I am uploading a NMU to DELAYED/10 in order to fix this.
The debdiff is attached.
diff -Nru libpam-chroot-0.9/chroot.conf libpam-chroot-0.9/chroot.conf
--- libpam-chroot-0.9/chroot.conf       2023-09-29 12:52:00.000000000 +0200
+++ libpam-chroot-0.9/chroot.conf       2004-05-05 02:07:47.000000000 +0200
@@ -1,13 +1,6 @@
 # /etc/security/chroot.conf
-# This file determines where will pam_chroot restrict the
-# users for applications that use this module.
-# Users not listed in this configuration file will not
-# be chrooted.
-# The format of this configuration file is:
-#
+# format:
 # username     chroot_dir
-#
-# For example:
 #foo   /home/foo
 
 # Or, if you've specified use_regex,
diff -Nru libpam-chroot-0.9/debian/changelog libpam-chroot-0.9/debian/changelog
--- libpam-chroot-0.9/debian/changelog  2023-09-29 12:52:00.000000000 +0200
+++ libpam-chroot-0.9/debian/changelog  2023-09-29 12:44:34.000000000 +0200
@@ -1,3 +1,11 @@
+libpam-chroot (0.9-5.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Convert to source format 3.0. (Closes: #1043203)
+    + Move example to debian directory.
+
+ -- Bastian Germann <[email protected]>  Fri, 29 Sep 2023 12:44:34 +0200
+
 libpam-chroot (0.9-5.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru libpam-chroot-0.9/debian/example/chroot.conf 
libpam-chroot-0.9/debian/example/chroot.conf
--- libpam-chroot-0.9/debian/example/chroot.conf        1970-01-01 
01:00:00.000000000 +0100
+++ libpam-chroot-0.9/debian/example/chroot.conf        2023-09-29 
12:44:34.000000000 +0200
@@ -0,0 +1,3 @@
+# /etc/security/chroot.conf
+test   /chroot/directory
+
diff -Nru libpam-chroot-0.9/debian/example/chrooted-directory-tree.txt 
libpam-chroot-0.9/debian/example/chrooted-directory-tree.txt
--- libpam-chroot-0.9/debian/example/chrooted-directory-tree.txt        
1970-01-01 01:00:00.000000000 +0100
+++ libpam-chroot-0.9/debian/example/chrooted-directory-tree.txt        
2023-09-29 12:44:34.000000000 +0200
@@ -0,0 +1,38 @@
+/home/test/
+|-- bin
+|   |-- bash
+|   |-- ls
+|   |-- rbash
+|   `-- sh
+|-- dev
+|   |-- null
+|   |-- tty1
+|   |-- tty2
+|   |-- tty3
+|   |-- tty4
+|   |-- tty5
+|   |-- tty6
+|   |-- tty7
+|   |-- urandom
+|   `-- zero
+|-- home
+|   `-- test
+|        |-- .alias
+|        |-- .bash_history
+|        |-- .bash_profile
+|        |-- .bashrc
+|        |-- .cshrc
+|        `-- .profile
+|-- lib
+   |-- ld-linux.so.2
+   |-- libc.so.6
+   |-- libdl-2.2.5.so
+   |-- libdl.so.2
+   |-- libncurses.so.4
+   |-- libncurses.so.4.2
+   |-- libncurses.so.5
+   |-- libncurses.so.5.2
+   |-- libpthread-0.9.so
+   |-- libpthread.so.0
+   |-- librt-2.2.5.so
+   `-- librt.so.1
diff -Nru libpam-chroot-0.9/debian/example/README.example 
libpam-chroot-0.9/debian/example/README.example
--- libpam-chroot-0.9/debian/example/README.example     1970-01-01 
01:00:00.000000000 +0100
+++ libpam-chroot-0.9/debian/example/README.example     2023-09-29 
12:44:34.000000000 +0200
@@ -0,0 +1,36 @@
+
+This is a sample configuration for the pam_chroot module.
+
+In order to make this work you need to: 
+
+1.- use setup-chrootdir.sh to create a directory in which
+the user will be chrooted (let's call it CHROOTDIR)
+A sample layout like the one it creates is provided in the
+chrooted-directory-tree.txt file
+
+WARNING! Make sure to have an open console in which to
+become superuser in case you mangle the files and cannot
+log-on to the system later on!
+
+2.- configure /etc/security/chroot.conf so that a given user
+(USERCHROOTED) is chrooted to CHROOTDIR when entering (in the
+sample configuration file CHROOTDIR=/chroot/directory)
+
+3.- add the following line to /etc/pam.d/login
+session    required   pam_chroot.so debug
+
+4.- create USERCHROOTED in the system (/etc/passwd et al.) and
+have his home directory be /home/test 
+(real directory=CHROOTDIR/home/test)
+
+5.- add the neccesary .profile, .cshrc, .bash_profile files to
+the CHROOTDIR/home/test directory (fix permissions to your own
+needs/policy)
+
+6.- Try to enter the system as USERCHROOTED. You should be
+restricted to CHROOTDIR and have only a limited number of
+utilies (setup-chrootdir only provides 'ls')
+
+If it does not work check the syslog files to see the messages
+related to PAM (should include pam_chroot[XXXX]: session messages
+due to the 'debug' option being set)
diff -Nru libpam-chroot-0.9/debian/example/setup-chrootdir-rsync.sh 
libpam-chroot-0.9/debian/example/setup-chrootdir-rsync.sh
--- libpam-chroot-0.9/debian/example/setup-chrootdir-rsync.sh   1970-01-01 
01:00:00.000000000 +0100
+++ libpam-chroot-0.9/debian/example/setup-chrootdir-rsync.sh   2023-09-29 
12:44:34.000000000 +0200
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+# Copyright (C) 2002  Andres Salomon <[email protected]>
+#
+# Create a chroot environment for allowing users to rsync.
+# This script is placed in the public domain.  Do with it what
+# you will.
+
