[thirdparty/squid.git] / src / acl / external / SQL_session / ext_sql_session_acl.pl.in

#!@PERL@

use strict;
use Getopt::Long;
use Pod::Usage;

=pod

=head1 NAME

 ext_sql_session_acl - SQL Database session lookup helper for Squid

=head1 SYNOPSIS

 ext_sql_session_acl [options]

=head1 DESCRIPTION

Validates an HTTP requests access authorization with a session database.

Taking an identity token to be validated (as determined by the external_acl_type format)
it returns a username or tag associated with the identity token passed in.

Common forms of identifiers are IP address, EUI (MAC) address, passwords, or UUID tokens.

This program uses Squid concurrency support.

=head1 OPTIONS

=over 12

=item B<--dsn>

Database DSN. Default "DBI:mysql:database=squid"

=item B<--user>

Database User

=item B<--password>

Database password

=item B<--table>

Database table. Default "passwd".

=item B<--uidcol>

Unique Session Identifier column. Default "id".

=item B<--usercol>

External ACL user= result column.

=item B<--tagcol>

External ACL tag= result column.

=item B<--cond>

Condition, defaults to enabled=1. Specify 1 or "" for no condition

=item B<--persist>

Keep a persistent database connection open between queries.

=item B<--debug>

Write debug info to stderr.

=back

=head1 AUTHOR

This program and documentation was written by I<Amos Jeffries <amosjeffries@squid-cache.org>>

Based on original work in DB_auth by Henrik Nordstrom <henrik@henriknordstrom.net>
With assistance of Nishant Sharma <codemarauder@gmail.com>

=head1 COPYRIGHT

 * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.

 Copyright (C) 2012 Amos Jeffries <amosjeffries@squid-cache.org>

 This program is free software. You may redistribute copies of it under the
 terms of the GNU General Public License version 2, or (at your opinion) any
 later version.

=head1 QUESTIONS

Questions on the usage of this program can be sent to the I<Squid Users mailing list <squid-users@lists.squid-cache.org>>

=head1 REPORTING BUGS

Bug reports need to be made in English.
See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.

Report bugs or bug fixes using http://bugs.squid-cache.org/

Report serious security bugs to I<Squid Bugs <squid-bugs@lists.squid-cache.org>>

Report ideas for new improvements to the I<Squid Developers mailing list <squid-dev@lists.squid-cache.org>>

=head1 SEE ALSO

squid (8), GPL (7),

The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq

The Squid Configuration Manual http://www.squid-cache.org/Doc/config/

=cut

use DBI;

my $dsn = "DBI:mysql:database=squid";
my $db_user = undef;
my $db_passwd = undef;
my $db_table = "passwd";
my $db_uidcol = "id";
my $db_usercol = "''";
my $db_tagcol = "''";
my $db_cond = "enabled = 1";
my $persist = 0;
my $debug = 0;

GetOptions(
    'dsn=s' => \$dsn,
    'user=s' => \$db_user,
    'password=s' => \$db_passwd,
    'table=s' => \$db_table,
    'uidcol=s' => \$db_uidcol,
    'usercol=s' => \$db_usercol,
    'tagcol=s' => \$db_tagcol,
    'cond=s' => \$db_cond,
    'persist' => \$persist,
    'debug' => \$debug,
    );

my ($_dbh, $_sth);

sub close_db()
{
    return if !defined($_dbh);
    undef $_sth;
    $_dbh->disconnect();
    undef $_dbh;
}

sub open_db()
{
    return $_sth if defined $_sth;
    $_dbh = DBI->connect($dsn, $db_user, $db_passwd);
    if (!defined $_dbh) {
        warn ("Could not connect to $dsn\n");
        return undef;
    }
    $_sth = $_dbh->prepare("SELECT $db_usercol as 'user', $db_tagcol as 'tag' FROM $db_table WHERE ($db_uidcol = ?) " .
            ($db_cond ne "" ? " AND $db_cond" : "")) || die;

    print(stderr "Query: SELECT $db_usercol as 'user', $db_tagcol as 'tag' FROM $db_table WHERE ($db_uidcol = ?) " .
            ($db_cond ne "" ? " AND $db_cond" : "")) if ($debug);

    return $_sth;
}

sub query_db($) {
    my $uid = @_[0];
    my ($sth) = open_db() || return undef;
    print(stderr "UID queried: '".$uid."'\n") if ($debug);
    if (!$sth->execute($uid)) {
        close_db();
        open_db() || return undef;
        $sth->execute($uid) || return undef;;
    }
    return $sth;
}
my $status;

$|=1;
while (<>) {
    my $string = $_;
    $string =~ m/^(\d+)\s(.*)$/;
    my ($cid, $uid) = ($1, $2);

