Attachment #175868 for bug #213568




# $FreeBSD$

PORTNAME?=	lighttpd
PORTVERSION=	1.4.42
PORTREVISION=	1
CATEGORIES?=	www
MASTER_SITES?=	http://download.lighttpd.net/lighttpd/releases-1.4.x/


.if !defined(_BUILDING_LIGHTTPD_MODULE)
USE_RC_SUBR=	lighttpd

OPTIONS_DEFINE=	ATTR BZIP2 DOCS FAM GDBM IPV6 LIBEV LUA MEMCACHED \
		LDAP OPENSSL SPAWNFCGI VALGRIND WEBDAV

OPTIONS_DEFAULT=	OPENSSL

LIBEV_DESC=	Fast events support via libev (disables kqueue)
LUA_DESC=	lua support (mod_cml, mod_magnet)
MEMCACHED_DESC=	memcached storage (mod_trigger_b4_dl)
MYSQL_DESC=	MySQL support (mod_mysql_vhost)
MYSQLAUTH_DESC=	MySQL authentication
SPAWNFCGI_DESC=	Depend on spawn-fcgi utility
VALGRIND_DESC=	valgrind support
WEBDAV_DESC=	WebDAV support

LUA_CONFIGURE_ENV=	LUA_CFLAGS="-I${LUA_INCDIR}" LUA_LIBS="-L${LUA_LIBDIR} -llua-${LUA_VER}"
MEMCACHED_LIB_DEPENDS=	libmemcached.so:databases/libmemcached
MEMCACHED_CONFIGURE_WITH=memcached
MYSQLAUTH_IMPLIES=	MYSQL
OPENSSL_USES=		ssl
OPENSSL_CONFIGURE_WITH=	openssl
OPENSSL_CONFIGURE_ON=	--with-openssl-includes=${OPENSSLINC} --with-openssl-libs=${OPENSSLLIB}

VALGRIND_BUILD_DEPENDS=	valgrind:devel/valgrind
VALGRIND_RUN_DEPENDS=	valgrind:devel/valgrind
VALGRIND_CONFIGURE_WITH=valgrind
WEBDAV_USE=		GNOME=libxml2
WEBDAV_LIB_DEPENDS=	libuuid.so:misc/e2fsprogs-libuuid \
			libsqlite3.so:databases/sqlite3
WEBDAV_CONFIGURE_WITH=	webdav-props webdav-locks

LIGHTTPD_CONF_FILES=	lighttpd.conf modules.conf



.if ${PORT_OPTIONS:MMYSQL}
USES+=			mysql
CONFIGURE_ARGS+=	-with-mysql
_REQUIRE+=		mysql
.endif

.if ${PORT_OPTIONS:MMYSQLAUTH}
EXTRA_PATCHES+=		${FILESDIR}/extra-patch-src_Makefile.am \
			${FILESDIR}/extra-patch-src_Makefile.in \
			${FILESDIR}/extra-patch-src_http__auth.c \
			${FILESDIR}/extra-patch-src_http__auth.h \
			${FILESDIR}/extra-patch-src_mod__auth.c
PORTDOCS+=		README.mysqlauth mysql_auth.sql
.endif

.if ${PORT_OPTIONS:MLDAP}
USE_OPENLDAP=		yes
CONFIGURE_ARGS+=	--with-ldap

_REQUIRE+=		slapd
.endif

.if ${PORT_OPTIONS:MWEBDAV}
USE_GNOME+=		libxml2
LIB_DEPENDS+=		libuuid.so:misc/e2fsprogs-libuuid \
			libsqlite3.so:databases/sqlite3
CONFIGURE_ARGS+=	--with-webdav-props --with-webdav-locks
.endif

SUB_LIST+=		REQUIRE="${_REQUIRE}"

post-patch:

	${INSTALL_DATA} ${WRKSRC}/${FILE} ${STAGEDIR}${DOCSDIR}/${FILE}
. endfor

post-install-MYSQLAUTH-on:
	@${MKDIR} ${STAGEDIR}${DOCSDIR}
. for FILE in README.mysqlauth mysql_auth.sql
	${INSTALL_DATA} ${FILESDIR}/${FILE} ${STAGEDIR}${DOCSDIR}/${FILE}
. endfor

test: build
	@cd ${WRKSRC}/tests && ${SETENV} ${MAKE_ENV} ${MAKE} \
		${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} \

Lines 1-7 Link Here

(-)distinfo (-7 / +5 lines)
1	TIMESTAMP = 1470040166	1	TIMESTAMP = 1476712210
2	SHA256 (lighttpd-1.4.41.tar.xz) = 4bcc383ef6d6dc7b284f68882d71a178e2986c83c4e85eeb3c8f3b882e346b6c	2	SHA256 (lighttpd-1.4.42.tar.xz) = b2c9069ed0bade9362c27b469a9b884641786aea1c3d686f9fd9f01d15e2a15f
3	SIZE (lighttpd-1.4.41.tar.xz) = 623480	3	SIZE (lighttpd-1.4.42.tar.xz) = 652140
4	SHA256 (lighttpd-1.4.26_mod_h264_streaming-2.2.9.patch) = 4e6768af32ce16033fcb0c70b12c55b40082ca105a36f258b0bbf30d64e9dad3	4	SHA256 (lighttpd-1.4.26_mod_h264_streaming-2.2.9.patch) = 716cd4f8d371e12c115a2204e649aafe2ebad42d0099777b1361c0e2cc8a1612
5	SIZE (lighttpd-1.4.26_mod_h264_streaming-2.2.9.patch) = 242458	5	SIZE (lighttpd-1.4.26_mod_h264_streaming-2.2.9.patch) = 242456
6	SHA256 (lighttpd-1.4.26_mod_geoip.patch) = 2858036310b778852d9f039a81629902edffc368658e13bf4779f3642ee1a5ba
7	SIZE (lighttpd-1.4.26_mod_geoip.patch) = 15173




References:
http://redmine.lighttpd.net/issues/752
http://redmine.lighttpd.net/attachments/1012/03_all_lighttpd-1.4.23-mysql_auth.diff
http://redmine.lighttpd.net/attachments/download/1012/03_all_lighttpd-1.4.23-mysql_auth.diff

This patch allows lighttpd to authenticate users against mySQL DBbr
NOTE: Only basic auth is implemented. Passwords are stored as MD5 hash in DB

make mysql db and user (read mySQL doc's if you don't know how)
import lighttpd-1.4.11-mysql_auth.sql

open lighttpd.conf and add
(be sure that you comment out any other auth - according to lighttpd docs)

auth.backend                                   = "mysql" 
auth.backend.mysql.host                        = "localhost" 
auth.backend.mysql.user                        = "db_user" 
auth.backend.mysql.pass                        = "db_pass" 
auth.backend.mysql.db                          = "db_name" 
auth.backend.mysql.port                        = "0" # (for default port 0, always needed)
auth.backend.mysql.socket                      = ""  # (for default leave blank, always needed)
auth.backend.mysql.users_table                 = "users_table" 
auth.backend.mysql.col_user                    = "col_name_username" 
auth.backend.mysql.col_pass                    = "col_name_password" # (md5 hash of password)
auth.backend.mysql.col_realm                   = "col_realm_name" 

configure lighttpd to use it (same as every other auth)

auth.require = ( "/some_path" =>
    (
        "method"  => "basic",
        "realm"   => "some_realm",
        "require" => "some_user",
    )
)

start lighttpd

P.S. patch include more complicated setup with separate table for domains.
If you are interested please contact with me to obtain more information.

