LightDM - Dec 2015 - Magic cookie doesn't work - no protocol specified

I just really wanted the .Xauthority files to check that they contain the
cookies in the format we expected.

On Thu, 19 Nov 2015 at 03:03 Mikhail Morfikov <mmorfikov at gmail.com>
wrote:
> On 2015-11-18 06:17, Robert Ancell wrote:
> > Hi Mikhail,
> >
> > It's hard to tell exactly what is wrong - if you attach both
.Xauthority
> > files it will be easier to see the difference.
> >
> > Check what version of Xorg you are running and check it is actually
> > enabling TCP connections - there was a behaviour change in X [1].
> >
> > --Robert
> >
> > [1] https://launchpad.net/bugs/1449282
> >
> >
> > On Fri, 30 Oct 2015 at 16:45 Mikhail Morfikov <mmorfikov at
gmail.com>
> wrote:
> >
> >> When I start an X-session via startx on my debian distro, I can
get the
> >> output of the two following commands:
> >>
> >> $ xauth extract - $DISPLAY
> >> morfikownia0MIT-MAGIC-COOKIE-1’E!ö½o`q!SD„%
> >>
> >> $ xauth extract - morfikownia.mhouse.lh:0.0
> >> À¨–0MIT-MAGIC-COOKIE-1­Ê¹2y0ºˆ%
> >>
> >> I know that the output is a little unreadable, but the most
important
> >> thing is that I get the output from the two commands above. When I
send
> >> that cookie to another machine using this command:
> >>
> >> $ xauth extract - morfikownia.mhouse.lh:0.0 | ssh -x
> morfik at 192.168.10.20
> >> xauth merge -
> >>
> >> I can get access to this X-server from that machine, and
everything
> works
> >> as expected.
> >>
> >> When I start am X-session via LightDM, the command:
> >>
> >> xauth extract - morfikownia.mhouse.lh:0.0
> >>
> >> returns nothing, or actually it gives me the following message:
> >>
> >> "No matches found, authority file "-" not
written"
> >>
> >> I can, of course, use the following command to get the cookie:
> >>
> >> xauth extract - $DISPLAY
> >>
> >> and then send it via:
> >>
> >> $ xauth extract - $DISPLAY | ssh -x morfik at 192.168.10.20 xauth
merge -
> >>
> >> But in that case, when I try to connect remotely to this X-server,
I'm
> >> unable to do it. I get a message that "no protocol
specified", and
> nothing
> >> happens.
> >>
> >> I think I have the exact same options set in both cases, i.e. in
the
> >> /etc/X11/xinit/xserverrc file I have the following line:
> >>
> >> exec /usr/bin/X -auth "$HOME/.Xauthority" -listen tcp
"$@"
> >>
> >> And in the case of LightDM I have these options set in its config
file
> >> (/etc/lightdm/lightdm.conf):
> >>
> >> egrep -v ^# /etc/lightdm/lightdm.conf
> >> [LightDM]
> >> greeter-user=lightdm
> >> minimum-display-number=0
> >> minimum-vt=7
> >> logind-check-graphical=true
> >> log-directory=/var/log/lightdm
> >> run-directory=/var/run/lightdm
> >> cache-directory=/var/cache/lightdm
> >>
> >> [Seat:*]
> >> xserver-command=X -listen tcp -auth "$HOME/.Xauthority"
> >> xserver-allow-tcp=true
> >> greeter-session=lightdm-gtk-greeter
> >> greeter-hide-users=false
> >> greeter-allow-guest=false
> >> greeter-show-manual-login=true
> >> greeter-show-remote-login=true
> >> user-session=openbox
> >> allow-user-switching=true
> >> allow-guest=false
> >> autologin-guest=false
> >> autologin-user-timeout=0
> >> autologin-in-background=false
> >>
> >> [XDMCPServer]
> >>
> >> [VNCServer]
> >>
> >> Do you know why it fails to connect to the X-server when LightDM
is
> used?
> >> Is there a way to fix it?
> >> _______________________________________________
> >> LightDM mailing list
> >> LightDM at lists.freedesktop.org
> >> http://lists.freedesktop.org/mailman/listinfo/lightdm
> >>
> >
> I know that the default behavior of X-server changed in some version, but
> I managed to set the server without any problem, and it was working when
> started via "startx". You can see the settings that was set in
the
> /etc/lightdm/lightdm.conf file, and they were exactly the same as those
> in the /etc/X11/xinit/xserverrc file. The problem was somewhere in
"xauth
> extract" because this command was working fine with
"startx", but it
> didn't work well with lightdm.
>
> > It's hard to tell exactly what is wrong - if you attach both
.Xauthority
> > files it will be easier to see the difference.
>
> I sent that message some weeks ago, and I don't have that setup
anymore.
> I could try to make another one, but you have to tell me if you want me
> to issue some particular commands, or you want me to attach the full
> .Xauthority files from both machines?
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.freedesktop.org/archives/lightdm/attachments/20151210/f943ea8d/attachment.html>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2015-12-10 05:08, Robert Ancell wrote:
> I just really wanted the .Xauthority files to check that they contain the
> cookies in the format we expected.
> 
Ok, I've managed to setup everything up anew.

1. When the Xserver is started via "startx", and when I use the
following
line in the /etc/X11/xinit/xserverrc file:

exec /usr/bin/X -auth "$HOME/.Xauthority" -listen tcp "$@"

I am able to send the cookie to the remote machine (it's just an LXC
container) using this command:

local$ xauth extract - morfikownia.mhouse.lh:0.0 | ssh -x morfik at
192.168.10.20 xauth merge -
morfik at 192.168.10.20's password:

I logged in to the remote machine and started a GUI application to see
whether it works. And I got pretty ugly graphical interface, but it works.

