Most of this will need backporting. It would be nice if we had tests to prevent such problems in the future.
Some already fixed: r13074, r13075.
Some more:
Traceback (most recent call last): File "/usr/lib64/python2.7/multiprocessing/queues.py", line 268, in _feed send(obj) IOError: [Errno 32] Broken pipe
server error processing new connection from Protocol(unix-domain socket:/home/antoine/.xpra/new-host-10): Traceback (most recent call last): File "/usr/lib64/python2.7/site-packages/xpra/server/server_core.py", line 785, in _process_hello self.hello_oked(proto, packet, c, auth_caps) File "/usr/lib64/python2.7/site-packages/xpra/server/proxy/proxy_server.py", line 140, in hello_oked self.start_proxy(proto, c, auth_caps) File "/usr/lib64/python2.7/site-packages/xpra/server/proxy/proxy_server.py", line 143, in start_proxy assert client_proto.authenticator is not None AssertionError
Error: failed to setup control socket '/home/antoine/.xpra/localhost.localdomain-proxy-28787': 2016-07-21 22:55:52,000 'tuple' object has no attribute 'listen'
Error: error in network packet reading/parsing object of type 'int' has no len() Traceback (most recent call last): File "/usr/lib64/python2.7/site-packages/xpra/net/protocol.py", line 674, in _read_parse_thread_loop self.do_read_parse_thread_loop() File "/usr/lib64/python2.7/site-packages/xpra/net/protocol.py", line 864, in do_read_parse_thread_loop self._process_packet_cb(self, packet) File "/usr/lib64/python2.7/site-packages/xpra/server/proxy/proxy_instance_process.py", line 595, in process_server_packet self._packet_recompress(packet, 8, "cursor") File "/usr/lib64/python2.7/site-packages/xpra/server/proxy/proxy_instance_process.py", line 527, in _packet_recompress if len(data)<512: TypeError: object of type 'int' has no len()
etc..
More:
For testing (add -d auth
for debugging):
echo -n testpassword > password.txt xpra start :100 --start=xterm --auth=file:filename=`pwd`/password.txt
echo -n "testproxy|proxypassword|1000|1000|:100||username=testserver;password=testpassword" > multi.txt xpra proxy :10 --tcp-auth=multifile:filename=`pwd`/multi.txt --bind-tcp=0.0.0.0:10000
xpra attach --no-mmap --opengl=yes tcp/testproxy:proxypassword@127.0.0.1:10000
Gave it a try with a fedora 23 1.0 r13165 server against a 1.0 r13101 windows client, and a 1.0 r13165 osx client... no luck.
Tried the start server commands with:
[jimador@jimador ~]$ nano not-password.txt [jimador@jimador ~]$ xpra start :57 --start-child=xterm --auth=file:filename=./not-password.txt No pam support: No module named pam [jimador@jimador ~]$ Entering daemon mode; any further errors will be reported to: /home/jimador/.xpra/:57.log
... which didn't look too promising, but carried on to try the proxy server with:
[jimador@jimador ~]$ echo -n "testproxy|proxypassword|1001|1001|:57||username=rambeau;password=password" > no.txt [jimador@jimador ~]$ xpra proxy :17 --tcp-auth=multifile:filename=./no.txt --bind-tcp=0.0.0.0:1234 No pam support: No module named pam [jimador@jimador ~]$ Entering daemon mode; any further errors will be reported to: /home/jimador/.xpra/:17.log
Trying to connect the windows client, I got this output:
C:\Program Files (x86)\Xpra>xpra_cmd.exe attach --no-mmap --opengl=on tcp/testproxy:proxypassword@10.0.32.134:1234 2016-08-01 16:44:58,904 Xpra gtk2 client version 1.0-r13101 32-bit 2016-08-01 16:44:58,907 running on Microsoft Windows 8.1 2016-08-01 16:44:59,194 GStreamer version 1.6 for Python 3.4 32-bit 2016-08-01 16:44:59,673 OpenGL_accelerate module loaded 2016-08-01 16:44:59,678 OpenGL enabled with Intel(R) HD Graphics 4000 2016-08-01 16:44:59,928 detected keyboard: layout=us 2016-08-01 16:44:59,930 desktop size is 5120x2160 with 1 screen: 2016-08-01 16:44:59,930 Default (1354x571 mm - DPI: 96x96) workarea: 5120x2120 2016-08-01 16:44:59,931 DISPLAY1 3840x2160 at 1280x0 (621x341 mm - DPI: 157x160) workarea: 3840x2120 2016-08-01 16:44:59,931 DISPLAY2 1280x720 (597x336 mm - DPI: 54x54) workarea: 1280x638 2016-08-01 16:44:59,933 upscaled by 167%, virtual screen size: 3072x1296 2016-08-01 16:44:59,933 Default (1354x571 mm - DPI: 57x57) workarea: 3072x1272 2016-08-01 16:44:59,934 DISPLAY1 2304x1296 at 768x0 (621x341 mm - DPI: 94x96) workarea: 2304x1272 2016-08-01 16:44:59,934 DISPLAY2 768x432 (597x336 mm - DPI: 32x32) workarea: 768x383 2016-08-01 16:45:09,931 server failure: disconnected before the session could be established 2016-08-01 16:45:09,933 server requested disconnect: login timeout 2016-08-01 16:45:09,944 Connection lost
... the OSX client gave about the same output.
