Bug 10665 - XOpenDisplay says "XDM authorization key matches an existing client!"
XOpenDisplay says "XDM authorization key matches an existing client!"
Status: NEW
Product: xorg
Classification: Unclassified
Component: Server/General
Other All
: high normal
Assigned To: Xorg Project Team
Xorg Project Team
: patch
Depends on:
  Show dependency treegraph
Reported: 2007-04-17 13:52 UTC by Brice Goglin
Modified: 2014-11-28 16:28 UTC (History)
1 user (show)

See Also:

The described patch for Xorg server (2.39 KB, patch)
2010-08-09 10:19 UTC, Michał Górny
no flags Details | Splinter Review

Note You need to log in before you can comment on or make changes to this bug.
Description Brice Goglin 2007-04-17 13:52:06 UTC
Bug reported on the Debian BTS by Bernhard R. Link about 2 years ago, still applies to a recent git (xdm 1.1.4, Xlib 1.1.1 with XCB, Xserver 1.3-rc5).

The following code, when executed after a login with xdm, successfully opens display :0 once and then fails saying "XDM authorization key matches an existing client!" (while it is apparently supposed to successfully open/close forever).

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <X11/Xlib.h>
Display *dpy;
int main() {
	dpy = XOpenDisplay(":0");
	if (dpy == NULL) {
		fprintf(stderr, "cannot open display :0\n");
	fprintf(stderr, "opened display :0\n");
	execl("./test","./test", NULL);

It seems related to having "XDM-AUTHORIZATION-1" in the output of xauth list. Adding "DisplayManager*authName: MIT-MAGIC-COOKIE-1" makes the XDM-AUTHORIZATION-1 disappear from xauth list, and the program now works as expected.

According to the submitter, it might be related to the block of code starting at http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git;a=blob;h=95a836d44662c0e1cb08862e30bfbe1e97be3bf4;hb=603c2f88d4e57ce1a3c16e8b6246866e6edd8fa8;f=src/ConnDis.c#l1139

See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=292388 for details

Comment 1 Michał Górny 2010-08-09 10:19:03 UTC
IMHO the real issue is that the xdmauth code inside Xorg server doesn't free the auth data whenever a client disconnects. It basically requires clients to rely on some kind of randomness.

Thus, I've added an 'xclient' ClientPtr field to the auth data structure to track X clients, and I've created a XdmDeleteClient() function to drop the auth data whenever the client disconnects. The code doesn't use the 'xclient' field directly, it is set within XdmCheckCookie() and compared within XdmDeleteClient(), thus there's no reason to worry even if it the structure was freed somehow without calling XdmDeleteClient().
Comment 2 Michał Górny 2010-08-09 10:19:48 UTC
Created attachment 37736 [details] [review]
The described patch for Xorg server
Comment 3 Jeremy Huddleston 2011-10-07 15:33:58 UTC
Can you please submit your patch to xorg-devel for review?
Comment 4 Michał Górny 2011-10-08 00:49:08 UTC
(In reply to comment #3)
> Can you please submit your patch to xorg-devel for review?

I'm not sure where but I think the patch was rejected already with the intent that xdm clients are not removed on purpose (some kind of obscurity).
Comment 5 debguy 2014-11-28 16:28:56 UTC
did you run iceauth and check ?