[winswitch] Xpra proxy with --auth=allow does not work

Mukul Agrawal mukulagrawal78 at yahoo.com
Fri Sep 2 02:06:13 BST 2016 

 Upgraded my windows client version to 0.17.5 revision 13487
Followed your "--tcp-auth-allow" example. Still, does not work for me. Exact commands and logs attached below. Even with "allow", proxy is still challenging client for password.
 xpra start --start=xclock --bind-tcp=0.0.0.0:10000 :11 -d auth
 xpra proxy :13 --bind-tcp=0.0.0.0:10002 --tcp-auth=allow -d auth
xpra attach tcp/ubuntu at 52.53.168.31/10002/11

Following is the log from proxy

2016-09-02 00:52:37,344 created unix domain socket: /home/ubuntu/.xpra/ip-aa-bb-cc-dd-13^[[0m
^[[33m2016-09-02 00:52:37,454 Warning: failed to load the mdns avahi publisher:^[[0m
^[[33m2016-09-02 00:52:37,454  No module named avahi^[[0m
^[[33m2016-09-02 00:52:37,454  either fix your installation or use the 'mdns=no' option^[[0m
2016-09-02 00:52:37,492 serving html content from '/usr/share/xpra/www'^[[0m
^[[36m2016-09-02 00:52:37,492 get_auth_module(unix-domain, , {..})^[[0m
^[[36m2016-09-02 00:52:37,492 get_auth_module(tcp, allow, {..})^[[0m
^[[36m2016-09-02 00:52:37,505 get_auth_module(ssl, allow, {..})^[[0m
^[[36m2016-09-02 00:52:37,506 get_auth_module(vsock, , {..})^[[0m
^[[36m2016-09-02 00:52:37,506 init_auth(..) auth class=None, tcp auth class=('allow', <class 'xpra.server.auth.allow_auth.Authenticator'>, {}), ssl auth class=('allow', <class 'xpra.server.auth.allow_auth.Authenticator'>, {}), vsock auth class=None^[[0m
2016-09-02 00:52:37,506 xpra proxy version 1.0-r13253 64-bit^[[0m
2016-09-02 00:52:37,506  running with pid 10576 on Linux Ubuntu 16.04 xenial^[[0m
2016-09-02 00:52:37,506  connected to X11 display :13^[[0m
2016-09-02 00:52:37,506 xpra is ready.^[[0m
2016-09-02 00:53:04,292 New tcp connection received from uu.vv.ww.xx:11154^[[0m
^[[36m2016-09-02 00:53:04,293 socktype=tcp, auth class=('allow', <class 'xpra.server.auth.allow_auth.Authenticator'>, {}), encryption=, keyfile=^[[0m
^[[36m2016-09-02 00:53:04,482 creating authenticator ('allow', <class 'xpra.server.auth.allow_auth.Authenticator'>, {})^[[0m
^[[36m2016-09-02 00:53:04,483 allow=allow^[[0m
^[[36m2016-09-02 00:53:04,483 processing authentication with allow, response=None, client_salt=, challenge_sent=False^[[0m
^[[36m2016-09-02 00:53:04,483 challenge: ('274be8f27a4742d1b0f37616d6fbc4ec', 'hmac')^[[0m
2016-09-02 00:53:04,483 Authentication required by allow authenticator module^[[0m
2016-09-02 00:53:04,483  sending challenge for 'ubuntu' using hmac digest^[[0m
2016-09-02 00:53:04,521 client has requested disconnection: no password available^[[0m
2016-09-02 00:53:04,521 Disconnecting client uu.vv.ww.xx:11154:^[[0m
2016-09-02 00:53:04,521  client request^[[0m


