Attachment #175913 for bug #213568




# $FreeBSD$

PORTNAME?=	lighttpd
PORTVERSION=	1.4.42
PORTREVISION=	1
CATEGORIES?=	www
MASTER_SITES?=	http://download.lighttpd.net/lighttpd/releases-1.4.x/



GNU_CONFIGURE=	yes
USES=		autoreconf gmake libtool localbase pkgconfig tar:xz
USE_CSTD=	gnu99

.if !defined(_BUILDING_LIGHTTPD_MODULE)
USES+=	cpe

.if !defined(_BUILDING_LIGHTTPD_MODULE)
USE_RC_SUBR=	lighttpd

OPTIONS_DEFINE=	ATTR BZIP2 DOCS FAM GDBM GEOIP IPV6 LIBEV LUA MEMCACHED MYSQL \
		LDAP OPENSSL SPAWNFCGI VALGRIND WEBDAV

OPTIONS_DEFAULT=	OPENSSL

LUA_DESC=	lua support (mod_cml, mod_magnet)
MEMCACHED_DESC=	memcached storage (mod_trigger_b4_dl)
MYSQL_DESC=	MySQL support (mod_mysql_vhost)
MYSQLAUTH_DESC=	MySQL authentication
SPAWNFCGI_DESC=	Depend on spawn-fcgi utility
VALGRIND_DESC=	valgrind support
WEBDAV_DESC=	WebDAV support

FAM_CONFIGURE_ENV=	FAM_CFLAGS="-I${LOCALBASE}/include" FAM_LIBS="-L${LOCALBASE}/lib"
GDBM_LIB_DEPENDS=	libgdbm.so:databases/gdbm
GDBM_CONFIGURE_WITH=	gdbm
GEOIP_LIB_DEPENDS=	libGeoIP.so:net/GeoIP
GEOIP_CONFIGURE_WITH=	geoip
IPV6_CONFIGURE_OFF=	--disable-ipv6
LIBEV_CONFIGURE_WITH=	libev=${LOCALBASE}
LIBEV_LIB_DEPENDS=	libev.so:devel/libev

LUA_CONFIGURE_ENV=	LUA_CFLAGS="-I${LUA_INCDIR}" LUA_LIBS="-L${LUA_LIBDIR} -llua-${LUA_VER}"
MEMCACHED_LIB_DEPENDS=	libmemcached.so:databases/libmemcached
MEMCACHED_CONFIGURE_WITH=memcached
MYSQLAUTH_IMPLIES=	MYSQL
OPENSSL_USES=		ssl
OPENSSL_CONFIGURE_WITH=	openssl
OPENSSL_CONFIGURE_ON=	--with-openssl-includes=${OPENSSLINC} --with-openssl-libs=${OPENSSLLIB}

VALGRIND_BUILD_DEPENDS=	valgrind:devel/valgrind
VALGRIND_RUN_DEPENDS=	valgrind:devel/valgrind
VALGRIND_CONFIGURE_WITH=valgrind
WEBDAV_USE=		GNOME=libxml2
WEBDAV_LIB_DEPENDS=	libuuid.so:misc/e2fsprogs-libuuid \
			libsqlite3.so:databases/sqlite3
WEBDAV_CONFIGURE_WITH=	webdav-props webdav-locks

LIGHTTPD_CONF_FILES=	lighttpd.conf modules.conf


_REQUIRE+=		mysql
.endif

.if ${PORT_OPTIONS:MMYSQLAUTH}
EXTRA_PATCHES+=		${FILESDIR}/extra-patch-src_Makefile.am \
			${FILESDIR}/extra-patch-src_Makefile.in \
			${FILESDIR}/extra-patch-src_http__auth.c \
			${FILESDIR}/extra-patch-src_http__auth.h \
			${FILESDIR}/extra-patch-src_mod__auth.c
PORTDOCS+=		README.mysqlauth mysql_auth.sql
.endif

.if ${PORT_OPTIONS:MLDAP}
USE_OPENLDAP=		yes
CONFIGURE_ARGS+=	--with-ldap

_REQUIRE+=		slapd
.endif

.if ${PORT_OPTIONS:MWEBDAV}
USE_GNOME+=		libxml2
LIB_DEPENDS+=		libuuid.so:misc/e2fsprogs-libuuid \
			libsqlite3.so:databases/sqlite3
CONFIGURE_ARGS+=	--with-webdav-props --with-webdav-locks
.endif

SUB_LIST+=		REQUIRE="${_REQUIRE}"

post-patch:

	${INSTALL_DATA} ${WRKSRC}/${FILE} ${STAGEDIR}${DOCSDIR}/${FILE}
. endfor

post-install-MYSQLAUTH-on:
	@${MKDIR} ${STAGEDIR}${DOCSDIR}
. for FILE in README.mysqlauth mysql_auth.sql
	${INSTALL_DATA} ${FILESDIR}/${FILE} ${STAGEDIR}${DOCSDIR}/${FILE}
. endfor

test: build
	@cd ${WRKSRC}/tests && ${SETENV} ${MAKE_ENV} ${MAKE} \
		${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} \

Lines 1-7 Link Here

(-)distinfo (-7 / +5 lines)
1	TIMESTAMP = 1470040166	1	TIMESTAMP = 1476712210
2	SHA256 (lighttpd-1.4.41.tar.xz) = 4bcc383ef6d6dc7b284f68882d71a178e2986c83c4e85eeb3c8f3b882e346b6c	2	SHA256 (lighttpd-1.4.42.tar.xz) = b2c9069ed0bade9362c27b469a9b884641786aea1c3d686f9fd9f01d15e2a15f
3	SIZE (lighttpd-1.4.41.tar.xz) = 623480	3	SIZE (lighttpd-1.4.42.tar.xz) = 652140
4	SHA256 (lighttpd-1.4.26_mod_h264_streaming-2.2.9.patch) = 4e6768af32ce16033fcb0c70b12c55b40082ca105a36f258b0bbf30d64e9dad3	4	SHA256 (lighttpd-1.4.26_mod_h264_streaming-2.2.9.patch) = 716cd4f8d371e12c115a2204e649aafe2ebad42d0099777b1361c0e2cc8a1612
5	SIZE (lighttpd-1.4.26_mod_h264_streaming-2.2.9.patch) = 242458	5	SIZE (lighttpd-1.4.26_mod_h264_streaming-2.2.9.patch) = 242456
6	SHA256 (lighttpd-1.4.26_mod_geoip.patch) = 2858036310b778852d9f039a81629902edffc368658e13bf4779f3642ee1a5ba
7	SIZE (lighttpd-1.4.26_mod_geoip.patch) = 15173




References:
http://redmine.lighttpd.net/issues/752
http://redmine.lighttpd.net/attachments/1012/03_all_lighttpd-1.4.23-mysql_auth.diff
http://redmine.lighttpd.net/attachments/download/1012/03_all_lighttpd-1.4.23-mysql_auth.diff

This patch allows lighttpd to authenticate users against mySQL DBbr
NOTE: Only basic auth is implemented. Passwords are stored as MD5 hash in DB

make mysql db and user (read mySQL doc's if you don't know how)
import lighttpd-1.4.11-mysql_auth.sql

open lighttpd.conf and add
(be sure that you comment out any other auth - according to lighttpd docs)

auth.backend                                   = "mysql" 
auth.backend.mysql.host                        = "localhost" 
auth.backend.mysql.user                        = "db_user" 
auth.backend.mysql.pass                        = "db_pass" 
auth.backend.mysql.db                          = "db_name" 
auth.backend.mysql.port                        = "0" # (for default port 0, always needed)
auth.backend.mysql.socket                      = ""  # (for default leave blank, always needed)
auth.backend.mysql.users_table                 = "users_table" 
auth.backend.mysql.col_user                    = "col_name_username" 
auth.backend.mysql.col_pass                    = "col_name_password" # (md5 hash of password)
auth.backend.mysql.col_realm                   = "col_realm_name" 

configure lighttpd to use it (same as every other auth)

auth.require = ( "/some_path" =>
    (
        "method"  => "basic",
        "realm"   => "some_realm",
        "require" => "some_user",
    )
)

start lighttpd

P.S. patch include more complicated setup with separate table for domains.
If you are interested please contact with me to obtain more information.