+PATH="/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin"
+DIRECTORIES="bin dev lib usr/bin usr/lib"
+FILES="bin/false lib/libc.so.6 lib/ld-linux.so.2
+               bin/bash lib/libncurses.so.5 lib/libdl.so.2
+               usr/bin/rsync lib/libpopt.so.0 lib/libresolv.so.2"
+
+if test -z "$1"; then
+       echo "Usage: $0 <directory>" 1>&2
+       exit 1
+fi
+
+id=`id -u`
+if test "$id" -gt 0; then
+       echo "Error: this script requires root (for mknod)!" 1>&2
+       exit 1
+fi
+
+dir=$1
+curdir=`pwd`
+
+# Create directory structure
+mkdir -p $dir
+cd $dir
+for d in $DIRECTORIES; do
+       mkdir -p $d
+done
+
+# Add files
+for f in $FILES; do
+       cp /$f $f
+done
+
+# And devices..
+if test -d dev; then
+       cp /dev/MAKEDEV dev
+       cd dev && ./MAKEDEV std && rm -f MAKEDEV
+fi
+
+
+cd $curdir
+
+exit 0
diff -Nru libpam-chroot-0.9/debian/example/setup-chrootdir-shell.sh 
libpam-chroot-0.9/debian/example/setup-chrootdir-shell.sh
--- libpam-chroot-0.9/debian/example/setup-chrootdir-shell.sh   1970-01-01 
01:00:00.000000000 +0100
+++ libpam-chroot-0.9/debian/example/setup-chrootdir-shell.sh   2023-09-29 
12:44:34.000000000 +0200
@@ -0,0 +1,75 @@
+#!/bin/sh
+
+# Given a (non-existant) directory
+# creates a chroot environment so users can login
+# and have limited movements
+
+# (c) 2002 Javier Fernandez-Sanguino Peña <[email protected]>
+
+[ -z "$1" ] && {
+       echo "Usage $0 directory"
+       exit 1
+}
+id=`/usr/bin/id -u`
+
+[ "$id" -gt 0 ] && 
+       echo "WARNING: Needs to be run as root (for mknod to work)"
+
+dir=$1
+
+[  -e "$dir" ] && {
+       echo "ERROR: $dir exists. Please specify a non-existant directory"
+       exit 1
+}
+
+curdir=`/bin/pwd`
+/bin/mkdir -p $dir
+cd $dir
+for i in bin dev lib home/test ; do 
+       /bin/mkdir -p $i 
+done
+
+# Procedure:
+# Hard link for files and just copy simbolyc links, 
+# should work ok in the chroot
+
+# Bin directory (minimal set of binaries)
+for cmd in ls pwd true false rbash bash ; do
+       if [ -f /bin/$cmd -a ! -L /bin/$cmd ] ; then
+               /bin/ln /bin/$cmd bin/
+       fi
+       if [ -L /bin/$cmd ] ; then
+               cp -a /bin/$cmd lib/
+       fi
+done
+
+# Libraries (for previous binaries)
+for lib in /lib/ld-linux* /lib/libc.* /lib/libdl* /lib/librt* /lib/ncurse* 
/lib/libpthread* ; do
+       if [ -f $lib -a ! -L $lib ] ; then
+               /bin/ln $lib lib/
+       fi
+       if [ -L "$lib" ] ; then
+               cp -a $lib lib/
+       fi
+done
+
+# Devices
+cd dev
+# We need as many tty's as consoles
+/bin/mknod -m 644 tty1 c 4 1
+/bin/mknod -m 644 tty2 c 4 2
+/bin/mknod -m 644 tty3 c 4 3
+/bin/mknod -m 644 tty4 c 4 4
+/bin/mknod -m 644 tty5 c 4 5
+/bin/mknod -m 644 tty6 c 4 6
+# Some special nodes, just for fun
+/bin/mknod -m 444 urandom c 1 9
+/bin/mknod -m 666 zero c 1 5
+/bin/mknod -m 666 null c 1 3
+# Warning: since we do not have the /dev/log socket the
+# 'debug' option of the PAM module will not work once chrooted
+
+# Finish and get back were we started
+cd $curdir
+
+exit 0
diff -Nru libpam-chroot-0.9/debian/example/setup-chrootdir-template.sh 
libpam-chroot-0.9/debian/example/setup-chrootdir-template.sh
--- libpam-chroot-0.9/debian/example/setup-chrootdir-template.sh        
1970-01-01 01:00:00.000000000 +0100
+++ libpam-chroot-0.9/debian/example/setup-chrootdir-template.sh        
2023-09-29 12:44:34.000000000 +0200
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+# Copyright (C) 2002  Andres Salomon <[email protected]>
+#
+# Template for setup-chrootdir-XX.sh scripts
+
+PATH="/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin"
+# Directories to include in the chroot go here
+DIRECTORIES="bin dev "
+# Files to copy over to the chroot are included here
+FILES="bin/false lib/libc.so.6 lib/ld-linux.so.2"
+
+if test -z "$1"; then
+       echo "Usage: $0 <directory>" 1>&2
+       exit 1
+fi
+
+id=`id -u`
+if test "$id" -gt 0; then
+       echo "Error: this script requires root (for mknod)!" 1>&2
+       exit 1
+fi
+
+dir=$1
+curdir=`pwd`
+
+# Create directory structure
+mkdir -p $dir
+cd $dir
+for d in $DIRECTORIES; do
+       mkdir -p $d
+done
+
+# Add files
+for f in $FILES; do
+       cp /$f $f
+done
+
+# And devices..
+if test -d dev; then
+       cp /dev/MAKEDEV dev
+       cd dev && ./MAKEDEV std && rm -f MAKEDEV
+fi
+
+
+cd $curdir
+
+exit 0
diff -Nru libpam-chroot-0.9/debian/patches/debian.patch 
libpam-chroot-0.9/debian/patches/debian.patch
--- libpam-chroot-0.9/debian/patches/debian.patch       1970-01-01 
01:00:00.000000000 +0100
+++ libpam-chroot-0.9/debian/patches/debian.patch       2023-09-29 
12:44:34.000000000 +0200
@@ -0,0 +1,222 @@
+--- libpam-chroot-0.9.orig/Makefile
++++ libpam-chroot-0.9/Makefile
+@@ -3,17 +3,22 @@
+ CC=gcc
+ CFLAGS=-fPIC -O2 -Wall -Werror -pedantic
+ CPPFLAGS=-I.
+-LDFLAGS=-x --shared -lpam
++LDFLAGS=-shared
++DESTDIR=/
++LIBDIR=$(DESTDIR)/lib/security
++INSTALL?=install
+ 
+ OUT=pam_chroot.so
++CONF=chroot.conf
+ 
