Project

General

Profile

lighttpd-1.4.28-mysql_auth.diff

wica, 2011-06-26 10:17

View differences:

lighttpd-1.4.28/src/http_auth.c 2009-10-08 10:10:15.000000000 +0400
24 24
#include <errno.h>
25 25
#include <unistd.h>
26 26
#include <ctype.h>
27
#include <mysql/mysql.h>
27 28

  
28 29
#include "server.h"
29 30
#include "log.h"
......
291 292
		stream_close(&f);
292 293
	} else if (p->conf.auth_backend == AUTH_BACKEND_LDAP) {
293 294
		ret = 0;
295
       } else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) {
296
               MYSQL_RES *result;
297
               MYSQL_ROW row;
298
               int port = atoi(p->conf.auth_mysql_port->ptr);
299
               char q[255];
300

  
301
               if (p->conf.auth_mysql_socket->ptr != NULL)
302
                   if (0 == strcmp(p->conf.auth_mysql_socket->ptr, "")) p->conf.auth_mysql_socket->ptr = NULL;
303

  
304
               p->conf.mysql_conn = mysql_init(NULL);
305

  
306
               if (mysql_real_connect(p->conf.mysql_conn, p->conf.auth_mysql_host->ptr, p->conf.auth_mysql_user->ptr, p->conf.auth_mysql_pass->ptr, p->conf.auth_mysql_db->ptr, port, p->conf.auth_mysql_socket->ptr, 0))
307
               {
308
//#define MY_HOSTING
309

  
310
#ifdef MY_HOSTING
311
                   char my_full_realm[255];
312
                   char *my_realm = NULL;
313
                   char *my_domain = NULL;
314

  
315
                   char *uname;
316
                   size_t unamelen;
317

  
318
                   unamelen = strlen(username->ptr);
319
                   uname = malloc(unamelen*2+1);
320

  
321
                   mysql_real_escape_string(p->conf.mysql_conn,
322
                                            uname, username->ptr,
323
                                            (unsigned long)unamelen);
324

  
325
                   strcpy(my_full_realm, realm->ptr);
326
                   my_realm = strtok(my_full_realm, "@");
327

  
328
                   if (my_realm != NULL)
329
                   my_domain = strtok(NULL, "@");
330

  
331
                   sprintf(q, "SELECT %s FROM %s, %s WHERE %s='%s' AND %s='%s' AND %s='%s' AND %s=%s",
332
                               p->conf.auth_mysql_col_pass->ptr,
333

  
334
                               p->conf.auth_mysql_users_table->ptr,
335
                               p->conf.auth_mysql_domains_table->ptr,
336

  
337
                               p->conf.auth_mysql_col_user->ptr,
338
                               uname,
339

  
340
                               p->conf.auth_mysql_col_realm->ptr,
341
                               my_realm,
342

  
343
                               p->conf.auth_mysql_col_domain->ptr,
344
                               my_domain,
345

  
346
                               p->conf.auth_mysql_domains_table_col_domain_id->ptr,
347
                               p->conf.auth_mysql_users_table_col_domain_id->ptr
348
                   );
349

  
350
                   free(uname);
351
#else
352
                   // sanitize username & realm by taguchi@ff.iij4u.or.jp
353
                   char *uname, *urealm;
354
                   size_t unamelen, urealmlen;
355

  
356
                   unamelen = strlen(username->ptr);
357
                   urealmlen = strlen(realm->ptr);
358
                   uname = malloc(unamelen*2+1);
359
                   urealm = malloc(urealmlen*2+1);
360

  
361
                   mysql_real_escape_string(p->conf.mysql_conn,
362
                                            uname, username->ptr,
363
                                            (unsigned long)unamelen);
364

  
365
                   mysql_real_escape_string(p->conf.mysql_conn,
366
                                            urealm, realm->ptr,
367
                                            (unsigned long)unamelen);
368

