Project

General

Profile

Actions

Feature #752

closed

mySQL auth

Added by Anonymous over 18 years ago. Updated over 8 years ago.

Status:
Fixed
Priority:
Normal
Category:
mod_auth
Target version:
ASK QUESTIONS IN Forums:

Description

This patch allows lighttpd to authenticate users against mySQL DBbr
NOTE: Only basic auth is implemented. Passwords are stored as MD5 hash in DB

br" class="external">lighttpd-1.4.11-mysql_auth.patch</a>
lighttpd-1.4.11-mysql_auth.sql
br


tar xzvf lighttpd-1.4.11.tar.gz     # (unpack source)
patch -p0 < lighttpd-1.4.11-mysql_auth.patch     # (apply patch)
cd lighttpd-1.4.11
./configure --with-mysql     # (add more options if you want)
make
make install

make mysql db and user (read mySQL doc's if you don't know how)br
import lighttpd-1.4.11-mysql_auth.sql

open lighttpd.conf and addbr
(be sure that you comment out any other auth - according to lighttpd docs)
br


auth.backend                                   = "mysql" 
auth.backend.mysql.host                        = "localhost" 
auth.backend.mysql.user                        = "db_user" 
auth.backend.mysql.pass                        = "db_pass" 
auth.backend.mysql.db                          = "db_name" 
auth.backend.mysql.port                        = "0" # (for default port 0, always needed)
auth.backend.mysql.socket                      = ""  # (for default leave blank, always needed)
auth.backend.mysql.users_table                 = "users_table" 
auth.backend.mysql.col_user                    = "col_name_username" 
auth.backend.mysql.col_pass                    = "col_name_password" # (md5 hash of password)
auth.backend.mysql.col_realm                   = "col_realm_name" 

configure lighttpd to use it (same as every other auth)


auth.require = ( "/some_path" =>
    (
        "method"  => "basic",
        "realm"   => "some_realm",
        "require" => "some_user",
    )
)

start lighttpd

test & Njoy

P.S. patch include more complicated setup with separate table for domains.
If you are interested please contact with me to obtain more information.

Bugs, Patches and Suggestions
Send me E-Mail:

original version is located here

-- drJeckyll


Files

patch-mod_auth_mysql (13.9 KB) patch-mod_auth_mysql mysql auth patch for 1.4.18 -- taguchi Anonymous, 2008-01-25 05:08
lighttp-1.4.18-r2-mysql_auth.patch (15.3 KB) lighttp-1.4.18-r2-mysql_auth.patch patch for lighttpd 1.4.18 - include fix sql injection & md5 crypt() -- drJeckyll Anonymous, 2008-03-13 06:25
03_all_lighttpd-1.4.23-mysql_auth.diff (20.6 KB) 03_all_lighttpd-1.4.23-mysql_auth.diff 1.4.23 patch Zolen, 2009-10-09 09:49
lighttpd-1.4.28-mysql_auth.diff (20.6 KB) lighttpd-1.4.28-mysql_auth.diff wica, 2011-06-26 10:17

Related issues 3 (0 open3 closed)

Related to Feature #1845: MySQL Digest AuthenticationFixed2008-12-14Actions
Has duplicate Feature #687: mysql support in mod_authDuplicateActions
Has duplicate Feature #1057: Auth using databaseDuplicateActions
Actions #1

Updated by Anonymous over 17 years ago

nihiasebe i privet vam vsem

-- nihiasebe

Actions #2

Updated by Anonymous about 17 years ago

Is there a patch to the current version 1.4.18? I tried it myself to merge the 1.4.11-patch to this version, but it didn't work...

-- johann

Actions #3

Updated by Anonymous almost 17 years ago

This patch work fine for me> johann.

But i think this patch has SQL Injection probrem.
i think it should use mysql_real_escape_string().
such as attached file.

but i think this version still has a probrem.
i think all of MySQL related lines should be in #ifdef HAVE_MYSQL ... #endif.
Sorry i could not resolve this probrem.
i read ldap related lines. i think there are many ldap line at outside ifdef. i can't understand it. sorry.

-- taguchi

Actions #4

Updated by Anonymous almost 17 years ago

Thanks for your reply. I will try the patch on this weekend (if there is time to).
If i got my lighty running with mysql-auth, ill try to add mysql_real_escape_string() but C is not even rudimental my preferred language :)

Best regards,

Johann

-- johann

Actions #5

Updated by Anonymous almost 17 years ago

Sorry, for the late response:

I tried the latest patch, but it doesnt worked for me. Patching and build was fine, but on restart after configuration, i got:


2008-03-21 14:27:37: (plugin.c.165) dlopen() failed for: /usr/lib/lighttpd/mod_auth.so /usr/lib/lighttpd/mod_auth.so: undefined symbol: mysql_query 
2008-03-21 14:27:37: (server.c.621) loading plugins finally failed                                                                                                          

The System is a Gentoo Linux with mysql installed and mysql-support in lighttpd.
Sorry, but atm i have no time to dig deeper...

