1 |
commit: 5983cc09eade48687c10dd3241c946d899369a43 |
2 |
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Sep 3 07:51:15 2019 +0000 |
4 |
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Sep 3 07:51:15 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5983cc09 |
7 |
|
8 |
net-print/cups: Security cleanup |
9 |
|
10 |
Bug: https://bugs.gentoo.org/692300 |
11 |
Package-Manager: Portage-2.3.75, Repoman-2.3.17 |
12 |
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org> |
13 |
|
14 |
net-print/cups/Manifest | 1 - |
15 |
net-print/cups/cups-2.2.11.ebuild | 336 ------------------------- |
16 |
net-print/cups/files/cups-2.3_rc1-no_pam.patch | 164 ------------ |
17 |
3 files changed, 501 deletions(-) |
18 |
|
19 |
diff --git a/net-print/cups/Manifest b/net-print/cups/Manifest |
20 |
index b9b923a3fe7..c4d4ef2a259 100644 |
21 |
--- a/net-print/cups/Manifest |
22 |
+++ b/net-print/cups/Manifest |
23 |
@@ -1,3 +1,2 @@ |
24 |
-DIST cups-2.2.11-source.tar.gz 10405908 BLAKE2B 9b7ee4da9502e42fd1b4a2c57ab709b3127ee8aeb8481a52f37da19fe5578f406260f1551e3fcedcd3a828fbed69267e68fcfd7bfabadf65afce4c3af19b4a1f SHA512 21a6916041b50044d336871f10d1192635458a3d318f19a18ad21d27027dd3839400601019e758424c218225a34aba148ba3a57f0ce3fe14c4df03bd1fde3403 |
25 |
DIST cups-2.2.12-source.tar.gz 10409313 BLAKE2B 126ea81f7108b3b62f5e062ed522898dd48d4e5b4077c834e8fe89012445dd0a903bafa62f593551ed5f1c92cce4fbd22f56834e0615ed65ca4a6ae84dc2ca1c SHA512 b8e7be512938ad388d469d093ad0c882ab42ea1408c27a91340f8424aa0e79e588df3d59795624973b89074a2af650fa9b5b6ed5224138b17e4c6dbbcbf0a2e6 |
26 |
DIST cups-2.3.0-source.tar.gz 8129049 BLAKE2B 738dbc7ee5ddcc9ffee44083cd93d8a0e75f4d3bf0b704dd643dc59db2cc2381dd65f676c0979bc65fee03438d160d9d650ceb93f8c702102eb1449d306a81a3 SHA512 c51f173b5fbae1554a3f4a3786fb3b5566e50d9f775473788ee3553922ac7e02e4785492c87c93fd46f159f50d97cc10ff6feafb3397cd9c1840840f3a9cdfae |
27 |
|
28 |
diff --git a/net-print/cups/cups-2.2.11.ebuild b/net-print/cups/cups-2.2.11.ebuild |
29 |
deleted file mode 100644 |
30 |
index 1c078ac92c8..00000000000 |
31 |
--- a/net-print/cups/cups-2.2.11.ebuild |
32 |
+++ /dev/null |
33 |
@@ -1,336 +0,0 @@ |
34 |
-# Copyright 1999-2019 Gentoo Authors |
35 |
-# Distributed under the terms of the GNU General Public License v2 |
36 |
- |
37 |
-EAPI=7 |
38 |
- |
39 |
-PYTHON_COMPAT=( python2_7 ) |
40 |
- |
41 |
-inherit autotools flag-o-matic linux-info xdg multilib-minimal pam python-single-r1 user java-pkg-opt-2 systemd toolchain-funcs |
42 |
- |
43 |
-MY_P="${P/_rc/rc}" |
44 |
-MY_P="${MY_P/_beta/b}" |
45 |
-MY_PV="${PV/_rc/rc}" |
46 |
-MY_PV="${MY_PV/_beta/b}" |
47 |
- |
48 |
-if [[ ${PV} == *9999 ]]; then |
49 |
- inherit git-r3 |
50 |
- EGIT_REPO_URI="https://github.com/apple/cups.git" |
51 |
- if [[ ${PV} != 9999 ]]; then |
52 |
- EGIT_BRANCH=branch-${PV/.9999} |
53 |
- fi |
54 |
-else |
55 |
- #SRC_URI="https://github.com/apple/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" |
56 |
