]>
git.ipfire.org Git - thirdparty/squid.git/blob - helpers/external_acl/SQL_session/ext_sql_session_acl.pl.in
12 ext_sql_session_acl.pl - SQL Database session lookup helper for Squid
16 my $dsn = "DBI:mysql:database=squid";
18 my $db_passwd = undef;
19 my $db_table = "passwd";
21 my $db_usercol = "''";
23 my $db_cond = "enabled = 1";
31 ext_sql_session_acl [options]
35 Validates an HTTP requests access authorization with a session database.
37 Taking an identity token to be validated (as determined by the external_acl_type format)
38 it returns a username or tag associated with the identity token passed in.
40 Common forms of identifiers are IP address, EUI (MAC) address, passwords, or UUID tokens.
42 This program uses Squid concurrency support.
48 Database DSN. Default "DBI:mysql:database=squid"
60 Database table. Default "passwd".
64 Unique Session Identifier column. Default "id".
68 External ACL user= result column.
72 External ACL tag= result column.
76 Condition, defaults to enabled=1. Specify 1 or "" for no condition
80 Keep a persistent database connection open between queries.
84 Print Debug output traces to stderr.
92 'user=s' => \
$db_user,
93 'password=s' => \
$db_passwd,
94 'table=s' => \
$db_table,
95 'uidcol=s' => \
$db_uidcol,
96 'usercol=s' => \
$db_usercol,
97 'tagcol=s' => \
$db_tagcol,
98 'cond=s' => \
$db_cond,
99 'persist' => \
$persist,
107 return if !defined($_dbh);
115 return $_sth if defined $_sth;
116 $_dbh = DBI
->connect($dsn, $db_user, $db_passwd);
117 if (!defined $_dbh) {
118 warn ("Could not connect to $dsn\n");
121 $_sth = $_dbh->prepare("SELECT $db_usercol as 'user', $db_tagcol as 'tag' FROM $db_table WHERE ($db_uidcol = ?) " .
122 ($db_cond ne "" ?
" AND $db_cond" : "")) || die;
124 print(stderr
"Query: SELECT $db_usercol as 'user', $db_tagcol as 'tag' FROM $db_table WHERE ($db_uidcol = ?) " .
125 ($db_cond ne "" ?
" AND $db_cond" : "")) if ($debug);
132 my ($sth) = open_db
() || return undef;
133 print(stderr
"UID queried: '".$uid."'\n") if ($debug);
134 if (!$sth->execute($uid)) {
136 open_db
() || return undef;
137 $sth->execute($uid) || return undef;;
145 $string =~ m/^(\d+)\s(.*)$/;
146 my ($cid, $uid) = ($1, $2);
149 $cid =~ s/%(..)/pack("H*", $1)/ge;
150 $uid =~ s/%(..)/pack("H*", $1)/ge;
152 print(stderr
"Received: Channel=".$cid.", UID='".$uid."'\n") if ($debug);
154 $status = $cid . " ERR message=\"database error\"";
155 my $sth = query_db
($uid) || next;
156 print(stderr
"Rows: ". $sth->rows()."\n") if ($debug);
157 $status = $cid . " ERR message=\"unknown UID '".$uid."'\"";
158 my $row = $sth->fetchrow_hashref() || next;
159 $status = $cid . " OK" . ($row->{'user'} ne "" ?
" user=" . $row->{'user'} : "" ) . ($row->{'tag'} ne "" ?
" tag=" . $row->{'tag'} : "" );
162 close_db
() if (!$persist);
163 print $status . "\n";
170 * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
172 * Squid software is distributed under GPLv2+ license and includes
173 * contributions from numerous individuals and organizations.
174 * Please see the COPYING and CONTRIBUTORS files for details.
176 Copyright (C) 2012 Amos Jeffries <amosjeffries@squid-cache.org>
177 Based on original work in DB_auth by Henrik Nordstrom <henrik@henriknordstrom.net>
178 With assistance of Nishant Sharma <codemarauder@gmail.com>
179 This program is free software. You may redistribute copies of it under the
180 terms of the GNU General Public License version 2, or (at your opinion) any