# HG changeset patch # Parent e4a7e5799420a3d4b8047c5984c75c4bd4331951 # -- uset do be called '-xauthlocalhostname' handle hostname changes when forwarding X bnc#98627 diff --git a/openssh-7.6p1/session.c b/openssh-7.6p1/session.c --- a/openssh-7.6p1/session.c +++ b/openssh-7.6p1/session.c @@ -953,17 +953,17 @@ copy_environment_blacklist(char **source void copy_environment(char **source, char ***env, u_int *envsize) { copy_environment_blacklist(source, env, envsize, NULL); } static char ** -do_setup_env(struct ssh *ssh, Session *s, const char *shell) +do_setup_env(struct ssh *ssh, Session *s, const char *shell, int *env_size) { char buf[256]; u_int i, envsize; char **env, *laddr; struct passwd *pw = s->pw; #if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN) char *path = NULL; #endif @@ -1142,25 +1142,27 @@ do_setup_env(struct ssh *ssh, Session *s read_environment_file(&env, &envsize, buf); } if (debug_flag) { /* dump the environment */ fprintf(stderr, "Environment:\n"); for (i = 0; env[i]; i++) fprintf(stderr, " %.200s\n", env[i]); } + + *env_size = envsize; return env; } /* * Run $HOME/.ssh/rc, /etc/ssh/sshrc, or xauth (whichever is found * first in this order). */ static void -do_rc_files(Session *s, const char *shell) +do_rc_files(Session *s, const char *shell, char **env, int *env_size) { FILE *f = NULL; char cmd[1024]; int do_xauth; struct stat st; do_xauth = s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; @@ -1205,22 +1207,30 @@ do_rc_files(Session *s, const char *shel "%.500s add %.100s %.100s %.100s\n", options.xauth_location, s->auth_display, s->auth_proto, s->auth_data); } snprintf(cmd, sizeof cmd, "%s -q -", options.xauth_location); f = popen(cmd, "w"); if (f) { + char hostname[MAXHOSTNAMELEN]; + fprintf(f, "remove %s\n", s->auth_display); fprintf(f, "add %s %s %s\n", s->auth_display, s->auth_proto, s->auth_data); pclose(f); + if (gethostname(hostname,sizeof(hostname)) >= 0) + child_set_env(&env,env_size,"XAUTHLOCALHOSTNAME", + hostname); + else + debug("Cannot set up XAUTHLOCALHOSTNAME %s\n", + strerror(errno)); } else { fprintf(stderr, "Could not run %s\n", cmd); } } } static void @@ -1461,16 +1471,17 @@ child_close_fds(struct ssh *ssh) * ids, and executing the command or shell. */ #define ARGV_MAX 10 void do_child(struct ssh *ssh, Session *s, const char *command) { extern char **environ; char **env; + int env_size; char *argv[ARGV_MAX]; const char *shell, *shell0; struct passwd *pw = s->pw; int r = 0; /* remove hostkey from the child's memory */ destroy_sensitive_data(); packet_clear_keys(); @@ -1522,17 +1533,17 @@ do_child(struct ssh *ssh, Session *s, co * legal, and means /bin/sh. */ shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; /* * Make sure $SHELL points to the shell from the password file, * even if shell is overridden from login.conf */ - env = do_setup_env(ssh, s, shell); + env = do_setup_env(ssh, s, shell, &env_size); #ifdef HAVE_LOGIN_CAP shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); #endif /* * Close the connection descriptors; note that this is the child, and * the server will still have the socket open, and it is important @@ -1586,17 +1597,17 @@ do_child(struct ssh *ssh, Session *s, co strerror(errno)); } if (r) exit(1); } closefrom(STDERR_FILENO + 1); - do_rc_files(s, shell); + do_rc_files(s, shell, env, &env_size); /* restore SIGPIPE for child */ signal(SIGPIPE, SIG_DFL); if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) { printf("This service allows sftp connections only.\n"); fflush(NULL); exit(1);