Ubuntu
python-xlib package

Python Xlib applications report 'Can't connect to display ":0": No protocol specified' if XAUTH authentication is needed

Bug #1885304 reported by Dan Astoorian
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python-xlib (Ubuntu)
New
Undecided
Unassigned

Bug Description

The python-xlib package does not appear to correctly use X11 cookies from $XAUTHORITY under Ubuntu 18.04 (and possibly others).

GNOME3 appears to store the cookies in /run/user/$UID/gdm/Xauthority (and set $XAUTHORITY to this value for the user), but gdm does not appear to include a display number in the authorization entry; e.g., "xauth list" shows "HOSTNAME/unix:" instead of "HOSTNAME/unix:0" for the entry. python-xlib is apparently unable to locate and use the cookie without the display number being present.

This deficiency is typically masked by the presence of "si:localuser:" entries in the xhost table; however, it is sometimes necessary to use XAUTH rather than xhost (e.g., when using certain Tcl/Tk applications which insist on the xhost table being empty for secure communication through the X server).

To reproduce:

  xhost -si:localuser:$USER
  python -c 'from Xlib.display import Display; Display()'

This results in:

Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/home/djast/.local/lib/python2.7/site-packages/Xlib/display.py", line 89, in __init__
    self.display = _BaseDisplay(display)
  File "/home/djast/.local/lib/python2.7/site-packages/Xlib/display.py", line 71, in __init__
    protocol_display.Display.__init__(self, *args, **keys)
  File "/home/djast/.local/lib/python2.7/site-packages/Xlib/protocol/display.py", line 166, in __init__
    raise error.DisplayConnectionError(self.display_name, r.reason)
Xlib.error.DisplayConnectionError: Can't connect to display ":0": No protocol specified

If the xauth entry is updated to include ":0", e.g., via

    xauth add $DISPLAY $(xauth list $DISPLAY | cut -d: -f2- | tail -1)

then running "python -c 'from Xlib.display import Display; Display()'" succeeds.

python3-xlib appears to have the same deficiency.

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: python-xlib 0.20-3
ProcVersionSignature: Ubuntu 4.15.0-108.109-generic 4.15.18
Uname: Linux 4.15.0-108-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.15
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Fri Jun 26 11:28:32 2020
Dependencies: python-six 1.11.0-2
InstallationDate: Installed on 2018-07-31 (695 days ago)
InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725)
PackageArchitecture: all
SourcePackage: python-xlib
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Dan Astoorian (djast-ecf) wrote :
Revision history for this message
Dan Astoorian (djast-ecf) wrote :

Please note that although the Python traceback I posted cited a user-installed (via pip) version of python-xlib, the same symptom does also occur with the Ubuntu-packaged version in /usr/lib/python2.7/dist-packages/Xlib/.

It is possible that the actual bug is GDM failing to correctly populate the display number in the $XAUTHORITY file /run/user/$UID/gdm/Xauthority; this bug report presumes (without justification) that an empty display number in the Xauthority file has a valid interpretation, but that python-xlib is not applying it. I note that other X applications (e.g., xclock) still work with "si:localuser:$USER" removed from the xhost list; I have only observed the failing behaviour with python-xlib and python3-xlib.

Revision history for this message
Dan Astoorian (djast-ecf) wrote :

Changing

            if efam == family and eaddr == address and num == enum:

to

            if efam == family and eaddr == address and (num == enum or enum == ""):

in get_best_auth() in Xlib/xauth.py appears to be an effective fix/workaround; this allows an Xauthority entry with a missing display number to match any display.

Alternatively, and slightly more conservatively, adding:

            if enum == "" and ename not in matches:
                enum = num

before the original line will match the entry only if a display-specific entry is not also present in the Xauthority file.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.