Mikhail Morfikov
2015-Dec-11 14:36 UTC
[LightDM] Magic cookie doesn't work - no protocol specified
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2015-12-10 05:08, Robert Ancell wrote:> I just really wanted the .Xauthority files to check that they contain the > cookies in the format we expected. >Ok, I've managed to setup everything up anew. 1. When the Xserver is started via "startx", and when I use the following line in the /etc/X11/xinit/xserverrc file: exec /usr/bin/X -auth "$HOME/.Xauthority" -listen tcp "$@" I am able to send the cookie to the remote machine (it's just an LXC container) using this command: local$ xauth extract - morfikownia.mhouse.lh:0.0 | ssh -x morfik at 192.168.10.20 xauth merge - morfik at 192.168.10.20's password: I logged in to the remote machine and started a GUI application to see whether it works. And I got pretty ugly graphical interface, but it works. The processes on the local machine look like this: local$ ps aux | grep X morfik 87819 0.0 0.0 15932 1764 tty2 S+ 12:42 0:00 xinit /etc/X11/xinit/xinitrc -- /etc/X11/xinit/xserverrc :0 vt2 -keeptty -auth /tmp/serverauth.ZdhjfKxkp1 morfik 87820 5.2 1.8 288012 34712 tty2 Sl 12:42 0:30 /usr/lib/xorg/Xorg -auth /home/morfik/.Xauthority -listen tcp :0 vt2 -keeptty -auth /tmp/serverauth.ZdhjfKxkp1 morfik 87831 0.0 1.0 232868 19204 tty2 S 12:42 0:00 /usr/bin/openbox --startup /usr/lib/x86_64-linux-gnu/openbox-autostart OPENBOX 2. I restored the /etc/X11/xinit/xserverrc file so it now contains the default line which was: exec /usr/bin/X -nolisten tcp "$@" And set everything up via lightdm configuration file (/etc/lightdm/lightdm.conf). The only change I did was the following: xserver-command=X -listen tcp -auth "$HOME/.Xauthority" xserver-allow-tcp=true The whole file looks like this: # egrep -v ^# /etc/lightdm/lightdm.conf [LightDM] greeter-user=lightdm minimum-display-number=0 minimum-vt=7 logind-check-graphical=true log-directory=/var/log/lightdm run-directory=/var/run/lightdm cache-directory=/var/cache/lightdm [Seat:*] xserver-command=X -listen tcp -auth "$HOME/.Xauthority" xserver-allow-tcp=true greeter-session=lightdm-gtk-greeter greeter-hide-users=false greeter-allow-guest=false greeter-show-manual-login=true greeter-show-remote-login=true user-session=openbox allow-user-switching=true allow-guest=false autologin-guest=false autologin-user-timeout=0 autologin-in-background=false [XDMCPServer] [VNCServer] The processes are a little bit different, but I don't think it matters. Anyways, here they are: local$ ps aux | grep X root 101362 4.2 1.7 281704 33448 tty7 Ssl+ 13:11 0:26 /usr/lib/xorg/Xorg -listen tcp -auth $HOME/.Xauthority :0 -seat seat0 -auth /var/run/lightdm/root/:0 -listen tcp vt7 -novtswitch morfik 101414 0.0 0.9 232340 18744 ? Ss 13:11 0:00 /usr/bin/openbox --startup /usr/lib/x86_64-linux-gnu/openbox-autostart OPENBOX When I try to send the cookie using the same command as earlier, I get this: local$ xauth extract - morfikownia.mhouse.lh:0.0 | ssh -x morfik at 192.168.10.20 xauth merge - No matches found, authority file "-" not written ^C But when I issue the following command: local$ xauth extract - $DISPLAY | ssh -x morfik at 192.168.10.20 xauth merge - morfik at 192.168.10.20's password: It works here, but when I try to start a GUI application on the remote machine, I get: remote$ geany Invalid MIT-MAGIC-COOKIE-1 key Geany: cannot open display I can of course do the following on the local machine: local$ xhost +192.168.10.20 192.168.10.20 being added to access control list And now I am able to start the GUI app on the remote machine. So I have no idea why the cookies don't work with LightDM. I included two .Xauthority files called .Xauthority-startx-local and .Xauthority-lightdm-local . Both of which