From fe483776060e91a6ab4e445ad622eb3c98d80a57 Mon Sep 17 00:00:00 2001
From: David King <amigadave@amigadave.com>
Date: Mon, 13 Apr 2026 11:16:39 +0100
Subject: [PATCH] Add SSH forwarding snippets (RHEL-65490)

Resolves: RHEL-65490
---
 dbus-kill-process-with-session | 30 ++++++++++++++++++++++++++++++
 dbus.spec                      | 16 +++++++++++++++-
 ssh-x-forwarding.csh           | 25 +++++++++++++++++++++++++
 ssh-x-forwarding.sh            | 25 +++++++++++++++++++++++++
 4 files changed, 95 insertions(+), 1 deletion(-)
 create mode 100644 dbus-kill-process-with-session
 create mode 100644 ssh-x-forwarding.csh
 create mode 100644 ssh-x-forwarding.sh

diff --git a/dbus-kill-process-with-session b/dbus-kill-process-with-session
new file mode 100644
index 0000000..6adfee9
--- /dev/null
+++ b/dbus-kill-process-with-session
@@ -0,0 +1,30 @@
+#!/bin/bash
+# This script ensures the dbus-daemon is killed when the session closes.
+# It's used by SSH sessions that have X forwarding (since the X display
+# may outlive the session in those cases)
+[ $# != 1 ] && exit 1
+
+exec >& /dev/null
+
+MONITOR_READY_FILE=$(mktemp dbus-session-monitor.XXXXXX --tmpdir)
+DBUS_SESSIONS="${XDG_RUNTIME_DIR}/dbus-1/sessions"
+DBUS_SESSION_ADDRESS_FILE="${DBUS_SESSIONS}/${XDG_SESSION_ID}"
+
+trap 'rm -f "${MONITOR_READY_FILE}"; rm -f "${DBUS_SESSION_ADDRESS_FILE}"; kill -TERM $1; kill -HUP $(jobs -p)' EXIT
+
+export GVFS_DISABLE_FUSE=1
+coproc SESSION_MONITOR (gio monitor -f "/run/systemd/sessions/${XDG_SESSION_ID}" "${MONITOR_READY_FILE}")
+
+# Poll until the gio monitor command is actively monitoring
+until
+    touch "${MONITOR_READY_FILE}"
+    read -t 0.5 -u ${SESSION_MONITOR[0]}
+do
+    continue
+done
+
+# Block until the session is closed
+while grep -q ^State=active <(loginctl show-session $XDG_SESSION_ID)
+do
+    read -u ${SESSION_MONITOR[0]}
+done
diff --git a/dbus.spec b/dbus.spec
index 01a0f7d..83686f5 100644
--- a/dbus.spec
+++ b/dbus.spec
@@ -23,7 +23,7 @@
 Name:    dbus
 Epoch:   1
 Version: 1.12.20
-Release: 8%{?dist}
+Release: 9%{?dist}
 Summary: D-BUS message bus
 
 # The effective license of the majority of the package, including the shared
@@ -42,6 +42,10 @@ Source5: dbus-daemon.service
 Source6: dbus.user.socket
 Source7: dbus-daemon.user.service
 Source8: dbus-systemd-sysusers.conf
+Source9: ssh-x-forwarding.csh
+Source10: ssh-x-forwarding.sh
+Source11: dbus-kill-process-with-session
+
 Patch0: 0001-tools-Use-Python3-for-GetAllMatchRules.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2133647
 Patch1: dbus-1.12.20-CVE-2022-42010.patch
@@ -239,6 +243,11 @@ install -Dp -m644 %{SOURCE6} %{buildroot}%{_userunitdir}/dbus.socket
 install -Dp -m644 %{SOURCE7} %{buildroot}%{_userunitdir}/dbus-daemon.service
 install -Dp -m644 %{SOURCE8} %{buildroot}%{_sysusersdir}/dbus.conf
 
+# SSH forwarding snippets.
+install -Dp -m644 %{SOURCE9} %{buildroot}%{_sysconfdir}/profile.d/ssh-x-forwarding.csh
+install -p -m644 %{SOURCE10} %{buildroot}%{_sysconfdir}/profile.d/
+install -Dp -m755 %{SOURCE11} %{buildroot}%{_libexecdir}/dbus-1/dbus-kill-process-with-session
+
 # Obsolete, but still widely used, for drop-in configuration snippets.
 install --directory %{buildroot}%{_sysconfdir}/dbus-1/session.d
 install --directory %{buildroot}%{_sysconfdir}/dbus-1/system.d
@@ -431,7 +440,9 @@ systemctl --no-reload --global preset dbus-daemon.service &>/dev/null || :
 
