Bug 17818

Summary: ssh X11 forward breaks with X11 not in /usr
Product: Base System Reporter: Bjoern Fischer <bfischer>
Component: binAssignee: Kris Kennaway <kris>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.0-STABLE   
Hardware: Any   
OS: Any   

Description Bjoern Fischer 2000-04-06 03:30:00 UTC 
xauth is needed for the automatic X11 protocol forwarder within SSH. The
xauth path is hard compiled into SHH as `/usr/X11R6/bin/xauth' which will
break the X11 protocol forwarder when X11 is installed somewhere else.

FreeBSD's Makefiles for SSH do not make use of the variable X11BASE which
may be set in /etc/make.conf.

Fix: 

The fix is obvious. See this patch (please review,
it is not `make world' tested!):

------------------------------------------------------------>8--------------
--- ./crypto/openssh/includes.h	2000/04/06 01:59:05	1.1
+++ ./crypto/openssh/includes.h	2000/04/06 01:59:32
@@ -58,7 +58,9 @@
 #include "version.h"
 
 /* Define this to be the path of the xauth program. */
+#ifndef XAUTH_PATH
 #define XAUTH_PATH "/usr/X11R6/bin/xauth"
+#endif
 
 /*
  * Define this to use pipes instead of socketpairs for communicating with the
--- ./secure/usr.bin/ssh/Makefile	2000/04/06 02:00:00	1.1
+++ ./secure/usr.bin/ssh/Makefile	2000/04/06 02:02:50
@@ -35,5 +35,9 @@
 
 .include <bsd.prog.mk>
 
+.if defined(X11BASE)
+CFLAGS+= -DXAUTH_PATH=${X11BASE}/bin/xauth
+.endif
+
 LDADD+=	-L${.OBJDIR}/../../lib/libssh -lssh -lcrypto -lutil -lz
 DPADD+=	${LIBCRYPTO} ${LIBUTIL} ${LIBZ}
--- ./secure/usr.sbin/sshd/Makefile	2000/04/06 02:03:11	1.1
+++ ./secure/usr.sbin/sshd/Makefile	2000/04/06 02:03:25
@@ -39,5 +39,9 @@
 
 .include <bsd.prog.mk>
 
+.if defined(X11BASE)
+CFLAGS+= -DXAUTH_PATH=${X11BASE}/bin/xauth
+.endif
+
 LDADD+=	-L${.OBJDIR}/../../lib/libssh -lssh -lcrypt -lcrypto -lutil -lz -lwrap
 DPADD+=	${LIBCRYPT} ${LIBCRYPTO} ${LIBUTIL} ${LIBZ} ${LIBWRAP}
How-To-Repeat: 
See description.
Comment 1 Bill Fenner 2000-04-13 08:51:00 UTC 
Workaround: set XAuthLocation in /etc/ssh/sshd_config .

  Bill
Comment 2 Bjoern Fischer 2000-04-13 09:45:54 UTC 
On Thu, Apr 13, 2000 at 12:51:00AM -0700, Bill Fenner wrote:
>=20
> Workaround: set XAuthLocation in /etc/ssh/sshd_config .

Uh, thanks. Maybe this info should be added to the man page.

  Bj=F6rn

--=20
-----BEGIN GEEK CODE BLOCK-----
GCS d--(+) s++: a- C+++(-) UB++++OSI++++$ P+++(-) L---(++) !E W- N+ o>+
K- !w !O !M !V  PS++  PE-  PGP++  t+++  !5 X++ tv- b+++ D++ G e+ h-- y+=20
------END GEEK CODE BLOCK------
Comment 3 Sheldon Hearn freebsd_committer freebsd_triage 2000-08-03 10:10:46 UTC 
Responsible Changed
From-To: freebsd-bugs->kris

Over to the maintainer (thanks, Johan).
Comment 4 Kris Kennaway freebsd_committer freebsd_triage 2000-08-23 10:39:21 UTC 
State Changed
From-To: open->closed

Patch committed, thanks! I will merge it to 4.1-STABLE 
in a few days.