    $status = "ERR";
    $cid =~ s/%(..)/pack("H*", $1)/ge;
    $uid =~ s/%(..)/pack("H*", $1)/ge;

    print(stderr "Received: Channel=".$cid.", UID='".$uid."'\n") if ($debug);

    $status = $cid . " BH message=\"database error\"";
    my $sth = query_db($uid) || next;
    print(stderr "Rows: ". $sth->rows()."\n") if ($debug);
    $status = $cid . " ERR message=\"unknown UID '".$uid."'\"";
    my $row = $sth->fetchrow_hashref() || next;
    $status = $cid . " OK" . ($row->{'user'} ne "" ? " user=" . $row->{'user'} : "" ) . ($row->{'tag'} ne "" ? " tag=" . $row->{'tag'} : "" );
    $sth->finish();
} continue {
    close_db() if (!$persist);
    print $status . "\n";
}
Commit	Line	Data
0f0a89ab	1	#!@PERL@
9aa1f63b	2
0f0a89ab	3	use strict;
0f0a89ab AJ	4	use Getopt::Long;
0f0a89ab AJ	5	use Pod::Usage;
0f0a89ab AJ	6
	7	=pod
	8
	9	=head1 NAME
	10
9aa1f63b	11	ext_sql_session_acl - SQL Database session lookup helper for Squid
0f0a89ab AJ	12
	13	=head1 SYNOPSIS
	14
9aa1f63b	15	ext_sql_session_acl [options]
0f0a89ab AJ	16
	17	=head1 DESCRIPTION
	18
	19	Validates an HTTP requests access authorization with a session database.
	20
	21	Taking an identity token to be validated (as determined by the external_acl_type format)
	22	it returns a username or tag associated with the identity token passed in.
	23
	24	Common forms of identifiers are IP address, EUI (MAC) address, passwords, or UUID tokens.
	25
	26	This program uses Squid concurrency support.
	27
9aa1f63b AJ	28	=head1 OPTIONS
	29
	30	=over 12
0f0a89ab	31
9aa1f63b	32	=item B<--dsn>
0f0a89ab AJ	33
	34	Database DSN. Default "DBI:mysql:database=squid"
	35
9aa1f63b	36	=item B<--user>
0f0a89ab AJ	37
	38	Database User
	39
9aa1f63b	40	=item B<--password>
0f0a89ab AJ	41
	42	Database password
	43
9aa1f63b	44	=item B<--table>
0f0a89ab AJ	45
	46	Database table. Default "passwd".
	47
9aa1f63b	48	=item B<--uidcol>
0f0a89ab AJ	49
	50	Unique Session Identifier column. Default "id".
	51
9aa1f63b	52	=item B<--usercol>
0f0a89ab AJ	53
	54	External ACL user= result column.
	55
9aa1f63b	56	=item B<--tagcol>
0f0a89ab AJ	57
	58	External ACL tag= result column.
	59
9aa1f63b	60	=item B<--cond>
0f0a89ab AJ	61
	62	Condition, defaults to enabled=1. Specify 1 or "" for no condition
	63
9aa1f63b	64	=item B<--persist>
0f0a89ab	65
47f28373	66	Keep a persistent database connection open between queries.
0f0a89ab	67
9aa1f63b	68	=item B<--debug>
0f0a89ab	69
9aa1f63b	70	Write debug info to stderr.
0f0a89ab AJ	71
	72	=back
	73
9aa1f63b AJ	74	=head1 AUTHOR
	75
	76	This program and documentation was written by I<Amos Jeffries <amosjeffries@squid-cache.org>>
	77
	78	Based on original work in DB_auth by Henrik Nordstrom <henrik@henriknordstrom.net>
	79	With assistance of Nishant Sharma <codemarauder@gmail.com>
	80
	81	=head1 COPYRIGHT
	82
f70aedc4	83	* Copyright (C) 1996-2021 The Squid Software Foundation and contributors
9aa1f63b AJ	84	*
	85	* Squid software is distributed under GPLv2+ license and includes
	86	* contributions from numerous individuals and organizations.
	87	* Please see the COPYING and CONTRIBUTORS files for details.
	88
	89	Copyright (C) 2012 Amos Jeffries <amosjeffries@squid-cache.org>
	90
	91	This program is free software. You may redistribute copies of it under the
	92	terms of the GNU General Public License version 2, or (at your opinion) any
	93	later version.
	94
	95	=head1 QUESTIONS
	96
8311b837	97	Questions on the usage of this program can be sent to the I<Squid Users mailing list <squid-users@lists.squid-cache.org>>
9aa1f63b AJ	98