  
369
                   mysql_real_escape_string(p->conf.mysql_conn,
370
                                            urealm, realm->ptr,
371
                                            (unsigned long)urealmlen);
372

  
373
                   sprintf(q, "SELECT %s FROM %s WHERE %s='%s' AND %s='%s'",
374
                               p->conf.auth_mysql_col_pass->ptr,
375
                               p->conf.auth_mysql_users_table->ptr,
376
                               p->conf.auth_mysql_col_user->ptr,
377
                               uname,
378
                               p->conf.auth_mysql_col_realm->ptr,
379
                               urealm
380
                   );
381

  
382
                   free(uname);
383
                   free(urealm);
384
#endif
385

  
386
                   mysql_query(p->conf.mysql_conn, q);
387
                   result = mysql_store_result(p->conf.mysql_conn);
388
                   if (mysql_num_rows(result) == 1)
389
                   {
390
                       /* found */
391
                       row = mysql_fetch_row(result);
392
                       buffer_copy_string_len(password, row[0], strlen(row[0]));
393

  
394
                       ret = 0;
395
                   } else
396
                   {
397
                       /* not found */
398
                       ret = -1;
399
                   }
400

  
401
                   mysql_free_result(result);
402
                   mysql_close(p->conf.mysql_conn);
403

  
404
                   p->conf.mysql_conn = NULL;
405
               }
294 406
	} else {
295 407
		return -1;
296 408
	}
......
831 943

  
832 944
		return 0;
833 945
#endif
946
       } else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) {
947
               /*
948
                   we check for md5 crypt() now
949
                   request by Nicola Tiling <nti@w4w.net>
950
               */
951
               if (password->ptr[0] == '$' && password->ptr[2] == '$')
952
               {
953
                   char salt[32];
954
                   char *crypted;
955
                   size_t salt_len = 0;
956
                   char *dollar = NULL;
957

  
958
                   if (NULL == (dollar = strchr(password->ptr + 3, '$'))) {
959
                       fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
960
                       return -1;
961
                   }
962

  
963
                   salt_len = dollar - password->ptr;
964

  
965
                   if (salt_len > sizeof(salt) - 1)
966
                   {
967
                       fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
968
                       return -1;
969
                   }
970

  
971
                   strncpy(salt, password->ptr, salt_len);
972

  
973
                   salt[salt_len] = '\0';
974

  
975
                   crypted = crypt(pw, salt);
976

  
977
                   if (0 == strcmp(password->ptr, crypted))
978
                   {
979
                       return 0;
980
                   } else {
981
                       fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
982
                   }
983
               } else
984
               /* plain md5 check now */
985
               {
986
                       MD5_CTX Md5Ctx;
987
                       HASH HA1;
988
                       char a1[256];
989

  
990
                       MD5_Init(&Md5Ctx);
991
                       MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw));
992
                       MD5_Final(HA1, &Md5Ctx);
993

  
994
                       CvtHex(HA1, a1);
995

  
996
                       if (0 == strcmp(password->ptr, a1)) {
997
                               return 0;
998
                       }
999
               }
834 1000
	}
835 1001
	return -1;
836 1002
}
lighttpd-1.4.28/src/http_auth.h 2009-10-08 10:13:56.000000000 +0400
8 8
# define USE_LDAP
9 9
# include <ldap.h>
10 10
#endif
11
#include <mysql/mysql.h>
11 12

  
12 13
typedef enum {
13 14
	AUTH_BACKEND_UNSET,
14 15
	AUTH_BACKEND_PLAIN,
15 16
	AUTH_BACKEND_LDAP,
16 17
	AUTH_BACKEND_HTPASSWD,
17
	AUTH_BACKEND_HTDIGEST
18
        AUTH_BACKEND_HTDIGEST,
19
        AUTH_BACKEND_MYSQL
18 20
} auth_backend_t;
19 21

  
20 22
typedef struct {
......
49 51
	buffer *ldap_filter_pre;
50 52
	buffer *ldap_filter_post;
51 53
#endif
54