Bugs, Patches and Suggestions
Send me E-Mail: drJeckyll@Jeckyll.net


Lines 1-11 Link Here

(-)files/extra-patch-src_Makefile.am (-11 lines)
1	--- src/Makefile.am.orig 2016-07-16 10:06:16 UTC
2	+++ src/Makefile.am
3	@@ -254,7 +254,7 @@ mod_compress_la_LIBADD = $(Z_LIB) $(BZ_L
4	lib_LTLIBRARIES += mod_auth.la
5	mod_auth_la_SOURCES = mod_auth.c http_auth.c
6	mod_auth_la_LDFLAGS = $(common_module_ldflags)
7	-mod_auth_la_LIBADD = $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
8	+mod_auth_la_LIBADD = ${MYSQL_LIBS} $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
9
10	lib_LTLIBRARIES += mod_rewrite.la
11	mod_rewrite_la_SOURCES = mod_rewrite.c

Lines 1-11 Link Here

(-)files/extra-patch-src_Makefile.in (-11 lines)
1	--- src/Makefile.in.orig 2016-07-16 10:10:53 UTC
2	+++ src/Makefile.in
3	@@ -1011,7 +1011,7 @@ mod_compress_la_LDFLAGS = $(common_modul
4	mod_compress_la_LIBADD = $(Z_LIB) $(BZ_LIB) $(common_libadd)
5	mod_auth_la_SOURCES = mod_auth.c http_auth.c
6	mod_auth_la_LDFLAGS = $(common_module_ldflags)
7	-mod_auth_la_LIBADD = $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
8	+mod_auth_la_LIBADD = ${MYSQL_LIBS} $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
9	mod_rewrite_la_SOURCES = mod_rewrite.c
10	mod_rewrite_la_LDFLAGS = $(common_module_ldflags)
11	mod_rewrite_la_LIBADD = $(PCRE_LIB) $(common_libadd)




--- src/http_auth.c.orig	2016-07-16 10:06:16 UTC
+++ src/http_auth.c
@@ -30,6 +30,7 @@
 #include <errno.h>
 #include <unistd.h>
 #include <ctype.h>
+#include <mysql/mysql.h>
 
 #include "md5.h"
 
@@ -194,9 +195,119 @@ static int http_auth_get_password(server
 		fclose(fp);
 	} else if (p->conf.auth_backend == AUTH_BACKEND_LDAP) {
 		return 0;
-	}
+	} else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) {
+		MYSQL_RES *result;
+		MYSQL_ROW row;
+		int port = atoi(p->conf.auth_mysql_port->ptr);
+		char q[255];
 
-	return -1;
+		if (p->conf.auth_mysql_socket->ptr != NULL)
+			if (0 == strcmp(p->conf.auth_mysql_socket->ptr, "")) p->conf.auth_mysql_socket->ptr = NULL;
+
+		p->conf.mysql_conn = mysql_init(NULL);
+
+		if (mysql_real_connect(p->conf.mysql_conn, p->conf.auth_mysql_host->ptr, p->conf.auth_mysql_user->ptr, p->conf.auth_mysql_pass->ptr, p->conf.auth_mysql_db->ptr, port, p->conf.auth_mysql_socket->ptr, 0))
+		{
+//#define MY_HOSTING
+
+#ifdef MY_HOSTING
+			char my_full_realm[255];
+			char *my_realm = NULL;
+			char *my_domain = NULL;
+
+			char *uname;
+			size_t unamelen;
+
+			unamelen = strlen(username->ptr);
+			uname = malloc(unamelen*2+1);
+
+			mysql_real_escape_string(p->conf.mysql_conn,
+					uname, username->ptr,
+					(unsigned long)unamelen);
+
+			strcpy(my_full_realm, realm->ptr);
+			my_realm = strtok(my_full_realm, "@");
+
+			if (my_realm != NULL)
+				my_domain = strtok(NULL, "@");
+
+			sprintf(q, "SELECT %s FROM %s, %s WHERE %s='%s' AND %s='%s' AND %s='%s' AND %s=%s",
+				p->conf.auth_mysql_col_pass->ptr,
+
+				p->conf.auth_mysql_users_table->ptr,
+				p->conf.auth_mysql_domains_table->ptr,
+
+				p->conf.auth_mysql_col_user->ptr,
+				uname,
+
+				p->conf.auth_mysql_col_realm->ptr,
+				my_realm,
+
+				p->conf.auth_mysql_col_domain->ptr,
+				my_domain,
+
+				p->conf.auth_mysql_domains_table_col_domain_id->ptr,
+				p->conf.auth_mysql_users_table_col_domain_id->ptr
+				);
+
+			free(uname);
+#else
+			// sanitize username & realm by taguchi@ff.iij4u.or.jp
+			char *uname, *urealm;
+			size_t unamelen, urealmlen;
+
+			unamelen = strlen(username->ptr);
+			urealmlen = strlen(realm->ptr);
+			uname = malloc(unamelen*2+1);
+			urealm = malloc(urealmlen*2+1);
+
+			mysql_real_escape_string(p->conf.mysql_conn,
+				uname, username->ptr,
+				(unsigned long)unamelen);
+
+			mysql_real_escape_string(p->conf.mysql_conn,
+				urealm, realm->ptr,
+				(unsigned long)unamelen);
+
+			mysql_real_escape_string(p->conf.mysql_conn,
+				urealm, realm->ptr,
+				(unsigned long)urealmlen);
+
+			sprintf(q, "SELECT %s FROM %s WHERE %s='%s' AND %s='%s'",
+				p->conf.auth_mysql_col_pass->ptr,
+				p->conf.auth_mysql_users_table->ptr,
+				p->conf.auth_mysql_col_user->ptr,
+				uname,
+				p->conf.auth_mysql_col_realm->ptr,
+				urealm
+			);
+
+			free(uname);
+			free(urealm);
+#endif
+
+			mysql_query(p->conf.mysql_conn, q);
+			result = mysql_store_result(p->conf.mysql_conn);
+			if (mysql_num_rows(result) == 1)
+			{
+				/* found */
+				row = mysql_fetch_row(result);
+				buffer_copy_string_len(password, row[0], strlen(row[0]));
+
+				return 0;
+			} else
+			{
+				/* not found */
+				return -1;
+			}
+
+			mysql_free_result(result);
+			mysql_close(p->conf.mysql_conn);
+
+			p->conf.mysql_conn = NULL;
+		} else
+			return -1;
+	}
 }
 
 int http_auth_match_rules(server *srv, array *req, const char *username, const char *group, const char *host) {
@@ -711,6 +822,60 @@ static int http_auth_basic_password_comp
 
 		return 0;
 #endif
+	} else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) {
+		/*
+			we check for md5 crypt() now
+			request by Nicola Tiling <nti@w4w.net>
+		*/
+		if (password->ptr[0] == '$' && password->ptr[2] == '$')
+		{
+			char salt[32];
+			char *crypted;
+			size_t salt_len = 0;
+			char *dollar = NULL;
+
+			if (NULL == (dollar = strchr(password->ptr + 3, '$'))) {
+				fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
+				return -1;
+			}
+
+			salt_len = dollar - password->ptr;
+
+			if (salt_len > sizeof(salt) - 1)
+			{
+				fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
+				return -1;
+			}
+
+			strncpy(salt, password->ptr, salt_len);
+
+			salt[salt_len] = '\0';
+
+			crypted = crypt(pw, salt);
+
+			if (0 == strcmp(password->ptr, crypted))
+			{
+				return 0;
+			} else {
+				fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
+			}
+		} else
+		/* plain md5 check now */
+		{
+			li_MD5_CTX Md5Ctx;
+			HASH HA1;
+			char a1[256];
+
+			li_MD5_Init(&Md5Ctx);
+			li_MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw));
+			li_MD5_Final(HA1, &Md5Ctx);
+
+			CvtHex(HA1, a1);
+
+			if (0 == strcmp(password->ptr, a1)) {
+				return 0;
+			}
+		}
 	}
 	return -1;
 }




--- src/http_auth.h.orig	2016-07-16 10:06:16 UTC
+++ src/http_auth.h
@@ -9,13 +9,15 @@
 # define USE_LDAP
 # include <ldap.h>
 #endif
+#include <mysql/mysql.h>
 
 typedef enum {
 	AUTH_BACKEND_UNSET,
 	AUTH_BACKEND_PLAIN,
 	AUTH_BACKEND_LDAP,
 	AUTH_BACKEND_HTPASSWD,
-	AUTH_BACKEND_HTDIGEST
+	AUTH_BACKEND_HTDIGEST,
+	AUTH_BACKEND_MYSQL
 } auth_backend_t;
 
 typedef struct {
@@ -50,6 +52,23 @@ typedef struct {
 	buffer *ldap_filter_pre;
 	buffer *ldap_filter_post;
 #endif
+
+	MYSQL  *mysql_conn;
+	buffer *auth_mysql_host;
+	buffer *auth_mysql_user;
+	buffer *auth_mysql_pass;
+	buffer *auth_mysql_db;
+	buffer *auth_mysql_port;
+	buffer *auth_mysql_socket;
+	buffer *auth_mysql_users_table;
+	buffer *auth_mysql_col_user;
+	buffer *auth_mysql_col_pass;
+	buffer *auth_mysql_col_realm;
+	buffer *auth_mysql_domains_table;
+	buffer *auth_mysql_col_domain;
+	buffer *auth_mysql_domains_table_col_domain_id;
+	buffer *auth_mysql_users_table_col_domain_id;
+
 } mod_auth_plugin_config;
 
 typedef struct {




--- src/mod_auth.c.orig	2016-07-16 10:06:16 UTC
+++ src/mod_auth.c
@@ -13,6 +13,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <unistd.h>
+#include <mysql/mysql.h>
 
 handler_t auth_ldap_init(server *srv, mod_auth_plugin_config *s);
 