Following is the log from server

2016-09-02 00:51:26,418 created unix domain socket: /home/ubuntu/.xpra/ip-aa-bb-cc-dd-11^[[0m
^[[33m2016-09-02 00:51:26,468 Warning: menu forwarding is disabled:^[[0m
^[[33m2016-09-02 00:51:26,468  cannot load dbus helper: No module named dbus^[[0m
^[[33m2016-09-02 00:51:26,697 Warning: enc_xvid failed its self test^[[0m
^[[33m2016-09-02 00:51:26,698  No module named xvid^[[0m
^[[33m2016-09-02 00:51:26,712 Warning: failed to load the mdns avahi publisher:^[[0m
^[[33m2016-09-02 00:51:26,712  No module named avahi^[[0m
^[[33m2016-09-02 00:51:26,712  either fix your installation or use the 'mdns=no' option^[[0m
^[[33m2016-09-02 00:51:26,717 Warning: no X11 RandR support on :11^[[0m
2016-09-02 00:51:27,327 serving html content from '/usr/share/xpra/www'^[[0m
^[[36m2016-09-02 00:51:27,327 get_auth_module(unix-domain, , {..})^[[0m
^[[36m2016-09-02 00:51:27,327 get_auth_module(tcp, , {..})^[[0m
^[[36m2016-09-02 00:51:27,328 get_auth_module(ssl, , {..})^[[0m
^[[36m2016-09-02 00:51:27,328 get_auth_module(vsock, , {..})^[[0m
^[[36m2016-09-02 00:51:27,328 init_auth(..) auth class=None, tcp auth class=None, ssl auth class=None, vsock auth class=None^[[0m
^[[31m2016-09-02 00:51:27,401 Error: failed to import the virtual video module:^[[0m
^[[31m2016-09-02 00:51:27,401  No module named _dbus_bindings^[[0m
2016-09-02 00:51:27,411 pulseaudio server started with pid 10536^[[0m
/bin/sh: 1: pulseaudio: not found
Warning: failed to import GStreamer:
 GStreamer 1.0: Namespace Gst not available
 GStreamer 0.10: could not import gobject (could not find _PyGObject_API object)
^[[31m2016-09-02 00:51:27,710 Error: failed to query sound subsystem:^[[0m
^[[31m2016-09-02 00:51:27,711  query did not return any data^[[0m
^[[33m2016-09-02 00:51:27,712 Warning: failed to load or register our dbus notifications forwarder:^[[0m
^[[33m2016-09-02 00:51:27,712  No module named dbus.service^[[0m
^[[33m2016-09-02 00:51:27,712  if you do not have a dedicated dbus session for this xpra instance,^[[0m
^[[33m2016-09-02 00:51:27,712  use the 'notifications=no' option^[[0m
^[[33m2016-09-02 00:51:27,713 cannot load dbus helper: No module named dbus^[[0m
^[[31m2016-09-02 00:51:27,717 Error setting up our dbus server:^[[0m
^[[31m2016-09-02 00:51:27,717  No module named dbus^[[0m
2016-09-02 00:51:27,721 xpra X11 version 1.0-r13253 64-bit^[[0m
2016-09-02 00:51:27,722  running with pid 10500 on Linux Ubuntu 16.04 xenial^[[0m
2016-09-02 00:51:27,722  connected to X11 display :11^[[0m
2016-09-02 00:51:27,831 xpra is ready.^[[0m
^[[33m2016-09-02 00:51:28,723 Warning: pulseaudio has terminated shortly after startup.^[[0m
^[[33m2016-09-02 00:51:28,723  pulseaudio is limited to a single instance per user account,^[[0m
^[[33m2016-09-02 00:51:28,723  and one may be running already for user 'ubuntu'^[[0m
^[[33m2016-09-02 00:51:28,723  to avoid this warning, either fix the pulseaudio command line^[[0m
^[[33m2016-09-02 00:51:28,723  or use the 'pulseaudio=no' option^[[0m


Regards, 
Mukul 
( https://sites.google.com/site/mukulagrawal ) 

    On Thursday, September 1, 2016 4:40 PM, Antoine Martin <antoine at nagafix.co.uk> wrote:
 

 On 01/09/16 13:40, Mukul Agrawal wrote:
> Some more information :-
> 
> 1) server works with --auth and --tcp-auth. But proxy only works with
> tcp-auth.
If you are still stuck, please explain what "doesn't work" exactly here.
Do you get an error? If so, please post it.

> 2) I can connect to each of the servers directly. I can get their
> displays to local windows machine if I connect to them directly. But no
> luck getting the display through proxy. Connected like this :-
> Xpra_cmd.exe attach --username=ubuntu --password-file=pswd.txt
> tcp/ubuntu at 52.53.168.31/10000
> Xpra_cmd.exe attach --username=ubuntu --password-file=pswd.txt
> tcp/ubuntu at 52.53.168.31/10001
The username is specified twice in those command lines which is a little
bit confusing: once using the "--username=" command line option and
again in the URL. I find this form easier to read:
xpra attach tcp/username:password at host:port/DISPLAY

You only need to specify the DISPLAY if there are going to be more than
one matching display for that user.
If you are using multifile with a single entry then you don't need it.

> 3) --tcp-auth=none or --tcp-auth=allow do not work. They kept giving me
> authentication error no mater what I do.
Please always include the actual errors, difficult to help you without.

