fe873a1c10
next round of patches - allow X forwarding over IPv4 when IPv6 sockets is not available [openssh-7.2p2-X_forward_with_disabled_ipv6.patch] - do not write PID file when not daemonizing [openssh-7.2p2-no_fork-no_pid_file.patch] - use correct options when invoking login [openssh-7.2p2-login_options.patch] - helper application for retrieving users' public keys from an LDAP server [openssh-7.2p2-ldap.patch] - allow forcing permissions over sftp [openssh-7.2p2-sftp_force_permissions.patch] - do not perform run-time checks for OpenSSL API/ABI change [openssh-7.2p2-disable-openssl-abi-check.patch] - suggest commands for cleaning known hosts file [openssh-7.2p2-host_ident.patch] - sftp home chroot patch [openssh-7.2p2-sftp_homechroot.patch] - ssh sessions auditing [openssh-7.2p2-audit.patch] - enable seccomp sandbox on additional architectures [openssh-7.2p2-additional_seccomp_archs.patch] OBS-URL: https://build.opensuse.org/request/show/432093 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=112
56 lines
1.4 KiB
Diff
56 lines
1.4 KiB
Diff
# HG changeset patch
|
|
# Parent ff8f0a192e120430204441cdcd18ff130f85a61e
|
|
# --used to be called '-xauth'
|
|
try to remove xauth cookies on logout
|
|
|
|
bnc#98815
|
|
|
|
diff --git a/openssh-7.2p2/session.c b/openssh-7.2p2/session.c
|
|
--- a/openssh-7.2p2/session.c
|
|
+++ b/openssh-7.2p2/session.c
|
|
@@ -2540,16 +2540,44 @@ session_close(Session *s)
|
|
u_int i;
|
|
|
|
verbose("Close session: user %s from %.200s port %d id %d",
|
|
s->pw->pw_name,
|
|
get_remote_ipaddr(),
|
|
get_remote_port(),
|
|
s->self);
|
|
|
|
+ if ((s->display != NULL) && (s->auth_proto != NULL) &&
|
|
+ (s->auth_data != NULL) && (options.xauth_location != NULL)) {
|
|
+ pid_t pid;
|
|
+ FILE *f;
|
|
+ char cmd[1024];
|
|
+ struct passwd * pw = s->pw;
|
|
+
|
|
+ if (!(pid = fork())) {
|
|
+ permanently_set_uid(pw);
|
|
+
|
|
+ /* Remove authority data from .Xauthority if appropriate. */
|
|
+ debug("Running %.500s remove %.100s\n",
|
|
+ options.xauth_location, s->auth_display);
|
|
+
|
|
+ snprintf(cmd, sizeof cmd, "unset XAUTHORITY && HOME=\"%.200s\" %s -q -",
|
|
+ s->pw->pw_dir, options.xauth_location);
|
|
+ f = popen(cmd, "w");
|
|
+ if (f) {
|
|
+ fprintf(f, "remove %s\n", s->auth_display);
|
|
+ pclose(f);
|
|
+ } else
|
|
+ error("Could not run %s\n", cmd);
|
|
+ exit(0);
|
|
+ } else if (pid > 0) {
|
|
+ waitpid(pid, NULL, 0);
|
|
+ }
|
|
+ }
|
|
+
|
|
if (s->ttyfd != -1)
|
|
session_pty_cleanup(s);
|
|
free(s->term);
|
|
free(s->display);
|
|
free(s->x11_chanids);
|
|
free(s->auth_display);
|
|
free(s->auth_data);
|
|
free(s->auth_proto);
|