Some hopefully useful bits from those logs.
2016-08-01 16:37:25,575 Warning: printing conflicts with socket authentication module '('file', <class 'xpra.server.auth.file_auth.Authenticator'>, {'filename': './not-password.txt'})'
2016-08-01 16:43:19,630 serving html content from '/usr/share/xpra/www' 2016-08-01 16:43:19,645 xpra proxy version 1.0-r13165 64-bit 2016-08-01 16:43:19,645 running with pid 25188 on Linux Fedora 23 TwentyThree 2016-08-01 16:43:19,645 connected to X11 display :17 2016-08-01 16:43:19,645 xpra is ready. 2016-08-01 16:45:05,075 New tcp connection received from 10.0.11.162:61221 2016-08-01 16:45:05,082 Authentication required by multi password file authenticator module 2016-08-01 16:45:05,082 sending challenge for 'testproxy' using hmac digest 2016-08-01 16:45:05,111 Error: password file ./no.txt is missing 2016-08-01 16:45:05,111 Error: authentication failed 2016-08-01 16:45:05,111 Unhandled error while processing a 'hello' packet from peer using <bound method ProxyServer._process_hello of <xpra.server.proxy.proxy_server.ProxyServer object at 0x7fedffac0910>> Traceback (most recent call last): File "/usr/lib64/python2.7/site-packages/xpra/server/server_core.py", line 1175, in process_packet handler(proto, packet) File "/usr/lib64/python2.7/site-packages/xpra/server/server_core.py", line 825, in _process_hello auth_caps = self.verify_hello(proto, c) File "/usr/lib64/python2.7/site-packages/xpra/server/server_core.py", line 945, in verify_hello if not proto.authenticator.authenticate(challenge_response, client_salt): File "/usr/lib64/python2.7/site-packages/xpra/server/auth/multifile_auth.py", line 116, in authenticate_hmac log.error(" no password for '%s' in %s", self.username, password_file) NameError: global name 'password_file' is not defined
Are you sure that the --tcp-auth=multifile:filename=./multi.txt
parameter wants the "./"? (Assuming that you are, I'll pass this back for you to look and see what I might be going wrong... I used nano to create the password file just out of curiosity, just fyi.)
Error: password file ./no.txt is missing
Is your problem: if the password file cannot be found, it cannot authenticate users. (the stacktrace that followed it should be improved in r13166, the "printing conflicts" message is improved in r13167, gid / uid handling improved in r13168)
Works fine for me. My guess is that the instructions you posted are not the ones you actually used. Maybe you changed directory, or ran it from a different terminal in a different path.
I used nano to create the password file just out of curiosity
Along the same lines, do not to use "nano" in your instructions as it doesn't record what was stored in that file, if anything. It may also add a newline character at the end of the file, which won't be present in the multifile password field and therefore will not match. Use "echo -n" as per the instructions in comment:3 ("-n" prevents the newline) so this can be reproduced exactly every time, and quickly too (just cut & paste). Matching the value in your proxy multiauth file, I have used:
echo -n password > not-password.txt
The No pam support: No module named pam
can be ignored, see #1105.