Bugs, Patches and Suggestions
Send me E-Mail: drJeckyll@Jeckyll.net


Lines 1-11 Link Here

(-)files/extra-patch-src_Makefile.am (-11 lines)
1	--- src/Makefile.am.orig 2016-07-16 10:06:16 UTC
2	+++ src/Makefile.am
3	@@ -254,7 +254,7 @@ mod_compress_la_LIBADD = $(Z_LIB) $(BZ_L
4	lib_LTLIBRARIES += mod_auth.la
5	mod_auth_la_SOURCES = mod_auth.c http_auth.c
6	mod_auth_la_LDFLAGS = $(common_module_ldflags)
7	-mod_auth_la_LIBADD = $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
8	+mod_auth_la_LIBADD = ${MYSQL_LIBS} $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
9
10	lib_LTLIBRARIES += mod_rewrite.la
11	mod_rewrite_la_SOURCES = mod_rewrite.c

Lines 1-11 Link Here

(-)files/extra-patch-src_Makefile.in (-11 lines)
1	--- src/Makefile.in.orig 2016-07-16 10:10:53 UTC
2	+++ src/Makefile.in
3	@@ -1011,7 +1011,7 @@ mod_compress_la_LDFLAGS = $(common_modul
4	mod_compress_la_LIBADD = $(Z_LIB) $(BZ_LIB) $(common_libadd)
5	mod_auth_la_SOURCES = mod_auth.c http_auth.c
6	mod_auth_la_LDFLAGS = $(common_module_ldflags)
7	-mod_auth_la_LIBADD = $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
8	+mod_auth_la_LIBADD = ${MYSQL_LIBS} $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
9	mod_rewrite_la_SOURCES = mod_rewrite.c
10	mod_rewrite_la_LDFLAGS = $(common_module_ldflags)
11	mod_rewrite_la_LIBADD = $(PCRE_LIB) $(common_libadd)




--- src/http_auth.c.orig	2016-07-16 10:06:16 UTC
+++ src/http_auth.c
@@ -30,6 +30,7 @@
 #include <errno.h>
 #include <unistd.h>
 #include <ctype.h>
+#include <mysql/mysql.h>
 
 #include "md5.h"
 
@@ -194,9 +195,119 @@ static int http_auth_get_password(server
 		fclose(fp);
 	} else if (p->conf.auth_backend == AUTH_BACKEND_LDAP) {
 		return 0;
-	}
+	} else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) {
+		MYSQL_RES *result;
+		MYSQL_ROW row;
+		int port = atoi(p->conf.auth_mysql_port->ptr);
+		char q[255];
 
-	return -1;
+		if (p->conf.auth_mysql_socket->ptr != NULL)
+			if (0 == strcmp(p->conf.auth_mysql_socket->ptr, "")) p->conf.auth_mysql_socket->ptr = NULL;
+
+		p->conf.mysql_conn = mysql_init(NULL);
+
+		if (mysql_real_connect(p->conf.mysql_conn, p->conf.auth_mysql_host->ptr, p->conf.auth_mysql_user->ptr, p->conf.auth_mysql_pass->ptr, p->conf.auth_mysql_db->ptr, port, p->conf.auth_mysql_socket->ptr, 0))
+		{
+//#define MY_HOSTING
+
+#ifdef MY_HOSTING
+			char my_full_realm[255];
+			char *my_realm = NULL;
+			char *my_domain = NULL;
+
+			char *uname;
+			size_t unamelen;
+
+			unamelen = strlen(username->ptr);
+			uname = malloc(unamelen*2+1);
+
+			mysql_real_escape_string(p->conf.mysql_conn,
+					uname, username->ptr,
+					(unsigned long)unamelen);
+
+			strcpy(my_full_realm, realm->ptr);
+			my_realm = strtok(my_full_realm, "@");
+
+			if (my_realm != NULL)
+				my_domain = strtok(NULL, "@");
+
+			sprintf(q, "SELECT %s FROM %s, %s WHERE %s='%s' AND %s='%s' AND %s='%s' AND %s=%s",
+				p->conf.auth_mysql_col_pass->ptr,
+
+				p->conf.auth_mysql_users_table->ptr,
+				p->conf.auth_mysql_domains_table->ptr,
+
+				p->conf.auth_mysql_col_user->ptr,
+				uname,
+
+				p->conf.auth_mysql_col_realm->ptr,
+				my_realm,
+
+				p->conf.auth_mysql_col_domain->ptr,
+				my_domain,
+
+				p->conf.auth_mysql_domains_table_col_domain_id->ptr,
+				p->conf.auth_mysql_users_table_col_domain_id->ptr
+				);
+
+			free(uname);
+#else
+			// sanitize username & realm by taguchi@ff.iij4u.or.jp
+			char *uname, *urealm;
+			size_t unamelen, urealmlen;
+
+			unamelen = strlen(username->ptr);
+			urealmlen = strlen(realm->ptr);
+			uname = malloc(unamelen*2+1);
+			urealm = malloc(urealmlen*2+1);
+
+			mysql_real_escape_string(p->conf.mysql_conn,
+				uname, username->ptr,
+				(unsigned long)unamelen);
+
+			mysql_real_escape_string(p->conf.mysql_conn,
+				urealm, realm->ptr,
+				(unsigned long)unamelen);
+
+			mysql_real_escape_string(p->conf.mysql_conn,
+				urealm, realm->ptr,
+				(unsigned long)urealmlen);
+
+			sprintf(q, "SELECT %s FROM %s WHERE %s='%s' AND %s='%s'",
+				p->conf.auth_mysql_col_pass->ptr,
+				p->conf.auth_mysql_users_table->ptr,
+				p->conf.auth_mysql_col_user->ptr,
+				uname,
+				p->conf.auth_mysql_col_realm->ptr,
+				urealm
+			);
+
+			free(uname);
+			free(urealm);
+#endif
+
+			mysql_query(p->conf.mysql_conn, q);
+			result = mysql_store_result(p->conf.mysql_conn);
+			if (mysql_num_rows(result) == 1)
+			{
+				/* found */
+				row = mysql_fetch_row(result);
+				buffer_copy_string_len(password, row[0], strlen(row[0]));
+
+				return 0;
+			} else
+			{
+				/* not found */
+				return -1;
+			}
+
+			mysql_free_result(result);
+			mysql_close(p->conf.mysql_conn);
+
+			p->conf.mysql_conn = NULL;
+		} else
+			return -1;
+	}
 }
 
 int http_auth_match_rules(server *srv, array *req, const char *username, const char *group, const char *host) {
@@ -711,6 +822,60 @@ static int http_auth_basic_password_comp
 
 		return 0;
 #endif
+	} else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) {
+		/*
+			we check for md5 crypt() now
+			request by Nicola Tiling <nti@w4w.net>
+		*/
+		if (password->ptr[0] == '$' && password->ptr[2] == '$')
+		{
+			char salt[32];
+			char *crypted;
+			size_t salt_len = 0;
+			char *dollar = NULL;
+
+			if (NULL == (dollar = strchr(password->ptr + 3, '$'))) {
+				fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
+				return -1;
+			}
+
+			salt_len = dollar - password->ptr;
+
+			if (salt_len > sizeof(salt) - 1)
+			{
+				fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
+				return -1;
+			}
+
+			strncpy(salt, password->ptr, salt_len);
+
+			salt[salt_len] = '\0';
+
+			crypted = crypt(pw, salt);
+
+			if (0 == strcmp(password->ptr, crypted))
+			{
+				return 0;
+			} else {
+				fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
+			}
+		} else
+		/* plain md5 check now */
+		{
+			li_MD5_CTX Md5Ctx;
+			HASH HA1;
+			char a1[256];
+
+			li_MD5_Init(&Md5Ctx);
+			li_MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw));
+			li_MD5_Final(HA1, &Md5Ctx);
+
+			CvtHex(HA1, a1);
+
+			if (0 == strcmp(password->ptr, a1)) {
+				return 0;
+			}
+		}
 	}
 	return -1;
 }




--- src/http_auth.h.orig	2016-07-16 10:06:16 UTC
+++ src/http_auth.h
@@ -9,13 +9,15 @@
 # define USE_LDAP
 # include <ldap.h>
 #endif
+#include <mysql/mysql.h>
 
 typedef enum {
 	AUTH_BACKEND_UNSET,
 	AUTH_BACKEND_PLAIN,
 	AUTH_BACKEND_LDAP,
 	AUTH_BACKEND_HTPASSWD,
-	AUTH_BACKEND_HTDIGEST
+	AUTH_BACKEND_HTDIGEST,
+	AUTH_BACKEND_MYSQL
 } auth_backend_t;
 
 typedef struct {
@@ -50,6 +52,23 @@ typedef struct {
 	buffer *ldap_filter_pre;
 	buffer *ldap_filter_post;
 #endif
+
+	MYSQL  *mysql_conn;
+	buffer *auth_mysql_host;
+	buffer *auth_mysql_user;
+	buffer *auth_mysql_pass;
+	buffer *auth_mysql_db;
+	buffer *auth_mysql_port;
+	buffer *auth_mysql_socket;
+	buffer *auth_mysql_users_table;
+	buffer *auth_mysql_col_user;
+	buffer *auth_mysql_col_pass;
+	buffer *auth_mysql_col_realm;
+	buffer *auth_mysql_domains_table;
+	buffer *auth_mysql_col_domain;
+	buffer *auth_mysql_domains_table_col_domain_id;
+	buffer *auth_mysql_users_table_col_domain_id;
+
 } mod_auth_plugin_config;
 
 typedef struct {




--- src/mod_auth.c.orig	2016-07-16 10:06:16 UTC
+++ src/mod_auth.c
@@ -13,6 +13,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <unistd.h>
+#include <mysql/mysql.h>
 
 handler_t auth_ldap_init(server *srv, mod_auth_plugin_config *s);
 
