1.1

1.1

Author: uplusware

script/heaphttpd.conf

@@ -69,8 +69,11 @@ ProxyAuthenticate = None
 
 ################################################################
 # User List                                                    #
+#     "IntegrateLocalUsers" only supports Basic auth way       #
+#     "IntegrateLocalUsers" excludes root                      #
 ################################################################
-UserListFile=/etc/heaphttpd/users.xml
+IntegrateLocalUsers = no
+UsersListFile=/etc/heaphttpd/users.xml
 
 ################################################################
 # Private path: for temporary files                            #

src/Makefile

@@ -41,10 +41,10 @@ INCDIR = -I../$(OPENSSL_DIR)/include
 LDDIRS = -L.
 
 ifdef memcached
-    LDLIST_HTTP = -lstdc++ -lmemcached -lheapauth -lheapwebsocket
+    LDLIST_HTTP = -lstdc++ -lcrypt -lmemcached -lheapauth -lheapwebsocket
     MEMCACHED_DEF = _WITH_MEMCACHED_
 else
-    LDLIST_HTTP = -lstdc++ -lheapauth -lheapwebsocket
+    LDLIST_HTTP = -lstdc++ -lcrypt -lheapauth -lheapwebsocket
     MEMCACHED_DEF = _WITHOUT_MEMCACHED_
 endif
 

src/base.cpp

@@ -115,6 +115,8 @@ vector<string> CHttpBase::m_permit_list;
 
 vector<string> CHttpBase::m_default_webpages;
 
+BOOL CHttpBase::m_integrate_local_users = FALSE;
+
 #ifdef _WITH_MEMCACHED_
     map<string, int> CHttpBase::m_memcached_list;
 #endif /* _WITH_MEMCACHED_ */
@@ -189,7 +191,7 @@ BOOL CHttpBase::LoadConfig()
 				strcut(strline.c_str(), "=", NULL, m_ext_list_file);
 				strtrim(m_ext_list_file);
 			}
-            else if(strncasecmp(strline.c_str(), "UserListFile", sizeof("UserListFile") - 1) == 0)
+            else if(strncasecmp(strline.c_str(), "UsersListFile", sizeof("UsersListFile") - 1) == 0)
 			{
 				strcut(strline.c_str(), "=", NULL, m_users_list_file);
 				strtrim(m_users_list_file);
@@ -327,6 +329,13 @@ BOOL CHttpBase::LoadConfig()
 				strcut(strline.c_str(), "=", NULL, m_proxy_authenticate );
 				strtrim(m_proxy_authenticate);
 			}
+            else if(strncasecmp(strline.c_str(), "IntegrateLocalUsers", sizeof("IntegrateLocalUsers") - 1) == 0)
+			{
+				string IntegrateLocalUsers;
+				strcut(strline.c_str(), "=", NULL, IntegrateLocalUsers );
+				strtrim(IntegrateLocalUsers);
+				m_integrate_local_users = (strcasecmp(IntegrateLocalUsers.c_str(), "yes")) == 0 ? TRUE : FALSE;
+			}
             else if(strncasecmp(strline.c_str(), "DefaultWebPages", sizeof("DefaultWebPages") - 1) == 0)
             {
                 string default_webpages;

src/base.h

@@ -472,6 +472,8 @@ class CHttpBase
 
     static vector<string> m_default_webpages;
 
+    static BOOL		m_integrate_local_users;
+    
 	static string 	m_www_authenticate;
     static string   m_proxy_authenticate;
 	static BOOL 	m_client_cer_check;

src/http.cpp

@@ -1128,7 +1128,7 @@ Http_Connection CHttp::LineParse(const char* text)
 
                 string php_auth_pwd;
 
-                if(WWW_Auth(this, asBasic, strauth.c_str(), m_username, php_auth_pwd))
+                if(WWW_Auth(this, asBasic, CHttpBase::m_integrate_local_users ? true : false, strauth.c_str(), m_username, php_auth_pwd))
                 {
                     m_passed_wwwauth = TRUE;
                     m_cgi.SetMeta("REMOTE_USER", m_username.c_str());
@@ -1146,7 +1146,7 @@ Http_Connection CHttp::LineParse(const char* text)
 
                 m_cgi.SetMeta("AUTH_TYPE", "Digest");
 