Hmm... I was able to get it to work, but there seemed to be a number of wrinkles.
Firstly, trying to launch the proxy with
[jimador@jimador ticket1264]$ echo -n "testproxy|proxypassword|1001|1001|:57||username=testserver;password=password" > multi.txt [jimador@jimador ticket1264]$ xpra proxy :17 --tcp-auth=multifile:filename=multi.txt --bind-tcp=0.0.0.0:1234
... failed with that same Error: password file 'multi.txt' is missing
error.
I finally succeeded by trying (wait for it) xpra proxy :17 --tcp-auth=multifile:filename=/home/jimador/ticket1264/multi.txt --bind-tcp=0.0.0.0:1234
- a full path to the password file.
Supposing that that was what the './' was meant to do, I tried again, and got the connection failure again:
2016-08-04 14:22:27,924 created unix domain socket: /home/jimador/.xpra/jimador.plata-17 2016-08-04 14:22:27,974 Warning: failed to load the mdns avahi publisher: 2016-08-04 14:22:27,975 No module named avahi 2016-08-04 14:22:27,975 either fix your installation or use the 'mdns=no' option 2016-08-04 14:22:28,044 serving html content from '/usr/share/xpra/www' 2016-08-04 14:22:28,044 get_auth_module(unix-domain, , {..}) 2016-08-04 14:22:28,044 get_auth_module(tcp, multifile:filename=./multi.txt, {..}) 2016-08-04 14:22:28,059 get_auth_module(ssl, multifile:filename=./multi.txt, {..}) 2016-08-04 14:22:28,059 get_auth_module(vsock, , {..}) 2016-08-04 14:22:28,059 init_auth(..) auth class=None, tcp auth class=('multifile', <class 'xpra.server.auth.multifile_auth.Authenticator'>, {'filename': './multi.txt'}), ssl auth class=('multifile', <class 'xpra.server.auth.multifile_auth.Authenticator'>, {'filename': './multi.txt'}), vsock auth class=None 2016-08-04 14:22:28,059 xpra proxy version 1.0-r13211 64-bit 2016-08-04 14:22:28,060 running with pid 32369 on Linux Fedora 23 TwentyThree 2016-08-04 14:22:28,060 connected to X11 display :17 2016-08-04 14:22:28,060 xpra is ready. 2016-08-04 14:22:35,132 New tcp connection received from 10.0.11.162:57556 2016-08-04 14:22:35,133 socktype=tcp, auth class=('multifile', <class 'xpra.server.auth.multifile_auth.Authenticator'>, {'filename': './multi.txt'}), encryption=, keyfile= 2016-08-04 14:22:35,136 creating authenticator ('multifile', <class 'xpra.server.auth.multifile_auth.Authenticator'>, {'filename': './multi.txt'}) 2016-08-04 14:22:35,138 multifile=multi password file 2016-08-04 14:22:35,138 processing authentication with multi password file, response=None, client_salt=, challenge_sent=False 2016-08-04 14:22:35,138 challenge: ('95520cbfaa16407ea4aaa65e7d2df4f06c96d7a1373841ea8d1f67a5f81dfa0d', 'hmac') 2016-08-04 14:22:35,138 Authentication required by multi password file authenticator module 2016-08-04 14:22:35,138 sending challenge for 'testproxy' using hmac digest 2016-08-04 14:22:35,170 processing authentication with multi password file, response=d1f9ee9d5613d8872bbc852e1e994070, client_salt=34353061656631313939343734336630616464366264356265336136666137393235363562333039333463623432636138366335396530343139313631363931, challenge_sent=True 2016-08-04 14:22:35,171 Error: password file './multi.txt' is missing 2016-08-04 14:22:35,171 authenticate(testproxy) auth-info=None 2016-08-04 14:22:35,171 Error: authentication failed 2016-08-04 14:22:35,171 no password for 'testproxy' in './multi.txt' 2016-08-04 14:22:35,172 Error: authentication failed 2016-08-04 14:22:35,172 invalid challenge response 2016-08-04 14:22:36,174 Disconnecting client 10.0.11.162:57556: 2016-08-04 14:22:36,174 invalid challenge response
Meanwhile, I have been completely unable to get the --auth=file:filename=./not-password.txt
syntax to work, whether I feed in a full filepath, use a './{filename}', or just use the filename for a file in the same directory.
