Index: Makefile =================================================================== --- Makefile (revision 418844) +++ Makefile (working copy) @@ -2,12 +2,11 @@ # $FreeBSD$ PORTNAME?= lighttpd -PORTVERSION= 1.4.39 -PORTREVISION= 1 +PORTVERSION= 1.4.40 CATEGORIES?= www MASTER_SITES?= http://download.lighttpd.net/lighttpd/releases-1.4.x/ -MAINTAINER= pkubaj@riseup.net +MAINTAINER= pkubaj@anongoth.pl COMMENT?= Secure, fast, compliant, and flexible Web Server .if !defined(_BUILDING_LIGHTTPD_MODULE) @@ -18,7 +17,7 @@ LIB_DEPENDS+= libpcre.so:devel/pcre GNU_CONFIGURE= yes -USES= autoreconf gmake libtool pkgconfig tar:xz +USES= autoreconf gmake libtool localbase pkgconfig tar:xz .if !defined(_BUILDING_LIGHTTPD_MODULE) USES+= cpe @@ -27,14 +26,11 @@ CONFIGURE_ARGS+= --libdir=${PREFIX}/lib/lighttpd INSTALL_TARGET= install-strip -CPPFLAGS+= -I${LOCALBASE}/include -LDFLAGS+= -L${LOCALBASE}/lib - .if !defined(_BUILDING_LIGHTTPD_MODULE) USE_RC_SUBR= lighttpd -OPTIONS_DEFINE= ATTR BZIP2 DOCS FAM GDBM IPV6 LIBEV LUA MEMCACHE MYSQL MYSQLAUTH \ - NODELAY LDAP OPENSSL SPAWNFCGI VALGRIND WEBDAV +OPTIONS_DEFINE= ATTR BZIP2 DOCS FAM GDBM IPV6 LIBEV LUA MEMCACHED MYSQL MYSQLAUTH \ + LDAP OPENSSL SPAWNFCGI VALGRIND WEBDAV OPTIONS_DEFAULT= OPENSSL @@ -44,10 +40,9 @@ LDAP_DESC= LDAP authentication LIBEV_DESC= Fast events support via libev (disables kqueue) LUA_DESC= lua support (mod_cml, mod_magnet) -MEMCACHE_DESC= memcached storage (mod_trigger_b4_dl) +MEMCACHED_DESC= memcached storage (mod_trigger_b4_dl) MYSQL_DESC= MySQL support (mod_mysql_vhost) -MYSQLAUTH_DESC= MySQL authentication (requires WITH_MYSQL) -NODELAY_DESC= Set TCP_NODELAY on listening sockets +MYSQLAUTH_DESC= MySQL authentication SPAWNFCGI_DESC= Depend on spawn-fcgi utility VALGRIND_DESC= valgrind support WEBDAV_DESC= WebDAV support @@ -62,12 +57,15 @@ IPV6_CONFIGURE_OFF= --disable-ipv6 LIBEV_CONFIGURE_WITH= libev=${LOCALBASE} LIBEV_LIB_DEPENDS= libev.so:devel/libev -LUA_USES= lua:51+ +LUA_USES= lua LUA_CONFIGURE_WITH= lua LUA_CONFIGURE_ENV= LUA_CFLAGS="-I${LUA_INCDIR}" LUA_LIBS="-L${LUA_LIBDIR} -llua-${LUA_VER}" -MEMCACHE_LIB_DEPENDS= libmemcache.so:databases/libmemcache -MEMCACHE_CONFIGURE_WITH=memcache +MEMCACHED_LIB_DEPENDS= libmemcached.so:databases/libmemcached +MEMCACHED_CONFIGURE_WITH=memcached MYSQLAUTH_IMPLIES= MYSQL +OPENSSL_USES= ssl +OPENSSL_CONFIGURE_WITH= openssl +OPENSSL_CONFIGURE_ON= --with-openssl-includes=${OPENSSLINC} --with-openssl-libs=${OPENSSLLIB} SPAWNFCGI_RUN_DEPENDS= spawn-fcgi:www/spawn-fcgi VALGRIND_BUILD_DEPENDS= valgrind:devel/valgrind VALGRIND_RUN_DEPENDS= valgrind:devel/valgrind @@ -108,32 +106,21 @@ PORTDOCS= ${DOCS} .endif -.if ${PORT_OPTIONS:MOPENSSL} -USE_OPENSSL= yes -CONFIGURE_ARGS+= --with-openssl \ - --with-openssl-includes=${OPENSSLINC} \ - --with-openssl-libs=${OPENSSLLIB} -.endif - .if ${PORT_OPTIONS:MMYSQL} -USE_MYSQL= yes +USES+= mysql CONFIGURE_ARGS+= --with-mysql _REQUIRE+= mysql .endif -.if ${PORT_OPTIONS:MMYSQLAUTH} && empty(PORT_OPTIONS:MMYSQL) -IGNORE= option WITH_MYSQLAUTH requires WITH_MYSQL -.endif - .if ${PORT_OPTIONS:MMYSQLAUTH} -EXTRA_PATCHES+= ${FILESDIR}/extra-patch-mysqlauth +EXTRA_PATCHES+= ${FILESDIR}/extra-patch-src_Makefile.am \ + ${FILESDIR}/extra-patch-src_Makefile.in \ + ${FILESDIR}/extra-patch-src_http__auth.c \ + ${FILESDIR}/extra-patch-src_http__auth.h \ + ${FILESDIR}/extra-patch-src_mod__auth.c PORTDOCS+= README.mysqlauth mysql_auth.sql .endif -.if ${PORT_OPTIONS:MNODELAY} -EXTRA_PATCHES+= ${FILESDIR}/extra-patch-nodelay -.endif - .if ${PORT_OPTIONS:MLDAP} USE_OPENLDAP= yes CONFIGURE_ARGS+= --with-ldap @@ -186,19 +173,19 @@ .endfor ${INSTALL_DATA} ${WRKSRC}/doc/config/vhosts.d/vhosts.template \ ${STAGEDIR}${PREFIX}/etc/lighttpd/vhosts.d/vhosts.template + @${MKDIR} -m 0700 ${STAGEDIR}${LIGHTTPD_LOGROOT} -.if ${PORT_OPTIONS:MDOCS} +post-install-DOCS-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} . for FILE in ${DOCS} ${INSTALL_DATA} ${WRKSRC}/${FILE} ${STAGEDIR}${DOCSDIR}/${FILE} . endfor -.endif -.if ${PORT_OPTIONS:MMYSQLAUTH} + +post-install-MYSQLAUTH-on: + @${MKDIR} ${STAGEDIR}${DOCSDIR} . for FILE in README.mysqlauth mysql_auth.sql ${INSTALL_DATA} ${FILESDIR}/${FILE} ${STAGEDIR}${DOCSDIR}/${FILE} . endfor -.endif - @${MKDIR} -m 0700 ${STAGEDIR}${LIGHTTPD_LOGROOT} test: build @cd ${WRKSRC}/tests && ${SETENV} ${MAKE_ENV} ${MAKE} \ Index: distinfo =================================================================== --- distinfo (revision 418844) +++ distinfo (working copy) @@ -1,6 +1,7 @@ -SHA256 (lighttpd-1.4.39.tar.xz) = 7eb9a1853c3d6dd5851682b0733a729ba4158d6bdff80974d5ef5f1f6887365b -SIZE (lighttpd-1.4.39.tar.xz) = 579180 +TIMESTAMP = 1468715038 +SHA256 (lighttpd-1.4.40.tar.xz) = 80450dfcf7604d6c516a00a0ce750937074ef844bbdee3b3f23384187b9d4f8d +SIZE (lighttpd-1.4.40.tar.xz) = 621448 +SHA256 (lighttpd-1.4.26_mod_h264_streaming-2.2.9.patch) = 4e6768af32ce16033fcb0c70b12c55b40082ca105a36f258b0bbf30d64e9dad3 +SIZE (lighttpd-1.4.26_mod_h264_streaming-2.2.9.patch) = 242458 SHA256 (lighttpd-1.4.26_mod_geoip.patch) = 2858036310b778852d9f039a81629902edffc368658e13bf4779f3642ee1a5ba SIZE (lighttpd-1.4.26_mod_geoip.patch) = 15173 -SHA256 (lighttpd-1.4.26_mod_h264_streaming-2.2.9.patch) = bc0e1b97289a89b827ea84e64b614933cc14d67c64d6b727e4928aeec516489c -SIZE (lighttpd-1.4.26_mod_h264_streaming-2.2.9.patch) = 242421 Index: files/extra-patch-mysqlauth =================================================================== --- files/extra-patch-mysqlauth (revision 418844) +++ files/extra-patch-mysqlauth (working copy) @@ -1,458 +0,0 @@ -diff -Naur new/lighttpd-1.4.23/src/http_auth.c old/lighttpd-1.4.23/src/http_auth.c ---- src/http_auth.c 2009-06-11 14:05:06.000000000 +0400 -+++ src/http_auth.c 2009-10-08 10:10:15.000000000 +0400 -@@ -24,6 +24,7 @@ - #include - #include - #include -+#include - - #include "server.h" - #include "log.h" -@@ -291,6 +292,117 @@ - stream_close(&f); - } else if (p->conf.auth_backend == AUTH_BACKEND_LDAP) { - ret = 0; -+ } else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) { -+ MYSQL_RES *result; -+ MYSQL_ROW row; -+ int port = atoi(p->conf.auth_mysql_port->ptr); -+ char q[255]; -+ -+ if (p->conf.auth_mysql_socket->ptr != NULL) -+ if (0 == strcmp(p->conf.auth_mysql_socket->ptr, "")) p->conf.auth_mysql_socket->ptr = NULL; -+ -+ p->conf.mysql_conn = mysql_init(NULL); -+ -+ if (mysql_real_connect(p->conf.mysql_conn, p->conf.auth_mysql_host->ptr, p->conf.auth_mysql_user->ptr, p->conf.auth_mysql_pass->ptr, p->conf.auth_mysql_db->ptr, port, p->conf.auth_mysql_socket->ptr, 0)) -+ { -+//#define MY_HOSTING -+ -+#ifdef MY_HOSTING -+ char my_full_realm[255]; -+ char *my_realm = NULL; -+ char *my_domain = NULL; -+ -+ char *uname; -+ size_t unamelen; -+ -+ unamelen = strlen(username->ptr); -+ uname = malloc(unamelen*2+1); -+ -+ mysql_real_escape_string(p->conf.mysql_conn, -+ uname, username->ptr, -+ (unsigned long)unamelen); -+ -+ strcpy(my_full_realm, realm->ptr); -+ my_realm = strtok(my_full_realm, "@"); -+ -+ if (my_realm != NULL) -+ my_domain = strtok(NULL, "@"); -+ -+ sprintf(q, "SELECT %s FROM %s, %s WHERE %s='%s' AND %s='%s' AND %s='%s' AND %s=%s", -+ p->conf.auth_mysql_col_pass->ptr, -+ -+ p->conf.auth_mysql_users_table->ptr, -+ p->conf.auth_mysql_domains_table->ptr, -+ -+ p->conf.auth_mysql_col_user->ptr, -+ uname, -+ -+ p->conf.auth_mysql_col_realm->ptr, -+ my_realm, -+ -+ p->conf.auth_mysql_col_domain->ptr, -+ my_domain, -+ -+ p->conf.auth_mysql_domains_table_col_domain_id->ptr, -+ p->conf.auth_mysql_users_table_col_domain_id->ptr -+ ); -+ -+ free(uname); -+#else -+ // sanitize username & realm by taguchi@ff.iij4u.or.jp -+ char *uname, *urealm; -+ size_t unamelen, urealmlen; -+ -+ unamelen = strlen(username->ptr); -+ urealmlen = strlen(realm->ptr); -+ uname = malloc(unamelen*2+1); -+ urealm = malloc(urealmlen*2+1); -+ -+ mysql_real_escape_string(p->conf.mysql_conn, -+ uname, username->ptr, -+ (unsigned long)unamelen); -+ -+ mysql_real_escape_string(p->conf.mysql_conn, -+ urealm, realm->ptr, -+ (unsigned long)unamelen); -+ -+ mysql_real_escape_string(p->conf.mysql_conn, -+ urealm, realm->ptr, -+ (unsigned long)urealmlen); -+ -+ sprintf(q, "SELECT %s FROM %s WHERE %s='%s' AND %s='%s'", -+ p->conf.auth_mysql_col_pass->ptr, -+ p->conf.auth_mysql_users_table->ptr, -+ p->conf.auth_mysql_col_user->ptr, -+ uname, -+ p->conf.auth_mysql_col_realm->ptr, -+ urealm -+ ); -+ -+ free(uname); -+ free(urealm); -+#endif -+ -+ mysql_query(p->conf.mysql_conn, q); -+ result = mysql_store_result(p->conf.mysql_conn); -+ if (mysql_num_rows(result) == 1) -+ { -+ /* found */ -+ row = mysql_fetch_row(result); -+ buffer_copy_string_len(password, row[0], strlen(row[0])); -+ -+ ret = 0; -+ } else -+ { -+ /* not found */ -+ ret = -1; -+ } -+ -+ mysql_free_result(result); -+ mysql_close(p->conf.mysql_conn); -+ -+ p->conf.mysql_conn = NULL; -+ } - } else { - return -1; - } -@@ -831,6 +943,60 @@ - - return 0; - #endif -+ } else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) { -+ /* -+ we check for md5 crypt() now -+ request by Nicola Tiling -+ */ -+ if (password->ptr[0] == '$' && password->ptr[2] == '$') -+ { -+ char salt[32]; -+ char *crypted; -+ size_t salt_len = 0; -+ char *dollar = NULL; -+ -+ if (NULL == (dollar = strchr(password->ptr + 3, '$'))) { -+ fprintf(stderr, "%s.%d\n", __FILE__, __LINE__); -+ return -1; -+ } -+ -+ salt_len = dollar - password->ptr; -+ -+ if (salt_len > sizeof(salt) - 1) -+ { -+ fprintf(stderr, "%s.%d\n", __FILE__, __LINE__); -+ return -1; -+ } -+ -+ strncpy(salt, password->ptr, salt_len); -+ -+ salt[salt_len] = '\0'; -+ -+ crypted = crypt(pw, salt); -+ -+ if (0 == strcmp(password->ptr, crypted)) -+ { -+ return 0; -+ } else { -+ fprintf(stderr, "%s.%d\n", __FILE__, __LINE__); -+ } -+ } else -+ /* plain md5 check now */ -+ { -+ li_MD5_CTX Md5Ctx; -+ HASH HA1; -+ char a1[256]; -+ -+ li_MD5_Init(&Md5Ctx); -+ li_MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw)); -+ li_MD5_Final(HA1, &Md5Ctx); -+ -+ CvtHex(HA1, a1); -+ -+ if (0 == strcmp(password->ptr, a1)) { -+ return 0; -+ } -+ } - } - return -1; - } -diff -Naur new/lighttpd-1.4.23/src/http_auth.h old/lighttpd-1.4.23/src/http_auth.h ---- src/http_auth.h 2009-03-31 02:16:59.000000000 +0400 -+++ src/http_auth.h 2009-10-08 10:13:56.000000000 +0400 -@@ -8,13 +8,15 @@ - # define USE_LDAP - # include - #endif -+#include - - typedef enum { - AUTH_BACKEND_UNSET, - AUTH_BACKEND_PLAIN, - AUTH_BACKEND_LDAP, - AUTH_BACKEND_HTPASSWD, -- AUTH_BACKEND_HTDIGEST -+ AUTH_BACKEND_HTDIGEST, -+ AUTH_BACKEND_MYSQL - } auth_backend_t; - - typedef struct { -@@ -49,6 +51,22 @@ - buffer *ldap_filter_pre; - buffer *ldap_filter_post; - #endif -+ -+ MYSQL *mysql_conn; -+ buffer *auth_mysql_host; -+ buffer *auth_mysql_user; -+ buffer *auth_mysql_pass; -+ buffer *auth_mysql_db; -+ buffer *auth_mysql_port; -+ buffer *auth_mysql_socket; -+ buffer *auth_mysql_users_table; -+ buffer *auth_mysql_col_user; -+ buffer *auth_mysql_col_pass; -+ buffer *auth_mysql_col_realm; -+ buffer *auth_mysql_domains_table; -+ buffer *auth_mysql_col_domain; -+ buffer *auth_mysql_domains_table_col_domain_id; -+ buffer *auth_mysql_users_table_col_domain_id; - } mod_auth_plugin_config; - - typedef struct { -diff -Naur new/lighttpd-1.4.23/src/Makefile.am old/lighttpd-1.4.23/src/Makefile.am ---- src/Makefile.am.orig 2013-12-03 17:17:52.000000000 +0100 -+++ src/Makefile.am 2014-01-21 20:48:24.645439249 +0100 -@@ -243,7 +243,7 @@ - lib_LTLIBRARIES += mod_auth.la - mod_auth_la_SOURCES = mod_auth.c http_auth.c - mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version --mod_auth_la_LIBADD = $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd) -+mod_auth_la_LIBADD = $(MYSQL_LIBS) $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd) - - lib_LTLIBRARIES += mod_rewrite.la - mod_rewrite_la_SOURCES = mod_rewrite.c -diff -Naur lighttpd-1.4.23/src/Makefile.in old/lighttpd-1.4.23/src/Makefile.in ---- src/Makefile.in.orig 2014-01-20 13:09:11.000000000 +0100 -+++ src/Makefile.in 2014-01-21 20:48:37.115438375 +0100 -@@ -852,7 +852,7 @@ - mod_compress_la_LIBADD = $(Z_LIB) $(BZ_LIB) $(common_libadd) - mod_auth_la_SOURCES = mod_auth.c http_auth.c - mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version --mod_auth_la_LIBADD = $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd) -+mod_auth_la_LIBADD = $(MYSQL_LIBS) $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd) - mod_rewrite_la_SOURCES = mod_rewrite.c - mod_rewrite_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_rewrite_la_LIBADD = $(PCRE_LIB) $(common_libadd) -diff -Naur new/lighttpd-1.4.23/src/mod_auth.c old/lighttpd-1.4.23/src/mod_auth.c ---- src/mod_auth.c 2009-04-11 16:08:19.000000000 +0400 -+++ src/mod_auth.c 2009-10-08 10:24:13.000000000 +0400 -@@ -6,6 +6,7 @@ - #include - #include - #include -+#include - - #include "plugin.h" - #include "http_auth.h" -@@ -83,6 +84,20 @@ - if (s->ldap) ldap_unbind_s(s->ldap); - #endif - -+ buffer_free(s->auth_mysql_host); -+ buffer_free(s->auth_mysql_user); -+ buffer_free(s->auth_mysql_pass); -+ buffer_free(s->auth_mysql_db); -+ buffer_free(s->auth_mysql_socket); -+ buffer_free(s->auth_mysql_users_table); -+ buffer_free(s->auth_mysql_col_user); -+ buffer_free(s->auth_mysql_col_pass); -+ buffer_free(s->auth_mysql_col_realm); -+ buffer_free(s->auth_mysql_domains_table); -+ buffer_free(s->auth_mysql_col_domain); -+ buffer_free(s->auth_mysql_domains_table_col_domain_id); -+ buffer_free(s->auth_mysql_users_table_col_domain_id); -+ - free(s); - } - free(p->config_storage); -@@ -120,6 +135,21 @@ - PATCH(ldap_filter_post); - #endif - -+ PATCH(auth_mysql_host); -+ PATCH(auth_mysql_user); -+ PATCH(auth_mysql_pass); -+ PATCH(auth_mysql_db); -+ PATCH(auth_mysql_port); -+ PATCH(auth_mysql_socket); -+ PATCH(auth_mysql_users_table); -+ PATCH(auth_mysql_col_user); -+ PATCH(auth_mysql_col_pass); -+ PATCH(auth_mysql_col_realm); -+ PATCH(auth_mysql_domains_table); -+ PATCH(auth_mysql_col_domain); -+ PATCH(auth_mysql_domains_table_col_domain_id); -+ PATCH(auth_mysql_users_table_col_domain_id); -+ - /* skip the first, the global context */ - for (i = 1; i < srv->config_context->used; i++) { - data_config *dc = (data_config *)srv->config_context->data[i]; -@@ -169,6 +199,34 @@ - PATCH(auth_ldap_bindpw); - } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.allow-empty-pw"))) { - PATCH(auth_ldap_allow_empty_pw); -+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.host"))) { -+ PATCH(auth_mysql_host); -+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.user"))) { -+ PATCH(auth_mysql_user); -+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.pass"))) { -+ PATCH(auth_mysql_pass); -+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.db"))) { -+ PATCH(auth_mysql_db); -+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.port"))) { -+ PATCH(auth_mysql_port); -+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.socket"))) { -+ PATCH(auth_mysql_user); -+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table"))) { -+ PATCH(auth_mysql_users_table); -+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_user"))) { -+ PATCH(auth_mysql_col_user); -+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_pass"))) { -+ PATCH(auth_mysql_col_pass); -+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_realm"))) { -+ PATCH(auth_mysql_col_realm); -+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table"))) { -+ PATCH(auth_mysql_domains_table); -+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_domain"))) { -+ PATCH(auth_mysql_col_domain); -+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table_col_domain_id"))) { -+ PATCH(auth_mysql_domains_table_col_domain_id); -+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table_col_domain_id"))) { -+ PATCH(auth_mysql_users_table_col_domain_id); - } - } - } -@@ -323,10 +381,24 @@ - { "auth.backend.ldap.starttls", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 8 */ - { "auth.backend.ldap.bind-dn", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 9 */ - { "auth.backend.ldap.bind-pw", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 10 */ -- { "auth.backend.ldap.allow-empty-pw", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 11 */ -+ { "auth.backend.ldap.allow-empty-pw", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, - { "auth.backend.htdigest.