- SRC_URI="https://github.com/apple/cups/releases/download/v${PV}/${P}-source.tar.gz" |
57 |
- KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~mips ppc ppc64 s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~m68k-mint" |
58 |
-fi |
59 |
- |
60 |
-DESCRIPTION="The Common Unix Printing System" |
61 |
-HOMEPAGE="https://www.cups.org/" |
62 |
- |
63 |
-LICENSE="GPL-2" |
64 |
-SLOT="0" |
65 |
-IUSE="acl dbus debug java kerberos lprng-compat pam python selinux +ssl static-libs systemd +threads usb X xinetd zeroconf" |
66 |
- |
67 |
-CDEPEND=" |
68 |
- app-text/libpaper |
69 |
- sys-libs/zlib |
70 |
- acl? ( |
71 |
- kernel_linux? ( |
72 |
- sys-apps/acl |
73 |
- sys-apps/attr |
74 |
- ) |
75 |
- ) |
76 |
- dbus? ( >=sys-apps/dbus-1.6.18-r1[${MULTILIB_USEDEP}] ) |
77 |
- java? ( >=virtual/jre-1.6:* ) |
78 |
- kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) |
79 |
- !lprng-compat? ( !net-print/lprng ) |
80 |
- pam? ( virtual/pam ) |
81 |
- python? ( ${PYTHON_DEPS} ) |
82 |
- ssl? ( >=net-libs/gnutls-2.12.23-r6:0=[${MULTILIB_USEDEP}] ) |
83 |
- systemd? ( sys-apps/systemd ) |
84 |
- usb? ( virtual/libusb:1 ) |
85 |
- X? ( x11-misc/xdg-utils ) |
86 |
- xinetd? ( sys-apps/xinetd ) |
87 |
- zeroconf? ( >=net-dns/avahi-0.6.31-r2[${MULTILIB_USEDEP}] ) |
88 |
-" |
89 |
- |
90 |
-DEPEND="${CDEPEND}" |
91 |
-BDEPEND=" |
92 |
- >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] |
93 |
-" |
94 |
- |
95 |
-RDEPEND="${CDEPEND} |
96 |
- selinux? ( sec-policy/selinux-cups ) |
97 |
-" |
98 |
- |
99 |
-PDEPEND=">=net-print/cups-filters-1.0.43" |
100 |
- |
101 |
-REQUIRED_USE=" |
102 |
- python? ( ${PYTHON_REQUIRED_USE} ) |
103 |
- usb? ( threads ) |
104 |
-" |
105 |
- |
106 |
-# upstream includes an interactive test which is a nono for gentoo |
107 |
-RESTRICT="test" |
108 |
- |
109 |
-# systemd-socket.patch from Fedora |
110 |
-PATCHES=( |
111 |
- "${FILESDIR}/${PN}-2.2.0-dont-compress-manpages.patch" |
112 |
- "${FILESDIR}/${PN}-2.2.6-fix-install-perms.patch" |
113 |
- "${FILESDIR}/${PN}-1.4.4-nostrip.patch" |
114 |
- "${FILESDIR}/${PN}-2.0.2-rename-systemd-service-files.patch" |
115 |
- "${FILESDIR}/${PN}-2.0.1-xinetd-installation-fix.patch" |
116 |
-) |
117 |
- |
118 |
-MULTILIB_CHOST_TOOLS=( |
119 |
- /usr/bin/cups-config |
120 |
-) |
121 |
- |
122 |
-pkg_setup() { |
123 |
- enewgroup lp |
124 |
- enewuser lp -1 -1 -1 lp |
125 |
- enewgroup lpadmin 106 |
126 |
- |
127 |
- use python && python-single-r1_pkg_setup |
128 |
- |
129 |
- if use kernel_linux; then |
130 |
- linux-info_pkg_setup |
131 |
- if ! linux_config_exists; then |
132 |
- ewarn "Can't check the linux kernel configuration." |
133 |
- ewarn "You might have some incompatible options enabled." |
134 |
- else |
135 |
- # recheck that we don't have usblp to collide with libusb; this should now work in most cases (bug 501122) |
136 |
- if use usb; then |
137 |
- if linux_chkconfig_present USB_PRINTER; then |
138 |
