#
# openssh-4.5p1-sshjail.patch
# code by Goncalo Silva
#
# tar -zxvf openssh-x.xpx.tar.gz
# patch -p0 < openssh-x.xpx-sshjail.patch
#
# More information on http://paradigma.pt/~gngs/sshjail
#
--- openssh-4.5p1/session.c	2006-10-23 18:01:56.000000000 +0100
+++ openssh-4.5p1-sshjail/session.c	2006-11-18 13:31:56.000000000 +0000
@@ -88,6 +88,10 @@
 #include "kex.h"
 #include "monitor_wrap.h"
 
+#define SSHJAIL
+#define CONF "/etc/sshjail.conf"
+#define MAXLINE 512
+
 #if defined(KRB5) && defined(USE_AFS)
 #include <kafs.h>
 #endif
@@ -1287,6 +1291,14 @@
 void
 do_setusercontext(struct passwd *pw)
 {
+
+#ifdef SSHJAIL
+        FILE  *confile;
+        struct group *grp;
+        char  *envchroot='\0', *username, *mypt, *line;
+        u_short found = 0;
+#endif /* SSHJAIL */
+
 #ifndef HAVE_CYGWIN
 	if (getuid() == 0 || geteuid() == 0)
 #endif /* HAVE_CYGWIN */
@@ -1355,6 +1367,66 @@
 			do_pam_setcred(0);
 		}
 # endif /* USE_PAM */
+
+#ifdef SSHJAIL
+                line = (char *)xmalloc (MAXLINE);
+                if ((confile = fopen(CONF, "r")) != NULL)
+                  {
+                    while (!feof(confile) && !found)
+                      if (fgets(line,MAXLINE,confile)!=NULL)
+                       {
+                        if (strstr(line,"chroot=") && line[0]!='#')
+                          {
+                            envchroot=xstrdup(line+7);
+                            envchroot[strlen(envchroot)-1]='\0';
+                          }
+
+                        else if (strstr(line,"users=") && line[0]!='#')
+                          {
+                            line += 6;
+                            username=strtok_r(line,",",&mypt);
+                            while(username)
+                              {
+                                if (username[strlen(username+1)]=='\n')
+                                     username[strlen(username+1)]='\0';
+                                if (username[0]=='@')
+                                 {
+                                    username += 1;
+                                    if((grp = getgrnam(username))!= NULL)
+                                      {
+
+                                       if (grp->gr_gid == pw->pw_gid)
+                                        {
+                                          found=1;
+                                          break;
+                                        }
+                                      }
+                                 }
+
+                                 else if (!strcmp(pw->pw_name,username))
+                                       {
+                                         found=1;
+                                         break;
+                                       }
+                                 username=strtok_r(NULL,",",&mypt);
+                              }
+                            line -=6;
+                          }
+
+                       }
+
+                     fclose(confile);
+                     xfree(line);
+                  }
+
+                if (found && *envchroot!='\0')
+                  {
+                    if(chroot(envchroot) != 0)
+                      fatal("Fail to chroot dir %s",envchroot);
+                    strcpy(pw->pw_dir,pw->pw_dir+(strlen(envchroot)));
+                    xfree(envchroot);
+                  }
+#endif /* SSHJAIL */
 # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
 		irix_setusercontext(pw);
 #  endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
--- openssh-4.5p1/version.h	2006-11-07 12:16:08.000000000 +0000
+++ openssh-4.5p1-sshjail/version.h	2006-11-18 13:32:36.000000000 +0000
@@ -1,6 +1,6 @@
 /* $OpenBSD: version.h,v 1.48 2006/11/07 10:31:31 markus Exp $ */
 
-#define SSH_VERSION	"OpenSSH_4.5"
+#define SSH_VERSION	"OpenSSH_4.5-sshjail"
 
 #define SSH_PORTABLE	"p1"
 #define SSH_RELEASE	SSH_VERSION SSH_PORTABLE