--- lighttpd-1.4.11/src/Makefile.in 2006-03-07 14:21:02.000000000 +0200 +++ lighttpd-1.4.11-patched/src/Makefile.in 2006-07-06 22:24:10.000000000 +0300 @@ -584,7 +583,7 @@ mod_compress_la_LIBADD = $(Z_LIB) $(BZ_LIB) $(common_libadd) mod_auth_la_SOURCES = mod_auth.c http_auth_digest.c http_auth.c mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -mod_auth_la_LIBADD = $(MYSQL_LIBS) $(CRYPT_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd) +mod_auth_la_LIBADD = $(CRYPT_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd) mod_rewrite_la_SOURCES = mod_rewrite.c mod_rewrite_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined mod_rewrite_la_LIBADD = $(PCRE_LIB) $(common_libadd) --- lighttpd-1.4.11/src/http_auth.c 2006-02-01 13:02:52.000000000 +0200 +++ lighttpd-1.4.11-patched/src/http_auth.c 2006-07-01 20:15:43.000000000 +0300 @@ -25,6 +25,8 @@ #include #include +#include + #include "server.h" #include "log.h" #include "http_auth.h" @@ -283,6 +285,81 @@ stream_close(&f); } else if (p->conf.auth_backend == AUTH_BACKEND_LDAP) { ret = 0; + } else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) { + MYSQL_RES *result; + MYSQL_ROW row; + int port = atoi(p->conf.auth_mysql_port->ptr); + char q[255]; + + if (p->conf.auth_mysql_socket->ptr != NULL) + if (0 == strcmp(p->conf.auth_mysql_socket->ptr, "")) p->conf.auth_mysql_socket->ptr = NULL; + + p->conf.mysql_conn = mysql_init(NULL); + + if (mysql_real_connect(p->conf.mysql_conn, p->conf.auth_mysql_host->ptr, p->conf.auth_mysql_user->ptr, p->conf.auth_mysql_pass->ptr, p->conf.auth_mysql_db->ptr, port, p->conf.auth_mysql_socket->ptr, 0)) + { +/*#define MY_HOSTING*/ + +#ifdef MY_HOSTING + char my_full_realm[255]; + char *my_realm = NULL; + char *my_domain = NULL; + + strcpy(my_full_realm, realm->ptr); + my_realm = strtok(my_full_realm, "@"); + + if (my_realm != NULL) + my_domain = strtok(NULL, "@"); + + sprintf(q, "SELECT %s FROM %s, %s WHERE %s='%s' AND %s='%s' AND %s='%s' AND %s=%s", + p->conf.auth_mysql_col_pass->ptr, + + p->conf.auth_mysql_users_table->ptr, + p->conf.auth_mysql_domains_table->ptr, + + p->conf.auth_mysql_col_user->ptr, + username->ptr, + + p->conf.auth_mysql_col_realm->ptr, + my_realm, + + p->conf.auth_mysql_col_domain->ptr, + my_domain, + + p->conf.auth_mysql_domains_table_col_domain_id->ptr, + p->conf.auth_mysql_users_table_col_domain_id->ptr + ); +#else + sprintf(q, "SELECT %s FROM %s WHERE %s='%s' AND %s='%s'", + p->conf.auth_mysql_col_pass->ptr, + p->conf.auth_mysql_users_table->ptr, + p->conf.auth_mysql_col_user->ptr, + username->ptr, + p->conf.auth_mysql_col_realm->ptr, + realm->ptr + ); +#endif + + mysql_query(p->conf.mysql_conn, q); + result = mysql_store_result(p->conf.mysql_conn); + if (mysql_num_rows(result) == 1) + { + /* found */ + row = mysql_fetch_row(result); + buffer_copy_string_len(password, row[0], strlen(row[0])); + + ret = 0; + } else + { + /* not found */ + ret = -1; + } + + mysql_free_result(result); + mysql_close(p->conf.mysql_conn); + + p->conf.mysql_conn = NULL; + } } else { return -1; } @@ -657,6 +734,60 @@ return 0; #endif + } else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) { + /* + we check for md5 crypt() now + request by Nicola Tiling + */ + if (password->ptr[0] == '$' && password->ptr[2] == '$') + { + char salt[32]; + char *crypted; + size_t salt_len = 0; + char *dollar = NULL; + + if (NULL == (dollar = strchr(password->ptr + 3, '$'))) { + fprintf(stderr, "%s.%d\n", __FILE__, __LINE__); + return -1; + } + + salt_len = dollar - password->ptr; + + if (salt_len > sizeof(salt) - 1) + { + fprintf(stderr, "%s.%d\n", __FILE__, __LINE__); + return -1; + } + + strncpy(salt, password->ptr, salt_len); + + salt[salt_len] = '\0'; + + crypted = crypt(pw, salt); + + if (0 == strcmp(password->ptr, crypted)) + { + return 0; + } else { + fprintf(stderr, "%s.