- elog "Your USB printers will be managed via libusb. In case you run into problems, " |
139 |
- elog "please try disabling USB_PRINTER support in your kernel or blacklisting the" |
140 |
- elog "usblp kernel module." |
141 |
- elog "Alternatively, just disable the usb useflag for cups (your printer will still work)." |
142 |
- fi |
143 |
- else |
144 |
- #here we should warn user that he should enable it so he can print |
145 |
- if ! linux_chkconfig_present USB_PRINTER; then |
146 |
- ewarn "If you plan to use USB printers you should enable the USB_PRINTER" |
147 |
- ewarn "support in your kernel." |
148 |
- ewarn "Please enable it:" |
149 |
- ewarn " CONFIG_USB_PRINTER=y" |
150 |
- ewarn "in /usr/src/linux/.config or" |
151 |
- ewarn " Device Drivers --->" |
152 |
- ewarn " USB support --->" |
153 |
- ewarn " [*] USB Printer support" |
154 |
- ewarn "Alternatively, enable the usb useflag for cups and use the libusb code." |
155 |
- fi |
156 |
- fi |
157 |
- fi |
158 |
- fi |
159 |
-} |
160 |
- |
161 |
-src_prepare() { |
162 |
- default |
163 |
- |
164 |
- # Remove ".SILENT" rule for verbose output (bug 524338). |
165 |
- sed 's#^.SILENT:##g' -i "${S}"/Makedefs.in || die "sed failed" |
166 |
- |
167 |
- # Fix install-sh, posix sh does not have 'function'. |
168 |
- sed 's#function gzipcp#gzipcp()#g' -i "${S}/install-sh" |
169 |
- |
170 |
- AT_M4DIR=config-scripts eaclocal |
171 |
- eautoconf |
172 |
- |
173 |
- # custom Makefiles |
174 |
- multilib_copy_sources |
175 |
-} |
176 |
- |
177 |
-multilib_src_configure() { |
178 |
- export DSOFLAGS="${LDFLAGS}" |
179 |
- |
180 |
- einfo LINGUAS=\"${LINGUAS}\" |
181 |
- |
182 |
- # explicitly specify compiler wrt bug 524340 |
183 |
- # |
184 |
- # need to override KRB5CONFIG for proper flags |
185 |
- # https://github.com/apple/cups/issues/4423 |
186 |
- local myeconfargs=( |
187 |
- CC="$(tc-getCC)" |
188 |
- CXX="$(tc-getCXX)" |
189 |
- KRB5CONFIG="${EPREFIX}"/usr/bin/${CHOST}-krb5-config |
190 |
- --libdir="${EPREFIX}"/usr/$(get_libdir) |
191 |
- --localstatedir="${EPREFIX}"/var |
192 |
- --with-exe-file-perm=755 |
193 |
- --with-rundir="${EPREFIX}"/run/cups |
194 |
- --with-cups-user=lp |
195 |
- --with-cups-group=lp |
196 |
- --with-docdir="${EPREFIX}"/usr/share/cups/html |
197 |
- --with-languages="${LINGUAS}" |
198 |
- --with-system-groups=lpadmin |
199 |
- --with-xinetd="${EPREFIX}"/etc/xinetd.d |
200 |
- $(multilib_native_use_enable acl) |
201 |
- $(use_enable dbus) |
202 |
- $(use_enable debug) |
203 |
- $(use_enable debug debug-guards) |
204 |
- $(use_enable debug debug-printfs) |
205 |
- $(multilib_native_use_with java) |
206 |
- $(use_enable kerberos gssapi) |
207 |
- $(multilib_native_use_enable pam) |
208 |
- $(multilib_native_use_with python python "${PYTHON}") |
209 |
- $(use_enable static-libs static) |
210 |
- $(use_enable threads) |
211 |
- $(use_enable ssl gnutls) |
212 |
- $(use_enable systemd) |
213 |
- $(multilib_native_use_enable usb libusb) |
214 |
- $(use_enable zeroconf avahi) |
