Xenocara: disable xdm-authorization-1 cleanly

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Xenocara: disable xdm-authorization-1 cleanly

Matthieu Herrb-7
Hi,

The XDM-AUTHORIZATION-1 protocol is currenly disabled in xenocara.
It makes sense: this auth protocol doesn't work with IPv6, is relying
on weak DES encryption and only useful with XDMP which isn't supported
by xenodm.

But it's currently only disabled as a side-effect of a buggy check in
xenodm. (If written correctly the test whould enable it...).
This buggy check is a left-over from xdm, and is useless for xenodm.

So let's remove it, and explicitely disable xdm-auth-1 in xserver.

ok ?

Index: app/xenodm/configure.ac
===================================================================
RCS file: /cvs/xenocara/app/xenodm/configure.ac,v
retrieving revision 1.9
diff -u -r1.9 configure.ac
--- app/xenodm/configure.ac 15 Jul 2018 09:05:11 -0000 1.9
+++ app/xenodm/configure.ac 1 Nov 2018 11:49:32 -0000
@@ -198,8 +198,6 @@
 XENODM_CFLAGS="$XENODM_CFLAGS $DMCP_CFLAGS $XLIB_CFLAGS $AUTH_CFLAGS $STATIC_GREETER_CFLAGS"
 XENODM_LIBS="$XENODM_LIBS $DMCP_LIBS"
 
-AC_CHECK_LIB(Xdmcp, XdmcpWrap, [xdmauth="yes"], [xdmauth="no"], [$DMCP_LIBS])
-
 AC_SUBST(XENODM_CFLAGS)
 AC_SUBST(XENODM_LIBS)
 
Index: xserver/Makefile.bsd-wrapper
===================================================================
RCS file: /cvs/xenocara/xserver/Makefile.bsd-wrapper,v
retrieving revision 1.67
diff -u -r1.67 Makefile.bsd-wrapper
--- xserver/Makefile.bsd-wrapper 25 Oct 2018 21:55:18 -0000 1.67
+++ xserver/Makefile.bsd-wrapper 1 Nov 2018 11:49:32 -0000
@@ -35,7 +35,7 @@
  --with-module-dir=${LIBDIR}/modules ${GLX_OPTION} \
  --disable-install-setuid --enable-privsep \
  ${KDRIVE_OPTION} \
- --enable-xcsecurity \
+ --enable-xcsecurity --disable-xdm-auth-1 \
  --without-fop --without-xmlto --without-xsltproc \
  --disable-dmx ${NO_XORG_OPTION} \
  --disable-unit-tests \

--
Matthieu Herrb

Reply | Threaded
Open this post in threaded view
|

Re: Xenocara: disable xdm-authorization-1 cleanly

Theo Buehler-3
On Thu, Nov 01, 2018 at 12:58:36PM +0100, Matthieu Herrb wrote:

> Hi,
>
> The XDM-AUTHORIZATION-1 protocol is currenly disabled in xenocara.
> It makes sense: this auth protocol doesn't work with IPv6, is relying
> on weak DES encryption and only useful with XDMP which isn't supported
> by xenodm.
>
> But it's currently only disabled as a side-effect of a buggy check in
> xenodm. (If written correctly the test whould enable it...).
> This buggy check is a left-over from xdm, and is useless for xenodm.
>
> So let's remove it, and explicitely disable xdm-auth-1 in xserver.
>
> ok ?