%d\n", __FILE__, __LINE__); + } + } else + /* plain md5 check now */ + { + MD5_CTX Md5Ctx; + HASH HA1; + char a1[256]; + + MD5_Init(&Md5Ctx); + MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw)); + MD5_Final(HA1, &Md5Ctx); + + CvtHex(HA1, a1); + + if (0 == strcmp(password->ptr, a1)) { + return 0; + } + } } return -1; } --- lighttpd-1.4.11/src/http_auth.h 2005-08-14 17:12:31.000000000 +0300 +++ lighttpd-1.4.11-patched/src/http_auth.h 2006-06-29 10:20:20.000000000 +0300 @@ -9,9 +9,11 @@ # include #endif +#include + typedef enum { AUTH_BACKEND_UNSET, AUTH_BACKEND_PLAIN, AUTH_BACKEND_LDAP, AUTH_BACKEND_HTPASSWD, - AUTH_BACKEND_HTDIGEST, AUTH_BACKEND_PAM } auth_backend_t; + AUTH_BACKEND_HTDIGEST, AUTH_BACKEND_PAM, AUTH_BACKEND_MYSQL } auth_backend_t; typedef struct { /* auth */ @@ -44,6 +46,22 @@ buffer *ldap_filter_pre; buffer *ldap_filter_post; #endif + + MYSQL *mysql_conn; + buffer *auth_mysql_host; + buffer *auth_mysql_user; + buffer *auth_mysql_pass; + buffer *auth_mysql_db; + buffer *auth_mysql_port; + buffer *auth_mysql_socket; + buffer *auth_mysql_users_table; + buffer *auth_mysql_col_user; + buffer *auth_mysql_col_pass; + buffer *auth_mysql_col_realm; + buffer *auth_mysql_domains_table; + buffer *auth_mysql_col_domain; + buffer *auth_mysql_domains_table_col_domain_id; + buffer *auth_mysql_users_table_col_domain_id; } mod_auth_plugin_config; typedef struct { --- lighttpd-1.4.11/src/mod_auth.c 2006-02-15 20:01:31.000000000 +0200 +++ lighttpd-1.4.11-patched/src/mod_auth.c 2006-06-29 10:47:29.000000000 +0300 @@ -7,6 +7,8 @@ #include #include +#include + #include "plugin.h" #include "http_auth.h" #include "log.h" @@ -82,7 +84,21 @@ if (s->ldap) ldap_unbind_s(s->ldap); #endif - + + buffer_free(s->auth_mysql_host); + buffer_free(s->auth_mysql_user); + buffer_free(s->auth_mysql_pass); + buffer_free(s->auth_mysql_db); + buffer_free(s->auth_mysql_socket); + buffer_free(s->auth_mysql_users_table); + buffer_free(s->auth_mysql_col_user); + buffer_free(s->auth_mysql_col_pass); + buffer_free(s->auth_mysql_col_realm); + buffer_free(s->auth_mysql_domains_table); + buffer_free(s->auth_mysql_col_domain); + buffer_free(s->auth_mysql_domains_table_col_domain_id); + buffer_free(s->auth_mysql_users_table_col_domain_id); + free(s); } free(p->config_storage); @@ -118,6 +134,21 @@ PATCH(ldap_filter_pre); PATCH(ldap_filter_post); #endif + + PATCH(auth_mysql_host); + PATCH(auth_mysql_user); + PATCH(auth_mysql_pass); + PATCH(auth_mysql_db); + PATCH(auth_mysql_port); + PATCH(auth_mysql_socket); + PATCH(auth_mysql_users_table); + PATCH(auth_mysql_col_user); + PATCH(auth_mysql_col_pass); + PATCH(auth_mysql_col_realm); + PATCH(auth_mysql_domains_table); + PATCH(auth_mysql_col_domain); + PATCH(auth_mysql_domains_table_col_domain_id); + PATCH(auth_mysql_users_table_col_domain_id); /* skip the first, the global context */ for (i = 1; i < srv->config_context->used; i++) { @@ -160,6 +191,34 @@ PATCH(auth_ldap_cafile); } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.starttls"))) { PATCH(auth_ldap_starttls); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.host"))) { + PATCH(auth_mysql_host); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.user"))) { + PATCH(auth_mysql_user); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.pass"))) { + PATCH(auth_mysql_pass); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.db"))) { + PATCH(auth_mysql_db); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.port"))) { + PATCH(auth_mysql_port); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.socket"))) { + PATCH(auth_mysql_user); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table"))) { + PATCH(auth_mysql_users_table); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_user"))) { + PATCH(auth_mysql_col_user); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_pass"))) { + PATCH(auth_mysql_col_pass); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_realm"))) { + PATCH(auth_mysql_col_realm); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table"))) { + PATCH(auth_mysql_domains_table); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_domain"))) { + PATCH(auth_mysql_col_domain); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table_col_domain_id"))) { + PATCH(auth_mysql_domains_table_col_domain_id); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table_col_domain_id"))) { + PATCH(auth_mysql_users_table_col_domain_id); } } } @@ -315,6 +374,20 @@ { "auth.backend.htdigest.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, { "auth.backend.htpasswd.