215 |
- --disable-dnssd |
216 |
- --without-perl |
217 |
- --without-php |
218 |
- $(multilib_is_native_abi && echo --enable-libpaper || echo --disable-libpaper) |
219 |
- ) |
220 |
- |
221 |
- if tc-is-static-only; then |
222 |
- myeconfargs+=( |
223 |
- --disable-shared |
224 |
- ) |
225 |
- fi |
226 |
- |
227 |
- econf "${myeconfargs[@]}" |
228 |
- |
229 |
- # install in /usr/libexec always, instead of using /usr/lib/cups, as that |
230 |
- # makes more sense when facing multilib support. |
231 |
- sed -i -e "s:SERVERBIN.*:SERVERBIN = \"\$\(BUILDROOT\)${EPREFIX}/usr/libexec/cups\":" Makedefs || die |
232 |
- sed -i -e "s:#define CUPS_SERVERBIN.*:#define CUPS_SERVERBIN \"${EPREFIX}/usr/libexec/cups\":" config.h || die |
233 |
- sed -i -e "s:cups_serverbin=.*:cups_serverbin=\"${EPREFIX}/usr/libexec/cups\":" cups-config || die |
234 |
- |
235 |
- # additional path corrections needed for prefix, see bug 597728 |
236 |
- sed \ |
237 |
- -e "s:ICONDIR.*:ICONDIR = ${EPREFIX}/usr/share/icons:" \ |
238 |
- -e "s:INITDIR.*:INITDIR = ${EPREFIX}/etc:" \ |
239 |
- -e "s:DBUSDIR.*:DBUSDIR = ${EPREFIX}/etc/dbus-1:" \ |
240 |
- -e "s:MENUDIR.*:MENUDIR = ${EPREFIX}/usr/share/applications:" \ |
241 |
- -i Makedefs || die |
242 |
-} |
243 |
- |
244 |
-multilib_src_compile() { |
245 |
- if multilib_is_native_abi; then |
246 |
- default |
247 |
- else |
248 |
- emake libs |
249 |
- fi |
250 |
-} |
251 |
- |
252 |
-multilib_src_test() { |
253 |
- multilib_is_native_abi && default |
254 |
-} |
255 |
- |
256 |
-multilib_src_install() { |
257 |
- if multilib_is_native_abi; then |
258 |
- emake BUILDROOT="${D}" install |
259 |
- else |
260 |
- emake BUILDROOT="${D}" install-libs install-headers |
261 |
- dobin cups-config |
262 |
- fi |
263 |
-} |
264 |
- |
265 |
-multilib_src_install_all() { |
266 |
- dodoc {CHANGES,CREDITS,README}.md |
267 |
- |
268 |
- # move the default config file to docs |
269 |
- dodoc "${ED}"/etc/cups/cupsd.conf.default |
270 |
- rm -f "${ED}"/etc/cups/cupsd.conf.default |
271 |
- |
272 |
- # clean out cups init scripts |
273 |
- rm -rf "${ED}"/etc/{init.d/cups,rc*,pam.d/cups} |
274 |
- |
275 |
- # install our init script |
276 |
- local neededservices |
277 |
- use zeroconf && neededservices+=" avahi-daemon" |
278 |
- use dbus && neededservices+=" dbus" |
279 |
- [[ -n ${neededservices} ]] && neededservices="need${neededservices}" |
280 |
- cp "${FILESDIR}"/cupsd.init.d-r3 "${T}"/cupsd || die |
281 |
- sed -i \ |
282 |
- -e "s/@neededservices@/${neededservices}/" \ |
283 |
- "${T}"/cupsd || die |
284 |
- doinitd "${T}"/cupsd |
285 |
- |
286 |
- # install our pam script |
287 |
- pamd_mimic_system cups auth account |
288 |
- |
289 |
- if use xinetd ; then |
290 |
- # correct path |
291 |
- sed -i \ |
292 |
- -e "s:server = .*:server = /usr/libexec/cups/daemon/cups-lpd:" \ |
293 |
- "${ED}"/etc/xinetd.d/cups-lpd || die |
294 |
- # it is safer to disable this by default, bug #137130 |
295 |
