View | Details | Raw Unified | Return to bug 211163 | Differences between
and this patch

Collapse All | Expand All

(-)Makefile (-33 / +20 lines)
Lines 2-13 Link Here
2
# $FreeBSD$
2
# $FreeBSD$
3
3
4
PORTNAME?=	lighttpd
4
PORTNAME?=	lighttpd
5
PORTVERSION=	1.4.39
5
PORTVERSION=	1.4.40
6
PORTREVISION=	1
7
CATEGORIES?=	www
6
CATEGORIES?=	www
8
MASTER_SITES?=	http://download.lighttpd.net/lighttpd/releases-1.4.x/
7
MASTER_SITES?=	http://download.lighttpd.net/lighttpd/releases-1.4.x/
9
8
10
MAINTAINER=	pkubaj@riseup.net
9
MAINTAINER=	pkubaj@anongoth.pl
11
COMMENT?=	Secure, fast, compliant, and flexible Web Server
10
COMMENT?=	Secure, fast, compliant, and flexible Web Server
12
11
13
.if !defined(_BUILDING_LIGHTTPD_MODULE)
12
.if !defined(_BUILDING_LIGHTTPD_MODULE)
Lines 18-24 Link Here
18
LIB_DEPENDS+=	libpcre.so:devel/pcre
17
LIB_DEPENDS+=	libpcre.so:devel/pcre
19
18
20
GNU_CONFIGURE=	yes
19
GNU_CONFIGURE=	yes
21
USES=		autoreconf gmake libtool pkgconfig tar:xz
20
USES=		autoreconf gmake libtool localbase pkgconfig tar:xz
22
21
23
.if !defined(_BUILDING_LIGHTTPD_MODULE)
22
.if !defined(_BUILDING_LIGHTTPD_MODULE)
24
USES+=	cpe
23
USES+=	cpe
Lines 27-40 Link Here
27
CONFIGURE_ARGS+=	--libdir=${PREFIX}/lib/lighttpd
26
CONFIGURE_ARGS+=	--libdir=${PREFIX}/lib/lighttpd
28
INSTALL_TARGET=	install-strip
27
INSTALL_TARGET=	install-strip
29
28
30
CPPFLAGS+=	-I${LOCALBASE}/include
31
LDFLAGS+=	-L${LOCALBASE}/lib
32
33
.if !defined(_BUILDING_LIGHTTPD_MODULE)
29
.if !defined(_BUILDING_LIGHTTPD_MODULE)
34
USE_RC_SUBR=	lighttpd
30
USE_RC_SUBR=	lighttpd
35
31
36
OPTIONS_DEFINE=	ATTR BZIP2 DOCS FAM GDBM IPV6 LIBEV LUA MEMCACHE MYSQL MYSQLAUTH \
32
OPTIONS_DEFINE=	ATTR BZIP2 DOCS FAM GDBM IPV6 LIBEV LUA MEMCACHE MYSQL MYSQLAUTH \
37
		NODELAY LDAP OPENSSL SPAWNFCGI VALGRIND WEBDAV
33
		LDAP OPENSSL SPAWNFCGI VALGRIND WEBDAV
38
34
39
OPTIONS_DEFAULT=	OPENSSL
35
OPTIONS_DEFAULT=	OPENSSL
40
36
Lines 46-53 Link Here
46
LUA_DESC=	lua support (mod_cml, mod_magnet)
42
LUA_DESC=	lua support (mod_cml, mod_magnet)
47
MEMCACHE_DESC=	memcached storage (mod_trigger_b4_dl)
43
MEMCACHE_DESC=	memcached storage (mod_trigger_b4_dl)
48
MYSQL_DESC=	MySQL support (mod_mysql_vhost)
44
MYSQL_DESC=	MySQL support (mod_mysql_vhost)
49
MYSQLAUTH_DESC=	MySQL authentication (requires WITH_MYSQL)
45
MYSQLAUTH_DESC=	MySQL authentication
50
NODELAY_DESC=	Set TCP_NODELAY on listening sockets
51
SPAWNFCGI_DESC=	Depend on spawn-fcgi utility
46
SPAWNFCGI_DESC=	Depend on spawn-fcgi utility
52
VALGRIND_DESC=	valgrind support
47
VALGRIND_DESC=	valgrind support
53
WEBDAV_DESC=	WebDAV support
48
WEBDAV_DESC=	WebDAV support
Lines 62-73 Link Here
62
IPV6_CONFIGURE_OFF=	--disable-ipv6
57
IPV6_CONFIGURE_OFF=	--disable-ipv6
63
LIBEV_CONFIGURE_WITH=	libev=${LOCALBASE}
58
LIBEV_CONFIGURE_WITH=	libev=${LOCALBASE}
64
LIBEV_LIB_DEPENDS=	libev.so:devel/libev
59
LIBEV_LIB_DEPENDS=	libev.so:devel/libev
65
LUA_USES=		lua:51+
60
LUA_USES=		lua
66
LUA_CONFIGURE_WITH=	lua
61
LUA_CONFIGURE_WITH=	lua
67
LUA_CONFIGURE_ENV=	LUA_CFLAGS="-I${LUA_INCDIR}" LUA_LIBS="-L${LUA_LIBDIR} -llua-${LUA_VER}"
62
LUA_CONFIGURE_ENV=	LUA_CFLAGS="-I${LUA_INCDIR}" LUA_LIBS="-L${LUA_LIBDIR} -llua-${LUA_VER}"
68
MEMCACHE_LIB_DEPENDS=	libmemcache.so:databases/libmemcache
63
MEMCACHE_LIB_DEPENDS=	libmemcache.so:databases/libmemcache
69
MEMCACHE_CONFIGURE_WITH=memcache
64
MEMCACHE_CONFIGURE_WITH=memcache
70
MYSQLAUTH_IMPLIES=	MYSQL
65
MYSQLAUTH_IMPLIES=	MYSQL
66
OPENSSL_USES=		ssl
67
OPENSSL_CONFIGURE_WITH=	openssl
68
OPENSSL_CONFIGURE_ON=	--with-openssl-includes=${OPENSSLINC} --with-openssl-libs=${OPENSSLLIB}
71
SPAWNFCGI_RUN_DEPENDS=	spawn-fcgi:www/spawn-fcgi
69
SPAWNFCGI_RUN_DEPENDS=	spawn-fcgi:www/spawn-fcgi
72
VALGRIND_BUILD_DEPENDS=	valgrind:devel/valgrind
70
VALGRIND_BUILD_DEPENDS=	valgrind:devel/valgrind
73
VALGRIND_RUN_DEPENDS=	valgrind:devel/valgrind
71
VALGRIND_RUN_DEPENDS=	valgrind:devel/valgrind
Lines 108-139 Link Here
108
PORTDOCS=	${DOCS}
106
PORTDOCS=	${DOCS}
109
.endif
107
.endif
110
108
111
.if ${PORT_OPTIONS:MOPENSSL}
112
USE_OPENSSL=		yes
113
CONFIGURE_ARGS+=	--with-openssl \
114
			--with-openssl-includes=${OPENSSLINC} \
115
			--with-openssl-libs=${OPENSSLLIB}
116
.endif
117
118
.if ${PORT_OPTIONS:MMYSQL}
109
.if ${PORT_OPTIONS:MMYSQL}
119
USE_MYSQL=		yes
110
USES+=			mysql
120
CONFIGURE_ARGS+=	--with-mysql
111
CONFIGURE_ARGS+=	--with-mysql
121
_REQUIRE+=		mysql
112
_REQUIRE+=		mysql
122
.endif
113
.endif
123
114
124
.if ${PORT_OPTIONS:MMYSQLAUTH} && empty(PORT_OPTIONS:MMYSQL)
125
IGNORE=		option WITH_MYSQLAUTH requires WITH_MYSQL
126
.endif
127
128
.if ${PORT_OPTIONS:MMYSQLAUTH}
115
.if ${PORT_OPTIONS:MMYSQLAUTH}
129
EXTRA_PATCHES+=		${FILESDIR}/extra-patch-mysqlauth
116
EXTRA_PATCHES+=		${FILESDIR}/extra-patch-src_Makefile.am \
117
			${FILESDIR}/extra-patch-src_Makefile.in \
118
			${FILESDIR}/extra-patch-src_http__auth.c \
119
			${FILESDIR}/extra-patch-src_http__auth.h \
120
			${FILESDIR}/extra-patch-src_mod__auth.c
130
PORTDOCS+=		README.mysqlauth mysql_auth.sql
121
PORTDOCS+=		README.mysqlauth mysql_auth.sql
131
.endif
122
.endif
132
123
133
.if ${PORT_OPTIONS:MNODELAY}
134
EXTRA_PATCHES+=		${FILESDIR}/extra-patch-nodelay
135
.endif
136
137
.if ${PORT_OPTIONS:MLDAP}
124
.if ${PORT_OPTIONS:MLDAP}
138
USE_OPENLDAP=		yes
125
USE_OPENLDAP=		yes
139
CONFIGURE_ARGS+=	--with-ldap
126
CONFIGURE_ARGS+=	--with-ldap
Lines 186-204 Link Here
186
.endfor
173
.endfor
187
	${INSTALL_DATA} ${WRKSRC}/doc/config/vhosts.d/vhosts.template \
174
	${INSTALL_DATA} ${WRKSRC}/doc/config/vhosts.d/vhosts.template \
188
		${STAGEDIR}${PREFIX}/etc/lighttpd/vhosts.d/vhosts.template
175
		${STAGEDIR}${PREFIX}/etc/lighttpd/vhosts.d/vhosts.template
176
	@${MKDIR} -m 0700 ${STAGEDIR}${LIGHTTPD_LOGROOT}
189
177
190
.if ${PORT_OPTIONS:MDOCS}
178
post-install-DOCS-on:
191
	@${MKDIR} ${STAGEDIR}${DOCSDIR}
179
	@${MKDIR} ${STAGEDIR}${DOCSDIR}
192
. for FILE in ${DOCS}
180
. for FILE in ${DOCS}
193
	${INSTALL_DATA} ${WRKSRC}/${FILE} ${STAGEDIR}${DOCSDIR}/${FILE}
181
	${INSTALL_DATA} ${WRKSRC}/${FILE} ${STAGEDIR}${DOCSDIR}/${FILE}
194
. endfor
182
. endfor
195
.endif
183
196
.if ${PORT_OPTIONS:MMYSQLAUTH}
184
post-install-MYSQLAUTH-on:
185
	@${MKDIR} ${STAGEDIR}${DOCSDIR}
197
. for FILE in README.mysqlauth mysql_auth.sql
186
. for FILE in README.mysqlauth mysql_auth.sql
198
	${INSTALL_DATA} ${FILESDIR}/${FILE} ${STAGEDIR}${DOCSDIR}/${FILE}
187
	${INSTALL_DATA} ${FILESDIR}/${FILE} ${STAGEDIR}${DOCSDIR}/${FILE}
199
. endfor
188
. endfor
200
.endif
201
	@${MKDIR} -m 0700 ${STAGEDIR}${LIGHTTPD_LOGROOT}
202
189
203
test: build
190
test: build
204
	@cd ${WRKSRC}/tests && ${SETENV} ${MAKE_ENV} ${MAKE} \
191
	@cd ${WRKSRC}/tests && ${SETENV} ${MAKE_ENV} ${MAKE} \
(-)distinfo (-4 / +5 lines)
Lines 1-6 Link Here
1
SHA256 (lighttpd-1.4.39.tar.xz) = 7eb9a1853c3d6dd5851682b0733a729ba4158d6bdff80974d5ef5f1f6887365b
1
TIMESTAMP = 1468715038
2
SIZE (lighttpd-1.4.39.tar.xz) = 579180
2
SHA256 (lighttpd-1.4.40.tar.xz) = 80450dfcf7604d6c516a00a0ce750937074ef844bbdee3b3f23384187b9d4f8d
3
SIZE (lighttpd-1.4.40.tar.xz) = 621448
4
SHA256 (lighttpd-1.4.26_mod_h264_streaming-2.2.9.patch) = 4e6768af32ce16033fcb0c70b12c55b40082ca105a36f258b0bbf30d64e9dad3
5
SIZE (lighttpd-1.4.26_mod_h264_streaming-2.2.9.patch) = 242458
3
SHA256 (lighttpd-1.4.26_mod_geoip.patch) = 2858036310b778852d9f039a81629902edffc368658e13bf4779f3642ee1a5ba
6
SHA256 (lighttpd-1.4.26_mod_geoip.patch) = 2858036310b778852d9f039a81629902edffc368658e13bf4779f3642ee1a5ba
4
SIZE (lighttpd-1.4.26_mod_geoip.patch) = 15173
7
SIZE (lighttpd-1.4.26_mod_geoip.patch) = 15173
5
SHA256 (lighttpd-1.4.26_mod_h264_streaming-2.2.9.patch) = bc0e1b97289a89b827ea84e64b614933cc14d67c64d6b727e4928aeec516489c
6
SIZE (lighttpd-1.4.26_mod_h264_streaming-2.2.9.patch) = 242421
(-)files/extra-patch-mysqlauth (-458 lines)
Lines 1-458 Link Here
1
diff -Naur new/lighttpd-1.4.23/src/http_auth.c old/lighttpd-1.4.23/src/http_auth.c
2
--- src/http_auth.c	2009-06-11 14:05:06.000000000 +0400
3
+++ src/http_auth.c	2009-10-08 10:10:15.000000000 +0400
4
@@ -24,6 +24,7 @@
5
 #include <errno.h>
6
 #include <unistd.h>
7
 #include <ctype.h>
8
+#include <mysql/mysql.h>
9
 