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, { "auth.debug", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 13 */ + { "auth.backend.mysql.host", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, + { "auth.backend.mysql.user", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, + { "auth.backend.mysql.pass", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, + { "auth.backend.mysql.db", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, + { "auth.backend.mysql.port", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, + { "auth.backend.mysql.socket", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, + { "auth.backend.mysql.users_table", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, + { "auth.backend.mysql.col_user", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, + { "auth.backend.mysql.col_pass", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, + { "auth.backend.mysql.col_realm", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 23 */ + { "auth.backend.mysql.domains_table", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, + { "auth.backend.mysql.col_domain", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, + { "auth.backend.mysql.domains_table_col_domain_id", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, + { "auth.backend.mysql.users_table_col_domain_id", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 27 */ { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET } }; @@ -344,6 +417,22 @@ s->auth_require = array_init(); + s->mysql_conn = NULL; + s->auth_mysql_host = buffer_init(); + s->auth_mysql_user = buffer_init(); + s->auth_mysql_pass = buffer_init(); + s->auth_mysql_db = buffer_init(); + s->auth_mysql_port = buffer_init(); + s->auth_mysql_socket = buffer_init(); + s->auth_mysql_users_table = buffer_init(); + s->auth_mysql_col_user = buffer_init(); + s->auth_mysql_col_pass = buffer_init(); + s->auth_mysql_col_realm = buffer_init(); + s->auth_mysql_domains_table = buffer_init(); + s->auth_mysql_col_domain = buffer_init(); + s->auth_mysql_domains_table_col_domain_id = buffer_init(); + s->auth_mysql_users_table_col_domain_id = buffer_init(); + #ifdef USE_LDAP s->ldap_filter_pre = buffer_init(); s->ldap_filter_post = buffer_init(); @@ -364,6 +453,20 @@ cv[11].destination = s->auth_htdigest_userfile; cv[12].destination = s->auth_htpasswd_userfile; cv[13].destination = &(s->auth_debug); + cv[14].destination = s->auth_mysql_host; + cv[15].destination = s->auth_mysql_user; + cv[16].destination = s->auth_mysql_pass; + cv[17].destination = s->auth_mysql_db; + cv[18].destination = s->auth_mysql_port; + cv[19].destination = s->auth_mysql_socket; + cv[20].destination = s->auth_mysql_users_table; + cv[21].destination = s->auth_mysql_col_user; + cv[22].destination = s->auth_mysql_col_pass; + cv[23].destination = s->auth_mysql_col_realm; + cv[24].destination = s->auth_mysql_domains_table; + cv[25].destination = s->auth_mysql_col_domain; + cv[26].destination = s->auth_mysql_domains_table_col_domain_id; + cv[27].destination = s->auth_mysql_users_table_col_domain_id; p->config_storage[i] = s; ca = ((data_config *)srv->config_context->data[i])->value; @@ -381,6 +484,8 @@ s->auth_backend = AUTH_BACKEND_PLAIN; } else if (0 == strcmp(s->auth_backend_conf->ptr, "ldap")) { s->auth_backend = AUTH_BACKEND_LDAP; + } else if (0 == strcmp(s->auth_backend_conf->ptr, "mysql")) { + s->auth_backend = AUTH_BACKEND_MYSQL; } else { log_error_write(srv, __FILE__, __LINE__, "sb", "auth.backend not supported:", s->auth_backend_conf); @@ -543,6 +648,27 @@ return (ret); break; } + case AUTH_BACKEND_MYSQL: { + int port = atoi(s->auth_mysql_port->ptr); + + if (0 == strcmp(s->auth_mysql_socket->ptr, "")) s->auth_mysql_socket->ptr = NULL; + + s->mysql_conn = mysql_init(NULL); + if (!mysql_real_connect(s->mysql_conn, s->auth_mysql_host->ptr, s->auth_mysql_user->ptr, s->auth_mysql_pass->ptr, s->auth_mysql_db->ptr, port, NULL, 0)) + { + log_error_write(srv, __FILE__, __LINE__, "sbsbsbsbss", + "opening connection to mysql:", s->auth_mysql_host, + "user:", s->auth_mysql_user, + "pass:", s->auth_mysql_pass, + "db:", s->auth_mysql_db, + "failed:", strerror(errno)); + + return HANDLER_ERROR; + } + mysql_close(s->mysql_conn); + + break; + } default: break; }