← Back to team overview

desktop-packages team mailing list archive

[Bug 1517685] Re: XDMCP server starts without authentication if configured key does not exist

 

Hello Robert, or anyone else affected,

Accepted lightdm into trusty-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/lightdm/1.10.6-0ubuntu1 in a few
hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: lightdm (Ubuntu Trusty)
       Status: New => Fix Committed

** Tags added: verification-needed

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1517685

Title:
  XDMCP server starts without authentication if configured key does not
  exist

Status in Light Display Manager:
  Fix Released
Status in Light Display Manager 1.10 series:
  Fix Released
Status in Light Display Manager 1.14 series:
  Fix Released
Status in Light Display Manager 1.16 series:
  Fix Released
Status in Light Display Manager 1.2 series:
  Fix Released
Status in lightdm package in Ubuntu:
  New
Status in lightdm source package in Precise:
  New
Status in lightdm source package in Trusty:
  Fix Committed
Status in lightdm source package in Vivid:
  New
Status in lightdm source package in Wily:
  New

Bug description:
  [Impact]
  An incorrectly configured XDMCP server will start without authentication instead of disabling XDMCP / stopping LightDM.

  [Test Case]
  1. Set up LightDM to run an XDMCP server using an XDM authentication key, i.e. in lightdm.conf:
  [XDMCPServer]
  enabled=true
  key=key-name
  2. Do not create /etc/lightdm/keys.conf or do not define 'key-name' in keys.conf.
  3. Start LightDM
  4. Connect XDMCP client.

  Expected result:
  Either LightDM doesn't start or the XDMCP server doesn't start.

  Observed result:
  XDMCP server starts without authentication, any XDMCP client is able to connect. Debug message printed to log warning about missing key, but not easy to spot.

  [Regression Potential]
  Low - change is to not start LightDM if this case occurs. This could affect someone who currently has a misconfigured LightDM. In this case a warning message is printed to the log.

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1517685/+subscriptions