 %files x11
 %{_bindir}/dbus-launch
+%{_libexecdir}/dbus-1/dbus-kill-process-with-session
 %{_mandir}/man1/dbus-launch.1*
+%{_sysconfdir}/profile.d/ssh-x-forwarding.*
 %{_sysconfdir}/X11/xinit/xinitrc.d/00-start-message-bus.sh
 
 %files doc
@@ -456,6 +467,9 @@ systemctl --no-reload --global preset dbus-daemon.service &>/dev/null || :
 
 
 %changelog
+* Mon Apr 13 2026 David King <amigadave@amigadave.com> - 1:1.12.20-9
+- Add SSH forwarding snippets (RHEL-65490)
+
 * Mon Jun 12 2023 David King <amigadave@amigadave.com> - 1:1.12.20-8
 - Fix CVE-2023-34969 (#2213402)
 
diff --git a/ssh-x-forwarding.csh b/ssh-x-forwarding.csh
new file mode 100644
index 0000000..b25a0b9
--- /dev/null
+++ b/ssh-x-forwarding.csh
@@ -0,0 +1,25 @@
+# DBus session bus over SSH with X11 forwarding
+if ( $?SSH_CONNECTION == 0 ) exit
+if ( $?XDG_SESSION_ID == 0) exit
+if ( $?DISPLAY == 0 ) exit
+if ( $DISPLAY =~ :* ) exit
+if ( $SHLVL > 1 ) exit
+
+set DBUS_SESSIONS = "${XDG_RUNTIME_DIR}/dbus-1/sessions"
+set DBUS_SESSION_ADDRESS_FILE = "${DBUS_SESSIONS}/${XDG_SESSION_ID}"
+
+if ( -e "${DBUS_SESSION_ADDRESS_FILE}" ) then
+    setenv DBUS_SESSION_BUS_ADDRESS "`cat ${DBUS_SESSION_ADDRESS_FILE}`"
+    exit
+endif
+
+setenv GDK_BACKEND x11
+
+eval `dbus-launch --csh-syntax`
+
+if ( $?DBUS_SESSION_BUS_PID == 0 ) exit
+
+mkdir -p "${DBUS_SESSIONS}"
+echo "${DBUS_SESSION_BUS_ADDRESS}" > "${DBUS_SESSION_ADDRESS_FILE}"
+
+setsid -f /usr/libexec/dbus-1/dbus-kill-process-with-session $DBUS_SESSION_BUS_PID
diff --git a/ssh-x-forwarding.sh b/ssh-x-forwarding.sh
new file mode 100644
index 0000000..9fbb8d1
--- /dev/null
+++ b/ssh-x-forwarding.sh
@@ -0,0 +1,25 @@
+# DBus session bus over SSH with X11 forwarding
+[ -z "$SSH_CONNECTION" ] && return
+[ -z "$XDG_SESSION_ID" ] && return
+[ -z "$DISPLAY" ] && return
+[ "${DISPLAY:0:1}" = ":" ] && return
+[ "$SHLVL" -ne 1 ] && return
+
+DBUS_SESSIONS="${XDG_RUNTIME_DIR}/dbus-1/sessions"
+DBUS_SESSION_ADDRESS_FILE="${DBUS_SESSIONS}/${XDG_SESSION_ID}"
+
+if [ -e "${DBUS_SESSION_ADDRESS_FILE}" ]; then
+    export DBUS_SESSION_BUS_ADDRESS="$(cat ${DBUS_SESSION_ADDRESS_FILE})"
+    return
+fi
+
+export GDK_BACKEND=x11
+
+eval `dbus-launch --sh-syntax`
+
+[ -z "$DBUS_SESSION_BUS_PID" ] && return
+
+mkdir -p "${DBUS_SESSIONS}"
+echo "${DBUS_SESSION_BUS_ADDRESS}" > "${DBUS_SESSION_ADDRESS_FILE}"
+
+setsid -f /usr/libexec/dbus-1/dbus-kill-process-with-session "$DBUS_SESSION_BUS_PID"