Attachment #172763 for bug #211163




# $FreeBSD$

PORTNAME?=	lighttpd
PORTVERSION=	1.4.40
PORTREVISION=	1
CATEGORIES?=	www
MASTER_SITES?=	http://download.lighttpd.net/lighttpd/releases-1.4.x/

MAINTAINER=	pkubaj@anongoth.pl
COMMENT?=	Secure, fast, compliant, and flexible Web Server

.if !defined(_BUILDING_LIGHTTPD_MODULE)

USE_RC_SUBR=	lighttpd

OPTIONS_DEFINE=	ATTR BZIP2 DOCS FAM GDBM IPV6 LIBEV LUA MEMCACHE MYSQL MYSQLAUTH \
		LDAP OPENSSL SPAWNFCGI VALGRIND WEBDAV

OPTIONS_DEFAULT=	OPENSSL


MEMCACHE_DESC=	memcached storage (mod_trigger_b4_dl)
MYSQL_DESC=	MySQL support (mod_mysql_vhost)
MYSQLAUTH_DESC=	MySQL authentication (requires WITH_MYSQL)
NODELAY_DESC=	Set TCP_NODELAY on listening sockets
SPAWNFCGI_DESC=	Depend on spawn-fcgi utility
VALGRIND_DESC=	valgrind support
WEBDAV_DESC=	WebDAV support

IPV6_CONFIGURE_OFF=	--disable-ipv6
LIBEV_CONFIGURE_WITH=	libev=${LOCALBASE}
LIBEV_LIB_DEPENDS=	libev.so:devel/libev
LUA_USES=		lua
LUA_CONFIGURE_WITH=	lua
LUA_CONFIGURE_ENV=	LUA_CFLAGS="-I${LUA_INCDIR}" LUA_LIBS="-L${LUA_LIBDIR} -llua-${LUA_VER}"
MEMCACHE_LIB_DEPENDS=	libmemcache.so:databases/libmemcache
MEMCACHE_CONFIGURE_WITH=memcache
MYSQLAUTH_IMPLIES=	MYSQL
OPENSSL_USES=		ssl
OPENSSL_CONFIGURE_WITH=	openssl	openssl-includes=${OPENSSLINC}	openssl-libs=${OPENSSLLIB}
SPAWNFCGI_RUN_DEPENDS=	spawn-fcgi:www/spawn-fcgi
VALGRIND_BUILD_DEPENDS=	valgrind:devel/valgrind
VALGRIND_RUN_DEPENDS=	valgrind:devel/valgrind

PORTDOCS=	${DOCS}
.endif

.if ${PORT_OPTIONS:MOPENSSL}
USE_OPENSSL=		yes
CONFIGURE_ARGS+=	--with-openssl \
			--with-openssl-includes=${OPENSSLINC} \
			--with-openssl-libs=${OPENSSLLIB}
.endif

.if ${PORT_OPTIONS:MMYSQL}
USES+=			mysql
CONFIGURE_ARGS+=	--with-mysql
_REQUIRE+=		mysql
.endif

.if ${PORT_OPTIONS:MMYSQLAUTH} && empty(PORT_OPTIONS:MMYSQL)
IGNORE=		option WITH_MYSQLAUTH requires WITH_MYSQL
.endif

.if ${PORT_OPTIONS:MMYSQLAUTH}
EXTRA_PATCHES+=		${FILESDIR}/extra-patch-src_Makefile.am \
			${FILESDIR}/extra-patch-src_Makefile.in \
			${FILESDIR}/extra-patch-src_http__auth.c \
			${FILESDIR}/extra-patch-src_http__auth.h \
			${FILESDIR}/extra-patch-src_mod__auth.c
PORTDOCS+=		README.mysqlauth mysql_auth.sql
.endif

.if ${PORT_OPTIONS:MNODELAY}
EXTRA_PATCHES+=		${FILESDIR}/extra-patch-nodelay
.endif

.if ${PORT_OPTIONS:MLDAP}
USE_OPENLDAP=		yes
CONFIGURE_ARGS+=	--with-ldap

.endfor
	${INSTALL_DATA} ${WRKSRC}/doc/config/vhosts.d/vhosts.template \
		${STAGEDIR}${PREFIX}/etc/lighttpd/vhosts.d/vhosts.template
	@${MKDIR} -m 0700 ${STAGEDIR}${LIGHTTPD_LOGROOT}

post-install-DOCS-on:
	@${MKDIR} ${STAGEDIR}${DOCSDIR}
. for FILE in ${DOCS}
	${INSTALL_DATA} ${WRKSRC}/${FILE} ${STAGEDIR}${DOCSDIR}/${FILE}
. endfor

post-install-MYSQLAUTH-on:
	@${MKDIR} ${STAGEDIR}${DOCSDIR}
. for FILE in README.mysqlauth mysql_auth.sql
	${INSTALL_DATA} ${FILESDIR}/${FILE} ${STAGEDIR}${DOCSDIR}/${FILE}
. endfor
.endif
	@${MKDIR} -m 0700 ${STAGEDIR}${LIGHTTPD_LOGROOT}

test: build
	@cd ${WRKSRC}/tests && ${SETENV} ${MAKE_ENV} ${MAKE} \

Lines 1-6 Link Here

(-)distinfo (-4 / +5 lines)
1	SHA256 (lighttpd-1.4.39.tar.xz) = 7eb9a1853c3d6dd5851682b0733a729ba4158d6bdff80974d5ef5f1f6887365b	1	TIMESTAMP = 1468715038
2	SIZE (lighttpd-1.4.39.tar.xz) = 579180	2	SHA256 (lighttpd-1.4.40.tar.xz) = 80450dfcf7604d6c516a00a0ce750937074ef844bbdee3b3f23384187b9d4f8d
		3	SIZE (lighttpd-1.4.40.tar.xz) = 621448
		4	SHA256 (lighttpd-1.4.26_mod_h264_streaming-2.2.9.patch) = 4e6768af32ce16033fcb0c70b12c55b40082ca105a36f258b0bbf30d64e9dad3
		5	SIZE (lighttpd-1.4.26_mod_h264_streaming-2.2.9.patch) = 242458
3	SHA256 (lighttpd-1.4.26_mod_geoip.patch) = 2858036310b778852d9f039a81629902edffc368658e13bf4779f3642ee1a5ba	6	SHA256 (lighttpd-1.4.26_mod_geoip.patch) = 2858036310b778852d9f039a81629902edffc368658e13bf4779f3642ee1a5ba
4	SIZE (lighttpd-1.4.26_mod_geoip.patch) = 15173	7	SIZE (lighttpd-1.4.26_mod_geoip.patch) = 15173
5	SHA256 (lighttpd-1.4.26_mod_h264_streaming-2.2.9.patch) = bc0e1b97289a89b827ea84e64b614933cc14d67c64d6b727e4928aeec516489c
6	SIZE (lighttpd-1.4.26_mod_h264_streaming-2.2.9.patch) = 242421




diff -Naur new/lighttpd-1.4.23/src/http_auth.c old/lighttpd-1.4.23/src/http_auth.c
--- src/http_auth.c	2009-06-11 14:05:06.000000000 +0400
+++ src/http_auth.c	2009-10-08 10:10:15.000000000 +0400
@@ -24,6 +24,7 @@
 #include <errno.h>
 #include <unistd.h>
 #include <ctype.h>
+#include <mysql/mysql.h>
 
 #include "server.h"
 #include "log.h"
@@ -291,6 +292,117 @@
 		stream_close(&f);
 	} else if (p->conf.auth_backend == AUTH_BACKEND_LDAP) {
 		ret = 0;
+       } else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) {
+               MYSQL_RES *result;
+               MYSQL_ROW row;
+               int port = atoi(p->conf.auth_mysql_port->ptr);
+               char q[255];
+
+               if (p->conf.auth_mysql_socket->ptr != NULL)
+                   if (0 == strcmp(p->conf.auth_mysql_socket->ptr, "")) p->conf.auth_mysql_socket->ptr = NULL;
+
+               p->conf.mysql_conn = mysql_init(NULL);
+
+               if (mysql_real_connect(p->conf.mysql_conn, p->conf.auth_mysql_host->ptr, p->conf.auth_mysql_user->ptr, p->conf.auth_mysql_pass->ptr, p->conf.auth_mysql_db->ptr, port, p->conf.auth_mysql_socket->ptr, 0))
+               {
+//#define MY_HOSTING
+
+#ifdef MY_HOSTING
+                   char my_full_realm[255];
+                   char *my_realm = NULL;
+                   char *my_domain = NULL;
+
+                   char *uname;
+                   size_t unamelen;
+
+                   unamelen = strlen(username->ptr);
+                   uname = malloc(unamelen*2+1);
+
+                   mysql_real_escape_string(p->conf.mysql_conn,
+                                            uname, username->ptr,
+                                            (unsigned long)unamelen);
+
+                   strcpy(my_full_realm, realm->ptr);
+                   my_realm = strtok(my_full_realm, "@");
+
+                   if (my_realm != NULL)
+                   my_domain = strtok(NULL, "@");
+
+                   sprintf(q, "SELECT %s FROM %s, %s WHERE %s='%s' AND %s='%s' AND %s='%s' AND %s=%s",
+                               p->conf.auth_mysql_col_pass->ptr,
+
+                               p->conf.auth_mysql_users_table->ptr,
+                               p->conf.auth_mysql_domains_table->ptr,
+
+                               p->conf.auth_mysql_col_user->ptr,
+                               uname,
+
+                               p->conf.auth_mysql_col_realm->ptr,
+                               my_realm,
+
+                               p->conf.auth_mysql_col_domain->ptr,
+                               my_domain,
+
+                               p->conf.auth_mysql_domains_table_col_domain_id->ptr,
+                               p->conf.auth_mysql_users_table_col_domain_id->ptr
+                   );
+
+                   free(uname);
+#else
+                   // sanitize username & realm by taguchi@ff.iij4u.or.jp
+                   char *uname, *urealm;
+                   size_t unamelen, urealmlen;
+
+                   unamelen = strlen(username->ptr);
+                   urealmlen = strlen(realm->ptr);
+                   uname = malloc(unamelen*2+1);
+                   urealm = malloc(urealmlen*2+1);
+
+                   mysql_real_escape_string(p->conf.mysql_conn,
+                                            uname, username->ptr,
+                                            (unsigned long)unamelen);
+
+                   mysql_real_escape_string(p->conf.mysql_conn,
+                                            urealm, realm->ptr,
+                                            (unsigned long)unamelen);
+
+                   mysql_real_escape_string(p->conf.mysql_conn,
+                                            urealm, realm->ptr,
+                                            (unsigned long)urealmlen);
+
+                   sprintf(q, "SELECT %s FROM %s WHERE %s='%s' AND %s='%s'",
+                               p->conf.auth_mysql_col_pass->ptr,
+                               p->conf.auth_mysql_users_table->ptr,
+                               p->conf.auth_mysql_col_user->ptr,
+                               uname,
+                               p->conf.auth_mysql_col_realm->ptr,
+                               urealm
+                   );
+
+                   free(uname);
+                   free(urealm);
+#endif
+
+                   mysql_query(p->conf.mysql_conn, q);
+                   result = mysql_store_result(p->conf.mysql_conn);
+                   if (mysql_num_rows(result) == 1)
+                   {
+                       /* found */
+                       row = mysql_fetch_row(result);
+                       buffer_copy_string_len(password, row[0], strlen(row[0]));
+
+                       ret = 0;
+                   } else
+                   {
+                       /* not found */
+                       ret = -1;
+                   }
+
+                   mysql_free_result(result);
+                   mysql_close(p->conf.mysql_conn);
+
+                   p->conf.mysql_conn = NULL;
+               }
 	} else {
 		return -1;
 	}
@@ -831,6 +943,60 @@
 
 		return 0;
 #endif
+       } else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) {
+               /*
+                   we check for md5 crypt() now
+                   request by Nicola Tiling <nti@w4w.net>
+               */
+               if (password->ptr[0] == '$' && password->ptr[2] == '$')
+               {
+                   char salt[32];
+                   char *crypted;
+                   size_t salt_len = 0;
+                   char *dollar = NULL;
+
+                   if (NULL == (dollar = strchr(password->ptr + 3, '$'))) {
+                       fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
+                       return -1;
+                   }
+
+                   salt_len = dollar - password->ptr;
+
+                   if (salt_len > sizeof(salt) - 1)
+                   {
+                       fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
+                       return -1;
+                   }
+
+                   strncpy(salt, password->ptr, salt_len);
+
+                   salt[salt_len] = '\0';
+
+                   crypted = crypt(pw, salt);
+
+                   if (0 == strcmp(password->ptr, crypted))
+                   {
+                       return 0;
+                   } else {
+                       fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
+                   }
+               } else
+               /* plain md5 check now */
+               {
+                       li_MD5_CTX Md5Ctx;
+                       HASH HA1;
+                       char a1[256];
+
+                       li_MD5_Init(&Md5Ctx);
+                       li_MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw));
+                       li_MD5_Final(HA1, &Md5Ctx);
+
+                       CvtHex(HA1, a1);
+
+                       if (0 == strcmp(password->ptr, a1)) {
+                               return 0;
+                       }
+               }
 	}
 	return -1;
 }
diff -Naur new/lighttpd-1.4.23/src/http_auth.h old/lighttpd-1.4.23/src/http_auth.h
--- src/http_auth.h	2009-03-31 02:16:59.000000000 +0400
+++ src/http_auth.h	2009-10-08 10:13:56.000000000 +0400
@@ -8,13 +8,15 @@
 # define USE_LDAP
 # include <ldap.h>
 #endif
+#include <mysql/mysql.h>
 
