--- a/clientloop.c 2017-10-07 04:21:42.000000000 +0200
+++ b/clientloop.c 2017-10-07 04:30:02.000000000 +0200
@@ -301,6 +301,10 @@ client_x11_get_proto(struct ssh *ssh, co
struct stat st;
u_int now, x11_timeout_real;
+#if __APPLE__
+ int is_path_to_socket = 0;
+#endif /* __APPLE__ */
+
*_proto = proto;
*_data = data;
proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0';
@@ -317,6 +321,19 @@ client_x11_get_proto(struct ssh *ssh, co
}
if (xauth_path != NULL) {
+#if __APPLE__
+ {
+ /*
+ * If using launchd socket, remove the screen number from the end
+ * of $DISPLAY. is_path_to_socket is used later in this function
+ * to determine if an error should be displayed.
+ */
+ char path[PATH_MAX];
+
+ is_path_to_socket = is_path_to_xsocket(display, path, sizeof(path));
+ }
+#endif /* __APPLE__ */
+
/*
* Handle FamilyLocal case where $DISPLAY does
* not match an authorization entry. For this we
@@ -428,6 +445,9 @@ client_x11_get_proto(struct ssh *ssh, co
u_int8_t rnd[16];
u_int i;
+#if __APPLE__
+ if (!is_path_to_socket)
+#endif /* __APPLE__ */
logit("Warning: No xauth data; "
"using fake authentication data for X11 forwarding.");
strlcpy(proto, SSH_X11_PROTO, sizeof proto);
--- a/channels.c 2017-10-07 04:21:42.000000000 +0200
+++ b/channels.c 2017-10-07 04:26:38.000000000 +0200
@@ -4517,7 +4517,7 @@ connect_local_xsocket(u_int dnr)
}
#ifdef __APPLE__
-static int
+int
is_path_to_xsocket(const char *display, char *path, size_t pathlen)
{
struct stat sbuf;
--- a/channels.h 2017-10-02 21:34:26.000000000 +0200
+++ b/channels.h 2017-10-07 04:26:24.000000000 +0200
@@ -316,6 +316,9 @@ int permitopen_port(const char *);
/* x11 forwarding */
void channel_set_x11_refuse_time(struct ssh *, u_int);
+#ifdef __APPLE__
+int is_path_to_xsocket(const char *, char *, size_t);
+#endif
int x11_connect_display(struct ssh *);
int x11_create_display_inet(struct ssh *, int, int, int, u_int *, int **);
void x11_request_forwarding_with_spoofing(struct ssh *, int,