10
 #include "server.h"
11
 #include "log.h"
12
@@ -291,6 +292,117 @@
13
 		stream_close(&f);
14
 	} else if (p->conf.auth_backend == AUTH_BACKEND_LDAP) {
15
 		ret = 0;
16
+       } else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) {
17
+               MYSQL_RES *result;
18
+               MYSQL_ROW row;
19
+               int port = atoi(p->conf.auth_mysql_port->ptr);
20
+               char q[255];
21
+
22
+               if (p->conf.auth_mysql_socket->ptr != NULL)
23
+                   if (0 == strcmp(p->conf.auth_mysql_socket->ptr, "")) p->conf.auth_mysql_socket->ptr = NULL;
24
+
25
+               p->conf.mysql_conn = mysql_init(NULL);
26
+
27
+               if (mysql_real_connect(p->conf.mysql_conn, p->conf.auth_mysql_host->ptr, p->conf.auth_mysql_user->ptr, p->conf.auth_mysql_pass->ptr, p->conf.auth_mysql_db->ptr, port, p->conf.auth_mysql_socket->ptr, 0))
28
+               {
29
+//#define MY_HOSTING
30
+
31
+#ifdef MY_HOSTING
32
+                   char my_full_realm[255];
33
+                   char *my_realm = NULL;
34
+                   char *my_domain = NULL;
35
+
36
+                   char *uname;
37
+                   size_t unamelen;
38
+
39
+                   unamelen = strlen(username->ptr);
40
+                   uname = malloc(unamelen*2+1);
41
+
42
+                   mysql_real_escape_string(p->conf.mysql_conn,
43
+                                            uname, username->ptr,
44
+                                            (unsigned long)unamelen);
45
+
46
+                   strcpy(my_full_realm, realm->ptr);
47
+                   my_realm = strtok(my_full_realm, "@");
48
+
49
+                   if (my_realm != NULL)
50
+                   my_domain = strtok(NULL, "@");
51
+
52
+                   sprintf(q, "SELECT %s FROM %s, %s WHERE %s='%s' AND %s='%s' AND %s='%s' AND %s=%s",
53
+                               p->conf.auth_mysql_col_pass->ptr,
54
+
55
+                               p->conf.auth_mysql_users_table->ptr,
56
+                               p->conf.auth_mysql_domains_table->ptr,
57
+
58
+                               p->conf.auth_mysql_col_user->ptr,
59
+                               uname,
60
+
61
+                               p->conf.auth_mysql_col_realm->ptr,
62
+                               my_realm,
63
+
64
+                               p->conf.auth_mysql_col_domain->ptr,
65
+                               my_domain,
66
+
67
+                               p->conf.auth_mysql_domains_table_col_domain_id->ptr,
68
+                               p->conf.auth_mysql_users_table_col_domain_id->ptr
69
+                   );
70
+
71
+                   free(uname);
72
+#else
73
+                   // sanitize username & realm by taguchi@ff.iij4u.or.jp
74
+                   char *uname, *urealm;
75
+                   size_t unamelen, urealmlen;
76
+
77
+                   unamelen = strlen(username->ptr);
78
+                   urealmlen = strlen(realm->ptr);
79
+                   uname = malloc(unamelen*2+1);
80
+                   urealm = malloc(urealmlen*2+1);
81
+
82
+                   mysql_real_escape_string(p->conf.mysql_conn,
83
+                                            uname, username->ptr,
84
+                                            (unsigned long)unamelen);
85
+
86
+                   mysql_real_escape_string(p->conf.mysql_conn,
87
+                                            urealm, realm->ptr,
88
+                                            (unsigned long)unamelen);
89
+
90
+                   mysql_real_escape_string(p->conf.mysql_conn,
91
+                                            urealm, realm->ptr,
92
+                                            (unsigned long)urealmlen);
93
+
94
+                   sprintf(q, "SELECT %s FROM %s WHERE %s='%s' AND %s='%s'",
95
+                               p->conf.auth_mysql_col_pass->ptr,
96
+                               p->conf.auth_mysql_users_table->ptr,
97
+                               p->conf.auth_mysql_col_user->ptr,
98
+                               uname,
99
+                               p->conf.auth_mysql_col_realm->ptr,
100
+                               urealm
101
+                   );
102
+
103
+                   free(uname);
104
+                   free(urealm);
105
+#endif
106
+
107
+                   mysql_query(p->conf.mysql_conn, q);
108
+                   result = mysql_store_result(p->conf.mysql_conn);
109
+                   if (mysql_num_rows(result) == 1)
110
+                   {
111
+                       /* found */
112
+                       row = mysql_fetch_row(result);
113
+                       buffer_copy_string_len(password, row[0], strlen(row[0]));
114
+
115
+                       ret = 0;
116
+                   } else
117
+                   {
118
+                       /* not found */
119
+                       ret = -1;
120
+                   }
121
+
122
+                   mysql_free_result(result);
123
+                   mysql_close(p->conf.mysql_conn);
124
+
125
+                   p->conf.mysql_conn = NULL;
126
+               }
127
 	} else {
128
 		return -1;
129
 	}
130
@@ -831,6 +943,60 @@
131
 
