Bug 436230
Summary: | (ldm) implement proper use of xauth | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Warren Togami <wtogami> |
Component: | ldm | Assignee: | Warren Togami <wtogami> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | a.badger, eharrison, ma, xgl-maint |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-03-23 22:56:25 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 188611 |
Description
Warren Togami
2008-03-06 00:26:00 UTC
Yep, the security extension is gone, intentionally. It looks like you're just using it to create a new auth cookie. You should instead do what every other display manager does: create the auth cookie ahead of time, and invoke the server with it. See the code in startx(1) for an example, or the mkxauth(1) utility. runxas does that too. (We should be packaging that script with Fedora BTW) Well that code is just spawning /usr/bin/xauth Either /usr/bin/xauth needs to be fixed, or ldm needs to be changed not to use xauth and xauth needs to deprecate that command line option. xauth itself doesn't need fixing. It turns out that 1) ldm was never doing xauth properly and 2) ldm was running X with the incredibly stupid -ac parameter, so #1 didn't matter. ldm needs to be fixed to use xauth properly. if [ -f /etc/lts.conf ]; then eval $(getltscfg -a) || true fi if [ -n "$LDM_DIRECTX" ]; then PROTOCOL=$(xauth list | awk '{print $2}') KEY=$(xauth list | awk '{print $3}') echo $DISPLAY $LDMINFO_IPADDR $PROTOCOL $KEY >> /tmp/foople ssh -S ${LDM_SOCKET} ${LDM_SERVER} \ "xauth remove ${LDMINFO_IPADDR}${DISPLAY}" >> /tmp/foople ssh -S ${LDM_SOCKET} ${LDM_SERVER} \ "xauth add ${LDMINFO_IPADDR}${DISPLAY} ${PROTOCOL} ${KEY}" >> /tmp/foopl e fi Example code from sbalneav. The minimum to get this feature is now in ldm-trunk. Further cleanups ensue. |