diff --git a/channels.c b/channels.c index 67369d1..401a70e 100644 --- a/channels.c +++ b/channels.c @@ -4727,7 +4727,7 @@ connect_local_xsocket(u_int dnr) } #ifdef __APPLE__ -static int +int is_path_to_xsocket(const char *display, char *path, size_t pathlen) { struct stat sbuf; diff --git a/channels.h b/channels.h index 606c8d7..c590ba9 100644 --- a/channels.h +++ b/channels.h @@ -348,6 +348,9 @@ int permitopen_port(const char *); /* x11 forwarding */ void channel_set_x11_refuse_time(struct ssh *, u_int); +#ifdef __APPLE__ +int is_path_to_xsocket(const char *, char *, size_t); +#endif int x11_connect_display(struct ssh *); int x11_create_display_inet(struct ssh *, int, int, int, u_int *, int **); void x11_request_forwarding_with_spoofing(struct ssh *, int, diff --git a/clientloop.c b/clientloop.c index 8414639..1f61d53 100644 --- a/clientloop.c +++ b/clientloop.c @@ -289,6 +289,10 @@ client_x11_get_proto(struct ssh *ssh, const char *display, struct stat st; u_int now, x11_timeout_real; +#if __APPLE__ + int is_path_to_socket = 0; +#endif /* __APPLE__ */ + *_proto = proto; *_data = data; proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0'; @@ -305,6 +309,19 @@ client_x11_get_proto(struct ssh *ssh, const char *display, } if (xauth_path != NULL) { +#if __APPLE__ + { + /* + * If using launchd socket, remove the screen number from the end + * of $DISPLAY. is_path_to_socket is used later in this function + * to determine if an error should be displayed. + */ + char path[PATH_MAX]; + + is_path_to_socket = is_path_to_xsocket(display, path, sizeof(path)); + } +#endif /* __APPLE__ */ + /* * Handle FamilyLocal case where $DISPLAY does * not match an authorization entry. For this we @@ -427,6 +444,9 @@ client_x11_get_proto(struct ssh *ssh, const char *display, u_int8_t rnd[16]; u_int i; +#if __APPLE__ + if (!is_path_to_socket) +#endif /* __APPLE__ */ logit("Warning: No xauth data; " "using fake authentication data for X11 forwarding."); strlcpy(proto, SSH_X11_PROTO, sizeof proto);