@@ -84,6 +85,19 @@ FREE_FUNC(mod_auth_free) {
 
 			if (s->ldap) ldap_unbind_s(s->ldap);
 #endif
+			buffer_free(s->auth_mysql_host);
+			buffer_free(s->auth_mysql_user);
+			buffer_free(s->auth_mysql_pass);
+			buffer_free(s->auth_mysql_db);
+			buffer_free(s->auth_mysql_socket);
+			buffer_free(s->auth_mysql_users_table);
+			buffer_free(s->auth_mysql_col_user);
+			buffer_free(s->auth_mysql_col_pass);
+			buffer_free(s->auth_mysql_col_realm);
+			buffer_free(s->auth_mysql_domains_table);
+			buffer_free(s->auth_mysql_col_domain);
+			buffer_free(s->auth_mysql_domains_table_col_domain_id);
+			buffer_free(s->auth_mysql_users_table_col_domain_id);
 
 			free(s);
 		}
@@ -122,6 +136,21 @@ static int mod_auth_patch_connection(ser
 	PATCH(ldap_filter_post);
 #endif
 
+	PATCH(auth_mysql_host);
+	PATCH(auth_mysql_user);
+	PATCH(auth_mysql_pass);
+	PATCH(auth_mysql_db);
+	PATCH(auth_mysql_port);
+	PATCH(auth_mysql_socket);
+	PATCH(auth_mysql_users_table);
+	PATCH(auth_mysql_col_user);
+	PATCH(auth_mysql_col_pass);
+	PATCH(auth_mysql_col_realm);
+	PATCH(auth_mysql_domains_table);
+	PATCH(auth_mysql_col_domain);
+	PATCH(auth_mysql_domains_table_col_domain_id);
+	PATCH(auth_mysql_users_table_col_domain_id);
+
 	/* skip the first, the global context */
 	for (i = 1; i < srv->config_context->used; i++) {
 		data_config *dc = (data_config *)srv->config_context->data[i];
@@ -171,6 +200,34 @@ static int mod_auth_patch_connection(ser
 				PATCH(auth_ldap_bindpw);
 			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.allow-empty-pw"))) {
 				PATCH(auth_ldap_allow_empty_pw);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.host"))) {
+				PATCH(auth_mysql_host);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.user"))) {
+				PATCH(auth_mysql_user);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.pass"))) {
+				PATCH(auth_mysql_pass);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.db"))) {
+				PATCH(auth_mysql_db);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.port"))) {
+				PATCH(auth_mysql_port);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.socket"))) {
+				PATCH(auth_mysql_user);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table"))) {
+				PATCH(auth_mysql_users_table);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_user"))) {
+				PATCH(auth_mysql_col_user);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_pass"))) {
+				PATCH(auth_mysql_col_pass);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_realm"))) {
+				PATCH(auth_mysql_col_realm);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table"))) {
+				PATCH(auth_mysql_domains_table);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_domain"))) {
+				PATCH(auth_mysql_col_domain);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table_col_domain_id"))) {
+				PATCH(auth_mysql_domains_table_col_domain_id);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table_col_domain_id"))) {
+				PATCH(auth_mysql_users_table_col_domain_id);
 			}
 		}
 	}
@@ -362,10 +419,25 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) 
 		{ "auth.backend.ldap.starttls",     NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 8 */
  		{ "auth.backend.ldap.bind-dn",      NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 9 */
  		{ "auth.backend.ldap.bind-pw",      NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 10 */
-		{ "auth.backend.ldap.allow-empty-pw",     NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 11 */
+		{ "auth.backend.ldap.allow-empty-pw",     NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION },
 		{ "auth.backend.htdigest.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 12 */
 		{ "auth.backend.htpasswd.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 13 */
 		{ "auth.debug",                     NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION },  /* 14 */
+		{ "auth.backend.mysql.host",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.user",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.pass",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.db",          NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.port",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.socket",      NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.users_table", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.col_user",    NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.col_pass",    NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.col_realm",   NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 23 */
+		{ "auth.backend.mysql.domains_table",               NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.col_domain",                  NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.domains_table_col_domain_id", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
+		{ "auth.backend.mysql.users_table_col_domain_id",   NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 27 */
+
 		{ NULL,                             NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
 	};
 
@@ -394,6 +466,22 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) 
 		s->auth_debug = 0;
 
 		s->auth_require = array_init();
+		s->mysql_conn                             = NULL;
+		s->auth_mysql_host                        = buffer_init();
+		s->auth_mysql_user                        = buffer_init();
+		s->auth_mysql_pass                        = buffer_init();
+		s->auth_mysql_db                          = buffer_init();
+		s->auth_mysql_port                        = buffer_init();
+		s->auth_mysql_socket                      = buffer_init();
+		s->auth_mysql_users_table                 = buffer_init();
+		s->auth_mysql_col_user                    = buffer_init();
+		s->auth_mysql_col_pass                    = buffer_init();
+		s->auth_mysql_col_realm                   = buffer_init();
+		s->auth_mysql_domains_table               = buffer_init();
+		s->auth_mysql_col_domain                  = buffer_init();
+		s->auth_mysql_domains_table_col_domain_id = buffer_init();
+		s->auth_mysql_users_table_col_domain_id   = buffer_init();
+
 
 #ifdef USE_LDAP
 		s->ldap_filter_pre = buffer_init();
@@ -416,7 +504,20 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) 
 		cv[12].destination = s->auth_htdigest_userfile;
 		cv[13].destination = s->auth_htpasswd_userfile;
 		cv[14].destination = &(s->auth_debug);
-
+		cv[15].destination = s->auth_mysql_host;
+		cv[16].destination = s->auth_mysql_user;
+		cv[17].destination = s->auth_mysql_pass;
+		cv[18].destination = s->auth_mysql_db;
+		cv[19].destination = s->auth_mysql_port;
+		cv[20].destination = s->auth_mysql_socket;
+		cv[21].destination = s->auth_mysql_users_table;
+		cv[22].destination = s->auth_mysql_col_user;
+		cv[23].destination = s->auth_mysql_col_pass;
+		cv[24].destination = s->auth_mysql_col_realm;
+		cv[25].destination = s->auth_mysql_domains_table;
+		cv[26].destination = s->auth_mysql_col_domain;
+		cv[27].destination = s->auth_mysql_domains_table_col_domain_id;
+		cv[28].destination = s->auth_mysql_users_table_col_domain_id;
 		p->config_storage[i] = s;
 
 		if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) {
@@ -432,6 +533,8 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) 
 				s->auth_backend = AUTH_BACKEND_PLAIN;
 			} else if (0 == strcmp(s->auth_backend_conf->ptr, "ldap")) {
 				s->auth_backend = AUTH_BACKEND_LDAP;
+			} else if (0 == strcmp(s->auth_backend_conf->ptr, "mysql")) {
+				s->auth_backend = AUTH_BACKEND_MYSQL;
 			} else {
 				log_error_write(srv, __FILE__, __LINE__, "sb", "auth.backend not supported:", s->auth_backend_conf);
 
@@ -573,6 +676,31 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) 
 				return (ret);
 			break;
 		}
+		case AUTH_BACKEND_MYSQL: {
+			int port = atoi(s->auth_mysql_port->ptr);
+
+			/* ignore if auth_mysql_socket is invalid */
+			if (p->conf.auth_mysql_socket == NULL)
+				return HANDLER_GO_ON;
+			if (p->conf.auth_mysql_socket->ptr != NULL)
+				if (0 == strcmp(s->auth_mysql_socket->ptr, "")) s->auth_mysql_socket->ptr = NULL;
+
+			s->mysql_conn = mysql_init(NULL);
+			if (!mysql_real_connect(s->mysql_conn, s->auth_mysql_host->ptr, s->auth_mysql_user->ptr, s->auth_mysql_pass->ptr, s->auth_mysql_db->ptr, port, NULL, 0))
+			{
+				log_error_write(srv, __FILE__, __LINE__, "sbsbsbsbss",
+						"opening connection to mysql:", s->auth_mysql_host,
+						"user:", s->auth_mysql_user,
+						"pass:", s->auth_mysql_pass,
+						"db:", s->auth_mysql_db,
+						"failed:", strerror(errno));
+
+				return HANDLER_ERROR;
+			}
+			mysql_close(s->mysql_conn);
+
+			break;
+		}
 		default:
 			break;
 		}

