--- openssh-5.2p1/session.c	2009-01-28 05:29:49.000000000 +0000
+++ openssh-5.2p1-sshjail/session.c	2009-05-19 22:06:34.000000000 +0100
@@ -91,6 +91,10 @@
 #include "monitor_wrap.h"
 #include "sftp.h"
 
+#define SSHJAIL
+#define CONF "/etc/sshjail.conf"
+#define MAXLINE 512
+
 #if defined(KRB5) && defined(USE_AFS)
 #include <kafs.h>
 #endif
@@ -1459,6 +1463,13 @@
 {
 	char *chroot_path, *tmp;
 
+#ifdef SSHJAIL
+        FILE  *confile;
+        struct group *grp;
+        char *envchroot=NULL,*username, *mypt, *line;
+        u_short found = 0;
+#endif /* SSHJAIL */
+
 #ifdef WITH_SELINUX
 	/* Cache selinux status for later use */
 	(void)ssh_selinux_enabled();
@@ -1516,6 +1527,70 @@
 			do_pam_setcred(use_privsep);
 		}
 # endif /* USE_PAM */
+
+#ifdef SSHJAIL
+                line = (char *)xmalloc (MAXLINE);
+                if ((confile = fopen(CONF, "r"))!=NULL)
+                  {
+                    while (!feof(confile) && !found)
+                      if (fgets(line,MAXLINE,confile)!=NULL)
+                       {
+                        if (strstr(line,"chroot=") && line[0]!='#')
+                          {
+                            envchroot=xstrdup(line+7);
+                            envchroot[strlen(envchroot)-1]='\0';
+                          }
+
+                        else if (strstr(line,"users=") && line[0]!='#')
+                          {
+                            line += 6;
+                            username=strtok_r(line,",",&mypt);
+                            while(username)
+                              {
+                                if (username[strlen(username+1)]=='\n')
+                                     username[strlen(username+1)]='\0';
+                                if (username[0]=='@')
+                                 {
+                                    username += 1;
+                                    if((grp = getgrnam(username))!=NULL)
+                                      {
+
+                                       if (grp->gr_gid == pw->pw_gid)
+                                        {
+                                          found=1;
+                                          break;
+                                        }
+                                      }
+                                 }
+
+                                 else if (!strcmp(pw->pw_name,username))
+                                       {
+                                         found=1;
+                                         break;
+                                       }
+                                 username=strtok_r(NULL,",",&mypt);
+                              }
+                            line -=6;
+                          }
+                       }
+                     fclose(confile);
+                     xfree(line);
+                  }
+
+                if (found && envchroot!=NULL)
+                  {
+                    if(chroot(envchroot)!=0)
+                      fatal("Fail to chroot dir %s",envchroot);
+                    strcpy(pw->pw_dir,pw->pw_dir+(strlen(envchroot)));
+                    if (chdir(pw->pw_dir)!=0)
+                       {
+                        if (chdir("/")!=0)
+                                fatal( "Could not chdir to home directory %s: %s\n",envchroot, strerror(errno));
+                       }
+                    xfree(envchroot);
+                  }
+#endif /* SSHJAIL */
+
 # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
 		irix_setusercontext(pw);
 # endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
--- openssh-5.2p1/version.h	2009-02-23 00:09:26.000000000 +0000
+++ openssh-5.2p1-sshjail/version.h	2009-05-19 22:11:37.000000000 +0100
@@ -1,6 +1,6 @@
 /* $OpenBSD: version.h,v 1.55 2009/02/23 00:06:15 djm Exp $ */
 
-#define SSH_VERSION	"OpenSSH_5.2"
+#define SSH_VERSION	"OpenSSH_5.2-sshjail"
 
 #define SSH_PORTABLE	"p1"
 #define SSH_RELEASE	SSH_VERSION SSH_PORTABLE