  
55
       MYSQL  *mysql_conn;
56
       buffer *auth_mysql_host;
57
       buffer *auth_mysql_user;
58
       buffer *auth_mysql_pass;
59
       buffer *auth_mysql_db;
60
       buffer *auth_mysql_port;
61
       buffer *auth_mysql_socket;
62
       buffer *auth_mysql_users_table;
63
       buffer *auth_mysql_col_user;
64
       buffer *auth_mysql_col_pass;
65
       buffer *auth_mysql_col_realm;
66
       buffer *auth_mysql_domains_table;
67
       buffer *auth_mysql_col_domain;
68
       buffer *auth_mysql_domains_table_col_domain_id;
69
       buffer *auth_mysql_users_table_col_domain_id;
52 70
} mod_auth_plugin_config;
53 71

  
54 72
typedef struct {
lighttpd-1.4.28/src/Makefile.am 2009-10-08 10:26:56.000000000 +0400
242 242
lib_LTLIBRARIES += mod_auth.la
243 243
mod_auth_la_SOURCES = mod_auth.c http_auth_digest.c http_auth.c
244 244
mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
245
mod_auth_la_LIBADD = $(CRYPT_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
245
mod_auth_la_LIBADD = $(MYSQL_LIBS) $(CRYPT_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
246 246

  
247 247
lib_LTLIBRARIES += mod_rewrite.la
248 248
mod_rewrite_la_SOURCES = mod_rewrite.c
lighttpd-1.4.28/src/Makefile.in 2009-10-08 10:26:25.000000000 +0400
706 706
mod_compress_la_LIBADD = $(Z_LIB) $(BZ_LIB) $(common_libadd)
707 707
mod_auth_la_SOURCES = mod_auth.c http_auth_digest.c http_auth.c
708 708
mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
709
mod_auth_la_LIBADD = $(CRYPT_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
709
mod_auth_la_LIBADD = $(MYSQL_LIBS) $(CRYPT_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
710 710
mod_rewrite_la_SOURCES = mod_rewrite.c
711 711
mod_rewrite_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
712 712
mod_rewrite_la_LIBADD = $(PCRE_LIB) $(common_libadd)
lighttpd-1.4.28/src/mod_auth.c 2009-10-08 10:24:13.000000000 +0400
6 6
#include <errno.h>
7 7
#include <fcntl.h>
8 8
#include <unistd.h>
9
#include <mysql/mysql.h>
9 10

  
10 11
#include "plugin.h"
11 12
#include "http_auth.h"
......
83 84
			if (s->ldap) ldap_unbind_s(s->ldap);
84 85
#endif
85 86

  
87
                       buffer_free(s->auth_mysql_host);
88
                       buffer_free(s->auth_mysql_user);
89
                       buffer_free(s->auth_mysql_pass);
90
                       buffer_free(s->auth_mysql_db);
91
                       buffer_free(s->auth_mysql_socket);
92
                       buffer_free(s->auth_mysql_users_table);
93
                       buffer_free(s->auth_mysql_col_user);
94
                       buffer_free(s->auth_mysql_col_pass);
95
                       buffer_free(s->auth_mysql_col_realm);
96
                       buffer_free(s->auth_mysql_domains_table);
97
                       buffer_free(s->auth_mysql_col_domain);
98
                       buffer_free(s->auth_mysql_domains_table_col_domain_id);
99
                       buffer_free(s->auth_mysql_users_table_col_domain_id);
100

  
86 101
			free(s);
87 102
		}
88 103
		free(p->config_storage);
......
120 135
	PATCH(ldap_filter_post);
121 136
#endif
122 137

