openssh/openssh-7.2p2-hostname_changes_when_forwarding_X.patch
Petr Cerny 5093e42eaa Accepting request 398802 from home:pcerny:factory
- upgrade to 7.2p2

- changing license to 2-clause BSD to match source

- enable trusted X11 forwarding by default
  [-X11_trusted_forwarding]
- set UID for lastlog properly [-lastlog]
- enable use of PAM by default [-enable_PAM_by_default]
- copy command line arguments properly [-saveargv-fix]
- do not use pthreads in PAM code [-dont_use_pthreads_in_PAM]
- fix paths in documentation [-eal3]
- prevent race consitions triggered by SIGALRM [-blocksigalrm]
- do send and accept locale environment variables by default
  [-send_locale]
- handle hostnames changes during X forwarding
  [-hostname_changes_when_forwarding_X]
- try to remove xauth cookies on exit
  [-remove_xauth_cookies_on_exit]
- properly format pts names for ?tmp? log files
  [-pts_names_formatting]
- check locked accounts when using PAM [-pam_check_locks]
- chenge default PermitRootLogin to 'yes' to prevent unwanted
  surprises on updates from older versions.
  See README.SUSE for details
  [-allow_root_password_login]
- Disable DH parameters under 2048 bits by default and allow
  lowering the limit back to the RFC 4419 specified minimum
  through an option (bsc#932483, bsc#948902)
  [-disable_short_DH_parameters]
- Add getuid() and stat() syscalls to the seccomp filter

OBS-URL: https://build.opensuse.org/request/show/398802
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=103
2016-05-30 01:36:18 +00:00

145 lines
3.7 KiB
Diff

# HG changeset patch
# Parent d5e9457ee640bdd816edb9c67792cddb00c229b9
handle hostname changes when forwarding X
bnc#98627
diff --git a/openssh-7.2p2/session.c b/openssh-7.2p2/session.c
--- a/openssh-7.2p2/session.c
+++ b/openssh-7.2p2/session.c
@@ -1154,17 +1154,17 @@ copy_environment(char **source, char ***
debug3("Copy environment: %s=%s", var_name, var_val);
child_set_env(env, envsize, var_name, var_val);
free(var_name);
}
}
static char **
-do_setup_env(Session *s, const char *shell)
+do_setup_env(Session *s, const char *shell, int *env_size)
{
char buf[256];
u_int i, envsize;
char **env, *laddr;
struct passwd *pw = s->pw;
#if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN)
char *path = NULL;
#endif
@@ -1341,25 +1341,27 @@ do_setup_env(Session *s, const char *she
read_environment_file(&env, &envsize, buf);
}
if (debug_flag) {
/* dump the environment */
fprintf(stderr, "Environment:\n");
for (i = 0; env[i]; i++)
fprintf(stderr, " %.200s\n", env[i]);
}
+
+ *env_size = envsize;
return env;
}
/*
* Run $HOME/.ssh/rc, /etc/ssh/sshrc, or xauth (whichever is found
* first in this order).
*/
static void
-do_rc_files(Session *s, const char *shell)
+do_rc_files(Session *s, const char *shell, char **env, int *env_size)
{
FILE *f = NULL;
char cmd[1024];
int do_xauth;
struct stat st;
do_xauth =
s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL;
@@ -1404,22 +1406,30 @@ do_rc_files(Session *s, const char *shel
"%.500s add %.100s %.100s %.100s\n",
options.xauth_location, s->auth_display,
s->auth_proto, s->auth_data);
}
snprintf(cmd, sizeof cmd, "%s -q -",
options.xauth_location);
f = popen(cmd, "w");
if (f) {
+ char hostname[MAXHOSTNAMELEN];
+
fprintf(f, "remove %s\n",
s->auth_display);
fprintf(f, "add %s %s %s\n",
s->auth_display, s->auth_proto,
s->auth_data);
pclose(f);
+ if (gethostname(hostname,sizeof(hostname)) >= 0)
+ child_set_env(&env,env_size,"XAUTHLOCALHOSTNAME",
+ hostname);
+ else
+ debug("Cannot set up XAUTHLOCALHOSTNAME %s\n",
+ strerror(errno));
} else {
fprintf(stderr, "Could not run %s\n",
cmd);
}
}
}
static void
@@ -1681,16 +1691,17 @@ child_close_fds(void)
* ids, and executing the command or shell.
*/
#define ARGV_MAX 10
void
do_child(Session *s, const char *command)
{
extern char **environ;
char **env;
+ int env_size;
char *argv[ARGV_MAX];
const char *shell, *shell0, *hostname = NULL;
struct passwd *pw = s->pw;
int r = 0;
/* remove hostkey from the child's memory */
destroy_sensitive_data();
@@ -1747,17 +1758,17 @@ do_child(Session *s, const char *command
* legal, and means /bin/sh.
*/
shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
/*
* Make sure $SHELL points to the shell from the password file,
* even if shell is overridden from login.conf
*/
- env = do_setup_env(s, shell);
+ env = do_setup_env(s, shell, &env_size);
#ifdef HAVE_LOGIN_CAP
shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
#endif
/* we have to stash the hostname before we close our socket. */
if (options.use_login)
hostname = get_remote_name_or_ip(utmp_len,
@@ -1816,17 +1827,17 @@ do_child(Session *s, const char *command
}
if (r)
exit(1);
}
closefrom(STDERR_FILENO + 1);
if (!options.use_login)
- do_rc_files(s, shell);
+ do_rc_files(s, shell, env, &env_size);
/* restore SIGPIPE for child */
signal(SIGPIPE, SIG_DFL);
if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) {
printf("This service allows sftp connections only.\n");
fflush(NULL);
exit(1);