Lines 1-10 Link Here

(-)files/mysql_auth.sql (-10 lines)
1	CREATE TABLE `vhosts_secure`(
2	vhost_secure_id bigint(20) NOT NULL AUTO_INCREMENT,
3	vhost_secure_username varchar(255) NOT NULL,
4	vhost_secure_password varchar(255) NOT NULL,
5	vhost_secure_realm varchar(255) NOT NULL
6	PRIMARY KEY (vhost_secure_id),
7	INDEX i_username (vhost_secure_username),
8	INDEX i_password (vhost_secure_password),
9	INDEX i_realm (vhost_secure_realm)
10	);




--- src/mod_fastcgi.c.orig	2016-08-07 17:19:10 UTC
+++ src/mod_fastcgi.c
@@ -3257,7 +3257,8 @@ SUBREQUEST_FUNC(mod_fastcgi_handle_subre
 		}
 	}
 
-	return (0 == hctx->wb->bytes_in || !chunkqueue_is_empty(hctx->wb))
+	return ((0 == hctx->wb->bytes_in || !chunkqueue_is_empty(hctx->wb))
+		&& hctx->state != FCGI_STATE_CONNECT_DELAYED)
 	  ? fcgi_send_request(srv, hctx)
 	  : HANDLER_WAIT_FOR_EVENT;
 }




--- src/mod_proxy.c.orig	2016-07-31 12:42:39 UTC
+++ src/mod_proxy.c
@@ -854,7 +854,20 @@ static handler_t proxy_write_request(ser
 
 		if (hctx->wb->bytes_out == hctx->wb_reqlen) {
 			fdevent_event_clr(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_OUT);
-			shutdown(hctx->fd, SHUT_WR);/* future: remove if HTTP/1.1 request */
+		      #if (defined(__APPLE__) && defined(__MACH__)) \
+			|| defined(__FreeBSD__) || defined(__NetBSD__) \
+			|| defined(__OpenBSD__) || defined(__DragonflyBSD__)
+			/*(*BSD stack on remote might signal POLLHUP and remote
+			 * might treat as socket error instead of half-close)*/
+		      #else
+			/*(remote could be different machine running affected OS,
+			 * so only issue shutdown for known local sockets)*/
+			if ( '/' == host->host->ptr[0]
+			    || buffer_is_equal_string(host->host, CONST_STR_LEN("127.0.0.1"))
+			    || buffer_is_equal_string(host->host, CONST_STR_LEN("::1"))) {
+				shutdown(hctx->fd, SHUT_WR);/* future: remove if HTTP/1.1 request */
+			}
+		      #endif
 			proxy_set_state(srv, hctx, PROXY_STATE_READ);
 		} else {
 			off_t wblen = hctx->wb->bytes_in - hctx->wb->bytes_out;
@@ -992,7 +1005,8 @@ SUBREQUEST_FUNC(mod_proxy_handle_subrequ
 		}
 	}
 
-	return (0 == hctx->wb->bytes_in || !chunkqueue_is_empty(hctx->wb))
+	return ((0 == hctx->wb->bytes_in || !chunkqueue_is_empty(hctx->wb))
+		&& hctx->state != PROXY_STATE_CONNECT)
 	  ? proxy_send_request(srv, hctx)
 	  : HANDLER_WAIT_FOR_EVENT;
 }




--- src/mod_scgi.c.orig	2016-08-07 12:39:31 UTC
+++ src/mod_scgi.c
@@ -2438,7 +2438,20 @@ static handler_t scgi_write_request(serv
 
 		if (hctx->wb->bytes_out == hctx->wb_reqlen) {
 			fdevent_event_clr(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_OUT);
-			shutdown(hctx->fd, SHUT_WR);
+		      #if (defined(__APPLE__) && defined(__MACH__)) \
+			|| defined(__FreeBSD__) || defined(__NetBSD__) \
+			|| defined(__OpenBSD__) || defined(__DragonflyBSD__)
+			/*(*BSD stack on remote might signal POLLHUP and remote
+			 * might treat as socket error instead of half-close)*/
+		      #else
+			/*(remote could be different machine running affected OS,
+			 * so only issue shutdown for known local sockets)*/
+			if ( '/' == host->host->ptr[0]
+			    || buffer_is_equal_string(host->host, CONST_STR_LEN("127.0.0.1"))
+			    || buffer_is_equal_string(host->host, CONST_STR_LEN("::1"))) {
+				shutdown(hctx->fd, SHUT_WR);
+			}
+		      #endif
 			scgi_set_state(srv, hctx, FCGI_STATE_READ);
 		} else {
 			off_t wblen = hctx->wb->bytes_in - hctx->wb->bytes_out;
@@ -2585,7 +2598,8 @@ SUBREQUEST_FUNC(mod_scgi_handle_subreque
 		}
 	}
 
-	return (0 == hctx->wb->bytes_in || !chunkqueue_is_empty(hctx->wb))
+	return ((0 == hctx->wb->bytes_in || !chunkqueue_is_empty(hctx->wb))
+		&& hctx->state != FCGI_STATE_CONNECT)
 	  ? scgi_send_request(srv, hctx)
 	  : HANDLER_WAIT_FOR_EVENT;
 }

Lines 2-9 Link Here

(-)pkg-plist (-1 / +8 lines)
2	@sample etc/lighttpd/modules.conf.sample	2	@sample etc/lighttpd/modules.conf.sample
3	@sample etc/lighttpd/conf.d/access_log.conf.sample	3	@sample etc/lighttpd/conf.d/access_log.conf.sample
4	@sample etc/lighttpd/conf.d/auth.conf.sample	4	@sample etc/lighttpd/conf.d/auth.conf.sample
		5	@sample etc/lighttpd/conf.d/cgi.conf.sample
5	@sample etc/lighttpd/conf.d/cml.conf.sample	6	@sample etc/lighttpd/conf.d/cml.conf.sample
6	@sample etc/lighttpd/conf.d/cgi.conf.sample
7	@sample etc/lighttpd/conf.d/compress.conf.sample	7	@sample etc/lighttpd/conf.d/compress.conf.sample
8	@sample etc/lighttpd/conf.d/debug.conf.sample	8	@sample etc/lighttpd/conf.d/debug.conf.sample
9	@sample etc/lighttpd/conf.d/dirlisting.conf.sample	9	@sample etc/lighttpd/conf.d/dirlisting.conf.sample
Lines 28-36 Link Here
28	lib/lighttpd/mod_accesslog.so	28	lib/lighttpd/mod_accesslog.so
29	lib/lighttpd/mod_alias.so	29	lib/lighttpd/mod_alias.so
30	lib/lighttpd/mod_auth.so	30	lib/lighttpd/mod_auth.so
		31	lib/lighttpd/mod_authn_file.so
		32	lib/lighttpd/mod_authn_gssapi.so
		33	lib/lighttpd/mod_authn_ldap.so
		34	lib/lighttpd/mod_authn_mysql.so
31	lib/lighttpd/mod_cgi.so	35	lib/lighttpd/mod_cgi.so
32	lib/lighttpd/mod_cml.so	36	lib/lighttpd/mod_cml.so
33	lib/lighttpd/mod_compress.so	37	lib/lighttpd/mod_compress.so
		38	lib/lighttpd/mod_deflate.so
34	lib/lighttpd/mod_dirlisting.so	39	lib/lighttpd/mod_dirlisting.so
35	lib/lighttpd/mod_evasive.so	40	lib/lighttpd/mod_evasive.so
36	lib/lighttpd/mod_evhost.so	41	lib/lighttpd/mod_evhost.so
Lines 38-43 Link Here
38	lib/lighttpd/mod_extforward.so	43	lib/lighttpd/mod_extforward.so
39	lib/lighttpd/mod_fastcgi.so	44	lib/lighttpd/mod_fastcgi.so
40	lib/lighttpd/mod_flv_streaming.so	45	lib/lighttpd/mod_flv_streaming.so
		46	lib/lighttpd/mod_geoip.so
41	lib/lighttpd/mod_indexfile.so	47	lib/lighttpd/mod_indexfile.so
42	lib/lighttpd/mod_magnet.so	48	lib/lighttpd/mod_magnet.so
43	lib/lighttpd/mod_mysql_vhost.so	49	lib/lighttpd/mod_mysql_vhost.so
Lines 53-58 Link Here
53	lib/lighttpd/mod_staticfile.so	59	lib/lighttpd/mod_staticfile.so
54	lib/lighttpd/mod_status.so	60	lib/lighttpd/mod_status.so
55	lib/lighttpd/mod_trigger_b4_dl.so	61	lib/lighttpd/mod_trigger_b4_dl.so
		62	lib/lighttpd/mod_uploadprogress.so
56	lib/lighttpd/mod_userdir.so	63	lib/lighttpd/mod_userdir.so
57	lib/lighttpd/mod_usertrack.so	64	lib/lighttpd/mod_usertrack.so
58	lib/lighttpd/mod_webdav.so	65	lib/lighttpd/mod_webdav.so

