d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add a cwd option which specifies where to chdir(2) after the chroot(2).

Browse Source 
When using the /home/./foo scheme, this defaults to the rhs (/foo);
otherwise it defaults to /.
This commit is contained in:
Dag-Erling Smørgrav 2003-04-08 16:52:18 +00:00
parent 4845d27e63
commit d4e15f10b1
2 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lib/libpam/modules/pam_chroot/pam_chroot.8
View File

@ -54,10 +54,13 @@ structure returned by
contains the string
.Dq /./ ,
the portion of the directory name to the left of that string is used
as the chroot directory.
Otherwise, the directory specified by the
as the chroot directory, and the portion to the right will be the
current working directory inside the chroot tree.
Otherwise, the directories specified by the
.Cm dir
option (see below) is used.
and
.Cm cwd
options (see below) are used.
.Bl -tag -width ".Cm also_root"
.It Cm also_root
Do not hold user id 0 exempt from the chroot requirement.
@ -66,6 +69,12 @@ Report a failure if a chroot directory could not be derived from the
user's home directory, and the
.Cm dir
option was not specified.
.It Cm cwd Ns = Ns Ar directory
Specify the directory to
.Xr chdir 2
into after a successful
.Xr chroot 2
call.
.It Cm dir Ns = Ns Ar directory
Specify the chroot directory to use if one could not be derived from
the user's home directory.

13
lib/libpam/modules/pam_chroot/pam_chroot.c
View File

@ -52,7 +52,7 @@ PAM_EXTERN int
pam_sm_open_session(pam_handle_t *pamh, int flags __unused,
int argc __unused, const char *argv[] __unused)
{
const char *dir, *end, *user;
const char *dir, *end, *cwd, *user;
struct passwd *pwd;
char buf[PATH_MAX];
@ -71,7 +71,11 @@ pam_sm_open_session(pam_handle_t *pamh, int flags __unused,
return (PAM_SESSION_ERR);
}
dir = buf;
} else if ((dir = openpam_get_option(pamh, "dir")) == NULL) {
cwd = end + 2;
} else if ((dir = openpam_get_option(pamh, "dir")) != NULL) {
if ((cwd = openpam_get_option(pamh, "cwd")) == NULL)
cwd = "/";
} else {
if (openpam_get_option(pamh, "always")) {
openpam_log(PAM_LOG_ERROR,
"%s has no chroot directory", user);
@ -86,7 +90,10 @@ pam_sm_open_session(pam_handle_t *pamh, int flags __unused,
openpam_log(PAM_LOG_ERROR, "chroot(): %m");
return (PAM_SESSION_ERR);
}
chdir("/");
if (chdir(cwd) == -1) {
openpam_log(PAM_LOG_ERROR, "chdir(): %m");
return (PAM_SESSION_ERR);
}
return (PAM_SUCCESS);
}