--- session.c.orig	2010-12-01 02:02:59.000000000 +0100
+++ session.c	2011-01-24 09:49:00.196292923 +0100
@@ -263,6 +263,11 @@
 	}
 }
 
+/* CHROOT patch start */
+char *user_dir;
+char *new_root;
+/* CHROOT patch end */
+
 void
 do_authenticated(Authctxt *authctxt)
 {
@@ -1483,6 +1488,27 @@
 #else
 		if (setlogin(pw->pw_name) < 0)
 			error("setlogin failed: %s", strerror(errno));
+                /* CHROOT patch start */
+                user_dir = xstrdup(pw->pw_dir);
+                new_root = user_dir + 1;
+                
+                while((new_root = strchr(new_root, '.')) != NULL) {
+                  new_root--;
+                  if(strncmp(new_root, "/./", 3) == 0) {
+                    *new_root = '\0';
+                    new_root += 2;
+                    				debug("chrooting to user directory %s", user_dir);
+                                                if(chroot(user_dir) != 0)
+                                                  fatal("Couldn't chroot to user directory %s", user_dir);
+                                                pw->pw_dir = new_root;
+                                                if (chdir("/") < 0)
+                                                  fatal("Couldn't cd to / after chroot to user directory %s: %s", 
+                                                        user_dir, strerror(errno));
+                                                break;
+                  }
+                  new_root += 2;
+                }
+                /* CHROOT patch end */
 		if (setgid(pw->pw_gid) < 0) {
 			perror("setgid");
 			exit(1);