@@ -84,6 +85,19 @@ FREE_FUNC(mod_auth_free) {
 
 			if (s->ldap) ldap_unbind_s(s->ldap);
 #endif
+			buffer_free(s->auth_mysql_host);
+			buffer_free(s->auth_mysql_user);
+			buffer_free(s->auth_mysql_pass);
+			buffer_free(s->auth_mysql_db);
+			buffer_free(s->auth_mysql_socket);
+			buffer_free(s->auth_mysql_users_table);
+			buffer_free(s->auth_mysql_col_user);
+			buffer_free(s->auth_mysql_col_pass);
+			buffer_free(s->auth_mysql_col_realm);
+			buffer_free(s->auth_mysql_domains_table);
+			buffer_free(s->auth_mysql_col_domain);
+			buffer_free(s->auth_mysql_domains_table_col_domain_id);
+			buffer_free(s->auth_mysql_users_table_col_domain_id);
 
 			free(s);
 		}
@@ -122,6 +136,21 @@ static int mod_auth_patch_connection(ser
 	PATCH(ldap_filter_post);
 #endif
 
+	PATCH(auth_mysql_host);
+	PATCH(auth_mysql_user);
+	PATCH(auth_mysql_pass);
+	PATCH(auth_mysql_db);
+	PATCH(auth_mysql_port);
+	PATCH(auth_mysql_socket);
+	PATCH(auth_mysql_users_table);
+	PATCH(auth_mysql_col_user);
+	PATCH(auth_mysql_col_pass);
+	PATCH(auth_mysql_col_realm);
+	PATCH(auth_mysql_domains_table);
+	PATCH(auth_mysql_col_domain);
+	PATCH(auth_mysql_domains_table_col_domain_id);
+	PATCH(auth_mysql_users_table_col_domain_id);
+
 	/* skip the first, the global context */
 	for (i = 1; i < srv->config_context->used; i++) {
 		data_config *dc = (data_config *)srv->config_context->data[i];
@@ -171,6 +200,34 @@ static int mod_auth_patch_connection(ser
 				PATCH(auth_ldap_bindpw);
 			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.allow-empty-pw"))) {
 				PATCH(auth_ldap_allow_empty_pw);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.host"))) {
+				PATCH(auth_mysql_host);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.user"))) {
+				PATCH(auth_mysql_user);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.pass"))) {
+				PATCH(auth_mysql_pass);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.db"))) {
+				PATCH(auth_mysql_db);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.port"))) {
+				PATCH(auth_mysql_port);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.socket"))) {
+				PATCH(auth_mysql_user);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table"))) {
+				PATCH(auth_mysql_users_table);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_user"))) {
+				PATCH(auth_mysql_col_user);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_pass"))) {
+				PATCH(auth_mysql_col_pass);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_realm"))) {
+				PATCH(auth_mysql_col_realm);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table"))) {
+				PATCH(auth_mysql_domains_table);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_domain"))) {
+				PATCH(auth_mysql_col_domain);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table_col_domain_id"))) {
+				PATCH(auth_mysql_domains_table_col_domain_id);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table_col_domain_id"))) {
+				PATCH(auth_mysql_users_table_col_domain_id);
 			}
 		}
 	}
@@ -362,10 +419,25 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) 
 		{ "auth.backend.ldap.starttls",     NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 8 */
  		{ "auth.backend.ldap.bind-dn",      NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 9 */
  		{ "auth.backend.ldap.bind-pw",      NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 10 */
-		{ "auth.backend.ldap.allow-empty-pw",     NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 11 */
+		{ "auth.backend.ldap.allow-empty-pw",     NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION },
 		{ "auth.backend.htdigest.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 12 */
 		{ "auth.backend.htpasswd.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 13 */
 		{ "auth.debug",                     NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION },  /* 14 */
+		{ "auth.backend.mysql.host",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.user",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.pass",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.db",          NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.port",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.socket",      NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.users_table", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.col_user",    NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.col_pass",    NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.col_realm",   NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 23 */
+		{ "auth.backend.mysql.domains_table",               NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.col_domain",                  NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.domains_table_col_domain_id", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.users_table_col_domain_id",   NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 27 */
+
 		{ NULL,                             NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
 	};
 
@@ -394,6 +466,22 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) 
 		s->auth_debug = 0;
 
 		s->auth_require = array_init();
+		s->mysql_conn                             = NULL;
+		s->auth_mysql_host                        = buffer_init();
+		s->auth_mysql_user                        = buffer_init();
+		s->auth_mysql_pass                        = buffer_init();
+		s->auth_mysql_db                          = buffer_init();
+		s->auth_mysql_port                        = buffer_init();
+		s->auth_mysql_socket                      = buffer_init();
+		s->auth_mysql_users_table                 = buffer_init();
+		s->auth_mysql_col_user                    = buffer_init();
+		s->auth_mysql_col_pass                    = buffer_init();
+		s->auth_mysql_col_realm                   = buffer_init();
+		s->auth_mysql_domains_table               = buffer_init();
+		s->auth_mysql_col_domain                  = buffer_init();
+		s->auth_mysql_domains_table_col_domain_id = buffer_init();
+		s->auth_mysql_users_table_col_domain_id   = buffer_init();
+
 
 #ifdef USE_LDAP
 		s->ldap_filter_pre = buffer_init();
@@ -416,7 +504,20 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) 
 		cv[12].destination = s->auth_htdigest_userfile;
 		cv[13].destination = s->auth_htpasswd_userfile;
 		cv[14].destination = &(s->auth_debug);
-
+		cv[15].destination = s->auth_mysql_host;
+		cv[16].destination = s->auth_mysql_user;
+		cv[17].destination = s->auth_mysql_pass;
+		cv[18].destination = s->auth_mysql_db;
+		cv[19].destination = s->auth_mysql_port;
+		cv[20].destination = s->auth_mysql_socket;
+		cv[21].destination = s->auth_mysql_users_table;
+		cv[22].destination = s->auth_mysql_col_user;
+		cv[23].destination = s->auth_mysql_col_pass;
+		cv[24].destination = s->auth_mysql_col_realm;
+		cv[25].destination = s->auth_mysql_domains_table;
+		cv[26].destination = s->auth_mysql_col_domain;
+		cv[27].destination = s->auth_mysql_domains_table_col_domain_id;
+		cv[28].destination = s->auth_mysql_users_table_col_domain_id;
 		p->config_storage[i] = s;
 
 		if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) {
@@ -432,6 +533,8 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) 
 				s->auth_backend = AUTH_BACKEND_PLAIN;
 			} else if (0 == strcmp(s->auth_backend_conf->ptr, "ldap")) {
 				s->auth_backend = AUTH_BACKEND_LDAP;
+			} else if (0 == strcmp(s->auth_backend_conf->ptr, "mysql")) {
+				s->auth_backend = AUTH_BACKEND_MYSQL;
 			} else {
 				log_error_write(srv, __FILE__, __LINE__, "sb", "auth.backend not supported:", s->auth_backend_conf);
 
@@ -573,6 +676,31 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) 
 				return (ret);
 			break;
 		}
+		case AUTH_BACKEND_MYSQL: {
+			int port = atoi(s->auth_mysql_port->ptr);
+
+			/* ignore if auth_mysql_socket is invalid */
+			if (p->conf.auth_mysql_socket == NULL)
+				return HANDLER_GO_ON;
+			if (p->conf.auth_mysql_socket->ptr != NULL)
+				if (0 == strcmp(s->auth_mysql_socket->ptr, "")) s->auth_mysql_socket->ptr = NULL;
+
+			s->mysql_conn = mysql_init(NULL);
+			if (!mysql_real_connect(s->mysql_conn, s->auth_mysql_host->ptr, s->auth_mysql_user->ptr, s->auth_mysql_pass->ptr, s->auth_mysql_db->ptr, port, NULL, 0))
+			{
+				log_error_write(srv, __FILE__, __LINE__, "sbsbsbsbss",
+						"opening connection to mysql:", s->auth_mysql_host,
+						"user:", s->auth_mysql_user,
+						"pass:", s->auth_mysql_pass,
+						"db:", s->auth_mysql_db,
+						"failed:", strerror(errno));
+
+				return HANDLER_ERROR;
+			}
+			mysql_close(s->mysql_conn);
+
+			break;
+		}
 		default:
 			break;
 		}

