Updated chroot patch

[Phil Pennock]

This is the patch part of contrib/chroot.diff updated to be appliable
against openssh-2.9p2.  Tested on FreeBSD (various 3.x and 4.x) without
PAM or UseLogin.

Also, as part of deployment (replacing emergency-withdrawal of Telnet
access) I've chosen to get sftp on the relevant boxes.  The deployment
had a scriptlet doing the config/make/etc and after the "make install"
would change Makefile to tack " -static" onto LDFLAGS and set
EXEEXT=.static -- this binary, installed stripped inside the chroot'd
environment, appears to work gorgeously.  :^)

Thanks for the hard work on OpenSSH.

-----------------------------< cut here >-------------------------------
--- session.c.orig	Sun Jun 17 05:40:51 2001
+++ session.c	Fri Jul 20 01:40:33 2001
@@ -93,6 +93,9 @@
 # include <uinfo.h>
 #endif
 
+/* support /./ in homedir */
+#define DOT_CHROOT
+
 /* types */
 
 #define TTYSZ 64
@@ -1037,6 +1040,10 @@
 	extern char **environ;
 	struct stat st;
 	char *argv[10];
+#ifdef DOT_CHROOT
+	char *user_dir;
+	char *new_root;
+#endif
 	int do_xauth = s->auth_proto != NULL && s->auth_data != NULL;
 #ifdef WITH_IRIX_PROJECT
 	prid_t projid;
@@ -1093,6 +1100,25 @@
 # ifdef HAVE_GETUSERATTR
 			set_limits_from_userattr(pw->pw_name);
 # endif /* HAVE_GETUSERATTR */
+# ifdef DOT_CHROOT
+			user_dir = xstrdup(pw->pw_dir);
+			new_root = user_dir + 1;
+
+			while((new_root = strchr(new_root, '.')) != NULL) {
+				new_root--;
+				if(strncmp(new_root, "/./", 3) == 0) {
+					*new_root = '\0';
+					new_root += 2;
+
+					if(chroot(user_dir) != 0)
+						fatal("Couldn't chroot to user directory %s", user_dir);
+
+					pw->pw_dir = new_root;
+					break;
+				}
+				new_root += 2;
+			}
+# endif /* DOT_CHROOT */
 # ifdef HAVE_LOGIN_CAP
 			if (setusercontext(lc, pw, pw->pw_uid,
 			    (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
-----------------------------< cut here >-------------------------------
-- 
Civilisation: where they cut down the trees and name streets after them.