Hi,
I just thought I'd share the script I have for the squid side, maybe
someone finds it useful.
I wrote in PHP because I wanted to use prepared statements and am most
familiar with PDO.
Now my logs have usernames but squid does not allow me to make
proxy_auth acls since I have no auth mechanism configured (this
particular squid instance is a museum piece - 2.6, soon to be
replaced), if this issue also exists in squid 3.1 then how would I
control users based on a username returned through an external ACL?
Thanks,
Eli
The code:
#!/usr/bin/php
<?php
/*****
* Developed for the Jerusalem College of Technology Computer Center
by E.S. Rosenberg aka Keeper of the Keys
* 2012/5772
* Released on: 2/May/2012 - 10 Iyar 5772
* License: GNU GPLv2
****
* Short: external ACL helper for squid that allows associating
usernames in a database with IPs.
****
* Description:
* This script is running in a never ending loop and reads an IP
address from stdin.
* It then queries a database about the username currently associated
with that IP.
* If a name is associated it returns "OK user=username".
* Else it returns "ERR"
****
* Depends:
* - PHP5.x with PDO (tested & working on 5.1 but highly recommended to use 5.3+
*****/
$db['server'] = '';
$db['db'] = '';
$db['user'] = '';
$db['passwd'] = '';
try {
$pdo_con = new
PDO("mysql:host=".$db['server'].";dbname=".$db['db'], $db['user'],
$db['passwd'], array(PDO::ATTR_PERSISTENT => true));
}
catch (PDOException $e) {
echo "Error!: " . $e->getMessage() "\n";
die();
}
//Prepare the Stored Procedure, so that it executes faster.
//Our stored procedure is basically a select `username` where `ip` = ?
$query = $pdo_con->prepare('call `db_name_here`.`procedure_name_here` ( ? )');
$query->bindParam(1, $ip, PDO::PARAM_STR, 40);
//Loop to answer squid.
while(1) {
$line = trim(fgets(STDIN));
$ip = $line;
$res = $query->execute();
handle_PDO_error($query);
if($res) {
$res = $query->fetch(PDO::FETCH_ASSOC);
}
//Even though the result set should be just one row php seems to have
a problem with prepared stored procedures...
closeCursor($query);
if(isset($res['user']) && $res['user'] != '') {
echo $line[0] ." OK user=". $res['user'] ."\n";
} else {
echo "ERR\n";
}
}
function handle_PDO_error($pdoObject) {
if($pdoObject->errorCode() != '00000') {
fwrite(STDERR, "Sorry, Database error: ". $pdoObject->errorCode() ."\n");
fwrite(STDERR, var_dump($pdoObject->errorInfo()));
}
}
/**
* From: http://il.php.net/manual/en/pdostatement.closecursor.php
* @param PDOStatement $oStm
*/
function closeCursor($oStm) {
do $oStm->fetchAll();
while ($oStm->nextRowSet());
}
?>
2012/4/10 akadimi <amine.kadimi@xxxxxxxxx>:
> Hi Amos,
>
> Could you give me more details on your new session helper as soon as it
> becomes available.
>
> Regards,
>
> --
> View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/external-acl-code-examples-tp4424505p4546016.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
