source: squid-ssl/trunk/fuentes/helpers/external_acl/SQL_session/ext_sql_session_acl @ 5495

Last change on this file since 5495 was 5495, checked in by Juanma, 23 months ago

Initial release

File size: 4.9 KB
Line 
1#!/usr/bin/perl
2
3use strict;
4use Getopt::Long;
5use Pod::Usage;
6
7=pod
8
9=head1 NAME
10
11 ext_sql_session_acl - SQL Database session lookup helper for Squid
12
13=head1 SYNOPSIS
14
15 ext_sql_session_acl [options]
16
17=head1 DESCRIPTION
18
19Validates an HTTP requests access authorization with a session database.
20
21Taking an identity token to be validated (as determined by the external_acl_type format)
22it returns a username or tag associated with the identity token passed in.
23
24Common forms of identifiers are IP address, EUI (MAC) address, passwords, or UUID tokens.
25
26This program uses Squid concurrency support.
27
28=head1 OPTIONS
29
30=over 12
31
32=item B<--dsn>
33
34Database DSN. Default "DBI:mysql:database=squid"
35
36=item B<--user>
37
38Database User
39
40=item B<--password>
41
42Database password
43
44=item B<--table>
45
46Database table. Default "passwd".
47
48=item B<--uidcol>
49
50Unique Session Identifier column. Default "id".
51
52=item B<--usercol>
53
54External ACL user= result column.
55
56=item B<--tagcol>
57
58External ACL tag= result column.
59
60=item B<--cond>
61
62Condition, defaults to enabled=1. Specify 1 or "" for no condition
63
64=item B<--persist>
65
66Keep a persistent database connection open between queries.
67
68=item B<--debug>
69
70Write debug info to stderr.
71
72=back
73
74=head1 AUTHOR
75
76This program and documentation was written by I<Amos Jeffries <amosjeffries@squid-cache.org>>
77
78Based on original work in DB_auth by Henrik Nordstrom <henrik@henriknordstrom.net>
79With assistance of Nishant Sharma <codemarauder@gmail.com>
80
81=head1 COPYRIGHT
82
83 * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
84 *
85 * Squid software is distributed under GPLv2+ license and includes
86 * contributions from numerous individuals and organizations.
87 * Please see the COPYING and CONTRIBUTORS files for details.
88
89 Copyright (C) 2012 Amos Jeffries <amosjeffries@squid-cache.org>
90
91 This program is free software. You may redistribute copies of it under the
92 terms of the GNU General Public License version 2, or (at your opinion) any
93 later version.
94
95=head1 QUESTIONS
96
97Questions on the usage of this program can be sent to the I<Squid Users mailing list <squid-users@squid-cache.org>>
98
99=head1 REPORTING BUGS
100
101Bug reports need to be made in English.
102See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
103
104Report bugs or bug fixes using http://bugs.squid-cache.org/
105
106Report serious security bugs to I<Squid Bugs <squid-bugs@squid-cache.org>>
107
108Report ideas for new improvements to the I<Squid Developers mailing list <squid-dev@squid-cache.org>>
109
110=head1 SEE ALSO
111
112squid (8), GPL (7),
113
114The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq
115
116The Squid Configuration Manual http://www.squid-cache.org/Doc/config/
117
118=cut
119
120use DBI;
121
122my $dsn = "DBI:mysql:database=squid";
123my $db_user = undef;
124my $db_passwd = undef;
125my $db_table = "passwd";
126my $db_uidcol = "id";
127my $db_usercol = "''";
128my $db_tagcol = "''";
129my $db_cond = "enabled = 1";
130my $persist = 0;
131my $debug = 0;
132
133GetOptions(
134        'dsn=s' => \$dsn,
135        'user=s' => \$db_user,
136        'password=s' => \$db_passwd,
137        'table=s' => \$db_table,
138        'uidcol=s' => \$db_uidcol,
139        'usercol=s' => \$db_usercol,
140        'tagcol=s' => \$db_tagcol,
141        'cond=s' => \$db_cond,
142        'persist' => \$persist,
143        'debug' => \$debug,
144        );
145
146my ($_dbh, $_sth);
147
148sub close_db()
149{
150    return if !defined($_dbh);
151    undef $_sth;
152    $_dbh->disconnect();
153    undef $_dbh;
154}
155
156sub open_db()
157{
158    return $_sth if defined $_sth;
159    $_dbh = DBI->connect($dsn, $db_user, $db_passwd);
160    if (!defined $_dbh) {
161        warn ("Could not connect to $dsn\n");
162        return undef;
163    }
164    $_sth = $_dbh->prepare("SELECT $db_usercol as 'user', $db_tagcol as 'tag' FROM $db_table WHERE ($db_uidcol = ?) " .
165                           ($db_cond ne "" ? " AND $db_cond" : "")) || die;
166
167    print(stderr "Query: SELECT $db_usercol as 'user', $db_tagcol as 'tag' FROM $db_table WHERE ($db_uidcol = ?) " .
168                           ($db_cond ne "" ? " AND $db_cond" : "")) if ($debug);
169
170    return $_sth;
171}
172
173sub query_db($) {
174    my $uid = @_[0];
175    my ($sth) = open_db() || return undef;
176    print(stderr "UID queried: '".$uid."'\n") if ($debug);
177    if (!$sth->execute($uid)) {
178        close_db();
179        open_db() || return undef;
180        $sth->execute($uid) || return undef;;
181    }
182    return $sth;
183}
184my $status;
185
186$|=1;
187while (<>) {
188    my $string = $_;
189    $string =~ m/^(\d+)\s(.*)$/;
190    my ($cid, $uid) = ($1, $2);
191
192    $status = "ERR";
193    $cid =~ s/%(..)/pack("H*", $1)/ge;
194    $uid =~ s/%(..)/pack("H*", $1)/ge;
195
196    print(stderr "Received: Channel=".$cid.", UID='".$uid."'\n") if ($debug);
197
198    $status = $cid . " ERR message=\"database error\"";
199    my $sth = query_db($uid) || next;
200    print(stderr "Rows: ". $sth->rows()."\n") if ($debug);
201    $status = $cid . " ERR message=\"unknown UID '".$uid."'\"";
202    my $row = $sth->fetchrow_hashref() || next;
203    $status = $cid . " OK" . ($row->{'user'} ne "" ? " user=" . $row->{'user'} : "" ) . ($row->{'tag'} ne "" ? " tag=" . $row->{'tag'} : "" );
204    $sth->finish();
205} continue {
206    close_db() if (!$persist);
207    print $status . "\n";
208}
Note: See TracBrowser for help on using the repository browser.