[comp.windows.x] xdm Imakefile needs DONT_USE_DEF

envbvs@epb2.lbl.gov (Brian V. Smith) (01/07/90)

The Imakefile for xdm is (IMHO) missing a preprocessor flag for the case
where the machine does NOT have DES encryption.

Here is a patch:

*** xdm/Imakefile.orig	Wed Dec 13 12:26:21 1989
--- xdm/Imakefile	Sat Jan  6 19:29:31 1990
***************
*** 10,20
  #if HasDESLibrary
  DESDEFS = -DHASDES
  DESOBJS = xdmauth.o
  DESSRCS = xdmauth.c
  #else
! DESDEFS = 
  DESOBJS =
  DESSRCS = 
  #endif
  
     XDMCONFIGDIR = XdmConfigurationSubdirectory

--- 10,20 -----
  #if HasDESLibrary
  DESDEFS = -DHASDES
  DESOBJS = xdmauth.o
  DESSRCS = xdmauth.c
  #else
! DESDEFS = -DDONT_USE_DES
  DESOBJS =
  DESSRCS = 
  #endif
  
     XDMCONFIGDIR = XdmConfigurationSubdirectory
--
_____________________________________
Brian V. Smith    (bvsmith@lbl.gov)
Lawrence Berkeley Laboratory
I don't speak for LBL, these non-opinions are all mine.

keith@EXPO.LCS.MIT.EDU (Keith Packard) (01/07/90)

> The Imakefile for xdm is (IMHO) missing a preprocessor flag for the case
> where the machine does NOT have DES encryption.

> Here is a patch:

> *** xdm/Imakefile.orig	Wed Dec 13 12:26:21 1989
> --- xdm/Imakefile	Sat Jan  6 19:29:31 1990
> ***************
> *** 10,20
>   #if HasDESLibrary
>   DESDEFS = -DHASDES
>   DESOBJS = xdmauth.o
>   DESSRCS = xdmauth.c
>   #else
> ! DESDEFS = 
>   DESOBJS =
>   DESSRCS = 
>   #endif
>   
>      XDMCONFIGDIR = XdmConfigurationSubdirectory
> 
> --- 10,20 -----
>   #if HasDESLibrary
>   DESDEFS = -DHASDES
>   DESOBJS = xdmauth.o
>   DESSRCS = xdmauth.c
>   #else
> ! DESDEFS = -DDONT_USE_DES
>   DESOBJS =
>   DESSRCS = 
>   #endif
>   
>      XDMCONFIGDIR = XdmConfigurationSubdirectory
> 

This patch is not correct.  HASDES is defined for machines which have
implemented a client library which does DES in the way expected for
XDM-AUTHENTICATION-1 and XDM-AUTHORIZATION-1 authentication/authorization
schemes.  As no machines have such a library (the sample implementation
written here at MIT is not distributable outside of the US), HasDESLibrary
should always be false.

On the other hand, DONT_USE_DES is defined for machines which have neither
setkey/encrypt nor crypt in libc.  These functions are used to generate
cryptographically secure random numbers and do not depend on whether DES is
used in those functions, just that the perturb the bits around when called.
Machines which are exported from the US typically do not have any DES
routines at all (even for password checking) and so this option allows those
machines to use a less secure mechanism for generating the keys (less secure
is rather misleading in this context; without HASDES the only authorization
scheme supported is MIT-MAGIC-COOKIE-1 which passes these carefully crafted
cryptographically secure random numbers in the clear over the network).

If the commerce departement ever allows us to distribute DES implementations
(or even code which uses some other DES implementation), HASDES will become
useful, and session authorization will be more secure.

Keith Packard
MIT X Consortium