]>
git.ipfire.org Git - thirdparty/squid.git/blob - helpers/external_acl/SQL_session/ext_sql_session_acl.pl.in
11 ext_sql_session_acl - SQL Database session lookup helper for Squid
15 ext_sql_session_acl [options]
19 Validates an HTTP requests access authorization with a session database.
21 Taking an identity token to be validated (as determined by the external_acl_type format)
22 it returns a username or tag associated with the identity token passed in.
24 Common forms of identifiers are IP address, EUI (MAC) address, passwords, or UUID tokens.
26 This program uses Squid concurrency support.
34 Database DSN. Default "DBI:mysql:database=squid"
46 Database table. Default "passwd".
50 Unique Session Identifier column. Default "id".
54 External ACL user= result column.
58 External ACL tag= result column.
62 Condition, defaults to enabled=1. Specify 1 or "" for no condition
66 Keep a persistent database connection open between queries.
70 Write debug info to stderr.
76 This program and documentation was written by I<Amos Jeffries <amosjeffries@squid-cache.org>>
78 Based on original work in DB_auth by Henrik Nordstrom <henrik@henriknordstrom.net>
79 With assistance of Nishant Sharma <codemarauder@gmail.com>
83 * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
85 * Squid software is distributed under GPLv2+ license and includes
86 * contributions from numerous individuals and organizations.
87 * Please see the COPYING and CONTRIBUTORS files for details.
89 Copyright (C) 2012 Amos Jeffries <amosjeffries@squid-cache.org>
91 This program is free software. You may redistribute copies of it under the
92 terms of the GNU General Public License version 2, or (at your opinion) any
97 Questions on the usage of this program can be sent to the I<Squid Users mailing list <squid-users@squid-cache.org>>
101 Bug reports need to be made in English.
102 See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
104 Report bugs or bug fixes using http://bugs.squid-cache.org/
106 Report serious security bugs to I<Squid Bugs <squid-bugs@squid-cache.org>>
108 Report ideas for new improvements to the I<Squid Developers mailing list <squid-dev@squid-cache.org>>
114 The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq
116 The Squid Configuration Manual http://www.squid-cache.org/Doc/config/
122 my $dsn = "DBI:mysql:database=squid";
124 my $db_passwd = undef;
125 my $db_table = "passwd";
126 my $db_uidcol = "id";
127 my $db_usercol = "''";
128 my $db_tagcol = "''";
129 my $db_cond = "enabled = 1";
135 'user=s' => \
$db_user,
136 'password=s' => \
$db_passwd,
137 'table=s' => \
$db_table,
138 'uidcol=s' => \
$db_uidcol,
139 'usercol=s' => \
$db_usercol,
140 'tagcol=s' => \
$db_tagcol,
141 'cond=s' => \
$db_cond,
142 'persist' => \
$persist,
150 return if !defined($_dbh);
158 return $_sth if defined $_sth;
159 $_dbh = DBI
->connect($dsn, $db_user, $db_passwd);
160 if (!defined $_dbh) {
161 warn ("Could not connect to $dsn\n");
164 $_sth = $_dbh->prepare("SELECT $db_usercol as 'user', $db_tagcol as 'tag' FROM $db_table WHERE ($db_uidcol = ?) " .
165 ($db_cond ne "" ?
" AND $db_cond" : "")) || die;
167 print(stderr
"Query: SELECT $db_usercol as 'user', $db_tagcol as 'tag' FROM $db_table WHERE ($db_uidcol = ?) " .
168 ($db_cond ne "" ?
" AND $db_cond" : "")) if ($debug);
175 my ($sth) = open_db
() || return undef;
176 print(stderr
"UID queried: '".$uid."'\n") if ($debug);
177 if (!$sth->execute($uid)) {
179 open_db
() || return undef;
180 $sth->execute($uid) || return undef;;
189 $string =~ m/^(\d+)\s(.*)$/;
190 my ($cid, $uid) = ($1, $2);
193 $cid =~ s/%(..)/pack("H*", $1)/ge;
194 $uid =~ s/%(..)/pack("H*", $1)/ge;
196 print(stderr
"Received: Channel=".$cid.", UID='".$uid."'\n") if ($debug);
198 $status = $cid . " ERR message=\"database error\"";
199 my $sth = query_db
($uid) || next;
200 print(stderr
"Rows: ". $sth->rows()."\n") if ($debug);
201 $status = $cid . " ERR message=\"unknown UID '".$uid."'\"";
202 my $row = $sth->fetchrow_hashref() || next;
203 $status = $cid . " OK" . ($row->{'user'} ne "" ?
" user=" . $row->{'user'} : "" ) . ($row->{'tag'} ne "" ?
" tag=" . $row->{'tag'} : "" );
206 close_db
() if (!$persist);
207 print $status . "\n";