+ all:  $(OUT)
+ 
+ %.so: %.o
+-      ld $(LDFLAGS) -o $@ $<
++      $(CC) $(LDFLAGS) -o $@ $< -lpam
+ 
+ clean:
+       rm -f *.o $(OUT)
+ 
+ install:
+-      install -s -o0 -g0 -m755 $(OUT) /lib/security
++      $(INSTALL) -s -o0 -g0 -m755 $(OUT) $(LIBDIR)
++      install -m640 $(CONF) $(DESTDIR)/etc/security
+--- libpam-chroot-0.9.orig/TROUBLESHOOTING
++++ libpam-chroot-0.9/TROUBLESHOOTING
+@@ -6,7 +6,7 @@ also want to check the pam-list archives
+ Note that all of the following assumes that you have put pam_chroot into
+ debug mode (add the "debug" option to the pam_chroot line in the
+ appropriate /etc/pam.d file) and that syslogd is configured to put
+-auth.debug messages in some known location (/var/log/messages,
++auth.notice and auth.debug messages in some known location (/var/log/messages,
+ /var/adm/messages, /var/adm/syslog/syslog.log, etc.)
+ 
+ Under normal operation, pam_chroot will output something similar to the
+@@ -42,8 +42,8 @@ SOLUTION: This usually indicates that th
+   appropriate /etc/pam.d file, or it might be that PAM is not being used
+   at all.  (For example, you might have set 'UsePAM no' in your
+   /etc/ssh/sshd_config.)  It might also be that syslogd is not running or
+-  is not configured to report auth.debug messages in the file that you're
+-  looking for them in.
++  is not configured to report auth.notice and auth.debug messages in the 
++  file that you're looking for them in.
+   There are a multitude of reasons that PAM might not be being used, and
+   they're usually application configuration issues, rather than issues with
+   PAM itself.
+--- libpam-chroot-0.9.orig/chroot.conf
++++ libpam-chroot-0.9/chroot.conf
+@@ -1,6 +1,13 @@
+ # /etc/security/chroot.conf
+-# format:
++# This file determines where will pam_chroot restrict the
++# users for applications that use this module.
++# Users not listed in this configuration file will not
++# be chrooted.
++# The format of this configuration file is:
++#
+ # username    chroot_dir
++#
++# For example:
+ #foo  /home/foo
+ 
+ # Or, if you've specified use_regex,
+--- libpam-chroot-0.9.orig/pam_chroot.c
++++ libpam-chroot-0.9/pam_chroot.c
+@@ -68,14 +68,14 @@ static void _pam_log(int err, const char
+ /* initialize opts to a standard known state */
+ int _pam_opts_init(struct _pam_opts* opts) {
+       if(NULL == opts) {
+-              _pam_log(LOG_ERR, "%s: NULL opts pointer", __FUNCTION__);
++              _pam_log(LOG_ERR, "%s: NULL opts pointer", __extension__ 
__FUNCTION__);
+               return _PAM_CHROOT_INTERNALERR;
+       }
+ 
+       opts->flags = _PAM_OPTS_NOOPTS;
+       opts->chroot_dir = NULL;
+ 
+-      opts->conf = x_strdup(CONFIG);
++      opts->conf = strdup(CONFIG);
+       if(NULL == opts->conf) {
+               _pam_log(LOG_ERR, "strdup: %s", strerror(errno));
+               return _PAM_CHROOT_SYSERR;
+@@ -91,7 +91,7 @@ int _pam_opts_config(struct _pam_opts* o
+       int i;
+ 
+       if(NULL == opts) {
+-              _pam_log(LOG_ERR, "%s: NULL opts pointer", __FUNCTION__);
++              _pam_log(LOG_ERR, "%s: NULL opts pointer", __extension__ 
__FUNCTION__);
+               return _PAM_CHROOT_INTERNALERR;
+       }
+ 
+@@ -133,7 +133,7 @@ int _pam_opts_config(struct _pam_opts* o
+               } else if(!strncmp(argv[i], "onerr=", 6)) {
+                       if(!strcmp(argv[i] + 6, "succeed")) {
+                               opts->flags = opts->flags & 
(~_PAM_OPTS_NOTFOUNDFAILS);
+-                      } else if(!strcmp(argv[i] + 9, "fail")) {
++                      } else if(!strcmp(argv[i] + 6, "fail")) {
+                               opts->flags = opts->flags | 
_PAM_OPTS_NOTFOUNDFAILS;
+                       } else {
+                               _pam_log(LOG_ERR, "bad config option: \"%s\"", 
argv[i]);
+@@ -146,7 +146,7 @@ int _pam_opts_config(struct _pam_opts* o
+                               _pam_log(LOG_ERR,
+                                               "bad config option: \"%s\": 
chroot dir already set", argv[i]);
+                       } else {
+-                              opts->chroot_dir = x_strdup(argv[i] + 11);
++                              opts->chroot_dir = strdup(argv[i] + 11);
+                               if(NULL == opts->chroot_dir) {
+                                       _pam_log(LOG_ERR, "strdup: %s", 
strerror(errno));
+                               }
+@@ -162,7 +162,7 @@ int _pam_opts_config(struct _pam_opts* o
+ /* free the allocated memory of a struct _pam_opts */
+ int _pam_opts_free(struct _pam_opts* opts) {
+       if(NULL == opts) {
+-              _pam_log(LOG_ERR, "%s: NULL opts pointer", __FUNCTION__);
++              _pam_log(LOG_ERR, "%s: NULL opts pointer", __extension__ 
__FUNCTION__);
+       }
+       _pam_drop(opts->chroot_dir);
+       _pam_drop(opts->conf);
+@@ -187,7 +187,7 @@ int _pam_getugroups(const char *user, gi
+       char **uptr;
+ 