Lines 1-10 Link Here

(-)files/mysql_auth.sql (-10 lines)
1	CREATE TABLE `vhosts_secure`(
2	vhost_secure_id bigint(20) NOT NULL AUTO_INCREMENT,
3	vhost_secure_username varchar(255) NOT NULL,
4	vhost_secure_password varchar(255) NOT NULL,
5	vhost_secure_realm varchar(255) NOT NULL
6	PRIMARY KEY (vhost_secure_id),
7	INDEX i_username (vhost_secure_username),
8	INDEX i_password (vhost_secure_password),
9	INDEX i_realm (vhost_secure_realm)
10	);




--- src/mod_fastcgi.c.orig	2016-08-07 17:19:10 UTC
+++ src/mod_fastcgi.c
@@ -3257,7 +3257,8 @@ SUBREQUEST_FUNC(mod_fastcgi_handle_subre
 		}
 	}
 
-	return (0 == hctx->wb->bytes_in || !chunkqueue_is_empty(hctx->wb))
+	return ((0 == hctx->wb->bytes_in || !chunkqueue_is_empty(hctx->wb))
+		&& hctx->state != FCGI_STATE_CONNECT_DELAYED)
 	  ? fcgi_send_request(srv, hctx)
 	  : HANDLER_WAIT_FOR_EVENT;
 }




--- src/mod_proxy.c.orig	2016-07-31 12:42:39 UTC
+++ src/mod_proxy.c
@@ -854,7 +854,20 @@ static handler_t proxy_write_request(ser
 
 		if (hctx->wb->bytes_out == hctx->wb_reqlen) {
 			fdevent_event_clr(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_OUT);
-			shutdown(hctx->fd, SHUT_WR);/* future: remove if HTTP/1.1 request */
+		      #if (defined(__APPLE__) && defined(__MACH__)) \
+			|| defined(__FreeBSD__) || defined(__NetBSD__) \
+			|| defined(__OpenBSD__) || defined(__DragonflyBSD__)
+			/*(*BSD stack on remote might signal POLLHUP and remote
+			 * might treat as socket error instead of half-close)*/
+		      #else
+			/*(remote could be different machine running affected OS,
+			 * so only issue shutdown for known local sockets)*/
+			if ( '/' == host->host->ptr[0]
+			    || buffer_is_equal_string(host->host, CONST_STR_LEN("127.0.0.1"))
+			    || buffer_is_equal_string(host->host, CONST_STR_LEN("::1"))) {
+				shutdown(hctx->fd, SHUT_WR);/* future: remove if HTTP/1.1 request */
+			}
+		      #endif
 			proxy_set_state(srv, hctx, PROXY_STATE_READ);
 		} else {
 			off_t wblen = hctx->wb->bytes_in - hctx->wb->bytes_out;
@@ -992,7 +1005,8 @@ SUBREQUEST_FUNC(mod_proxy_handle_subrequ
 		}
 	}
 
-	return (0 == hctx->wb->bytes_in || !chunkqueue_is_empty(hctx->wb))
+	return ((0 == hctx->wb->bytes_in || !chunkqueue_is_empty(hctx->wb))
+		&& hctx->state != PROXY_STATE_CONNECT)
 	  ? proxy_send_request(srv, hctx)
 	  : HANDLER_WAIT_FOR_EVENT;
 }




--- src/mod_scgi.c.orig	2016-08-07 12:39:31 UTC
+++ src/mod_scgi.c
@@ -2438,7 +2438,20 @@ static handler_t scgi_write_request(serv
 
 		if (hctx->wb->bytes_out == hctx->wb_reqlen) {
 			fdevent_event_clr(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_OUT);
-			shutdown(hctx->fd, SHUT_WR);
+		      #if (defined(__APPLE__) && defined(__MACH__)) \
+			|| defined(__FreeBSD__) || defined(__NetBSD__) \
+			|| defined(__OpenBSD__) || defined(__DragonflyBSD__)
+			/*(*BSD stack on remote might signal POLLHUP and remote
+			 * might treat as socket error instead of half-close)*/
+		      #else
+			/*(remote could be different machine running affected OS,
+			 * so only issue shutdown for known local sockets)*/
+			if ( '/' == host->host->ptr[0]
+			    || buffer_is_equal_string(host->host, CONST_STR_LEN("127.0.0.1"))
+			    || buffer_is_equal_string(host->host, CONST_STR_LEN("::1"))) {
+				shutdown(hctx->fd, SHUT_WR);
+			}
+		      #endif
 			scgi_set_state(srv, hctx, FCGI_STATE_READ);
 		} else {
 			off_t wblen = hctx->wb->bytes_in - hctx->wb->bytes_out;
@@ -2585,7 +2598,8 @@ SUBREQUEST_FUNC(mod_scgi_handle_subreque
 		}
 	}
 
-	return (0 == hctx->wb->bytes_in || !chunkqueue_is_empty(hctx->wb))
+	return ((0 == hctx->wb->bytes_in || !chunkqueue_is_empty(hctx->wb))
+		&& hctx->state != FCGI_STATE_CONNECT)
 	  ? scgi_send_request(srv, hctx)
 	  : HANDLER_WAIT_FOR_EVENT;
 }

Lines 2-9 Link Here

(-)pkg-plist (-1 / +8 lines)
2	@sample etc/lighttpd/modules.conf.sample	2	@sample etc/lighttpd/modules.conf.sample
3	@sample etc/lighttpd/conf.d/access_log.conf.sample	3	@sample etc/lighttpd/conf.d/access_log.conf.sample
4	@sample etc/lighttpd/conf.d/auth.conf.sample	4	@sample etc/lighttpd/conf.d/auth.conf.sample
		5	@sample etc/lighttpd/conf.d/cgi.conf.sample
5	@sample etc/lighttpd/conf.d/cml.conf.sample	6	@sample etc/lighttpd/conf.d/cml.conf.sample
6	@sample etc/lighttpd/conf.d/cgi.conf.sample
7	@sample etc/lighttpd/conf.d/compress.conf.sample	7	@sample etc/lighttpd/conf.d/compress.conf.sample
8	@sample etc/lighttpd/conf.d/debug.conf.sample	8	@sample etc/lighttpd/conf.d/debug.conf.sample
9	@sample etc/lighttpd/conf.d/dirlisting.conf.sample	9	@sample etc/lighttpd/conf.d/dirlisting.conf.sample
Lines 28-36 Link Here
28	lib/lighttpd/mod_accesslog.so	28	lib/lighttpd/mod_accesslog.so
29	lib/lighttpd/mod_alias.so	29	lib/lighttpd/mod_alias.so
30	lib/lighttpd/mod_auth.so	30	lib/lighttpd/mod_auth.so
		31	lib/lighttpd/mod_authn_file.so
		32	lib/lighttpd/mod_authn_gssapi.so
		33	lib/lighttpd/mod_authn_ldap.so
		34	lib/lighttpd/mod_authn_mysql.so
31	lib/lighttpd/mod_cgi.so	35	lib/lighttpd/mod_cgi.so
32	lib/lighttpd/mod_cml.so	36	lib/lighttpd/mod_cml.so
33	lib/lighttpd/mod_compress.so	37	lib/lighttpd/mod_compress.so
		38	lib/lighttpd/mod_deflate.so
34	lib/lighttpd/mod_dirlisting.so	39	lib/lighttpd/mod_dirlisting.so
35	lib/lighttpd/mod_evasive.so	40	lib/lighttpd/mod_evasive.so
36	lib/lighttpd/mod_evhost.so	41	lib/lighttpd/mod_evhost.so
Lines 38-43 Link Here
38	lib/lighttpd/mod_extforward.so	43	lib/lighttpd/mod_extforward.so
39	lib/lighttpd/mod_fastcgi.so	44	lib/lighttpd/mod_fastcgi.so
40	lib/lighttpd/mod_flv_streaming.so	45	lib/lighttpd/mod_flv_streaming.so
		46	lib/lighttpd/mod_geoip.so
41	lib/lighttpd/mod_indexfile.so	47	lib/lighttpd/mod_indexfile.so
42	lib/lighttpd/mod_magnet.so	48	lib/lighttpd/mod_magnet.so
43	lib/lighttpd/mod_mysql_vhost.so	49	lib/lighttpd/mod_mysql_vhost.so
Lines 53-58 Link Here
53	lib/lighttpd/mod_staticfile.so	59	lib/lighttpd/mod_staticfile.so
54	lib/lighttpd/mod_status.so	60	lib/lighttpd/mod_status.so
55	lib/lighttpd/mod_trigger_b4_dl.so	61	lib/lighttpd/mod_trigger_b4_dl.so
		62	lib/lighttpd/mod_uploadprogress.so
56	lib/lighttpd/mod_userdir.so	63	lib/lighttpd/mod_userdir.so
57	lib/lighttpd/mod_usertrack.so	64	lib/lighttpd/mod_usertrack.so
58	lib/lighttpd/mod_webdav.so	65	lib/lighttpd/mod_webdav.so