 typedef enum {
 	AUTH_BACKEND_UNSET,
 	AUTH_BACKEND_PLAIN,
 	AUTH_BACKEND_LDAP,
 	AUTH_BACKEND_HTPASSWD,
-	AUTH_BACKEND_HTDIGEST
+        AUTH_BACKEND_HTDIGEST,
+        AUTH_BACKEND_MYSQL
 } auth_backend_t;
 
 typedef struct {
@@ -49,6 +51,22 @@
 	buffer *ldap_filter_pre;
 	buffer *ldap_filter_post;
 #endif
+
+       MYSQL  *mysql_conn;
+       buffer *auth_mysql_host;
+       buffer *auth_mysql_user;
+       buffer *auth_mysql_pass;
+       buffer *auth_mysql_db;
+       buffer *auth_mysql_port;
+       buffer *auth_mysql_socket;
+       buffer *auth_mysql_users_table;
+       buffer *auth_mysql_col_user;
+       buffer *auth_mysql_col_pass;
+       buffer *auth_mysql_col_realm;
+       buffer *auth_mysql_domains_table;
+       buffer *auth_mysql_col_domain;
+       buffer *auth_mysql_domains_table_col_domain_id;
+       buffer *auth_mysql_users_table_col_domain_id;
 } mod_auth_plugin_config;
 
 typedef struct {
diff -Naur new/lighttpd-1.4.23/src/Makefile.am old/lighttpd-1.4.23/src/Makefile.am
--- src/Makefile.am.orig	2013-12-03 17:17:52.000000000 +0100
+++ src/Makefile.am	2014-01-21 20:48:24.645439249 +0100
@@ -243,7 +243,7 @@
 lib_LTLIBRARIES += mod_auth.la
 mod_auth_la_SOURCES = mod_auth.c http_auth.c
 mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version
-mod_auth_la_LIBADD = $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
+mod_auth_la_LIBADD = $(MYSQL_LIBS) $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
 
 lib_LTLIBRARIES += mod_rewrite.la
 mod_rewrite_la_SOURCES = mod_rewrite.c
diff -Naur lighttpd-1.4.23/src/Makefile.in old/lighttpd-1.4.23/src/Makefile.in
--- src/Makefile.in.orig	2014-01-20 13:09:11.000000000 +0100
+++ src/Makefile.in	2014-01-21 20:48:37.115438375 +0100
@@ -852,7 +852,7 @@
 mod_compress_la_LIBADD = $(Z_LIB) $(BZ_LIB) $(common_libadd)
 mod_auth_la_SOURCES = mod_auth.c http_auth.c
 mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version
-mod_auth_la_LIBADD = $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
+mod_auth_la_LIBADD = $(MYSQL_LIBS) $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
 mod_rewrite_la_SOURCES = mod_rewrite.c
 mod_rewrite_la_LDFLAGS = -module -export-dynamic -avoid-version
 mod_rewrite_la_LIBADD = $(PCRE_LIB) $(common_libadd)
diff -Naur new/lighttpd-1.4.23/src/mod_auth.c old/lighttpd-1.4.23/src/mod_auth.c
--- src/mod_auth.c	2009-04-11 16:08:19.000000000 +0400
+++ src/mod_auth.c	2009-10-08 10:24:13.000000000 +0400
@@ -6,6 +6,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <unistd.h>
+#include <mysql/mysql.h>
 
 #include "plugin.h"
 #include "http_auth.h"
@@ -83,6 +84,20 @@
 			if (s->ldap) ldap_unbind_s(s->ldap);
 #endif
 
+                       buffer_free(s->auth_mysql_host);
+                       buffer_free(s->auth_mysql_user);
+                       buffer_free(s->auth_mysql_pass);
+                       buffer_free(s->auth_mysql_db);
+                       buffer_free(s->auth_mysql_socket);
+                       buffer_free(s->auth_mysql_users_table);
+                       buffer_free(s->auth_mysql_col_user);
+                       buffer_free(s->auth_mysql_col_pass);
+                       buffer_free(s->auth_mysql_col_realm);
+                       buffer_free(s->auth_mysql_domains_table);
+                       buffer_free(s->auth_mysql_col_domain);
+                       buffer_free(s->auth_mysql_domains_table_col_domain_id);
+                       buffer_free(s->auth_mysql_users_table_col_domain_id);
+
 			free(s);
 		}
 		free(p->config_storage);
@@ -120,6 +135,21 @@
 	PATCH(ldap_filter_post);
 #endif
 
+       PATCH(auth_mysql_host);
+       PATCH(auth_mysql_user);
+       PATCH(auth_mysql_pass);
+       PATCH(auth_mysql_db);
+       PATCH(auth_mysql_port);
+       PATCH(auth_mysql_socket);
+       PATCH(auth_mysql_users_table);
+       PATCH(auth_mysql_col_user);
+       PATCH(auth_mysql_col_pass);
+       PATCH(auth_mysql_col_realm);
+       PATCH(auth_mysql_domains_table);
+       PATCH(auth_mysql_col_domain);
+       PATCH(auth_mysql_domains_table_col_domain_id);
+       PATCH(auth_mysql_users_table_col_domain_id);
+
 	/* skip the first, the global context */
 	for (i = 1; i < srv->config_context->used; i++) {
 		data_config *dc = (data_config *)srv->config_context->data[i];
@@ -169,6 +199,34 @@
 				PATCH(auth_ldap_bindpw);
 			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.allow-empty-pw"))) {
 				PATCH(auth_ldap_allow_empty_pw);
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.host"))) {
+                               PATCH(auth_mysql_host);
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.user"))) {
+                               PATCH(auth_mysql_user);
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.pass"))) {
+                               PATCH(auth_mysql_pass);
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.db"))) {
+                               PATCH(auth_mysql_db);
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.port"))) {
+                               PATCH(auth_mysql_port);
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.socket"))) {
+                               PATCH(auth_mysql_user);
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table"))) {
+                               PATCH(auth_mysql_users_table);
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_user"))) {
+                               PATCH(auth_mysql_col_user);
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_pass"))) {
+                               PATCH(auth_mysql_col_pass);
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_realm"))) {
+                               PATCH(auth_mysql_col_realm);
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table"))) {
+                               PATCH(auth_mysql_domains_table);
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_domain"))) {
+                               PATCH(auth_mysql_col_domain);
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table_col_domain_id"))) {
+                               PATCH(auth_mysql_domains_table_col_domain_id);
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table_col_domain_id"))) {
+                               PATCH(auth_mysql_users_table_col_domain_id);
 			}
 		}
 	}
@@ -323,10 +381,24 @@
 		{ "auth.backend.ldap.starttls",     NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 8 */
  		{ "auth.backend.ldap.bind-dn",      NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 9 */
  		{ "auth.backend.ldap.bind-pw",      NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 10 */
-		{ "auth.backend.ldap.allow-empty-pw",     NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 11 */
+                { "auth.backend.ldap.allow-empty-pw",     NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION },
 		{ "auth.backend.htdigest.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 12 */
 		{ "auth.backend.htpasswd.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 13 */
 		{ "auth.debug",                     NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION },  /* 14 */
+                { "auth.backend.mysql.host",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+                { "auth.backend.mysql.user",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+                { "auth.backend.mysql.pass",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+                { "auth.backend.mysql.db",          NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+                { "auth.backend.mysql.port",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+                { "auth.backend.mysql.socket",      NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+                { "auth.backend.mysql.users_table", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+                { "auth.backend.mysql.col_user",    NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+                { "auth.backend.mysql.col_pass",    NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+                { "auth.backend.mysql.col_realm",   NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 23 */
+                { "auth.backend.mysql.domains_table",               NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+                { "auth.backend.mysql.col_domain",                  NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+                { "auth.backend.mysql.domains_table_col_domain_id", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+                { "auth.backend.mysql.users_table_col_domain_id",   NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 27 */
 		{ NULL,                             NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
 	};
 
@@ -355,6 +427,22 @@
 		s->auth_debug = 0;
 
 		s->auth_require = array_init();
+                s->mysql_conn                             = NULL;
+                s->auth_mysql_host                        = buffer_init();
+                s->auth_mysql_user                        = buffer_init();
+                s->auth_mysql_pass                        = buffer_init();
+                s->auth_mysql_db                          = buffer_init();
+                s->auth_mysql_port                        = buffer_init();
+                s->auth_mysql_socket                      = buffer_init();
+                s->auth_mysql_users_table                 = buffer_init();
+                s->auth_mysql_col_user                    = buffer_init();
+                s->auth_mysql_col_pass                    = buffer_init();
+                s->auth_mysql_col_realm                   = buffer_init();
+                s->auth_mysql_domains_table               = buffer_init();
+                s->auth_mysql_col_domain                  = buffer_init();
+                s->auth_mysql_domains_table_col_domain_id = buffer_init();
+                s->auth_mysql_users_table_col_domain_id   = buffer_init();
+
 
 #ifdef USE_LDAP
 		s->ldap_filter_pre = buffer_init();
@@ -377,7 +465,20 @@
 		cv[12].destination = s->auth_htdigest_userfile;
 		cv[13].destination = s->auth_htpasswd_userfile;
 		cv[14].destination = &(s->auth_debug);
-
+                cv[15].destination = s->auth_mysql_host;
+                cv[16].destination = s->auth_mysql_user;
+                cv[17].destination = s->auth_mysql_pass;
+                cv[18].destination = s->auth_mysql_db;
+                cv[19].destination = s->auth_mysql_port;
+                cv[20].destination = s->auth_mysql_socket;
+                cv[21].destination = s->auth_mysql_users_table;
+                cv[22].destination = s->auth_mysql_col_user;
+                cv[23].destination = s->auth_mysql_col_pass;
+                cv[24].destination = s->auth_mysql_col_realm;
+                cv[25].destination = s->auth_mysql_domains_table;
+                cv[26].destination = s->auth_mysql_col_domain;
+                cv[27].destination = s->auth_mysql_domains_table_col_domain_id;
+                cv[28].destination = s->auth_mysql_users_table_col_domain_id;
 		p->config_storage[i] = s;
 		ca = ((data_config *)srv->config_context->data[i])->value;
 
@@ -394,6 +495,8 @@
 				s->auth_backend = AUTH_BACKEND_PLAIN;
 			} else if (0 == strcmp(s->auth_backend_conf->ptr, "ldap")) {
 				s->auth_backend = AUTH_BACKEND_LDAP;
+                        } else if (0 == strcmp(s->auth_backend_conf->ptr, "mysql")) {
+                                s->auth_backend = AUTH_BACKEND_MYSQL;
 			} else {
 				log_error_write(srv, __FILE__, __LINE__, "sb", "auth.backend not supported:", s->auth_backend_conf);
 
@@ -534,6 +637,31 @@
 				return (ret);
 			break;
 		}
+               case AUTH_BACKEND_MYSQL: {
+                       int port = atoi(s->auth_mysql_port->ptr);
+
+                       /* ignore if auth_mysql_socket is invalid */
+                       if (p->conf.auth_mysql_socket == NULL)
+                           return HANDLER_GO_ON;
+                       if (p->conf.auth_mysql_socket->ptr != NULL)
+                           if (0 == strcmp(s->auth_mysql_socket->ptr, "")) s->auth_mysql_socket->ptr = NULL;
+
+                       s->mysql_conn = mysql_init(NULL);
+                       if (!mysql_real_connect(s->mysql_conn, s->auth_mysql_host->ptr, s->auth_mysql_user->ptr, s->auth_mysql_pass->ptr, s->auth_mysql_db->ptr, port, NULL, 0))
+                       {
+                           log_error_write(srv, __FILE__, __LINE__, "sbsbsbsbss",
+                               "opening connection to mysql:", s->auth_mysql_host,
+                               "user:", s->auth_mysql_user,
+                               "pass:", s->auth_mysql_pass,
+                               "db:", s->auth_mysql_db,
+                               "failed:", strerror(errno));
+
+                           return HANDLER_ERROR;
+                       }
+                       mysql_close(s->mysql_conn);
+
+                       break;
+               }
 		default:
 			break;
 		}