	99	=head1 REPORTING BUGS
	100
	101	Bug reports need to be made in English.
	102	See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
	103
	104	Report bugs or bug fixes using http://bugs.squid-cache.org/
	105
8311b837	106	Report serious security bugs to I<Squid Bugs <squid-bugs@lists.squid-cache.org>>
9aa1f63b	107
8311b837	108	Report ideas for new improvements to the I<Squid Developers mailing list <squid-dev@lists.squid-cache.org>>
9aa1f63b AJ	109
	110	=head1 SEE ALSO
	111
	112	squid (8), GPL (7),
	113
	114	The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq
	115
	116	The Squid Configuration Manual http://www.squid-cache.org/Doc/config/
	117
0f0a89ab AJ	118	=cut
0f0a89ab AJ	119
9aa1f63b AJ	120	use DBI;
	121
	122	my $dsn = "DBI:mysql:database=squid";
	123	my $db_user = undef;
	124	my $db_passwd = undef;
	125	my $db_table = "passwd";
	126	my $db_uidcol = "id";
	127	my $db_usercol = "''";
	128	my $db_tagcol = "''";
	129	my $db_cond = "enabled = 1";
	130	my $persist = 0;
	131	my $debug = 0;
	132
0f0a89ab	133	GetOptions(
47f28373 FC	134	'dsn=s' => \$dsn,
	135	'user=s' => \$db_user,
	136	'password=s' => \$db_passwd,
	137	'table=s' => \$db_table,
	138	'uidcol=s' => \$db_uidcol,
	139	'usercol=s' => \$db_usercol,
	140	'tagcol=s' => \$db_tagcol,
	141	'cond=s' => \$db_cond,
	142	'persist' => \$persist,
	143	'debug' => \$debug,
	144	);
0f0a89ab AJ	145
	146	my ($_dbh, $_sth);
	147
	148	sub close_db()
	149	{
	150	return if !defined($_dbh);
	151	undef $_sth;
	152	$_dbh->disconnect();
	153	undef $_dbh;
	154	}
	155
	156	sub open_db()
	157	{
	158	return $_sth if defined $_sth;
	159	$_dbh = DBI->connect($dsn, $db_user, $db_passwd);
	160	if (!defined $_dbh) {
47f28373 FC	161	warn ("Could not connect to $dsn\n");
47f28373 FC	162	return undef;
0f0a89ab AJ	163	}
0f0a89ab AJ	164	$_sth = $_dbh->prepare("SELECT $db_usercol as 'user', $db_tagcol as 'tag' FROM $db_table WHERE ($db_uidcol = ?) " .
47f28373	165	($db_cond ne "" ? " AND $db_cond" : "")) \|\| die;
0f0a89ab AJ	166
0f0a89ab AJ	167	print(stderr "Query: SELECT $db_usercol as 'user', $db_tagcol as 'tag' FROM $db_table WHERE ($db_uidcol = ?) " .
47f28373	168	($db_cond ne "" ? " AND $db_cond" : "")) if ($debug);
0f0a89ab AJ	169
	170	return $_sth;
	171	}
	172
	173	sub query_db($) {
	174	my $uid = @_[0];
	175	my ($sth) = open_db() \|\| return undef;
	176	print(stderr "UID queried: '".$uid."'\n") if ($debug);
	177	if (!$sth->execute($uid)) {
47f28373 FC	178	close_db();
	179	open_db() \|\| return undef;
	180	$sth->execute($uid) \|\| return undef;;
0f0a89ab AJ	181	}
	182	return $sth;
	183	}
	184	my $status;
	185
9aa1f63b	186	$\|=1;
0f0a89ab AJ	187	while (<>) {
	188	my $string = $_;
	189	$string =~ m/^(\d+)\s(.*)$/;
	190	my ($cid, $uid) = ($1, $2);
	191
	192	$status = "ERR";
	193	$cid =~ s/%(..)/pack("H*", $1)/ge;
925ca2a4	194	$uid =~ s/%(..)/pack("H*", $1)/ge;
0f0a89ab AJ	195
	196	print(stderr "Received: Channel=".$cid.", UID='".$uid."'\n") if ($debug);
	197
194ccc9c	198	$status = $cid . " BH message=\"database error\"";
0f0a89ab AJ	199	my $sth = query_db($uid) \|\| next;
0f0a89ab AJ	200	print(stderr "Rows: ". $sth->rows()."\n") if ($debug);
c55b0902	201	$status = $cid . " ERR message=\"unknown UID '".$uid."'\"";
0f0a89ab AJ	202	my $row = $sth->fetchrow_hashref() \|\| next;
	203	$status = $cid . " OK" . ($row->{'user'} ne "" ? " user=" . $row->{'user'} : "" ) . ($row->{'tag'} ne "" ? " tag=" . $row->{'tag'} : "" );
	204	$sth->finish();
	205	} continue {
	206	close_db() if (!$persist);
	207	print $status . "\n";
	208	}