[winswitch] Xpra proxy with --auth=allow does not work

Antoine Martin antoine at nagafix.co.uk
Thu Sep 1 17:40:47 BST 2016


On 01/09/16 13:40, Mukul Agrawal wrote:
> Some more information :-
> 
> 1) server works with --auth and --tcp-auth. But proxy only works with
> tcp-auth.
If you are still stuck, please explain what "doesn't work" exactly here.
Do you get an error? If so, please post it.

> 2) I can connect to each of the servers directly. I can get their
> displays to local windows machine if I connect to them directly. But no
> luck getting the display through proxy. Connected like this :-
> Xpra_cmd.exe attach --username=ubuntu --password-file=pswd.txt
> tcp/ubuntu at 52.53.168.31/10000
> Xpra_cmd.exe attach --username=ubuntu --password-file=pswd.txt
> tcp/ubuntu at 52.53.168.31/10001
The username is specified twice in those command lines which is a little
bit confusing: once using the "--username=" command line option and
again in the URL. I find this form easier to read:
xpra attach tcp/username:password at host:port/DISPLAY

You only need to specify the DISPLAY if there are going to be more than
one matching display for that user.
If you are using multifile with a single entry then you don't need it.

> 3) --tcp-auth=none or --tcp-auth=allow do not work. They kept giving me
> authentication error no mater what I do.
Please always include the actual errors, difficult to help you without.

You need an authentication module so that the proxy can use it to locate
the available sessions, so "none" is not expected to work.
"allow" can work, but the username you specify must exist on the target
system and if there is more than one session running as that user
(including the proxy itself), you will probably need this fix:
http://xpra.org/trac/changeset/13533

> Finally, I had to use multifil to get rid of authetication errors.
> 
> 4) auth file just has one line and no next line character (build using
> echo command). One line is this :-
> ubuntu|secretpassword|1000|1000|tcp:aa.bb.cc.dd:10001|EXAMPLE_ENV=VALUE|compression=0
> 
> I tried both the internal and external IP address. aa.bb.cc.dd:10001 as
> well as xx.yy.xx.aa:10001. I dont get authetication errors or connection
> errors with either. But none of them show me display.
Please post the full logs with the "-d auth" switch.
These should show the authentication attempt, the sessions found, etc.

> On local machine password file pswd.txt just had single word
> secretpassword. Again no next line character.
> 
> 5) The xpra versions from the server log is shown like this :-
> 
> ^[[31m2016-08-31 21:50:45,340 Error setting up our dbus server:^[[0m
> ^[[31m2016-08-31 21:50:45,340  No module named dbus^[[0m
> 2016-08-31 21:50:45,341 xpra X11 version 1.0-r13253 64-bit^[[0m
> 2016-08-31 21:50:45,341  running with pid 6869 on Linux Ubuntu 16.04
> xenial^[[0m
> 2016-08-31 21:50:45,341  connected to X11 display :11^[[0m
> 2016-08-31 21:50:45,391 xpra is ready.^[[0m
> ^[[33m2016-08-31 21:50:46,343 Warning: pulseaudio has terminated shortly
> after startup.^[[0m
> 
> And logs from the proxy are here :-
> 
> 2016-08-31 22:26:59,300 serving html content from '/usr/share/xpra/www'^[[0m
> 2016-08-31 22:26:59,312 xpra proxy version 1.0-r13253 64-bit^[[0m
> 2016-08-31 22:26:59,312  running with pid 7491 on Linux Ubuntu 16.04
> xenial^[[0m
> 2016-08-31 22:26:59,313  connected to X11 display :13^[[0m
> 2016-08-31 22:26:59,313 xpra is ready.^[[0m
> 
> 6) Anything else I might have forgotten?
> I am running out of ideas to try.
> Let me know? Very motivated to make it work .... but have no more ideas
> to experiment.
This works fine for me with the latest trunk:


Example with multifile:

$ cat > multifile.txt <<EOF
ubuntu1|secretpassword1|1000|1000|:100||
ubuntu2|secretpassword2|1000|1000|tcp:127.0.0.1:10000||
EOF
$ xpra start --start=xterm --bind-tcp=0.0.0.0:10000 :100 -d auth
$ xpra proxy :13 --bind-tcp=0.0.0.0:10002 \
    --tcp-auth=multifile:filename=./multifile.txt -d auth
$ xpra attach tcp/ubuntu1:secretpassword1 at 127.0.0.1:10002

Or if you want the proxy to connect to the server via TCP, use the
second username:
$ xpra attach tcp/ubuntu2:secretpassword2 at 127.0.0.1:10002


Example with allow:
$ xpra start --start=xterm --bind-tcp=0.0.0.0:10000 :100 -d auth
$ xpra proxy :13 --bind-tcp=0.0.0.0:10002 --tcp-auth=allow -d auth
$ xpra attach tcp/$USER:foo at 127.0.0.1:10002/100
(with allow, you must specify the display)

The same client attach commands also work from win32 or OSX clients, you
will just need to change the server IP to its external one.

