318211936a
Version update to 8.1p1: * ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys will therefore be incompatible with OpenSSH versions prior to 7.2 unless the default is overridden (using "ssh-keygen -t ssh-rsa -s ..."). * ssh(1): Allow %n to be expanded in ProxyCommand strings * ssh(1), sshd(8): Allow prepending a list of algorithms to the default set by starting the list with the '^' character, E.g. "HostKeyAlgorithms ^ssh-ed25519" * ssh-keygen(1): add an experimental lightweight signature and verification ability. Signatures may be made using regular ssh keys held on disk or stored in a ssh-agent and verified against an authorized_keys-like list of allowed keys. Signatures embed a namespace that prevents confusion and attacks between different usage domains (e.g. files vs email). * ssh-keygen(1): print key comment when extracting public key from a private key. * ssh-keygen(1): accept the verbose flag when searching for host keys in known hosts (i.e. "ssh-keygen -vF host") to print the matching host's random-art signature too. * All: support PKCS8 as an optional format for storage of private keys to disk. The OpenSSH native key format remains the default, but PKCS8 is a superior format to PEM if interoperability with non-OpenSSH software is required, as it may use a less insecure key derivation function than PEM's. - Additional changes from 8.0p1 release: * scp(1): Add "-T" flag to disable client-side filtering of server file list. * sshd(8): Remove support for obsolete "host/port" syntax. OBS-URL: https://build.opensuse.org/request/show/737034 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=197
86 lines
2.6 KiB
Diff
86 lines
2.6 KiB
Diff
# HG changeset patch
|
|
# Parent 5e19a205fa03584bb0d829ecbba7495ce1899b65
|
|
# -- uset do be called '-xauthlocalhostname'
|
|
handle hostname changes when forwarding X
|
|
|
|
bnc#98627
|
|
|
|
diff --git a/session.c b/session.c
|
|
index 94d7438..d81060c 100644
|
|
--- a/session.c
|
|
+++ b/session.c
|
|
@@ -981,7 +981,7 @@ copy_environment(char **source, char ***env, u_int *envsize)
|
|
}
|
|
|
|
static char **
|
|
-do_setup_env(struct ssh *ssh, Session *s, const char *shell)
|
|
+do_setup_env(struct ssh *ssh, Session *s, const char *shell, int *env_size)
|
|
{
|
|
char buf[256];
|
|
size_t n;
|
|
@@ -1191,6 +1191,8 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
|
|
for (i = 0; env[i]; i++)
|
|
fprintf(stderr, " %.200s\n", env[i]);
|
|
}
|
|
+
|
|
+ *env_size = envsize;
|
|
return env;
|
|
}
|
|
|
|
@@ -1199,7 +1201,7 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
|
|
* first in this order).
|
|
*/
|
|
static void
|
|
-do_rc_files(struct ssh *ssh, Session *s, const char *shell)
|
|
+do_rc_files(struct ssh *ssh, Session *s, const char *shell, char **env, int *env_size)
|
|
{
|
|
FILE *f = NULL;
|
|
char cmd[1024];
|
|
@@ -1254,12 +1256,20 @@ do_rc_files(struct ssh *ssh, Session *s, const char *shell)
|
|
options.xauth_location);
|
|
f = popen(cmd, "w");
|
|
if (f) {
|
|
+ char hostname[MAXHOSTNAMELEN];
|
|
+
|
|
fprintf(f, "remove %s\n",
|
|
s->auth_display);
|
|
fprintf(f, "add %s %s %s\n",
|
|
s->auth_display, s->auth_proto,
|
|
s->auth_data);
|
|
pclose(f);
|
|
+ if (gethostname(hostname,sizeof(hostname)) >= 0)
|
|
+ child_set_env(&env,env_size,"XAUTHLOCALHOSTNAME",
|
|
+ hostname);
|
|
+ else
|
|
+ debug("Cannot set up XAUTHLOCALHOSTNAME %s\n",
|
|
+ strerror(errno));
|
|
} else {
|
|
fprintf(stderr, "Could not run %s\n",
|
|
cmd);
|
|
@@ -1515,6 +1525,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
|
|
char **env, *argv[ARGV_MAX], remote_id[512];
|
|
const char *shell, *shell0;
|
|
struct passwd *pw = s->pw;
|
|
+ int env_size;
|
|
int r = 0;
|
|
|
|
sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id));
|
|
@@ -1571,7 +1582,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
|
|
* Make sure $SHELL points to the shell from the password file,
|
|
* even if shell is overridden from login.conf
|
|
*/
|
|
- env = do_setup_env(ssh, s, shell);
|
|
+ env = do_setup_env(ssh, s, shell, &env_size);
|
|
|
|
#ifdef HAVE_LOGIN_CAP
|
|
shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
|
|
@@ -1635,7 +1646,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
|
|
|
|
closefrom(STDERR_FILENO + 1);
|
|
|
|
- do_rc_files(ssh, s, shell);
|
|
+ do_rc_files(ssh, s, shell, env, &env_size);
|
|
|
|
/* restore SIGPIPE for child */
|
|
signal(SIGPIPE, SIG_DFL);
|