--- src/network.c.orig	Tue Jan 26 14:33:01 2010
+++ src/network.c	Tue Jan 26 14:37:39 2010
@@ -226,6 +226,12 @@
 		log_error_write(srv, __FILE__, __LINE__, "ss", "socketsockopt failed:", strerror(errno));
 		goto error_free_socket;
 	}
+	if(srv_socket->addr.plain.sa_family == AF_INET || srv_socket->addr.plain.sa_family == AF_INET6 ) {
+		if (setsockopt(srv_socket->fd, IPPROTO_TCP, TCP_NODELAY, &val, sizeof(val)) < 0) {
+			log_error_write(srv, __FILE__, __LINE__, "ss", "socketsockopt failed:", strerror(errno));
+			goto error_free_socket;
+		}
+	}
 
 	switch(srv_socket->addr.plain.sa_family) {
 #ifdef HAVE_IPV6

Line 0 Link Here

(-)files/extra-patch-src_Makefile.am (+11 lines)
	1	--- src/Makefile.am.orig 2016-07-16 10:06:16 UTC
	2	+++ src/Makefile.am
	3	@@ -254,7 +254,7 @@ mod_compress_la_LIBADD = $(Z_LIB) $(BZ_L
	4	lib_LTLIBRARIES += mod_auth.la
	5	mod_auth_la_SOURCES = mod_auth.c http_auth.c
	6	mod_auth_la_LDFLAGS = $(common_module_ldflags)
	7	-mod_auth_la_LIBADD = $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
	8	+mod_auth_la_LIBADD = ${MYSQL_LIBS} $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
	9
	10	lib_LTLIBRARIES += mod_rewrite.la
	11	mod_rewrite_la_SOURCES = mod_rewrite.c

Line 0 Link Here

(-)files/extra-patch-src_Makefile.in (+11 lines)
	1	--- src/Makefile.in.orig 2016-07-16 10:10:53 UTC
	2	+++ src/Makefile.in
	3	@@ -1011,7 +1011,7 @@ mod_compress_la_LDFLAGS = $(common_modul
	4	mod_compress_la_LIBADD = $(Z_LIB) $(BZ_LIB) $(common_libadd)
	5	mod_auth_la_SOURCES = mod_auth.c http_auth.c
	6	mod_auth_la_LDFLAGS = $(common_module_ldflags)
	7	-mod_auth_la_LIBADD = $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
	8	+mod_auth_la_LIBADD = ${MYSQL_LIBS} $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
	9	mod_rewrite_la_SOURCES = mod_rewrite.c
	10	mod_rewrite_la_LDFLAGS = $(common_module_ldflags)
	11	mod_rewrite_la_LIBADD = $(PCRE_LIB) $(common_libadd)




--- src/http_auth.c.orig	2016-07-16 10:06:16 UTC
+++ src/http_auth.c
@@ -30,6 +30,7 @@
 #include <errno.h>
 #include <unistd.h>
 #include <ctype.h>
+#include <mysql/mysql.h>
 
 #include "md5.h"
 
@@ -194,9 +195,119 @@ static int http_auth_get_password(server
 		fclose(fp);
 	} else if (p->conf.auth_backend == AUTH_BACKEND_LDAP) {
 		return 0;
-	}
+	} else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) {
+		MYSQL_RES *result;
+		MYSQL_ROW row;
+		int port = atoi(p->conf.auth_mysql_port->ptr);
+		char q[255];
 
-	return -1;
+		if (p->conf.auth_mysql_socket->ptr != NULL)
+			if (0 == strcmp(p->conf.auth_mysql_socket->ptr, "")) p->conf.auth_mysql_socket->ptr = NULL;
+
+		p->conf.mysql_conn = mysql_init(NULL);
+
+		if (mysql_real_connect(p->conf.mysql_conn, p->conf.auth_mysql_host->ptr, p->conf.auth_mysql_user->ptr, p->conf.auth_mysql_pass->ptr, p->conf.auth_mysql_db->ptr, port, p->conf.auth_mysql_socket->ptr, 0))
+		{
+//#define MY_HOSTING
+
+#ifdef MY_HOSTING
+			char my_full_realm[255];
+			char *my_realm = NULL;
+			char *my_domain = NULL;
+
+			char *uname;
+			size_t unamelen;
+
+			unamelen = strlen(username->ptr);
+			uname = malloc(unamelen*2+1);
+
+			mysql_real_escape_string(p->conf.mysql_conn,
+					uname, username->ptr,
+					(unsigned long)unamelen);
+
+			strcpy(my_full_realm, realm->ptr);
+			my_realm = strtok(my_full_realm, "@");
+
+			if (my_realm != NULL)
+				my_domain = strtok(NULL, "@");
+
+			sprintf(q, "SELECT %s FROM %s, %s WHERE %s='%s' AND %s='%s' AND %s='%s' AND %s=%s",
+				p->conf.auth_mysql_col_pass->ptr,
+
+				p->conf.auth_mysql_users_table->ptr,
+				p->conf.auth_mysql_domains_table->ptr,
+
+				p->conf.auth_mysql_col_user->ptr,
+				uname,
+
+				p->conf.auth_mysql_col_realm->ptr,
+				my_realm,
+
+				p->conf.auth_mysql_col_domain->ptr,
+				my_domain,
+
+				p->conf.auth_mysql_domains_table_col_domain_id->ptr,
+				p->conf.auth_mysql_users_table_col_domain_id->ptr
+				);
+
+			free(uname);
+#else
+			// sanitize username & realm by taguchi@ff.iij4u.or.jp
+			char *uname, *urealm;
+			size_t unamelen, urealmlen;
+
+			unamelen = strlen(username->ptr);
+			urealmlen = strlen(realm->ptr);
+			uname = malloc(unamelen*2+1);
+			urealm = malloc(urealmlen*2+1);
+
+			mysql_real_escape_string(p->conf.mysql_conn,
+				uname, username->ptr,
+				(unsigned long)unamelen);
+
+			mysql_real_escape_string(p->conf.mysql_conn,
+				urealm, realm->ptr,
+				(unsigned long)unamelen);
+
+			mysql_real_escape_string(p->conf.mysql_conn,
+				urealm, realm->ptr,
+				(unsigned long)urealmlen);
+
+			sprintf(q, "SELECT %s FROM %s WHERE %s='%s' AND %s='%s'",
+				p->conf.auth_mysql_col_pass->ptr,
+				p->conf.auth_mysql_users_table->ptr,
+				p->conf.auth_mysql_col_user->ptr,
+				uname,
+				p->conf.auth_mysql_col_realm->ptr,
+				urealm
+			);
+
+			free(uname);
+			free(urealm);
+#endif
+
+			mysql_query(p->conf.mysql_conn, q);
+			result = mysql_store_result(p->conf.mysql_conn);
+			if (mysql_num_rows(result) == 1)
+			{
+				/* found */
+				row = mysql_fetch_row(result);
+				buffer_copy_string_len(password, row[0], strlen(row[0]));
+
+				return 0;
+			} else
+			{
+				/* not found */
+				return -1;
+			}
+
+			mysql_free_result(result);
+			mysql_close(p->conf.mysql_conn);
+
+			p->conf.mysql_conn = NULL;
+		} else
+			return -1;
+	}
 }
 
 int http_auth_match_rules(server *srv, array *req, const char *username, const char *group, const char *host) {
@@ -711,6 +822,60 @@ static int http_auth_basic_password_comp
 
 		return 0;
 #endif
+	} else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) {
+		/*
+			we check for md5 crypt() now
+			request by Nicola Tiling <nti@w4w.net>
+		*/
+		if (password->ptr[0] == '$' && password->ptr[2] == '$')
+		{
+			char salt[32];
+			char *crypted;
+			size_t salt_len = 0;
+			char *dollar = NULL;
+
+			if (NULL == (dollar = strchr(password->ptr + 3, '$'))) {
+				fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
+				return -1;
+			}
+
+			salt_len = dollar - password->ptr;
+
+			if (salt_len > sizeof(salt) - 1)
+			{
+				fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
+				return -1;
+			}
+
+			strncpy(salt, password->ptr, salt_len);
+
+			salt[salt_len] = '\0';
+
+			crypted = crypt(pw, salt);
+
+			if (0 == strcmp(password->ptr, crypted))
+			{
+				return 0;
+			} else {
+				fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
+			}
+		} else
+		/* plain md5 check now */
+		{
+			li_MD5_CTX Md5Ctx;
+			HASH HA1;
+			char a1[256];
+
+			li_MD5_Init(&Md5Ctx);
+			li_MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw));
+			li_MD5_Final(HA1, &Md5Ctx);
+
+			CvtHex(HA1, a1);
+
+			if (0 == strcmp(password->ptr, a1)) {
+				return 0;
+			}
+		}
 	}
 	return -1;
 }




--- src/http_auth.h.orig	2016-07-16 10:06:16 UTC
+++ src/http_auth.h
@@ -9,13 +9,15 @@
 # define USE_LDAP
 # include <ldap.h>
 #endif
+#include <mysql/mysql.h>
 
 typedef enum {
 	AUTH_BACKEND_UNSET,
 	AUTH_BACKEND_PLAIN,
 	AUTH_BACKEND_LDAP,
 	AUTH_BACKEND_HTPASSWD,
-	AUTH_BACKEND_HTDIGEST
+	AUTH_BACKEND_HTDIGEST,
+	AUTH_BACKEND_MYSQL
 } auth_backend_t;
 
 typedef struct {
@@ -50,6 +52,23 @@ typedef struct {
 	buffer *ldap_filter_pre;
 	buffer *ldap_filter_post;
 #endif
+
+	MYSQL  *mysql_conn;
+	buffer *auth_mysql_host;
+	buffer *auth_mysql_user;
+	buffer *auth_mysql_pass;
+	buffer *auth_mysql_db;
+	buffer *auth_mysql_port;
+	buffer *auth_mysql_socket;
+	buffer *auth_mysql_users_table;
+	buffer *auth_mysql_col_user;
+	buffer *auth_mysql_col_pass;
+	buffer *auth_mysql_col_realm;
+	buffer *auth_mysql_domains_table;
+	buffer *auth_mysql_col_domain;
+	buffer *auth_mysql_domains_table_col_domain_id;
+	buffer *auth_mysql_users_table_col_domain_id;
+
 } mod_auth_plugin_config;
 
 typedef struct {




--- src/mod_auth.c.orig	2016-07-16 10:06:16 UTC
+++ src/mod_auth.c
@@ -13,6 +13,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <unistd.h>
+#include <mysql/mysql.h>
 
 handler_t auth_ldap_init(server *srv, mod_auth_plugin_config *s);
 
@@ -84,6 +85,19 @@ FREE_FUNC(mod_auth_free) {
 
 			if (s->ldap) ldap_unbind_s(s->ldap);
 #endif
+			buffer_free(s->auth_mysql_host);
+			buffer_free(s->auth_mysql_user);
+			buffer_free(s->auth_mysql_pass);
+			buffer_free(s->auth_mysql_db);
+			buffer_free(s->auth_mysql_socket);
+			buffer_free(s->auth_mysql_users_table);
+			buffer_free(s->auth_mysql_col_user);
+			buffer_free(s->auth_mysql_col_pass);
+			buffer_free(s->auth_mysql_col_realm);
+			buffer_free(s->auth_mysql_domains_table);
+			buffer_free(s->auth_mysql_col_domain);
+			buffer_free(s->auth_mysql_domains_table_col_domain_id);
+			buffer_free(s->auth_mysql_users_table_col_domain_id);
 
 			free(s);
 		}
@@ -122,6 +136,21 @@ static int mod_auth_patch_connection(ser
 	PATCH(ldap_filter_post);
 #endif
 
