--- session.c.org	2005-03-23 19:58:04.401622722 +0900
+++ session.c	2005-03-23 19:56:49.587114716 +0900
@@ -58,6 +58,8 @@
 #include "session.h"
 #include "monitor_wrap.h"
 
+#define CHROOT
+
 #if defined(KRB5) && defined(USE_AFS)
 #include <kafs.h>
 #endif
@@ -1258,6 +1260,11 @@
 void
 do_setusercontext(struct passwd *pw)
 {
+#ifdef CHROOT
+	char *user_dir;
+	char *new_root;
+#endif /* CHROOT */
+
 #ifndef HAVE_CYGWIN
 	if (getuid() == 0 || geteuid() == 0)
 #endif /* HAVE_CYGWIN */
@@ -1315,6 +1322,27 @@
 			restore_uid();
 		}
 #endif
+
+#ifdef CHROOT
+	user_dir = xstrdup(pw->pw_dir);
+	new_root = user_dir + 1;
+
+	while((new_root = strchr(new_root, ',')) != NULL) {
+		new_root--;
+		if(strncmp(new_root, "/./", 3) == 0) {
+			*new_root = '\0';
+			new_root += 2;
+
+			if(chroot(user_dir) != 0)
+				fatal("Couldn't chroot to user's directory %s", user_dir);
+			pw->pw_dir = new_root;
+			break;
+		}
+
+		new_root += 2;
+	}
+#endif /* CHROOT */
+
 # ifdef USE_PAM
 		/*
 		 * PAM credentials may take the form of supplementary groups.