After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 598142 - Remote XDMCP connections fail if gdm or root user does not exist
Remote XDMCP connections fail if gdm or root user does not exist
Status: RESOLVED FIXED
Product: gdm
Classification: Core
Component: general
2.28.x
Other All
: Normal normal
: ---
Assigned To: GDM maintainers
GDM maintainers
Depends on:
Blocks:
 
 
Reported: 2009-10-12 09:09 UTC by Richard Evans
Modified: 2009-10-13 23:29 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Wireshark network snoop of attempted connection (6.46 KB, application/octet-stream)
2009-10-12 09:09 UTC, Richard Evans 		Details

Description Richard Evans 2009-10-12 09:09:14 UTC 
Created attachment 145269 [details]
Wireshark network snoop of attempted connection

Attempting to connect from a recent cygwin-xfree X server to GDM 2.28 using:

XWin -query host

can fail because GDM attempts to add 'server interpreted' host entries for the
GDM user and root.  If these users do not exist on the remote system, the
connection fails.  The enties are the equivalent of executing these xhost
commands:

$ xhost +si:localuser:root
$ xhost +si:localuser:gdm

It does not make sense for GDM to add 'user' entries to connections from remote
systems.  Not all Unix systems will have the gdm user and cygwin systems have
neither user.

I've attached a Wireshark network snoop of an attempted connection.  It shows
the two X_ChangeHosts requests being rejected.

The GDM code is in gdm_slave_connect_to_x11_display() in gdm-slave.c:

                XHostAddress host_entries[2] = {
                        { FamilyServerInterpreted },
                        { FamilyServerInterpreted }
                };
                XServerInterpretedAddress si_entries[2];

                g_debug ("GdmSlave: Connected to display %s",
slave->priv->display_name);
                ret = TRUE;

                /* Give programs run by the slave and greeter access to the
display
                 * independent of current hostname
                 */
                si_entries[0].type = "localuser";
                si_entries[0].typelength = strlen ("localuser");
                si_entries[1].type = "localuser";
                si_entries[1].typelength = strlen ("localuser");

                si_entries[0].value = "root";
                si_entries[0].valuelength = strlen ("root");
                si_entries[1].value = GDM_USERNAME;
                si_entries[1].valuelength = strlen (GDM_USERNAME);

                host_entries[0].address = (char *) &si_entries[0];
                host_entries[0].length = sizeof (XServerInterpretedAddress);
                host_entries[1].address = (char *) &si_entries[1];
                host_entries[1].length = sizeof (XServerInterpretedAddress);

                XAddHosts (slave->priv->server_display, host_entries,
                           G_N_ELEMENTS (host_entries));
Comment 1 Ray Strode [halfline] 2009-10-13 23:29:44 UTC 
Right, this makes no sense at all for the remote case.

Thanks for investigating this.

I've commited a potential fix for this:

commit 253a8b76d623f7fbbca576f046175627ccf09358
Author: Ray Strode <rstrode@redhat.com>
Date:   Tue Oct 13 19:22:47 2009 -0400

    Don't add localuser auth entries for XDMCP
    
    We add peer credential verified access to the X server
    for local X servers. This makes no sense for remote
    connections and will result in BadAccess, which we
    weren't trapping.
    
    This commit avoids calling XAddHosts for remote connections.
    
    This should address bug 598142 which was investigated and
    filed by Richard Evans <richard.evans@datanomic.com>

http://git.gnome.org/cgit/gdm/commit/?id=253a8b76d623f7fbbca576f046175627ccf09358