+	PATCH(auth_mysql_host);
+	PATCH(auth_mysql_user);
+	PATCH(auth_mysql_pass);
+	PATCH(auth_mysql_db);
+	PATCH(auth_mysql_port);
+	PATCH(auth_mysql_socket);
+	PATCH(auth_mysql_users_table);
+	PATCH(auth_mysql_col_user);
+	PATCH(auth_mysql_col_pass);
+	PATCH(auth_mysql_col_realm);
+	PATCH(auth_mysql_domains_table);
+	PATCH(auth_mysql_col_domain);
+	PATCH(auth_mysql_domains_table_col_domain_id);
+	PATCH(auth_mysql_users_table_col_domain_id);
+
 	/* skip the first, the global context */
 	for (i = 1; i < srv->config_context->used; i++) {
 		data_config *dc = (data_config *)srv->config_context->data[i];
@@ -171,6 +200,34 @@ static int mod_auth_patch_connection(ser
 				PATCH(auth_ldap_bindpw);
 			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.allow-empty-pw"))) {
 				PATCH(auth_ldap_allow_empty_pw);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.host"))) {
+				PATCH(auth_mysql_host);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.user"))) {
+				PATCH(auth_mysql_user);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.pass"))) {
+				PATCH(auth_mysql_pass);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.db"))) {
+				PATCH(auth_mysql_db);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.port"))) {
+				PATCH(auth_mysql_port);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.socket"))) {
+				PATCH(auth_mysql_user);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table"))) {
+				PATCH(auth_mysql_users_table);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_user"))) {
+				PATCH(auth_mysql_col_user);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_pass"))) {
+				PATCH(auth_mysql_col_pass);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_realm"))) {
+				PATCH(auth_mysql_col_realm);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table"))) {
+				PATCH(auth_mysql_domains_table);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_domain"))) {
+				PATCH(auth_mysql_col_domain);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table_col_domain_id"))) {
+				PATCH(auth_mysql_domains_table_col_domain_id);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table_col_domain_id"))) {
+				PATCH(auth_mysql_users_table_col_domain_id);
 			}
 		}
 	}
@@ -362,10 +419,25 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) 
 		{ "auth.backend.ldap.starttls",     NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 8 */
  		{ "auth.backend.ldap.bind-dn",      NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 9 */
  		{ "auth.backend.ldap.bind-pw",      NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 10 */
-		{ "auth.backend.ldap.allow-empty-pw",     NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 11 */
+		{ "auth.backend.ldap.allow-empty-pw",     NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION },
 		{ "auth.backend.htdigest.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 12 */
 		{ "auth.backend.htpasswd.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 13 */
 		{ "auth.debug",                     NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION },  /* 14 */
+		{ "auth.backend.mysql.host",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.user",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.pass",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.db",          NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.port",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.socket",      NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.users_table", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.col_user",    NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.col_pass",    NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.col_realm",   NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 23 */
+		{ "auth.backend.mysql.domains_table",               NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.col_domain",                  NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.domains_table_col_domain_id", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.users_table_col_domain_id",   NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 27 */
+
 		{ NULL,                             NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
 	};
 
@@ -394,6 +466,22 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) 
 		s->auth_debug = 0;
 
 		s->auth_require = array_init();
+		s->mysql_conn                             = NULL;
+		s->auth_mysql_host                        = buffer_init();
+		s->auth_mysql_user                        = buffer_init();
+		s->auth_mysql_pass                        = buffer_init();
+		s->auth_mysql_db                          = buffer_init();
+		s->auth_mysql_port                        = buffer_init();
+		s->auth_mysql_socket                      = buffer_init();
+		s->auth_mysql_users_table                 = buffer_init();
+		s->auth_mysql_col_user                    = buffer_init();
+		s->auth_mysql_col_pass                    = buffer_init();
+		s->auth_mysql_col_realm                   = buffer_init();
+		s->auth_mysql_domains_table               = buffer_init();
+		s->auth_mysql_col_domain                  = buffer_init();
+		s->auth_mysql_domains_table_col_domain_id = buffer_init();
+		s->auth_mysql_users_table_col_domain_id   = buffer_init();
+
 
 #ifdef USE_LDAP
 		s->ldap_filter_pre = buffer_init();
@@ -416,7 +504,20 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) 
 		cv[12].destination = s->auth_htdigest_userfile;
 		cv[13].destination = s->auth_htpasswd_userfile;
 		cv[14].destination = &(s->auth_debug);
-
+		cv[15].destination = s->auth_mysql_host;
+		cv[16].destination = s->auth_mysql_user;
+		cv[17].destination = s->auth_mysql_pass;
+		cv[18].destination = s->auth_mysql_db;
+		cv[19].destination = s->auth_mysql_port;
+		cv[20].destination = s->auth_mysql_socket;
+		cv[21].destination = s->auth_mysql_users_table;
+		cv[22].destination = s->auth_mysql_col_user;
+		cv[23].destination = s->auth_mysql_col_pass;
+		cv[24].destination = s->auth_mysql_col_realm;
+		cv[25].destination = s->auth_mysql_domains_table;
+		cv[26].destination = s->auth_mysql_col_domain;
+		cv[27].destination = s->auth_mysql_domains_table_col_domain_id;
+		cv[28].destination = s->auth_mysql_users_table_col_domain_id;
 		p->config_storage[i] = s;
 
 		if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) {
@@ -432,6 +533,8 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) 
 				s->auth_backend = AUTH_BACKEND_PLAIN;
 			} else if (0 == strcmp(s->auth_backend_conf->ptr, "ldap")) {
 				s->auth_backend = AUTH_BACKEND_LDAP;
+			} else if (0 == strcmp(s->auth_backend_conf->ptr, "mysql")) {
+				s->auth_backend = AUTH_BACKEND_MYSQL;
 			} else {
 				log_error_write(srv, __FILE__, __LINE__, "sb", "auth.backend not supported:", s->auth_backend_conf);
 
@@ -573,6 +676,31 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) 
 				return (ret);
 			break;
 		}
+		case AUTH_BACKEND_MYSQL: {
+			int port = atoi(s->auth_mysql_port->ptr);
+
+			/* ignore if auth_mysql_socket is invalid */
+			if (p->conf.auth_mysql_socket == NULL)
+				return HANDLER_GO_ON;
+			if (p->conf.auth_mysql_socket->ptr != NULL)
+				if (0 == strcmp(s->auth_mysql_socket->ptr, "")) s->auth_mysql_socket->ptr = NULL;
+
+			s->mysql_conn = mysql_init(NULL);
+			if (!mysql_real_connect(s->mysql_conn, s->auth_mysql_host->ptr, s->auth_mysql_user->ptr, s->auth_mysql_pass->ptr, s->auth_mysql_db->ptr, port, NULL, 0))
+			{
+				log_error_write(srv, __FILE__, __LINE__, "sbsbsbsbss",
+						"opening connection to mysql:", s->auth_mysql_host,
+						"user:", s->auth_mysql_user,
+						"pass:", s->auth_mysql_pass,
+						"db:", s->auth_mysql_db,
+						"failed:", strerror(errno));
+
+				return HANDLER_ERROR;
+			}
+			mysql_close(s->mysql_conn);
+
+			break;
+		}
 		default:
 			break;
 		}




--- configure.ac.orig	2015-07-26 10:36:36 UTC
+++ configure.ac
@@ -46,6 +46,7 @@ AC_DEFUN([TRY_CFLAGS],
 dnl Checks for programs.
 AC_PROG_CC
 AM_PROG_CC_C_O
+AM_PROG_AR
 AC_PROG_LD
 AC_PROG_INSTALL
 AC_PROG_AWK
@@ -60,11 +61,6 @@ m4_ifdef([AC_USE_SYSTEM_EXTENSIONS], [AC
 dnl AM_PROG_AR requires automake 1.11 (and uses AC_COMPILE_IFELSE which wants AC_USE_SYSTEM_EXTENSIONS)
 m4_ifdef([AM_PROG_AR], [AM_PROG_AR])
 
-dnl check environment
-AC_AIX
-AC_ISC_POSIX
-AC_MINIX
-
 dnl AC_CANONICAL_HOST
 case $host_os in
 	*darwin*|*cygwin*|*aix*|*mingw* ) NO_RDYNAMIC=yes;;

Lines 1-11 Link Here

(-)files/patch-src-fdevent.h (-11 lines)
1	--- src/fdevent.h.orig 2015-07-26 10:36:36 UTC
2	+++ src/fdevent.h
3	@@ -46,7 +46,7 @@
4	# include <port.h>
5	#endif
6
7	-#if defined HAVE_SYS_EVENT_H && defined HAVE_KQUEUE
8	+#if defined HAVE_SYS_EVENT_H && defined HAVE_KQUEUE && !defined HAVE_LIBEV
9	# define USE_FREEBSD_KQUEUE
10	#endif
11




--- src/mod_cml_lua.c.orig	2015-07-26 10:36:36 UTC
+++ src/mod_cml_lua.c
@@ -28,6 +28,10 @@ typedef char HASHHEX[HASHHEXLEN+1];
 #include <lualib.h>
 #include <lauxlib.h>
 
+#if LUA_VERSION_NUM >= 502
+#define LUA_GLOBALSINDEX LUA_REGISTRYINDEX
+#endif
+
 typedef struct {
 	stream st;
 	int done;
@@ -291,7 +295,11 @@ int cache_parse_lua(server *srv, connect
 	lua_settable(L, LUA_GLOBALSINDEX);
 
 	/* load lua program */
+#if LUA_VERSION_NUM >= 502
+	if (lua_load(L, load_file, &rm, fn->ptr, NULL) || lua_pcall(L,0,1,0)) {
+#else
 	if (lua_load(L, load_file, &rm, fn->ptr) || lua_pcall(L,0,1,0)) {
+#endif
 		log_error_write(srv, __FILE__, __LINE__, "s",
 				lua_tostring(L,-1));
 




--- src/mod_magnet.c.orig	2015-07-26 10:36:36 UTC
+++ src/mod_magnet.c
@@ -24,6 +24,10 @@
 #define MAGNET_CONFIG_PHYSICAL_PATH "magnet.attract-physical-path-to"
 #define MAGNET_RESTART_REQUEST      99
 
+#if LUA_VERSION_NUM >= 502
+#define LUA_GLOBALSINDEX LUA_REGISTRYINDEX
+#endif
+
 /* plugin config for all request/connections */
 
 static jmp_buf exceptionjmp;




Cherry-picked from upstream
https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/1ca52fdce3b87f7748dd5db6f59d738ed7a9efe1/diff

--- src/network.c.orig	2015-12-04 21:13:47 UTC
+++ src/network.c
@@ -769,7 +769,7 @@ int network_init(server *srv) {
 
 		if (!s->ssl_use_sslv2) {
 			/* disable SSLv2 */
-			if (!(SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2))) {
+			if ((SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2)) != SSL_OP_NO_SSLv2) {
 				log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
 						ERR_error_string(ERR_get_error(), NULL));
 				return -1;
@@ -778,7 +778,7 @@ int network_init(server *srv) {
 
 		if (!s->ssl_use_sslv3) {
 			/* disable SSLv3 */
-			if (!(SSL_OP_NO_SSLv3 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv3))) {
+			if ((SSL_OP_NO_SSLv3 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv3)) != SSL_OP_NO_SSLv3) {
 				log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
 						ERR_error_string(ERR_get_error(), NULL));
 				return -1;