Return to bug 213568

Lines 2-9 Link Here

(-)Makefile (-29 / +7 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME?= lighttpd	4	PORTNAME?= lighttpd
5	PORTVERSION= 1.4.41	5	PORTVERSION= 1.4.42
6	PORTREVISION= 1
7	CATEGORIES?= www	6	CATEGORIES?= www
8	MASTER_SITES?= http://download.lighttpd.net/lighttpd/releases-1.4.x/	7	MASTER_SITES?= http://download.lighttpd.net/lighttpd/releases-1.4.x/
9		8
Lines 30-36 Link Here
30	.if !defined(_BUILDING_LIGHTTPD_MODULE)	29	.if !defined(_BUILDING_LIGHTTPD_MODULE)
31	USE_RC_SUBR= lighttpd	30	USE_RC_SUBR= lighttpd
32		31
33	OPTIONS_DEFINE= ATTR BZIP2 DOCS FAM GDBM IPV6 LIBEV LUA MEMCACHED MYSQL MYSQLAUTH \	32	OPTIONS_DEFINE= ATTR BZIP2 DOCS FAM GDBM IPV6 LIBEV LUA MEMCACHED \
34	LDAP OPENSSL SPAWNFCGI VALGRIND WEBDAV	33	LDAP OPENSSL SPAWNFCGI VALGRIND WEBDAV
35		34
36	OPTIONS_DEFAULT= OPENSSL	35	OPTIONS_DEFAULT= OPENSSL
Lines 42-49 Link Here
42	LIBEV_DESC= Fast events support via libev (disables kqueue)	41	LIBEV_DESC= Fast events support via libev (disables kqueue)
43	LUA_DESC= lua support (mod_cml, mod_magnet)	42	LUA_DESC= lua support (mod_cml, mod_magnet)
44	MEMCACHED_DESC= memcached storage (mod_trigger_b4_dl)	43	MEMCACHED_DESC= memcached storage (mod_trigger_b4_dl)
45	MYSQL_DESC= MySQL support (mod_mysql_vhost)
46	MYSQLAUTH_DESC= MySQL authentication
47	SPAWNFCGI_DESC= Depend on spawn-fcgi utility	44	SPAWNFCGI_DESC= Depend on spawn-fcgi utility
48	VALGRIND_DESC= valgrind support	45	VALGRIND_DESC= valgrind support
49	WEBDAV_DESC= WebDAV support	46	WEBDAV_DESC= WebDAV support
Lines 63-69 Link Here
63	LUA_CONFIGURE_ENV= LUA_CFLAGS="-I${LUA_INCDIR}" LUA_LIBS="-L${LUA_LIBDIR} -llua-${LUA_VER}"	60	LUA_CONFIGURE_ENV= LUA_CFLAGS="-I${LUA_INCDIR}" LUA_LIBS="-L${LUA_LIBDIR} -llua-${LUA_VER}"
64	MEMCACHED_LIB_DEPENDS= libmemcached.so:databases/libmemcached	61	MEMCACHED_LIB_DEPENDS= libmemcached.so:databases/libmemcached
65	MEMCACHED_CONFIGURE_WITH=memcached	62	MEMCACHED_CONFIGURE_WITH=memcached
66	MYSQLAUTH_IMPLIES= MYSQL
67	OPENSSL_USES= ssl	63	OPENSSL_USES= ssl
68	OPENSSL_CONFIGURE_WITH= openssl	64	OPENSSL_CONFIGURE_WITH= openssl
69	OPENSSL_CONFIGURE_ON= --with-openssl-includes=${OPENSSLINC} --with-openssl-libs=${OPENSSLLIB}	65	OPENSSL_CONFIGURE_ON= --with-openssl-includes=${OPENSSLINC} --with-openssl-libs=${OPENSSLLIB}
Lines 71-76 Link Here
71	VALGRIND_BUILD_DEPENDS= valgrind:devel/valgrind	67	VALGRIND_BUILD_DEPENDS= valgrind:devel/valgrind
72	VALGRIND_RUN_DEPENDS= valgrind:devel/valgrind	68	VALGRIND_RUN_DEPENDS= valgrind:devel/valgrind
73	VALGRIND_CONFIGURE_WITH=valgrind	69	VALGRIND_CONFIGURE_WITH=valgrind
		70	WEBDAV_USE= GNOME=libxml2
		71	WEBDAV_LIB_DEPENDS= libuuid.so:misc/e2fsprogs-libuuid \
		72	libsqlite3.so:databases/sqlite3
		73	WEBDAV_CONFIGURE_WITH= webdav-props webdav-locks
74		74
75	LIGHTTPD_CONF_FILES= lighttpd.conf modules.conf	75	LIGHTTPD_CONF_FILES= lighttpd.conf modules.conf
76		76
Lines 109-127 Link Here
109		109
110	.if ${PORT_OPTIONS:MMYSQL}	110	.if ${PORT_OPTIONS:MMYSQL}
111	USES+= mysql	111	USES+= mysql
112	CONFIGURE_ARGS+= --with-mysql	112	CONFIGURE_ARGS+= -with-mysql
113	_REQUIRE+= mysql	113	_REQUIRE+= mysql
114	.endif	114	.endif
115		115
116	.if ${PORT_OPTIONS:MMYSQLAUTH}
117	EXTRA_PATCHES+= ${FILESDIR}/extra-patch-src_Makefile.am \
118	${FILESDIR}/extra-patch-src_Makefile.in \
119	${FILESDIR}/extra-patch-src_http__auth.c \
120	${FILESDIR}/extra-patch-src_http__auth.h \
121	${FILESDIR}/extra-patch-src_mod__auth.c
122	PORTDOCS+= README.mysqlauth mysql_auth.sql
123	.endif
124
125	.if ${PORT_OPTIONS:MLDAP}	116	.if ${PORT_OPTIONS:MLDAP}
126	USE_OPENLDAP= yes	117	USE_OPENLDAP= yes
127	CONFIGURE_ARGS+= --with-ldap	118	CONFIGURE_ARGS+= --with-ldap
Lines 128-140 Link Here
128	_REQUIRE+= slapd	119	_REQUIRE+= slapd
129	.endif	120	.endif
130		121
131	.if ${PORT_OPTIONS:MWEBDAV}
132	USE_GNOME+= libxml2
133	LIB_DEPENDS+= libuuid.so:misc/e2fsprogs-libuuid \
134	libsqlite3.so:databases/sqlite3
135	CONFIGURE_ARGS+= --with-webdav-props --with-webdav-locks
136	.endif
137
138	SUB_LIST+= REQUIRE="${_REQUIRE}"	122	SUB_LIST+= REQUIRE="${_REQUIRE}"
139		123
140	post-patch:	124	post-patch:
Lines 182-193 Link Here
182	${INSTALL_DATA} ${WRKSRC}/${FILE} ${STAGEDIR}${DOCSDIR}/${FILE}	166	${INSTALL_DATA} ${WRKSRC}/${FILE} ${STAGEDIR}${DOCSDIR}/${FILE}
183	. endfor	167	. endfor
184		168
185	post-install-MYSQLAUTH-on:
186	@${MKDIR} ${STAGEDIR}${DOCSDIR}
187	. for FILE in README.mysqlauth mysql_auth.sql
188	${INSTALL_DATA} ${FILESDIR}/${FILE} ${STAGEDIR}${DOCSDIR}/${FILE}
189	. endfor
190
191	test: build	169	test: build
192	@cd ${WRKSRC}/tests && ${SETENV} ${MAKE_ENV} ${MAKE} \	170	@cd ${WRKSRC}/tests && ${SETENV} ${MAKE_ENV} ${MAKE} \
193	${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} \	171	${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} \