- grep -w 'disable' "${ED}"/etc/xinetd.d/cups-lpd || \ |
296 |
- { sed -i -e "s:}:\tdisable = yes\n}:" "${ED}"/etc/xinetd.d/cups-lpd || die ; } |
297 |
- # write permission for file owner (root), bug #296221 |
298 |
- fperms u+w /etc/xinetd.d/cups-lpd || die "fperms failed" |
299 |
- else |
300 |
- # always configure with --with-xinetd= and clean up later, |
301 |
- # bug #525604 |
302 |
- rm -rf "${ED}"/etc/xinetd.d |
303 |
- fi |
304 |
- |
305 |
- keepdir /usr/libexec/cups/driver /usr/share/cups/{model,profiles} \ |
306 |
- /var/log/cups /var/spool/cups/tmp |
307 |
- |
308 |
- keepdir /etc/cups/{interfaces,ppd,ssl} |
309 |
- |
310 |
- if ! use X ; then |
311 |
- rm -r "${ED}"/usr/share/applications || die |
312 |
- fi |
313 |
- |
314 |
- # create /etc/cups/client.conf, bug #196967 and #266678 |
315 |
- echo "ServerName ${EPREFIX}/run/cups/cups.sock" >> "${ED}"/etc/cups/client.conf |
316 |
- |
317 |
- # the following file is now provided by cups-filters: |
318 |
- rm -r "${ED}"/usr/share/cups/banners || die |
319 |
- |
320 |
- # the following are created by the init script |
321 |
- rm -r "${ED}"/var/cache/cups || die |
322 |
- rm -r "${ED}"/run || die |
323 |
- |
324 |
- # for the special case of running lprng and cups together, bug 467226 |
325 |
- if use lprng-compat ; then |
326 |
- rm -fv "${ED}"/usr/bin/{lp*,cancel} |
327 |
- rm -fv "${ED}"/usr/sbin/lp* |
328 |
- rm -fv "${ED}"/usr/share/man/man1/{lp*,cancel*} |
329 |
- rm -fv "${ED}"/usr/share/man/man8/lp* |
330 |
- ewarn "Not installing lp... binaries, since the lprng-compat useflag is set." |
331 |
- ewarn "Unless you plan to install an exotic server setup, you most likely" |
332 |
- ewarn "do not want this. Disable the useflag then and all will be fine." |
333 |
- fi |
334 |
-} |
335 |
- |
336 |
-pkg_preinst() { |
337 |
- xdg_pkg_preinst |
338 |
-} |
339 |
- |
340 |
-pkg_postinst() { |
341 |
- # Update desktop file database and gtk icon cache (bug 370059) |
342 |
- xdg_pkg_postinst |
343 |
- |
344 |
- local v |
345 |
- |
346 |
- for v in ${REPLACING_VERSIONS}; do |
347 |
- if ! ver_test ${v} -ge 2.2.2-r2 ; then |
348 |
- echo |
349 |
- ewarn "The cupsd init script switched to using pidfiles. Shutting down" |
350 |
- ewarn "cupsd will fail the next time. To fix this, please run once as root" |
351 |
- ewarn " killall cupsd ; /etc/init.d/cupsd zap ; /etc/init.d/cupsd start" |
352 |
- echo |
353 |
- break |
354 |
- fi |
355 |
- done |
356 |
- |
357 |
- for v in ${REPLACING_VERSIONS}; do |
358 |
- echo |
359 |
- elog "For information about installing a printer and general cups setup" |
360 |
- elog "take a look at: https://wiki.gentoo.org/wiki/Printing" |
361 |
- echo |
362 |
- break |
363 |
- done |
364 |
-} |
365 |
- |
366 |
-pkg_postrm() { |
367 |
- # Update desktop file database and gtk icon cache (bug 370059) |
368 |
- xdg_pkg_postrm |
369 |
-} |
370 |
|
371 |
diff --git a/net-print/cups/files/cups-2.3_rc1-no_pam.patch b/net-print/cups/files/cups-2.3_rc1-no_pam.patch |