Return to bug 211163

Lines 2-13 Link Here

(-)Makefile (-28 / +17 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME?= lighttpd	4	PORTNAME?= lighttpd
5	PORTVERSION= 1.4.39	5	PORTVERSION= 1.4.40
6	PORTREVISION= 1
7	CATEGORIES?= www	6	CATEGORIES?= www
8	MASTER_SITES?= http://download.lighttpd.net/lighttpd/releases-1.4.x/	7	MASTER_SITES?= http://download.lighttpd.net/lighttpd/releases-1.4.x/
9		8
10	MAINTAINER= pkubaj@riseup.net	9	MAINTAINER= pkubaj@anongoth.pl
11	COMMENT?= Secure, fast, compliant, and flexible Web Server	10	COMMENT?= Secure, fast, compliant, and flexible Web Server
12		11
13	.if !defined(_BUILDING_LIGHTTPD_MODULE)	12	.if !defined(_BUILDING_LIGHTTPD_MODULE)
Lines 34-40 Link Here
34	USE_RC_SUBR= lighttpd	33	USE_RC_SUBR= lighttpd
35		34
36	OPTIONS_DEFINE= ATTR BZIP2 DOCS FAM GDBM IPV6 LIBEV LUA MEMCACHE MYSQL MYSQLAUTH \	35	OPTIONS_DEFINE= ATTR BZIP2 DOCS FAM GDBM IPV6 LIBEV LUA MEMCACHE MYSQL MYSQLAUTH \
37	NODELAY LDAP OPENSSL SPAWNFCGI VALGRIND WEBDAV	36	LDAP OPENSSL SPAWNFCGI VALGRIND WEBDAV
38		37
39	OPTIONS_DEFAULT= OPENSSL	38	OPTIONS_DEFAULT= OPENSSL
40		39
Lines 47-53 Link Here
47	MEMCACHE_DESC= memcached storage (mod_trigger_b4_dl)	46	MEMCACHE_DESC= memcached storage (mod_trigger_b4_dl)
48	MYSQL_DESC= MySQL support (mod_mysql_vhost)	47	MYSQL_DESC= MySQL support (mod_mysql_vhost)
49	MYSQLAUTH_DESC= MySQL authentication (requires WITH_MYSQL)	48	MYSQLAUTH_DESC= MySQL authentication (requires WITH_MYSQL)
50	NODELAY_DESC= Set TCP_NODELAY on listening sockets
51	SPAWNFCGI_DESC= Depend on spawn-fcgi utility	49	SPAWNFCGI_DESC= Depend on spawn-fcgi utility
52	VALGRIND_DESC= valgrind support	50	VALGRIND_DESC= valgrind support
53	WEBDAV_DESC= WebDAV support	51	WEBDAV_DESC= WebDAV support
Lines 62-73 Link Here
62	IPV6_CONFIGURE_OFF= --disable-ipv6	60	IPV6_CONFIGURE_OFF= --disable-ipv6
63	LIBEV_CONFIGURE_WITH= libev=${LOCALBASE}	61	LIBEV_CONFIGURE_WITH= libev=${LOCALBASE}
64	LIBEV_LIB_DEPENDS= libev.so:devel/libev	62	LIBEV_LIB_DEPENDS= libev.so:devel/libev
65	LUA_USES= lua:51+	63	LUA_USES= lua
66	LUA_CONFIGURE_WITH= lua	64	LUA_CONFIGURE_WITH= lua
67	LUA_CONFIGURE_ENV= LUA_CFLAGS="-I${LUA_INCDIR}" LUA_LIBS="-L${LUA_LIBDIR} -llua-${LUA_VER}"	65	LUA_CONFIGURE_ENV= LUA_CFLAGS="-I${LUA_INCDIR}" LUA_LIBS="-L${LUA_LIBDIR} -llua-${LUA_VER}"
68	MEMCACHE_LIB_DEPENDS= libmemcache.so:databases/libmemcache	66	MEMCACHE_LIB_DEPENDS= libmemcache.so:databases/libmemcache
69	MEMCACHE_CONFIGURE_WITH=memcache	67	MEMCACHE_CONFIGURE_WITH=memcache
70	MYSQLAUTH_IMPLIES= MYSQL	68	MYSQLAUTH_IMPLIES= MYSQL
		69	OPENSSL_USES= ssl
		70	OPENSSL_CONFIGURE_WITH= openssl openssl-includes=${OPENSSLINC} openssl-libs=${OPENSSLLIB}
71	SPAWNFCGI_RUN_DEPENDS= spawn-fcgi:www/spawn-fcgi	71	SPAWNFCGI_RUN_DEPENDS= spawn-fcgi:www/spawn-fcgi
72	VALGRIND_BUILD_DEPENDS= valgrind:devel/valgrind	72	VALGRIND_BUILD_DEPENDS= valgrind:devel/valgrind
73	VALGRIND_RUN_DEPENDS= valgrind:devel/valgrind	73	VALGRIND_RUN_DEPENDS= valgrind:devel/valgrind
Lines 108-139 Link Here
108	PORTDOCS= ${DOCS}	108	PORTDOCS= ${DOCS}
109	.endif	109	.endif
110		110
111	.if ${PORT_OPTIONS:MOPENSSL}
112	USE_OPENSSL= yes
113	CONFIGURE_ARGS+= --with-openssl \
114	--with-openssl-includes=${OPENSSLINC} \
115	--with-openssl-libs=${OPENSSLLIB}
116	.endif
117
118	.if ${PORT_OPTIONS:MMYSQL}	111	.if ${PORT_OPTIONS:MMYSQL}
119	USE_MYSQL= yes	112	USES+= mysql
120	CONFIGURE_ARGS+= --with-mysql	113	CONFIGURE_ARGS+= --with-mysql
121	_REQUIRE+= mysql	114	_REQUIRE+= mysql
122	.endif	115	.endif
123		116
124	.if ${PORT_OPTIONS:MMYSQLAUTH} && empty(PORT_OPTIONS:MMYSQL)
125	IGNORE= option WITH_MYSQLAUTH requires WITH_MYSQL
126	.endif
127
128	.if ${PORT_OPTIONS:MMYSQLAUTH}	117	.if ${PORT_OPTIONS:MMYSQLAUTH}
129	EXTRA_PATCHES+= ${FILESDIR}/extra-patch-mysqlauth	118	EXTRA_PATCHES+= ${FILESDIR}/extra-patch-src_Makefile.am \
		119	${FILESDIR}/extra-patch-src_Makefile.in \
		120	${FILESDIR}/extra-patch-src_http__auth.c \
		121	${FILESDIR}/extra-patch-src_http__auth.h \
		122	${FILESDIR}/extra-patch-src_mod__auth.c
130	PORTDOCS+= README.mysqlauth mysql_auth.sql	123	PORTDOCS+= README.mysqlauth mysql_auth.sql
131	.endif	124	.endif
132		125
133	.if ${PORT_OPTIONS:MNODELAY}
134	EXTRA_PATCHES+= ${FILESDIR}/extra-patch-nodelay
135	.endif
136
137	.if ${PORT_OPTIONS:MLDAP}	126	.if ${PORT_OPTIONS:MLDAP}
138	USE_OPENLDAP= yes	127	USE_OPENLDAP= yes
139	CONFIGURE_ARGS+= --with-ldap	128	CONFIGURE_ARGS+= --with-ldap
Lines 186-204 Link Here
186	.endfor	175	.endfor
187	${INSTALL_DATA} ${WRKSRC}/doc/config/vhosts.d/vhosts.template \	176	${INSTALL_DATA} ${WRKSRC}/doc/config/vhosts.d/vhosts.template \
188	${STAGEDIR}${PREFIX}/etc/lighttpd/vhosts.d/vhosts.template	177	${STAGEDIR}${PREFIX}/etc/lighttpd/vhosts.d/vhosts.template
		178	@${MKDIR} -m 0700 ${STAGEDIR}${LIGHTTPD_LOGROOT}
189		179
190	.if ${PORT_OPTIONS:MDOCS}	180	post-install-DOCS-on:
191	@${MKDIR} ${STAGEDIR}${DOCSDIR}	181	@${MKDIR} ${STAGEDIR}${DOCSDIR}
192	. for FILE in ${DOCS}	182	. for FILE in ${DOCS}
193	${INSTALL_DATA} ${WRKSRC}/${FILE} ${STAGEDIR}${DOCSDIR}/${FILE}	183	${INSTALL_DATA} ${WRKSRC}/${FILE} ${STAGEDIR}${DOCSDIR}/${FILE}
194	. endfor	184	. endfor
195	.endif	185
196	.if ${PORT_OPTIONS:MMYSQLAUTH}	186	post-install-MYSQLAUTH-on:
		187	@${MKDIR} ${STAGEDIR}${DOCSDIR}
197	. for FILE in README.mysqlauth mysql_auth.sql	188	. for FILE in README.mysqlauth mysql_auth.sql
198	${INSTALL_DATA} ${FILESDIR}/${FILE} ${STAGEDIR}${DOCSDIR}/${FILE}	189	${INSTALL_DATA} ${FILESDIR}/${FILE} ${STAGEDIR}${DOCSDIR}/${FILE}
199	. endfor	190	. endfor
200	.endif
201	@${MKDIR} -m 0700 ${STAGEDIR}${LIGHTTPD_LOGROOT}
202		191
203	test: build	192	test: build
204	@cd ${WRKSRC}/tests && ${SETENV} ${MAKE_ENV} ${MAKE} \	193	@cd ${WRKSRC}/tests && ${SETENV} ${MAKE_ENV} ${MAKE} \