-                if(WWW_Auth(this, asDigest, strauth.c_str(), m_username, php_digest, HTTP_METHOD_NAME[m_http_method]))
+                if(WWW_Auth(this, asDigest, CHttpBase::m_integrate_local_users ? true : false, strauth.c_str(), m_username, php_digest, HTTP_METHOD_NAME[m_http_method]))
                 {
                     m_passed_wwwauth = TRUE;
                     m_cgi.SetMeta("REMOTE_USER", m_username.c_str());
@@ -1161,7 +1161,7 @@ Http_Connection CHttp::LineParse(const char* text)
 
                 string php_auth_pwd;
 
-                if(WWW_Auth(this, asBasic, strauth.c_str(), m_username, php_auth_pwd))
+                if(WWW_Auth(this, asBasic, CHttpBase::m_integrate_local_users ? true : false, strauth.c_str(), m_username, php_auth_pwd))
                 {
                     m_passed_proxyauth = TRUE;
                 }
@@ -1173,7 +1173,7 @@ Http_Connection CHttp::LineParse(const char* text)
 
                 string php_digest;
 
-                if(WWW_Auth(this, asDigest, strauth.c_str(), m_username, php_digest, HTTP_METHOD_NAME[m_http_method]))
+                if(WWW_Auth(this, asDigest, CHttpBase::m_integrate_local_users ? true : false, strauth.c_str(), m_username, php_digest, HTTP_METHOD_NAME[m_http_method]))
                 {
                     m_passed_proxyauth = TRUE;
                 }

src/wwwauth.cpp

@@ -5,6 +5,11 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
+#include <errno.h>
+#include <crypt.h>
+#include <shadow.h>
+#include <string.h>
+#include <unistd.h>
 #include "wwwauth.h"
 #include "util/digcalc.h"
 #include "util/base64.h"
@@ -106,7 +111,7 @@ void __inline__ _strtrim_dquote_(string &src) /* icnluding double quote mark*/
 	}
 }
 
-bool WWW_Auth(CHttp* psession, AUTH_SCHEME scheme, const char* authinfo, string& username, string &keywords, const char* method)
+bool WWW_Auth(CHttp* psession, AUTH_SCHEME scheme, bool integrate_local_users, const char* authinfo, string& username, string &keywords, const char* method)
 {
 	string password, real_password;
 	if(scheme == asBasic)
@@ -125,13 +130,44 @@ bool WWW_Auth(CHttp* psession, AUTH_SCHEME scheme, const char* authinfo, string&
 
         keywords = password;
 
-		if(heaphttpd_usrdef_get_password(psession, username.c_str(), real_password) && password == real_password)
+        if(integrate_local_users)
         {
-            keywords = real_password;
-			return true;
+            if(strcasecmp(username.c_str(),"root") == 0)// forbid root for login for security reason.
+            {
+                return false;
+            }
+            //Get shadow password.
+            struct spwd *spw_info = getspnam(username.c_str());
+            if (!spw_info)
+            {
+                 return false;
+            }
+
+            // Hash and report.
+            struct crypt_data pwd_data;
+            pwd_data.initialized = 0;
+            char *pwd_hashed = crypt_r(password.c_str(), spw_info->sp_pwdp, &pwd_data);
+            if (pwd_hashed && strcmp(spw_info->sp_pwdp, pwd_hashed) == 0)
+            {
+                return true;
+            }
+            else
+            {
+                return false;
+            }
+
+            
+        }
+        else
+        {
+            if(heaphttpd_usrdef_get_password(psession, username.c_str(), real_password) && password == real_password)
+            {
+                keywords = real_password;
+                return true;
+            }
+            else
+                return false;
         }
-		else
-			return false;
 	}
 	else if(scheme == asDigest)
 	{

src/wwwauth.h

@@ -20,6 +20,6 @@ typedef enum
 	asDigest
 } AUTH_SCHEME;
 
-bool WWW_Auth(CHttp* psession, AUTH_SCHEME scheme, const char* authinfo, string& username, string &keywords, const char* method = "GET");
+bool WWW_Auth(CHttp* psession, AUTH_SCHEME scheme, bool integrate_local_users, const char* authinfo, string& username, string &keywords, const char* method = "GET");
 
 #endif /* _WWW_AUTH_ */