Return to bug 213568

Lines 2-9 Link Here

(-)Makefile (-27 / +9 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME?= lighttpd	4	PORTNAME?= lighttpd
5	PORTVERSION= 1.4.41	5	PORTVERSION= 1.4.42
6	PORTREVISION= 1
7	CATEGORIES?= www	6	CATEGORIES?= www
8	MASTER_SITES?= http://download.lighttpd.net/lighttpd/releases-1.4.x/	7	MASTER_SITES?= http://download.lighttpd.net/lighttpd/releases-1.4.x/
9		8
Lines 19-24 Link Here
19		18
20	GNU_CONFIGURE= yes	19	GNU_CONFIGURE= yes
21	USES= autoreconf gmake libtool localbase pkgconfig tar:xz	20	USES= autoreconf gmake libtool localbase pkgconfig tar:xz
		21	USE_CSTD= gnu99
22		22
23	.if !defined(_BUILDING_LIGHTTPD_MODULE)	23	.if !defined(_BUILDING_LIGHTTPD_MODULE)
24	USES+= cpe	24	USES+= cpe
Lines 30-36 Link Here
30	.if !defined(_BUILDING_LIGHTTPD_MODULE)	30	.if !defined(_BUILDING_LIGHTTPD_MODULE)
31	USE_RC_SUBR= lighttpd	31	USE_RC_SUBR= lighttpd
32		32
33	OPTIONS_DEFINE= ATTR BZIP2 DOCS FAM GDBM IPV6 LIBEV LUA MEMCACHED MYSQL MYSQLAUTH \	33	OPTIONS_DEFINE= ATTR BZIP2 DOCS FAM GDBM GEOIP IPV6 LIBEV LUA MEMCACHED MYSQL \
34	LDAP OPENSSL SPAWNFCGI VALGRIND WEBDAV	34	LDAP OPENSSL SPAWNFCGI VALGRIND WEBDAV
35		35
36	OPTIONS_DEFAULT= OPENSSL	36	OPTIONS_DEFAULT= OPENSSL
Lines 43-49 Link Here
43	LUA_DESC= lua support (mod_cml, mod_magnet)	43	LUA_DESC= lua support (mod_cml, mod_magnet)
44	MEMCACHED_DESC= memcached storage (mod_trigger_b4_dl)	44	MEMCACHED_DESC= memcached storage (mod_trigger_b4_dl)
45	MYSQL_DESC= MySQL support (mod_mysql_vhost)	45	MYSQL_DESC= MySQL support (mod_mysql_vhost)
46	MYSQLAUTH_DESC= MySQL authentication
47	SPAWNFCGI_DESC= Depend on spawn-fcgi utility	46	SPAWNFCGI_DESC= Depend on spawn-fcgi utility
48	VALGRIND_DESC= valgrind support	47	VALGRIND_DESC= valgrind support
49	WEBDAV_DESC= WebDAV support	48	WEBDAV_DESC= WebDAV support
Lines 55-60 Link Here
55	FAM_CONFIGURE_ENV= FAM_CFLAGS="-I${LOCALBASE}/include" FAM_LIBS="-L${LOCALBASE}/lib"	54	FAM_CONFIGURE_ENV= FAM_CFLAGS="-I${LOCALBASE}/include" FAM_LIBS="-L${LOCALBASE}/lib"
56	GDBM_LIB_DEPENDS= libgdbm.so:databases/gdbm	55	GDBM_LIB_DEPENDS= libgdbm.so:databases/gdbm
57	GDBM_CONFIGURE_WITH= gdbm	56	GDBM_CONFIGURE_WITH= gdbm
		57	GEOIP_LIB_DEPENDS= libGeoIP.so:net/GeoIP
		58	GEOIP_CONFIGURE_WITH= geoip
58	IPV6_CONFIGURE_OFF= --disable-ipv6	59	IPV6_CONFIGURE_OFF= --disable-ipv6
59	LIBEV_CONFIGURE_WITH= libev=${LOCALBASE}	60	LIBEV_CONFIGURE_WITH= libev=${LOCALBASE}
60	LIBEV_LIB_DEPENDS= libev.so:devel/libev	61	LIBEV_LIB_DEPENDS= libev.so:devel/libev
Lines 63-69 Link Here
63	LUA_CONFIGURE_ENV= LUA_CFLAGS="-I${LUA_INCDIR}" LUA_LIBS="-L${LUA_LIBDIR} -llua-${LUA_VER}"	64	LUA_CONFIGURE_ENV= LUA_CFLAGS="-I${LUA_INCDIR}" LUA_LIBS="-L${LUA_LIBDIR} -llua-${LUA_VER}"
64	MEMCACHED_LIB_DEPENDS= libmemcached.so:databases/libmemcached	65	MEMCACHED_LIB_DEPENDS= libmemcached.so:databases/libmemcached
65	MEMCACHED_CONFIGURE_WITH=memcached	66	MEMCACHED_CONFIGURE_WITH=memcached
66	MYSQLAUTH_IMPLIES= MYSQL
67	OPENSSL_USES= ssl	67	OPENSSL_USES= ssl
68	OPENSSL_CONFIGURE_WITH= openssl	68	OPENSSL_CONFIGURE_WITH= openssl
69	OPENSSL_CONFIGURE_ON= --with-openssl-includes=${OPENSSLINC} --with-openssl-libs=${OPENSSLLIB}	69	OPENSSL_CONFIGURE_ON= --with-openssl-includes=${OPENSSLINC} --with-openssl-libs=${OPENSSLLIB}
Lines 71-76 Link Here
71	VALGRIND_BUILD_DEPENDS= valgrind:devel/valgrind	71	VALGRIND_BUILD_DEPENDS= valgrind:devel/valgrind
72	VALGRIND_RUN_DEPENDS= valgrind:devel/valgrind	72	VALGRIND_RUN_DEPENDS= valgrind:devel/valgrind
73	VALGRIND_CONFIGURE_WITH=valgrind	73	VALGRIND_CONFIGURE_WITH=valgrind
		74	WEBDAV_USE= GNOME=libxml2
		75	WEBDAV_LIB_DEPENDS= libuuid.so:misc/e2fsprogs-libuuid \
		76	libsqlite3.so:databases/sqlite3
		77	WEBDAV_CONFIGURE_WITH= webdav-props webdav-locks
74		78
75	LIGHTTPD_CONF_FILES= lighttpd.conf modules.conf	79	LIGHTTPD_CONF_FILES= lighttpd.conf modules.conf
76		80
Lines 113-127 Link Here
113	_REQUIRE+= mysql	117	_REQUIRE+= mysql
114	.endif	118	.endif
115		119
116	.if ${PORT_OPTIONS:MMYSQLAUTH}
117	EXTRA_PATCHES+= ${FILESDIR}/extra-patch-src_Makefile.am \
118	${FILESDIR}/extra-patch-src_Makefile.in \
119	${FILESDIR}/extra-patch-src_http__auth.c \
120	${FILESDIR}/extra-patch-src_http__auth.h \
121	${FILESDIR}/extra-patch-src_mod__auth.c
122	PORTDOCS+= README.mysqlauth mysql_auth.sql
123	.endif
124
125	.if ${PORT_OPTIONS:MLDAP}	120	.if ${PORT_OPTIONS:MLDAP}
126	USE_OPENLDAP= yes	121	USE_OPENLDAP= yes
127	CONFIGURE_ARGS+= --with-ldap	122	CONFIGURE_ARGS+= --with-ldap
Lines 128-140 Link Here
128	_REQUIRE+= slapd	123	_REQUIRE+= slapd
129	.endif	124	.endif
130		125
131	.if ${PORT_OPTIONS:MWEBDAV}
132	USE_GNOME+= libxml2
133	LIB_DEPENDS+= libuuid.so:misc/e2fsprogs-libuuid \
134	libsqlite3.so:databases/sqlite3
135	CONFIGURE_ARGS+= --with-webdav-props --with-webdav-locks
136	.endif
137
138	SUB_LIST+= REQUIRE="${_REQUIRE}"	126	SUB_LIST+= REQUIRE="${_REQUIRE}"
139		127
140	post-patch:	128	post-patch:
Lines 182-193 Link Here
182	${INSTALL_DATA} ${WRKSRC}/${FILE} ${STAGEDIR}${DOCSDIR}/${FILE}	170	${INSTALL_DATA} ${WRKSRC}/${FILE} ${STAGEDIR}${DOCSDIR}/${FILE}
183	. endfor	171	. endfor
184		172
185	post-install-MYSQLAUTH-on:
186	@${MKDIR} ${STAGEDIR}${DOCSDIR}
187	. for FILE in README.mysqlauth mysql_auth.sql
188	${INSTALL_DATA} ${FILESDIR}/${FILE} ${STAGEDIR}${DOCSDIR}/${FILE}
189	. endfor
190
191	test: build	173	test: build
192	@cd ${WRKSRC}/tests && ${SETENV} ${MAKE_ENV} ${MAKE} \	174	@cd ${WRKSRC}/tests && ${SETENV} ${MAKE_ENV} ${MAKE} \
193	${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} \	175	${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} \