+       if(NULL == user || NULL == ngrps) { return -1; }
+-      if(0 > *ngrps || 0 > gid) { return -1; }
++      if(0 > *ngrps) { return -1; }
+ 
+       if(gcount < *ngrps) {
+               if(NULL != grps) { grps[gcount] = gid; }
+@@ -261,19 +261,19 @@ char** _pam_get_groups(const char* user,
+       gids = (gid_t*) malloc(ngroups*sizeof(gid_t));
+       if(NULL == gids) {
+               _pam_log(LOG_ERR, "%s: %s: malloc: %s",
+-                              opts->module, __FUNCTION__, strerror(errno));
++                              opts->module, __extension__ __FUNCTION__, 
strerror(errno));
+               return NULL;
+       }
+       ret = _PAM_GETUGROUPS(pwd->pw_name, pwd->pw_gid, gids, &ngroups);
+       if(-1 == ret) {
+               _pam_log(LOG_WARNING,
+                               "%s: %s: _PAM_GETUGROUPS found more gids on 
second run",
+-                              opts->module, __FUNCTION__);
++                              opts->module, __extension__ __FUNCTION__);
+       }
+       if(0 >= ngroups) {
+               _pam_log(LOG_ERR,
+                               "%s: %s: _PAM_GETUGROUPS returned no groups for 
user \"%s\"",
+-                              opts->module, __FUNCTION__, user);
++                              opts->module, __extension__ __FUNCTION__, user);
+               _pam_drop(gids);
+               return NULL;
+       }
+@@ -282,7 +282,7 @@ char** _pam_get_groups(const char* user,
+       groups = (char**)malloc((ngroups+1)*sizeof(char*));
+       if(NULL == groups) {
+               _pam_log(LOG_ERR, "%s: %s: malloc: %s",
+-                              opts->module, __FUNCTION__, strerror(errno));
++                              opts->module, __extension__ __FUNCTION__, 
strerror(errno));
+               _pam_drop(gids);
+               return NULL;
+       }
+@@ -291,9 +291,9 @@ char** _pam_get_groups(const char* user,
+               if(NULL == grp) {
+                       _pam_log(LOG_DEBUG, "%s: no grnam for gid %d", 
opts->module, gids[i]);
+                       snprintf(scratch, SCRATCH, "%d", gids[i]);
+-                      groups[i] = x_strdup(scratch);
++                      groups[i] = strdup(scratch);
+               } else {
+-                      groups[i] = x_strdup(grp->gr_name);
++                      groups[i] = strdup(grp->gr_name);
+               }
+       }
+       groups[i] = NULL;
+@@ -322,7 +322,7 @@ int _pam_check_path_perms(char *path, st
+       char save;
+       struct stat st;
+ 
+-      path = x_strdup(path);
++      path = strdup(path);
+       if(NULL == path) {
+               _pam_log(LOG_ERR, "strdup: %s", strerror(errno));
+               return -1;
+@@ -382,7 +382,7 @@ char* _pam_expand_chroot_dir(const char*
+               return NULL;
+       }
+ 
+-      exp = x_strdup(path);
++      exp = strdup(path);
+       if(NULL == exp) {
+               _pam_log(LOG_ERR, "%s: strdup: %s", opts->module, 
strerror(errno));
+               return NULL;
+@@ -533,7 +533,7 @@ int _pam_get_chrootdir(const char* user,
+                               char *errbuf = malloc(len);
+                               if(NULL == errbuf) {
+                                       _pam_log(LOG_ERR, "%s: %s: malloc: %s",
+-                                                      opts->module, 
__FUNCTION__, strerror(errno));
++                                                      opts->module, 
__extension__ __FUNCTION__, strerror(errno));
+                                       if(opts->flags & _PAM_OPTS_USE_GROUPS) {
+                                               _pam_free_groups(group_list);
+                                       }
+@@ -639,10 +639,8 @@ int _pam_get_chrootdir(const char* user,
+  *  then pass it to this function */
+ int _pam_do_chroot(pam_handle_t *pamh, struct _pam_opts *opts) {
+       int err,debug;
+-      char *name;
+       char const *user;
+ 
+-      name = NULL;
+       debug = opts->flags & _PAM_OPTS_DEBUG;
+ 
+       err = pam_get_user(pamh, &user, NULL);
+@@ -872,7 +870,7 @@ PAM_EXTERN int pam_sm_open_session(pam_h
+                       break;
+ 
+               default:
+-                      if(opts.flags * _PAM_OPTS_DEBUG) {
++                      if(opts.flags & _PAM_OPTS_DEBUG) {
+                               _pam_log(LOG_NOTICE, "%s: returning failure", 
opts.module);
+                       }
+                       err = PAM_SESSION_ERR;
diff -Nru libpam-chroot-0.9/debian/patches/series 
libpam-chroot-0.9/debian/patches/series
--- libpam-chroot-0.9/debian/patches/series     1970-01-01 01:00:00.000000000 
+0100
+++ libpam-chroot-0.9/debian/patches/series     2023-09-29 12:44:34.000000000 
+0200
@@ -0,0 +1 @@
+debian.patch
diff -Nru libpam-chroot-0.9/debian/rules libpam-chroot-0.9/debian/rules
--- libpam-chroot-0.9/debian/rules      2023-09-29 12:52:00.000000000 +0200
+++ libpam-chroot-0.9/debian/rules      2023-09-29 12:44:34.000000000 +0200
@@ -48,7 +48,7 @@
 