Cheers
Antoine



>  
> Regards,
> Mukul
> ( https://sites.google.com/site/mukulagrawal )
> 
> 
> On Wednesday, August 31, 2016 8:45 PM, Antoine Martin
> <antoine at nagafix.co.uk> wrote:
> 
> 
> On 01/09/16 05:55, Mukul Agrawal wrote:
>> OK. Upgraded my ubuntu distributon to Xenial and then got the xpra 1.0
>> from beta. Still, cannot get it to work. Any help?
>>
>> started proxy like this
>> -- xpra proxy :13
>>
> --bind-tcp=0.0.0.0:10002--tcp-auth=multifile:filename=/home/ubuntu/xpra-auth
>>
>> started a couple of servers on same machine like this
>> -- xpra start :11 --bind-tcp=0.0.0.0:10000
>> -- xpra start :12 --bind-tcp=0.0.0.0:10001
>> -- DISPLAY=:11 xlclock &
>> -- DISPLAY=:12 xlogo
> Don't do that. Same as the other thread about tty. Use this instead:
> xpra start :DISPLAY --bind-tcp=... --start=COMMAND
> 
>> try to attach from windows machine
>> -- Xpra_cmd.exe attach --username=ubuntu --password-file=pswd.txt
>> tcp/52.53.168.31/10002/11
>>
>> Everything seems to go well in the beginning. No error message. It
>> simply drops the connection without saying anything.
> You're not sharing your multifile password file, so I won't be able to
> reproduce what you did.
> 
> You're also not showing what versions you've used for testing, the only
> version shown is from the win32 client, which is well out of date:
>> Python/Gtk2 Microsoft Windows 7 client version 0.16.3-r12203
> 
> There's a debug flag for authentication, try adding "-d auth" to your
> server command line.
> 
> Cheers
> Antoine
> 
> 
>>
>> Here is the log from proxy :-
>>
>>
>>
>> 2016-08-31 22:28:47,740 New unix-domain connection received on
>> /home/ubuntu/.xpra/ip-aa-bb-cc-dd-13^[[0m
>> 2016-08-31 22:29:00,624 New tcp connection received from
>> xx.yy.zz.aa:5792^[[0m
>> 2016-08-31 22:29:00,625 Authentication required by multi password file
>> authenticator module^[[0m
>> 2016-08-31 22:29:00,625  sending challenge for 'ubuntu' using hmac
>> digest^[[0m
>> ^[[33m2016-08-31 22:29:00,955 Warning: enc_xvid failed its self test^[[0m
>> ^[[33m2016-08-31 22:29:00,955  No module named xvid^[[0m
>> 2016-08-31 22:29:00,966 proxy video encoders: x264^[[0m
>> 2016-08-31 22:29:00,966 new proxy instance started^[[0m
>> 2016-08-31 22:29:00,966  for client tcp socket: aa.bb.cc.dd:10002 <-
>> xx.yy.zz.aa:5792^[[0m
>> 2016-08-31 22:29:00,967  and server tcp socket: aa.bb.cc.dd:43006 <-
>> 22.33.44.55:10000^[[0m
>> 2016-08-31 22:29:00,967 proxy instance now also available using unix
>> domain socket:^[[0m
>> 2016-08-31 22:29:00,967  /home/ubuntu/.xpra/ip-aa-bb-cc-dd-proxy-7553^[[0m
>> 2016-08-31 22:29:00,967 setting sockets (tcp socket: aa.bb.cc.dd:10002
>> <- xx.yy.zz.aa:5792, tcp socket: aa.bb.cc.dd:43006 <- 22.33.44.55:10000)
>> to blocking mode^[[0m
>> 2016-08-31 22:29:01,628 stop(client connection lost, Protocol(None))^[[0m
>> 2016-08-31 22:29:01,628 removing socket
>> /home/ubuntu/.xpra/ip-aa-bb-cc-dd-proxy-7553^[[0m
>> 2016-08-31 22:29:01,638 proxy instance 7553 stopped^[[0m
>> 
>> Here is the log from the server itself
>> 
>> 2016-08-31 22:28:47,738 New unix-domain connection received on
>> /home/ubuntu/.xpra/ip-aa-bb-cc-dd-11^[[0m
>> 2016-08-31 22:29:00,974 New tcp connection received from
>> 22.33.44.55:43006^[[0m
>> 2016-08-31 22:29:00,977 Handshake complete; enabling connection^[[0m
>> ^[[31m2016-08-31 22:29:00,980 Error setting up the source's DBUS
>> server:^[[0m
>> ^[[31m2016-08-31 22:29:00,980  No module named dbus^[[0m
>> 2016-08-31 22:29:00,981 Python/Gtk2 Microsoft Windows 7 client version
>> 0.16.3-r12203^[[0m
>> 2016-08-31 22:29:00,981  connected from 'MAGRAWAL’ as 'ubuntu' -
>> 'magrawal'^[[0m
>> 2016-08-31 22:29:00,981 via {'': 'linux2', 'name': 'Linux Ubuntu 16.04
>> xenial', 'machine': 'x86_64', 'platform':