You need an authentication module so that the proxy can use it to locate
the available sessions, so "none" is not expected to work.
"allow" can work, but the username you specify must exist on the target
system and if there is more than one session running as that user
(including the proxy itself), you will probably need this fix:
http://xpra.org/trac/changeset/13533

> Finally, I had to use multifil to get rid of authetication errors.
> 
> 4) auth file just has one line and no next line character (build using
> echo command). One line is this :-
> ubuntu|secretpassword|1000|1000|tcp:aa.bb.cc.dd:10001|EXAMPLE_ENV=VALUE|compression=0
> 
> I tried both the internal and external IP address. aa.bb.cc.dd:10001 as
> well as xx.yy.xx.aa:10001. I dont get authetication errors or connection
> errors with either. But none of them show me display.
Please post the full logs with the "-d auth" switch.
These should show the authentication attempt, the sessions found, etc.

> On local machine password file pswd.txt just had single word
> secretpassword. Again no next line character.
> 
> 5) The xpra versions from the server log is shown like this :-
> 
> ^[[31m2016-08-31 21:50:45,340 Error setting up our dbus server:^[[0m
> ^[[31m2016-08-31 21:50:45,340  No module named dbus^[[0m
> 2016-08-31 21:50:45,341 xpra X11 version 1.0-r13253 64-bit^[[0m
> 2016-08-31 21:50:45,341  running with pid 6869 on Linux Ubuntu 16.04
> xenial^[[0m
> 2016-08-31 21:50:45,341  connected to X11 display :11^[[0m
> 2016-08-31 21:50:45,391 xpra is ready.^[[0m
> ^[[33m2016-08-31 21:50:46,343 Warning: pulseaudio has terminated shortly
> after startup.^[[0m
> 
> And logs from the proxy are here :-
> 
> 2016-08-31 22:26:59,300 serving html content from '/usr/share/xpra/www'^[[0m
> 2016-08-31 22:26:59,312 xpra proxy version 1.0-r13253 64-bit^[[0m
> 2016-08-31 22:26:59,312  running with pid 7491 on Linux Ubuntu 16.04
> xenial^[[0m
> 2016-08-31 22:26:59,313  connected to X11 display :13^[[0m
> 2016-08-31 22:26:59,313 xpra is ready.^[[0m
> 
> 6) Anything else I might have forgotten?
> I am running out of ideas to try.
> Let me know? Very motivated to make it work .... but have no more ideas
> to experiment.
This works fine for me with the latest trunk:


Example with multifile:

$ cat > multifile.txt <<EOF
ubuntu1|secretpassword1|1000|1000|:100||
ubuntu2|secretpassword2|1000|1000|tcp:127.0.0.1:10000||
EOF
$ xpra start --start=xterm --bind-tcp=0.0.0.0:10000 :100 -d auth
$ xpra proxy :13 --bind-tcp=0.0.0.0:10002 \
    --tcp-auth=multifile:filename=./multifile.txt -d auth
$ xpra attach tcp/ubuntu1:secretpassword1 at 127.0.0.1:10002

Or if you want the proxy to connect to the server via TCP, use the
second username:
$ xpra attach tcp/ubuntu2:secretpassword2 at 127.0.0.1:10002


Example with allow:
$ xpra start --start=xterm --bind-tcp=0.0.0.0:10000 :100 -d auth
$ xpra proxy :13 --bind-tcp=0.0.0.0:10002 --tcp-auth=allow -d auth
$ xpra attach tcp/$USER:foo at 127.0.0.1:10002/100
(with allow, you must specify the display)

The same client attach commands also work from win32 or OSX clients, you
will just need to change the server IP to its external one.

