forked from pool/openssh
Antonio Larrosa
fef1b16e66
commented out). The keycat binary isn't really installed nor supported, so we can drop it, except for the code that is used by other SELinux patches, which is what I kept from that patch (boo#1229072). - Add patch submitted to upstream to fix RFC4256 implementation so that keyboard-interactive authentication method can send instructions and sshd shows them to users even before a prompt is requested. This fixes MFA push notifications (boo#1229010). * 0001-auth-pam-Immediately-report-instructions-to-clients-and-fix-handling-in-ssh-client.patch OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=274
84 lines
2.5 KiB
Diff
84 lines
2.5 KiB
Diff
# HG changeset patch
|
|
# Parent 5e19a205fa03584bb0d829ecbba7495ce1899b65
|
|
# -- uset do be called '-xauthlocalhostname'
|
|
handle hostname changes when forwarding X
|
|
|
|
Index: openssh-8.8p1/session.c
|
|
===================================================================
|
|
--- openssh-8.8p1.orig/session.c
|
|
+++ openssh-8.8p1/session.c
|
|
@@ -981,7 +981,7 @@ copy_environment(char **source, char ***
|
|
#endif
|
|
|
|
static char **
|
|
-do_setup_env(struct ssh *ssh, Session *s, const char *shell)
|
|
+do_setup_env(struct ssh *ssh, Session *s, const char *shell, int *env_size)
|
|
{
|
|
char buf[256];
|
|
size_t n;
|
|
@@ -1191,6 +1191,8 @@ do_setup_env(struct ssh *ssh, Session *s
|
|
for (i = 0; env[i]; i++)
|
|
fprintf(stderr, " %.200s\n", env[i]);
|
|
}
|
|
+
|
|
+ *env_size = envsize;
|
|
return env;
|
|
}
|
|
|
|
@@ -1199,7 +1201,7 @@ do_setup_env(struct ssh *ssh, Session *s
|
|
* first in this order).
|
|
*/
|
|
static void
|
|
-do_rc_files(struct ssh *ssh, Session *s, const char *shell)
|
|
+do_rc_files(struct ssh *ssh, Session *s, const char *shell, char **env, int *env_size)
|
|
{
|
|
FILE *f = NULL;
|
|
char *cmd = NULL, *user_rc = NULL;
|
|
@@ -1256,12 +1258,20 @@ do_rc_files(struct ssh *ssh, Session *s,
|
|
fatal_f("xasprintf: %s", strerror(errno));
|
|
f = popen(cmd, "w");
|
|
if (f) {
|
|
+ char hostname[MAXHOSTNAMELEN];
|
|
+
|
|
fprintf(f, "remove %s\n",
|
|
s->auth_display);
|
|
fprintf(f, "add %s %s %s\n",
|
|
s->auth_display, s->auth_proto,
|
|
s->auth_data);
|
|
pclose(f);
|
|
+ if (gethostname(hostname,sizeof(hostname)) >= 0)
|
|
+ child_set_env(&env,env_size,"XAUTHLOCALHOSTNAME",
|
|
+ hostname);
|
|
+ else
|
|
+ debug("Cannot set up XAUTHLOCALHOSTNAME %s\n",
|
|
+ strerror(errno));
|
|
} else {
|
|
fprintf(stderr, "Could not run %s\n",
|
|
cmd);
|
|
@@ -1518,6 +1528,7 @@ do_child(struct ssh *ssh, Session *s, co
|
|
char **env, *argv[ARGV_MAX], remote_id[512];
|
|
const char *shell, *shell0;
|
|
struct passwd *pw = s->pw;
|
|
+ int env_size;
|
|
int r = 0;
|
|
|
|
sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id));
|
|
@@ -1574,7 +1585,7 @@ do_child(struct ssh *ssh, Session *s, co
|
|
* Make sure $SHELL points to the shell from the password file,
|
|
* even if shell is overridden from login.conf
|
|
*/
|
|
- env = do_setup_env(ssh, s, shell);
|
|
+ env = do_setup_env(ssh, s, shell, &env_size);
|
|
|
|
#ifdef HAVE_LOGIN_CAP
|
|
shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
|
|
@@ -1638,7 +1649,7 @@ do_child(struct ssh *ssh, Session *s, co
|
|
|
|
closefrom(STDERR_FILENO + 1);
|
|
|
|
- do_rc_files(ssh, s, shell);
|
|
+ do_rc_files(ssh, s, shell, env, &env_size);
|
|
|
|
/* restore SIGPIPE for child */
|
|
ssh_signal(SIGPIPE, SIG_DFL);
|