The processes on the local machine look like this:

local$ ps aux | grep X
morfik    87819  0.0  0.0  15932  1764 tty2     S+   12:42   0:00 xinit
/etc/X11/xinit/xinitrc -- /etc/X11/xinit/xserverrc :0 vt2 -keeptty -auth
/tmp/serverauth.ZdhjfKxkp1
morfik    87820  5.2  1.8 288012 34712 tty2     Sl   12:42   0:30
/usr/lib/xorg/Xorg -auth /home/morfik/.Xauthority -listen tcp :0 vt2 -keeptty
-auth /tmp/serverauth.ZdhjfKxkp1
morfik    87831  0.0  1.0 232868 19204 tty2     S    12:42   0:00
/usr/bin/openbox --startup /usr/lib/x86_64-linux-gnu/openbox-autostart OPENBOX

2. I restored the /etc/X11/xinit/xserverrc file so it now contains the
default line which was:

exec /usr/bin/X -nolisten tcp "$@"

And set everything up via lightdm configuration file
(/etc/lightdm/lightdm.conf). The only change I did was the following:

xserver-command=X -listen tcp -auth "$HOME/.Xauthority"
xserver-allow-tcp=true

The whole file looks like this:

# egrep -v ^# /etc/lightdm/lightdm.conf
[LightDM]
greeter-user=lightdm
minimum-display-number=0
minimum-vt=7
logind-check-graphical=true
log-directory=/var/log/lightdm
run-directory=/var/run/lightdm
cache-directory=/var/cache/lightdm

[Seat:*]
xserver-command=X -listen tcp -auth "$HOME/.Xauthority"
xserver-allow-tcp=true
greeter-session=lightdm-gtk-greeter
greeter-hide-users=false
greeter-allow-guest=false
greeter-show-manual-login=true
greeter-show-remote-login=true
user-session=openbox
allow-user-switching=true
allow-guest=false
autologin-guest=false
autologin-user-timeout=0
autologin-in-background=false

[XDMCPServer]

[VNCServer]

The processes are a little bit different, but I don't think it matters.
Anyways, here they are:

local$ ps aux | grep X
root     101362  4.2  1.7 281704 33448 tty7     Ssl+ 13:11   0:26
/usr/lib/xorg/Xorg -listen tcp -auth $HOME/.Xauthority :0 -seat seat0 -auth
/var/run/lightdm/root/:0 -listen tcp vt7 -novtswitch
morfik   101414  0.0  0.9 232340 18744 ?        Ss   13:11   0:00
/usr/bin/openbox --startup /usr/lib/x86_64-linux-gnu/openbox-autostart OPENBOX


When I try to send the cookie using the same command as earlier, I get
this:

local$ xauth extract - morfikownia.mhouse.lh:0.0 | ssh -x morfik at
192.168.10.20 xauth merge -
No matches found, authority file "-" not written

^C

But when I issue the following command:

local$ xauth extract - $DISPLAY | ssh -x morfik at 192.168.10.20 xauth merge -
morfik at 192.168.10.20's password:

It works here, but when I try to start a GUI application on the remote
machine, I get:

remote$ geany
Invalid MIT-MAGIC-COOKIE-1 key
Geany: cannot open display

I can of course do the following on the local machine:

local$ xhost +192.168.10.20
192.168.10.20 being added to access control list

And now I am able to start the GUI app on the remote machine. So I have no
idea why the cookies don't work with LightDM.

I included two .Xauthority files called .Xauthority-startx-local and
.Xauthority-lightdm-local . Both of which are from the local machine. I
think you needed only those files, right?

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWat9ZAAoJEM0EaBB3G2UgG1EP/Rul8Rop3k2JZe2UWUCpd1tb
bb4QYIP+f71bX0dM8LaENQrbpmJEV3HKiNih8KK3d9wBv/cNVkl0PIybsy8RSiHd
ABqqU2YsxLesJwI4XS/h8ozJUHNphh7u320iLresMIzvOInEZqIFHRx8IjR7vKU9
C2/VcIWWNEPl9aQxYAW1WqUbu5waV3Oa50+YwkopcC/wBm7XRRmM2J7iEz1aUVsm
yQQdnXJDIkXu7FcqMP8+ddr/TbIuHhfn5HXj2xq7OgzgHLdKhEZLGjWCOnNbM9rH
AYNnUD53EODnwPqH96BBITmoVZb6j/R9lctm61q6Wt2l9OCsVVJFh1EJHld4fgd4
I+rbzcMQY4D7qWgysdfQCyX/5RhxENqE6vTcu8wm4F+6aFiLMiB5sKLgX8Tkc5F5
sHg/Hx+WBjrPaQ9mRwUcevFD5lY9HoSmXW0fw682ug8ADnVdHZK1LNLvRkVbg+Xp
EbsgqMXGlmlx1Fz8YnSC7j3h0UtP29LVum8zSU4/T4kOoRHDbN7N+wD3u2CDfpvP
tsgm9wRQ03q8DKpWpu90xmzdO6sOvVI966fHjI5IE9wMXytyFc2FW4r07G1rQFN+
KEI5vXK6rMqnA8SWwcQtNOXw6a1MQMAL9oRiIgm4tG6/FB9AMMifbSe9294yUHrA
Egau9ktmG7KkmMyGBGXp
=SNXM
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: .Xauthority-lightdm-local
Type: application/octet-stream
Size: 56 bytes
Desc: not available
URL:
<http://lists.freedesktop.org/archives/lightdm/attachments/20151211/6215e049/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: .Xauthority-startx-local
Type: application/octet-stream
Size: 105 bytes
Desc: not available
URL:
<http://lists.freedesktop.org/archives/lightdm/attachments/20151211/6215e049/attachment-0001.obj>