Launching the server and proxy with:
[jimador@jimador ticket1264]$ echo -n "testproxy|proxypassword|1000|1000|:57||username=jimador;password=password" > multi.txt [jimador@jimador ticket1264]$ cat multi.txt testproxy|proxypassword|1000|1000|:57||username=jimador;password=password[jimador@jimador ticket1264]$ [jimador@jimador ticket1264]$ echo -n password > not-password.txt [jimador@jimador ticket1264]$ cat not-password.txt password[jimador@jimador ticket1264]$ [jimador@jimador ticket1264]$ xpra start :57 --start-child=xterm --auth=file:filename=not-password.txt -d auth No pam support: No module named pam [jimador@jimador ticket1264]$ Entering daemon mode; any further errors will be reported to: /home/jimador/.xpra/:57.log [jimador@jimador ticket1264]$ xpra proxy :17 --tcp-auth=multifile:filename=/home/jimador/ticket1264/multi.txt --bind-tcp=0.0.0.0:1234 -d auth No pam support: No module named pam [jimador@jimador ticket1264]$ Entering daemon mode; any further errors will be reported to: /home/jimador/.xpra/:17.log
Then trying to connect with a windows client with xpra_cmd.exe attach --no-mmap --opengl=on tcp/testproxy:proxypassword@10.0.32.134:1234 -d auth
I get similar failures and see the following from the :57.log:
[jimador@jimador ticket1264]$ cat ../.xpra/:57.log X.Org X Server 1.18.3 Release Date: 2016-04-04 X Protocol Version 11, Revision 0 Build Operating System: 4.4.9-300.fc23.x86_64 Current Operating System: Linux jimador.plata 4.4.9-300.fc23.x86_64 #1 SMP Wed May 4 23:56:27 UTC 2016 x86_64 Kernel command line: BOOT_IMAGE=/vmlinuz-4.4.9-300.fc23.x86_64 root=UUID=7dc8a1f0-603b-4d33-9f61-95ee93330923 ro rhgb quiet LANG=en_US.UTF-8 Build Date: 30 June 2016 11:04:38PM Build ID: xorg-x11-server 1.18.3-3.fc23 Current version of pixman: 0.34.0 Before reporting problems, check http://wiki.x.org to make sure that you have the latest version. Markers: (--) probed, (**) from config file, (==) default setting, (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (NI) not implemented, (??) unknown. (++) Log file: "/home/jimador/.xpra/Xorg.:57.log", Time: Thu Aug 4 14:34:18 2016 (++) Using config file: "/etc/xpra/xorg.conf" (==) Using system config directory "/usr/share/X11/xorg.conf.d" /home/jimador/.xpra/jimador.plata-57 is not responding, waiting for it to timeout before clearing it..... 2016-08-04 14:34:22,801 created unix domain socket: /home/jimador/.xpra/jimador.plata-57 2016-08-04 14:34:23,064 Warning: failed to load the mdns avahi publisher: 2016-08-04 14:34:23,065 No module named avahi 2016-08-04 14:34:23,065 either fix your installation or use the 'mdns=no' option 2016-08-04 14:34:23,257 get_auth_module(unix-domain, file:filename=not-password.txt, {..}) 2016-08-04 14:34:23,274 get_auth_module(tcp, file:filename=not-password.txt, {..}) 2016-08-04 14:34:23,274 get_auth_module(ssl, file:filename=not-password.txt, {..}) 2016-08-04 14:34:23,275 get_auth_module(vsock, , {..}) 2016-08-04 14:34:23,275 init_auth(..) auth class=('file', <class 'xpra.server.auth.file_auth.Authenticator'>, {'filename': 'not-password.txt'}), tcp auth class=('file', <class 'xpra.server.auth.file_auth.Authenticator'>, {'filename': 'not-password.txt'}), ssl auth class=('file', <class 'xpra.server.auth.file_auth.Authenticator'>, {'filename': 'not-password.txt'}), vsock auth class=None 2016-08-04 14:34:23,321 Warning: webcam forwarding is disabled 2016-08-04 14:34:23,321 the virtual video directory '/sys/devices/virtual/video4linux' was not found 2016-08-04 14:34:23,322 make sure that the 'v4l2loopback' kernel module is installed and loaded 2016-08-04 14:34:23,322 found 0 virtual video devices for webcam forwarding 2016-08-04 14:34:23,329 pulseaudio server started with pid 560 2016-08-04 14:34:23,465 GStreamer version 1.6 for Python 2.7 64-bit 2016-08-04 14:34:23,513 D-Bus notification forwarding is available 2016-08-04 14:34:23,523 started command 'xterm' with pid 572 2016-08-04 14:34:23,523 xpra X11 version 1.0-r13211 64-bit 2016-08-04 14:34:23,523 running with pid 456 on Linux Fedora 23 TwentyThree 2016-08-04 14:34:23,524 connected to X11 display :57 xterm: cannot load font '-misc-fixed-medium-r-semicondensed--13-120-75-75-c-60-iso10646-1' 2016-08-04 14:34:23,562 xpra is ready. 