Cheers
Antoine



>  
> Regards,
> Mukul
> ( https://sites.google.com/site/mukulagrawal )
> 
> 
> On Wednesday, August 31, 2016 8:45 PM, Antoine Martin
> <antoine at nagafix.co.uk> wrote:
> 
> 
> On 01/09/16 05:55, Mukul Agrawal wrote:
>> OK. Upgraded my ubuntu distributon to Xenial and then got the xpra 1.0
>> from beta. Still, cannot get it to work. Any help?
>>
>> started proxy like this
>> -- xpra proxy :13
>>
> --bind-tcp=0.0.0.0:10002--tcp-auth=multifile:filename=/home/ubuntu/xpra-auth
>>
>> started a couple of servers on same machine like this
>> -- xpra start :11 --bind-tcp=0.0.0.0:10000
>> -- xpra start :12 --bind-tcp=0.0.0.0:10001
>> -- DISPLAY=:11 xlclock &
>> -- DISPLAY=:12 xlogo
> Don't do that. Same as the other thread about tty. Use this instead:
> xpra start :DISPLAY --bind-tcp=... --start=COMMAND
> 
>> try to attach from windows machine
>> -- Xpra_cmd.exe attach --username=ubuntu --password-file=pswd.txt
>> tcp/52.53.168.31/10002/11
>>
>> Everything seems to go well in the beginning. No error message. It
>> simply drops the connection without saying anything.
> You're not sharing your multifile password file, so I won't be able to
> reproduce what you did.
> 
> You're also not showing what versions you've used for testing, the only
> version shown is from the win32 client, which is well out of date:
>> Python/Gtk2 Microsoft Windows 7 client version 0.16.3-r12203
> 
> There's a debug flag for authentication, try adding "-d auth" to your
> server command line.
> 
> Cheers
> Antoine
> 
> 
>>
>> Here is the log from proxy :-
>>
>>
>>
>> 2016-08-31 22:28:47,740 New unix-domain connection received on
>> /home/ubuntu/.xpra/ip-aa-bb-cc-dd-13^[[0m
>> 2016-08-31 22:29:00,624 New tcp connection received from
>> xx.yy.zz.aa:5792^[[0m
>> 2016-08-31 22:29:00,625 Authentication required by multi password file
>> authenticator module^[[0m
>> 2016-08-31 22:29:00,625  sending challenge for 'ubuntu' using hmac
>> digest^[[0m
>> ^[[33m2016-08-31 22:29:00,955 Warning: enc_xvid failed its self test^[[0m
>> ^[[33m2016-08-31 22:29:00,955  No module named xvid^[[0m
>> 2016-08-31 22:29:00,966 proxy video encoders: x264^[[0m
>> 2016-08-31 22:29:00,966 new proxy instance started^[[0m
>> 2016-08-31 22:29:00,966  for client tcp socket: aa.bb.cc.dd:10002 <-
>> xx.yy.zz.aa:5792^[[0m
>> 2016-08-31 22:29:00,967  and server tcp socket: aa.bb.cc.dd:43006 <-
>> 22.33.44.55:10000^[[0m
>> 2016-08-31 22:29:00,967 proxy instance now also available using unix
>> domain socket:^[[0m
>> 2016-08-31 22:29:00,967  /home/ubuntu/.xpra/ip-aa-bb-cc-dd-proxy-7553^[[0m
>> 2016-08-31 22:29:00,967 setting sockets (tcp socket: aa.bb.cc.dd:10002
>> <- xx.yy.zz.aa:5792, tcp socket: aa.bb.cc.dd:43006 <- 22.33.44.55:10000)
>> to blocking mode^[[0m
>> 2016-08-31 22:29:01,628 stop(client connection lost, Protocol(None))^[[0m
>> 2016-08-31 22:29:01,628 removing socket
>> /home/ubuntu/.xpra/ip-aa-bb-cc-dd-proxy-7553^[[0m
>> 2016-08-31 22:29:01,638 proxy instance 7553 stopped^[[0m
>> 
>> Here is the log from the server itself
>> 
>> 2016-08-31 22:28:47,738 New unix-domain connection received on
>> /home/ubuntu/.xpra/ip-aa-bb-cc-dd-11^[[0m
>> 2016-08-31 22:29:00,974 New tcp connection received from
>> 22.33.44.55:43006^[[0m
>> 2016-08-31 22:29:00,977 Handshake complete; enabling connection^[[0m
>> ^[[31m2016-08-31 22:29:00,980 Error setting up the source's DBUS
>> server:^[[0m
>> ^[[31m2016-08-31 22:29:00,980  No module named dbus^[[0m
>> 2016-08-31 22:29:00,981 Python/Gtk2 Microsoft Windows 7 client version
>> 0.16.3-r12203^[[0m
>> 2016-08-31 22:29:00,981  connected from 'MAGRAWAL’ as 'ubuntu' -
>> 'magrawal'^[[0m
>> 2016-08-31 22:29:00,981 via {'': 'linux2', 'name': 'Linux Ubuntu 16.04
>> xenial', 'machine': 'x86_64', 'platform':