132
 		return 0;
133
 #endif
134
+       } else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) {
135
+               /*
136
+                   we check for md5 crypt() now
137
+                   request by Nicola Tiling <nti@w4w.net>
138
+               */
139
+               if (password->ptr[0] == '$' && password->ptr[2] == '$')
140
+               {
141
+                   char salt[32];
142
+                   char *crypted;
143
+                   size_t salt_len = 0;
144
+                   char *dollar = NULL;
145
+
146
+                   if (NULL == (dollar = strchr(password->ptr + 3, '$'))) {
147
+                       fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
148
+                       return -1;
149
+                   }
150
+
151
+                   salt_len = dollar - password->ptr;
152
+
153
+                   if (salt_len > sizeof(salt) - 1)
154
+                   {
155
+                       fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
156
+                       return -1;
157
+                   }
158
+
159
+                   strncpy(salt, password->ptr, salt_len);
160
+
161
+                   salt[salt_len] = '\0';
162
+
163
+                   crypted = crypt(pw, salt);
164
+
165
+                   if (0 == strcmp(password->ptr, crypted))
166
+                   {
167
+                       return 0;
168
+                   } else {
169
+                       fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
170
+                   }
171
+               } else
172
+               /* plain md5 check now */
173
+               {
174
+                       li_MD5_CTX Md5Ctx;
175
+                       HASH HA1;
176
+                       char a1[256];
177
+
178
+                       li_MD5_Init(&Md5Ctx);
179
+                       li_MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw));
180
+                       li_MD5_Final(HA1, &Md5Ctx);
181
+
182
+                       CvtHex(HA1, a1);
183
+
184
+                       if (0 == strcmp(password->ptr, a1)) {
185
+                               return 0;
186
+                       }
187
+               }
188
 	}
189
 	return -1;
190
 }
191
diff -Naur new/lighttpd-1.4.23/src/http_auth.h old/lighttpd-1.4.23/src/http_auth.h
192
--- src/http_auth.h	2009-03-31 02:16:59.000000000 +0400
193
+++ src/http_auth.h	2009-10-08 10:13:56.000000000 +0400
194
@@ -8,13 +8,15 @@
195
 # define USE_LDAP
196
 # include <ldap.h>
197
 #endif
198
+#include <mysql/mysql.h>
199
 
200
 typedef enum {
201
 	AUTH_BACKEND_UNSET,
202
 	AUTH_BACKEND_PLAIN,
203
 	AUTH_BACKEND_LDAP,
204
 	AUTH_BACKEND_HTPASSWD,
205
-	AUTH_BACKEND_HTDIGEST
206
+        AUTH_BACKEND_HTDIGEST,
207
+        AUTH_BACKEND_MYSQL
208
 } auth_backend_t;
209
 
210
 typedef struct {
211
@@ -49,6 +51,22 @@
212
 	buffer *ldap_filter_pre;
213
 	buffer *ldap_filter_post;
214
 #endif
215
+
216
+       MYSQL  *mysql_conn;
217
+       buffer *auth_mysql_host;
218
+       buffer *auth_mysql_user;
219
+       buffer *auth_mysql_pass;
220
+       buffer *auth_mysql_db;
221
+       buffer *auth_mysql_port;
222
+       buffer *auth_mysql_socket;
223
+       buffer *auth_mysql_users_table;
224
+       buffer *auth_mysql_col_user;
225
+       buffer *auth_mysql_col_pass;
226
+       buffer *auth_mysql_col_realm;
227
+       buffer *auth_mysql_domains_table;
228
+       buffer *auth_mysql_col_domain;
229
+       buffer *auth_mysql_domains_table_col_domain_id;
230
+       buffer *auth_mysql_users_table_col_domain_id;
231
 } mod_auth_plugin_config;
232
 
233
 typedef struct {
234
diff -Naur new/lighttpd-1.4.23/src/Makefile.am old/lighttpd-1.4.23/src/Makefile.am
235
--- src/Makefile.am.orig	2013-12-03 17:17:52.000000000 +0100
236
+++ src/Makefile.am	2014-01-21 20:48:24.645439249 +0100
237
@@ -243,7 +243,7 @@
238
 lib_LTLIBRARIES += mod_auth.la
239
 mod_auth_la_SOURCES = mod_auth.c http_auth.c
240
 mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version
241
-mod_auth_la_LIBADD = $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
242
+mod_auth_la_LIBADD = $(MYSQL_LIBS) $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
243
 
