Fix builds without PAM (Issue #5283)

diff --git a/CHANGES.md b/CHANGES.md
index f568f35af1ed966bbb35bf53786693484f0d442b..e8fc1fbdd48374f22ce446c40a78b63f57df54a8 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,7 +1,13 @@
-CHANGES - 2.2.7 - 2018-03-22
+CHANGES - 2.2.8 - 2018-04-02
 ============================
 
 
+Changes in CUPS v2.2.8
+----------------------
+
+- Fixed builds without PAM (Issue #5283)
+
+
 Changes in CUPS v2.2.7
 ----------------------
 

diff --git a/scheduler/auth.c b/scheduler/auth.c
index 8b134b5d7257ed81d6953eddc225f637493443c8..fa4e2715de3415993b68f1fc7d0407b9792d849f 100644 (file)
--- a/scheduler/auth.c
+++ b/scheduler/auth.c
@@ -1,8 +1,8 @@
 /*
  * Authorization routines for the CUPS scheduler.
  *
- * Copyright 2007-2016 by Apple Inc.
- * Copyright 1997-2007 by Easy Software Products, all rights reserved.
+ * Copyright © 2007-2018 by Apple Inc.
+ * Copyright © 1997-2007 by Easy Software Products, all rights reserved.
  *
  * This file contains Kerberos support code, copyright 2006 by
  * Jelmer Vernooij.
@@ -71,9 +71,6 @@ static int            check_authref(cupsd_client_t *con, const char *right);
 static int             compare_locations(cupsd_location_t *a,
                                          cupsd_location_t *b);
 static cupsd_authmask_t        *copy_authmask(cupsd_authmask_t *am, void *data);
-#if !HAVE_LIBPAM
-static char            *cups_crypt(const char *pw, const char *salt);
-#endif /* !HAVE_LIBPAM */
 static void            free_authmask(cupsd_authmask_t *am, void *data);
 #if HAVE_LIBPAM
 static int             pam_func(int, const struct pam_message **,
@@ -694,14 +691,14 @@ cupsdAuthorize(cupsd_client_t *con)       /* I - Client connection */
            * client...
            */
 
-           pass = cups_crypt(password, pw->pw_passwd);
+           pass = crypt(password, pw->pw_passwd);
 
            if (!pass || strcmp(pw->pw_passwd, pass))
            {
 #  ifdef HAVE_SHADOW_H
              if (spw)
              {
-               pass = cups_crypt(password, spw->sp_pwdp);
+               pass = crypt(password, spw->sp_pwdp);
 
                if (pass == NULL || strcmp(spw->sp_pwdp, pass))
                {
@@ -1995,129 +1992,6 @@ copy_authmask(cupsd_authmask_t *mask,   /* I - Existing auth mask */
 }
 
 
-#if !HAVE_LIBPAM
-/*
- * 'cups_crypt()' - Encrypt the password using the DES or MD5 algorithms,
- *                  as needed.
- */
-
-static char *                          /* O - Encrypted password */
-cups_crypt(const char *pw,             /* I - Password string */
-           const char *salt)           /* I - Salt (key) string */
-{
-  if (!strncmp(salt, "$1$", 3))
-  {
-   /*
-    * Use MD5 passwords without the benefit of PAM; this is for
-    * Slackware Linux, and the algorithm was taken from the
-    * old shadow-19990827/lib/md5crypt.c source code... :(
-    */
-
-    int                        i;              /* Looping var */
-    unsigned long      n;              /* Output number */
-    int                        pwlen;          /* Length of password string */
-    const char         *salt_end;      /* End of "salt" data for MD5 */
-    char               *ptr;           /* Pointer into result string */
-    _cups_md5_state_t  state;          /* Primary MD5 state info */
-    _cups_md5_state_t  state2;         /* Secondary MD5 state info */
-    unsigned char      digest[16];     /* MD5 digest result */
-    static char                result[120];    /* Final password string */
-
-
-   /*
-    * Get the salt data between dollar signs, e.g. $1$saltdata$md5.
-    * Get a maximum of 8 characters of salt data after $1$...
-    */
-
-    for (salt_end = salt + 3; *salt_end && (salt_end - salt) < 11; salt_end ++)
-      if (*salt_end == '$')
-        break;
-
-   /*
-    * Compute the MD5 sum we need...
-    */
-
-    pwlen = strlen(pw);
-
-    _cupsMD5Init(&state);
-    _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
-    _cupsMD5Append(&state, (unsigned char *)salt, salt_end - salt);
-
-    _cupsMD5Init(&state2);
-    _cupsMD5Append(&state2, (unsigned char *)pw, pwlen);
-    _cupsMD5Append(&state2, (unsigned char *)salt + 3, salt_end - salt - 3);
-    _cupsMD5Append(&state2, (unsigned char *)pw, pwlen);
-    _cupsMD5Finish(&state2, digest);
-
-    for (i = pwlen; i > 0; i -= 16)
-      _cupsMD5Append(&state, digest, i > 16 ? 16 : i);
-
-    for (i = pwlen; i > 0; i >>= 1)
-      _cupsMD5Append(&state, (unsigned char *)((i & 1) ? "" : pw), 1);
-
-    _cupsMD5Finish(&state, digest);
-
-    for (i = 0; i < 1000; i ++)
-    {
-      _cupsMD5Init(&state);
-
-      if (i & 1)
-        _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
-      else
-        _cupsMD5Append(&state, digest, 16);
-
-      if (i % 3)
-        _cupsMD5Append(&state, (unsigned char *)salt + 3, salt_end - salt - 3);
-
-      if (i % 7)
-        _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
-
-      if (i & 1)
-        _cupsMD5Append(&state, digest, 16);
-      else
-        _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
-
-      _cupsMD5Finish(&state, digest);
-    }
-
-   /*
-    * Copy the final sum to the result string and return...
-    */
-
-    memcpy(result, salt, (size_t)(salt_end - salt));
-    ptr = result + (salt_end - salt);
-    *ptr++ = '$';
-
-    for (i = 0; i < 5; i ++, ptr += 4)
-    {
-      n = ((((unsigned)digest[i] << 8) | (unsigned)digest[i + 6]) << 8);
-
-      if (i < 4)
-        n |= (unsigned)digest[i + 12];
-      else
-        n |= (unsigned)digest[5];
-
-      to64(ptr, n, 4);
-    }
-
-    to64(ptr, (unsigned)digest[11], 2);
-    ptr += 2;
-    *ptr = '\0';
-
-    return (result);
-  }
-  else
-  {
-   /*
-    * Use the standard crypt() function...
-    */
-
-    return (crypt(pw, salt));
-  }
-}
-#endif /* !HAVE_LIBPAM */
-
-
 /*
  * 'free_authmask()' - Free function for auth masks.
  */