Lines 1-45 Link Here

(-)files/README.mysqlauth (-44 lines)
1	References:
2	http://redmine.lighttpd.net/issues/752
3	http://redmine.lighttpd.net/attachments/1012/03_all_lighttpd-1.4.23-mysql_auth.diff
4	http://redmine.lighttpd.net/attachments/download/1012/03_all_lighttpd-1.4.23-mysql_auth.diff
5
6	This patch allows lighttpd to authenticate users against mySQL DBbr
7	NOTE: Only basic auth is implemented. Passwords are stored as MD5 hash in DB
8
9	make mysql db and user (read mySQL doc's if you don't know how)
10	import lighttpd-1.4.11-mysql_auth.sql
11
12	open lighttpd.conf and add
13	(be sure that you comment out any other auth - according to lighttpd docs)
14
15	auth.backend = "mysql"
16	auth.backend.mysql.host = "localhost"
17	auth.backend.mysql.user = "db_user"
18	auth.backend.mysql.pass = "db_pass"
19	auth.backend.mysql.db = "db_name"
20	auth.backend.mysql.port = "0" # (for default port 0, always needed)
21	auth.backend.mysql.socket = "" # (for default leave blank, always needed)
22	auth.backend.mysql.users_table = "users_table"
23	auth.backend.mysql.col_user = "col_name_username"
24	auth.backend.mysql.col_pass = "col_name_password" # (md5 hash of password)
25	auth.backend.mysql.col_realm = "col_realm_name"
26
27	configure lighttpd to use it (same as every other auth)
28
29	auth.require = ( "/some_path" =>
30	(
31	"method" => "basic",
32	"realm" => "some_realm",
33	"require" => "some_user",
34	)
35	)
36
37	start lighttpd
38
39	P.S. patch include more complicated setup with separate table for domains.
40	If you are interested please contact with me to obtain more information.
41
42	Bugs, Patches and Suggestions
43	Send me E-Mail: drJeckyll@Jeckyll.net
44

Lines 1-193 Link Here

(-)files/extra-patch-src_http__auth.c (-193 lines)
1	--- src/http_auth.c.orig 2016-07-16 10:06:16 UTC
2	+++ src/http_auth.c
3	@@ -30,6 +30,7 @@
4	#include <errno.h>
5	#include <unistd.h>
6	#include <ctype.h>
7	+#include <mysql/mysql.h>
8
9	#include "md5.h"
10
11	@@ -194,9 +195,119 @@ static int http_auth_get_password(server
12	fclose(fp);
13	} else if (p->conf.auth_backend == AUTH_BACKEND_LDAP) {
14	return 0;
15	- }
16	+ } else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) {
17	+ MYSQL_RES *result;
18	+ MYSQL_ROW row;
19	+ int port = atoi(p->conf.auth_mysql_port->ptr);
20	+ char q[255];
21
22	- return -1;
23	+ if (p->conf.auth_mysql_socket->ptr != NULL)
24	+ if (0 == strcmp(p->conf.auth_mysql_socket->ptr, "")) p->conf.auth_mysql_socket->ptr = NULL;
25	+
26	+ p->conf.mysql_conn = mysql_init(NULL);
27	+
28	+ if (mysql_real_connect(p->conf.mysql_conn, p->conf.auth_mysql_host->ptr, p->conf.auth_mysql_user->ptr, p->conf.auth_mysql_pass->ptr, p->conf.auth_mysql_db->ptr, port, p->conf.auth_mysql_socket->ptr, 0))
29	+ {
30	+//#define MY_HOSTING
31	+
32	+#ifdef MY_HOSTING
33	+ char my_full_realm[255];
34	+ char *my_realm = NULL;
35	+ char *my_domain = NULL;
36	+
37	+ char *uname;
38	+ size_t unamelen;
39	+
40	+ unamelen = strlen(username->ptr);
41	+ uname = malloc(unamelen*2+1);
42	+
43	+ mysql_real_escape_string(p->conf.mysql_conn,
44	+ uname, username->ptr,
45	+ (unsigned long)unamelen);
46	+
47	+ strcpy(my_full_realm, realm->ptr);
48	+ my_realm = strtok(my_full_realm, "@");
49	+
50	+ if (my_realm != NULL)
51	+ my_domain = strtok(NULL, "@");
52	+
53	+ sprintf(q, "SELECT %s FROM %s, %s WHERE %s='%s' AND %s='%s' AND %s='%s' AND %s=%s",
54	+ p->conf.auth_mysql_col_pass->ptr,
55	+
56	+ p->conf.auth_mysql_users_table->ptr,
57	+ p->conf.auth_mysql_domains_table->ptr,
58	+
59	+ p->conf.auth_mysql_col_user->ptr,
60	+ uname,
61	+
62	+ p->conf.auth_mysql_col_realm->ptr,
63	+ my_realm,
64	+
65	+ p->conf.auth_mysql_col_domain->ptr,
66	+ my_domain,
67	+
68	+ p->conf.auth_mysql_domains_table_col_domain_id->ptr,
69	+ p->conf.auth_mysql_users_table_col_domain_id->ptr
70	+ );
71	+
72	+ free(uname);
73	+#else
74	+ // sanitize username & realm by taguchi@ff.iij4u.or.jp
75	+ char uname, urealm;
76	+ size_t unamelen, urealmlen;
77	+
78	+ unamelen = strlen(username->ptr);
79	+ urealmlen = strlen(realm->ptr);
80	+ uname = malloc(unamelen*2+1);
81	+ urealm = malloc(urealmlen*2+1);
82	+
83	+ mysql_real_escape_string(p->conf.mysql_conn,
84	+ uname, username->ptr,
85	+ (unsigned long)unamelen);
86	+
87	+ mysql_real_escape_string(p->conf.mysql_conn,
88	+ urealm, realm->ptr,
89	+ (unsigned long)unamelen);
90	+
91	+ mysql_real_escape_string(p->conf.mysql_conn,
92	+ urealm, realm->ptr,
93	+ (unsigned long)urealmlen);
94	+
95	+ sprintf(q, "SELECT %s FROM %s WHERE %s='%s' AND %s='%s'",
96	+ p->conf.auth_mysql_col_pass->ptr,
97	+ p->conf.auth_mysql_users_table->ptr,
98	+ p->conf.auth_mysql_col_user->ptr,
99	+ uname,
100	+ p->conf.auth_mysql_col_realm->ptr,
101	+ urealm
102	+ );
103	+
104	+ free(uname);
105	+ free(urealm);
106	+#endif
107	+
108	+ mysql_query(p->conf.mysql_conn, q);
109	+ result = mysql_store_result(p->conf.mysql_conn);
110	+ if (mysql_num_rows(result) == 1)
111	+ {
112	+ /* found */
113	+ row = mysql_fetch_row(result);
114	+ buffer_copy_string_len(password, row[0], strlen(row[0]));
115	+
116	+ return 0;
117	+ } else
118	+ {
119	+ /* not found */
120	+ return -1;
121	+ }
122	+
123	+ mysql_free_result(result);
124	+ mysql_close(p->conf.mysql_conn);
125	+
126	+ p->conf.mysql_conn = NULL;
127	+ } else
128	+ return -1;
129	+ }
130	}
131
132	int http_auth_match_rules(server srv, array req, const char username, const char group, const char *host) {
133	@@ -711,6 +822,60 @@ static int http_auth_basic_password_comp
134
135	return 0;
136	#endif
137	+ } else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) {
138	+ /*
139	+ we check for md5 crypt() now
140	+ request by Nicola Tiling <nti@w4w.net>
141	+ */
142	+ if (password->ptr[0] == '$' && password->ptr[2] == '$')
143	+ {
144	+ char salt[32];
145	+ char *crypted;
146	+ size_t salt_len = 0;
147	+ char *dollar = NULL;
148	+
149	+ if (NULL == (dollar = strchr(password->ptr + 3, '$'))) {
150	+ fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
151	+ return -1;
152	+ }
153	+
154	+ salt_len = dollar - password->ptr;
155	+
156	+ if (salt_len > sizeof(salt) - 1)
157	+ {
158	+ fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
159	+ return -1;
160	+ }
161	+
162	+ strncpy(salt, password->ptr, salt_len);
163	+
164	+ salt[salt_len] = '\0';
165	+
166	+ crypted = crypt(pw, salt);
167	+
168	+ if (0 == strcmp(password->ptr, crypted))
169	+ {
170	+ return 0;
171	+ } else {
172	+ fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
173	+ }
174	+ } else
175	+ /* plain md5 check now */
176	+ {
177	+ li_MD5_CTX Md5Ctx;
178	+ HASH HA1;
179	+ char a1[256];
180	+
181	+ li_MD5_Init(&Md5Ctx);
182	+ li_MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw));
183	+ li_MD5_Final(HA1, &Md5Ctx);
184	+
185	+ CvtHex(HA1, a1);
186	+
187	+ if (0 == strcmp(password->ptr, a1)) {
188	+ return 0;
189	+ }
190	+ }
191	}
192	return -1;
193	}