  
138
       PATCH(auth_mysql_host);
139
       PATCH(auth_mysql_user);
140
       PATCH(auth_mysql_pass);
141
       PATCH(auth_mysql_db);
142
       PATCH(auth_mysql_port);
143
       PATCH(auth_mysql_socket);
144
       PATCH(auth_mysql_users_table);
145
       PATCH(auth_mysql_col_user);
146
       PATCH(auth_mysql_col_pass);
147
       PATCH(auth_mysql_col_realm);
148
       PATCH(auth_mysql_domains_table);
149
       PATCH(auth_mysql_col_domain);
150
       PATCH(auth_mysql_domains_table_col_domain_id);
151
       PATCH(auth_mysql_users_table_col_domain_id);
152

  
123 153
	/* skip the first, the global context */
124 154
	for (i = 1; i < srv->config_context->used; i++) {
125 155
		data_config *dc = (data_config *)srv->config_context->data[i];
......
169 199
				PATCH(auth_ldap_bindpw);
170 200
			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.allow-empty-pw"))) {
171 201
				PATCH(auth_ldap_allow_empty_pw);
202
                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.host"))) {
203
                               PATCH(auth_mysql_host);
204
                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.user"))) {
205
                               PATCH(auth_mysql_user);
206
                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.pass"))) {
207
                               PATCH(auth_mysql_pass);
208
                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.db"))) {
209
                               PATCH(auth_mysql_db);
210
                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.port"))) {
211
                               PATCH(auth_mysql_port);
212
                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.socket"))) {
213
                               PATCH(auth_mysql_user);
214
                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table"))) {
215
                               PATCH(auth_mysql_users_table);
216
                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_user"))) {
217
                               PATCH(auth_mysql_col_user);
218
                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_pass"))) {
219
                               PATCH(auth_mysql_col_pass);
220
                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_realm"))) {
221
                               PATCH(auth_mysql_col_realm);
222
                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table"))) {
223
                               PATCH(auth_mysql_domains_table);
224
                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_domain"))) {
225
                               PATCH(auth_mysql_col_domain);
226
                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table_col_domain_id"))) {
227
                               PATCH(auth_mysql_domains_table_col_domain_id);
228
                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table_col_domain_id"))) {
229
                               PATCH(auth_mysql_users_table_col_domain_id);
172 230
			}
173 231
		}
174 232
	}
......
323 381
		{ "auth.backend.ldap.starttls",     NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 8 */
324 382
 		{ "auth.backend.ldap.bind-dn",      NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 9 */
325 383
 		{ "auth.backend.ldap.bind-pw",      NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 10 */
326
		{ "auth.backend.ldap.allow-empty-pw",     NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 11 */
384
                { "auth.backend.ldap.allow-empty-pw",     NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION },
327 385
		{ "auth.backend.htdigest.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 12 */
328 386
		{ "auth.backend.htpasswd.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 13 */
329 387
		{ "auth.debug",                     NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION },  /* 14 */
388
                { "auth.backend.mysql.host",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
389
                { "auth.backend.mysql.user",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
390
                { "auth.backend.mysql.pass",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
391
                { "auth.backend.mysql.db",          NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
392
                { "auth.backend.mysql.port",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
393
                { "auth.backend.mysql.socket",      NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
394
                { "auth.backend.mysql.users_table", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
395
                { "auth.backend.mysql.col_user",    NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
396
                { "auth.backend.mysql.col_pass",    NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
397
                { "auth.backend.mysql.col_realm",   NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 23 */
398
                { "auth.backend.mysql.domains_table",               NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
399
                { "auth.backend.mysql.col_domain",                  NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
400
                { "auth.backend.mysql.domains_table_col_domain_id", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
401
                { "auth.backend.mysql.users_table_col_domain_id",   NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 27 */
330 402
		{ NULL,                             NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
331 403
	};
332 404