are from the local machine. I think you needed only those files, right? -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJWat9ZAAoJEM0EaBB3G2UgG1EP/Rul8Rop3k2JZe2UWUCpd1tb bb4QYIP+f71bX0dM8LaENQrbpmJEV3HKiNih8KK3d9wBv/cNVkl0PIybsy8RSiHd ABqqU2YsxLesJwI4XS/h8ozJUHNphh7u320iLresMIzvOInEZqIFHRx8IjR7vKU9 C2/VcIWWNEPl9aQxYAW1WqUbu5waV3Oa50+YwkopcC/wBm7XRRmM2J7iEz1aUVsm yQQdnXJDIkXu7FcqMP8+ddr/TbIuHhfn5HXj2xq7OgzgHLdKhEZLGjWCOnNbM9rH AYNnUD53EODnwPqH96BBITmoVZb6j/R9lctm61q6Wt2l9OCsVVJFh1EJHld4fgd4 I+rbzcMQY4D7qWgysdfQCyX/5RhxENqE6vTcu8wm4F+6aFiLMiB5sKLgX8Tkc5F5 sHg/Hx+WBjrPaQ9mRwUcevFD5lY9HoSmXW0fw682ug8ADnVdHZK1LNLvRkVbg+Xp EbsgqMXGlmlx1Fz8YnSC7j3h0UtP29LVum8zSU4/T4kOoRHDbN7N+wD3u2CDfpvP tsgm9wRQ03q8DKpWpu90xmzdO6sOvVI966fHjI5IE9wMXytyFc2FW4r07G1rQFN+ KEI5vXK6rMqnA8SWwcQtNOXw6a1MQMAL9oRiIgm4tG6/FB9AMMifbSe9294yUHrA Egau9ktmG7KkmMyGBGXp =SNXM -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: .Xauthority-lightdm-local Type: application/octet-stream Size: 56 bytes Desc: not available URL: <http://lists.freedesktop.org/archives/lightdm/attachments/20151211/6215e049/attachment.obj> -------------- next part -------------- A non-text attachment was scrubbed... Name: .Xauthority-startx-local Type: application/octet-stream Size: 105 bytes Desc: not available URL: <http://lists.freedesktop.org/archives/lightdm/attachments/20151211/6215e049/attachment-0001.obj>
Robert Ancell
2016-Jan-26 03:53 UTC
[LightDM] Magic cookie doesn't work - no protocol specified
Hi Mikhail, I think I've worked out what is going on here: If you look at the two Xauth databases you get: $ XAUTHORITY=Xauthority-startx-local xauth list morfikownia/unix:0 MIT-MAGIC-COOKIE-1 0a7b2d573a4a722fda829ff57e48b70c 192.168.1.150:0 MIT-MAGIC-COOKIE-1 5f84d468a9f2d34ea4399512c2729a3b $ XAUTHORITY=Xauthority-lightdm-local xauth list morfikownia/unix:0 MIT-MAGIC-COOKIE-1 c95db8e522de76d8ad35d5117e20200a Both of them have cookies for the local Unix socket (morfikownia/unix:0) but only the startx one has an entry for network connections ( 192.168.1.150:0). This is why the cookie is not working, in LightDM that cookie is only used for local connections. If you don't set any cookie does it connect (i.e. no authentication is done). What you can do: - You can add any authentication you want to the server X authority file, perhaps by using display-setup-script. See /usr/bin/startx for how they generate cookies. - We could consider using the same cookie for TCP/IP connections, please file a bug if you want this. --Robert On Sat, 12 Dec 2015 at 03:36 Mikhail Morfikov <mmorfikov at gmail.com> wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 2015-12-10 05:08, Robert Ancell wrote: > > I just really wanted the .Xauthority files to check that they contain the > > cookies in the format we expected. > > > > Ok, I've managed to setup everything up anew. > > 1. When the Xserver is started via "startx", and when I use the following > line in the /etc/X11/xinit/xserverrc file: > > exec /usr/bin/X -auth "$HOME/.Xauthority" -listen tcp "$@" > > I am able to send the cookie to the remote machine (it's just an LXC > container) using this command: > > local$ xauth extract - morfikownia.mhouse.lh:0.0 | ssh -x > morfik at 192.168.10.20 xauth merge - > morfik at 192.168.10.20's password: > > I logged in to the remote machine and started a GUI application to see > whether it works. And I got pretty ugly graphical interface, but it works. > > The processes on the local machine look like this: > > local$ ps aux | grep X > morfik 87819 0.0 0.0 15932 1764 tty2 S+ 12:42 0:00 xinit > /etc/X11/xinit/xinitrc -- /etc/X11/xinit/xserverrc :0 vt2 -keeptty -auth > /tmp/serverauth.ZdhjfKxkp1 > morfik 87820 5.2 1.8 288012 34712 tty2 Sl 12:42 0:30 > /usr/lib/xorg/Xorg -auth /home/morfik/.Xauthority -listen tcp :0 vt2 > -keeptty -auth /tmp/serverauth.ZdhjfKxkp1 > morfik 87831 0.0 1.0 232868 19204 tty2 S 12:42 0:00 > /usr/bin/openbox --startup /usr/lib/x86_64-linux-gnu/openbox-autostart > OPENBOX > > 2. I restored the /etc/X11/xinit/xserverrc file so it now contains the > default line which was: > > exec /usr/bin/X -nolisten tcp "$@" > > And set everything up via lightdm configuration file > (/etc/lightdm/lightdm.conf). The only change I did was the following: > > xserver-command=X -listen tcp -auth "$HOME/.Xauthority" > xserver-allow-tcp=true > > The whole file looks like this: > > # egrep -v ^# /etc/lightdm/lightdm.conf > [LightDM] > greeter-user=lightdm > minimum-display-number=0 > minimum-vt=7 > logind-check-graphical=true > log-directory=/var/log/lightdm > run-directory=/var/run/lightdm > cache-directory=/var/cache/lightdm > > [Seat:*] > xserver-command=X -listen tcp -auth "$HOME/.Xauthority" > xserver-allow-tcp=true > greeter-session=lightdm-gtk-greeter > greeter-hide-users=false > greeter-allow-guest=false > greeter-show-manual-login=true > greeter-show-remote-login=true > user-session=openbox > allow-user-switching=true > allow-guest=false > autologin-guest=false > autologin-user-timeout=0 > autologin-in-background=false > > [XDMCPServer] > > [VNCServer] > > The processes are a little bit different, but I don't think it matters. > Anyways, here they are: > > local$ ps aux | grep X > root 101362 4.2 1.7 281704 33448 tty7 Ssl+ 13:11 0:26 > /usr/lib/xorg/Xorg -listen tcp -auth $HOME/.Xauthority :0 -seat seat0 -auth > /var/run/lightdm/root/:0 -listen tcp vt7 -novtswitch > morfik 101414 0.0 0.9 232340 18744 ? Ss 13:11 0:00 > /usr/bin/openbox --startup /usr/lib/x86_64-linux-gnu/openbox-autostart > OPENBOX > > > When I try to send the cookie using the same command as earlier, I get > this: > > local$ xauth extract - morfikownia.mhouse.lh:0.0 | ssh -x > morfik at 192.168.10.20 xauth merge - > No matches found, authority file "-" not written > > ^C > > But when I issue the following command: > > local$ xauth extract - $DISPLAY | ssh -x morfik at 192.168.10.20 xauth merge > - > morfik at 192.168.10.20's password: > > It works here, but when I try to start a GUI application on the remote > machine, I get: > > remote$ geany > Invalid MIT-MAGIC-COOKIE-1 key > Geany: cannot open display > > I can of course do the following on the local machine: > > local$ xhost +192.168.10.20 > 192.168.10.20 being added to access control list > > And now I am able to start the GUI app on the remote machine. So I have no > idea why the cookies don't work with LightDM. > > I included two .Xauthority files called .Xauthority-startx-local and > .Xauthority-lightdm-local . Both of which are from the local machine. I > think you needed only those files, right? > > -----BEGIN PGP SIGNATURE----- > > iQIcBAEBCgAGBQJWat9ZAAoJEM0EaBB3G2UgG1EP/Rul8Rop3k2JZe2UWUCpd1tb > bb4QYIP+f71bX0dM8LaENQrbpmJEV3HKiNih8KK3d9wBv/cNVkl0PIybsy8RSiHd > ABqqU2YsxLesJwI4XS/h8ozJUHNphh7u320iLresMIzvOInEZqIFHRx8IjR7vKU9 > C2/VcIWWNEPl9aQxYAW1WqUbu5waV3Oa50+YwkopcC/wBm7XRRmM2J7iEz1aUVsm > yQQdnXJDIkXu7FcqMP8+ddr/TbIuHhfn5HXj2xq7OgzgHLdKhEZLGjWCOnNbM9rH > AYNnUD53EODnwPqH96BBITmoVZb6j/R9lctm61q6Wt2l9OCsVVJFh1EJHld4fgd4 > I+rbzcMQY4D7qWgysdfQCyX/5RhxENqE6vTcu8wm4F+6aFiLMiB5sKLgX8Tkc5F5 > sHg/Hx+WBjrPaQ9mRwUcevFD5lY9HoSmXW0fw682ug8ADnVdHZK1LNLvRkVbg+Xp > EbsgqMXGlmlx1Fz8YnSC7j3h0UtP29LVum8zSU4/T4kOoRHDbN7N+wD3u2CDfpvP > tsgm9wRQ03q8DKpWpu90xmzdO6sOvVI966fHjI5IE9wMXytyFc2FW4r07G1rQFN+ > KEI5vXK6rMqnA8SWwcQtNOXw6a1MQMAL9oRiIgm4tG6/FB9AMMifbSe9294yUHrA > Egau9ktmG7KkmMyGBGXp > =SNXM > -----END PGP SIGNATURE----- >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.freedesktop.org/archives/lightdm/attachments/20160126/2d342527/attachment.html>