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 12 */ - { "auth.backend.htpasswd.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 13 */ - { "auth.debug", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 14 */ -+ { "auth.backend.mysql.host", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, -+ { "auth.backend.mysql.user", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, -+ { "auth.backend.mysql.pass", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, -+ { "auth.backend.mysql.db", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, -+ { "auth.backend.mysql.port", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, -+ { "auth.backend.mysql.socket", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, -+ { "auth.backend.mysql.users_table", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, -+ { "auth.backend.mysql.col_user", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, -+ { "auth.backend.mysql.col_pass", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, -+ { "auth.backend.mysql.col_realm", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 23 */ -+ { "auth.backend.mysql.domains_table", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, -+ { "auth.backend.mysql.col_domain", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, -+ { "auth.backend.mysql.domains_table_col_domain_id", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, -+ { "auth.backend.mysql.users_table_col_domain_id", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 27 */ - { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET } - }; - -@@ -355,6 +427,22 @@ - s->auth_debug = 0; - - s->auth_require = array_init(); -+ s->mysql_conn = NULL; -+ s->auth_mysql_host = buffer_init(); -+ s->auth_mysql_user = buffer_init(); -+ s->auth_mysql_pass = buffer_init(); -+ s->auth_mysql_db = buffer_init(); -+ s->auth_mysql_port = buffer_init(); -+ s->auth_mysql_socket = buffer_init(); -+ s->auth_mysql_users_table = buffer_init(); -+ s->auth_mysql_col_user = buffer_init(); -+ s->auth_mysql_col_pass = buffer_init(); -+ s->auth_mysql_col_realm = buffer_init(); -+ s->auth_mysql_domains_table = buffer_init(); -+ s->auth_mysql_col_domain = buffer_init(); -+ s->auth_mysql_domains_table_col_domain_id = buffer_init(); -+ s->auth_mysql_users_table_col_domain_id = buffer_init(); -+ - - #ifdef USE_LDAP - s->ldap_filter_pre = buffer_init(); -@@ -377,7 +465,20 @@ - cv[12].destination = s->auth_htdigest_userfile; - cv[13].destination = s->auth_htpasswd_userfile; - cv[14].destination = &(s->auth_debug); -- -+ cv[15].destination = s->auth_mysql_host; -+ cv[16].destination = s->auth_mysql_user; -+ cv[17].destination = s->auth_mysql_pass; -+ cv[18].destination = s->auth_mysql_db; -+ cv[19].destination = s->auth_mysql_port; -+ cv[20].destination = s->auth_mysql_socket; -+ cv[21].destination = s->auth_mysql_users_table; -+ cv[22].destination = s->auth_mysql_col_user; -+ cv[23].destination = s->auth_mysql_col_pass; -+ cv[24].destination = s->auth_mysql_col_realm; -+ cv[25].destination = s->auth_mysql_domains_table; -+ cv[26].destination = s->auth_mysql_col_domain; -+ cv[27].destination = s->auth_mysql_domains_table_col_domain_id; -+ cv[28].destination = s->auth_mysql_users_table_col_domain_id; - p->config_storage[i] = s; - ca = ((data_config *)srv->config_context->data[i])->value; - -@@ -394,6 +495,8 @@ - s->auth_backend = AUTH_BACKEND_PLAIN; - } else if (0 == strcmp(s->auth_backend_conf->ptr, "ldap")) { - s->auth_backend = AUTH_BACKEND_LDAP; -+ } else if (0 == strcmp(s->auth_backend_conf->ptr, "mysql")) { -+ s->auth_backend = AUTH_BACKEND_MYSQL; - } else { - log_error_write(srv, __FILE__, __LINE__, "sb", "auth.backend not supported:", s->auth_backend_conf); - -@@ -534,6 +637,31 @@ - return (ret); - break; - } -+ case AUTH_BACKEND_MYSQL: { -+ int port = atoi(s->auth_mysql_port->ptr); -+ -+ /* ignore if auth_mysql_socket is invalid */ -+ if (p->conf.auth_mysql_socket == NULL) -+ return HANDLER_GO_ON; -+ if (p->conf.auth_mysql_socket->ptr != NULL) -+ if (0 == strcmp(s->auth_mysql_socket->ptr, "")) s->auth_mysql_socket->ptr = NULL; -+ -+ s->mysql_conn = mysql_init(NULL); -+ if (!mysql_real_connect(s->mysql_conn, s->auth_mysql_host->ptr, s->auth_mysql_user->ptr, s->auth_mysql_pass->ptr, s->auth_mysql_db->ptr, port, NULL, 0)) -+ { -+ log_error_write(srv, __FILE__, __LINE__, "sbsbsbsbss", -+ "opening connection to mysql:", s->auth_mysql_host, -+ "user:", s->auth_mysql_user, -+ "pass:", s->auth_mysql_pass, -+ "db:", s->auth_mysql_db, -+ "failed:", strerror(errno)); -+ -+ return HANDLER_ERROR; -+ } -+ mysql_close(s->mysql_conn); -+ -+ break; -+ } - default: - break; - } Index: files/extra-patch-nodelay =================================================================== --- files/extra-patch-nodelay (revision 418844) +++ files/extra-patch-nodelay (working copy) @@ -1,15 +0,0 @@ ---- src/network.c.orig Tue Jan 26 14:33:01 2010 -+++ src/network.c Tue Jan 26 14:37:39 2010 -@@ -226,6 +226,12 @@ - log_error_write(srv, __FILE__, __LINE__, "ss", "socketsockopt failed:", strerror(errno)); - goto error_free_socket; - } -+ if(srv_socket->addr.plain.sa_family == AF_INET || srv_socket->addr.plain.sa_family == AF_INET6 ) { -+ if (setsockopt(srv_socket->fd, IPPROTO_TCP, TCP_NODELAY, &val, sizeof(val)) < 0) { -+ log_error_write(srv, __FILE__, __LINE__, "ss", "socketsockopt failed:", strerror(errno)); -+ goto error_free_socket; -+ } -+ } - - switch(srv_socket->addr.plain.sa_family) { - #ifdef HAVE_IPV6 Index: files/extra-patch-src_Makefile.am =================================================================== --- files/extra-patch-src_Makefile.am (revision 0) +++ files/extra-patch-src_Makefile.am (working copy) @@ -0,0 +1,11 @@ +--- src/Makefile.am.orig 2016-07-16 10:06:16 UTC ++++ src/Makefile.am +@@ -254,7 +254,7 @@ mod_compress_la_LIBADD = $(Z_LIB) $(BZ_L + lib_LTLIBRARIES += mod_auth.la + mod_auth_la_SOURCES = mod_auth.c http_auth.c + mod_auth_la_LDFLAGS = $(common_module_ldflags) +-mod_auth_la_LIBADD = $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd) ++mod_auth_la_LIBADD = ${MYSQL_LIBS} $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd) + + lib_LTLIBRARIES += mod_rewrite.la + mod_rewrite_la_SOURCES = mod_rewrite.c Property changes on: files/extra-patch-src_Makefile.am ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: files/extra-patch-src_Makefile.in =================================================================== --- files/extra-patch-src_Makefile.in (revision 0) +++ files/extra-patch-src_Makefile.in (working copy) @@ -0,0 +1,11 @@ +--- src/Makefile.in.orig 2016-07-16 10:10:53 UTC ++++ src/Makefile.in +@@ -1011,7 +1011,7 @@ mod_compress_la_LDFLAGS = $(common_modul + mod_compress_la_LIBADD = $(Z_LIB) $(BZ_LIB) $(common_libadd) + mod_auth_la_SOURCES = mod_auth.c http_auth.c + mod_auth_la_LDFLAGS = $(common_module_ldflags) +-mod_auth_la_LIBADD = $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd) ++mod_auth_la_LIBADD = ${MYSQL_LIBS} $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd) + mod_rewrite_la_SOURCES = mod_rewrite.c + mod_rewrite_la_LDFLAGS = $(common_module_ldflags) + mod_rewrite_la_LIBADD = $(PCRE_LIB) $(common_libadd) Property changes on: files/extra-patch-src_Makefile.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: files/extra-patch-src_http__auth.c =================================================================== --- files/extra-patch-src_http__auth.c (revision 0) +++ files/extra-patch-src_http__auth.c (working copy) @@ -0,0 +1,193 @@ +--- src/http_auth.c.orig 2016-07-16 10:06:16 UTC ++++ src/http_auth.c +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include + + #include "md5.h" + +@@ -194,9 +195,119 @@ static int http_auth_get_password(server + fclose(fp); + } else if (p->conf.auth_backend == AUTH_BACKEND_LDAP) { + return 0; +- } ++ } else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) { ++ MYSQL_RES *result; ++ MYSQL_ROW row; ++ int port = atoi(p->conf.auth_mysql_port->ptr); ++ char q[255]; + +- return -1; ++ if (p->conf.auth_mysql_socket->ptr != NULL) ++ if (0 == strcmp(p->conf.auth_mysql_socket->ptr, "")) p->conf.auth_mysql_socket->ptr = NULL; ++ ++ p->conf.mysql_conn = mysql_init(NULL); ++ ++ if (mysql_real_connect(p->conf.mysql_conn, p->conf.auth_mysql_host->ptr, p->conf.auth_mysql_user->ptr, p->conf.auth_mysql_pass->ptr, p->conf.auth_mysql_db->ptr, port, p->conf.auth_mysql_socket->ptr, 0)) ++ { ++//#define MY_HOSTING ++ ++#ifdef MY_HOSTING ++ char my_full_realm[255]; ++ char *my_realm = NULL; ++ char *my_domain = NULL; ++ ++ char *uname; ++ size_t unamelen; ++ ++ unamelen = strlen(username->ptr); ++ uname = malloc(unamelen*2+1); ++ ++ mysql_real_escape_string(p->conf.mysql_conn, ++ uname, username->ptr, ++ (unsigned long)unamelen); ++ ++ strcpy(my_full_realm, realm->ptr); ++ my_realm = strtok(my_full_realm, "@"); ++ ++ if (my_realm != NULL) ++ my_domain = strtok(NULL, "@"); ++ ++ sprintf(q, "SELECT %s FROM %s, %s WHERE %s='%s' AND %s='%s' AND %s='%s' AND %s=%s", ++ p->conf.auth_mysql_col_pass->ptr, ++ ++ p->conf.auth_mysql_users_table->ptr, ++ p->conf.auth_mysql_domains_table->ptr, ++ ++ p->conf.auth_mysql_col_user->ptr, ++ uname, ++ ++ p->conf.auth_mysql_col_realm->ptr, ++ my_realm, ++ ++ p->conf.auth_mysql_col_domain->ptr, ++ my_domain, ++ ++ p->conf.auth_mysql_domains_table_col_domain_id->ptr, ++ p->conf.auth_mysql_users_table_col_domain_id->ptr ++ ); ++ ++ free(uname); ++#else ++ // sanitize username & realm by taguchi@ff.iij4u.or.jp ++ char *uname, *urealm; ++ size_t unamelen, urealmlen; ++ ++ unamelen = strlen(username->ptr); ++ urealmlen = strlen(realm->ptr); ++ uname = malloc(unamelen*2+1); ++ urealm = malloc(urealmlen*2+1); ++ ++ mysql_real_escape_string(p->conf.mysql_conn, ++ uname, username->ptr, ++ (unsigned long)unamelen); ++ ++ mysql_real_escape_string(p->conf.mysql_conn, ++ urealm, realm->ptr, ++ (unsigned long)unamelen); ++ ++ mysql_real_escape_string(p->conf.mysql_conn, ++ urealm, realm->ptr, ++ (unsigned long)urealmlen); ++ ++ sprintf(q, "SELECT %s FROM %s WHERE %s='%s' AND %s='%s'", ++ p->conf.auth_mysql_col_pass->ptr, ++ p->conf.auth_mysql_users_table->ptr, ++ p->conf.auth_mysql_col_user->ptr, ++ uname, ++ p->conf.auth_mysql_col_realm->ptr, ++ urealm ++ ); ++ ++ free(uname); ++ free(urealm); ++#endif ++ ++ mysql_query(p->conf.mysql_conn, q); ++ result = mysql_store_result(p->conf.mysql_conn); ++ if (mysql_num_rows(result) == 1) ++ { ++ /* found */ ++ row = mysql_fetch_row(result); ++ buffer_copy_string_len(password, row[0], strlen(row[0])); ++ ++ return 0; ++ } else ++ { ++ /* not found */ ++ return -1; ++ } ++ ++ mysql_free_result(result); ++ mysql_close(p->conf.mysql_conn); ++ ++ p->conf.mysql_conn = NULL; ++ } else ++ return -1; ++ } + } + + int http_auth_match_rules(server *srv, array *req, const char *username, const char *group, const char *host) { +@@ -711,6 +822,60 @@ static int http_auth_basic_password_comp + + return 0; + #endif ++ } else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) { ++ /* ++ we check for md5 crypt() now ++ request by Nicola Tiling ++ */ ++ if (password->ptr[0] == '$' && password->ptr[2] == '$') ++ { ++ char salt[32]; ++ char *crypted; ++ size_t salt_len = 0; ++ char *dollar = NULL; ++ ++ if (NULL == (dollar = strchr(password->ptr + 3, '$'))) { ++ fprintf(stderr, "%s.%d\n", __FILE__, __LINE__); ++ return -1; ++ } ++ ++ salt_len = dollar - password->ptr; ++ ++ if (salt_len > sizeof(salt) - 1) ++ { ++ fprintf(stderr, "%s.%d\n", __FILE__, __LINE__); ++ return -1; ++ } ++ ++ strncpy(salt, password->ptr, salt_len); ++ ++ salt[salt_len] = '\0'; ++ ++ crypted = crypt(pw, salt); ++ ++ if (0 == strcmp(password->ptr, crypted)) ++ { ++ return 0; ++ } else { ++ fprintf(stderr, "%s.%d\n", __FILE__, __LINE__); ++ } ++ } else ++ /* plain md5 check now */ ++ { ++ li_MD5_CTX Md5Ctx; ++ HASH HA1; ++ char a1[256]; ++ ++ li_MD5_Init(&Md5Ctx); ++ li_MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw)); ++ li_MD5_Final(HA1, &Md5Ctx); ++ ++ CvtHex(HA1, a1); ++ ++ if (0 == strcmp(password->ptr, a1)) { ++ return 0; ++ } ++ } + } + return -1; + } Property changes on: files/extra-patch-src_http__auth.c ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: files/extra-patch-src_http__auth.h =================================================================== --- files/extra-patch-src_http__auth.h (revision 0) +++ files/extra-patch-src_http__auth.h (working copy) @@ -0,0 +1,43 @@ +--- src/http_auth.h.orig 2016-07-16 10:06:16 UTC ++++ src/http_auth.h +@@ -9,13 +9,15 @@ + # define USE_LDAP + # include + #endif ++#include + + typedef enum { + AUTH_BACKEND_UNSET, + AUTH_BACKEND_PLAIN, + AUTH_BACKEND_LDAP, + AUTH_BACKEND_HTPASSWD, +- AUTH_BACKEND_HTDIGEST ++ AUTH_BACKEND_HTDIGEST, ++ AUTH_BACKEND_MYSQL + } auth_backend_t; + + typedef struct { +@@ -50,6 +52,23 @@ typedef struct { + buffer *ldap_filter_pre; + buffer *ldap_filter_post; + #endif ++ ++ MYSQL *mysql_conn; ++ buffer *auth_mysql_host; ++ buffer *auth_mysql_user; ++ buffer *auth_mysql_pass; ++ buffer *auth_mysql_db; ++ buffer *auth_mysql_port; ++ buffer *auth_mysql_socket; ++ buffer *auth_mysql_users_table; ++ buffer *auth_mysql_col_user; ++ buffer *auth_mysql_col_pass; ++ buffer *auth_mysql_col_realm; ++ buffer *auth_mysql_domains_table; ++ buffer *auth_mysql_col_domain; ++ buffer *auth_mysql_domains_table_col_domain_id; ++ buffer *auth_mysql_users_table_col_domain_id; ++ + } mod_auth_plugin_config; + + typedef struct { Property changes on: files/extra-patch-src_http__auth.h ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: files/extra-patch-src_mod__auth.c =================================================================== --- files/extra-patch-src_mod__auth.c (revision 0) +++ files/extra-patch-src_mod__auth.c (working copy) @@ -0,0 +1,200 @@ +--- src/mod_auth.c.orig 2016-07-16 10:06:16 UTC ++++ src/mod_auth.c +@@ -13,6 +13,7 @@ + #include + #include + #include ++#include + + handler_t auth_ldap_init(server *srv, mod_auth_plugin_config *s); + +@@ -84,6 +85,19 @@ FREE_FUNC(mod_auth_free) { + + if (s->ldap) ldap_unbind_s(s->ldap); + #endif ++ buffer_free(s->auth_mysql_host); ++ buffer_free(s->auth_mysql_user); ++ buffer_free(s->auth_mysql_pass); ++ buffer_free(s->auth_mysql_db); ++ buffer_free(s->auth_mysql_socket); ++ buffer_free(s->auth_mysql_users_table); ++ buffer_free(s->auth_mysql_col_user); ++ buffer_free(s->auth_mysql_col_pass); ++ buffer_free(s->auth_mysql_col_realm); ++ buffer_free(s->auth_mysql_domains_table); ++ buffer_free(s->auth_mysql_col_domain); ++ buffer_free(s->auth_mysql_domains_table_col_domain_id); ++ buffer_free(s->auth_mysql_users_table_col_domain_id); + + free(s); + } +@@ -122,6 +136,21 @@ static int mod_auth_patch_connection(ser + PATCH(ldap_filter_post); + #endif + ++ PATCH(auth_mysql_host); ++ PATCH(auth_mysql_user); ++ PATCH(auth_mysql_pass); ++ PATCH(auth_mysql_db); ++ PATCH(auth_mysql_port); ++ PATCH(auth_mysql_socket); ++ PATCH(auth_mysql_users_table); ++ PATCH(auth_mysql_col_user); ++ PATCH(auth_mysql_col_pass); ++ PATCH(auth_mysql_col_realm); ++ PATCH(auth_mysql_domains_table); ++ PATCH(auth_mysql_col_domain); ++ PATCH(auth_mysql_domains_table_col_domain_id); ++ PATCH(auth_mysql_users_table_col_domain_id); ++ + /* skip the first, the global context */ + for (i = 1; i < srv->config_context->used; i++) { + data_config *dc = (data_config *)srv->config_context->data[i]; +@@ -171,6 +200,34 @@ static int mod_auth_patch_connection(ser + PATCH(auth_ldap_bindpw); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.allow-empty-pw"))) { + PATCH(auth_ldap_allow_empty_pw); ++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.host"))) { ++ PATCH(auth_mysql_host); ++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.user"))) { ++ PATCH(auth_mysql_user); ++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.pass"))) { ++ PATCH(auth_mysql_pass); ++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.db"))) { ++ PATCH(auth_mysql_db); ++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.port"))) { ++ PATCH(auth_mysql_port); ++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.socket"))) { ++ PATCH(auth_mysql_user); ++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table"))) { ++ PATCH(auth_mysql_users_table); ++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_user"))) { ++ PATCH(auth_mysql_col_user); ++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_pass"))) { ++ PATCH(auth_mysql_col_pass); ++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_realm"))) { ++ PATCH(auth_mysql_col_realm); ++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table"))) { ++ PATCH(auth_mysql_domains_table); ++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_domain"))) { ++ PATCH(auth_mysql_col_domain); ++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table_col_domain_id"))) { ++ PATCH(auth_mysql_domains_table_col_domain_id); ++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table_col_domain_id"))) { ++ PATCH(auth_mysql_users_table_col_domain_id); + } + } + } +@@ -362,10 +419,25 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) + { "auth.backend.ldap.starttls", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 8 */ + { "auth.backend.ldap.bind-dn", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 9 */ + { "auth.backend.ldap.bind-pw", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 10 */ +- { "auth.backend.ldap.allow-empty-pw", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 11 */ ++ { "auth.backend.ldap.allow-empty-pw", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, + { "auth.backend.htdigest.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 12 */ + { "auth.backend.htpasswd.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 13 */ + { "auth.debug", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 14 */ ++ { "auth.backend.mysql.host", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, ++ { "auth.backend.mysql.user", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, ++ { "auth.backend.mysql.pass", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, ++ { "auth.backend.mysql.db", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, ++ { "auth.backend.mysql.port", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, ++ { "auth.backend.mysql.socket", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, ++ { "auth.backend.mysql.users_table", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, ++ { "auth.backend.mysql.col_user", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, ++ { "auth.backend.mysql.col_pass", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, ++ { "auth.backend.mysql.col_realm", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 23 */ ++ { "auth.backend.mysql.domains_table", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, ++ { "auth.backend.mysql.col_domain", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, ++ { "auth.backend.mysql.domains_table_col_domain_id", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, ++ { "auth.backend.mysql.users_table_col_domain_id", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 27 */ ++ + { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET } + }; + +@@ -394,6 +466,22 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) + s->auth_debug = 0; + + s->auth_require = array_init(); ++ s->mysql_conn = NULL; ++ s->auth_mysql_host = buffer_init(); ++ s->auth_mysql_user = buffer_init(); ++ s->auth_mysql_pass = buffer_init(); ++ s->auth_mysql_db = buffer_init(); ++ s->auth_mysql_port = buffer_init(); ++ s->auth_mysql_socket = buffer_init(); ++ s->auth_mysql_users_table = buffer_init(); ++ s->auth_mysql_col_user = buffer_init(); ++ s->auth_mysql_col_pass = buffer_init(); ++ s->auth_mysql_col_realm = buffer_init(); ++ s->auth_mysql_domains_table = buffer_init(); ++ s->auth_mysql_col_domain = buffer_init(); ++ s->auth_mysql_domains_table_col_domain_id = buffer_init(); ++ s->auth_mysql_users_table_col_domain_id = buffer_init(); ++ + + #ifdef USE_LDAP + s->ldap_filter_pre = buffer_init(); +@@ -416,7 +504,20 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) + cv[12].destination = s->auth_htdigest_userfile; + cv[13].destination = s->auth_htpasswd_userfile; + cv[14].destination = &(s->auth_debug); +- ++ cv[15].destination = s->auth_mysql_host; ++ cv[16].destination = s->auth_mysql_user; ++ cv[17].destination = s->auth_mysql_pass; ++ cv[18].destination = s->auth_mysql_db; ++ cv[19].destination = s->auth_mysql_port; ++ cv[20].destination = s->auth_mysql_socket; ++ cv[21].destination = s->auth_mysql_users_table; ++ cv[22].destination = s->auth_mysql_col_user; ++ cv[23].destination = s->auth_mysql_col_pass; ++ cv[24].destination = s->auth_mysql_col_realm; ++ cv[25].destination = s->auth_mysql_domains_table; ++ cv[26].destination = s->auth_mysql_col_domain; ++ cv[27].destination = s->auth_mysql_domains_table_col_domain_id; ++ cv[28].destination = s->auth_mysql_users_table_col_domain_id; + p->config_storage[i] = s; + + if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) { +@@ -432,6 +533,8 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) + s->auth_backend = AUTH_BACKEND_PLAIN; + } else if (0 == strcmp(s->auth_backend_conf->ptr, "ldap")) { + s->auth_backend = AUTH_BACKEND_LDAP; ++ } else if (0 == strcmp(s->auth_backend_conf->ptr, "mysql")) { ++ s->auth_backend = AUTH_BACKEND_MYSQL; + } else { + log_error_write(srv, __FILE__, __LINE__, "sb", "auth.backend not supported:", s->auth_backend_conf); + +@@ -573,6 +676,31 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) + return (ret); + break; + } ++ case AUTH_BACKEND_MYSQL: { ++ int port = atoi(s->auth_mysql_port->ptr); ++ ++ /* ignore if auth_mysql_socket is invalid */ ++ if (p->conf.auth_mysql_socket == NULL) ++ return HANDLER_GO_ON; ++ if (p->conf.auth_mysql_socket->ptr != NULL) ++ if (0 == strcmp(s->auth_mysql_socket->ptr, "")) s->auth_mysql_socket->ptr = NULL; ++ ++ s->mysql_conn = mysql_init(NULL); ++ if (!mysql_real_connect(s->mysql_conn, s->auth_mysql_host->ptr, s->auth_mysql_user->ptr, s->auth_mysql_pass->ptr, s->auth_mysql_db->ptr, port, NULL, 0)) ++ { ++ log_error_write(srv, __FILE__, __LINE__, "sbsbsbsbss", ++ "opening connection to mysql:", s->auth_mysql_host, ++ "user:", s->auth_mysql_user, ++ "pass:", s->auth_mysql_pass, ++ "db:", s->auth_mysql_db, ++ "failed:", strerror(errno)); ++ ++ return HANDLER_ERROR; ++ } ++ mysql_close(s->mysql_conn); ++ ++ break; ++ } + default: + break; + } Property changes on: files/extra-patch-src_mod__auth.c ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: files/patch-configure.ac =================================================================== --- files/patch-configure.ac (revision 418844) +++ files/patch-configure.ac (working copy) @@ -1,22 +0,0 @@ ---- configure.ac.orig 2015-07-26 10:36:36 UTC -+++ configure.ac -@@ -46,6 +46,7 @@ AC_DEFUN([TRY_CFLAGS], - dnl Checks for programs. - AC_PROG_CC - AM_PROG_CC_C_O -+AM_PROG_AR - AC_PROG_LD - AC_PROG_INSTALL - AC_PROG_AWK -@@ -60,11 +61,6 @@ m4_ifdef([AC_USE_SYSTEM_EXTENSIONS], [AC - dnl AM_PROG_AR requires automake 1.11 (and uses AC_COMPILE_IFELSE which wants AC_USE_SYSTEM_EXTENSIONS) - m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) - --dnl check environment --AC_AIX --AC_ISC_POSIX --AC_MINIX -- - dnl AC_CANONICAL_HOST - case $host_os in - *darwin*|*cygwin*|*aix*|*mingw* ) NO_RDYNAMIC=yes;; Index: files/patch-src-fdevent.h =================================================================== --- files/patch-src-fdevent.h (revision 418844) +++ files/patch-src-fdevent.h (working copy) @@ -1,11 +0,0 @@ ---- src/fdevent.h.orig 2015-07-26 10:36:36 UTC -+++ src/fdevent.h -@@ -46,7 +46,7 @@ - # include - #endif - --#if defined HAVE_SYS_EVENT_H && defined HAVE_KQUEUE -+#if defined HAVE_SYS_EVENT_H && defined HAVE_KQUEUE && !defined HAVE_LIBEV - # define USE_FREEBSD_KQUEUE - #endif - Index: files/patch-src_mod__cml__lua.c =================================================================== --- files/patch-src_mod__cml__lua.c (revision 418844) +++ files/patch-src_mod__cml__lua.c (working copy) @@ -1,25 +0,0 @@ ---- src/mod_cml_lua.c.orig 2015-07-26 10:36:36 UTC -+++ src/mod_cml_lua.c -@@ -28,6 +28,10 @@ typedef char HASHHEX[HASHHEXLEN+1]; - #include - #include - -+#if LUA_VERSION_NUM >= 502 -+#define LUA_GLOBALSINDEX LUA_REGISTRYINDEX -+#endif -+ - typedef struct { - stream st; - int done; -@@ -291,7 +295,11 @@ int cache_parse_lua(server *srv, connect - lua_settable(L, LUA_GLOBALSINDEX); - - /* load lua program */ -+#if LUA_VERSION_NUM >= 502 -+ if (lua_load(L, load_file, &rm, fn->ptr, NULL) || lua_pcall(L,0,1,0)) { -+#else - if (lua_load(L, load_file, &rm, fn->ptr) || lua_pcall(L,0,1,0)) { -+#endif - log_error_write(srv, __FILE__, __LINE__, "s", - lua_tostring(L,-1)); - Index: files/patch-src_mod__magnet.c =================================================================== --- files/patch-src_mod__magnet.c (revision 418844) +++ files/patch-src_mod__magnet.c (working copy) @@ -1,13 +0,0 @@ ---- src/mod_magnet.c.orig 2015-07-26 10:36:36 UTC -+++ src/mod_magnet.c -@@ -24,6 +24,10 @@ - #define MAGNET_CONFIG_PHYSICAL_PATH "magnet.attract-physical-path-to" - #define MAGNET_RESTART_REQUEST 99 - -+#if LUA_VERSION_NUM >= 502 -+#define LUA_GLOBALSINDEX LUA_REGISTRYINDEX -+#endif -+ - /* plugin config for all request/connections */ - - static jmp_buf exceptionjmp; Index: files/patch-src_network.c =================================================================== --- files/patch-src_network.c (revision 418844) +++ files/patch-src_network.c (working copy) @@ -1,23 +0,0 @@ -Cherry-picked from upstream -https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/1ca52fdce3b87f7748dd5db6f59d738ed7a9efe1/diff - ---- src/network.c.orig 2015-12-04 21:13:47 UTC -+++ src/network.c -@@ -769,7 +769,7 @@ int network_init(server *srv) { - - if (!s->ssl_use_sslv2) { - /* disable SSLv2 */ -- if (!(SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2))) { -+ if ((SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2)) != SSL_OP_NO_SSLv2) { - log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", - ERR_error_string(ERR_get_error(), NULL)); - return -1; -@@ -778,7 +778,7 @@ int network_init(server *srv) { - - if (!s->ssl_use_sslv3) { - /* disable SSLv3 */ -- if (!(SSL_OP_NO_SSLv3 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv3))) { -+ if ((SSL_OP_NO_SSLv3 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv3)) != SSL_OP_NO_SSLv3) { - log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", - ERR_error_string(ERR_get_error(), NULL)); - return -1;