Lines 1-458 Link Here

(-)files/extra-patch-mysqlauth (-458 lines)
1	diff -Naur new/lighttpd-1.4.23/src/http_auth.c old/lighttpd-1.4.23/src/http_auth.c
2	--- src/http_auth.c 2009-06-11 14:05:06.000000000 +0400
3	+++ src/http_auth.c 2009-10-08 10:10:15.000000000 +0400
4	@@ -24,6 +24,7 @@
5	#include <errno.h>
6	#include <unistd.h>
7	#include <ctype.h>
8	+#include <mysql/mysql.h>
9
10	#include "server.h"
11	#include "log.h"
12	@@ -291,6 +292,117 @@
13	stream_close(&f);
14	} else if (p->conf.auth_backend == AUTH_BACKEND_LDAP) {
15	ret = 0;
16	+ } else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) {
17	+ MYSQL_RES *result;
18	+ MYSQL_ROW row;
19	+ int port = atoi(p->conf.auth_mysql_port->ptr);
20	+ char q[255];
21	+
22	+ if (p->conf.auth_mysql_socket->ptr != NULL)
23	+ if (0 == strcmp(p->conf.auth_mysql_socket->ptr, "")) p->conf.auth_mysql_socket->ptr = NULL;
24	+
25	+ p->conf.mysql_conn = mysql_init(NULL);
26	+
27	+ if (mysql_real_connect(p->conf.mysql_conn, p->conf.auth_mysql_host->ptr, p->conf.auth_mysql_user->ptr, p->conf.auth_mysql_pass->ptr, p->conf.auth_mysql_db->ptr, port, p->conf.auth_mysql_socket->ptr, 0))
28	+ {
29	+//#define MY_HOSTING
30	+
31	+#ifdef MY_HOSTING
32	+ char my_full_realm[255];
33	+ char *my_realm = NULL;
34	+ char *my_domain = NULL;
35	+
36	+ char *uname;
37	+ size_t unamelen;
38	+
39	+ unamelen = strlen(username->ptr);
40	+ uname = malloc(unamelen*2+1);
41	+
42	+ mysql_real_escape_string(p->conf.mysql_conn,
43	+ uname, username->ptr,
44	+ (unsigned long)unamelen);
45	+
46	+ strcpy(my_full_realm, realm->ptr);
47	+ my_realm = strtok(my_full_realm, "@");
48	+
49	+ if (my_realm != NULL)
50	+ my_domain = strtok(NULL, "@");
51	+
52	+ sprintf(q, "SELECT %s FROM %s, %s WHERE %s='%s' AND %s='%s' AND %s='%s' AND %s=%s",
53	+ p->conf.auth_mysql_col_pass->ptr,
54	+
55	+ p->conf.auth_mysql_users_table->ptr,
56	+ p->conf.auth_mysql_domains_table->ptr,
57	+
58	+ p->conf.auth_mysql_col_user->ptr,
59	+ uname,
60	+
61	+ p->conf.auth_mysql_col_realm->ptr,
62	+ my_realm,
63	+
64	+ p->conf.auth_mysql_col_domain->ptr,
65	+ my_domain,
66	+
67	+ p->conf.auth_mysql_domains_table_col_domain_id->ptr,
68	+ p->conf.auth_mysql_users_table_col_domain_id->ptr
69	+ );
70	+
71	+ free(uname);
72	+#else
73	+ // sanitize username & realm by taguchi@ff.iij4u.or.jp
74	+ char uname, urealm;
75	+ size_t unamelen, urealmlen;
76	+
77	+ unamelen = strlen(username->ptr);
78	+ urealmlen = strlen(realm->ptr);
79	+ uname = malloc(unamelen*2+1);
80	+ urealm = malloc(urealmlen*2+1);
81	+
82	+ mysql_real_escape_string(p->conf.mysql_conn,
83	+ uname, username->ptr,
84	+ (unsigned long)unamelen);
85	+
86	+ mysql_real_escape_string(p->conf.mysql_conn,
87	+ urealm, realm->ptr,
88	+ (unsigned long)unamelen);
89	+
90	+ mysql_real_escape_string(p->conf.mysql_conn,
91	+ urealm, realm->ptr,
92	+ (unsigned long)urealmlen);
93	+
94	+ sprintf(q, "SELECT %s FROM %s WHERE %s='%s' AND %s='%s'",
95	+ p->conf.auth_mysql_col_pass->ptr,
96	+ p->conf.auth_mysql_users_table->ptr,
97	+ p->conf.auth_mysql_col_user->ptr,
98	+ uname,
99	+ p->conf.auth_mysql_col_realm->ptr,
100	+ urealm
101	+ );
102	+
103	+ free(uname);
104	+ free(urealm);
105	+#endif
106	+
107	+ mysql_query(p->conf.mysql_conn, q);
108	+ result = mysql_store_result(p->conf.mysql_conn);
109	+ if (mysql_num_rows(result) == 1)
110	+ {
111	+ /* found */
112	+ row = mysql_fetch_row(result);
113	+ buffer_copy_string_len(password, row[0], strlen(row[0]));
114	+
115	+ ret = 0;
116	+ } else
117	+ {
118	+ /* not found */
119	+ ret = -1;
120	+ }
121	+
122	+ mysql_free_result(result);
123	+ mysql_close(p->conf.mysql_conn);
124	+
125	+ p->conf.mysql_conn = NULL;
126	+ }
127	} else {
128	return -1;
129	}
130	@@ -831,6 +943,60 @@
131
132	return 0;
133	#endif
134	+ } else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) {
135	+ /*
136	+ we check for md5 crypt() now
137	+ request by Nicola Tiling <nti@w4w.net>
138	+ */
139	+ if (password->ptr[0] == '$' && password->ptr[2] == '$')
140	+ {
141	+ char salt[32];
142	+ char *crypted;
143	+ size_t salt_len = 0;
144	+ char *dollar = NULL;
145	+
146	+ if (NULL == (dollar = strchr(password->ptr + 3, '$'))) {
147	+ fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
148	+ return -1;
149	+ }
150	+
151	+ salt_len = dollar - password->ptr;
152	+
153	+ if (salt_len > sizeof(salt) - 1)
154	+ {
155	+ fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
156	+ return -1;
157	+ }
158	+
159	+ strncpy(salt, password->ptr, salt_len);
160	+
161	+ salt[salt_len] = '\0';
162	+
163	+ crypted = crypt(pw, salt);
164	+
165	+ if (0 == strcmp(password->ptr, crypted))
166	+ {
167	+ return 0;
168	+ } else {
169	+ fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
170	+ }
171	+ } else
172	+ /* plain md5 check now */
173	+ {
174	+ li_MD5_CTX Md5Ctx;
175	+ HASH HA1;
176	+ char a1[256];
177	+
178	+ li_MD5_Init(&Md5Ctx);
179	+ li_MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw));
180	+ li_MD5_Final(HA1, &Md5Ctx);
181	+
182	+ CvtHex(HA1, a1);
183	+
184	+ if (0 == strcmp(password->ptr, a1)) {
185	+ return 0;
186	+ }
187	+ }
188	}
189	return -1;
190	}
191	diff -Naur new/lighttpd-1.4.23/src/http_auth.h old/lighttpd-1.4.23/src/http_auth.h
192	--- src/http_auth.h 2009-03-31 02:16:59.000000000 +0400
193	+++ src/http_auth.h 2009-10-08 10:13:56.000000000 +0400
194	@@ -8,13 +8,15 @@
195	# define USE_LDAP
196	# include <ldap.h>
197	#endif
198	+#include <mysql/mysql.h>
199
200	typedef enum {
201	AUTH_BACKEND_UNSET,
202	AUTH_BACKEND_PLAIN,
203	AUTH_BACKEND_LDAP,
204	AUTH_BACKEND_HTPASSWD,
205	- AUTH_BACKEND_HTDIGEST
206	+ AUTH_BACKEND_HTDIGEST,
207	+ AUTH_BACKEND_MYSQL
208	} auth_backend_t;
209
210	typedef struct {
211	@@ -49,6 +51,22 @@
212	buffer *ldap_filter_pre;
213	buffer *ldap_filter_post;
214	#endif
215	+
216	+ MYSQL *mysql_conn;
217	+ buffer *auth_mysql_host;
218	+ buffer *auth_mysql_user;
219	+ buffer *auth_mysql_pass;
220	+ buffer *auth_mysql_db;
221	+ buffer *auth_mysql_port;
222	+ buffer *auth_mysql_socket;
223	+ buffer *auth_mysql_users_table;
224	+ buffer *auth_mysql_col_user;
225	+ buffer *auth_mysql_col_pass;
226	+ buffer *auth_mysql_col_realm;
227	+ buffer *auth_mysql_domains_table;
228	+ buffer *auth_mysql_col_domain;
229	+ buffer *auth_mysql_domains_table_col_domain_id;
230	+ buffer *auth_mysql_users_table_col_domain_id;
231	} mod_auth_plugin_config;
232
233	typedef struct {
234	diff -Naur new/lighttpd-1.4.23/src/Makefile.am old/lighttpd-1.4.23/src/Makefile.am
235	--- src/Makefile.am.orig 2013-12-03 17:17:52.000000000 +0100
236	+++ src/Makefile.am 2014-01-21 20:48:24.645439249 +0100
237	@@ -243,7 +243,7 @@
238	lib_LTLIBRARIES += mod_auth.la
239	mod_auth_la_SOURCES = mod_auth.c http_auth.c
240	mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version
241	-mod_auth_la_LIBADD = $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
242	+mod_auth_la_LIBADD = $(MYSQL_LIBS) $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
243
244	lib_LTLIBRARIES += mod_rewrite.la
245	mod_rewrite_la_SOURCES = mod_rewrite.c
246	diff -Naur lighttpd-1.4.23/src/Makefile.in old/lighttpd-1.4.23/src/Makefile.in
247	--- src/Makefile.in.orig 2014-01-20 13:09:11.000000000 +0100
248	+++ src/Makefile.in 2014-01-21 20:48:37.115438375 +0100
249	@@ -852,7 +852,7 @@
250	mod_compress_la_LIBADD = $(Z_LIB) $(BZ_LIB) $(common_libadd)
251	mod_auth_la_SOURCES = mod_auth.c http_auth.c
252	mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version
253	-mod_auth_la_LIBADD = $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
254	+mod_auth_la_LIBADD = $(MYSQL_LIBS) $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
255	mod_rewrite_la_SOURCES = mod_rewrite.c
256	mod_rewrite_la_LDFLAGS = -module -export-dynamic -avoid-version
257	mod_rewrite_la_LIBADD = $(PCRE_LIB) $(common_libadd)
258	diff -Naur new/lighttpd-1.4.23/src/mod_auth.c old/lighttpd-1.4.23/src/mod_auth.c
259	--- src/mod_auth.c 2009-04-11 16:08:19.000000000 +0400
260	+++ src/mod_auth.c 2009-10-08 10:24:13.000000000 +0400
261	@@ -6,6 +6,7 @@
262	#include <errno.h>
263	#include <fcntl.h>
264	#include <unistd.h>
265	+#include <mysql/mysql.h>
266
267	#include "plugin.h"
268	#include "http_auth.h"
269	@@ -83,6 +84,20 @@
270	if (s->ldap) ldap_unbind_s(s->ldap);
271	#endif
272
273	+ buffer_free(s->auth_mysql_host);
274	+ buffer_free(s->auth_mysql_user);
275	+ buffer_free(s->auth_mysql_pass);
276	+ buffer_free(s->auth_mysql_db);
277	+ buffer_free(s->auth_mysql_socket);
278	+ buffer_free(s->auth_mysql_users_table);
279	+ buffer_free(s->auth_mysql_col_user);
280	+ buffer_free(s->auth_mysql_col_pass);
281	+ buffer_free(s->auth_mysql_col_realm);
282	+ buffer_free(s->auth_mysql_domains_table);
283	+ buffer_free(s->auth_mysql_col_domain);
284	+ buffer_free(s->auth_mysql_domains_table_col_domain_id);
285	+ buffer_free(s->auth_mysql_users_table_col_domain_id);
286	+
287	free(s);
288	}
289	free(p->config_storage);
290	@@ -120,6 +135,21 @@
291	PATCH(ldap_filter_post);
292	#endif
293
294	+ PATCH(auth_mysql_host);
295	+ PATCH(auth_mysql_user);
296	+ PATCH(auth_mysql_pass);
297	+ PATCH(auth_mysql_db);
298	+ PATCH(auth_mysql_port);
299	+ PATCH(auth_mysql_socket);
300	+ PATCH(auth_mysql_users_table);
301	+ PATCH(auth_mysql_col_user);
302	+ PATCH(auth_mysql_col_pass);
303	+ PATCH(auth_mysql_col_realm);
304	+ PATCH(auth_mysql_domains_table);
305	+ PATCH(auth_mysql_col_domain);
306	+ PATCH(auth_mysql_domains_table_col_domain_id);
307	+ PATCH(auth_mysql_users_table_col_domain_id);
308	+
309	/* skip the first, the global context */
310	for (i = 1; i < srv->config_context->used; i++) {
311	data_config dc = (data_config )srv->config_context->data[i];
312	@@ -169,6 +199,34 @@
313	PATCH(auth_ldap_bindpw);
314	} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.allow-empty-pw"))) {
315	PATCH(auth_ldap_allow_empty_pw);
316	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.host"))) {
317	+ PATCH(auth_mysql_host);
318	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.user"))) {
319	+ PATCH(auth_mysql_user);
320	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.pass"))) {
321	+ PATCH(auth_mysql_pass);
322	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.db"))) {
323	+ PATCH(auth_mysql_db);
324	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.port"))) {
325	+ PATCH(auth_mysql_port);
326	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.socket"))) {
327	+ PATCH(auth_mysql_user);
328	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table"))) {
329	+ PATCH(auth_mysql_users_table);
330	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_user"))) {
331	+ PATCH(auth_mysql_col_user);
332	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_pass"))) {
333	+ PATCH(auth_mysql_col_pass);
334	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_realm"))) {
335	+ PATCH(auth_mysql_col_realm);
336	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table"))) {
337	+ PATCH(auth_mysql_domains_table);
338	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_domain"))) {
339	+ PATCH(auth_mysql_col_domain);
340	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table_col_domain_id"))) {
341	+ PATCH(auth_mysql_domains_table_col_domain_id);
342	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table_col_domain_id"))) {
343	+ PATCH(auth_mysql_users_table_col_domain_id);
344	}
345	}
346	}
347	@@ -323,10 +381,24 @@
348	{ "auth.backend.ldap.starttls", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 8 */
349	{ "auth.backend.ldap.bind-dn", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 9 */
350	{ "auth.backend.ldap.bind-pw", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 10 */
351	- { "auth.backend.ldap.allow-empty-pw", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 11 */
352	+ { "auth.backend.ldap.allow-empty-pw", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION },
353	{ "auth.backend.htdigest.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 12 */
354	{ "auth.backend.htpasswd.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 13 */
355	{ "auth.debug", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 14 */
356	+ { "auth.backend.mysql.host", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
357	+ { "auth.backend.mysql.user", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
358	+ { "auth.backend.mysql.pass", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
359	+ { "auth.backend.mysql.db", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
360	+ { "auth.backend.mysql.port", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
361	+ { "auth.backend.mysql.socket", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
362	+ { "auth.backend.mysql.users_table", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
363	+ { "auth.backend.mysql.col_user", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
364	+ { "auth.backend.mysql.col_pass", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
365	+ { "auth.backend.mysql.col_realm", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 23 */
366	+ { "auth.backend.mysql.domains_table", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
367	+ { "auth.backend.mysql.col_domain", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
368	+ { "auth.backend.mysql.domains_table_col_domain_id", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
369	+ { "auth.backend.mysql.users_table_col_domain_id", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 27 */
370	{ NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
371	};
372
373	@@ -355,6 +427,22 @@
374	s->auth_debug = 0;
375
376	s->auth_require = array_init();
377	+ s->mysql_conn = NULL;
378	+ s->auth_mysql_host = buffer_init();
379	+ s->auth_mysql_user = buffer_init();
380	+ s->auth_mysql_pass = buffer_init();
381	+ s->auth_mysql_db = buffer_init();
382	+ s->auth_mysql_port = buffer_init();
383	+ s->auth_mysql_socket = buffer_init();
384	+ s->auth_mysql_users_table = buffer_init();
385	+ s->auth_mysql_col_user = buffer_init();
386	+ s->auth_mysql_col_pass = buffer_init();
387	+ s->auth_mysql_col_realm = buffer_init();
388	+ s->auth_mysql_domains_table = buffer_init();
389	+ s->auth_mysql_col_domain = buffer_init();
390	+ s->auth_mysql_domains_table_col_domain_id = buffer_init();
391	+ s->auth_mysql_users_table_col_domain_id = buffer_init();
392	+
393
394	#ifdef USE_LDAP
395	s->ldap_filter_pre = buffer_init();
396	@@ -377,7 +465,20 @@
397	cv[12].destination = s->auth_htdigest_userfile;
398	cv[13].destination = s->auth_htpasswd_userfile;
399	cv[14].destination = &(s->auth_debug);
400	-
401	+ cv[15].destination = s->auth_mysql_host;
402	+ cv[16].destination = s->auth_mysql_user;
403	+ cv[17].destination = s->auth_mysql_pass;
404	+ cv[18].destination = s->auth_mysql_db;
405	+ cv[19].destination = s->auth_mysql_port;
406	+ cv[20].destination = s->auth_mysql_socket;
407	+ cv[21].destination = s->auth_mysql_users_table;
408	+ cv[22].destination = s->auth_mysql_col_user;
409	+ cv[23].destination = s->auth_mysql_col_pass;
410	+ cv[24].destination = s->auth_mysql_col_realm;
411	+ cv[25].destination = s->auth_mysql_domains_table;
412	+ cv[26].destination = s->auth_mysql_col_domain;
413	+ cv[27].destination = s->auth_mysql_domains_table_col_domain_id;
414	+ cv[28].destination = s->auth_mysql_users_table_col_domain_id;
415	p->config_storage[i] = s;
416	ca = ((data_config *)srv->config_context->data[i])->value;
417
418	@@ -394,6 +495,8 @@
419	s->auth_backend = AUTH_BACKEND_PLAIN;
420	} else if (0 == strcmp(s->auth_backend_conf->ptr, "ldap")) {
421	s->auth_backend = AUTH_BACKEND_LDAP;
422	+ } else if (0 == strcmp(s->auth_backend_conf->ptr, "mysql")) {
423	+ s->auth_backend = AUTH_BACKEND_MYSQL;
424	} else {
425	log_error_write(srv, __FILE__, __LINE__, "sb", "auth.backend not supported:", s->auth_backend_conf);
426
427	@@ -534,6 +637,31 @@
428	return (ret);
429	break;
430	}
431	+ case AUTH_BACKEND_MYSQL: {
432	+ int port = atoi(s->auth_mysql_port->ptr);
433	+
434	+ /* ignore if auth_mysql_socket is invalid */
435	+ if (p->conf.auth_mysql_socket == NULL)
436	+ return HANDLER_GO_ON;
437	+ if (p->conf.auth_mysql_socket->ptr != NULL)
438	+ if (0 == strcmp(s->auth_mysql_socket->ptr, "")) s->auth_mysql_socket->ptr = NULL;
439	+
440	+ s->mysql_conn = mysql_init(NULL);
441	+ if (!mysql_real_connect(s->mysql_conn, s->auth_mysql_host->ptr, s->auth_mysql_user->ptr, s->auth_mysql_pass->ptr, s->auth_mysql_db->ptr, port, NULL, 0))
442	+ {
443	+ log_error_write(srv, __FILE__, __LINE__, "sbsbsbsbss",
444	+ "opening connection to mysql:", s->auth_mysql_host,
445	+ "user:", s->auth_mysql_user,
446	+ "pass:", s->auth_mysql_pass,
447	+ "db:", s->auth_mysql_db,
448	+ "failed:", strerror(errno));
449	+
450	+ return HANDLER_ERROR;
451	+ }
452	+ mysql_close(s->mysql_conn);
453	+
454	+ break;
455	+ }
456	default:
457	break;
458	}