244
 lib_LTLIBRARIES += mod_rewrite.la
245
 mod_rewrite_la_SOURCES = mod_rewrite.c
246
diff -Naur lighttpd-1.4.23/src/Makefile.in old/lighttpd-1.4.23/src/Makefile.in
247
--- src/Makefile.in.orig	2014-01-20 13:09:11.000000000 +0100
248
+++ src/Makefile.in	2014-01-21 20:48:37.115438375 +0100
249
@@ -852,7 +852,7 @@
250
 mod_compress_la_LIBADD = $(Z_LIB) $(BZ_LIB) $(common_libadd)
251
 mod_auth_la_SOURCES = mod_auth.c http_auth.c
252
 mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version
253
-mod_auth_la_LIBADD = $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
254
+mod_auth_la_LIBADD = $(MYSQL_LIBS) $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
255
 mod_rewrite_la_SOURCES = mod_rewrite.c
256
 mod_rewrite_la_LDFLAGS = -module -export-dynamic -avoid-version
257
 mod_rewrite_la_LIBADD = $(PCRE_LIB) $(common_libadd)
258
diff -Naur new/lighttpd-1.4.23/src/mod_auth.c old/lighttpd-1.4.23/src/mod_auth.c
259
--- src/mod_auth.c	2009-04-11 16:08:19.000000000 +0400
260
+++ src/mod_auth.c	2009-10-08 10:24:13.000000000 +0400
261
@@ -6,6 +6,7 @@
262
 #include <errno.h>
263
 #include <fcntl.h>
264
 #include <unistd.h>
265
+#include <mysql/mysql.h>
266
 
267
 #include "plugin.h"
268
 #include "http_auth.h"
269
@@ -83,6 +84,20 @@
270
 			if (s->ldap) ldap_unbind_s(s->ldap);
271
 #endif
272
 
273
+                       buffer_free(s->auth_mysql_host);
274
+                       buffer_free(s->auth_mysql_user);
275
+                       buffer_free(s->auth_mysql_pass);
276
+                       buffer_free(s->auth_mysql_db);
277
+                       buffer_free(s->auth_mysql_socket);
278
+                       buffer_free(s->auth_mysql_users_table);
279
+                       buffer_free(s->auth_mysql_col_user);
280
+                       buffer_free(s->auth_mysql_col_pass);
281
+                       buffer_free(s->auth_mysql_col_realm);
282
+                       buffer_free(s->auth_mysql_domains_table);
283
+                       buffer_free(s->auth_mysql_col_domain);
284
+                       buffer_free(s->auth_mysql_domains_table_col_domain_id);
285
+                       buffer_free(s->auth_mysql_users_table_col_domain_id);
286
+
287
 			free(s);
288
 		}
289
 		free(p->config_storage);
290
@@ -120,6 +135,21 @@
291
 	PATCH(ldap_filter_post);
292
 #endif
293
 
294
+       PATCH(auth_mysql_host);
295
+       PATCH(auth_mysql_user);
296
+       PATCH(auth_mysql_pass);
297
+       PATCH(auth_mysql_db);
298
+       PATCH(auth_mysql_port);
299
+       PATCH(auth_mysql_socket);
300
+       PATCH(auth_mysql_users_table);
301
+       PATCH(auth_mysql_col_user);
302
+       PATCH(auth_mysql_col_pass);
303
+       PATCH(auth_mysql_col_realm);
304
+       PATCH(auth_mysql_domains_table);
305
+       PATCH(auth_mysql_col_domain);
306
+       PATCH(auth_mysql_domains_table_col_domain_id);
307
+       PATCH(auth_mysql_users_table_col_domain_id);
308
+
309
 	/* skip the first, the global context */
310
 	for (i = 1; i < srv->config_context->used; i++) {
311
 		data_config *dc = (data_config *)srv->config_context->data[i];
312
@@ -169,6 +199,34 @@
313
 				PATCH(auth_ldap_bindpw);
314
 			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.allow-empty-pw"))) {
315
 				PATCH(auth_ldap_allow_empty_pw);
316
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.host"))) {
317
+                               PATCH(auth_mysql_host);
318
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.user"))) {
319
+                               PATCH(auth_mysql_user);
320
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.pass"))) {
321
+                               PATCH(auth_mysql_pass);
322
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.db"))) {
323
+                               PATCH(auth_mysql_db);
324
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.port"))) {
325
+                               PATCH(auth_mysql_port);
326
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.socket"))) {
327
+                               PATCH(auth_mysql_user);
328
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table"))) {
329
+                               PATCH(auth_mysql_users_table);
330
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_user"))) {
331
+                               PATCH(auth_mysql_col_user);
332
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_pass"))) {
333
+                               PATCH(auth_mysql_col_pass);
334
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_realm"))) {
335
+                               PATCH(auth_mysql_col_realm);
336
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table"))) {
337
+                               PATCH(auth_mysql_domains_table);
338
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_domain"))) {
339
+                               PATCH(auth_mysql_col_domain);
340
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table_col_domain_id"))) {
341
+                               PATCH(auth_mysql_domains_table_col_domain_id);
342
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table_col_domain_id"))) {
343
+                               PATCH(auth_mysql_users_table_col_domain_id);
344
 			}
345
 		}
346
 	}
347
@@ -323,10 +381,24 @@
348
 		{ "auth.backend.ldap.starttls",     NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 8 */
349
  		{ "auth.backend.ldap.bind-dn",      NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 9 */
350
  		{ "auth.backend.ldap.bind-pw",      NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 10 */
351
-		{ "auth.backend.ldap.allow-empty-pw",     NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 11 */
352
+                { "auth.backend.ldap.allow-empty-pw",     NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION },
353
 		{ "auth.backend.htdigest.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 12 */
354
 		{ "auth.backend.htpasswd.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 13 */
355
 		{ "auth.debug",                     NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION },  /* 14 */
356
+                { "auth.backend.mysql.host",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
357
+                { "auth.backend.mysql.user",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
358
+                { "auth.backend.mysql.pass",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
359
+                { "auth.backend.mysql.db",          NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
360
+                { "auth.backend.mysql.port",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
361
+                { "auth.backend.mysql.socket",      NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
362
+                { "auth.backend.mysql.users_table", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
363
+                { "auth.backend.mysql.col_user",    NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
364
+                { "auth.backend.mysql.col_pass",    NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
365
+                { "auth.backend.mysql.col_realm",   NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 23 */
366
+                { "auth.backend.mysql.domains_table",               NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
367
+                { "auth.backend.mysql.col_domain",                  NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
368
+                { "auth.backend.mysql.domains_table_col_domain_id", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
369
+                { "auth.backend.mysql.users_table_col_domain_id",   NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 27 */
370
 		{ NULL,                             NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
371
 	};
372
 
373
@@ -355,6 +427,22 @@
374
 		s->auth_debug = 0;
375
 
376
 		s->auth_require = array_init();
377
+                s->mysql_conn                             = NULL;
378
+                s->auth_mysql_host                        = buffer_init();
379
+                s->auth_mysql_user                        = buffer_init();
380
+                s->auth_mysql_pass                        = buffer_init();
381
+                s->auth_mysql_db                          = buffer_init();
382
+                s->auth_mysql_port                        = buffer_init();
383
+                s->auth_mysql_socket                      = buffer_init();
384
+                s->auth_mysql_users_table                 = buffer_init();
385
+                s->auth_mysql_col_user                    = buffer_init();
386
+                s->auth_mysql_col_pass                    = buffer_init();
387
+                s->auth_mysql_col_realm                   = buffer_init();
388
+                s->auth_mysql_domains_table               = buffer_init();
389
+                s->auth_mysql_col_domain                  = buffer_init();
390
+                s->auth_mysql_domains_table_col_domain_id = buffer_init();
391
+                s->auth_mysql_users_table_col_domain_id   = buffer_init();
392
+
393
 