>> 'Linux-4.4.0-36-generic-x86_64-with-Ubuntu-16.04-xenial',
>> 'architecture': ['64bit', 'ELF'], 'release': '4.4.0-36-generic',
>> 'processor': 'Intel(R) Xeon(R) CPU E5-2670 v2 @ 2.50GHz',
>> 'linux_distribution': ['Ubuntu', '16.04', 'xenial']} proxy version
>> unknown on 'ip-aa-bb-cc-dd'^[[0m
>> ^[[33m2016-08-31 22:29:00,981 Warning: proxy version may not be
>> compatible: remote version not available!^[[0m
>> 2016-08-31 22:29:00,982  using h264 as primary encoding also
> available:^[[0m
>> 2016-08-31 22:29:00,982  vp9, vp8, png, png/P, png/L, rgb24, jpeg,
>> rgb32^[[0m
>> 2016-08-31 22:29:00,990  client root window size is 1920x1080 with 1
>> display:^[[0m
>> 2016-08-31 22:29:00,990  Default (508x285 mm - DPI: 96x96)^[[0m
>> 2016-08-31 22:29:00,990    DISPLAY1 (677x381 mm - DPI: 72x72)^[[0m
>> 2016-08-31 22:29:01,017 setting key repeat rate from client: 500ms delay
>> / 33ms interval^[[0m
>> 2016-08-31 22:29:01,018 keyboard mapping already configured (skipped)^[[0m
>> 2016-08-31 22:29:01,629 client has requested disconnection: server
>> shutdown (client connection lost)^[[0m
>> 2016-08-31 22:29:01,629 Disconnecting client 22.33.44.55:43006:^[[0m
>> 2016-08-31 22:29:01,629  client request^[[0m
>> 2016-08-31 22:29:01,630 xpra client 5 disconnected.^[[0m
>>
>>
>> Regards, Mukul ( https://sites.google.com/site/mukulagrawal
> <https://sites.google.com/site/mukulagrawal>)
>>
>>
>> On Wednesday, August 31, 2016 4:05 AM, Antoine Martin via shifter-users
>> <shifter-users at lists.devloop.org.uk
> <mailto:shifter-users at lists.devloop.org.uk>> wrote:
>>
>>
>> On 30/08/16 23:52, Mukul Agrawal via shifter-users wrote:
>>> I am running xpra server 0.15 that I got from the latest winswitch repo.
>>> Started proxy like that shown in your basic usage example ProxyServer
>> – Xpra
>>>
>>> xpra proxy :13 --bind-tcp=0.0.0.0:10000 --auth=allow
>>> started a xpra server instance on same machine/same account using
>> several different formatsxpra start :11
>>> xpra start :11 --bind-tcp=127.0.0.1:10001
>>> xpra start :11 --auth=allow --bind-tcp=127.0.0.1:10001
>>> When I try to attach to this instance from windows machine using
>>> Xpra_cmd attach tcp/user at IP <mailto:user at IP> <mailto:user at IP
> <mailto:user at IP>>/10000/11
>>>
>>> I get authentication error :- " authentication failed: this server
>> requires authentication, please provide a password."
>> I assume you must be using an older distribution like Ubuntu Trusty?
>>
>> Please try with the current beta packages, the next release will support
>> those older distribution versions and it includes a large number of
>> fixes for the proxy server:
>> http://xpra.org/trac/ticket/952
>> http://xpra.org/trac/ticket/1264
>> Many of those features and fixes are not available in the branch you are
>> using.
>>
>> Cheers
>> Antoine
>>
>>>
>>> Another problem
>>> xpra stop :13 will not stop the proxy.I again get a message asking for
>> a password.
>>>  Regards,
>>> Mukul
>>> ( https://sites.google.com/site/mukulagrawal
>> <https://sites.google.com/site/mukulagrawal>)
>>> _______________________________________________
>>> shifter-users mailing list
>>> shifter-users at lists.devloop.org.uk
> <mailto:shifter-users at lists.devloop.org.uk>
>> <mailto:shifter-users at lists.devloop.org.uk
> <mailto:shifter-users at lists.devloop.org.uk>>
>>> http://lists.devloop.org.uk/mailman/listinfo/shifter-users
>>
>>>
>>
>> _______________________________________________
>> shifter-users mailing list
>> shifter-users at lists.devloop.org.uk
> <mailto:shifter-users at lists.devloop.org.uk>
>> <mailto:shifter-users at lists.devloop.org.uk
> <mailto:shifter-users at lists.devloop.org.uk>>
> 
>> http://lists.devloop.org.uk/mailman/listinfo/shifter-users
>>
>>
> 
> 
> 




More information about the shifter-users mailing list