Lines 1-45 Link Here

(-)files/README.mysqlauth (-44 lines)
1	References:
2	http://redmine.lighttpd.net/issues/752
3	http://redmine.lighttpd.net/attachments/1012/03_all_lighttpd-1.4.23-mysql_auth.diff
4	http://redmine.lighttpd.net/attachments/download/1012/03_all_lighttpd-1.4.23-mysql_auth.diff
5
6	This patch allows lighttpd to authenticate users against mySQL DBbr
7	NOTE: Only basic auth is implemented. Passwords are stored as MD5 hash in DB
8
9	make mysql db and user (read mySQL doc's if you don't know how)
10	import lighttpd-1.4.11-mysql_auth.sql
11
12	open lighttpd.conf and add
13	(be sure that you comment out any other auth - according to lighttpd docs)
14
15	auth.backend = "mysql"
16	auth.backend.mysql.host = "localhost"
17	auth.backend.mysql.user = "db_user"
18	auth.backend.mysql.pass = "db_pass"
19	auth.backend.mysql.db = "db_name"
20	auth.backend.mysql.port = "0" # (for default port 0, always needed)
21	auth.backend.mysql.socket = "" # (for default leave blank, always needed)
22	auth.backend.mysql.users_table = "users_table"
23	auth.backend.mysql.col_user = "col_name_username"
24	auth.backend.mysql.col_pass = "col_name_password" # (md5 hash of password)
25	auth.backend.mysql.col_realm = "col_realm_name"
26
27	configure lighttpd to use it (same as every other auth)
28
29	auth.require = ( "/some_path" =>
30	(
31	"method" => "basic",
32	"realm" => "some_realm",
33	"require" => "some_user",
34	)
35	)
36
37	start lighttpd
38
39	P.S. patch include more complicated setup with separate table for domains.
40	If you are interested please contact with me to obtain more information.
41
42	Bugs, Patches and Suggestions
43	Send me E-Mail: drJeckyll@Jeckyll.net
44

Lines 1-193 Link Here

(-)files/extra-patch-src_http__auth.c (-193 lines)
1	--- src/http_auth.c.orig 2016-07-16 10:06:16 UTC
2	+++ src/http_auth.c
3	@@ -30,6 +30,7 @@
4	#include <errno.h>
5	#include <unistd.h>
6	#include <ctype.h>
7	+#include <mysql/mysql.h>
8
9	#include "md5.h"
10
11	@@ -194,9 +195,119 @@ static int http_auth_get_password(server
12	fclose(fp);
13	} else if (p->conf.auth_backend == AUTH_BACKEND_LDAP) {
14	return 0;
15	- }
16	+ } else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) {
17	+ MYSQL_RES *result;
18	+ MYSQL_ROW row;
19	+ int port = atoi(p->conf.auth_mysql_port->ptr);
20	+ char q[255];
21
22	- return -1;
23	+ if (p->conf.auth_mysql_socket->ptr != NULL)
24	+ if (0 == strcmp(p->conf.auth_mysql_socket->ptr, "")) p->conf.auth_mysql_socket->ptr = NULL;
25	+
26	+ p->conf.mysql_conn = mysql_init(NULL);
27	+
28	+ if (mysql_real_connect(p->conf.mysql_conn, p->conf.auth_mysql_host->ptr, p->conf.auth_mysql_user->ptr, p->conf.auth_mysql_pass->ptr, p->conf.auth_mysql_db->ptr, port, p->conf.auth_mysql_socket->ptr, 0))
29	+ {
30	+//#define MY_HOSTING
31	+
32	+#ifdef MY_HOSTING
33	+ char my_full_realm[255];
34	+ char *my_realm = NULL;
35	+ char *my_domain = NULL;
36	+
37	+ char *uname;
38	+ size_t unamelen;
39	+
40	+ unamelen = strlen(username->ptr);
41	+ uname = malloc(unamelen*2+1);
42	+
43	+ mysql_real_escape_string(p->conf.mysql_conn,
44	+ uname, username->ptr,
45	+ (unsigned long)unamelen);
46	+
47	+ strcpy(my_full_realm, realm->ptr);
48	+ my_realm = strtok(my_full_realm, "@");
49	+
50	+ if (my_realm != NULL)
51	+ my_domain = strtok(NULL, "@");
52	+
53	+ sprintf(q, "SELECT %s FROM %s, %s WHERE %s='%s' AND %s='%s' AND %s='%s' AND %s=%s",
54	+ p->conf.auth_mysql_col_pass->ptr,
55	+
56	+ p->conf.auth_mysql_users_table->ptr,
57	+ p->conf.auth_mysql_domains_table->ptr,
58	+
59	+ p->conf.auth_mysql_col_user->ptr,
60	+ uname,
61	+
62	+ p->conf.auth_mysql_col_realm->ptr,
63	+ my_realm,
64	+
65	+ p->conf.auth_mysql_col_domain->ptr,
66	+ my_domain,
67	+
68	+ p->conf.auth_mysql_domains_table_col_domain_id->ptr,
69	+ p->conf.auth_mysql_users_table_col_domain_id->ptr
70	+ );
71	+
72	+ free(uname);
73	+#else
74	+ // sanitize username & realm by taguchi@ff.iij4u.or.jp
75	+ char uname, urealm;
76	+ size_t unamelen, urealmlen;
77	+
78	+ unamelen = strlen(username->ptr);
79	+ urealmlen = strlen(realm->ptr);
80	+ uname = malloc(unamelen*2+1);
81	+ urealm = malloc(urealmlen*2+1);
82	+
83	+ mysql_real_escape_string(p->conf.mysql_conn,
84	+ uname, username->ptr,
85	+ (unsigned long)unamelen);
86	+
87	+ mysql_real_escape_string(p->conf.mysql_conn,
88	+ urealm, realm->ptr,
89	+ (unsigned long)unamelen);
90	+
91	+ mysql_real_escape_string(p->conf.mysql_conn,
92	+ urealm, realm->ptr,
93	+ (unsigned long)urealmlen);
94	+
95	+ sprintf(q, "SELECT %s FROM %s WHERE %s='%s' AND %s='%s'",
96	+ p->conf.auth_mysql_col_pass->ptr,
97	+ p->conf.auth_mysql_users_table->ptr,
98	+ p->conf.auth_mysql_col_user->ptr,
99	+ uname,
100	+ p->conf.auth_mysql_col_realm->ptr,
101	+ urealm
102	+ );
103	+
104	+ free(uname);
105	+ free(urealm);
106	+#endif
107	+
108	+ mysql_query(p->conf.mysql_conn, q);
109	+ result = mysql_store_result(p->conf.mysql_conn);
110	+ if (mysql_num_rows(result) == 1)
111	+ {
112	+ /* found */
113	+ row = mysql_fetch_row(result);
114	+ buffer_copy_string_len(password, row[0], strlen(row[0]));
115	+
116	+ return 0;
117	+ } else
118	+ {
119	+ /* not found */
120	+ return -1;
121	+ }
122	+
123	+ mysql_free_result(result);
124	+ mysql_close(p->conf.mysql_conn);
125	+
126	+ p->conf.mysql_conn = NULL;
127	+ } else
128	+ return -1;
129	+ }
130	}
131
132	int http_auth_match_rules(server srv, array req, const char username, const char group, const char *host) {
133	@@ -711,6 +822,60 @@ static int http_auth_basic_password_comp
134
135	return 0;
136	#endif
137	+ } else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) {
138	+ /*
139	+ we check for md5 crypt() now
140	+ request by Nicola Tiling <nti@w4w.net>
141	+ */
142	+ if (password->ptr[0] == '$' && password->ptr[2] == '$')
143	+ {
144	+ char salt[32];
145	+ char *crypted;
146	+ size_t salt_len = 0;
147	+ char *dollar = NULL;
148	+
149	+ if (NULL == (dollar = strchr(password->ptr + 3, '$'))) {
150	+ fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
151	+ return -1;
152	+ }
153	+
154	+ salt_len = dollar - password->ptr;
155	+
156	+ if (salt_len > sizeof(salt) - 1)
157	+ {
158	+ fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
159	+ return -1;
160	+ }
161	+
162	+ strncpy(salt, password->ptr, salt_len);
163	+
164	+ salt[salt_len] = '\0';
165	+
166	+ crypted = crypt(pw, salt);
167	+
168	+ if (0 == strcmp(password->ptr, crypted))
169	+ {
170	+ return 0;
171	+ } else {
172	+ fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
173	+ }
174	+ } else
175	+ /* plain md5 check now */
176	+ {
177	+ li_MD5_CTX Md5Ctx;
178	+ HASH HA1;
179	+ char a1[256];
180	+
181	+ li_MD5_Init(&Md5Ctx);
182	+ li_MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw));
183	+ li_MD5_Final(HA1, &Md5Ctx);
184	+
185	+ CvtHex(HA1, a1);
186	+
187	+ if (0 == strcmp(password->ptr, a1)) {
188	+ return 0;
189	+ }
190	+ }
191	}
192	return -1;
193	}