2016-08-04 14:34:23,641 printer forwarding enabled using postscript and pdf 2016-08-04 14:34:23,642 Warning: printing conflicts with socket authentication module 'file' 2016-08-04 14:35:58,284 New unix-domain connection received on /home/jimador/.xpra/jimador.plata-57 2016-08-04 14:35:58,286 socktype=unix-domain, auth class=('file', <class 'xpra.server.auth.file_auth.Authenticator'>, {'filename': 'not-password.txt'}), encryption=, keyfile= 2016-08-04 14:35:58,575 New unix-domain connection received on /home/jimador/.xpra/jimador.plata-57 2016-08-04 14:35:58,576 socktype=unix-domain, auth class=('file', <class 'xpra.server.auth.file_auth.Authenticator'>, {'filename': 'not-password.txt'}), encryption=, keyfile= 2016-08-04 14:35:58,583 creating authenticator ('file', <class 'xpra.server.auth.file_auth.Authenticator'>, {'filename': 'not-password.txt'}) 2016-08-04 14:35:58,587 file=password file 2016-08-04 14:35:58,588 processing authentication with password file, response=None, client_salt=, challenge_sent=False 2016-08-04 14:35:58,588 challenge: ('2ec140680af54f9eb2ab138cb8f315e47f951ab0879d463bacf76ae3bf3cefee', 'hmac') 2016-08-04 14:35:58,589 Authentication required by password file authenticator module 2016-08-04 14:35:58,589 sending challenge for 'testproxy' using hmac digest 2016-08-04 14:35:58,598 processing authentication with password file, response=1de81a0a7192ce67e1da8878f2ecf95c, client_salt=63623833646139396636343834383766396536633733626462353661623536366235306364623865323737323462346239656464316339343063306538666564, challenge_sent=True 2016-08-04 14:35:58,599 Error: password file 'not-password.txt' is missing 2016-08-04 14:35:58,599 Error: password file authentication failed 2016-08-04 14:35:58,599 no password defined for 'testproxy' 2016-08-04 14:35:58,599 Error: authentication failed 2016-08-04 14:35:58,599 invalid challenge response 2016-08-04 14:35:59,601 Disconnecting client /home/jimador/.xpra/jimador.plata-57: 2016-08-04 14:35:59,602 invalid challenge response
In fact, launching the server with the --auth=file:filename=not-password.txt
flag, xpra stop :57 fails because it also fails authentication, and I have to use a kill -9.
If, instead of the above syntax, I use the old-timey --password-file=not-password.txt
, however, then it works for me.
So:
echo -n password > not-password.txt xpra start :57 --start-child=xterm --password-file=not-password.txt
+
echo -n "testproxy|proxypassword|1000|1000|:57||username=jimador;password=password" > multi.txt xpra proxy :17 --tcp-auth=multifile:filename=/home/jimador/ticket1264/multi.txt --bind-tcp=0.0.0.0:1234
+
xpra_cmd.exe attach --no-mmap --opengl=on tcp/testproxy:proxypassword@10.0.32.134:1234
= :)
TLDR:
--no-daemon
you can use relative paths
daemon=yes
will change the current directory to "/" so you should use absolute paths, ie: file=`pwd`/filename
I have edited the comments above. r13217 will make that clearer in the error message by always using absolute paths so one can see what the relative path ended up resolving to. It works, closing.
See also #952.
More proxy improvements (recording here for lack of a better place):
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/1264