»My software»for lighttpd»mySQL auth 
mySQL auth

This patch allows lighttpd to authenticate users against mySQL DB
NOTE: Only basic auth is implemented. Passwords are stored as MD5 hash in DB




Download

lighttpd-1.4.18-r2-mysql_auth.patch
include md5 crypt()
13.03.2008 - fix sql injection - taguchi@ff.iij4u.or.jp

lighttpd-1.4.11-mysql_auth.patch or lighttp-1.4.11-mysql_auth_with_md5crypt.patch (this is for use with md5 crypt())
lighttpd-mysql_auth.sql



HOWTO


get lighttpd source from here

tar xzvf lighttpd-1.4.X.tar.gz # (unpack source)
patch -p0 < lighttpd-1.4.X-mysql_auth.patch # (apply patch)
cd lighttpd-1.4.X
./configure --with-mysql # (add more options if you want)
make
make install


make mysql db and user (read mySQL doc's if you don't know how)
import lighttpd-mysql_auth.sql (same as above)

open lighttpd.conf and add
(be sure that you comment out any other auth - according to lighttpd docs)

auth.backend = "mysql"
auth.backend.mysql.host = "localhost"
auth.backend.mysql.user = "db_user"
auth.backend.mysql.pass = "db_pass"
auth.backend.mysql.db = "db_name"
auth.backend.mysql.port = "0" # (for default port 0, always needed)
auth.backend.mysql.socket = "" # (for default leave blank, always needed)
auth.backend.mysql.users_table = "users_table"
auth.backend.mysql.col_user = "col_name_username"
auth.backend.mysql.col_pass = "col_name_password" # (md5 hash of password or md5 crypt() password like $1$... 12chars salt)
auth.backend.mysql.col_realm = "col_realm_name"

configure lighttpd to use it (same as every other auth)

auth.require = ( "/some_path" =>
(
"method" => "basic",
"realm" => "some_realm",
"require" => "some_user",
)
)

start lighttpd

test & Njoy

P.S. patch include more complicated setup with separate table for domains.
If you are interested please contact with me to obtain more information.



Bugs, Patches and Suggestions

Send me E-Mail: drJeckyll@Jeckyll.net


Comments


Cannot make it work
Posted on: 27/03/2008 20:03
Author: Mal kuzmark_at_gmail.com

I downloaded version 1.4.18, patched and compiled.
During compilation on my OS X I noticed:

http_auth.c: In function 'apr_md5_encode':
http_auth.c:598: warning: passing argument 2 of 'MD5_Update' discards qualifiers from pointer target type
http_auth.c:603: warning: pointer targets in passing argument 2 of 'MD5_Update' differ in signedness
http_auth.c:608: warning: passing argument 2 of 'MD5_Update' discards qualifiers from pointer target type
http_auth.c:614: warning: passing argument 2 of 'MD5_Update' discards qualifiers from pointer target type
http_auth.c:615: warning: passing argument 2 of 'MD5_Update' discards qualifiers from pointer target type
http_auth.c:616: warning: passing argument 2 of 'MD5_Update' discards qualifiers from pointer target type
http_auth.c:636: warning: passing argument 2 of 'MD5_Update' discards qualifiers from pointer target type
http_auth.c:658: warning: passing argument 2 of 'MD5_Update' discards qualifiers from pointer target type
http_auth.c:664: warning: passing argument 2 of 'MD5_Update' discards qualifiers from pointer target type
http_auth.c:668: warning: passing argument 2 of 'MD5_Update' discards qualifiers from pointer target type
http_auth.c:675: warning: passing argument 2 of 'MD5_Update' discards qualifiers from pointer target type
mv -f .deps/http_auth.Tpo .deps/http_auth.Plo

After changes in config file I try to start lighttpd but does not seems to be running and gives no error message.

Please help!
Posted on: 29/03/2008 07:03
Author: drJeckyll drJeckyll_at_Jeckyll.net

Undex Gentoo Linux no such warnings ... also patch hase nothing to do with apr_md5_encode() ... I think your problem is not related to this patch ...

Could you compile lighttpd without patch ?
Update
Posted on: 03/01/2009 18:01
Author: Mal kuzmark_at_gmail.com

Any updates on this patch for 1.5 or 1.4.20?
1.4.18 has some security bugs as I read.
Please dont make me go through C code
Posted on: 12/03/2009 11:03
Author: danielos

Do I need to configure auth.require for every domain?
I patched the version 1.4.18 without problems, I added auth.backend lines, but when I add the auth.require lines, lighttpd does'nt start without any errors in error log, the mod_auth is loaded.

Any ideas?

I'm also confused how to configure the auth.require, do you have any example?
Current version for 1.4.23?
Posted on: 01/09/2009 15:09
Author: Ben. public_at_niessen.in

Hi,

I didnt try to patch lighttpd with 1.4.23 yet as I would like to know before if you have experience with this version and the patch.

Does it work? Any problems?

Thanks a lot.
Posted on: 28/11/2009 22:11
Author: drJeckyll drJeckyll_at_Jeckyll.net

@Ben: there is new patch @lighttpd.net which work with 1.4.23 and support digest auth ... see last comment from Zolen there: http://redmine.lighttpd.net/issues/752

@danielos: auth.require has nothing to do with patch itself ... it is feature of lighttpd and you must look at lighty docs here: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModAuth

@Mal: you must check new version of patch at lighty site here: http://redmine.lighttpd.net/issues/752

write new comment

stretch
stretch
stretch
stretch
interoffice
interoffice
interoffice
interoffice