[Buildroot] [PATCH 1/2] cups: fix build without PAM
Olivier Schonken
olivier.schonken at gmail.com
Tue May 1 05:23:55 UTC 2018
Acked-by: Olivier Schonken <olivier.schonken at gmail.com>
On Mon, 30 Apr 2018, 21:21 Baruch Siach, <baruch at tkos.co.il> wrote:
> Add upstream patch removing MD5 code that builds when PAM is not
> enabled.
>
> Fixes:
>
> http://autobuild.buildroot.net/results/48d/48d53bdeceafdbb51756d5c0b9936ce7c98b4ddc/
>
> http://autobuild.buildroot.net/results/13c/13cb03a8d0ae215c418fe2520a27b2940efd4a39/
>
> http://autobuild.buildroot.net/results/fd3/fd3c56b60bb0411b38dc7279880d1fab7228c20a/
>
> Cc: Olivier Schonken <olivier.schonken at gmail.com>
> Signed-off-by: Baruch Siach <baruch at tkos.co.il>
> ---
> ...05-Fix-builds-without-PAM-Issue-5283.patch | 189 ++++++++++++++++++
> 1 file changed, 189 insertions(+)
> create mode 100644
> package/cups/0005-Fix-builds-without-PAM-Issue-5283.patch
>
> diff --git a/package/cups/0005-Fix-builds-without-PAM-Issue-5283.patch
> b/package/cups/0005-Fix-builds-without-PAM-Issue-5283.patch
> new file mode 100644
> index 000000000000..ff242f82760b
> --- /dev/null
> +++ b/package/cups/0005-Fix-builds-without-PAM-Issue-5283.patch
> @@ -0,0 +1,189 @@
> +From 570933a6a3597371bae1beeb754ee8711d6305ab Mon Sep 17 00:00:00 2001
> +From: Michael R Sweet <michael.r.sweet at gmail.com>
> +Date: Mon, 2 Apr 2018 20:05:13 -0400
> +Subject: [PATCH] Fix builds without PAM (Issue #5283)
> +
> +[baruch: drop CHANGES.md hunk]
> +Signed-off-by: Baruch Siach <baruch at tkos.co.il>
> +---
> +Upstream status: commit 570933a6a3
> +
> + CHANGES.md | 8 ++-
> + scheduler/auth.c | 134 ++---------------------------------------------
> + 2 files changed, 11 insertions(+), 131 deletions(-)
> +
> +diff --git a/scheduler/auth.c b/scheduler/auth.c
> +index 8b134b5d7257..fa4e2715de34 100644
> +--- a/scheduler/auth.c
> ++++ b/scheduler/auth.c
> +@@ -1,8 +1,8 @@
> + /*
> + * Authorization routines for the CUPS scheduler.
> + *
> +- * Copyright 2007-2016 by Apple Inc.
> +- * Copyright 1997-2007 by Easy Software Products, all rights reserved.
> ++ * Copyright © 2007-2018 by Apple Inc.
> ++ * Copyright © 1997-2007 by Easy Software Products, all rights reserved.
> + *
> + * This file contains Kerberos support code, copyright 2006 by
> + * Jelmer Vernooij.
> +@@ -71,9 +71,6 @@ static int check_authref(cupsd_client_t *con,
> const char *right);
> + static int compare_locations(cupsd_location_t *a,
> + cupsd_location_t *b);
> + static cupsd_authmask_t *copy_authmask(cupsd_authmask_t *am, void
> *data);
> +-#if !HAVE_LIBPAM
> +-static char *cups_crypt(const char *pw, const char *salt);
> +-#endif /* !HAVE_LIBPAM */
> + static void free_authmask(cupsd_authmask_t *am, void *data);
> + #if HAVE_LIBPAM
> + static int pam_func(int, const struct pam_message **,
> +@@ -694,14 +691,14 @@ cupsdAuthorize(cupsd_client_t *con) /* I -
> Client connection */
> + * client...
> + */
> +
> +- pass = cups_crypt(password, pw->pw_passwd);
> ++ pass = crypt(password, pw->pw_passwd);
> +
> + if (!pass || strcmp(pw->pw_passwd, pass))
> + {
> + # ifdef HAVE_SHADOW_H
> + if (spw)
> + {
> +- pass = cups_crypt(password, spw->sp_pwdp);
> ++ pass = crypt(password, spw->sp_pwdp);
> +
> + if (pass == NULL || strcmp(spw->sp_pwdp, pass))
> + {
> +@@ -1995,129 +1992,6 @@ copy_authmask(cupsd_authmask_t *mask, /* I -
> Existing auth mask */
> + }
> +
> +
> +-#if !HAVE_LIBPAM
> +-/*
> +- * 'cups_crypt()' - Encrypt the password using the DES or MD5 algorithms,
> +- * as needed.