372 |
deleted file mode 100644 |
373 |
index 17e69ab7b0a..00000000000 |
374 |
--- a/net-print/cups/files/cups-2.3_rc1-no_pam.patch |
375 |
+++ /dev/null |
376 |
@@ -1,164 +0,0 @@ |
377 |
-From 3cd7b5e053f8100da1ca8d8daf93976cca3516ef Mon Sep 17 00:00:00 2001 |
378 |
-From: Michael R Sweet <michael.r.sweet@×××××.com> |
379 |
-Date: Fri, 23 Feb 2018 13:21:56 -0500 |
380 |
-Subject: [PATCH] Fix builds without PAM (Issue #5253) |
381 |
- |
382 |
---- a/scheduler/auth.c |
383 |
-+++ b/scheduler/auth.c |
384 |
-@@ -67,9 +68,6 @@ static int check_authref(cupsd_client_t *con, const char *right); |
385 |
- static int compare_locations(cupsd_location_t *a, |
386 |
- cupsd_location_t *b); |
387 |
- static cupsd_authmask_t *copy_authmask(cupsd_authmask_t *am, void *data); |
388 |
--#if !HAVE_LIBPAM |
389 |
--static char *cups_crypt(const char *pw, const char *salt); |
390 |
--#endif /* !HAVE_LIBPAM */ |
391 |
- static void free_authmask(cupsd_authmask_t *am, void *data); |
392 |
- #if HAVE_LIBPAM |
393 |
- static int pam_func(int, const struct pam_message **, |
394 |
-@@ -690,14 +688,14 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ |
395 |
- * client... |
396 |
- */ |
397 |
- |
398 |
-- pass = cups_crypt(password, pw->pw_passwd); |
399 |
-+ pass = crypt(password, pw->pw_passwd); |
400 |
- |
401 |
- if (!pass || strcmp(pw->pw_passwd, pass)) |
402 |
- { |
403 |
- # ifdef HAVE_SHADOW_H |
404 |
- if (spw) |
405 |
- { |
406 |
-- pass = cups_crypt(password, spw->sp_pwdp); |
407 |
-+ pass = crypt(password, spw->sp_pwdp); |
408 |
- |
409 |
- if (pass == NULL || strcmp(spw->sp_pwdp, pass)) |
410 |
- { |
411 |
-@@ -1991,129 +1989,6 @@ copy_authmask(cupsd_authmask_t *mask, /* I - Existing auth mask */ |
412 |
- } |
413 |
- |
414 |
- |
415 |
--#if !HAVE_LIBPAM |
416 |
--/* |
417 |
-- * 'cups_crypt()' - Encrypt the password using the DES or MD5 algorithms, |
418 |
-- * as needed. |
419 |
-- */ |
420 |
-- |
421 |
--static char * /* O - Encrypted password */ |
422 |
--cups_crypt(const char *pw, /* I - Password string */ |
423 |
-- const char *salt) /* I - Salt (key) string */ |
424 |
--{ |
425 |
-- if (!strncmp(salt, "$1$", 3)) |
426 |
-- { |
427 |
-- /* |
428 |
-- * Use MD5 passwords without the benefit of PAM; this is for |
429 |
-- * Slackware Linux, and the algorithm was taken from the |
430 |
-- * old shadow-19990827/lib/md5crypt.c source code... :( |
431 |
-- */ |
432 |
-- |
433 |
-- int i; /* Looping var */ |
434 |
-- unsigned long n; /* Output number */ |
435 |
-- int pwlen; /* Length of password string */ |
436 |
-- const char *salt_end; /* End of "salt" data for MD5 */ |
437 |
-- char *ptr; /* Pointer into result string */ |
438 |
-- _cups_md5_state_t state; /* Primary MD5 state info */ |
439 |
-- _cups_md5_state_t state2; /* Secondary MD5 state info */ |
440 |
-- unsigned char digest[16]; /* MD5 digest result */ |
441 |
-- static char result[120]; /* Final password string */ |
442 |
-- |
443 |
-- |
444 |
-- /* |