Lines 1-43 Link Here

(-)files/extra-patch-src_http__auth.h (-43 lines)
1	--- src/http_auth.h.orig 2016-07-16 10:06:16 UTC
2	+++ src/http_auth.h
3	@@ -9,13 +9,15 @@
4	# define USE_LDAP
5	# include <ldap.h>
6	#endif
7	+#include <mysql/mysql.h>
8
9	typedef enum {
10	AUTH_BACKEND_UNSET,
11	AUTH_BACKEND_PLAIN,
12	AUTH_BACKEND_LDAP,
13	AUTH_BACKEND_HTPASSWD,
14	- AUTH_BACKEND_HTDIGEST
15	+ AUTH_BACKEND_HTDIGEST,
16	+ AUTH_BACKEND_MYSQL
17	} auth_backend_t;
18
19	typedef struct {
20	@@ -50,6 +52,23 @@ typedef struct {
21	buffer *ldap_filter_pre;
22	buffer *ldap_filter_post;
23	#endif
24	+
25	+ MYSQL *mysql_conn;
26	+ buffer *auth_mysql_host;
27	+ buffer *auth_mysql_user;
28	+ buffer *auth_mysql_pass;
29	+ buffer *auth_mysql_db;
30	+ buffer *auth_mysql_port;
31	+ buffer *auth_mysql_socket;
32	+ buffer *auth_mysql_users_table;
33	+ buffer *auth_mysql_col_user;
34	+ buffer *auth_mysql_col_pass;
35	+ buffer *auth_mysql_col_realm;
36	+ buffer *auth_mysql_domains_table;
37	+ buffer *auth_mysql_col_domain;
38	+ buffer *auth_mysql_domains_table_col_domain_id;
39	+ buffer *auth_mysql_users_table_col_domain_id;
40	+
41	} mod_auth_plugin_config;
42
43	typedef struct {

Lines 1-200 Link Here

(-)files/extra-patch-src_mod__auth.c (-200 lines)
1	--- src/mod_auth.c.orig 2016-07-16 10:06:16 UTC
2	+++ src/mod_auth.c
3	@@ -13,6 +13,7 @@
4	#include <errno.h>
5	#include <fcntl.h>
6	#include <unistd.h>
7	+#include <mysql/mysql.h>
8
9	handler_t auth_ldap_init(server srv, mod_auth_plugin_config s);
10
11	@@ -84,6 +85,19 @@ FREE_FUNC(mod_auth_free) {
12
13	if (s->ldap) ldap_unbind_s(s->ldap);
14	#endif
15	+ buffer_free(s->auth_mysql_host);
16	+ buffer_free(s->auth_mysql_user);
17	+ buffer_free(s->auth_mysql_pass);
18	+ buffer_free(s->auth_mysql_db);
19	+ buffer_free(s->auth_mysql_socket);
20	+ buffer_free(s->auth_mysql_users_table);
21	+ buffer_free(s->auth_mysql_col_user);
22	+ buffer_free(s->auth_mysql_col_pass);
23	+ buffer_free(s->auth_mysql_col_realm);
24	+ buffer_free(s->auth_mysql_domains_table);
25	+ buffer_free(s->auth_mysql_col_domain);
26	+ buffer_free(s->auth_mysql_domains_table_col_domain_id);
27	+ buffer_free(s->auth_mysql_users_table_col_domain_id);
28
29	free(s);
30	}
31	@@ -122,6 +136,21 @@ static int mod_auth_patch_connection(ser
32	PATCH(ldap_filter_post);
33	#endif
34
35	+ PATCH(auth_mysql_host);
36	+ PATCH(auth_mysql_user);
37	+ PATCH(auth_mysql_pass);
38	+ PATCH(auth_mysql_db);
39	+ PATCH(auth_mysql_port);
40	+ PATCH(auth_mysql_socket);
41	+ PATCH(auth_mysql_users_table);
42	+ PATCH(auth_mysql_col_user);
43	+ PATCH(auth_mysql_col_pass);
44	+ PATCH(auth_mysql_col_realm);
45	+ PATCH(auth_mysql_domains_table);
46	+ PATCH(auth_mysql_col_domain);
47	+ PATCH(auth_mysql_domains_table_col_domain_id);
48	+ PATCH(auth_mysql_users_table_col_domain_id);
49	+
50	/* skip the first, the global context */
51	for (i = 1; i < srv->config_context->used; i++) {
52	data_config dc = (data_config )srv->config_context->data[i];
53	@@ -171,6 +200,34 @@ static int mod_auth_patch_connection(ser
54	PATCH(auth_ldap_bindpw);
55	} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.allow-empty-pw"))) {
56	PATCH(auth_ldap_allow_empty_pw);
57	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.host"))) {
58	+ PATCH(auth_mysql_host);
59	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.user"))) {
60	+ PATCH(auth_mysql_user);
61	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.pass"))) {
62	+ PATCH(auth_mysql_pass);
63	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.db"))) {
64	+ PATCH(auth_mysql_db);
65	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.port"))) {
66	+ PATCH(auth_mysql_port);
67	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.socket"))) {
68	+ PATCH(auth_mysql_user);
69	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table"))) {
70	+ PATCH(auth_mysql_users_table);
71	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_user"))) {
72	+ PATCH(auth_mysql_col_user);
73	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_pass"))) {
74	+ PATCH(auth_mysql_col_pass);
75	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_realm"))) {
76	+ PATCH(auth_mysql_col_realm);
77	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table"))) {
78	+ PATCH(auth_mysql_domains_table);
79	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_domain"))) {
80	+ PATCH(auth_mysql_col_domain);
81	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table_col_domain_id"))) {
82	+ PATCH(auth_mysql_domains_table_col_domain_id);
83	+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table_col_domain_id"))) {
84	+ PATCH(auth_mysql_users_table_col_domain_id);
85	}
86	}
87	}
88	@@ -362,10 +419,25 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults)
89	{ "auth.backend.ldap.starttls", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 8 */
90	{ "auth.backend.ldap.bind-dn", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 9 */
91	{ "auth.backend.ldap.bind-pw", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 10 */
92	- { "auth.backend.ldap.allow-empty-pw", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 11 */
93	+ { "auth.backend.ldap.allow-empty-pw", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION },
94	{ "auth.backend.htdigest.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 12 */
95	{ "auth.backend.htpasswd.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 13 */
96	{ "auth.debug", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 14 */
97	+ { "auth.backend.mysql.host", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
98	+ { "auth.backend.mysql.user", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
99	+ { "auth.backend.mysql.pass", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
100	+ { "auth.backend.mysql.db", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
101	+ { "auth.backend.mysql.port", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
102	+ { "auth.backend.mysql.socket", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
103	+ { "auth.backend.mysql.users_table", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
104	+ { "auth.backend.mysql.col_user", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
105	+ { "auth.backend.mysql.col_pass", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
106	+ { "auth.backend.mysql.col_realm", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 23 */
107	+ { "auth.backend.mysql.domains_table", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
108	+ { "auth.backend.mysql.col_domain", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
109	+ { "auth.backend.mysql.domains_table_col_domain_id", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
110	+ { "auth.backend.mysql.users_table_col_domain_id", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 27 */
111	+
112	{ NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
113	};
114
115	@@ -394,6 +466,22 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults)
116	s->auth_debug = 0;
117
118	s->auth_require = array_init();
119	+ s->mysql_conn = NULL;
120	+ s->auth_mysql_host = buffer_init();
121	+ s->auth_mysql_user = buffer_init();
122	+ s->auth_mysql_pass = buffer_init();
123	+ s->auth_mysql_db = buffer_init();
124	+ s->auth_mysql_port = buffer_init();
125	+ s->auth_mysql_socket = buffer_init();
126	+ s->auth_mysql_users_table = buffer_init();
127	+ s->auth_mysql_col_user = buffer_init();
128	+ s->auth_mysql_col_pass = buffer_init();
129	+ s->auth_mysql_col_realm = buffer_init();
130	+ s->auth_mysql_domains_table = buffer_init();
131	+ s->auth_mysql_col_domain = buffer_init();
132	+ s->auth_mysql_domains_table_col_domain_id = buffer_init();
133	+ s->auth_mysql_users_table_col_domain_id = buffer_init();
134	+
135
136	#ifdef USE_LDAP
137	s->ldap_filter_pre = buffer_init();
138	@@ -416,7 +504,20 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults)
139	cv[12].destination = s->auth_htdigest_userfile;
140	cv[13].destination = s->auth_htpasswd_userfile;
141	cv[14].destination = &(s->auth_debug);
142	-
143	+ cv[15].destination = s->auth_mysql_host;
144	+ cv[16].destination = s->auth_mysql_user;
145	+ cv[17].destination = s->auth_mysql_pass;
146	+ cv[18].destination = s->auth_mysql_db;
147	+ cv[19].destination = s->auth_mysql_port;
148	+ cv[20].destination = s->auth_mysql_socket;
149	+ cv[21].destination = s->auth_mysql_users_table;
150	+ cv[22].destination = s->auth_mysql_col_user;
151	+ cv[23].destination = s->auth_mysql_col_pass;
152	+ cv[24].destination = s->auth_mysql_col_realm;
153	+ cv[25].destination = s->auth_mysql_domains_table;
154	+ cv[26].destination = s->auth_mysql_col_domain;
155	+ cv[27].destination = s->auth_mysql_domains_table_col_domain_id;
156	+ cv[28].destination = s->auth_mysql_users_table_col_domain_id;
157	p->config_storage[i] = s;
158
159	if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) {
160	@@ -432,6 +533,8 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults)
161	s->auth_backend = AUTH_BACKEND_PLAIN;
162	} else if (0 == strcmp(s->auth_backend_conf->ptr, "ldap")) {
163	s->auth_backend = AUTH_BACKEND_LDAP;
164	+ } else if (0 == strcmp(s->auth_backend_conf->ptr, "mysql")) {
165	+ s->auth_backend = AUTH_BACKEND_MYSQL;
166	} else {
167	log_error_write(srv, __FILE__, __LINE__, "sb", "auth.backend not supported:", s->auth_backend_conf);
168
169	@@ -573,6 +676,31 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults)
170	return (ret);
171	break;
172	}
173	+ case AUTH_BACKEND_MYSQL: {
174	+ int port = atoi(s->auth_mysql_port->ptr);
175	+
176	+ /* ignore if auth_mysql_socket is invalid */
177	+ if (p->conf.auth_mysql_socket == NULL)
178	+ return HANDLER_GO_ON;
179	+ if (p->conf.auth_mysql_socket->ptr != NULL)
180	+ if (0 == strcmp(s->auth_mysql_socket->ptr, "")) s->auth_mysql_socket->ptr = NULL;
181	+
182	+ s->mysql_conn = mysql_init(NULL);
183	+ if (!mysql_real_connect(s->mysql_conn, s->auth_mysql_host->ptr, s->auth_mysql_user->ptr, s->auth_mysql_pass->ptr, s->auth_mysql_db->ptr, port, NULL, 0))
184	+ {
185	+ log_error_write(srv, __FILE__, __LINE__, "sbsbsbsbss",
186	+ "opening connection to mysql:", s->auth_mysql_host,
187	+ "user:", s->auth_mysql_user,
188	+ "pass:", s->auth_mysql_pass,
189	+ "db:", s->auth_mysql_db,
190	+ "failed:", strerror(errno));
191	+
192	+ return HANDLER_ERROR;
193	+ }
194	+ mysql_close(s->mysql_conn);
195	+
196	+ break;
197	+ }
198	default:
199	break;
200	}