> +- */
> +-
> +-static char * /* O - Encrypted password */
> +-cups_crypt(const char *pw, /* I - Password string */
> +- const char *salt) /* I - Salt (key) string */
> +-{
> +- if (!strncmp(salt, "$1$", 3))
> +- {
> +- /*
> +- * Use MD5 passwords without the benefit of PAM; this is for
> +- * Slackware Linux, and the algorithm was taken from the
> +- * old shadow-19990827/lib/md5crypt.c source code... :(
> +- */
> +-
> +- int i; /* Looping var */
> +- unsigned long n; /* Output number */
> +- int pwlen; /* Length of password
> string */
> +- const char *salt_end; /* End of "salt" data for
> MD5 */
> +- char *ptr; /* Pointer into result string */
> +- _cups_md5_state_t state; /* Primary MD5 state info */
> +- _cups_md5_state_t state2; /* Secondary MD5 state info */
> +- unsigned char digest[16]; /* MD5 digest result */
> +- static char result[120]; /* Final password string */
> +-
> +-
> +- /*
> +- * Get the salt data between dollar signs, e.g. $1$saltdata$md5.
> +- * Get a maximum of 8 characters of salt data after $1$...
> +- */
> +-
> +- for (salt_end = salt + 3; *salt_end && (salt_end - salt) < 11;
> salt_end ++)
> +- if (*salt_end == '$')
> +- break;
> +-
> +- /*
> +- * Compute the MD5 sum we need...
> +- */
> +-
> +- pwlen = strlen(pw);
> +-
> +- _cupsMD5Init(&state);
> +- _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
> +- _cupsMD5Append(&state, (unsigned char *)salt, salt_end - salt);
> +-
> +- _cupsMD5Init(&state2);
> +- _cupsMD5Append(&state2, (unsigned char *)pw, pwlen);
> +- _cupsMD5Append(&state2, (unsigned char *)salt + 3, salt_end - salt -
> 3);
> +- _cupsMD5Append(&state2, (unsigned char *)pw, pwlen);
> +- _cupsMD5Finish(&state2, digest);
> +-
> +- for (i = pwlen; i > 0; i -= 16)
> +- _cupsMD5Append(&state, digest, i > 16 ? 16 : i);
> +-
> +- for (i = pwlen; i > 0; i >>= 1)
> +- _cupsMD5Append(&state, (unsigned char *)((i & 1) ? "" : pw), 1);
> +-
> +- _cupsMD5Finish(&state, digest);
> +-
> +- for (i = 0; i < 1000; i ++)
> +- {
> +- _cupsMD5Init(&state);
> +-
> +- if (i & 1)
> +- _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
> +- else
> +- _cupsMD5Append(&state, digest, 16);
> +-
> +- if (i % 3)
> +- _cupsMD5Append(&state, (unsigned char *)salt + 3, salt_end -
> salt - 3);
> +-
> +- if (i % 7)
> +- _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
> +-
> +- if (i & 1)
> +- _cupsMD5Append(&state, digest, 16);
> +- else
> +- _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
> +-
> +- _cupsMD5Finish(&state, digest);
> +- }
> +-
> +- /*
> +- * Copy the final sum to the result string and return...
> +- */
> +-
> +- memcpy(result, salt, (size_t)(salt_end - salt));
> +- ptr = result + (salt_end - salt);
> +- *ptr++ = '$';
> +-
> +- for (i = 0; i < 5; i ++, ptr += 4)
> +- {
> +- n = ((((unsigned)digest[i] << 8) | (unsigned)digest[i + 6]) << 8);
> +-
> +- if (i < 4)
> +- n |= (unsigned)digest[i + 12];
> +- else
> +- n |= (unsigned)digest[5];
> +-
> +- to64(ptr, n, 4);
> +- }
> +-
> +- to64(ptr, (unsigned)digest[11], 2);
> +- ptr += 2;
> +- *ptr = '\0';
> +-
> +- return (result);
> +- }
> +- else
> +- {
> +- /*
> +- * Use the standard crypt() function...
> +- */
> +-
> +- return (crypt(pw, salt));
> +- }
> +-}
> +-#endif /* !HAVE_LIBPAM */
> +-
> +-
> + /*
> + * 'free_authmask()' - Free function for auth masks.
> + */
> +--
> +2.17.0
> +
> --
> 2.17.0
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20180501/364d6b4d/attachment.html>
More information about the buildroot
mailing list