[Bug 262309] New: xhost settings broken by IP change
https://bugzilla.novell.com/show_bug.cgi?id=262309 Summary: xhost settings broken by IP change Product: openSUSE 10.3 Version: Alpha 2plus Platform: i686 OS/Version: SuSE Other Status: NEW Severity: Major Priority: P5 - None Component: X.Org AssignedTo: sndirsch@novell.com ReportedBy: james@usr-local-bin.org QAContact: sndirsch@novell.com When I change the IP on my laptop using NetworkManager, the xhost permission settings are broken (I assume they are not changed to match the new IP) meaning I cannot launch any new X apps and have to either log out and back in again or, if I have an existing terminal session open, manually set the permissions. Scenarios where this affects me, and therefore could affect others: * Plugged into my wired network and switch to wireless for mobility (or vice versa) * Using wireless LAN at college (could be in office alternatively), suspend and resume at home on wireless or wired network -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=262309 sndirsch@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |james@usr-local-bin.org ------- Comment #1 from sndirsch@novell.com 2007-04-07 09:50 MST ------- What do you mean exactly with xhost setting? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=262309 ------- Comment #2 from james@usr-local-bin.org 2007-04-07 09:53 MST ------- The access control to the xserver (ie the permissions that are changed using the xhost command) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=262309 ------- Comment #3 from sndirsch@novell.com 2007-04-07 10:37 MST ------- I'm aware of this command, but I still don't understand what you mean with xhost setting. Why do you need to use xhost to get access to your own display? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=262309 ------- Comment #4 from james@usr-local-bin.org 2007-04-08 05:47 MST ------- When I change IP and then try to run something, this is the output: ogley@riggwelter2:~> gimp No protocol specified cannot open display: Trying to run it from a menu or panel launcher writes this output to xsession-errors. Running xhost + allows me to run things again, as does logging out and back in again. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=262309 ------- Comment #5 from james@usr-local-bin.org 2007-04-08 05:49 MST ------- It seems to me that what is required is for nm-applet/knetworkmanager to rewrite .Xauthority with the correct information, perhaps the Component should be changed to Network? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=262309 ------- Comment #6 from sndirsch@novell.com 2007-04-08 06:14 MST ------- What's the output of xauth --list echo $DISPLAY -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=262309 james@usr-local-bin.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|james@usr-local-bin.org | ------- Comment #7 from james@usr-local-bin.org 2007-04-08 08:05 MST ------- ogley@riggwelter2:~> xauth list [fe80::215:f2ff:fef0:58ed]:0 MIT-MAGIC-COOKIE-1 ef2dec9bbbeb89fa8b2202708e48e3b9 swamprat/unix:12 MIT-MAGIC-COOKIE-1 de63a539c54420ee2da6d171ba9b086c weasel/unix:11 MIT-MAGIC-COOKIE-1 3046addedf4037899f30329fcfe08ec4 swamprat/unix:11 MIT-MAGIC-COOKIE-1 8f4384281ba2f2296f29632541b89ac2 swamprat/unix:10 MIT-MAGIC-COOKIE-1 431759c70431c808274bfa7fd8454b1d chipmunk/unix:10 MIT-MAGIC-COOKIE-1 4dfc5db9542973901daa1b881104db98 weasel/unix:10 MIT-MAGIC-COOKIE-1 f256c6750509d16d08ce61532b966f9e riggwelter2:0 MIT-MAGIC-COOKIE-1 a96257cec39d203bf5ad0298c1baeb7d riggwelter2:0 MIT-MAGIC-COOKIE-1 a96257cec39d203bf5ad0298c1baeb7d riggwelter2:0 MIT-MAGIC-COOKIE-1 a96257cec39d203bf5ad0298c1baeb7d riggwelter2/unix:0 MIT-MAGIC-COOKIE-1 c01fc57f701dfaa6dbb3370a92985123 localhost.localdomain/unix:0 MIT-MAGIC-COOKIE-1 c01fc57f701dfaa6dbb3370a92985123 ogley@riggwelter2:~> echo $DISPLAY :0.0 Some explanation: swamprat, weasel and chipmunk are other machines on my LAN. riggwelter2 is the hostname for my laptop when on the wired interface, this was after I'd switched to the wireless interface (hostname: riggwelter). I also issued the commands before I changed interface and they were exactly the same. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=262309 ------- Comment #8 from sndirsch@novell.com 2007-04-08 08:52 MST ------- So it seems you need a new line for riggwelter. Does using xauth add riggwelter/unix:0 MIT-MAGIC-COOKIE-1 \ c01fc57f701dfaa6dbb3370a92985123 fix this issue? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=262309 ------- Comment #9 from james@usr-local-bin.org 2007-04-08 11:10 MST ------- It does, shouldn't this be automated - end users shouldn't need to worry about issuing commands like this. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=262309 sndirsch@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mhopf@novell.com, eich@novell.com Status|NEW |NEEDINFO Info Provider| |mhopf@novell.com ------- Comment #10 from sndirsch@novell.com 2007-04-08 11:24 MST ------- Hmm ... I thought that this issue has already been adressed some years ago, although I don't know how. Network configuration setup is usually done by root, which does not necessarily have permissions to write .Xauthority of a normal user, which home directory could be mounted via NFS. Egbert/Matthias, do you still remember? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=262309 mhopf@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Info Provider|mhopf@novell.com |james@usr-local-bin.org ------- Comment #11 from mhopf@novell.com 2007-04-10 09:17 MST ------- What is the content of $XAUTHLOCALHOSTNAME ? This variable should contain the hostname used for authority validation. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=262309 ------- Comment #12 from james@usr-local-bin.org 2007-04-11 08:44 MST ------- ogley@riggwelter:~> echo $XAUTHLOCALHOSTNAME riggwelter -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=262309 sndirsch@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Info Provider|james@usr-local-bin.org |mhopf@novell.com ------- Comment #13 from sndirsch@novell.com 2007-04-11 09:02 MST ------- Ok. And now, Matthias? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=262309 mhopf@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Info Provider|mhopf@novell.com |eich@novell.com ------- Comment #14 from mhopf@novell.com 2007-04-13 09:59 MST ------- Hm. XAUTHLOCALHOSTNAME shouldn't change when the hostname changes, and it is used for authentication. So setting it to riggwelter2 should have worked as well. Or we mixed up the names. I just checked the behavior on 10.2 and 10.3: On 10.2 after plugging in network (changing the hostname) everything works, even though the new hostname isn't included in the xauth list. After a while, a new cookie with the new hostname seems to be added, I guess by NetworkManager. But this cookie can be deleted, and everything continues to work. If I unset XAUTHLOCALHOSTNAME or set it to the new hostname, everything works except for some errors during program startup: _IceTransSocketUNIXConnect: Cannot connect to non-local host <old-hostname> Warning: Tried to connect to session manager, Could not open network socket I don't know where the old hostname comes from, not from the environment, that's certain. If I additionally delete the new cookie, connection fails, as expected. On 10.3 after plugging in network everything works apparently only because the cookie for the new hostname is included in the xauth list. If I delete it, I cannot connect to the Xserver any more. If I unset XAUTHLOCALHOSTNAME, I can start programs, but get the errors above. But if I remove the new cookie and have XAUTHLOCALHOSTNAME set to the old one, I cannot open any X connection any more. This is a major regression from 10.2! So maybe you're hitting another NetworkManager race condition, and the key is not added for you, or you're not running the appropriate applet. Egbert, you did the XAUTHLOCALHOSTNAME patch, can you imagine what's going on here? Is the patch still applied to our packages? It seems like the patch does / should affect two things, Xserver connections, and session server connections. The later one still seems to work. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=262309 mhopf@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|sndirsch@novell.com |mhopf@novell.com Status|NEEDINFO |ASSIGNED Info Provider|eich@novell.com | ------- Comment #15 from mhopf@novell.com 2007-04-13 10:26 MST ------- I've probably found the culprit: we're now using XCB as the transport layer of Xlib, and this is a side effect. The patch we're applying for XAUTHLOCALHOSTNAME doesn't patch XCB. Assigning to myself. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=262309 ------- Comment #16 from mhopf@novell.com 2007-04-25 10:27 MST ------- Created an attachment (id=134396) --> (https://bugzilla.novell.com/attachment.cgi?id=134396&action=view) Proposed additional patch This is the propsed fix. Not tested yet, but at least it builds w/o errors. Testing tomorrow. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=262309 ------- Comment #17 from sndirsch@novell.com 2007-04-25 11:22 MST ------- Thanks. Please reassign after having tested it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=262309 mhopf@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mhopf@novell.com AssignedTo|mhopf@novell.com |sndirsch@novell.com Status|ASSIGNED |NEW ------- Comment #18 from mhopf@novell.com 2007-04-26 04:38 MST ------- Validated. Works as expected. Egbert, the only difference to your patch is that I cannot check for phostname in libXcb, because in that particular function the hostname part of the DISPLAY isn't known. I'm unsure about the consequences, except for that $XAUTHLOCALHOSTNAME/unix:0 will be tested as well, when the DISPLAY is explicitly set to $HOSTNAME:0 and a unix socket is used internally. This is not the case in the Xlib patch with the phostname check. But I assume this is an academic problem, and it's certainly not a security issue. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=262309 ------- Comment #19 from eich@novell.com 2007-04-26 14:46 MST ------- The orignal bug was #98627. This doesn't include the Xtranssock.c stuff which was later on added by Dirk Mueller. The change has not been readily accepted. I may give it another go. The discussion on this issue can be found here http://lists.x.org/archives/xorg-arch/2005-August/000200.html One thing that was suggested was to use server interpreted local user authentication: xhost +si:localuser:$(whoami) The patch above looks correct. It's merely impossible to add the host check. Moving this test up in the function chain would not allow to pass the XAUTHLOCALHOSTNAME value down to XauGetBestAuthByAddr(). The check for an empty host part is to distinguish :0 from unix:0 I'm no longer sure why I did this as in the version that I had proposed upstream this is no longer there as i use the hostname part if available instead of the environment variable. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=262309 sndirsch@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=262309 sndirsch@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- Comment #20 from sndirsch@novell.com 2007-04-27 03:39 MST ------- submitted for STABLE. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=262309 ------- Comment #21 from eich@novell.com 2007-04-30 06:09 MST ------- Created an attachment (id=136567) --> (https://bugzilla.novell.com/attachment.cgi?id=136567&action=view) alternative fix The hostname check could be added as it is obtained two function calls higher and non of the called functions in between are public API. There is no immediate need to change the patch but this is sometthing to look at should problems occur. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=262309 eich@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #136567|0 |1 is obsolete| | ------- Comment #22 from eich@novell.com 2007-04-30 19:48 MST ------- Created an attachment (id=136734) --> (https://bugzilla.novell.com/attachment.cgi?id=136734&action=view) fixed alternative patch Bummer! previous fix was incomplete! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=262309 ------- Comment #23 from mhopf@novell.com 2007-05-02 06:49 MST ------- Thanks, Egbert! Unless we remember why the hostname check was actually included, I would refrain from adding it for XCB as well. Maybe we'll get a bug report giving us an idea why this was a good thing ;) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=262309#c24
--- Comment #24 from James Ogley
participants (1)
-
bugzilla_noreply@novell.com