src/acl/external/SQL_session/ext_sql_session_acl.pl.in

   1 #!@PERL@
   2
   3 use strict;
   4 use Getopt::Long;
   5 use Pod::Usage;
   6
   7 =pod
   8
   9 =head1 NAME
  10
  11  ext_sql_session_acl - SQL Database session lookup helper for Squid
  12
  13 =head1 SYNOPSIS
  14
  15  ext_sql_session_acl [options]
  16
  17 =head1 DESCRIPTION
  18
  19 Validates an HTTP requests access authorization with a session database.
  20
  21 Taking an identity token to be validated (as determined by the external_acl_type format)
  22 it returns a username or tag associated with the identity token passed in.
  23
  24 Common forms of identifiers are IP address, EUI (MAC) address, passwords, or UUID tokens.
  25
  26 This program uses Squid concurrency support.
  27
  28 =head1 OPTIONS
  29
  30 =over 12
  31
  32 =item B<--dsn>
  33
  34 Database DSN. Default "DBI:mysql:database=squid"
  35
  36 =item B<--user>
  37
  38 Database User
  39
  40 =item B<--password>
  41
  42 Database password
  43
  44 =item B<--table>
  45
  46 Database table. Default "passwd".
  47
  48 =item B<--uidcol>
  49
  50 Unique Session Identifier column. Default "id".
  51
  52 =item B<--usercol>
  53
  54 External ACL user= result column.
  55
  56 =item B<--tagcol>
  57
  58 External ACL tag= result column.
  59
  60 =item B<--cond>
  61
  62 Condition, defaults to enabled=1. Specify 1 or "" for no condition
  63
  64 =item B<--persist>
  65
  66 Keep a persistent database connection open between queries.
  67
  68 =item B<--debug>
  69
  70 Write debug info to stderr.
  71
  72 =back
  73
  74 =head1 AUTHOR
  75
  76 This program and documentation was written by I<Amos Jeffries <amosjeffries@squid-cache.org>>
  77
  78 Based on original work in DB_auth by Henrik Nordstrom <henrik@henriknordstrom.net>
  79 With assistance of Nishant Sharma <codemarauder@gmail.com>
  80
  81 =head1 COPYRIGHT
  82
  83  * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
  84  *
  85  * Squid software is distributed under GPLv2+ license and includes
  86  * contributions from numerous individuals and organizations.
  87  * Please see the COPYING and CONTRIBUTORS files for details.
  88
  89  Copyright (C) 2012 Amos Jeffries <amosjeffries@squid-cache.org>
  90
  91  This program is free software. You may redistribute copies of it under the
  92  terms of the GNU General Public License version 2, or (at your opinion) any
  93  later version.
  94
  95 =head1 QUESTIONS
  96
  97 Questions on the usage of this program can be sent to the I<Squid Users mailing list <squid-users@lists.squid-cache.org>>
  98
  99 =head1 REPORTING BUGS
 100
 101 Bug reports need to be made in English.
 102 See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
 103
 104 Report bugs or bug fixes using http://bugs.squid-cache.org/
 105
 106 Report serious security bugs to I<Squid Bugs <squid-bugs@lists.squid-cache.org>>
 107
 108 Report ideas for new improvements to the I<Squid Developers mailing list <squid-dev@lists.squid-cache.org>>
 109
 110 =head1 SEE ALSO
 111
 112 squid (8), GPL (7),
 113
 114 The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq
 115
 116 The Squid Configuration Manual http://www.squid-cache.org/Doc/config/
 117
 118 =cut
 119
 120 use DBI;
 121
 122 my $dsn = "DBI:mysql:database=squid";
 123 my $db_user = undef;
 124 my $db_passwd = undef;
 125 my $db_table = "passwd";
 126 my $db_uidcol = "id";
 127 my $db_usercol = "''";
 128 my $db_tagcol = "''";
 129 my $db_cond = "enabled = 1";
 130 my $persist = 0;
 131 my $debug = 0;
 132
 133 GetOptions(
 134     'dsn=s' => \$dsn,
 135     'user=s' => \$db_user,
 136     'password=s' => \$db_passwd,
 137     'table=s' => \$db_table,
 138     'uidcol=s' => \$db_uidcol,
 139     'usercol=s' => \$db_usercol,
 140     'tagcol=s' => \$db_tagcol,
 141     'cond=s' => \$db_cond,
 142     'persist' => \$persist,
 143     'debug' => \$debug,
 144     );
 145
 146 my ($_dbh, $_sth);
 147
 148 sub close_db()
 149 {
 150     return if !defined($_dbh);
 151     undef $_sth;
 152     $_dbh->disconnect();
 153     undef $_dbh;
 154 }
 155
 156 sub open_db()
 157 {
 158     return $_sth if defined $_sth;
 159     $_dbh = DBI->connect($dsn, $db_user, $db_passwd);
 160     if (!defined $_dbh) {
 161         warn ("Could not connect to $dsn\n");
 162         return undef;
 163     }
 164     $_sth = $_dbh->prepare("SELECT $db_usercol as 'user', $db_tagcol as 'tag' FROM $db_table WHERE ($db_uidcol = ?) " .
 165             ($db_cond ne "" ? " AND $db_cond" : "")) || die;
 166
 167     print(stderr "Query: SELECT $db_usercol as 'user', $db_tagcol as 'tag' FROM $db_table WHERE ($db_uidcol = ?) " .
 168             ($db_cond ne "" ? " AND $db_cond" : "")) if ($debug);
 169
 170     return $_sth;
 171 }
 172
 173 sub query_db($) {
 174     my $uid = @_[0];
 175     my ($sth) = open_db() || return undef;
 176     print(stderr "UID queried: '".$uid."'\n") if ($debug);
 177     if (!$sth->execute($uid)) {
 178         close_db();
 179         open_db() || return undef;
 180         $sth->execute($uid) || return undef;;
 181     }
 182     return $sth;
 183 }
 184 my $status;
 185
 186 $|=1;
 187 while (<>) {
 188     my $string = $_;
 189     $string =~ m/^(\d+)\s(.*)$/;
 190     my ($cid, $uid) = ($1, $2);
 191
 192     $status = "ERR";
 193     $cid =~ s/%(..)/pack("H*", $1)/ge;
 194     $uid =~ s/%(..)/pack("H*", $1)/ge;
 195
 196     print(stderr "Received: Channel=".$cid.", UID='".$uid."'\n") if ($debug);
 197
 198     $status = $cid . " BH message=\"database error\"";
 199     my $sth = query_db($uid) || next;
 200     print(stderr "Rows: ". $sth->rows()."\n") if ($debug);
 201     $status = $cid . " ERR message=\"unknown UID '".$uid."'\"";
 202     my $row = $sth->fetchrow_hashref() || next;
 203     $status = $cid . " OK" . ($row->{'user'} ne "" ? " user=" . $row->{'user'} : "" ) . ($row->{'tag'} ne "" ? " tag=" . $row->{'tag'} : "" );
 204     $sth->finish();
 205 } continue {
 206     close_db() if (!$persist);
 207     print $status . "\n";
 208 }