xauth keys not being maintained over move to different network.

[deadshort@…]

[ I am using 2.3.0rc4 now, and I _think_ this is a recent change since 2.3.0.... surely I would remember this behavior, since I change networks several times a day. ]

If you start X on one network (to be specific, wireless with a 10.0.1.xx address), then move to a different network (ethernet on a different network), the xauth keys do not get updated.

E.g.:

### The X server had already been launched on the 10. network, the machine put to sleep, then woken up on the "work" network. xauth shows a mix of keys:

idiotbox:~ cloomis$ xauth list
idiotbox.work.edu/unix:0  MIT-MAGIC-COOKIE-1  fb38dff6c5ed95e341cb6f8b72d61b8b
Idiotbox.home/unix:0  MIT-MAGIC-COOKIE-1  450ea9d58e5ced4cdc53a71cd1acbbd7
10.0.1.24:0  MIT-MAGIC-COOKIE-1  450ea9d58e5ced4cdc53a71cd1acbbd7

### X clients cannot connect:

idiotbox:~ cloomis$ xterm
Xlib: connection to "/tmp/launch-ZSJaBH/:0" refused by server
Xlib: Invalid MIT-MAGIC-COOKIE-1 key
xterm Xt error: Can't open display: /tmp/launch-ZSJaBH/:0

### Remove the suspect key:

idiotbox:~ cloomis$ xauth remove idiotbox.work.edu/unix:0

### X clients get the expected change in response:

idiotbox:~ cloomis$ xterm
Xlib: connection to "/tmp/launch-ZSJaBH/:0" refused by server
Xlib: No protocol specified

xterm Xt error: Can't open display: /tmp/launch-ZSJaBH/:0

### Add a plausibly correct key:

idiotbox:~ cloomis$ xauth add idiotbox.work.edu/unix:0 MIT-MAGIC-COOKIE-1  450ea9d58e5ced4cdc53a71cd1acbbd7
idiotbox:~ cloomis$ xauth list
Idiotbox.home/unix:0  MIT-MAGIC-COOKIE-1  450ea9d58e5ced4cdc53a71cd1acbbd7
10.0.1.24:0  MIT-MAGIC-COOKIE-1  450ea9d58e5ced4cdc53a71cd1acbbd7
idiotbox.work.edu/unix:0  MIT-MAGIC-COOKIE-1  450ea9d58e5ced4cdc53a71cd1acbbd7

### And clients now work...

I'll note that adding keys for 127.0.0.1/unix:0 or localhost/unix:0 instead of idiotbox.work.edu/unix:0 did not work, but adding :0 did.

[deadshort@…]

Oh, in the system.log, these show up with AUDIT lines:

Jul 9 12:17:45 idiotbox org.x.startx[198]: AllocNewConnection: client index = 1, socket fd = 1 Jul 9 12:17:45 idiotbox org.x.startx[198]: AUDIT: Wed Jul 9 12:17:45 2008: 271 X: client 1 rejected from local host (uid 502) Jul 9 12:18:00 idiotbox org.x.startx[198]: AllocNewConnection: client index = 1, socket fd = 1

[jeremyhu@…]

I think this should be fixed in 2.3.0-rc6... Please let me know.

[jeremyhu@…]

This is really a feature request and not a bug. I'm going to put this in "later, once the big bugs get taken care of" category.

[jeremyhu@…]

BTW, I'm surprised you don't have your <hostname>.local in xauth list:

eg for me: tifa.local/unix:11 MIT-MAGIC-COOKIE-1 648b679978d6d70d20c0b008e53840e9 tifa.local:11 MIT-MAGIC-COOKIE-1 648b679978d6d70d20c0b008e53840e9 10.0.10.3:11 MIT-MAGIC-COOKIE-1 648b679978d6d70d20c0b008e53840e9 172.16.22.1:11 MIT-MAGIC-COOKIE-1 648b679978d6d70d20c0b008e53840e9 172.16.128.1:11 MIT-MAGIC-COOKIE-1 648b679978d6d70d20c0b008e53840e9

---

So if I change network interfaces, it "just works" for me because tifa.local is always referencing my box.

[deadshort@…]

[ Sorry for not responding sooner: I have been offline. ]

I tried 2.3.0-rc7, and it works beautifully. Basically, a localhost:1 key is created no matter what network I start from, and it never goes away. And strange keys no longer come and go. Granted, the localhost:1 key always appears in pairs, and the only other key is the hostname/unix:1 appropriate to when the server was started. But I think that's fine; it certainly is for my situation. E.g. after I started the server at work then came home, I see:

idiotbox:~ cloomis$ xauth list
idiotbox.work.edu/unix:1  MIT-MAGIC-COOKIE-1  2cb07ad22efd42d63918bca943517e77
localhost:1  MIT-MAGIC-COOKIE-1  2cb07ad22efd42d63918bca943517e77
localhost:1  MIT-MAGIC-COOKIE-1  2cb07ad22efd42d63918bca943517e77

Besides that improvement, some other, slightly different and harder for me to duplicate, Xlib: connection to "/tmp/launch-ZSJaBH/:0" refused by server errors are also gone with 2.3.0-rc7.

Thanks!