Lines 1-15 Link Here

(-)files/extra-patch-nodelay (-15 lines)
1	--- src/network.c.orig Tue Jan 26 14:33:01 2010
2	+++ src/network.c Tue Jan 26 14:37:39 2010
3	@@ -226,6 +226,12 @@
4	log_error_write(srv, __FILE__, __LINE__, "ss", "socketsockopt failed:", strerror(errno));
5	goto error_free_socket;
6	}
7	+ if(srv_socket->addr.plain.sa_family == AF_INET \|\| srv_socket->addr.plain.sa_family == AF_INET6 ) {
8	+ if (setsockopt(srv_socket->fd, IPPROTO_TCP, TCP_NODELAY, &val, sizeof(val)) < 0) {
9	+ log_error_write(srv, __FILE__, __LINE__, "ss", "socketsockopt failed:", strerror(errno));
10	+ goto error_free_socket;
11	+ }
12	+ }
13
14	switch(srv_socket->addr.plain.sa_family) {
15	#ifdef HAVE_IPV6

Line 0 Link Here

(-)files/extra-patch-src_http__auth.c (+193 lines)
		1	--- src/http_auth.c.orig 2016-07-16 10:06:16 UTC
		2	+++ src/http_auth.c
		3	@@ -30,6 +30,7 @@
		4	#include <errno.h>
		5	#include <unistd.h>
		6	#include <ctype.h>
		7	+#include <mysql/mysql.h>
		8
		9	#include "md5.h"
		10
		11	@@ -194,9 +195,119 @@ static int http_auth_get_password(server
		12	fclose(fp);
		13	} else if (p->conf.auth_backend == AUTH_BACKEND_LDAP) {
		14	return 0;
		15	- }
		16	+ } else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) {
		17	+ MYSQL_RES *result;
		18	+ MYSQL_ROW row;
		19	+ int port = atoi(p->conf.auth_mysql_port->ptr);
		20	+ char q[255];
		21
		22	- return -1;
		23	+ if (p->conf.auth_mysql_socket->ptr != NULL)
		24	+ if (0 == strcmp(p->conf.auth_mysql_socket->ptr, "")) p->conf.auth_mysql_socket->ptr = NULL;
		25	+
		26	+ p->conf.mysql_conn = mysql_init(NULL);
		27	+
		28	+ if (mysql_real_connect(p->conf.mysql_conn, p->conf.auth_mysql_host->ptr, p->conf.auth_mysql_user->ptr, p->conf.auth_mysql_pass->ptr, p->conf.auth_mysql_db->ptr, port, p->conf.auth_mysql_socket->ptr, 0))
		29	+ {
		30	+//#define MY_HOSTING
		31	+
		32	+#ifdef MY_HOSTING
		33	+ char my_full_realm[255];
		34	+ char *my_realm = NULL;
		35	+ char *my_domain = NULL;
		36	+
		37	+ char *uname;
		38	+ size_t unamelen;
		39	+
		40	+ unamelen = strlen(username->ptr);
		41	+ uname = malloc(unamelen*2+1);
		42	+
		43	+ mysql_real_escape_string(p->conf.mysql_conn,
		44	+ uname, username->ptr,
		45	+ (unsigned long)unamelen);
		46	+
		47	+ strcpy(my_full_realm, realm->ptr);
		48	+ my_realm = strtok(my_full_realm, "@");
		49	+
		50	+ if (my_realm != NULL)
		51	+ my_domain = strtok(NULL, "@");
		52	+
		53	+ sprintf(q, "SELECT %s FROM %s, %s WHERE %s='%s' AND %s='%s' AND %s='%s' AND %s=%s",
		54	+ p->conf.auth_mysql_col_pass->ptr,
		55	+
		56	+ p->conf.auth_mysql_users_table->ptr,
		57	+ p->conf.auth_mysql_domains_table->ptr,
		58	+
		59	+ p->conf.auth_mysql_col_user->ptr,
		60	+ uname,
		61	+
		62	+ p->conf.auth_mysql_col_realm->ptr,
		63	+ my_realm,
		64	+
65	+ p->conf.auth_mysql_col_domain->ptr,
66	+ my_domain,
67	+
68	+ p->conf.auth_mysql_domains_table_col_domain_id->ptr,
69	+ p->conf.auth_mysql_users_table_col_domain_id->ptr
70	+ );
71	+
72	+ free(uname);
73	+#else
74	+ // sanitize username & realm by taguchi@ff.iij4u.or.jp
75	+ char uname, urealm;
76	+ size_t unamelen, urealmlen;
77	+
78	+ unamelen = strlen(username->ptr);
79	+ urealmlen = strlen(realm->ptr);
80	+ uname = malloc(unamelen*2+1);
81	+ urealm = malloc(urealmlen*2+1);
82	+
83	+ mysql_real_escape_string(p->conf.mysql_conn,
84	+ uname, username->ptr,
85	+ (unsigned long)unamelen);
86	+
87	+ mysql_real_escape_string(p->conf.mysql_conn,
88	+ urealm, realm->ptr,
89	+ (unsigned long)unamelen);
90	+
91	+ mysql_real_escape_string(p->conf.mysql_conn,
92	+ urealm, realm->ptr,
93	+ (unsigned long)urealmlen);
94	+
95	+ sprintf(q, "SELECT %s FROM %s WHERE %s='%s' AND %s='%s'",
96	+ p->conf.auth_mysql_col_pass->ptr,
97	+ p->conf.auth_mysql_users_table->ptr,
98	+ p->conf.auth_mysql_col_user->ptr,
99	+ uname,
100	+ p->conf.auth_mysql_col_realm->ptr,
101	+ urealm
102	+ );
103	+
104	+ free(uname);
105	+ free(urealm);
106	+#endif
107	+
108	+ mysql_query(p->conf.mysql_conn, q);
109	+ result = mysql_store_result(p->conf.mysql_conn);
110	+ if (mysql_num_rows(result) == 1)
111	+ {
112	+ /* found */
113	+ row = mysql_fetch_row(result);
114	+ buffer_copy_string_len(password, row[0], strlen(row[0]));
115	+
116	+ return 0;
117	+ } else
118	+ {
119	+ /* not found */
120	+ return -1;
121	+ }
122	+
123	+ mysql_free_result(result);
124	+ mysql_close(p->conf.mysql_conn);
125	+
126	+ p->conf.mysql_conn = NULL;
127	+ } else
128	+ return -1;
129	+ }
130	}
131
132	int http_auth_match_rules(server srv, array req, const char username, const char group, const char *host) {
133	@@ -711,6 +822,60 @@ static int http_auth_basic_password_comp
134
135	return 0;
136	#endif
137	+ } else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) {
138	+ /*
139	+ we check for md5 crypt() now
140	+ request by Nicola Tiling <nti@w4w.net>
141	+ */
142	+ if (password->ptr[0] == '$' && password->ptr[2] == '$')
143	+ {
144	+ char salt[32];
145	+ char *crypted;
146	+ size_t salt_len = 0;
147	+ char *dollar = NULL;
148	+
149	+ if (NULL == (dollar = strchr(password->ptr + 3, '$'))) {
150	+ fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
151	+ return -1;
152	+ }
153	+
154	+ salt_len = dollar - password->ptr;
155	+
156	+ if (salt_len > sizeof(salt) - 1)
157	+ {
158	+ fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
159	+ return -1;
160	+ }
161	+
162	+ strncpy(salt, password->ptr, salt_len);
163	+
164	+ salt[salt_len] = '\0';
165	+
166	+ crypted = crypt(pw, salt);
167	+
168	+ if (0 == strcmp(password->ptr, crypted))
169	+ {
170	+ return 0;
171	+ } else {
172	+ fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
173	+ }
174	+ } else
175	+ /* plain md5 check now */
176	+ {
177	+ li_MD5_CTX Md5Ctx;
178	+ HASH HA1;
179	+ char a1[256];
180	+
181	+ li_MD5_Init(&Md5Ctx);
182	+ li_MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw));
183	+ li_MD5_Final(HA1, &Md5Ctx);
184	+
185	+ CvtHex(HA1, a1);
186	+
187	+ if (0 == strcmp(password->ptr, a1)) {
188	+ return 0;
189	+ }
190	+ }
191	}
192	return -1;
193	}

Line 0 Link Here

(-)files/extra-patch-src_http__auth.h (+43 lines)
	1	--- src/http_auth.h.orig 2016-07-16 10:06:16 UTC
	2	+++ src/http_auth.h
	3	@@ -9,13 +9,15 @@
	4	# define USE_LDAP
	5	# include <ldap.h>
	6	#endif
	7	+#include <mysql/mysql.h>
	8
	9	typedef enum {
	10	AUTH_BACKEND_UNSET,
	11	AUTH_BACKEND_PLAIN,
	12	AUTH_BACKEND_LDAP,
	13	AUTH_BACKEND_HTPASSWD,
	14	- AUTH_BACKEND_HTDIGEST
	15	+ AUTH_BACKEND_HTDIGEST,
	16	+ AUTH_BACKEND_MYSQL
	17	} auth_backend_t;
	18
	19	typedef struct {
	20	@@ -50,6 +52,23 @@ typedef struct {
	21	buffer *ldap_filter_pre;
	22	buffer *ldap_filter_post;
	23	#endif
	24	+
	25	+ MYSQL *mysql_conn;
	26	+ buffer *auth_mysql_host;
	27	+ buffer *auth_mysql_user;
	28	+ buffer *auth_mysql_pass;
	29	+ buffer *auth_mysql_db;
	30	+ buffer *auth_mysql_port;
	31	+ buffer *auth_mysql_socket;
	32	+ buffer *auth_mysql_users_table;
	33	+ buffer *auth_mysql_col_user;
	34	+ buffer *auth_mysql_col_pass;
	35	+ buffer *auth_mysql_col_realm;
	36	+ buffer *auth_mysql_domains_table;
	37	+ buffer *auth_mysql_col_domain;
	38	+ buffer *auth_mysql_domains_table_col_domain_id;
	39	+ buffer *auth_mysql_users_table_col_domain_id;
	40	+
	41	} mod_auth_plugin_config;
	42
	43	typedef struct {

