]>
Commit | Line | Data |
---|---|---|
0f0a89ab | 1 | #!@PERL@ |
9aa1f63b | 2 | |
0f0a89ab | 3 | use strict; |
0f0a89ab AJ |
4 | use Getopt::Long; |
5 | use Pod::Usage; | |
0f0a89ab AJ |
6 | |
7 | =pod | |
8 | ||
9 | =head1 NAME | |
10 | ||
9aa1f63b | 11 | ext_sql_session_acl - SQL Database session lookup helper for Squid |
0f0a89ab AJ |
12 | |
13 | =head1 SYNOPSIS | |
14 | ||
9aa1f63b | 15 | ext_sql_session_acl [options] |
0f0a89ab AJ |
16 | |
17 | =head1 DESCRIPTION | |
18 | ||
19 | Validates an HTTP requests access authorization with a session database. | |
20 | ||
21 | Taking an identity token to be validated (as determined by the external_acl_type format) | |
22 | it returns a username or tag associated with the identity token passed in. | |
23 | ||
24 | Common forms of identifiers are IP address, EUI (MAC) address, passwords, or UUID tokens. | |
25 | ||
26 | This program uses Squid concurrency support. | |
27 | ||
9aa1f63b AJ |
28 | =head1 OPTIONS |
29 | ||
30 | =over 12 | |
0f0a89ab | 31 | |
9aa1f63b | 32 | =item B<--dsn> |
0f0a89ab AJ |
33 | |
34 | Database DSN. Default "DBI:mysql:database=squid" | |
35 | ||
9aa1f63b | 36 | =item B<--user> |
0f0a89ab AJ |
37 | |
38 | Database User | |
39 | ||
9aa1f63b | 40 | =item B<--password> |
0f0a89ab AJ |
41 | |
42 | Database password | |
43 | ||
9aa1f63b | 44 | =item B<--table> |
0f0a89ab AJ |
45 | |
46 | Database table. Default "passwd". | |
47 | ||
9aa1f63b | 48 | =item B<--uidcol> |
0f0a89ab AJ |
49 | |
50 | Unique Session Identifier column. Default "id". | |
51 | ||
9aa1f63b | 52 | =item B<--usercol> |
0f0a89ab AJ |
53 | |
54 | External ACL user= result column. | |
55 | ||
9aa1f63b | 56 | =item B<--tagcol> |
0f0a89ab AJ |
57 | |
58 | External ACL tag= result column. | |
59 | ||
9aa1f63b | 60 | =item B<--cond> |
0f0a89ab AJ |
61 | |
62 | Condition, defaults to enabled=1. Specify 1 or "" for no condition | |
63 | ||
9aa1f63b | 64 | =item B<--persist> |
0f0a89ab AJ |
65 | |
66 | Keep a persistent database connection open between queries. | |
67 | ||
9aa1f63b | 68 | =item B<--debug> |
0f0a89ab | 69 | |
9aa1f63b | 70 | Write debug info to stderr. |
0f0a89ab AJ |
71 | |
72 | =back | |
73 | ||
9aa1f63b AJ |
74 | =head1 AUTHOR |
75 | ||
76 | This program and documentation was written by I<Amos Jeffries <amosjeffries@squid-cache.org>> | |
77 | ||
78 | Based on original work in DB_auth by Henrik Nordstrom <henrik@henriknordstrom.net> | |
79 | With assistance of Nishant Sharma <codemarauder@gmail.com> | |
80 | ||
81 | =head1 COPYRIGHT | |
82 | ||
bde978a6 | 83 | * Copyright (C) 1996-2015 The Squid Software Foundation and contributors |
9aa1f63b AJ |
84 | * |
85 | * Squid software is distributed under GPLv2+ license and includes | |
86 | * contributions from numerous individuals and organizations. | |
87 | * Please see the COPYING and CONTRIBUTORS files for details. | |
88 | ||
89 | Copyright (C) 2012 Amos Jeffries <amosjeffries@squid-cache.org> | |
90 | ||
91 | This program is free software. You may redistribute copies of it under the | |
92 | terms of the GNU General Public License version 2, or (at your opinion) any | |
93 | later version. | |
94 | ||
95 | =head1 QUESTIONS | |
96 | ||
97 | Questions on the usage of this program can be sent to the I<Squid Users mailing list <squid-users@squid-cache.org>> | |
98 | ||
99 | =head1 REPORTING BUGS | |
100 | ||
101 | Bug reports need to be made in English. | |
102 | See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. | |
103 | ||
104 | Report bugs or bug fixes using http://bugs.squid-cache.org/ | |
105 | ||
