From 35e643b39f6cc77b702c714cfa8e70f1e10601a9 Mon Sep 17 00:00:00 2001 From: Eric Andersen Date: Mon, 28 Jul 2003 07:40:39 +0000 Subject: last_patch95 from vodz: Hi. Last patch have new libbb function vfork_rexec() for can use daemon() to uClinux system. This patched daemons: syslog, klogd, inetd, crond. This not tested! I havn`t this systems. Also. Previous patch for feature request MD5 crypt password for httpd don`t sended to this mailist on 07/15/03 (mailist have Pytom module problem?). The previous patch included, and have testing. --w vodz --- networking/Config.in | 9 ++++++- networking/Makefile.in | 7 ++++++ networking/httpd.c | 64 ++++++++++++++++++++++++++++++++++++++++++++------ networking/inetd.c | 24 ++++++++++++------- 4 files changed, 88 insertions(+), 16 deletions(-) (limited to 'networking') diff --git a/networking/Config.in b/networking/Config.in index 406b99163..0bd17fb63 100644 --- a/networking/Config.in +++ b/networking/Config.in @@ -58,6 +58,13 @@ config CONFIG_FEATURE_HTTPD_BASIC_AUTH Utilizes password settings from /etc/httpd.conf for basic authentication on a per url basis. +config CONFIG_FEATURE_HTTPD_AUTH_MD5 + bool " Enable support MD5 crypted password for httpd.conf" + default n + depends on CONFIG_FEATURE_HTTPD_BASIC_AUTH + help + Please help my - send patch for set this help message + if !CONFIG_FEATURE_HTTPD_USAGE_FROM_INETD_ONLY config CONFIG_FEATURE_HTTPD_RELOAD_CONFIG_SIGHUP @@ -105,7 +112,7 @@ config CONFIG_FEATURE_HTTPD_SET_REMOTE_PORT_TO_ENV config CONFIG_FEATURE_HTTPD_SET_CGI_VARS_TO_ENV bool " Enable setting of CGI_varname=value environment vars for CGI" - default y + default n depends on CONFIG_FEATURE_HTTPD_CGI help This option parses POST or GET arguments from a form and diff --git a/networking/Makefile.in b/networking/Makefile.in index 7d0d0b8bc..7748d066b 100644 --- a/networking/Makefile.in +++ b/networking/Makefile.in @@ -53,6 +53,13 @@ NETWORKING-$(CONFIG_WGET) += wget.o libraries-y+=$(NETWORKING_DIR)$(NETWORKING_AR) +needcrypt-y:= +needcrypt-$(CONFIG_FEATURE_HTTPD_AUTH_MD5) := y + +ifeq ($(needcrypt-y),y) + LIBRARIES += -lcrypt +endif + $(NETWORKING_DIR)$(NETWORKING_AR): $(patsubst %,$(NETWORKING_DIR)%, $(NETWORKING-y)) $(AR) -ro $@ $(patsubst %,$(NETWORKING_DIR)%, $(NETWORKING-y)) diff --git a/networking/httpd.c b/networking/httpd.c index d3d88fcb6..d58414b55 100644 --- a/networking/httpd.c +++ b/networking/httpd.c @@ -153,12 +153,14 @@ static const char home[] = "./"; /* Config options, disable this for do very small module */ //#define CONFIG_FEATURE_HTTPD_CGI //#define CONFIG_FEATURE_HTTPD_BASIC_AUTH +//#define CONFIG_FEATURE_HTTPD_AUTH_MD5 #ifdef HTTPD_STANDALONE /* standalone, enable all features */ #undef CONFIG_FEATURE_HTTPD_USAGE_FROM_INETD_ONLY /* unset config option for remove warning as redefined */ #undef CONFIG_FEATURE_HTTPD_BASIC_AUTH +#undef CONFIG_FEATURE_HTTPD_AUTH_MD5 #undef CONFIG_FEATURE_HTTPD_SET_CGI_VARS_TO_ENV #undef CONFIG_FEATURE_HTTPD_ENCODE_URL_STR #undef CONFIG_FEATURE_HTTPD_SET_REMOTE_PORT_TO_ENV @@ -168,6 +170,7 @@ static const char home[] = "./"; #undef CONFIG_FEATURE_HTTPD_RELOAD_CONFIG_SIGHUP /* enable all features now */ #define CONFIG_FEATURE_HTTPD_BASIC_AUTH +#define CONFIG_FEATURE_HTTPD_AUTH_MD5 #define CONFIG_FEATURE_HTTPD_SET_CGI_VARS_TO_ENV #define CONFIG_FEATURE_HTTPD_ENCODE_URL_STR #define CONFIG_FEATURE_HTTPD_SET_REMOTE_PORT_TO_ENV @@ -425,11 +428,11 @@ static void parse_conf(const char *path, int flag) } while((f = fopen(cf, "r")) == NULL) { - if(flag != FIRST_PARSE) { + if(flag == SUBDIR_PARSE || flag == FIND_FROM_HTTPD_ROOT) { /* config file not found, no changes to config */ return; } - if(config->configFile) /* if -c option given */ + if(config->configFile && flag == FIRST_PARSE) /* if -c option given */ bb_perror_msg_and_die("%s", cf); flag = FIND_FROM_HTTPD_ROOT; cf = httpd_conf; @@ -1326,10 +1329,38 @@ static int checkPerm(const char *path, const char *request) if(strncmp(p0, path, l) == 0 && (l == 1 || path[l] == '/' || path[l] == 0)) { /* path match found. Check request */ + + /* for check next /path:user:password */ + prev = p0; +#ifdef CONFIG_FEATURE_HTTPD_AUTH_MD5 + { + char *cipher; + char *pp; + char *u = strchr(request, ':'); + + if(u == NULL) { + /* bad request, ':' required */ + continue; + } + if(strncmp(p, request, u-request) != 0) { + /* user uncompared */ + continue; + } + pp = strchr(p, ':'); + if(pp && pp[1] == '$' && pp[2] == '1' && + pp[3] == '$' && pp[4]) { + pp++; + cipher = pw_encrypt(u+1, pp); + if (strcmp(cipher, pp) == 0) + return 1; /* Ok */ + /* unauthorized */ + continue; + } + } +#endif if (strcmp(p, request) == 0) return 1; /* Ok */ - /* unauthorized, but check next /path:user:password */ - prev = p0; + /* unauthorized */ } } } /* for */ @@ -1731,7 +1762,12 @@ static const char httpd_opts[]="c:d:h:" #endif #ifdef CONFIG_FEATURE_HTTPD_BASIC_AUTH "r:" -#define OPT_INC_2 1 +# ifdef CONFIG_FEATURE_HTTPD_AUTH_MD5 + "m:" +# define OPT_INC_2 2 +# else +# define OPT_INC_2 1 +#endif #else #define OPT_INC_2 0 #endif @@ -1740,14 +1776,15 @@ static const char httpd_opts[]="c:d:h:" #ifdef CONFIG_FEATURE_HTTPD_SETUID "u:" #endif -#endif +#endif /* CONFIG_FEATURE_HTTPD_USAGE_FROM_INETD_ONLY */ ; #define OPT_CONFIG_FILE (1<<0) #define OPT_DECODE_URL (1<<1) #define OPT_HOME_HTTPD (1<<2) #define OPT_ENCODE_URL (1<<(2+OPT_INC_1)) -#define OPT_REALM (1<<(2+OPT_INC_1+OPT_INC_2)) +#define OPT_REALM (1<<(3+OPT_INC_1)) +#define OPT_MD5 (1<<(4+OPT_INC_1)) #define OPT_PORT (1<<(3+OPT_INC_1+OPT_INC_2)) #define OPT_DEBUG (1<<(4+OPT_INC_1+OPT_INC_2)) #define OPT_SETUID (1<<(5+OPT_INC_1+OPT_INC_2)) @@ -1778,6 +1815,10 @@ int httpd_main(int argc, char *argv[]) long uid = -1; #endif +#ifdef CONFIG_FEATURE_HTTPD_AUTH_MD5 + const char *pass; +#endif + config = xcalloc(1, sizeof(*config)); #ifdef CONFIG_FEATURE_HTTPD_BASIC_AUTH config->realm = "Web Server Authentication"; @@ -1796,6 +1837,9 @@ int httpd_main(int argc, char *argv[]) #endif #ifdef CONFIG_FEATURE_HTTPD_BASIC_AUTH , &(config->realm) +# ifdef CONFIG_FEATURE_HTTPD_AUTH_MD5 + , &pass +# endif #endif #ifndef CONFIG_FEATURE_HTTPD_USAGE_FROM_INETD_ONLY , &s_port @@ -1815,6 +1859,12 @@ int httpd_main(int argc, char *argv[]) return 0; } #endif +#ifdef CONFIG_FEATURE_HTTPD_AUTH_MD5 + if(opt & OPT_MD5) { + printf("%s\n", pw_encrypt(pass, "$1$")); + return 0; + } +#endif #ifndef CONFIG_FEATURE_HTTPD_USAGE_FROM_INETD_ONLY if(opt & OPT_PORT) config->port = bb_xgetlarg(s_port, 10, 1, 0xffff); diff --git a/networking/inetd.c b/networking/inetd.c index 33b97ba94..af262c39c 100644 --- a/networking/inetd.c +++ b/networking/inetd.c @@ -806,7 +806,9 @@ inetd_main(int argc, char *argv[]) struct passwd *pwd; struct group *grp = NULL; struct sigaction sa; - int ch, pid; + int pid; + unsigned long opt; + char *sq; gid_t gid; #ifdef INETD_UNSUPPORT_BILTIN @@ -828,14 +830,21 @@ inetd_main(int argc, char *argv[]) LastArg = environ[-1] + strlen(environ[-1]); #endif - while ((ch = getopt(argc, argv, "q:")) != EOF) - switch(ch) { - case 'q': +#if defined(__uClinux__) + opt = bb_getopt_ulflags(argc, argv, "q:f", &sq); + if (!(opt & 4)) { + daemon(0, 0); + /* reexec for vfork() do continue parent */ + vfork_daemon_rexec(argc, argv, "-f"); + } +#else + opt = bb_getopt_ulflags(ac, av, "q:", &sq); + daemon(0, 0); +#endif /* uClinux */ + + if(opt & 1) { global_queuelen = atoi(optarg); if (global_queuelen < 8) global_queuelen=8; - break; - default: - bb_show_usage(); // "[-q len] [conf]" } argc -= optind; argv += optind; @@ -843,7 +852,6 @@ inetd_main(int argc, char *argv[]) if (argc > 0) CONFIG = argv[0]; - daemon(0, 0); openlog(bb_applet_name, LOG_PID | LOG_NOWAIT, LOG_DAEMON); { FILE *fp; -- cgit v1.2.3