  
......
355 427
		s->auth_debug = 0;
356 428

  
357 429
		s->auth_require = array_init();
430
                s->mysql_conn                             = NULL;
431
                s->auth_mysql_host                        = buffer_init();
432
                s->auth_mysql_user                        = buffer_init();
433
                s->auth_mysql_pass                        = buffer_init();
434
                s->auth_mysql_db                          = buffer_init();
435
                s->auth_mysql_port                        = buffer_init();
436
                s->auth_mysql_socket                      = buffer_init();
437
                s->auth_mysql_users_table                 = buffer_init();
438
                s->auth_mysql_col_user                    = buffer_init();
439
                s->auth_mysql_col_pass                    = buffer_init();
440
                s->auth_mysql_col_realm                   = buffer_init();
441
                s->auth_mysql_domains_table               = buffer_init();
442
                s->auth_mysql_col_domain                  = buffer_init();
443
                s->auth_mysql_domains_table_col_domain_id = buffer_init();
444
                s->auth_mysql_users_table_col_domain_id   = buffer_init();
445

  
358 446

  
359 447
#ifdef USE_LDAP
360 448
		s->ldap_filter_pre = buffer_init();
......
377 465
		cv[12].destination = s->auth_htdigest_userfile;
378 466
		cv[13].destination = s->auth_htpasswd_userfile;
379 467
		cv[14].destination = &(s->auth_debug);
380

  
468
                cv[15].destination = s->auth_mysql_host;
469
                cv[16].destination = s->auth_mysql_user;
470
                cv[17].destination = s->auth_mysql_pass;
471
                cv[18].destination = s->auth_mysql_db;
472
                cv[19].destination = s->auth_mysql_port;
473
                cv[20].destination = s->auth_mysql_socket;
474
                cv[21].destination = s->auth_mysql_users_table;
475
                cv[22].destination = s->auth_mysql_col_user;
476
                cv[23].destination = s->auth_mysql_col_pass;
477
                cv[24].destination = s->auth_mysql_col_realm;
478
                cv[25].destination = s->auth_mysql_domains_table;
479
                cv[26].destination = s->auth_mysql_col_domain;
480
                cv[27].destination = s->auth_mysql_domains_table_col_domain_id;
481
                cv[28].destination = s->auth_mysql_users_table_col_domain_id;
381 482
		p->config_storage[i] = s;
382 483
		ca = ((data_config *)srv->config_context->data[i])->value;
383 484

  
......
394 495
				s->auth_backend = AUTH_BACKEND_PLAIN;
395 496
			} else if (0 == strcmp(s->auth_backend_conf->ptr, "ldap")) {
396 497
				s->auth_backend = AUTH_BACKEND_LDAP;
498
                        } else if (0 == strcmp(s->auth_backend_conf->ptr, "mysql")) {
499
                                s->auth_backend = AUTH_BACKEND_MYSQL;
397 500
			} else {
398 501
				log_error_write(srv, __FILE__, __LINE__, "sb", "auth.backend not supported:", s->auth_backend_conf);
399 502

  
......
534 637
				return (ret);
535 638
			break;
536 639
		}
640
               case AUTH_BACKEND_MYSQL: {
641
                       int port = atoi(s->auth_mysql_port->ptr);
642

  
643
                       if (p->conf.auth_mysql_socket->ptr != NULL)
644
                           if (0 == strcmp(s->auth_mysql_socket->ptr, "")) s->auth_mysql_socket->ptr = NULL;
645

  
646
                       s->mysql_conn = mysql_init(NULL);
647
                       if (!mysql_real_connect(s->mysql_conn, s->auth_mysql_host->ptr, s->auth_mysql_user->ptr, s->auth_mysql_pass->ptr, s->auth_mysql_db->ptr, port, NULL, 0))
648
                       {
649
                           log_error_write(srv, __FILE__, __LINE__, "sbsbsbsbss",
650
                               "opening connection to mysql:", s->auth_mysql_host,
651
                               "user:", s->auth_mysql_user,
652
                               "pass:", s->auth_mysql_pass,
653
                               "db:", s->auth_mysql_db,
654
                               "failed:", strerror(errno));
655

  
656
                           return HANDLER_ERROR;
657
                       }
658
                       mysql_close(s->mysql_conn);
659

  
660
                       break;
661
               }
537 662
		default:
538 663
			break;
539 664
		}