Lines 1-43 Link Here

(-)files/extra-patch-src_http__auth.h (-43 lines)
1	--- src/http_auth.h.orig 2016-07-16 10:06:16 UTC
2	+++ src/http_auth.h
3	@@ -9,13 +9,15 @@
4	# define USE_LDAP
5	# include <ldap.h>
6	#endif
7	+#include <mysql/mysql.h>
8
9	typedef enum {
10	AUTH_BACKEND_UNSET,
11	AUTH_BACKEND_PLAIN,
12	AUTH_BACKEND_LDAP,
13	AUTH_BACKEND_HTPASSWD,
14	- AUTH_BACKEND_HTDIGEST
15	+ AUTH_BACKEND_HTDIGEST,
16	+ AUTH_BACKEND_MYSQL
17	} auth_backend_t;
18
19	typedef struct {
20	@@ -50,6 +52,23 @@ typedef struct {
21	buffer *ldap_filter_pre;
22	buffer *ldap_filter_post;
23	#endif
24	+
25	+ MYSQL *mysql_conn;
26	+ buffer *auth_mysql_host;
27	+ buffer *auth_mysql_user;
28	+ buffer *auth_mysql_pass;
29	+ buffer *auth_mysql_db;
30	+ buffer *auth_mysql_port;
31	+ buffer *auth_mysql_socket;
32	+ buffer *auth_mysql_users_table;
33	+ buffer *auth_mysql_col_user;
34	+ buffer *auth_mysql_col_pass;
35	+ buffer *auth_mysql_col_realm;
36	+ buffer *auth_mysql_domains_table;
37	+ buffer *auth_mysql_col_domain;
38	+ buffer *auth_mysql_domains_table_col_domain_id;
39	+ buffer *auth_mysql_users_table_col_domain_id;
40	+
41	} mod_auth_plugin_config;
42
43	typedef struct {

Lines 1-200 Link Here

(-)files/extra-patch-src_mod__auth.c (-200 lines)
1	--- src/mod_auth.c.orig 2016-07-16 10:06:16 UTC
2	+++ src/mod_auth.c
3	@@ -13,6 +13,7 @@
4	#include <errno.h>
5	#include <fcntl.h>
6	#include <unistd.h>
7	+#include <mysql/mysql.h>
8
9	handler_t auth_ldap_init(server srv, mod_auth_plugin_config s);
10
11	@@ -84,6 +85,19 @@ FREE_FUNC(mod_auth_free) {
12
13	if (s->ldap) ldap_unbind_s(s->ldap);
14	#endif
15	+ buffer_free(s->auth_mysql_host);
16	+ buffer_free(s->auth_mysql_user);
17	+ buffer_free(s->auth_mysql_pass);
18	+ buffer_free(s->auth_mysql_db);
19	+ buffer_free(s->auth_mysql_socket);
20	+ buffer_free(s->auth_mysql_users_table);
21	+ buffer_free(s->auth_mysql_col_user);
22	+ buffer_free(s->auth_mysql_col_pass);
23	+ buffer_free(s->auth_mysql_col_realm);
24	+ buffer_free(s->auth_mysql_domains_table);
25	+ buffer_free(s->auth_mysql_col_domain);
26	+ buffer_free(s->auth_mysql_domains_table_col_domain_id);
27	+ buffer_free(s->auth_mysql_users_table_col_domain_id);
28
29	free(s);
30	}
31	@@ -122,6 +136,21 @@ static int mod_auth_patch_connection(ser
32	PATCH(ldap_filter_post);
33	#endif
34
35	+ PATCH(auth_mysql_host);
36	+ PATCH(auth_mysql_user);
37	+ PATCH(auth_mysql_pass);
38	+ PATCH(auth_mysql_db);
39	+ PATCH(auth_mysql_port);
40	+ PATCH(auth_mysql_socket);
41	+ PATCH(auth_mysql_users_table);
42	+ PATCH(auth_mysql_col_user);
43	+ PATCH(auth_mysql_col_pass);
44	+ PATCH(auth_mysql_col_realm);
45	+ PATCH(auth_mysql_domains_table);
46	+ PATCH(auth_mysql_col_domain);
47	+ PATCH(auth_mysql_domains_table_col_domain_id);
48	+ PATCH(auth_mysql_users_table_col_domain_id);
49	+
50	/* skip the first, the global context */
51	for (i = 1; i < srv->config_context->used; i++) {
52	data_config dc = (data_config )srv->config_context->data[i];
53	@@ -171,6 +200,34 @@ static int mod_auth_patch_connection(ser
54	PATCH(auth_ldap_bindpw);
55	} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.allow-empty-pw"))) {
56	PATCH(auth_ldap_allow_empty_pw);
57	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.host"))) {
58	+ PATCH(auth_mysql_host);
59	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.user"))) {
60	+ PATCH(auth_mysql_user);
61	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.pass"))) {
62	+ PATCH(auth_mysql_pass);
63	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.db"))) {
64	+ PATCH(auth_mysql_db);
65	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.port"))) {
66	+ PATCH(auth_mysql_port);
67	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.socket"))) {
68	+ PATCH(auth_mysql_user);
69	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table"))) {
70	+ PATCH(auth_mysql_users_table);
71	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_user"))) {
72	+ PATCH(auth_mysql_col_user);
73	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_pass"))) {
74	+ PATCH(auth_mysql_col_pass);
75	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_realm"))) {
76	+ PATCH(auth_mysql_col_realm);
77	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table"))) {
78	+ PATCH(auth_mysql_domains_table);
79	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_domain"))) {
80	+ PATCH(auth_mysql_col_domain);
81	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table_col_domain_id"))) {
82	+ PATCH(auth_mysql_domains_table_col_domain_id);
83	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table_col_domain_id"))) {
84	+ PATCH(auth_mysql_users_table_col_domain_id);
85	}
86	}
87	}
88	@@ -362,10 +419,25 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults)
89	{ "auth.backend.ldap.starttls", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 8 */
90	{ "auth.backend.ldap.bind-dn", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 9 */
91	{ "auth.backend.ldap.bind-pw", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 10 */
92	- { "auth.backend.ldap.allow-empty-pw", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 11 */
93	+ { "auth.backend.ldap.allow-empty-pw", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION },
94	{ "auth.backend.htdigest.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 12 */
95	{ "auth.backend.htpasswd.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 13 */
96	{ "auth.debug", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 14 */
97	+ { "auth.backend.mysql.host", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
98	+ { "auth.backend.mysql.user", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
99	+ { "auth.backend.mysql.pass", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
100	+ { "auth.backend.mysql.db", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
101	+ { "auth.backend.mysql.port", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
102	+ { "auth.backend.mysql.socket", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
103	+ { "auth.backend.mysql.users_table", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
104	+ { "auth.backend.mysql.col_user", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
105	+ { "auth.backend.mysql.col_pass", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
106	+ { "auth.backend.mysql.col_realm", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 23 */
107	+ { "auth.backend.mysql.domains_table", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
108	+ { "auth.backend.mysql.col_domain", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
109	+ { "auth.backend.mysql.domains_table_col_domain_id", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
110	+ { "auth.backend.mysql.users_table_col_domain_id", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 27 */
111	+
112	{ NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
113	};
114
115	@@ -394,6 +466,22 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults)
116	s->auth_debug = 0;
117
118	s->auth_require = array_init();
119	+ s->mysql_conn = NULL;
120	+ s->auth_mysql_host = buffer_init();
121	+ s->auth_mysql_user = buffer_init();
122	+ s->auth_mysql_pass = buffer_init();
123	+ s->auth_mysql_db = buffer_init();
124	+ s->auth_mysql_port = buffer_init();
125	+ s->auth_mysql_socket = buffer_init();
126	+ s->auth_mysql_users_table = buffer_init();
127	+ s->auth_mysql_col_user = buffer_init();
128	+ s->auth_mysql_col_pass = buffer_init();
129	+ s->auth_mysql_col_realm = buffer_init();
130	+ s->auth_mysql_domains_table = buffer_init();
131	+ s->auth_mysql_col_domain = buffer_init();
132	+ s->auth_mysql_domains_table_col_domain_id = buffer_init();
133	+ s->auth_mysql_users_table_col_domain_id = buffer_init();
134	+
135
136	#ifdef USE_LDAP
137	s->ldap_filter_pre = buffer_init();
138	@@ -416,7 +504,20 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults)
139	cv[12].destination = s->auth_htdigest_userfile;
140	cv[13].destination = s->auth_htpasswd_userfile;
141	cv[14].destination = &(s->auth_debug);
142	-
143	+ cv[15].destination = s->auth_mysql_host;
144	+ cv[16].destination = s->auth_mysql_user;
145	+ cv[17].destination = s->auth_mysql_pass;
146	+ cv[18].destination = s->auth_mysql_db;
147	+ cv[19].destination = s->auth_mysql_port;
148	+ cv[20].destination = s->auth_mysql_socket;
149	+ cv[21].destination = s->auth_mysql_users_table;
150	+ cv[22].destination = s->auth_mysql_col_user;
151	+ cv[23].destination = s->auth_mysql_col_pass;
152	+ cv[24].destination = s->auth_mysql_col_realm;
153	+ cv[25].destination = s->auth_mysql_domains_table;
154	+ cv[26].destination = s->auth_mysql_col_domain;
155	+ cv[27].destination = s->auth_mysql_domains_table_col_domain_id;
156	+ cv[28].destination = s->auth_mysql_users_table_col_domain_id;
157	p->config_storage[i] = s;
158
159	if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) {
160	@@ -432,6 +533,8 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults)
161	s->auth_backend = AUTH_BACKEND_PLAIN;
162	} else if (0 == strcmp(s->auth_backend_conf->ptr, "ldap")) {
163	s->auth_backend = AUTH_BACKEND_LDAP;
164	+ } else if (0 == strcmp(s->auth_backend_conf->ptr, "mysql")) {
165	+ s->auth_backend = AUTH_BACKEND_MYSQL;
166	} else {
167	log_error_write(srv, __FILE__, __LINE__, "sb", "auth.backend not supported:", s->auth_backend_conf);
168
169	@@ -573,6 +676,31 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults)
170	return (ret);
171	break;
172	}
173	+ case AUTH_BACKEND_MYSQL: {
174	+ int port = atoi(s->auth_mysql_port->ptr);
175	+
176	+ /* ignore if auth_mysql_socket is invalid */
177	+ if (p->conf.auth_mysql_socket == NULL)
178	+ return HANDLER_GO_ON;
179	+ if (p->conf.auth_mysql_socket->ptr != NULL)
180	+ if (0 == strcmp(s->auth_mysql_socket->ptr, "")) s->auth_mysql_socket->ptr = NULL;
181	+
182	+ s->mysql_conn = mysql_init(NULL);
183	+ if (!mysql_real_connect(s->mysql_conn, s->auth_mysql_host->ptr, s->auth_mysql_user->ptr, s->auth_mysql_pass->ptr, s->auth_mysql_db->ptr, port, NULL, 0))
184	+ {
185	+ log_error_write(srv, __FILE__, __LINE__, "sbsbsbsbss",
186	+ "opening connection to mysql:", s->auth_mysql_host,
187	+ "user:", s->auth_mysql_user,
188	+ "pass:", s->auth_mysql_pass,
189	+ "db:", s->auth_mysql_db,
190	+ "failed:", strerror(errno));
191	+
192	+ return HANDLER_ERROR;
193	+ }
194	+ mysql_close(s->mysql_conn);
195	+
196	+ break;
197	+ }
198	default:
199	break;
200	}

