helpers/external_acl/SQL_session/ext_sql_session_acl.pl.in

   1 #!@PERL@
   2 use strict;
   3 use DBI;
   4 use Getopt::Long;
   5 use Pod::Usage;
   6 $|=1;
   7
   8 =pod
   9
  10 =head1 NAME
  11
  12 ext_sql_session_acl.pl - SQL Database session lookup helper for Squid
  13
  14 =cut
  15
  16 my $dsn = "DBI:mysql:database=squid";
  17 my $db_user = undef;
  18 my $db_passwd = undef;
  19 my $db_table = "passwd";
  20 my $db_uidcol = "id";
  21 my $db_usercol = "''";
  22 my $db_tagcol = "''";
  23 my $db_cond = "enabled = 1";
  24 my $persist = 0;
  25 my $debug = 0;
  26
  27 =pod
  28
  29 =head1 SYNOPSIS
  30
  31 ext_sql_session_acl [options]
  32
  33 =head1 DESCRIPTION
  34
  35 Validates an HTTP requests access authorization with a session database.
  36
  37 Taking an identity token to be validated (as determined by the external_acl_type format)
  38 it returns a username or tag associated with the identity token passed in.
  39
  40 Common forms of identifiers are IP address, EUI (MAC) address, passwords, or UUID tokens.
  41
  42 This program uses Squid concurrency support.
  43
  44 =over 8
  45
  46 =item   B<--dsn>
  47
  48 Database DSN. Default "DBI:mysql:database=squid"
  49
  50 =item   B<--user>
  51
  52 Database User
  53
  54 =item   B<--password>
  55
  56 Database password
  57
  58 =item   B<--table>
  59
  60 Database table. Default "passwd".
  61
  62 =item   B<--uidcol>
  63
  64 Unique Session Identifier column. Default "id".
  65
  66 =item   B<--usercol>
  67
  68 External ACL user= result column.
  69
  70 =item   B<--tagcol>
  71
  72 External ACL tag= result column.
  73
  74 =item   B<--cond>
  75
  76 Condition, defaults to enabled=1. Specify 1 or "" for no condition
  77
  78 =item   B<--persist>
  79
  80 Keep a persistent database connection open between queries.
  81
  82 =item   B<--debug>
  83
  84 Print Debug output traces to stderr.
  85
  86 =back
  87
  88 =cut
  89
  90 GetOptions(
  91         'dsn=s' => \$dsn,
  92         'user=s' => \$db_user,
  93         'password=s' => \$db_passwd,
  94         'table=s' => \$db_table,
  95         'uidcol=s' => \$db_uidcol,
  96         'usercol=s' => \$db_usercol,
  97         'tagcol=s' => \$db_tagcol,
  98         'cond=s' => \$db_cond,
  99         'persist' => \$persist,
 100         'debug' => \$debug,
 101         );
 102
 103 my ($_dbh, $_sth);
 104
 105 sub close_db()
 106 {
 107     return if !defined($_dbh);
 108     undef $_sth;
 109     $_dbh->disconnect();
 110     undef $_dbh;
 111 }
 112
 113 sub open_db()
 114 {
 115     return $_sth if defined $_sth;
 116     $_dbh = DBI->connect($dsn, $db_user, $db_passwd);
 117     if (!defined $_dbh) {
 118         warn ("Could not connect to $dsn\n");
 119         return undef;
 120     }
 121     $_sth = $_dbh->prepare("SELECT $db_usercol as 'user', $db_tagcol as 'tag' FROM $db_table WHERE ($db_uidcol = ?) " .
 122                            ($db_cond ne "" ? " AND $db_cond" : "")) || die;
 123
 124     print(stderr "Query: SELECT $db_usercol as 'user', $db_tagcol as 'tag' FROM $db_table WHERE ($db_uidcol = ?) " .
 125                            ($db_cond ne "" ? " AND $db_cond" : "")) if ($debug);
 126
 127     return $_sth;
 128 }
 129
 130 sub query_db($) {
 131     my $uid = @_[0];
 132     my ($sth) = open_db() || return undef;
 133     print(stderr "UID queried: '".$uid."'\n") if ($debug);
 134     if (!$sth->execute($uid)) {
 135         close_db();
 136         open_db() || return undef;
 137         $sth->execute($uid) || return undef;;
 138     }
 139     return $sth;
 140 }
 141 my $status;
 142
 143 while (<>) {
 144     my $string = $_;
 145     $string =~ m/^(\d+)\s(.*)$/;
 146     my ($cid, $uid) = ($1, $2);
 147
 148     $status = "ERR";
 149     $cid =~ s/%(..)/pack("H*", $1)/ge;
 150     $uid =~ s/%(..)/pack("H*", $1)/ge;
 151
 152     print(stderr "Received: Channel=".$cid.", UID='".$uid."'\n") if ($debug);
 153
 154     $status = $cid . " ERR message=\"database error\"";
 155     my $sth = query_db($uid) || next;
 156     print(stderr "Rows: ". $sth->rows()."\n") if ($debug);
 157     $status = $cid . " ERR message=\"unknown UID '".$uid."'\"";
 158     my $row = $sth->fetchrow_hashref() || next;
 159     $status = $cid . " OK" . ($row->{'user'} ne "" ? " user=" . $row->{'user'} : "" ) . ($row->{'tag'} ne "" ? " tag=" . $row->{'tag'} : "" );
 160     $sth->finish();
 161 } continue {
 162     close_db() if (!$persist);
 163     print $status . "\n";
 164 }
 165
 166 =pod
 167
 168 =head1 COPYRIGHT
 169
 170  * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
 171  *
 172  * Squid software is distributed under GPLv2+ license and includes
 173  * contributions from numerous individuals and organizations.
 174  * Please see the COPYING and CONTRIBUTORS files for details.
 175
 176 Copyright (C) 2012 Amos Jeffries <amosjeffries@squid-cache.org>
 177 Based on original work in DB_auth by Henrik Nordstrom <henrik@henriknordstrom.net>
 178 With assistance of Nishant Sharma <codemarauder@gmail.com>
 179 This program is free software. You may redistribute copies of it under the
 180 terms of the GNU General Public License version 2, or (at your opinion) any
 181 later version.
 182
 183 =cut