Lines 1-12 Link Here

(-)files/patch-src_mod__fastcgi.c (-12 lines)
1	--- src/mod_fastcgi.c.orig 2016-08-07 17:19:10 UTC
2	+++ src/mod_fastcgi.c
3	@@ -3257,7 +3257,8 @@ SUBREQUEST_FUNC(mod_fastcgi_handle_subre
4	}
5	}
6
7	- return (0 == hctx->wb->bytes_in \|\| !chunkqueue_is_empty(hctx->wb))
8	+ return ((0 == hctx->wb->bytes_in \|\| !chunkqueue_is_empty(hctx->wb))
9	+ && hctx->state != FCGI_STATE_CONNECT_DELAYED)
10	? fcgi_send_request(srv, hctx)
11	: HANDLER_WAIT_FOR_EVENT;
12	}

Lines 1-34 Link Here

(-)files/patch-src_mod__proxy.c (-34 lines)
1	--- src/mod_proxy.c.orig 2016-07-31 12:42:39 UTC
2	+++ src/mod_proxy.c
3	@@ -854,7 +854,20 @@ static handler_t proxy_write_request(ser
4
5	if (hctx->wb->bytes_out == hctx->wb_reqlen) {
6	fdevent_event_clr(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_OUT);
7	- shutdown(hctx->fd, SHUT_WR);/* future: remove if HTTP/1.1 request */
8	+ #if (defined(__APPLE__) && defined(__MACH__)) \
9	+ \|\| defined(__FreeBSD__) \|\| defined(__NetBSD__) \
10	+ \|\| defined(__OpenBSD__) \|\| defined(__DragonflyBSD__)
11	+ /(BSD stack on remote might signal POLLHUP and remote
12	+ * might treat as socket error instead of half-close)*/
13	+ #else
14	+ /*(remote could be different machine running affected OS,
15	+ * so only issue shutdown for known local sockets)*/
16	+ if ( '/' == host->host->ptr[0]
17	+ \|\| buffer_is_equal_string(host->host, CONST_STR_LEN("127.0.0.1"))
18	+ \|\| buffer_is_equal_string(host->host, CONST_STR_LEN("::1"))) {
19	+ shutdown(hctx->fd, SHUT_WR);/* future: remove if HTTP/1.1 request */
20	+ }
21	+ #endif
22	proxy_set_state(srv, hctx, PROXY_STATE_READ);
23	} else {
24	off_t wblen = hctx->wb->bytes_in - hctx->wb->bytes_out;
25	@@ -992,7 +1005,8 @@ SUBREQUEST_FUNC(mod_proxy_handle_subrequ
26	}
27	}
28
29	- return (0 == hctx->wb->bytes_in \|\| !chunkqueue_is_empty(hctx->wb))
30	+ return ((0 == hctx->wb->bytes_in \|\| !chunkqueue_is_empty(hctx->wb))
31	+ && hctx->state != PROXY_STATE_CONNECT)
32	? proxy_send_request(srv, hctx)
33	: HANDLER_WAIT_FOR_EVENT;
34	}

Lines 1-34 Link Here

(-)files/patch-src_mod__scgi.c (-34 lines)
1	--- src/mod_scgi.c.orig 2016-08-07 12:39:31 UTC
2	+++ src/mod_scgi.c
3	@@ -2438,7 +2438,20 @@ static handler_t scgi_write_request(serv
4
5	if (hctx->wb->bytes_out == hctx->wb_reqlen) {
6	fdevent_event_clr(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_OUT);
7	- shutdown(hctx->fd, SHUT_WR);
8	+ #if (defined(__APPLE__) && defined(__MACH__)) \
9	+ \|\| defined(__FreeBSD__) \|\| defined(__NetBSD__) \
10	+ \|\| defined(__OpenBSD__) \|\| defined(__DragonflyBSD__)
11	+ /(BSD stack on remote might signal POLLHUP and remote
12	+ * might treat as socket error instead of half-close)*/
13	+ #else
14	+ /*(remote could be different machine running affected OS,
15	+ * so only issue shutdown for known local sockets)*/
16	+ if ( '/' == host->host->ptr[0]
17	+ \|\| buffer_is_equal_string(host->host, CONST_STR_LEN("127.0.0.1"))
18	+ \|\| buffer_is_equal_string(host->host, CONST_STR_LEN("::1"))) {
19	+ shutdown(hctx->fd, SHUT_WR);
20	+ }
21	+ #endif
22	scgi_set_state(srv, hctx, FCGI_STATE_READ);
23	} else {
24	off_t wblen = hctx->wb->bytes_in - hctx->wb->bytes_out;
25	@@ -2585,7 +2598,8 @@ SUBREQUEST_FUNC(mod_scgi_handle_subreque
26	}
27	}
28
29	- return (0 == hctx->wb->bytes_in \|\| !chunkqueue_is_empty(hctx->wb))
30	+ return ((0 == hctx->wb->bytes_in \|\| !chunkqueue_is_empty(hctx->wb))
31	+ && hctx->state != FCGI_STATE_CONNECT)
32	? scgi_send_request(srv, hctx)
33	: HANDLER_WAIT_FOR_EVENT;
34	}