106 | Report serious security bugs to I<Squid Bugs <squid-bugs@squid-cache.org>> | |
107 | ||
108 | Report ideas for new improvements to the I<Squid Developers mailing list <squid-dev@squid-cache.org>> | |
109 | ||
110 | =head1 SEE ALSO | |
111 | ||
112 | squid (8), GPL (7), | |
113 | ||
114 | The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq | |
115 | ||
116 | The Squid Configuration Manual http://www.squid-cache.org/Doc/config/ | |
117 | ||
0f0a89ab AJ |
118 | =cut |
119 | ||
9aa1f63b AJ |
120 | use DBI; |
121 | ||
122 | my $dsn = "DBI:mysql:database=squid"; | |
123 | my $db_user = undef; | |
124 | my $db_passwd = undef; | |
125 | my $db_table = "passwd"; | |
126 | my $db_uidcol = "id"; | |
127 | my $db_usercol = "''"; | |
128 | my $db_tagcol = "''"; | |
129 | my $db_cond = "enabled = 1"; | |
130 | my $persist = 0; | |
131 | my $debug = 0; | |
132 | ||
0f0a89ab AJ |
133 | GetOptions( |
134 | 'dsn=s' => \$dsn, | |
135 | 'user=s' => \$db_user, | |
136 | 'password=s' => \$db_passwd, | |
137 | 'table=s' => \$db_table, | |
138 | 'uidcol=s' => \$db_uidcol, | |
139 | 'usercol=s' => \$db_usercol, | |
140 | 'tagcol=s' => \$db_tagcol, | |
141 | 'cond=s' => \$db_cond, | |
142 | 'persist' => \$persist, | |
143 | 'debug' => \$debug, | |
144 | ); | |
145 | ||
146 | my ($_dbh, $_sth); | |
147 | ||
148 | sub close_db() | |
149 | { | |
150 | return if !defined($_dbh); | |
151 | undef $_sth; | |
152 | $_dbh->disconnect(); | |
153 | undef $_dbh; | |
154 | } | |
155 | ||
156 | sub open_db() | |
157 | { | |
158 | return $_sth if defined $_sth; | |
159 | $_dbh = DBI->connect($dsn, $db_user, $db_passwd); | |
160 | if (!defined $_dbh) { | |
161 | warn ("Could not connect to $dsn\n"); | |
162 | return undef; | |
163 | } | |
164 | $_sth = $_dbh->prepare("SELECT $db_usercol as 'user', $db_tagcol as 'tag' FROM $db_table WHERE ($db_uidcol = ?) " . | |
165 | ($db_cond ne "" ? " AND $db_cond" : "")) || die; | |
166 | ||
167 | print(stderr "Query: SELECT $db_usercol as 'user', $db_tagcol as 'tag' FROM $db_table WHERE ($db_uidcol = ?) " . | |
168 | ($db_cond ne "" ? " AND $db_cond" : "")) if ($debug); | |
169 | ||
170 | return $_sth; | |
171 | } | |
172 | ||
173 | sub query_db($) { | |
174 | my $uid = @_[0]; | |
175 | my ($sth) = open_db() || return undef; | |
176 | print(stderr "UID queried: '".$uid."'\n") if ($debug); | |
177 | if (!$sth->execute($uid)) { | |
178 | close_db(); | |
179 | open_db() || return undef; | |
180 | $sth->execute($uid) || return undef;; | |
181 | } | |
182 | return $sth; | |
183 | } | |
184 | my $status; | |
185 | ||
9aa1f63b | 186 | $|=1; |
0f0a89ab AJ |
187 | while (<>) { |
188 | my $string = $_; | |
189 | $string =~ m/^(\d+)\s(.*)$/; | |
190 | my ($cid, $uid) = ($1, $2); | |
191 | ||
192 | $status = "ERR"; | |
193 | $cid =~ s/%(..)/pack("H*", $1)/ge; | |
925ca2a4 | 194 | $uid =~ s/%(..)/pack("H*", $1)/ge; |
0f0a89ab AJ |
195 | |
196 | print(stderr "Received: Channel=".$cid.", UID='".$uid."'\n") if ($debug); | |
197 | ||
c55b0902 | 198 | $status = $cid . " ERR message=\"database error\""; |
0f0a89ab AJ |
199 | my $sth = query_db($uid) || next; |
200 | print(stderr "Rows: ". $sth->rows()."\n") if ($debug); | |
c55b0902 | 201 | $status = $cid . " ERR message=\"unknown UID '".$uid."'\""; |
0f0a89ab AJ |
202 | my $row = $sth->fetchrow_hashref() || next; |
203 | $status = $cid . " OK" . ($row->{'user'} ne "" ? " user=" . $row->{'user'} : "" ) . ($row->{'tag'} ne "" ? " tag=" . $row->{'tag'} : "" ); | |
204 | $sth->finish(); | |
205 | } continue { | |
206 | close_db() if (!$persist); | |
207 | print $status . "\n"; | |
208 | } |