################################################################################
################################################################################
#                                                                              #
# Original patch by Ricardo Cerqueira <rmcc@clix.pt>                           #
#                                                                              #
# Updated by neeo <neeo@irc.pl> for openssh-3.8.1p1			       #
#                                                                              #
# A patch to cause sshd to chroot when it encounters the magic token           #
# '/./' in a users home directory. The directory portion before the            #
# token is the directory to chroot() to, the portion after the                 #
# token is the user's home directory relative to the new root.                 #
#                                                                              #
# Patch source using: patch -p0 < /path/to/patch                               #
#                                                                              #
# Systems with a bad diff (doesn't understand -u or -N) should use gnu diff.   #
# Solaris may store this as gdiff under /opt/sfw/bin. I can't say much about   #
# other systems (unless you email me your experiences!).                       #
#                                                                              #
################################################################################
################################################################################
diff -urN openssh-3.8.1p1/session.c openssh-3.8.1p1-chroot/session.c
--- openssh-3.8.1p1/session.c	2004-04-16 12:47:55.000000000 +0000
+++ openssh-3.8.1p1-chroot/session.c	2004-06-01 15:38:31.000000000 +0000
@@ -58,6 +58,8 @@
 #include "session.h"
 #include "monitor_wrap.h"

+#define CHROOT
+
 #if defined(KRB5) && defined(USE_AFS)
 #include <kafs.h>
 #endif
@@ -1235,6 +1237,10 @@
 void
 do_setusercontext(struct passwd *pw)
 {
+#ifdef CHROOT
+	char *user_dir;
+	char *new_root;
+#endif /* CHROOT */
 #ifndef HAVE_CYGWIN
 	if (getuid() == 0 || geteuid() == 0)
 #endif /* HAVE_CYGWIN */
@@ -1278,6 +1284,25 @@
 			exit(1);
 		}
 		endgrent();
+# ifdef CHROOT
+		user_dir = xstrdup(pw->pw_dir);
+		new_root = user_dir + 1;
+		
+		while ((new_root = strchr(new_root, '.')) != NULL) {
+			new_root--;
+			if (strncmp(new_root, "/./", 3) == 0) {
+				*new_root = '\0';
+				new_root += 2;
+				
+				if (chroot(user_dir) != 0)
+					fatal("Couldn't chroot to user directory %s", user_dir);
+				pw->pw_dir = new_root;
+				break;
+			}
+			new_root += 2;
+		}	
+# endif /* CHROOT */
+
 # ifdef USE_PAM
 		/*
 		 * PAM credentials may take the form of supplementary groups.