394
 #ifdef USE_LDAP
395
 		s->ldap_filter_pre = buffer_init();
396
@@ -377,7 +465,20 @@
397
 		cv[12].destination = s->auth_htdigest_userfile;
398
 		cv[13].destination = s->auth_htpasswd_userfile;
399
 		cv[14].destination = &(s->auth_debug);
400
-
401
+                cv[15].destination = s->auth_mysql_host;
402
+                cv[16].destination = s->auth_mysql_user;
403
+                cv[17].destination = s->auth_mysql_pass;
404
+                cv[18].destination = s->auth_mysql_db;
405
+                cv[19].destination = s->auth_mysql_port;
406
+                cv[20].destination = s->auth_mysql_socket;
407
+                cv[21].destination = s->auth_mysql_users_table;
408
+                cv[22].destination = s->auth_mysql_col_user;
409
+                cv[23].destination = s->auth_mysql_col_pass;
410
+                cv[24].destination = s->auth_mysql_col_realm;
411
+                cv[25].destination = s->auth_mysql_domains_table;
412
+                cv[26].destination = s->auth_mysql_col_domain;
413
+                cv[27].destination = s->auth_mysql_domains_table_col_domain_id;
414
+                cv[28].destination = s->auth_mysql_users_table_col_domain_id;
415
 		p->config_storage[i] = s;
416
 		ca = ((data_config *)srv->config_context->data[i])->value;
417
 
418
@@ -394,6 +495,8 @@
419
 				s->auth_backend = AUTH_BACKEND_PLAIN;
420
 			} else if (0 == strcmp(s->auth_backend_conf->ptr, "ldap")) {
421
 				s->auth_backend = AUTH_BACKEND_LDAP;
422
+                        } else if (0 == strcmp(s->auth_backend_conf->ptr, "mysql")) {
423
+                                s->auth_backend = AUTH_BACKEND_MYSQL;
424
 			} else {
425
 				log_error_write(srv, __FILE__, __LINE__, "sb", "auth.backend not supported:", s->auth_backend_conf);
426
 
427
@@ -534,6 +637,31 @@
428
 				return (ret);
429
 			break;
430
 		}
431
+               case AUTH_BACKEND_MYSQL: {
432
+                       int port = atoi(s->auth_mysql_port->ptr);
433
+
434
+                       /* ignore if auth_mysql_socket is invalid */
435
+                       if (p->conf.auth_mysql_socket == NULL)
436
+                           return HANDLER_GO_ON;
437
+                       if (p->conf.auth_mysql_socket->ptr != NULL)
438
+                           if (0 == strcmp(s->auth_mysql_socket->ptr, "")) s->auth_mysql_socket->ptr = NULL;
439
+
440
+                       s->mysql_conn = mysql_init(NULL);
441
+                       if (!mysql_real_connect(s->mysql_conn, s->auth_mysql_host->ptr, s->auth_mysql_user->ptr, s->auth_mysql_pass->ptr, s->auth_mysql_db->ptr, port, NULL, 0))
442
+                       {
443
+                           log_error_write(srv, __FILE__, __LINE__, "sbsbsbsbss",
444
+                               "opening connection to mysql:", s->auth_mysql_host,
445
+                               "user:", s->auth_mysql_user,
446
+                               "pass:", s->auth_mysql_pass,
447
+                               "db:", s->auth_mysql_db,
448
+                               "failed:", strerror(errno));
449
+
450
+                           return HANDLER_ERROR;
451
+                       }
452
+                       mysql_close(s->mysql_conn);
453
+
454
+                       break;
455
+               }
456
 		default:
457
 			break;
458
 		}
(-)files/extra-patch-nodelay (-15 lines)
Lines 1-15 Link Here
1
--- src/network.c.orig	Tue Jan 26 14:33:01 2010
2
+++ src/network.c	Tue Jan 26 14:37:39 2010
3
@@ -226,6 +226,12 @@
4
 		log_error_write(srv, __FILE__, __LINE__, "ss", "socketsockopt failed:", strerror(errno));
5
 		goto error_free_socket;
6
 	}
7
+	if(srv_socket->addr.plain.sa_family == AF_INET || srv_socket->addr.plain.sa_family == AF_INET6 ) {
8
+		if (setsockopt(srv_socket->fd, IPPROTO_TCP, TCP_NODELAY, &val, sizeof(val)) < 0) {
9
+			log_error_write(srv, __FILE__, __LINE__, "ss", "socketsockopt failed:", strerror(errno));
10
+			goto error_free_socket;
11
+		}
12
+	}
13
 
14
 	switch(srv_socket->addr.plain.sa_family) {
15
 #ifdef HAVE_IPV6
(-)files/extra-patch-src_Makefile.am (+11 lines)
Line 0 Link Here
1
--- src/Makefile.am.orig	2016-07-16 10:06:16 UTC
2
+++ src/Makefile.am
3
@@ -254,7 +254,7 @@ mod_compress_la_LIBADD = $(Z_LIB) $(BZ_L
4
 lib_LTLIBRARIES += mod_auth.la
5
 mod_auth_la_SOURCES = mod_auth.c http_auth.c
6
 mod_auth_la_LDFLAGS = $(common_module_ldflags)
7
-mod_auth_la_LIBADD = $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
8
+mod_auth_la_LIBADD = ${MYSQL_LIBS} $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
9
 
10
 lib_LTLIBRARIES += mod_rewrite.la
11
 mod_rewrite_la_SOURCES = mod_rewrite.c
(-)files/extra-patch-src_Makefile.in (+11 lines)
Line 0 Link Here
1
--- src/Makefile.in.orig	2016-07-16 10:10:53 UTC
2
+++ src/Makefile.in
3
@@ -1011,7 +1011,7 @@ mod_compress_la_LDFLAGS = $(common_modul
4
 mod_compress_la_LIBADD = $(Z_LIB) $(BZ_LIB) $(common_libadd)
5
 mod_auth_la_SOURCES = mod_auth.c http_auth.c
6
 mod_auth_la_LDFLAGS = $(common_module_ldflags)
7
-mod_auth_la_LIBADD = $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
8
+mod_auth_la_LIBADD = ${MYSQL_LIBS} $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
9
 mod_rewrite_la_SOURCES = mod_rewrite.c
10
 mod_rewrite_la_LDFLAGS = $(common_module_ldflags)
11
 mod_rewrite_la_LIBADD = $(PCRE_LIB) $(common_libadd)
(-)files/extra-patch-src_http__auth.c (+193 lines)
Line 0 Link Here
1
--- src/http_auth.c.orig	2016-07-16 10:06:16 UTC
2
+++ src/http_auth.c
3
@@ -30,6 +30,7 @@
4
 #include <errno.h>
5
 #include <unistd.h>
6
 #include <ctype.h>
7
+#include <mysql/mysql.h>
8
 
9
 #include "md5.h"
10
 
11
@@ -194,9 +195,119 @@ static int http_auth_get_password(server
12
 		fclose(fp);
13
 	} else if (p->conf.auth_backend == AUTH_BACKEND_LDAP) {
14
 		return 0;
15
-	}
16
+	} else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) {
17
+		MYSQL_RES *result;
18
+		MYSQL_ROW row;
19
+		int port = atoi(p->conf.auth_mysql_port->ptr);
20
+		char q[255];
21
 
