-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I don't use database with ACL's. But I can make the assumption that it is necessary to dig in the direction of the database adapter Perl. 11.02.15 12:24, Ahmad пишет: > Thank you , can you show me a directive with that as an example > plz ? > > > -----Original Message----- From: squid-users > [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of > Yuri Voinov Sent: Tuesday, February 10, 2015 11:48 AM To: > squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: squid > access list based on sql database , is it possible ? > > basic_db_auth helper is included in Squid distribution. > > #!/usr/bin/perl > > use strict; use Pod::Usage; use Getopt::Long; > > =pod > > =head1 NAME > > basic_db_auth - Database auth helper for Squid > > =head1 SYNOPSIS > > basic_db_auth [options] > > =head1 DESCRIPTOIN > > This program verifies username & password to a database > > =head1 OPTIONS > > =over 12 > > =item B<--debug> > > Write debug info to stderr. > > =item B<--dsn> > > Database DSN. Default "DBI:mysql:database=squid" > > =item B<--user> > > Database User > > =item B<--password> > > Database password > > =item B<--table> > > Database table. Default "passwd". > > =item B<--usercol> > > Username column. Default "user". > > =item B<--passwdcol> > > Password column. Default "password". > > =item B<--cond> > > Condition, defaults to enabled=1. Specify 1 or "" for no condition > If you use --joomla flag, this condition will be changed to > block=0 > > =item B<--plaintext> > > Database contains plain-text passwords > > =item B<--md5> > > Database contains unsalted md5 passwords > > =item B<--salt> > > Selects the correct salt to evaluate passwords > > =item B<--persist> > > Keep a persistent database connection open between queries. > > =item B<--joomla> > > Tells helper that user database is Joomla DB. So their unusual > salt hashing is understood. > > =back > > =head1 AUTHOR > > This program was written by I<Henrik Nordstrom > <henrik@xxxxxxxxxxxxxxxxxxx>> and I<Luis Daniel Lucio Quiroz > <dlucio@xxxxxxxxxxx>> > > This manual was written by I<Henrik Nordstrom > <henrik@xxxxxxxxxxxxxxxxxxx>> > > =head1 COPYRIGHT > > * Copyright (C) 1996-2015 The Squid Software Foundation and > contributors * * Squid software is distributed under GPLv2+ license > and includes * contributions from numerous individuals and > organizations. * Please see the COPYING and CONTRIBUTORS files for > details. > > Copyright (C) 2007 Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> > Copyright (C) 2010 Luis Daniel Lucio Quiroz <dlucio@xxxxxxxxxxx> > (Joomla support) This program is free software. You may > redistribute copies of it under the terms of the GNU General Public > License version 2, or (at youropinion) any later version. > > =head1 QUESTIONS > > Questions on the usage of this program can be sent to the I<Squid > Users mailing list <squid-users@xxxxxxxxxxxxxxx>> > > =head1 REPORTING BUGS > > Bug reports need to be made in English. See > http://wiki.squid-cache.org/SquidFaq/BugReporting for details of > what you need to include with your bug report. > > Report bugs or bug fixes using http://bugs.squid-cache.org/ > > Report serious security bugs to I<Squid Bugs > <squid-bugs@xxxxxxxxxxxxxxx>> > > Report ideas for new improvements to the I<Squid Developers mailing > list <squid-dev@xxxxxxxxxxxxxxx>> > > =head1 SEE ALSO > > squid (8), GPL (7), > > The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq > > The Squid Configuration Manual > http://www.squid-cache.org/Doc/config/ > > =cut > > use DBI; use Digest::MD5 qw(md5 md5_hex md5_base64); > > my $dsn = "DBI:mysql:database=squid"; my $db_user = undef; my > $db_passwd = undef; my $db_table = "passwd"; my $db_usercol = > "user"; my $db_passwdcol = "password"; my $db_cond = "enabled = > 1"; my $plaintext = 0; my $md5 = 0; my $persist = 0; my $isjoomla = > 0; my $debug = 0; my $hashsalt = undef; > > GetOptions( 'dsn=s' => \$dsn, 'user=s' => \$db_user, 'password=s' > => \$db_passwd, 'table=s' => \$db_table, 'usercol=s' => > \$db_usercol, 'passwdcol=s' => \$db_passwdcol, 'cond=s' => > \$db_cond, 'plaintext' => \$plaintext, 'md5' => \$md5, 'persist' => > \$persist, 'joomla' => \$isjoomla, 'debug' => \$debug, 'salt=s' => > \$hashsalt, ); > > my ($_dbh, $_sth); $db_cond = "block = 0" if $isjoomla; > > sub close_db() { return if !defined($_dbh); undef $_sth; > $_dbh->disconnect(); undef $_dbh; } > > sub open_db() { return $_sth if defined $_sth; $_dbh = > DBI->connect($dsn, $db_user, $db_passwd); if (!defined $_dbh) { > warn ("Could not connect to $dsn\n"); my @driver_names = > DBI->available_drivers(); my $msg = "DSN drivers apparently > installed, available:\n"; foreach my $dn (@driver_names) { $msg .= > "\t$dn"; } warn($msg."\n"); return undef; } my $sql_query; > $sql_query = "SELECT $db_passwdcol FROM $db_table WHERE $db_usercol > = ?" . ($db_cond ne "" ? " AND $db_cond" : ""); $_sth = > $_dbh->prepare($sql_query) || die; return $_sth; } > > sub check_password($$) { my ($password, $key) = @_; > > if ($isjoomla){ my $salt; my $key2; ($key2,$salt) = split (/:/, > $key); return 1 if md5_hex($password.$salt).':'.$salt eq $key; } > else{ return 1 if defined $hashsalt && crypt($password, $hashsalt) > eq $key; return 1 if crypt($password, $key) eq $key; return 1 if > $md5 && md5_hex($password) eq $key; return 1 if $plaintext && > $password eq $key; } > > return 0; } > > sub query_db($) { my ($user) = @_; my ($sth) = open_db() || return > undef; if (!$sth->execute($user)) { close_db(); open_db() || return > undef; $sth->execute($user) || return undef;; } return $sth; } my > $status; > > $|=1; while (<>) { my ($user, $password) = split; $status = "ERR"; > $user =~ s/%(..)/pack("H*", $1)/ge; $password =~ s/%(..)/pack("H*", > $1)/ge; > > $status = "ERR database error"; my $sth = query_db($user) || next; > $status = "ERR unknown login"; my $row = $sth->fetchrow_arrayref() > || next; $status = "ERR login failure"; next if > (!check_password($password, @$row[0])); $status = "OK"; } continue > { close_db() if (!$persist); print $status . "\n"; } > > > 11.02.15 11:41, Ahmad пишет: >> Hi , > >> I need to do an access list that get info mysql database. > > > >> Can squid get info of accesslist from external db coloum ? > > > >> cheers > > > > >> _______________________________________________ squid-users >> mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx >> http://lists.squid-cache.org/listinfo/squid-users > > _______________________________________________ squid-users mailing > list squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJU2mscAAoJENNXIZxhPexGduIIAK3qmZ+zjTgGxv6nhfQ3TsJp pi5ed8H9vWTZFlC7HewHYWEImaoPc0Slzr+R6fJfEYvPLXKaJtYHbEDuTNjEUCI/ et72oe/YexYWJb52ztU7CsacW1TeUdcTGRsXIIOmAFmgDJEPX+dP8oqDHS4/pIzM Agn+1dk3X4E7XA7zEEH4rQSZ3T5mMKSTZfqDThoYOFCNdvA0Mw3Qz9r7IhRkpG2+ 9hkDa8ou5C5ezWhd5K73bdBBaKhpe23JN2pAaYDvWSIYHwQYyWBo+VGrlWtm7E7V de6UMQ1G1VWNdA0dbGtUx8DOvwfu47TFaqLCPW8rcDS0IzYbtFes5gpmiXTM3k4= =fPlO -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
