# try to remove xauth cookies on logout # bnc#98815 diff --git a/openssh-6.5p1/session.c b/openssh-6.5p1/session.c --- a/openssh-6.5p1/session.c +++ b/openssh-6.5p1/session.c @@ -2505,18 +2505,50 @@ session_exit_message(Session *s, int sta if (c->ostate != CHAN_OUTPUT_CLOSED) chan_write_failed(c); } void session_close(Session *s) { u_int i; + int do_xauth; debug("session_close: session %d pid %ld", s->self, (long)s->pid); + + do_xauth = (s->display != NULL) && (s->auth_proto != NULL) && (s->auth_data != NULL); + if (do_xauth && options.xauth_location != NULL) { + pid_t pid; + FILE *f; + char cmd[1024]; + struct passwd * pw = s->pw; + + if (!(pid = fork())) { + permanently_set_uid(pw); + + /* Remove authority data from .Xauthority if appropriate. */ + debug("Running %.500s remove %.100s\n", + options.xauth_location, s->auth_display); + + snprintf(cmd, sizeof cmd, "unset XAUTHORITY && HOME=\"%.200s\" %s -q -", + s->pw->pw_dir, options.xauth_location); + f = popen(cmd, "w"); + if (f) { + fprintf(f, "remove %s\n", s->auth_display); + pclose(f); + } else + error("Could not run %s\n", cmd); + exit(0); + } else if (pid > 0) { + int status; + + waitpid(pid, &status, 0); + } + } + if (s->ttyfd != -1) session_pty_cleanup(s); free(s->term); free(s->display); free(s->x11_chanids); free(s->auth_display); free(s->auth_data); free(s->auth_proto);