>> 'Linux-4.4.0-36-generic-x86_64-with-Ubuntu-16.04-xenial',
>> 'architecture': ['64bit', 'ELF'], 'release': '4.4.0-36-generic',
>> 'processor': 'Intel(R) Xeon(R) CPU E5-2670 v2 @ 2.50GHz',
>> 'linux_distribution': ['Ubuntu', '16.04', 'xenial']} proxy version
>> unknown on 'ip-aa-bb-cc-dd'^[[0m
>> ^[[33m2016-08-31 22:29:00,981 Warning: proxy version may not be
>> compatible: remote version not available!^[[0m
>> 2016-08-31 22:29:00,982  using h264 as primary encoding also
> available:^[[0m
>> 2016-08-31 22:29:00,982  vp9, vp8, png, png/P, png/L, rgb24, jpeg,
>> rgb32^[[0m
>> 2016-08-31 22:29:00,990  client root window size is 1920x1080 with 1
>> display:^[[0m
>> 2016-08-31 22:29:00,990  Default (508x285 mm - DPI: 96x96)^[[0m
>> 2016-08-31 22:29:00,990    DISPLAY1 (677x381 mm - DPI: 72x72)^[[0m
>> 2016-08-31 22:29:01,017 setting key repeat rate from client: 500ms delay
>> / 33ms interval^[[0m
>> 2016-08-31 22:29:01,018 keyboard mapping already configured (skipped)^[[0m
>> 2016-08-31 22:29:01,629 client has requested disconnection: server
>> shutdown (client connection lost)^[[0m
>> 2016-08-31 22:29:01,629 Disconnecting client 22.33.44.55:43006:^[[0m
>> 2016-08-31 22:29:01,629  client request^[[0m
>> 2016-08-31 22:29:01,630 xpra client 5 disconnected.^[[0m
>>
>>
>> Regards, Mukul ( https://sites.google.com/site/mukulagrawal
> <https://sites.google.com/site/mukulagrawal>)
>>
>>
>> On Wednesday, August 31, 2016 4:05 AM, Antoine Martin via shifter-users
>> <shifter-users at lists.devloop.org.uk
> <mailto:shifter-users at lists.devloop.org.uk>> wrote:
>>
>>
>> On 30/08/16 23:52, Mukul Agrawal via shifter-users wrote:
>>> I am running xpra server 0.15 that I got from the latest winswitch repo.
>>> Started proxy like that shown in your basic usage example ProxyServer
>> – Xpra
>>>
>>> xpra proxy :13 --bind-tcp=0.0.0.0:10000 --auth=allow
>>> started a xpra server instance on same machine/same account using
>> several different formatsxpra start :11
>>> xpra start :11 --bind-tcp=127.0.0.1:10001
>>> xpra start :11 --auth=allow --bind-tcp=127.0.0.1:10001
>>> When I try to attach to this instance from windows machine using
>>> Xpra_cmd attach tcp/user at IP <mailto:user at IP> <mailto:user at IP
> <mailto:user at IP>>/10000/11
>>>
>>> I get authentication error :- " authentication failed: this server
>> requires authentication, please provide a password."
>> I assume you must be using an older distribution like Ubuntu Trusty?
>>
>> Please try with the current beta packages, the next release will support
>> those older distribution versions and it includes a large number of
>> fixes for the proxy server:
>> http://xpra.org/trac/ticket/952
>> http://xpra.org/trac/ticket/1264
>> Many of those features and fixes are not available in the branch you are
>> using.
>>
>> Cheers
>> Antoine
>>
>>>
>>> Another problem
>>> xpra stop :13 will not stop the proxy.I again get a message asking for
>> a password.
>>>  Regards,
>>> Mukul
>>> ( https://sites.google.com/site/mukulagrawal
>> <https://sites.google.com/site/mukulagrawal>)
>>> _______________________________________________
>>> shifter-users mailing list
>>> shifter-users at lists.devloop.org.uk
> <mailto:shifter-users at lists.devloop.org.uk>
>> <mailto:shifter-users at lists.devloop.org.uk
> <mailto:shifter-users at lists.devloop.org.uk>>
>>> http://lists.devloop.org.uk/mailman/listinfo/shifter-users
>>
>>>
>>
>> _______________________________________________
>> shifter-users mailing list
>> shifter-users at lists.devloop.org.uk
> <mailto:shifter-users at lists.devloop.org.uk>
>> <mailto:shifter-users at lists.devloop.org.uk
> <mailto:shifter-users at lists.devloop.org.uk>>
> 
>> http://lists.devloop.org.uk/mailman/listinfo/shifter-users
>>
>>
> 
> 
>

More information about the shifter-users mailing list