diff options
author | des <des@FreeBSD.org> | 2003-04-08 16:52:18 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2003-04-08 16:52:18 +0000 |
commit | 633999b85234134aed6bd3444a1c44eb82f5e408 (patch) | |
tree | 7b34d2b4475828f28c2feefa6fbd3bb5a29689fd /lib/libpam/modules | |
parent | 03a987e08de2a63fac0a06c616f5a0af073fbcd2 (diff) | |
download | FreeBSD-src-633999b85234134aed6bd3444a1c44eb82f5e408.zip FreeBSD-src-633999b85234134aed6bd3444a1c44eb82f5e408.tar.gz |
Add a cwd option which specifies where to chdir(2) after the chroot(2).
When using the /home/./foo scheme, this defaults to the rhs (/foo);
otherwise it defaults to /.
Diffstat (limited to 'lib/libpam/modules')
-rw-r--r-- | lib/libpam/modules/pam_chroot/pam_chroot.8 | 15 | ||||
-rw-r--r-- | lib/libpam/modules/pam_chroot/pam_chroot.c | 13 |
2 files changed, 22 insertions, 6 deletions
diff --git a/lib/libpam/modules/pam_chroot/pam_chroot.8 b/lib/libpam/modules/pam_chroot/pam_chroot.8 index 6ba8622..f76dc4b 100644 --- a/lib/libpam/modules/pam_chroot/pam_chroot.8 +++ b/lib/libpam/modules/pam_chroot/pam_chroot.8 @@ -54,10 +54,13 @@ structure returned by contains the string .Dq /./ , the portion of the directory name to the left of that string is used -as the chroot directory. -Otherwise, the directory specified by the +as the chroot directory, and the portion to the right will be the +current working directory inside the chroot tree. +Otherwise, the directories specified by the .Cm dir -option (see below) is used. +and +.Cm cwd +options (see below) are used. .Bl -tag -width ".Cm also_root" .It Cm also_root Do not hold user id 0 exempt from the chroot requirement. @@ -66,6 +69,12 @@ Report a failure if a chroot directory could not be derived from the user's home directory, and the .Cm dir option was not specified. +.It Cm cwd Ns = Ns Ar directory +Specify the directory to +.Xr chdir 2 +into after a successful +.Xr chroot 2 +call. .It Cm dir Ns = Ns Ar directory Specify the chroot directory to use if one could not be derived from the user's home directory. diff --git a/lib/libpam/modules/pam_chroot/pam_chroot.c b/lib/libpam/modules/pam_chroot/pam_chroot.c index 07539b1..5a467b5 100644 --- a/lib/libpam/modules/pam_chroot/pam_chroot.c +++ b/lib/libpam/modules/pam_chroot/pam_chroot.c @@ -52,7 +52,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags __unused, int argc __unused, const char *argv[] __unused) { - const char *dir, *end, *user; + const char *dir, *end, *cwd, *user; struct passwd *pwd; char buf[PATH_MAX]; @@ -71,7 +71,11 @@ pam_sm_open_session(pam_handle_t *pamh, int flags __unused, return (PAM_SESSION_ERR); } dir = buf; - } else if ((dir = openpam_get_option(pamh, "dir")) == NULL) { + cwd = end + 2; + } else if ((dir = openpam_get_option(pamh, "dir")) != NULL) { + if ((cwd = openpam_get_option(pamh, "cwd")) == NULL) + cwd = "/"; + } else { if (openpam_get_option(pamh, "always")) { openpam_log(PAM_LOG_ERROR, "%s has no chroot directory", user); @@ -86,7 +90,10 @@ pam_sm_open_session(pam_handle_t *pamh, int flags __unused, openpam_log(PAM_LOG_ERROR, "chroot(): %m"); return (PAM_SESSION_ERR); } - chdir("/"); + if (chdir(cwd) == -1) { + openpam_log(PAM_LOG_ERROR, "chdir(): %m"); + return (PAM_SESSION_ERR); + } return (PAM_SUCCESS); } |