 #      dh_installdebconf       
        dh_installdocs options TROUBLESHOOTING
-       dh_installexamples example/*
+       dh_installexamples debian/example/*
 #      dh_installpam
        dh_installchangelogs 
        dh_link
diff -Nru libpam-chroot-0.9/debian/source/format 
libpam-chroot-0.9/debian/source/format
--- libpam-chroot-0.9/debian/source/format      1970-01-01 01:00:00.000000000 
+0100
+++ libpam-chroot-0.9/debian/source/format      2023-09-29 12:44:34.000000000 
+0200
@@ -0,0 +1 @@
+3.0 (quilt)
diff -Nru libpam-chroot-0.9/example/chroot.conf 
libpam-chroot-0.9/example/chroot.conf
--- libpam-chroot-0.9/example/chroot.conf       2023-09-29 12:52:00.000000000 
+0200
+++ libpam-chroot-0.9/example/chroot.conf       1970-01-01 01:00:00.000000000 
+0100
@@ -1,3 +0,0 @@
-# /etc/security/chroot.conf
-test   /chroot/directory
-
diff -Nru libpam-chroot-0.9/example/chrooted-directory-tree.txt 
libpam-chroot-0.9/example/chrooted-directory-tree.txt
--- libpam-chroot-0.9/example/chrooted-directory-tree.txt       2023-09-29 
12:52:00.000000000 +0200
+++ libpam-chroot-0.9/example/chrooted-directory-tree.txt       1970-01-01 
01:00:00.000000000 +0100
@@ -1,38 +0,0 @@
-/home/test/
-|-- bin
-|   |-- bash
-|   |-- ls
-|   |-- rbash
-|   `-- sh
-|-- dev
-|   |-- null
-|   |-- tty1
-|   |-- tty2
-|   |-- tty3
-|   |-- tty4
-|   |-- tty5
-|   |-- tty6
-|   |-- tty7
-|   |-- urandom
-|   `-- zero
-|-- home
-|   `-- test
-|        |-- .alias
-|        |-- .bash_history
-|        |-- .bash_profile
-|        |-- .bashrc
-|        |-- .cshrc
-|        `-- .profile
-|-- lib
-   |-- ld-linux.so.2
-   |-- libc.so.6
-   |-- libdl-2.2.5.so
-   |-- libdl.so.2
-   |-- libncurses.so.4
-   |-- libncurses.so.4.2
-   |-- libncurses.so.5
-   |-- libncurses.so.5.2
-   |-- libpthread-0.9.so
-   |-- libpthread.so.0
-   |-- librt-2.2.5.so
-   `-- librt.so.1
diff -Nru libpam-chroot-0.9/example/README.example 
libpam-chroot-0.9/example/README.example
--- libpam-chroot-0.9/example/README.example    2023-09-29 12:52:00.000000000 
+0200
+++ libpam-chroot-0.9/example/README.example    1970-01-01 01:00:00.000000000 
+0100
@@ -1,36 +0,0 @@
-
-This is a sample configuration for the pam_chroot module.
-
-In order to make this work you need to: 
-
-1.- use setup-chrootdir.sh to create a directory in which
-the user will be chrooted (let's call it CHROOTDIR)
-A sample layout like the one it creates is provided in the
-chrooted-directory-tree.txt file
-
-WARNING! Make sure to have an open console in which to
-become superuser in case you mangle the files and cannot
-log-on to the system later on!
-
-2.- configure /etc/security/chroot.conf so that a given user
-(USERCHROOTED) is chrooted to CHROOTDIR when entering (in the
-sample configuration file CHROOTDIR=/chroot/directory)
-
-3.- add the following line to /etc/pam.d/login
-session    required   pam_chroot.so debug
-
-4.- create USERCHROOTED in the system (/etc/passwd et al.) and
-have his home directory be /home/test 
-(real directory=CHROOTDIR/home/test)
-
-5.- add the neccesary .profile, .cshrc, .bash_profile files to
-the CHROOTDIR/home/test directory (fix permissions to your own
-needs/policy)
-
-6.- Try to enter the system as USERCHROOTED. You should be
-restricted to CHROOTDIR and have only a limited number of
-utilies (setup-chrootdir only provides 'ls')
-
-If it does not work check the syslog files to see the messages
-related to PAM (should include pam_chroot[XXXX]: session messages
-due to the 'debug' option being set)
diff -Nru libpam-chroot-0.9/example/setup-chrootdir-rsync.sh 
libpam-chroot-0.9/example/setup-chrootdir-rsync.sh
--- libpam-chroot-0.9/example/setup-chrootdir-rsync.sh  2023-09-29 
12:52:00.000000000 +0200
+++ libpam-chroot-0.9/example/setup-chrootdir-rsync.sh  1970-01-01 
01:00:00.000000000 +0100
@@ -1,50 +0,0 @@
-#!/bin/sh
-
-# Copyright (C) 2002  Andres Salomon <[email protected]>
-#
-# Create a chroot environment for allowing users to rsync.
-# This script is placed in the public domain.  Do with it what
-# you will.
-
-PATH="/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin"
-DIRECTORIES="bin dev lib usr/bin usr/lib"
-FILES="bin/false lib/libc.so.6 lib/ld-linux.so.2
-               bin/bash lib/libncurses.so.5 lib/libdl.so.2
-               usr/bin/rsync lib/libpopt.so.0 lib/libresolv.so.2"
-
-if test -z "$1"; then