ok

>
> Index: app/xenodm/configure.ac
> ===================================================================
> RCS file: /cvs/xenocara/app/xenodm/configure.ac,v
> retrieving revision 1.9
> diff -u -r1.9 configure.ac
> --- app/xenodm/configure.ac 15 Jul 2018 09:05:11 -0000 1.9
> +++ app/xenodm/configure.ac 1 Nov 2018 11:49:32 -0000
> @@ -198,8 +198,6 @@
>  XENODM_CFLAGS="$XENODM_CFLAGS $DMCP_CFLAGS $XLIB_CFLAGS $AUTH_CFLAGS $STATIC_GREETER_CFLAGS"
>  XENODM_LIBS="$XENODM_LIBS $DMCP_LIBS"
>  
> -AC_CHECK_LIB(Xdmcp, XdmcpWrap, [xdmauth="yes"], [xdmauth="no"], [$DMCP_LIBS])
> -
>  AC_SUBST(XENODM_CFLAGS)
>  AC_SUBST(XENODM_LIBS)
>  
> Index: xserver/Makefile.bsd-wrapper
> ===================================================================
> RCS file: /cvs/xenocara/xserver/Makefile.bsd-wrapper,v
> retrieving revision 1.67
> diff -u -r1.67 Makefile.bsd-wrapper
> --- xserver/Makefile.bsd-wrapper 25 Oct 2018 21:55:18 -0000 1.67
> +++ xserver/Makefile.bsd-wrapper 1 Nov 2018 11:49:32 -0000
> @@ -35,7 +35,7 @@
>   --with-module-dir=${LIBDIR}/modules ${GLX_OPTION} \
>   --disable-install-setuid --enable-privsep \
>   ${KDRIVE_OPTION} \
> - --enable-xcsecurity \
> + --enable-xcsecurity --disable-xdm-auth-1 \
>   --without-fop --without-xmlto --without-xsltproc \
>   --disable-dmx ${NO_XORG_OPTION} \
>   --disable-unit-tests \
>
> --
> Matthieu Herrb
>

Reply | Threaded
Open this post in threaded view
|

Re: Xenocara: disable xdm-authorization-1 cleanly

Todd Mortimer
In reply to this post by Matthieu Herrb-7
On Thu, Nov 01, 2018 at 12:58:36PM +0100, Matthieu Herrb wrote:

> Hi,
>
> The XDM-AUTHORIZATION-1 protocol is currenly disabled in xenocara.
> It makes sense: this auth protocol doesn't work with IPv6, is relying
> on weak DES encryption and only useful with XDMP which isn't supported
> by xenodm.
>
> But it's currently only disabled as a side-effect of a buggy check in
> xenodm. (If written correctly the test whould enable it...).
> This buggy check is a left-over from xdm, and is useless for xenodm.
>
> So let's remove it, and explicitely disable xdm-auth-1 in xserver.
>
> ok ?

ok mortimer@

>
> Index: app/xenodm/configure.ac
> ===================================================================
> RCS file: /cvs/xenocara/app/xenodm/configure.ac,v
> retrieving revision 1.9
> diff -u -r1.9 configure.ac
> --- app/xenodm/configure.ac 15 Jul 2018 09:05:11 -0000 1.9
> +++ app/xenodm/configure.ac 1 Nov 2018 11:49:32 -0000
> @@ -198,8 +198,6 @@
>  XENODM_CFLAGS="$XENODM_CFLAGS $DMCP_CFLAGS $XLIB_CFLAGS $AUTH_CFLAGS $STATIC_GREETER_CFLAGS"
>  XENODM_LIBS="$XENODM_LIBS $DMCP_LIBS"
>
> -AC_CHECK_LIB(Xdmcp, XdmcpWrap, [xdmauth="yes"], [xdmauth="no"], [$DMCP_LIBS])
> -
>  AC_SUBST(XENODM_CFLAGS)
>  AC_SUBST(XENODM_LIBS)
>
> Index: xserver/Makefile.bsd-wrapper
> ===================================================================
> RCS file: /cvs/xenocara/xserver/Makefile.bsd-wrapper,v
> retrieving revision 1.67
> diff -u -r1.67 Makefile.bsd-wrapper
> --- xserver/Makefile.bsd-wrapper 25 Oct 2018 21:55:18 -0000 1.67
> +++ xserver/Makefile.bsd-wrapper 1 Nov 2018 11:49:32 -0000
> @@ -35,7 +35,7 @@
>   --with-module-dir=${LIBDIR}/modules ${GLX_OPTION} \
>   --disable-install-setuid --enable-privsep \
>   ${KDRIVE_OPTION} \
> - --enable-xcsecurity \
> + --enable-xcsecurity --disable-xdm-auth-1 \
>   --without-fop --without-xmlto --without-xsltproc \
>   --disable-dmx ${NO_XORG_OPTION} \
>   --disable-unit-tests \
>
> --
> Matthieu Herrb
>