-- johann

Actions #6

Updated by stbuehler almost 17 years ago

Looks like the module is not linked against mysql; so you either need to fix the Makefile.am or load the mysql-vhost module before mod_auth so mysql is already loaded

Actions #7

Updated by Anonymous over 16 years ago

DrJeckyll's latest patch made my 1.4.19 segfault, so I've here's my version, based on the one by Taguchi.

I've also added support for digest authentication, in which the 'password' field should look like this:


MD5(CONCAT(username,':',realm,':',plaintext_password))

This is easy to use when you create a MySQL view:


CREATE VIEW digest AS
SELECT username AS username, MD5(CONCAT(username,':',realm,':',password)) AS password, realm AS realm
FROM auth
Actions #8

Updated by Anonymous about 16 years ago

-- Sandra Dekkers <dekkers.sandra

Actions #9

Updated by Ben. over 15 years ago

Does it work with 1.4.23 as well?

Are the bugs and security issues fixed?

Thanks for input.

Actions #10

Updated by Zolen about 15 years ago

I edit and test patch for 1.4.23.

Actions #11

Updated by wica over 13 years ago

I have edit (changed 1.4.23 to 1.4.28) and tested the patch 03_all_lighttpd-1.4.23-mysql_auth.diff for lighttpd-1.4.28
And it looks oke :)

Ps. patch works fine with the ubuntu packages in 10.04 LTS

Actions #12

Updated by wica over 13 years ago

wica wrote:

I have edit (changed 1.4.23 to 1.4.28) and tested the patch 03_all_lighttpd-1.4.23-mysql_auth.diff for lighttpd-1.4.28
And it looks oke :)

Ps. patch works fine with the ubuntu packages in 10.04 LTS ( lighttpd-1.4.26 )

Actions #13

Updated by lordbone over 12 years ago

  • Target version set to 1.4.x

Compiling the 1.4.28 patch against the current lighty version (1.4.31) doesn't seem to work.

1.4.28 - works! (tested)
1.4.29 - works! (tested)
1.4.30 - breaks compile (tested)
1.4.31 - breaks compile (tested)

http_auth.c: In function 'http_auth_basic_password_compare':
http_auth.c:987:24: error: 'MD5_CTX' undeclared (first use in this function)
http_auth.c:987:24: note: each undeclared identifier is reported only once for each function it appears in
http_auth.c:987:32: error: expected ';' before 'Md5Ctx'
http_auth.c:991:24: warning: implicit declaration of function 'MD5_Init'
http_auth.c:991:34: error: 'Md5Ctx' undeclared (first use in this function)
http_auth.c:992:24: warning: implicit declaration of function 'MD5_Update'
http_auth.c:993:24: warning: implicit declaration of function 'MD5_Final'

Taking a look at the changelog, I've spotted this:

[mod_auth] Fix signedness error in http_auth (CVE-2011-4362)

Any1 want to take a shot at writing a patch for 1.4.x ?

Actions #14

Updated by gstrauss over 8 years ago

Actions #15

Updated by gstrauss over 8 years ago

  • Description updated (diff)
  • Category changed from core to mod_auth
  • Assignee deleted (jan)
Actions #16

Updated by gstrauss over 8 years ago

  • Related to deleted (Feature #687: mysql support in mod_auth)
Actions #17

Updated by gstrauss over 8 years ago

  • Has duplicate Feature #687: mysql support in mod_auth added
Actions #18

Updated by gstrauss over 8 years ago

Actions #19

Updated by gstrauss over 8 years ago

Actions #20

Updated by gstrauss over 8 years ago

Actions #21

Updated by gstrauss over 8 years ago

moo noted in #1057: db querying is not async, [...] why not make fcgi app for this?

Actions #22

Updated by gstrauss over 8 years ago

Actions #23

Updated by gstrauss over 8 years ago

FYI: FreeBSD has a set of patches at https://svnweb.freebsd.org/ports/head/www/lighttpd/files/ for auth with mysql

Actions #24

Updated by gstrauss over 8 years ago

4b3a91e6 creates an extensible interface for auth backends, so this patch will need to be rewritten to merge cleanly with the future release of lighttpd 1.4.42. See also #1845. It would be nice to have mod_authn_mysql.c supporting both HTTP Basic and HTTP Digest auth.

Actions #25

Updated by gstrauss over 8 years ago

  • Target version changed from 1.4.x to 1.4.42
Actions #26

Updated by gstrauss over 8 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100
Actions

Also available in: Atom