445 |
-- * Get the salt data between dollar signs, e.g. $1$saltdata$md5. |
446 |
-- * Get a maximum of 8 characters of salt data after $1$... |
447 |
-- */ |
448 |
-- |
449 |
-- for (salt_end = salt + 3; *salt_end && (salt_end - salt) < 11; salt_end ++) |
450 |
-- if (*salt_end == '$') |
451 |
-- break; |
452 |
-- |
453 |
-- /* |
454 |
-- * Compute the MD5 sum we need... |
455 |
-- */ |
456 |
-- |
457 |
-- pwlen = strlen(pw); |
458 |
-- |
459 |
-- _cupsMD5Init(&state); |
460 |
-- _cupsMD5Append(&state, (unsigned char *)pw, pwlen); |
461 |
-- _cupsMD5Append(&state, (unsigned char *)salt, salt_end - salt); |
462 |
-- |
463 |
-- _cupsMD5Init(&state2); |
464 |
-- _cupsMD5Append(&state2, (unsigned char *)pw, pwlen); |
465 |
-- _cupsMD5Append(&state2, (unsigned char *)salt + 3, salt_end - salt - 3); |
466 |
-- _cupsMD5Append(&state2, (unsigned char *)pw, pwlen); |
467 |
-- _cupsMD5Finish(&state2, digest); |
468 |
-- |
469 |
-- for (i = pwlen; i > 0; i -= 16) |
470 |
-- _cupsMD5Append(&state, digest, i > 16 ? 16 : i); |
471 |
-- |
472 |
-- for (i = pwlen; i > 0; i >>= 1) |
473 |
-- _cupsMD5Append(&state, (unsigned char *)((i & 1) ? "" : pw), 1); |
474 |
-- |
475 |
-- _cupsMD5Finish(&state, digest); |
476 |
-- |
477 |
-- for (i = 0; i < 1000; i ++) |
478 |
-- { |
479 |
-- _cupsMD5Init(&state); |
480 |
-- |
481 |
-- if (i & 1) |
482 |
-- _cupsMD5Append(&state, (unsigned char *)pw, pwlen); |
483 |
-- else |
484 |
-- _cupsMD5Append(&state, digest, 16); |
485 |
-- |
486 |
-- if (i % 3) |
487 |
-- _cupsMD5Append(&state, (unsigned char *)salt + 3, salt_end - salt - 3); |
488 |
-- |
489 |
-- if (i % 7) |
490 |
-- _cupsMD5Append(&state, (unsigned char *)pw, pwlen); |
491 |
-- |
492 |
-- if (i & 1) |
493 |
-- _cupsMD5Append(&state, digest, 16); |
494 |
-- else |
495 |
-- _cupsMD5Append(&state, (unsigned char *)pw, pwlen); |
496 |
-- |
497 |
-- _cupsMD5Finish(&state, digest); |
498 |
-- } |
499 |
-- |
500 |
-- /* |
501 |
-- * Copy the final sum to the result string and return... |
502 |
-- */ |
503 |
-- |
504 |
-- memcpy(result, salt, (size_t)(salt_end - salt)); |
505 |
-- ptr = result + (salt_end - salt); |
506 |
-- *ptr++ = '$'; |
507 |
-- |
508 |
-- for (i = 0; i < 5; i ++, ptr += 4) |
509 |
-- { |
510 |
-- n = ((((unsigned)digest[i] << 8) | (unsigned)digest[i + 6]) << 8); |
511 |
-- |
512 |
-- if (i < 4) |
513 |
-- n |= (unsigned)digest[i + 12]; |
514 |
-- else |
515 |
-- n |= (unsigned)digest[5]; |
516 |
-- |
517 |
-- to64(ptr, n, 4); |
518 |
-- } |
519 |
-- |
520 |
-- to64(ptr, (unsigned)digest[11], 2); |
521 |
-- ptr += 2; |
522 |
-- *ptr = '\0'; |
523 |
-- |
524 |
-- return (result); |
525 |
-- } |
526 |
-- else |
527 |
-- { |
528 |
-- /* |
529 |
-- * Use the standard crypt() function... |
530 |
-- */ |
531 |
-- |
532 |
-- return (crypt(pw, salt)); |
533 |
-- } |
534 |
--} |
535 |
--#endif /* !HAVE_LIBPAM */ |
536 |
-- |
537 |
-- |
538 |
- /* |
539 |
- * 'free_authmask()' - Free function for auth masks. |
540 |
- */ |