Robert Ancell
2016-Jan-26 03:53 UTC
[LightDM] Magic cookie doesn't work - no protocol specified
Hi Mikhail, I think I've worked out what is going on here: If you look at the two Xauth databases you get: $ XAUTHORITY=Xauthority-startx-local xauth list morfikownia/unix:0 MIT-MAGIC-COOKIE-1 0a7b2d573a4a722fda829ff57e48b70c 192.168.1.150:0 MIT-MAGIC-COOKIE-1 5f84d468a9f2d34ea4399512c2729a3b $ XAUTHORITY=Xauthority-lightdm-local xauth list morfikownia/unix:0 MIT-MAGIC-COOKIE-1 c95db8e522de76d8ad35d5117e20200a Both of them have cookies for the local Unix socket (morfikownia/unix:0) but only the startx one has an entry for network connections ( 192.168.1.150:0). This is why the cookie is not working, in LightDM that cookie is only used for local connections. If you don't set any cookie does it connect (i.e. no authentication is done). What you can do: - You can add any authentication you want to the server X authority file, perhaps by using display-setup-script. See /usr/bin/startx for how they generate cookies. - We could consider using the same cookie for TCP/IP connections, please file a bug if you want this. --Robert On Sat, 12 Dec 2015 at 03:36 Mikhail Morfikov <mmorfikov at gmail.com> wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 2015-12-10 05:08, Robert Ancell wrote: > > I just really wanted the .Xauthority files to check that they contain the > > cookies in the format we expected. > > > > Ok, I've managed to setup everything up anew. > > 1. When the Xserver is started via "startx", and when I use the following > line in the /etc/X11/xinit/xserverrc file: > > exec /usr/bin/X -auth "$HOME/.Xauthority" -listen tcp "$@" > > I am able to send the cookie to the remote machine (it's just an LXC > container) using this command: > > local$ xauth extract - morfikownia.mhouse.lh:0.0 | ssh -x > morfik at 192.168.10.20 xauth merge - > morfik at 192.168.10.20's password: > > I logged in to the remote machine and started a GUI application to see > whether it works. And I got pretty ugly graphical interface, but it works. > > The processes on the local machine look like this: > > local$ ps aux | grep X > morfik 87819 0.0 0.0 15932 1764 tty2 S+ 12:42 0:00 xinit > /etc/X11/xinit/xinitrc -- /etc/X11/xinit/xserverrc :0 vt2 -keeptty -auth > /tmp/serverauth.ZdhjfKxkp1 > morfik 87820 5.2 1.8 288012 34712 tty2 Sl 12:42 0:30 > /usr/lib/xorg/Xorg -auth /home/morfik/.Xauthority -listen tcp :0 vt2 > -keeptty -auth /tmp/serverauth.ZdhjfKxkp1 > morfik 87831 0.0 1.0 232868 19204 tty2 S 12:42 0:00 > /usr/bin/openbox --startup /usr/lib/x86_64-linux-gnu/openbox-autostart > OPENBOX > > 2. I restored the /etc/X11/xinit/xserverrc file so it now contains the > default line which was: > > exec /usr/bin/X -nolisten tcp "$@" > > And set everything up via lightdm configuration file > (/etc/lightdm/lightdm.conf). The only change I did was the following: > > xserver-command=X -listen tcp -auth "$HOME/.Xauthority" > xserver-allow-tcp=true > > The whole file looks like this: > > # egrep -v ^# /etc/lightdm/lightdm.conf > [LightDM] > greeter-user=lightdm > minimum-display-number=0 > minimum-vt=7 > logind-check-graphical=true > log-directory=/var/log/lightdm > run-directory=/var/run/lightdm > cache-directory=/var/cache/lightdm > > [Seat:*] > xserver-command=X -listen tcp -auth "$HOME/.Xauthority" > xserver-allow-tcp=true > greeter-session=lightdm-gtk-greeter > greeter-hide-users=false > greeter-allow-guest=false > greeter-show-manual-login=true > greeter-show-remote-login=true > user-session=openbox > allow-user-switching=true > allow-guest=false > autologin-guest=false > autologin-user-timeout=0 > autologin-in-background=false > > [XDMCPServer] > > [VNCServer] > > The processes are a little bit different, but I don't think it matters. > Anyways, here they are: > > local$ ps aux | grep X > root 101362 4.2 1.7 281704 33448 tty7 Ssl+ 13:11 0:26 > /usr/lib/xorg/Xorg -listen tcp -auth $HOME/.Xauthority :0 -seat seat0 -auth > /var/run/lightdm/root/:0 -listen tcp vt7 -novtswitch > morfik 101414 0.0 0.9 232340 18744 ? Ss 13:11 0:00 > /usr/bin/openbox --startup /usr/lib/x86_64-linux-gnu/openbox-autostart > OPENBOX > > > When I try to send the cookie using the same command as earlier, I get > this: > > local$ xauth extract - morfikownia.mhouse.lh:0.0 | ssh -x > morfik at 192.168.10.20 xauth merge - > No matches found, authority file "-" not written > > ^C > > But when I issue the following command: > > local$ xauth extract - $DISPLAY | ssh -x morfik at 192.168.10.20 xauth merge > - > morfik at 192.168.10.20's password: > > It works here, but when I try to start a GUI application on the remote > machine, I get: > > remote$ geany > Invalid MIT-MAGIC-COOKIE-1 key > Geany: cannot open display > > I can of course do the following on the local machine: > > local$ xhost +192.168.10.20 > 192.168.10.20 being added to access control list > > And now I am able to start the GUI app on the remote machine. So I have no > idea why the cookies don't work with LightDM. > > I included two .Xauthority files called .Xauthority-startx-local and > .Xauthority-lightdm-local . Both of which are from the local machine. I > think you needed only those files, right? > > -----BEGIN PGP SIGNATURE----- > > iQIcBAEBCgAGBQJWat9ZAAoJEM0EaBB3G2UgG1EP/Rul8Rop3k2JZe2UWUCpd1tb > bb4QYIP+f71bX0dM8LaENQrbpmJEV3HKiNih8KK3d9wBv/cNVkl0PIybsy8RSiHd > ABqqU2YsxLesJwI4XS/h8ozJUHNphh7u320iLresMIzvOInEZqIFHRx8IjR7vKU9 > C2/VcIWWNEPl9aQxYAW1WqUbu5waV3Oa50+YwkopcC/wBm7XRRmM2J7iEz1aUVsm > yQQdnXJDIkXu7FcqMP8+ddr/TbIuHhfn5HXj2xq7OgzgHLdKhEZLGjWCOnNbM9rH > AYNnUD53EODnwPqH96BBITmoVZb6j/R9lctm61q6Wt2l9OCsVVJFh1EJHld4fgd4 > I+rbzcMQY4D7qWgysdfQCyX/5RhxENqE6vTcu8wm4F+6aFiLMiB5sKLgX8Tkc5F5 > sHg/Hx+WBjrPaQ9mRwUcevFD5lY9HoSmXW0fw682ug8ADnVdHZK1LNLvRkVbg+Xp > EbsgqMXGlmlx1Fz8YnSC7j3h0UtP29LVum8zSU4/T4kOoRHDbN7N+wD3u2CDfpvP > tsgm9wRQ03q8DKpWpu90xmzdO6sOvVI966fHjI5IE9wMXytyFc2FW4r07G1rQFN+ > KEI5vXK6rMqnA8SWwcQtNOXw6a1MQMAL9oRiIgm4tG6/FB9AMMifbSe9294yUHrA > Egau9ktmG7KkmMyGBGXp > =SNXM > -----END PGP SIGNATURE----- >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.freedesktop.org/archives/lightdm/attachments/20160126/2d342527/attachment.html>
Mikhail Morfikov
2016-Jan-26 22:11 UTC
[LightDM] Magic cookie doesn't work - no protocol specified
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512> - We could consider using the same cookie for TCP/IP connections, please > file a bug if you want this.Where exactly should I send the message? -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJWp+8RAAoJEM0EaBB3G2UgmZ4P/0ZuXWfhQslfdtG7lhsYD4Oi 9OnjawVhmj+1jhrp+nJSwEc8tuccnrc9HTbt8Wyj4LZvoRP8zTv/r0u/xGGvx/e5 0H86tk08GEbBo2WkgJsWNHtaUCORPVzfl3CEFICfPQapqWKFkQQndplbaamfcZFc fGLuDGsoYg2dj4vzN4NbB/lJj2IOqS6J9PGa7pxHuA7sUg6vd+FAudbDCAU8al2m DB9Hz1u90FfrqC9DaiIv6wcyQ2Z1VQgBU6fF8bMCZsl3QydYKRE/KPJliELa7RmI x5kt8jjlrPxniJkTIu/2jFjYEzxmy0zhM82AWVZLB9t4ZuRp2RFrg0L/YG/PpCOE lZilcgegSlNKQAgXEJCUnGLj7afp02QVj/b5iqb14KOOz1qpQZPZyHVrVdbpT2pt UfdDM34jrKue+NFTUBUr7B660ZaLKjswTYKD+W9EmNIRtf51FL3aduyYVj/YZ7ox 4VefL/Tx35sFKW0chrB1nwtg0lppbBsUhJO7ayvBykMvAlUP35TyPlqMTWzMYGws Xy3+l6LgnR8jik0I6LHdTXvbaL0OoUtkLzaiDFS8sevwU58GLt6obkTVdKLGBrOU TGfpsKamqxiU3JpEBYEvja8T7LBMLmTP+MNngSBIBn1cdR6QIiyoJaUY3wLrSji8 xqHopUldJjNhGbkyHALQ =tTUV -----END PGP SIGNATURE-----