GNOME Bugzilla – Bug 624370
Bring back the nested login functionality
Last modified: 2014-03-19 19:07:26 UTC
Created attachment 165904 [details] [review] Initial work for bringing back nested logins It was very useful to be able start a session in a Xnest/Xephyr window. This patch (by Luca Bruno and myself) contains a working implementation of the nested logins, but with a big issue that I couldn’t debug: the xauth cookie is not passed correctly, therefore the Xnest server accepts unauthenticated connections. If someone more knowledgeable could point to the problem with the xauth stuff, the missing functionality could finally be re-added.
If you look at the GDM 2.20 code, you can see in daemon/slave.c how the old GDM handled xnest auth files in the create_temp_auth_file() and set_xnest_parent_stuff() functions, both of which are called by gdm_slave_greeter() and gdm_slave_exec_script() which is the function used to run the Init/PreSession/PostSession scripts.
Created attachment 170514 [details] [review] Bring back nested login Here is finally a patch that works for GDM 2.30.5. There is probably still quite some work to get it to work for master, but it is much more solid than the previous version. Note that it depends on another change, which is ditching all the xhost-related code in gdm-slave.c. It could be done with factoring this code another way, but it seems useless to me and I don’t like the idea.
Created attachment 170515 [details] [review] Ditch xhost-related code
Comment on attachment 170515 [details] [review] Ditch xhost-related code The xhost code is very important, since xauth cookies are tied to hostname and hostnames tend to change at runtime.
(In reply to comment #4) > (From update of attachment 170515 [details] [review]) > The xhost code is very important, since xauth cookies are tied to hostname and > hostnames tend to change at runtime. Is it a reason to allow unauthenticated connections? Neither of XDM, KDM, Slim, and GDM 2.20 have such a “feature”, and we are not crawling under bug reports caused by changing hostnames.
Is there a reason this patch hasn't been applied to gdm(2.3) yet? Also couldn't the xhost 'feature' be configuration option (if there is a reason for supporting it).
Created attachment 197969 [details] [review] a diff... :0 Right ok so I have updated @Josselin Mouette's patch to 3.0.4 (I know this isn't the latest) and added a ENABLE_XHOST_AUTH around the gdm_slave_setup_xhost_auth related code, instead of removing it. Other than removing the debug messages, is there anything else that needs to be done?
Note: XXX: I also added in the patch - the appropriate extra environment vars so that Xephyr would be properly configured (in debian/rules).
realistically, this isn't coming back. logind doesn't support nested sessions, for instance. I think our answer should be "turn on Xdmcp and run Xephyr -query localhost" for people who want this functionality.