GuixSD - problem with X11 forwarding

  • Done
  • quality assurance status badge
Details
3 participants
  • Ludovic Courtès
  • Maxim Cournoyer
  • myglc2
Owner
unassigned
Submitted by
myglc2
Severity
normal
Merged with
M
M
myglc2 wrote on 21 Jul 2016 18:49
GuixSD - problem with X11 forwarding
(address . bug-guix@gnu.org)
cu7a8hbkkcc.fsf@gmail.com
This is still open so I am moving it from user to bugs ...

From: myglc2 <myglc2@gmail.com>
Subject: Re: guixSD - problem with X11 forwarding
Newsgroups: gmane.comp.gnu.guix.user
To: help-guix@gnu.org
Date: Mon, 29 Feb 2016 21:12:51 -0500 (20 weeks, 2 days, 14 hours ago)

ludo@gnu.org (Ludovic Courtès) writes:

Toggle quote (32 lines)
> myglc2 <myglc2@gmail.com> skribis:
>
>> On guixSD, with no packages installed in the login user profile, I get
>> 'X11 forwarding request failed on channel 0'
>
> [...]
>
>> debug1: channel 0: new [client-session]
>> debug1: Entering interactive session.
>> debug1: Requesting X11 forwarding with authentication spoofing.
>> debug1: Sending environment.
>> debug1: Sending env LANG = en_US.UTF-8
>> X11 forwarding request failed on channel 0
>
> Right, I see that as well.
>
> lshd gives some clues in /var/log/messages:
>
> Feb 23 18:14:09 localhost lshd[430]: lshd: Updating utmp for login failed (errno = 2): No such file or directory
> Feb 23 18:14:09 localhost lshd[430]: lshd: xauth invocation failed: exit code: 127
> Feb 23 18:14:33 localhost lshd[430]: lshd: Updating utmpx for logout failed (errno = 2): No such file or directory
> Feb 23 18:14:33 localhost lshd[430]: lshd: write_buffer: Attempt to write data to closed buffer.
> Feb 23 18:14:33 localhost lshd[430]: lshd: Disconnect for reason 11: disconnected by user
>
> Indeed, server_x11.c in lsh reads:
>
> #ifndef XAUTH_PROGRAM
> # define XAUTH_PROGRAM "/usr/X11R6/bin/xauth"
> #endif
>
> I believe this is fixed by commit da35acf.

[...]

Not, at lease, in my setup. I am running GuixSD built from git checkout ...

b006ba5 [behind 15] pull: Update the version string.
On the client, ssh produces ...

'X11 forwarding request failed on channel 0'

On the headless server (g1) in /var/log/messages ...

Jul 21 12:24:51 localhost lshd[381]: lshd: Failed to cd to `/tmp/.X11-unix' (errno = 2): No such file or directory
Jul 21 12:24:51 localhost lshd[381]: lshd: Updating utmp for login failed (errno = 2): No such file or directory

With this workaround ...

sudo mkdir /tmp/.X11-unix
sudo chmod 777 /tmp/.X11-unix

... if I log out and back in X11 forwarding "works" and in
/var/log/messages ...

Jul 21 12:33:44 localhost lshd[381]: lshd: Updating utmp for login failed (errno = 2): No such file or directory

When I logout, in /var/log/messages I see ...

Jul 21 12:36:06 localhost lshd[381]: lshd: Updating utmpx for logout failed (errno = 2): No such file or directory
Jul 21 12:36:06 localhost lshd[381]: lshd: write_buffer: Attempt to write data to closed buffer.
Jul 21 12:36:06 localhost lshd[381]: lshd: Disconnect for reason 11: disconnected by user

Of course, the workaround needs to be re-applied each time the server is
rebooted.

The system and user configs are attached below ;-)
Attachment: g1.scm
Attachment: system.scm
L
L
Ludovic Courtès wrote on 1 Aug 2016 11:53
control message for bug #24049
(address . control@debbugs.gnu.org)
87bn1cu876.fsf@gnu.org
merge 24049 22930
L
L
Ludovic Courtès wrote on 1 Aug 2016 12:17
Re: bug#24049: GuixSD - problem with X11 forwarding
(name . myglc2)(address . myglc2@gmail.com)
8737mou728.fsf@gnu.org
Hi myglc2,

myglc2 <myglc2@gmail.com> skribis:

Toggle quote (16 lines)
> On the client, ssh produces ...
>
> 'X11 forwarding request failed on channel 0'
>
> On the headless server (g1) in /var/log/messages ...
>
> Jul 21 12:24:51 localhost lshd[381]: lshd: Failed to cd to `/tmp/.X11-unix' (errno = 2): No such file or directory
> Jul 21 12:24:51 localhost lshd[381]: lshd: Updating utmp for login failed (errno = 2): No such file or directory
>
> With this workaround ...
>
> sudo mkdir /tmp/.X11-unix
> sudo chmod 777 /tmp/.X11-unix
>
> ... if I log out and back in X11 forwarding "works"

I believe this is a bug in lshd fixed by something along the lines of
the attached patch.

Niels, what do you think?