-       echo "Usage: $0 <directory>" 1>&2
-       exit 1
-fi
-
-id=`id -u`
-if test "$id" -gt 0; then
-       echo "Error: this script requires root (for mknod)!" 1>&2
-       exit 1
-fi
-
-dir=$1
-curdir=`pwd`
-
-# Create directory structure
-mkdir -p $dir
-cd $dir
-for d in $DIRECTORIES; do
-       mkdir -p $d
-done
-
-# Add files
-for f in $FILES; do
-       cp /$f $f
-done
-
-# And devices..
-if test -d dev; then
-       cp /dev/MAKEDEV dev
-       cd dev && ./MAKEDEV std && rm -f MAKEDEV
-fi
-
-
-cd $curdir
-
-exit 0
diff -Nru libpam-chroot-0.9/example/setup-chrootdir-shell.sh 
libpam-chroot-0.9/example/setup-chrootdir-shell.sh
--- libpam-chroot-0.9/example/setup-chrootdir-shell.sh  2023-09-29 
12:52:00.000000000 +0200
+++ libpam-chroot-0.9/example/setup-chrootdir-shell.sh  1970-01-01 
01:00:00.000000000 +0100
@@ -1,75 +0,0 @@
-#!/bin/sh
-
-# Given a (non-existant) directory
-# creates a chroot environment so users can login
-# and have limited movements
-
-# (c) 2002 Javier Fernandez-Sanguino Peña <[email protected]>
-
-[ -z "$1" ] && {
-       echo "Usage $0 directory"
-       exit 1
-}
-id=`/usr/bin/id -u`
-
-[ "$id" -gt 0 ] && 
-       echo "WARNING: Needs to be run as root (for mknod to work)"
-
-dir=$1
-
-[  -e "$dir" ] && {
-       echo "ERROR: $dir exists. Please specify a non-existant directory"
-       exit 1
-}
-
-curdir=`/bin/pwd`
-/bin/mkdir -p $dir
-cd $dir
-for i in bin dev lib home/test ; do 
-       /bin/mkdir -p $i 
-done
-
-# Procedure:
-# Hard link for files and just copy simbolyc links, 
-# should work ok in the chroot
-
-# Bin directory (minimal set of binaries)
-for cmd in ls pwd true false rbash bash ; do
-       if [ -f /bin/$cmd -a ! -L /bin/$cmd ] ; then
-               /bin/ln /bin/$cmd bin/
-       fi
-       if [ -L /bin/$cmd ] ; then
-               cp -a /bin/$cmd lib/
-       fi
-done
-
-# Libraries (for previous binaries)
-for lib in /lib/ld-linux* /lib/libc.* /lib/libdl* /lib/librt* /lib/ncurse* 
/lib/libpthread* ; do
-       if [ -f $lib -a ! -L $lib ] ; then
-               /bin/ln $lib lib/
-       fi
-       if [ -L "$lib" ] ; then
-               cp -a $lib lib/
-       fi
-done
-
-# Devices
-cd dev
-# We need as many tty's as consoles
-/bin/mknod -m 644 tty1 c 4 1
-/bin/mknod -m 644 tty2 c 4 2
-/bin/mknod -m 644 tty3 c 4 3
-/bin/mknod -m 644 tty4 c 4 4
-/bin/mknod -m 644 tty5 c 4 5
-/bin/mknod -m 644 tty6 c 4 6
-# Some special nodes, just for fun
-/bin/mknod -m 444 urandom c 1 9
-/bin/mknod -m 666 zero c 1 5
-/bin/mknod -m 666 null c 1 3
-# Warning: since we do not have the /dev/log socket the
-# 'debug' option of the PAM module will not work once chrooted
-
-# Finish and get back were we started
-cd $curdir
-
-exit 0
diff -Nru libpam-chroot-0.9/example/setup-chrootdir-template.sh 
libpam-chroot-0.9/example/setup-chrootdir-template.sh
--- libpam-chroot-0.9/example/setup-chrootdir-template.sh       2023-09-29 
12:52:00.000000000 +0200
+++ libpam-chroot-0.9/example/setup-chrootdir-template.sh       1970-01-01 
01:00:00.000000000 +0100
@@ -1,48 +0,0 @@
-#!/bin/sh
-
-# Copyright (C) 2002  Andres Salomon <[email protected]>
-#
-# Template for setup-chrootdir-XX.sh scripts
-
-PATH="/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin"
-# Directories to include in the chroot go here
-DIRECTORIES="bin dev "
-# Files to copy over to the chroot are included here
-FILES="bin/false lib/libc.so.6 lib/ld-linux.so.2"
-
-if test -z "$1"; then
-       echo "Usage: $0 <directory>" 1>&2
-       exit 1
-fi
-
-id=`id -u`
-if test "$id" -gt 0; then
-       echo "Error: this script requires root (for mknod)!" 1>&2
-       exit 1
-fi
-
-dir=$1
-curdir=`pwd`
-
-# Create directory structure
-mkdir -p $dir
-cd $dir
-for d in $DIRECTORIES; do
-       mkdir -p $d
-done
-
-# Add files
-for f in $FILES; do
-       cp /$f $f
-done
-
-# And devices..
-if test -d dev; then
-       cp /dev/MAKEDEV dev
-       cd dev && ./MAKEDEV std && rm -f MAKEDEV
-fi
-
-
-cd $curdir
-
-exit 0
diff -Nru libpam-chroot-0.9/Makefile libpam-chroot-0.9/Makefile
--- libpam-chroot-0.9/Makefile  2023-09-29 12:52:00.000000000 +0200
+++ libpam-chroot-0.9/Makefile  2004-05-05 02:07:47.000000000 +0200
@@ -3,22 +3,17 @@
 CC=gcc
 CFLAGS=-fPIC -O2 -Wall -Werror -pedantic
 CPPFLAGS=-I.
-LDFLAGS=-shared
-DESTDIR=/
-LIBDIR=$(DESTDIR)/lib/security
-INSTALL?=install
+LDFLAGS=-x --shared -lpam
 