22
-	return -1;
23
+		if (p->conf.auth_mysql_socket->ptr != NULL)
24
+			if (0 == strcmp(p->conf.auth_mysql_socket->ptr, "")) p->conf.auth_mysql_socket->ptr = NULL;
25
+
26
+		p->conf.mysql_conn = mysql_init(NULL);
27
+
28
+		if (mysql_real_connect(p->conf.mysql_conn, p->conf.auth_mysql_host->ptr, p->conf.auth_mysql_user->ptr, p->conf.auth_mysql_pass->ptr, p->conf.auth_mysql_db->ptr, port, p->conf.auth_mysql_socket->ptr, 0))
29
+		{
30
+//#define MY_HOSTING
31
+
32
+#ifdef MY_HOSTING
33
+			char my_full_realm[255];
34
+			char *my_realm = NULL;
35
+			char *my_domain = NULL;
36
+
37
+			char *uname;
38
+			size_t unamelen;
39
+
40
+			unamelen = strlen(username->ptr);
41
+			uname = malloc(unamelen*2+1);
42
+
43
+			mysql_real_escape_string(p->conf.mysql_conn,
44
+					uname, username->ptr,
45
+					(unsigned long)unamelen);
46
+
47
+			strcpy(my_full_realm, realm->ptr);
48
+			my_realm = strtok(my_full_realm, "@");
49
+
50
+			if (my_realm != NULL)
51
+				my_domain = strtok(NULL, "@");
52
+
53
+			sprintf(q, "SELECT %s FROM %s, %s WHERE %s='%s' AND %s='%s' AND %s='%s' AND %s=%s",
54
+				p->conf.auth_mysql_col_pass->ptr,
55
+
56
+				p->conf.auth_mysql_users_table->ptr,
57
+				p->conf.auth_mysql_domains_table->ptr,
58
+
59
+				p->conf.auth_mysql_col_user->ptr,
60
+				uname,
61
+
62
+				p->conf.auth_mysql_col_realm->ptr,
63
+				my_realm,
64
+
65
+				p->conf.auth_mysql_col_domain->ptr,
66
+				my_domain,
67
+
68
+				p->conf.auth_mysql_domains_table_col_domain_id->ptr,
69
+				p->conf.auth_mysql_users_table_col_domain_id->ptr
70
+				);
71
+
72
+			free(uname);
73
+#else
74
+			// sanitize username & realm by taguchi@ff.iij4u.or.jp
75
+			char *uname, *urealm;
76
+			size_t unamelen, urealmlen;
77
+
78
+			unamelen = strlen(username->ptr);
79
+			urealmlen = strlen(realm->ptr);
80
+			uname = malloc(unamelen*2+1);
81
+			urealm = malloc(urealmlen*2+1);
82
+
83
+			mysql_real_escape_string(p->conf.mysql_conn,
84
+				uname, username->ptr,
85
+				(unsigned long)unamelen);
86
+
87
+			mysql_real_escape_string(p->conf.mysql_conn,
88
+				urealm, realm->ptr,
89
+				(unsigned long)unamelen);
90
+
91
+			mysql_real_escape_string(p->conf.mysql_conn,
92
+				urealm, realm->ptr,
93
+				(unsigned long)urealmlen);
94
+
95
+			sprintf(q, "SELECT %s FROM %s WHERE %s='%s' AND %s='%s'",
96
+				p->conf.auth_mysql_col_pass->ptr,
97
+				p->conf.auth_mysql_users_table->ptr,
98
+				p->conf.auth_mysql_col_user->ptr,
99
+				uname,
100
+				p->conf.auth_mysql_col_realm->ptr,
101
+				urealm
102
+			);
103
+
104
+			free(uname);
105
+			free(urealm);
106
+#endif
107
+
108
+			mysql_query(p->conf.mysql_conn, q);
109
+			result = mysql_store_result(p->conf.mysql_conn);
110
+			if (mysql_num_rows(result) == 1)
111
+			{
112
+				/* found */
113
+				row = mysql_fetch_row(result);
114
+				buffer_copy_string_len(password, row[0], strlen(row[0]));
115
+
116
+				return 0;
117
+			} else
118
+			{
119
+				/* not found */
120
+				return -1;
121
+			}
122
+
123
+			mysql_free_result(result);
124
+			mysql_close(p->conf.mysql_conn);
125
+
126
+			p->conf.mysql_conn = NULL;
127
+		} else
128
+			return -1;
129
+	}
130
 }
131
 
132
 int http_auth_match_rules(server *srv, array *req, const char *username, const char *group, const char *host) {
133
@@ -711,6 +822,60 @@ static int http_auth_basic_password_comp
134
 
135
 		return 0;
136
 #endif
137
+	} else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) {
138
+		/*
139
+			we check for md5 crypt() now
140
+			request by Nicola Tiling <nti@w4w.net>
141
+		*/
142
+		if (password->ptr[0] == '$' && password->ptr[2] == '$')
143
+		{
144
+			char salt[32];
145
+			char *crypted;
146
+			size_t salt_len = 0;
147
+			char *dollar = NULL;
148
+
149
+			if (NULL == (dollar = strchr(password->ptr + 3, '$'))) {
150
+				fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
151
+				return -1;
152
+			}
153
+
154
+			salt_len = dollar - password->ptr;
155
+
156
+			if (salt_len > sizeof(salt) - 1)
157
+			{
158
+				fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
159
+				return -1;
160
+			}
161
+
162
+			strncpy(salt, password->ptr, salt_len);
163
+
164
+			salt[salt_len] = '\0';
165
+
166
+			crypted = crypt(pw, salt);
167
+
168
+			if (0 == strcmp(password->ptr, crypted))
169
+			{
170
+				return 0;
171
+			} else {
172
+				fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
173
+			}
174
+		} else
175
+		/* plain md5 check now */
176
+		{
177
+			li_MD5_CTX Md5Ctx;
178
+			HASH HA1;
179
+			char a1[256];
180
+
181
+			li_MD5_Init(&Md5Ctx);
182
+			li_MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw));
183
+			li_MD5_Final(HA1, &Md5Ctx);
184
+
185
+			CvtHex(HA1, a1);
186
+
187
+			if (0 == strcmp(password->ptr, a1)) {
188
+				return 0;
189
+			}
190
+		}
191
 	}
192
 	return -1;
193
 }
(-)files/extra-patch-src_http__auth.h (+43 lines)
Line 0 Link Here
1
--- src/http_auth.h.orig	2016-07-16 10:06:16 UTC
2
+++ src/http_auth.h
3
@@ -9,13 +9,15 @@
4
 # define USE_LDAP
5
 # include <ldap.h>
6
 #endif
7
+#include <mysql/mysql.h>
8
 
9
 typedef enum {
10
 	AUTH_BACKEND_UNSET,
11
 	AUTH_BACKEND_PLAIN,
12
 	AUTH_BACKEND_LDAP,
13
 	AUTH_BACKEND_HTPASSWD,
14
-	AUTH_BACKEND_HTDIGEST
15
+	AUTH_BACKEND_HTDIGEST,
16
+	AUTH_BACKEND_MYSQL
17
 } auth_backend_t;
18
 
19
 typedef struct {
20
@@ -50,6 +52,23 @@ typedef struct {
21
 	buffer *ldap_filter_pre;
22
 	buffer *ldap_filter_post;
23
 #endif
24
+
25
+	MYSQL  *mysql_conn;
26
+	buffer *auth_mysql_host;
27
+	buffer *auth_mysql_user;
28
+	buffer *auth_mysql_pass;
29
+	buffer *auth_mysql_db;
30
+	buffer *auth_mysql_port;
31
+	buffer *auth_mysql_socket;
32
+	buffer *auth_mysql_users_table;
33
+	buffer *auth_mysql_col_user;
34
+	buffer *auth_mysql_col_pass;
35
+	buffer *auth_mysql_col_realm;
36
+	buffer *auth_mysql_domains_table;
37
+	buffer *auth_mysql_col_domain;
38
+	buffer *auth_mysql_domains_table_col_domain_id;
39
+	buffer *auth_mysql_users_table_col_domain_id;
40
+
41
 } mod_auth_plugin_config;
42
 
