svn commit: r318386 - in head/security/openssh-portable: . files

Fri May 17 13:56:29 UTC 2013

Author: bdrewery
Date: Fri May 17 13:56:29 2013
New Revision: 318386
URL: http://svnweb.freebsd.org/changeset/ports/318386

Log:
  - Remove CHROOT option and patch. ChrootDirectory was added in 5.0
    to achieve the same thing.

Modified:
  head/security/openssh-portable/Makefile
  head/security/openssh-portable/files/patch-session.c

Modified: head/security/openssh-portable/Makefile
==============================================================================

--- head/security/openssh-portable/Makefile	Fri May 17 13:55:37 2013	(r318385)
+++ head/security/openssh-portable/Makefile	Fri May 17 13:56:29 2013	(r318386)
@@ -40,7 +40,7 @@ SUDO?=		# empty
 MAKE_ENV+=	SUDO="${SUDO}"
 
 OPTIONS_DEFINE=		PAM TCP_WRAPPERS LIBEDIT BSM \
-			KERB_GSSAPI OPENSSH_CHROOT HPN LPK X509 \
+			KERB_GSSAPI HPN LPK X509 \
 			OVERWRITE_BASE SCTP
 OPTIONS_DEFAULT=	LIBEDIT PAM TCP_WRAPPERS
 OPTIONS_RADIO=		KERBEROS
@@ -48,7 +48,6 @@ OPTIONS_RADIO_KERBEROS=	MIT HEIMDAL HEIM
 TCP_WRAPPERS_DESC=	Enable tcp_wrappers support
 BSM_DESC=		Enable OpenBSM Auditing
 KERB_GSSAPI_DESC=	Enable Kerberos/GSSAPI patch (req: GSSAPI)
-OPENSSH_CHROOT_DESC=	Enable CHROOT support
 HPN_DESC=		Enable HPN-SSH patch
 LPK_DESC=		Enable LDAP Public Key (LPK) patch
 X509_DESC=		Enable x509 certificate patch
@@ -134,10 +133,6 @@ LDFLAGS=		# empty
 CONFIGURE_ARGS+=	--with-ssl-dir=${OPENSSLBASE}
 .endif
 
-.if ${PORT_OPTIONS:MOPENSSH_CHROOT}
-CFLAGS+=		-DCHROOT
-.endif
-
 # http://www.psc.edu/index.php/hpn-ssh
 .if ${PORT_OPTIONS:MHPN}
 PATCHFILES+=		${PORTNAME}-5.8p1-hpn13v11.diff.gz

Modified: head/security/openssh-portable/files/patch-session.c
==============================================================================
--- head/security/openssh-portable/files/patch-session.c	Fri May 17 13:55:37 2013	(r318385)
+++ head/security/openssh-portable/files/patch-session.c	Fri May 17 13:56:29 2013	(r318386)
@@ -105,33 +105,7 @@ PR:             35904
  
  	/* Set custom environment options from RSA authentication. */
  	if (!options.use_login) {
-@@ -1470,14 +1499,35 @@
- void
- do_setusercontext(struct passwd *pw)
- {
-+#ifdef CHROOT
-+	char *user_dir, *new_root;
-+#endif /* CHROOT */
- 	char *chroot_path, *tmp;
- 
-+ #ifdef CHROOT
-+	user_dir = xstrdup(pw->pw_dir);
-+	new_root = user_dir + 1;
-+ 
-+	while((new_root = strchr(new_root, '.')) != NULL) {
-+		new_root--;
-+		if(strncmp(new_root, "/./", 3) == 0) {
-+			*new_root = '\0';
-+			new_root += 2;
-+			if(chroot(user_dir) != 0)
-+				fatal("Couldn't chroot to user directory %s. %s", user_dir, strerror(errno));
-+			pw->pw_dir = new_root;
-+ 			break;
-+ 		}
-+ 		new_root += 2;
-+	}
-+ #endif /* CHROOT */
-+
+@@ -1473,9 +1502,9 @@
  	platform_setusercontext(pw);
  
  	if (platform_privileged_uidswap()) {
@@ -142,7 +116,7 @@ PR:             35904
  			perror("unable to set user context");
  			exit(1);
  		}
-@@ -1700,6 +1750,10 @@
+@@ -1700,6 +1729,10 @@
  	 */
  	environ = env;
  
@@ -153,7 +127,7 @@ PR:             35904
  #if defined(KRB5) && defined(USE_AFS)
  	/*
  	 * At this point, we check to see if AFS is active and if we have
-@@ -1729,9 +1783,6 @@
+@@ -1729,9 +1762,6 @@
  	/* Change current directory to the user's home directory. */
  	if (chdir(pw->pw_dir) < 0) {
  		/* Suppress missing homedir warning for chroot case */