 OUT=pam_chroot.so
-CONF=chroot.conf
 
 all:   $(OUT)
 
 %.so: %.o
-       $(CC) $(LDFLAGS) -o $@ $< -lpam
+       ld $(LDFLAGS) -o $@ $<
 
 clean:
        rm -f *.o $(OUT)
 
 install:
-       $(INSTALL) -s -o0 -g0 -m755 $(OUT) $(LIBDIR)
-       install -m640 $(CONF) $(DESTDIR)/etc/security
+       install -s -o0 -g0 -m755 $(OUT) /lib/security
diff -Nru libpam-chroot-0.9/pam_chroot.c libpam-chroot-0.9/pam_chroot.c
--- libpam-chroot-0.9/pam_chroot.c      2023-09-29 12:52:00.000000000 +0200
+++ libpam-chroot-0.9/pam_chroot.c      2004-06-24 04:01:44.000000000 +0200
@@ -68,14 +68,14 @@
 /* initialize opts to a standard known state */
 int _pam_opts_init(struct _pam_opts* opts) {
        if(NULL == opts) {
-               _pam_log(LOG_ERR, "%s: NULL opts pointer", __extension__ 
__FUNCTION__);
+               _pam_log(LOG_ERR, "%s: NULL opts pointer", __FUNCTION__);
                return _PAM_CHROOT_INTERNALERR;
        }
 
        opts->flags = _PAM_OPTS_NOOPTS;
        opts->chroot_dir = NULL;
 
-       opts->conf = strdup(CONFIG);
+       opts->conf = x_strdup(CONFIG);
        if(NULL == opts->conf) {
                _pam_log(LOG_ERR, "strdup: %s", strerror(errno));
                return _PAM_CHROOT_SYSERR;
@@ -91,7 +91,7 @@
        int i;
 
        if(NULL == opts) {
-               _pam_log(LOG_ERR, "%s: NULL opts pointer", __extension__ 
__FUNCTION__);
+               _pam_log(LOG_ERR, "%s: NULL opts pointer", __FUNCTION__);
                return _PAM_CHROOT_INTERNALERR;
        }
 
@@ -133,7 +133,7 @@
                } else if(!strncmp(argv[i], "onerr=", 6)) {
                        if(!strcmp(argv[i] + 6, "succeed")) {
                                opts->flags = opts->flags & 
(~_PAM_OPTS_NOTFOUNDFAILS);
-                       } else if(!strcmp(argv[i] + 6, "fail")) {
+                       } else if(!strcmp(argv[i] + 9, "fail")) {
                                opts->flags = opts->flags | 
_PAM_OPTS_NOTFOUNDFAILS;
                        } else {
                                _pam_log(LOG_ERR, "bad config option: \"%s\"", 
argv[i]);
@@ -146,7 +146,7 @@
                                _pam_log(LOG_ERR,
                                                "bad config option: \"%s\": 
chroot dir already set", argv[i]);
                        } else {
-                               opts->chroot_dir = strdup(argv[i] + 11);
+                               opts->chroot_dir = x_strdup(argv[i] + 11);
                                if(NULL == opts->chroot_dir) {
                                        _pam_log(LOG_ERR, "strdup: %s", 
strerror(errno));
                                }
@@ -162,7 +162,7 @@
 /* free the allocated memory of a struct _pam_opts */
 int _pam_opts_free(struct _pam_opts* opts) {
        if(NULL == opts) {
-               _pam_log(LOG_ERR, "%s: NULL opts pointer", __extension__ 
__FUNCTION__);
+               _pam_log(LOG_ERR, "%s: NULL opts pointer", __FUNCTION__);
        }
        _pam_drop(opts->chroot_dir);
        _pam_drop(opts->conf);
@@ -187,7 +187,7 @@
        char **uptr;
 