Line 0 Link Here

(-)files/extra-patch-src_mod__auth.c (+200 lines)
		1	--- src/mod_auth.c.orig 2016-07-16 10:06:16 UTC
		2	+++ src/mod_auth.c
		3	@@ -13,6 +13,7 @@
		4	#include <errno.h>
		5	#include <fcntl.h>
		6	#include <unistd.h>
		7	+#include <mysql/mysql.h>
		8
		9	handler_t auth_ldap_init(server srv, mod_auth_plugin_config s);
		10
		11	@@ -84,6 +85,19 @@ FREE_FUNC(mod_auth_free) {
		12
		13	if (s->ldap) ldap_unbind_s(s->ldap);
		14	#endif
		15	+ buffer_free(s->auth_mysql_host);
		16	+ buffer_free(s->auth_mysql_user);
		17	+ buffer_free(s->auth_mysql_pass);
		18	+ buffer_free(s->auth_mysql_db);
		19	+ buffer_free(s->auth_mysql_socket);
		20	+ buffer_free(s->auth_mysql_users_table);
		21	+ buffer_free(s->auth_mysql_col_user);
		22	+ buffer_free(s->auth_mysql_col_pass);
		23	+ buffer_free(s->auth_mysql_col_realm);
		24	+ buffer_free(s->auth_mysql_domains_table);
		25	+ buffer_free(s->auth_mysql_col_domain);
		26	+ buffer_free(s->auth_mysql_domains_table_col_domain_id);
		27	+ buffer_free(s->auth_mysql_users_table_col_domain_id);
		28
		29	free(s);
		30	}
		31	@@ -122,6 +136,21 @@ static int mod_auth_patch_connection(ser
		32	PATCH(ldap_filter_post);
		33	#endif
		34
		35	+ PATCH(auth_mysql_host);
		36	+ PATCH(auth_mysql_user);
		37	+ PATCH(auth_mysql_pass);
		38	+ PATCH(auth_mysql_db);
		39	+ PATCH(auth_mysql_port);
		40	+ PATCH(auth_mysql_socket);
		41	+ PATCH(auth_mysql_users_table);
		42	+ PATCH(auth_mysql_col_user);
		43	+ PATCH(auth_mysql_col_pass);
		44	+ PATCH(auth_mysql_col_realm);
		45	+ PATCH(auth_mysql_domains_table);
		46	+ PATCH(auth_mysql_col_domain);
		47	+ PATCH(auth_mysql_domains_table_col_domain_id);
		48	+ PATCH(auth_mysql_users_table_col_domain_id);
		49	+
		50	/* skip the first, the global context */
		51	for (i = 1; i < srv->config_context->used; i++) {
		52	data_config dc = (data_config )srv->config_context->data[i];
		53	@@ -171,6 +200,34 @@ static int mod_auth_patch_connection(ser
		54	PATCH(auth_ldap_bindpw);
		55	} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.allow-empty-pw"))) {
		56	PATCH(auth_ldap_allow_empty_pw);
		57	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.host"))) {
		58	+ PATCH(auth_mysql_host);
		59	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.user"))) {
		60	+ PATCH(auth_mysql_user);
		61	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.pass"))) {
		62	+ PATCH(auth_mysql_pass);
		63	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.db"))) {
		64	+ PATCH(auth_mysql_db);
65	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.port"))) {
66	+ PATCH(auth_mysql_port);
67	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.socket"))) {
68	+ PATCH(auth_mysql_user);
69	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table"))) {
70	+ PATCH(auth_mysql_users_table);
71	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_user"))) {
72	+ PATCH(auth_mysql_col_user);
73	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_pass"))) {
74	+ PATCH(auth_mysql_col_pass);
75	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_realm"))) {
76	+ PATCH(auth_mysql_col_realm);
77	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table"))) {
78	+ PATCH(auth_mysql_domains_table);
79	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_domain"))) {
80	+ PATCH(auth_mysql_col_domain);
81	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table_col_domain_id"))) {
82	+ PATCH(auth_mysql_domains_table_col_domain_id);
83	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table_col_domain_id"))) {
84	+ PATCH(auth_mysql_users_table_col_domain_id);
85	}
86	}
87	}
88	@@ -362,10 +419,25 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults)
89	{ "auth.backend.ldap.starttls", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 8 */
90	{ "auth.backend.ldap.bind-dn", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 9 */
91	{ "auth.backend.ldap.bind-pw", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 10 */
92	- { "auth.backend.ldap.allow-empty-pw", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 11 */
93	+ { "auth.backend.ldap.allow-empty-pw", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION },
94	{ "auth.backend.htdigest.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 12 */
95	{ "auth.backend.htpasswd.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 13 */
96	{ "auth.debug", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 14 */
97	+ { "auth.backend.mysql.host", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
98	+ { "auth.backend.mysql.user", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
99	+ { "auth.backend.mysql.pass", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
100	+ { "auth.backend.mysql.db", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
101	+ { "auth.backend.mysql.port", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
102	+ { "auth.backend.mysql.socket", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
103	+ { "auth.backend.mysql.users_table", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
104	+ { "auth.backend.mysql.col_user", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
105	+ { "auth.backend.mysql.col_pass", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
106	+ { "auth.backend.mysql.col_realm", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 23 */
107	+ { "auth.backend.mysql.domains_table", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
108	+ { "auth.backend.mysql.col_domain", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
109	+ { "auth.backend.mysql.domains_table_col_domain_id", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
110	+ { "auth.backend.mysql.users_table_col_domain_id", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 27 */
111	+
112	{ NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
113	};
114
115	@@ -394,6 +466,22 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults)
116	s->auth_debug = 0;
117
118	s->auth_require = array_init();
119	+ s->mysql_conn = NULL;
120	+ s->auth_mysql_host = buffer_init();
121	+ s->auth_mysql_user = buffer_init();
122	+ s->auth_mysql_pass = buffer_init();
123	+ s->auth_mysql_db = buffer_init();
124	+ s->auth_mysql_port = buffer_init();
125	+ s->auth_mysql_socket = buffer_init();
126	+ s->auth_mysql_users_table = buffer_init();
127	+ s->auth_mysql_col_user = buffer_init();
128	+ s->auth_mysql_col_pass = buffer_init();
129	+ s->auth_mysql_col_realm = buffer_init();
130	+ s->auth_mysql_domains_table = buffer_init();
131	+ s->auth_mysql_col_domain = buffer_init();
132	+ s->auth_mysql_domains_table_col_domain_id = buffer_init();
133	+ s->auth_mysql_users_table_col_domain_id = buffer_init();
134	+
135
136	#ifdef USE_LDAP
137	s->ldap_filter_pre = buffer_init();
138	@@ -416,7 +504,20 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults)
139	cv[12].destination = s->auth_htdigest_userfile;
140	cv[13].destination = s->auth_htpasswd_userfile;
141	cv[14].destination = &(s->auth_debug);
142	-
143	+ cv[15].destination = s->auth_mysql_host;
144	+ cv[16].destination = s->auth_mysql_user;
145	+ cv[17].destination = s->auth_mysql_pass;
146	+ cv[18].destination = s->auth_mysql_db;
147	+ cv[19].destination = s->auth_mysql_port;
148	+ cv[20].destination = s->auth_mysql_socket;
149	+ cv[21].destination = s->auth_mysql_users_table;
150	+ cv[22].destination = s->auth_mysql_col_user;
151	+ cv[23].destination = s->auth_mysql_col_pass;
152	+ cv[24].destination = s->auth_mysql_col_realm;
153	+ cv[25].destination = s->auth_mysql_domains_table;
154	+ cv[26].destination = s->auth_mysql_col_domain;
155	+ cv[27].destination = s->auth_mysql_domains_table_col_domain_id;
156	+ cv[28].destination = s->auth_mysql_users_table_col_domain_id;
157	p->config_storage[i] = s;
158
159	if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) {
160	@@ -432,6 +533,8 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults)
161	s->auth_backend = AUTH_BACKEND_PLAIN;
162	} else if (0 == strcmp(s->auth_backend_conf->ptr, "ldap")) {
163	s->auth_backend = AUTH_BACKEND_LDAP;
164	+ } else if (0 == strcmp(s->auth_backend_conf->ptr, "mysql")) {
165	+ s->auth_backend = AUTH_BACKEND_MYSQL;
166	} else {
167	log_error_write(srv, __FILE__, __LINE__, "sb", "auth.backend not supported:", s->auth_backend_conf);
168
169	@@ -573,6 +676,31 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults)
170	return (ret);
171	break;
172	}
173	+ case AUTH_BACKEND_MYSQL: {
174	+ int port = atoi(s->auth_mysql_port->ptr);
175	+
176	+ /* ignore if auth_mysql_socket is invalid */
177	+ if (p->conf.auth_mysql_socket == NULL)
178	+ return HANDLER_GO_ON;
179	+ if (p->conf.auth_mysql_socket->ptr != NULL)
180	+ if (0 == strcmp(s->auth_mysql_socket->ptr, "")) s->auth_mysql_socket->ptr = NULL;
181	+
182	+ s->mysql_conn = mysql_init(NULL);
183	+ if (!mysql_real_connect(s->mysql_conn, s->auth_mysql_host->ptr, s->auth_mysql_user->ptr, s->auth_mysql_pass->ptr, s->auth_mysql_db->ptr, port, NULL, 0))
184	+ {
185	+ log_error_write(srv, __FILE__, __LINE__, "sbsbsbsbss",
186	+ "opening connection to mysql:", s->auth_mysql_host,
187	+ "user:", s->auth_mysql_user,
188	+ "pass:", s->auth_mysql_pass,
189	+ "db:", s->auth_mysql_db,
190	+ "failed:", strerror(errno));
191	+
192	+ return HANDLER_ERROR;
193	+ }
194	+ mysql_close(s->mysql_conn);
195	+
196	+ break;
197	+ }
198	default:
199	break;
200	}

Lines 1-22 Link Here

(-)files/patch-configure.ac (-22 lines)
1	--- configure.ac.orig 2015-07-26 10:36:36 UTC
2	+++ configure.ac
3	@@ -46,6 +46,7 @@ AC_DEFUN([TRY_CFLAGS],
4	dnl Checks for programs.
5	AC_PROG_CC
6	AM_PROG_CC_C_O
7	+AM_PROG_AR
8	AC_PROG_LD
9	AC_PROG_INSTALL
10	AC_PROG_AWK
11	@@ -60,11 +61,6 @@ m4_ifdef([AC_USE_SYSTEM_EXTENSIONS], [AC
12	dnl AM_PROG_AR requires automake 1.11 (and uses AC_COMPILE_IFELSE which wants AC_USE_SYSTEM_EXTENSIONS)
13	m4_ifdef([AM_PROG_AR], [AM_PROG_AR])
14
15	-dnl check environment
16	-AC_AIX
17	-AC_ISC_POSIX
18	-AC_MINIX
19	-
20	dnl AC_CANONICAL_HOST
21	case $host_os in
22	darwin\|cygwin\|aix\|mingw ) NO_RDYNAMIC=yes;;

Lines 1-25 Link Here

(-)files/patch-src_mod__cml__lua.c (-25 lines)
1	--- src/mod_cml_lua.c.orig 2015-07-26 10:36:36 UTC
2	+++ src/mod_cml_lua.c
3	@@ -28,6 +28,10 @@ typedef char HASHHEX[HASHHEXLEN+1];
4	#include <lualib.h>
5	#include <lauxlib.h>
6
7	+#if LUA_VERSION_NUM >= 502
8	+#define LUA_GLOBALSINDEX LUA_REGISTRYINDEX
9	+#endif
10	+
11	typedef struct {
12	stream st;
13	int done;
14	@@ -291,7 +295,11 @@ int cache_parse_lua(server *srv, connect
15	lua_settable(L, LUA_GLOBALSINDEX);
16
17	/* load lua program */
18	+#if LUA_VERSION_NUM >= 502
19	+ if (lua_load(L, load_file, &rm, fn->ptr, NULL) \|\| lua_pcall(L,0,1,0)) {
20	+#else
21	if (lua_load(L, load_file, &rm, fn->ptr) \|\| lua_pcall(L,0,1,0)) {
22	+#endif
23	log_error_write(srv, __FILE__, __LINE__, "s",
24	lua_tostring(L,-1));
25

Lines 1-13 Link Here

(-)files/patch-src_mod__magnet.c (-13 lines)
1	--- src/mod_magnet.c.orig 2015-07-26 10:36:36 UTC
2	+++ src/mod_magnet.c
3	@@ -24,6 +24,10 @@
4	#define MAGNET_CONFIG_PHYSICAL_PATH "magnet.attract-physical-path-to"
5	#define MAGNET_RESTART_REQUEST 99
6
7	+#if LUA_VERSION_NUM >= 502
8	+#define LUA_GLOBALSINDEX LUA_REGISTRYINDEX
9	+#endif
10	+
11	/* plugin config for all request/connections */
12
13	static jmp_buf exceptionjmp;

Lines 1-23 Link Here

(-)files/patch-src_network.c (-23 lines)
1	Cherry-picked from upstream
2	https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/1ca52fdce3b87f7748dd5db6f59d738ed7a9efe1/diff
3
4	--- src/network.c.orig 2015-12-04 21:13:47 UTC
5	+++ src/network.c
6	@@ -769,7 +769,7 @@ int network_init(server *srv) {
7
8	if (!s->ssl_use_sslv2) {
9	/* disable SSLv2 */
10	- if (!(SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2))) {
11	+ if ((SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2)) != SSL_OP_NO_SSLv2) {
12	log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
13	ERR_error_string(ERR_get_error(), NULL));
14	return -1;
15	@@ -778,7 +778,7 @@ int network_init(server *srv) {
16
17	if (!s->ssl_use_sslv3) {
18	/* disable SSLv3 */
19	- if (!(SSL_OP_NO_SSLv3 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv3))) {
20	+ if ((SSL_OP_NO_SSLv3 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv3)) != SSL_OP_NO_SSLv3) {
21	log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
22	ERR_error_string(ERR_get_error(), NULL));
23	return -1;