(Strangely I can’t find equivalent code in OpenSSH.)

Thanks,
Ludo’.
--- /tmp/lsh-2.1/src/server_x11.c 2016-08-01 11:58:54.714647794 +0200
+++ /tmp/lsh-2.1/src/server_x11.c.new 2016-08-01 11:58:46.606563478 +0200
@@ -151,7 +151,7 @@ DEFINE_COMMAND(open_forwarded_x11)
#define X11_MIN_DISPLAY 10
#define X11_MAX_DISPLAY 1000
-/* FIXME: Create the /tmp/.X11-unix directory, if needed. Figure out
+/* FIXME: Figure out
* if and how we should use /tmp/.X17-lock. Consider using display
* "unix:17" instead of just ":17".
*/
@@ -253,6 +253,7 @@ open_x11_socket(struct ssh_channel *chan
old_umask = umask(0077);
+ mkdir(X11_SOCKET_DIR, S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX);
old_cd = lsh_pushd(X11_SOCKET_DIR, &dir, 0, 0);
if (old_cd < 0)
{
M
M
Maxim Cournoyer wrote on 6 Oct 2020 06:04
(name . Ludovic Courtès)(address . ludo@gnu.org)
87h7r8huet.fsf@gmail.com
Hello,

ludo@gnu.org (Ludovic Courtès) writes:

[...]

Toggle quote (30 lines)
> I believe this is a bug in lshd fixed by something along the lines of
> the attached patch.
>
> Niels, what do you think?
>
> (Strangely I can’t find equivalent code in OpenSSH.)
>
> Thanks,
> Ludo’.
>
> --- /tmp/lsh-2.1/src/server_x11.c 2016-08-01 11:58:54.714647794 +0200
> +++ /tmp/lsh-2.1/src/server_x11.c.new 2016-08-01 11:58:46.606563478 +0200
> @@ -151,7 +151,7 @@ DEFINE_COMMAND(open_forwarded_x11)
> #define X11_MIN_DISPLAY 10
> #define X11_MAX_DISPLAY 1000
>
> -/* FIXME: Create the /tmp/.X11-unix directory, if needed. Figure out
> +/* FIXME: Figure out
> * if and how we should use /tmp/.X17-lock. Consider using display
> * "unix:17" instead of just ":17".
> */
> @@ -253,6 +253,7 @@ open_x11_socket(struct ssh_channel *chan
>
> old_umask = umask(0077);
>
> + mkdir(X11_SOCKET_DIR, S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX);
> old_cd = lsh_pushd(X11_SOCKET_DIR, &dir, 0, 0);
> if (old_cd < 0)
> {

I tried the above fix and ran a VM with the attached config (the custom
kernel stuff was to try something else at the same time). It fixes the
error about the directory, but it would still fail at X11 forwarding
(there was an error message: "Can't find any xauth information for X11
display").

I ended up figuring out it needed libxau to work; combined with your
patch, this fixes X11 forwarding.

Fixed in commit 0ec195ff02.

For the record, I've done the tests in a VM using the attached system
config. The custom kernel stuff is unrelated.

Thanks,

Closing,

Maxim
(use-modules (gnu)) (use-service-modules networking ssh desktop) (use-package-modules admin disk aspell gettext ghostscript ;; gs-fonts fonts ;; font-dejavu font-gnu-freefont-ttf base ssh rsync wget screen version-control emacs emacs-xyz xorg xdisorg certs) (define make-linux-libre (@@ (gnu packages linux) make-linux-libre)) (define-public %linux-kernel-with-fault-injection (make-linux-libre "5.8.13" ;version "1wm8rsq53dd01wjnd4bz61daz9f7zm55sh1dssmpqwgdwh3cpshp" ;hash '("x86_64-linux") ;supported systems #:configuration-file (@@ (gnu packages linux) kernel-config) #:extra-version "with-fault-injection" #:extra-options (append (@@ (gnu packages linux) %default-extra-linux-options) `(("CONFIG_FAULT_INJECTION" . #t) ("CONFIG_FAIL_MAKE_REQUEST" . #t) ("CONFIG_FAIL_MMC_REQUEST" . #t) ("CONFIG_FAULT_INJECTION_DEBUG_FS" . #t))) #:patches '())) (operating-system (host-name "g1") (timezone "America/New_York") (locale "en_US.utf8") (bootloader (grub-configuration (target "/dev/sda"))) (file-systems (cons (file-system (device "g1sd") (mount-point "/") (type "ext4")) %base-file-systems)) (kernel %linux-kernel-with-fault-injection) (users (cons* (user-account (name "test") (group "users") (supplementary-groups '("wheel")) (home-directory "/home/test")) %base-user-accounts)) (packages (cons* glibc-utf8-locales parted gs-fonts font-dejavu font-gnu-freefont-ttf gnu-make openssh nss-certs rsync wget git screen emacs xauth ;used by lsh xeyes ;for testing %base-packages)) (services (cons* (lsh-service #:port-number 22 #:allow-empty-passwords? #t #:root-login? #t) (service dhcp-client-service-type) %base-services)))
Closed
?