp-server.c 2009-06-23 11:33:36.374154561 +0200
|
||||
@@ -887,6 +887,7 @@ process_opendir(void)
|
||||
static void
|
||||
process_readdir(void)
|
||||
{
|
||||
+ extern int chroot_no_tree;
|
||||
DIR *dirp;
|
||||
struct dirent *dp;
|
||||
char *path;
|
||||
@@ -920,7 +921,7 @@ process_readdir(void)
|
||||
continue;
|
||||
stat_to_attrib(&st, &(stats[count].attrib));
|
||||
stats[count].name = xstrdup(dp->d_name);
|
||||
- stats[count].long_name = ls_file(dp->d_name, &st, 0);
|
||||
+ stats[count].long_name = ls_file(dp->d_name, &st, chroot_no_tree);
|
||||
count++;
|
||||
/* send up to 100 entries in one message */
|
||||
/* XXX check packet size instead */
|
||||
diff -up openssh-5.2p1/sftp-server-main.c.homechroot openssh-5.2p1/sftp-server-main.c
|
||||
--- openssh-5.2p1/sftp-server-main.c.homechroot 2009-02-21 22:47:02.000000000 +0100
|
||||
+++ openssh-5.2p1/sftp-server-main.c 2009-06-23 11:33:36.378159051 +0200
|
||||
@@ -27,6 +27,8 @@
|
||||
#include "sftp.h"
|
||||
#include "misc.h"
|
||||
|
||||
+int chroot_no_tree = 0;
|
||||
+
|
||||
void
|
||||
cleanup_exit(int i)
|
||||
{
|
||||
|
@ -63,7 +63,7 @@
|
||||
Summary: An open source implementation of SSH protocol versions 1 and 2
|
||||
Name: openssh
|
||||
Version: 5.2p1
|
||||
Release: 3%{?dist}%{?rescue_rel}
|
||||
Release: 4%{?dist}%{?rescue_rel}
|
||||
URL: http://www.openssh.com/portable.html
|
||||
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
||||
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
|
||||
@ -474,6 +474,9 @@ fi
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Jun 23 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-4
|
||||
- repair broken ls in chroot %%h
|
||||
|
||||
* Fri Apr 3 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-3
|
||||
- fix logging after chroot
|
||||
- enable non root users to use chroot %%h in internal-sftp
|
||||
|
Loading…
Reference in New Issue
Block a user