From 570933a6a3597371bae1beeb754ee8711d6305ab Mon Sep 17 00:00:00 2001 From: Michael R Sweet Date: Mon, 2 Apr 2018 20:05:13 -0400 Subject: [PATCH] Fix builds without PAM (Issue #5283) --- CHANGES.md | 8 +++- scheduler/auth.c | 134 ++----------------------------------------------------- 2 files changed, 11 insertions(+), 131 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index f568f35af..e8fc1fbdd 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,7 +1,13 @@ -CHANGES - 2.2.7 - 2018-03-22 +CHANGES - 2.2.8 - 2018-04-02 ============================ +Changes in CUPS v2.2.8 +---------------------- + +- Fixed builds without PAM (Issue #5283) + + Changes in CUPS v2.2.7 ---------------------- diff --git a/scheduler/auth.c b/scheduler/auth.c index 8b134b5d7..fa4e2715d 100644 --- a/scheduler/auth.c +++ b/scheduler/auth.c @@ -1,8 +1,8 @@ /* * Authorization routines for the CUPS scheduler. * - * Copyright 2007-2016 by Apple Inc. - * Copyright 1997-2007 by Easy Software Products, all rights reserved. + * Copyright © 2007-2018 by Apple Inc. + * Copyright © 1997-2007 by Easy Software Products, all rights reserved. * * This file contains Kerberos support code, copyright 2006 by * Jelmer Vernooij. @@ -71,9 +71,6 @@ static int check_authref(cupsd_client_t *con, const char *right); static int compare_locations(cupsd_location_t *a, cupsd_location_t *b); static cupsd_authmask_t *copy_authmask(cupsd_authmask_t *am, void *data); -#if !HAVE_LIBPAM -static char *cups_crypt(const char *pw, const char *salt); -#endif /* !HAVE_LIBPAM */ static void free_authmask(cupsd_authmask_t *am, void *data); #if HAVE_LIBPAM static int pam_func(int, const struct pam_message **, @@ -694,14 +691,14 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ * client... */ - pass = cups_crypt(password, pw->pw_passwd); + pass = crypt(password, pw->pw_passwd); if (!pass || strcmp(pw->pw_passwd, pass)) { # ifdef HAVE_SHADOW_H if (spw) { - pass = cups_crypt(password, spw->sp_pwdp); + pass = crypt(password, spw->sp_pwdp); if (pass == NULL || strcmp(spw->sp_pwdp, pass)) { @@ -1995,129 +1992,6 @@ copy_authmask(cupsd_authmask_t *mask, /* I - Existing auth mask */ } -#if !HAVE_LIBPAM -/* - * 'cups_crypt()' - Encrypt the password using the DES or MD5 algorithms, - * as needed. - */ - -static char * /* O - Encrypted password */ -cups_crypt(const char *pw, /* I - Password string */ - const char *salt) /* I - Salt (key) string */ -{ - if (!strncmp(salt, "$1$", 3)) - { - /* - * Use MD5 passwords without the benefit of PAM; this is for - * Slackware Linux, and the algorithm was taken from the - * old shadow-19990827/lib/md5crypt.c source code... :( - */ - - int i; /* Looping var */ - unsigned long n; /* Output number */ - int pwlen; /* Length of password string */ - const char *salt_end; /* End of "salt" data for MD5 */ - char *ptr; /* Pointer into result string */ - _cups_md5_state_t state; /* Primary MD5 state info */ - _cups_md5_state_t state2; /* Secondary MD5 state info */ - unsigned char digest[16]; /* MD5 digest result */ - static char result[120]; /* Final password string */ - - - /* - * Get the salt data between dollar signs, e.g. $1$saltdata$md5. - * Get a maximum of 8 characters of salt data after $1$... - */ - - for (salt_end = salt + 3; *salt_end && (salt_end - salt) < 11; salt_end ++) - if (*salt_end == '$') - break; - - /* - * Compute the MD5 sum we need... - */ - - pwlen = strlen(pw); - - _cupsMD5Init(&state); - _cupsMD5Append(&state, (unsigned char *)pw, pwlen); - _cupsMD5Append(&state, (unsigned char *)salt, salt_end - salt); - - _cupsMD5Init(&state2); - _cupsMD5Append(&state2, (unsigned char *)pw, pwlen); - _cupsMD5Append(&state2, (unsigned char *)salt + 3, salt_end - salt - 3); - _cupsMD5Append(&state2, (unsigned char *)pw, pwlen); - _cupsMD5Finish(&state2, digest); - - for (i = pwlen; i > 0; i -= 16) - _cupsMD5Append(&state, digest, i > 16 ? 16 : i); - - for (i = pwlen; i > 0; i >>= 1) - _cupsMD5Append(&state, (unsigned char *)((i & 1) ? "" : pw), 1); - - _cupsMD5Finish(&state, digest); - - for (i = 0; i < 1000; i ++) - { - _cupsMD5Init(&state); - - if (i & 1) - _cupsMD5Append(&state, (unsigned char *)pw, pwlen); - else - _cupsMD5Append(&state, digest, 16); - - if (i % 3) - _cupsMD5Append(&state, (unsigned char *)salt + 3, salt_end - salt - 3); - - if (i % 7) - _cupsMD5Append(&state, (unsigned char *)pw, pwlen); - - if (i & 1) - _cupsMD5Append(&state, digest, 16); - else - _cupsMD5Append(&state, (unsigned char *)pw, pwlen); - - _cupsMD5Finish(&state, digest); - } - - /* - * Copy the final sum to the result string and return... - */ - - memcpy(result, salt, (size_t)(salt_end - salt)); - ptr = result + (salt_end - salt); - *ptr++ = '$'; - - for (i = 0; i < 5; i ++, ptr += 4) - { - n = ((((unsigned)digest[i] << 8) | (unsigned)digest[i + 6]) << 8); - - if (i < 4) - n |= (unsigned)digest[i + 12]; - else - n |= (unsigned)digest[5]; - - to64(ptr, n, 4); - } - - to64(ptr, (unsigned)digest[11], 2); - ptr += 2; - *ptr = '\0'; - - return (result); - } - else - { - /* - * Use the standard crypt() function... - */ - - return (crypt(pw, salt)); - } -} -#endif /* !HAVE_LIBPAM */ - - /* * 'free_authmask()' - Free function for auth masks. */