        if(NULL == user || NULL == ngrps) { return -1; }
-       if(0 > *ngrps) { return -1; }
+       if(0 > *ngrps || 0 > gid) { return -1; }
 
        if(gcount < *ngrps) {
                if(NULL != grps) { grps[gcount] = gid; }
@@ -261,19 +261,19 @@
        gids = (gid_t*) malloc(ngroups*sizeof(gid_t));
        if(NULL == gids) {
                _pam_log(LOG_ERR, "%s: %s: malloc: %s",
-                               opts->module, __extension__ __FUNCTION__, 
strerror(errno));
+                               opts->module, __FUNCTION__, strerror(errno));
                return NULL;
        }
        ret = _PAM_GETUGROUPS(pwd->pw_name, pwd->pw_gid, gids, &ngroups);
        if(-1 == ret) {
                _pam_log(LOG_WARNING,
                                "%s: %s: _PAM_GETUGROUPS found more gids on 
second run",
-                               opts->module, __extension__ __FUNCTION__);
+                               opts->module, __FUNCTION__);
        }
        if(0 >= ngroups) {
                _pam_log(LOG_ERR,
                                "%s: %s: _PAM_GETUGROUPS returned no groups for 
user \"%s\"",
-                               opts->module, __extension__ __FUNCTION__, user);
+                               opts->module, __FUNCTION__, user);
                _pam_drop(gids);
                return NULL;
        }
@@ -282,7 +282,7 @@
        groups = (char**)malloc((ngroups+1)*sizeof(char*));
        if(NULL == groups) {
                _pam_log(LOG_ERR, "%s: %s: malloc: %s",
-                               opts->module, __extension__ __FUNCTION__, 
strerror(errno));
+                               opts->module, __FUNCTION__, strerror(errno));
                _pam_drop(gids);
                return NULL;
        }
@@ -291,9 +291,9 @@
                if(NULL == grp) {
                        _pam_log(LOG_DEBUG, "%s: no grnam for gid %d", 
opts->module, gids[i]);
                        snprintf(scratch, SCRATCH, "%d", gids[i]);
-                       groups[i] = strdup(scratch);
+                       groups[i] = x_strdup(scratch);
                } else {
-                       groups[i] = strdup(grp->gr_name);
+                       groups[i] = x_strdup(grp->gr_name);
                }
        }
        groups[i] = NULL;
@@ -322,7 +322,7 @@
        char save;
        struct stat st;
 
-       path = strdup(path);
+       path = x_strdup(path);
        if(NULL == path) {
                _pam_log(LOG_ERR, "strdup: %s", strerror(errno));
                return -1;
@@ -382,7 +382,7 @@
                return NULL;
        }
 
-       exp = strdup(path);
+       exp = x_strdup(path);
        if(NULL == exp) {
                _pam_log(LOG_ERR, "%s: strdup: %s", opts->module, 
strerror(errno));
                return NULL;
@@ -533,7 +533,7 @@
                                char *errbuf = malloc(len);
                                if(NULL == errbuf) {
                                        _pam_log(LOG_ERR, "%s: %s: malloc: %s",
-                                                       opts->module, 
__extension__ __FUNCTION__, strerror(errno));
+                                                       opts->module, 
__FUNCTION__, strerror(errno));
                                        if(opts->flags & _PAM_OPTS_USE_GROUPS) {
                                                _pam_free_groups(group_list);
                                        }
@@ -639,8 +639,10 @@
  *  then pass it to this function */
 int _pam_do_chroot(pam_handle_t *pamh, struct _pam_opts *opts) {
        int err,debug;
+       char *name;
        char const *user;
 
+       name = NULL;
        debug = opts->flags & _PAM_OPTS_DEBUG;
 
        err = pam_get_user(pamh, &user, NULL);
@@ -870,7 +872,7 @@
                        break;
 
                default:
-                       if(opts.flags & _PAM_OPTS_DEBUG) {
+                       if(opts.flags * _PAM_OPTS_DEBUG) {
                                _pam_log(LOG_NOTICE, "%s: returning failure", 
opts.module);
                        }
                        err = PAM_SESSION_ERR;
diff -Nru libpam-chroot-0.9/TROUBLESHOOTING libpam-chroot-0.9/TROUBLESHOOTING
--- libpam-chroot-0.9/TROUBLESHOOTING   2023-09-29 12:52:00.000000000 +0200
+++ libpam-chroot-0.9/TROUBLESHOOTING   2004-05-05 02:07:47.000000000 +0200
@@ -6,7 +6,7 @@
 Note that all of the following assumes that you have put pam_chroot into
 debug mode (add the "debug" option to the pam_chroot line in the
 appropriate /etc/pam.d file) and that syslogd is configured to put
-auth.notice and auth.debug messages in some known location (/var/log/messages,
+auth.debug messages in some known location (/var/log/messages,
 /var/adm/messages, /var/adm/syslog/syslog.log, etc.)
 
 Under normal operation, pam_chroot will output something similar to the
@@ -42,8 +42,8 @@
   appropriate /etc/pam.d file, or it might be that PAM is not being used
   at all.  (For example, you might have set 'UsePAM no' in your
   /etc/ssh/sshd_config.)  It might also be that syslogd is not running or
-  is not configured to report auth.notice and auth.debug messages in the 
-  file that you're looking for them in.
+  is not configured to report auth.debug messages in the file that you're
+  looking for them in.
   There are a multitude of reasons that PAM might not be being used, and
   they're usually application configuration issues, rather than issues with
   PAM itself.

Reply via email to