Lines 1-12 Link Here

(-)files/patch-src_mod__fastcgi.c (-12 lines)
1	--- src/mod_fastcgi.c.orig 2016-08-07 17:19:10 UTC
2	+++ src/mod_fastcgi.c
3	@@ -3257,7 +3257,8 @@ SUBREQUEST_FUNC(mod_fastcgi_handle_subre
4	}
5	}
6
7	- return (0 == hctx->wb->bytes_in \|\| !chunkqueue_is_empty(hctx->wb))
8	+ return ((0 == hctx->wb->bytes_in \|\| !chunkqueue_is_empty(hctx->wb))
9	+ && hctx->state != FCGI_STATE_CONNECT_DELAYED)
10	? fcgi_send_request(srv, hctx)
11	: HANDLER_WAIT_FOR_EVENT;
12	}

Lines 1-34 Link Here

(-)files/patch-src_mod__proxy.c (-34 lines)
1	--- src/mod_proxy.c.orig 2016-07-31 12:42:39 UTC
2	+++ src/mod_proxy.c
3	@@ -854,7 +854,20 @@ static handler_t proxy_write_request(ser
4
5	if (hctx->wb->bytes_out == hctx->wb_reqlen) {
6	fdevent_event_clr(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_OUT);
7	- shutdown(hctx->fd, SHUT_WR);/* future: remove if HTTP/1.1 request */
8	+ #if (defined(__APPLE__) && defined(__MACH__)) \
9	+ \|\| defined(__FreeBSD__) \|\| defined(__NetBSD__) \
10	+ \|\| defined(__OpenBSD__) \|\| defined(__DragonflyBSD__)
11	+ /(BSD stack on remote might signal POLLHUP and remote
12	+ * might treat as socket error instead of half-close)*/
13	+ #else
14	+ /*(remote could be different machine running affected OS,
15	+ * so only issue shutdown for known local sockets)*/
16	+ if ( '/' == host->host->ptr[0]
17	+ \|\| buffer_is_equal_string(host->host, CONST_STR_LEN("127.0.0.1"))
18	+ \|\| buffer_is_equal_string(host->host, CONST_STR_LEN("::1"))) {
19	+ shutdown(hctx->fd, SHUT_WR);/* future: remove if HTTP/1.1 request */
20	+ }
21	+ #endif
22	proxy_set_state(srv, hctx, PROXY_STATE_READ);
23	} else {
24	off_t wblen = hctx->wb->bytes_in - hctx->wb->bytes_out;
25	@@ -992,7 +1005,8 @@ SUBREQUEST_FUNC(mod_proxy_handle_subrequ
26	}
27	}
28
29	- return (0 == hctx->wb->bytes_in \|\| !chunkqueue_is_empty(hctx->wb))
30	+ return ((0 == hctx->wb->bytes_in \|\| !chunkqueue_is_empty(hctx->wb))
31	+ && hctx->state != PROXY_STATE_CONNECT)
32	? proxy_send_request(srv, hctx)
33	: HANDLER_WAIT_FOR_EVENT;
34	}

Lines 1-34 Link Here

(-)files/patch-src_mod__scgi.c (-34 lines)
1	--- src/mod_scgi.c.orig 2016-08-07 12:39:31 UTC
2	+++ src/mod_scgi.c
3	@@ -2438,7 +2438,20 @@ static handler_t scgi_write_request(serv
4
5	if (hctx->wb->bytes_out == hctx->wb_reqlen) {
6	fdevent_event_clr(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_OUT);
7	- shutdown(hctx->fd, SHUT_WR);
8	+ #if (defined(__APPLE__) && defined(__MACH__)) \
9	+ \|\| defined(__FreeBSD__) \|\| defined(__NetBSD__) \
10	+ \|\| defined(__OpenBSD__) \|\| defined(__DragonflyBSD__)
11	+ /(BSD stack on remote might signal POLLHUP and remote
12	+ * might treat as socket error instead of half-close)*/
13	+ #else
14	+ /*(remote could be different machine running affected OS,
15	+ * so only issue shutdown for known local sockets)*/
16	+ if ( '/' == host->host->ptr[0]
17	+ \|\| buffer_is_equal_string(host->host, CONST_STR_LEN("127.0.0.1"))
18	+ \|\| buffer_is_equal_string(host->host, CONST_STR_LEN("::1"))) {
19	+ shutdown(hctx->fd, SHUT_WR);
20	+ }
21	+ #endif
22	scgi_set_state(srv, hctx, FCGI_STATE_READ);
23	} else {
24	off_t wblen = hctx->wb->bytes_in - hctx->wb->bytes_out;
25	@@ -2585,7 +2598,8 @@ SUBREQUEST_FUNC(mod_scgi_handle_subreque
26	}
27	}
28
29	- return (0 == hctx->wb->bytes_in \|\| !chunkqueue_is_empty(hctx->wb))
30	+ return ((0 == hctx->wb->bytes_in \|\| !chunkqueue_is_empty(hctx->wb))
31	+ && hctx->state != FCGI_STATE_CONNECT)
32	? scgi_send_request(srv, hctx)
33	: HANDLER_WAIT_FOR_EVENT;
34	}