43
 typedef struct {
(-)files/extra-patch-src_mod__auth.c (+200 lines)
Line 0 Link Here
1
--- src/mod_auth.c.orig	2016-07-16 10:06:16 UTC
2
+++ src/mod_auth.c
3
@@ -13,6 +13,7 @@
4
 #include <errno.h>
5
 #include <fcntl.h>
6
 #include <unistd.h>
7
+#include <mysql/mysql.h>
8
 
9
 handler_t auth_ldap_init(server *srv, mod_auth_plugin_config *s);
10
 
11
@@ -84,6 +85,19 @@ FREE_FUNC(mod_auth_free) {
12
 
13
 			if (s->ldap) ldap_unbind_s(s->ldap);
14
 #endif
15
+			buffer_free(s->auth_mysql_host);
16
+			buffer_free(s->auth_mysql_user);
17
+			buffer_free(s->auth_mysql_pass);
18
+			buffer_free(s->auth_mysql_db);
19
+			buffer_free(s->auth_mysql_socket);
20
+			buffer_free(s->auth_mysql_users_table);
21
+			buffer_free(s->auth_mysql_col_user);
22
+			buffer_free(s->auth_mysql_col_pass);
23
+			buffer_free(s->auth_mysql_col_realm);
24
+			buffer_free(s->auth_mysql_domains_table);
25
+			buffer_free(s->auth_mysql_col_domain);
26
+			buffer_free(s->auth_mysql_domains_table_col_domain_id);
27
+			buffer_free(s->auth_mysql_users_table_col_domain_id);
28
 
29
 			free(s);
30
 		}
31
@@ -122,6 +136,21 @@ static int mod_auth_patch_connection(ser
32
 	PATCH(ldap_filter_post);
33
 #endif
34
 
35
+	PATCH(auth_mysql_host);
36
+	PATCH(auth_mysql_user);
37
+	PATCH(auth_mysql_pass);
38
+	PATCH(auth_mysql_db);
39
+	PATCH(auth_mysql_port);
40
+	PATCH(auth_mysql_socket);
41
+	PATCH(auth_mysql_users_table);
42
+	PATCH(auth_mysql_col_user);
43
+	PATCH(auth_mysql_col_pass);
44
+	PATCH(auth_mysql_col_realm);
45
+	PATCH(auth_mysql_domains_table);
46
+	PATCH(auth_mysql_col_domain);
47
+	PATCH(auth_mysql_domains_table_col_domain_id);
48
+	PATCH(auth_mysql_users_table_col_domain_id);
49
+
50
 	/* skip the first, the global context */
51
 	for (i = 1; i < srv->config_context->used; i++) {
52
 		data_config *dc = (data_config *)srv->config_context->data[i];
53
@@ -171,6 +200,34 @@ static int mod_auth_patch_connection(ser
54
 				PATCH(auth_ldap_bindpw);
55
 			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.allow-empty-pw"))) {
56
 				PATCH(auth_ldap_allow_empty_pw);
57
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.host"))) {
58
+				PATCH(auth_mysql_host);
59
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.user"))) {
60
+				PATCH(auth_mysql_user);
61
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.pass"))) {
62
+				PATCH(auth_mysql_pass);
63
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.db"))) {
64
+				PATCH(auth_mysql_db);
65
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.port"))) {
66
+				PATCH(auth_mysql_port);
67
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.socket"))) {
68
+				PATCH(auth_mysql_user);
69
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table"))) {
70
+				PATCH(auth_mysql_users_table);
71
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_user"))) {
72
+				PATCH(auth_mysql_col_user);
73
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_pass"))) {
74
+				PATCH(auth_mysql_col_pass);
75
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_realm"))) {
76
+				PATCH(auth_mysql_col_realm);
77
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table"))) {
78
+				PATCH(auth_mysql_domains_table);
79
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_domain"))) {
80
+				PATCH(auth_mysql_col_domain);
81
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table_col_domain_id"))) {
82
+				PATCH(auth_mysql_domains_table_col_domain_id);
83
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table_col_domain_id"))) {
84
+				PATCH(auth_mysql_users_table_col_domain_id);
85
 			}
86
 		}
87
 	}
88
@@ -362,10 +419,25 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) 
89
 		{ "auth.backend.ldap.starttls",     NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 8 */
90
  		{ "auth.backend.ldap.bind-dn",      NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 9 */
91
  		{ "auth.backend.ldap.bind-pw",      NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 10 */
92
-		{ "auth.backend.ldap.allow-empty-pw",     NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 11 */
93
+		{ "auth.backend.ldap.allow-empty-pw",     NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION },
94
 		{ "auth.backend.htdigest.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 12 */
95
 		{ "auth.backend.htpasswd.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 13 */
96
 		{ "auth.debug",                     NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION },  /* 14 */
97
+		{ "auth.backend.mysql.host",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
98
+		{ "auth.backend.mysql.user",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
99
+		{ "auth.backend.mysql.pass",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
100
+		{ "auth.backend.mysql.db",          NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
101
+		{ "auth.backend.mysql.port",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
102
+		{ "auth.backend.mysql.socket",      NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
103
+		{ "auth.backend.mysql.users_table", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
104
+		{ "auth.backend.mysql.col_user",    NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
105
+		{ "auth.backend.mysql.col_pass",    NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
106
+		{ "auth.backend.mysql.col_realm",   NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 23 */
107
+		{ "auth.backend.mysql.domains_table",               NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
108
+		{ "auth.backend.mysql.col_domain",                  NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
109
+		{ "auth.backend.mysql.domains_table_col_domain_id", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
110
+		{ "auth.backend.mysql.users_table_col_domain_id",   NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 27 */
111
+
112
 		{ NULL,                             NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
113
 	};
114
 
115
@@ -394,6 +466,22 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) 
116
 		s->auth_debug = 0;
117
 
118
 		s->auth_require = array_init();
119
+		s->mysql_conn                             = NULL;
120
+		s->auth_mysql_host                        = buffer_init();
121
+		s->auth_mysql_user                        = buffer_init();
122
+		s->auth_mysql_pass                        = buffer_init();
123
+		s->auth_mysql_db                          = buffer_init();
124
+		s->auth_mysql_port                        = buffer_init();
125
+		s->auth_mysql_socket                      = buffer_init();
126
+		s->auth_mysql_users_table                 = buffer_init();
127
+		s->auth_mysql_col_user                    = buffer_init();
128
+		s->auth_mysql_col_pass                    = buffer_init();
129
+		s->auth_mysql_col_realm                   = buffer_init();
130
+		s->auth_mysql_domains_table               = buffer_init();
131
+		s->auth_mysql_col_domain                  = buffer_init();
132
+		s->auth_mysql_domains_table_col_domain_id = buffer_init();
133
+		s->auth_mysql_users_table_col_domain_id   = buffer_init();
134
+
135
 
136
 #ifdef USE_LDAP
137
 		s->ldap_filter_pre = buffer_init();
138
@@ -416,7 +504,20 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) 
139
 		cv[12].destination = s->auth_htdigest_userfile;
140
 		cv[13].destination = s->auth_htpasswd_userfile;
141
 		cv[14].destination = &(s->auth_debug);
142
-
143
+		cv[15].destination = s->auth_mysql_host;
144
+		cv[16].destination = s->auth_mysql_user;
145
+		cv[17].destination = s->auth_mysql_pass;
146
+		cv[18].destination = s->auth_mysql_db;
147
+		cv[19].destination = s->auth_mysql_port;
148
+		cv[20].destination = s->auth_mysql_socket;
149
+		cv[21].destination = s->auth_mysql_users_table;
150
+		cv[22].destination = s->auth_mysql_col_user;
151
+		cv[23].destination = s->auth_mysql_col_pass;
152
+		cv[24].destination = s->auth_mysql_col_realm;
153
+		cv[25].destination = s->auth_mysql_domains_table;
154
+		cv[26].destination = s->auth_mysql_col_domain;
155
+		cv[27].destination = s->auth_mysql_domains_table_col_domain_id;
156
+		cv[28].destination = s->auth_mysql_users_table_col_domain_id;
157
 		p->config_storage[i] = s;
158
 
