On Thu, Nov 01, 2018 at 12:58:36PM +0100, Matthieu Herrb wrote:
> Hi,
>
> The XDM-AUTHORIZATION-1 protocol is currenly disabled in xenocara.
> It makes sense: this auth protocol doesn't work with IPv6, is relying
> on weak DES encryption and only useful with XDMP which isn't supported
> by xenodm.
>
> But it's currently only disabled as a side-effect of a buggy check in
> xenodm. (If written correctly the test whould enable it...).
> This buggy check is a left-over from xdm, and is useless for xenodm.
>
> So let's remove it, and explicitely disable xdm-auth-1 in xserver.
>
> ok ?
ok
>
> Index: app/xenodm/configure.ac
> ===
> RCS file: /cvs/xenocara/app/xenodm/configure.ac,v
> retrieving revision 1.9
> diff -u -r1.9 configure.ac
> --- app/xenodm/configure.ac 15 Jul 2018 09:05:11 - 1.9
> +++ app/xenodm/configure.ac 1 Nov 2018 11:49:32 -
> @@ -198,8 +198,6 @@
> XENODM_CFLAGS="$XENODM_CFLAGS $DMCP_CFLAGS $XLIB_CFLAGS $AUTH_CFLAGS
> $STATIC_GREETER_CFLAGS"
> XENODM_LIBS="$XENODM_LIBS $DMCP_LIBS"
>
> -AC_CHECK_LIB(Xdmcp, XdmcpWrap, [xdmauth="yes"], [xdmauth="no"], [$DMCP_LIBS])
> -
> AC_SUBST(XENODM_CFLAGS)
> AC_SUBST(XENODM_LIBS)
>
> Index: xserver/Makefile.bsd-wrapper
> ===
> RCS file: /cvs/xenocara/xserver/Makefile.bsd-wrapper,v
> retrieving revision 1.67
> diff -u -r1.67 Makefile.bsd-wrapper
> --- xserver/Makefile.bsd-wrapper 25 Oct 2018 21:55:18 - 1.67
> +++ xserver/Makefile.bsd-wrapper 1 Nov 2018 11:49:32 -
> @@ -35,7 +35,7 @@
> --with-module-dir=${LIBDIR}/modules ${GLX_OPTION} \
> --disable-install-setuid --enable-privsep \
> ${KDRIVE_OPTION} \
> - --enable-xcsecurity \
> + --enable-xcsecurity --disable-xdm-auth-1 \
> --without-fop --without-xmlto --without-xsltproc \
> --disable-dmx ${NO_XORG_OPTION} \
> --disable-unit-tests \
>
> --
> Matthieu Herrb
>