159
 		if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) {
160
@@ -432,6 +533,8 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) 
161
 				s->auth_backend = AUTH_BACKEND_PLAIN;
162
 			} else if (0 == strcmp(s->auth_backend_conf->ptr, "ldap")) {
163
 				s->auth_backend = AUTH_BACKEND_LDAP;
164
+			} else if (0 == strcmp(s->auth_backend_conf->ptr, "mysql")) {
165
+				s->auth_backend = AUTH_BACKEND_MYSQL;
166
 			} else {
167
 				log_error_write(srv, __FILE__, __LINE__, "sb", "auth.backend not supported:", s->auth_backend_conf);
168
 
169
@@ -573,6 +676,31 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) 
170
 				return (ret);
171
 			break;
172
 		}
173
+		case AUTH_BACKEND_MYSQL: {
174
+			int port = atoi(s->auth_mysql_port->ptr);
175
+
176
+			/* ignore if auth_mysql_socket is invalid */
177
+			if (p->conf.auth_mysql_socket == NULL)
178
+				return HANDLER_GO_ON;
179
+			if (p->conf.auth_mysql_socket->ptr != NULL)
180
+				if (0 == strcmp(s->auth_mysql_socket->ptr, "")) s->auth_mysql_socket->ptr = NULL;
181
+
182
+			s->mysql_conn = mysql_init(NULL);
183
+			if (!mysql_real_connect(s->mysql_conn, s->auth_mysql_host->ptr, s->auth_mysql_user->ptr, s->auth_mysql_pass->ptr, s->auth_mysql_db->ptr, port, NULL, 0))
184
+			{
185
+				log_error_write(srv, __FILE__, __LINE__, "sbsbsbsbss",
186
+						"opening connection to mysql:", s->auth_mysql_host,
187
+						"user:", s->auth_mysql_user,
188
+						"pass:", s->auth_mysql_pass,
189
+						"db:", s->auth_mysql_db,
190
+						"failed:", strerror(errno));
191
+
192
+				return HANDLER_ERROR;
193
+			}
194
+			mysql_close(s->mysql_conn);
195
+
196
+			break;
197
+		}
198
 		default:
199
 			break;
200
 		}
(-)files/patch-configure.ac (-22 lines)
Lines 1-22 Link Here
1
--- configure.ac.orig	2015-07-26 10:36:36 UTC
2
+++ configure.ac
3
@@ -46,6 +46,7 @@ AC_DEFUN([TRY_CFLAGS],
4
 dnl Checks for programs.
5
 AC_PROG_CC
6
 AM_PROG_CC_C_O
7
+AM_PROG_AR
8
 AC_PROG_LD
9
 AC_PROG_INSTALL
10
 AC_PROG_AWK
11
@@ -60,11 +61,6 @@ m4_ifdef([AC_USE_SYSTEM_EXTENSIONS], [AC
12
 dnl AM_PROG_AR requires automake 1.11 (and uses AC_COMPILE_IFELSE which wants AC_USE_SYSTEM_EXTENSIONS)
13
 m4_ifdef([AM_PROG_AR], [AM_PROG_AR])
14
 
15
-dnl check environment
16
-AC_AIX
17
-AC_ISC_POSIX
18
-AC_MINIX
19
-
20
 dnl AC_CANONICAL_HOST
21
 case $host_os in
22
 	*darwin*|*cygwin*|*aix*|*mingw* ) NO_RDYNAMIC=yes;;
(-)files/patch-src-fdevent.h (-11 lines)
Lines 1-11 Link Here
1
--- src/fdevent.h.orig	2015-07-26 10:36:36 UTC
2
+++ src/fdevent.h
3
@@ -46,7 +46,7 @@
4
 # include <port.h>
5
 #endif
6
 
7
-#if defined HAVE_SYS_EVENT_H && defined HAVE_KQUEUE
8
+#if defined HAVE_SYS_EVENT_H && defined HAVE_KQUEUE && !defined HAVE_LIBEV
9
 # define USE_FREEBSD_KQUEUE
10
 #endif
11
 
(-)files/patch-src_mod__cml__lua.c (-25 lines)
Lines 1-25 Link Here
1
--- src/mod_cml_lua.c.orig	2015-07-26 10:36:36 UTC
2
+++ src/mod_cml_lua.c
3
@@ -28,6 +28,10 @@ typedef char HASHHEX[HASHHEXLEN+1];
4
 #include <lualib.h>
5
 #include <lauxlib.h>
6
 
7
+#if LUA_VERSION_NUM >= 502
8
+#define LUA_GLOBALSINDEX LUA_REGISTRYINDEX
9
+#endif
10
+
11
 typedef struct {
12
 	stream st;
13
 	int done;
14
@@ -291,7 +295,11 @@ int cache_parse_lua(server *srv, connect
15
 	lua_settable(L, LUA_GLOBALSINDEX);
16
 
17
 	/* load lua program */
18
+#if LUA_VERSION_NUM >= 502
19
+	if (lua_load(L, load_file, &rm, fn->ptr, NULL) || lua_pcall(L,0,1,0)) {
20
+#else
21
 	if (lua_load(L, load_file, &rm, fn->ptr) || lua_pcall(L,0,1,0)) {
22
+#endif
23
 		log_error_write(srv, __FILE__, __LINE__, "s",
24
 				lua_tostring(L,-1));
25
 
(-)files/patch-src_mod__magnet.c (-13 lines)
Lines 1-13 Link Here
1
--- src/mod_magnet.c.orig	2015-07-26 10:36:36 UTC
2
+++ src/mod_magnet.c
3
@@ -24,6 +24,10 @@
4
 #define MAGNET_CONFIG_PHYSICAL_PATH "magnet.attract-physical-path-to"
5
 #define MAGNET_RESTART_REQUEST      99
6
 
7
+#if LUA_VERSION_NUM >= 502
8
+#define LUA_GLOBALSINDEX LUA_REGISTRYINDEX
9
+#endif
10
+
11
 /* plugin config for all request/connections */
12
 
13
 static jmp_buf exceptionjmp;
(-)files/patch-src_network.c (-23 lines)
Lines 1-23 Link Here
1
Cherry-picked from upstream
2
https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/1ca52fdce3b87f7748dd5db6f59d738ed7a9efe1/diff
3
4
--- src/network.c.orig	2015-12-04 21:13:47 UTC
5
+++ src/network.c
6
@@ -769,7 +769,7 @@ int network_init(server *srv) {
7
 
8
 		if (!s->ssl_use_sslv2) {
9
 			/* disable SSLv2 */
10
-			if (!(SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2))) {
11
+			if ((SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2)) != SSL_OP_NO_SSLv2) {
12
 				log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
13
 						ERR_error_string(ERR_get_error(), NULL));
14
 				return -1;
15
@@ -778,7 +778,7 @@ int network_init(server *srv) {
16
 
17
 		if (!s->ssl_use_sslv3) {
18
 			/* disable SSLv3 */
19
-			if (!(SSL_OP_NO_SSLv3 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv3))) {
20
+			if ((SSL_OP_NO_SSLv3 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv3)) != SSL_OP_NO_SSLv3) {
21
 				log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
22
 						ERR_error_string(ERR_get_error(), NULL));
23
 				return -1;

Return to bug 211163