Search squid archive

Re: Groups and authorization SQUID

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/12/17 09:48, Edwin Quijada wrote:

------------------------------------------------------------------------
*From:* Antony Stone
On Saturday 09 December 2017 at 15:35:51, Edwin Quijada wrote:

> On Friday 08 December 2017 at 22:08:33, Edwin Quijada wrote:
> > > I have 4 different groups in my company each group has access different
>
> Please explain what "access different" means.

The first group has accees to 2 pages, second 3 differents pages and  3 and
4 everything

Okay, understood.


FYI: please be aware that HTTP has no concept of "page". That is a human UI concept. Squid and HTTP deal only with messages about URLs. A "page" as we know it can be many different transactions and URL messages.

We can get into that more later when you have auth working, just be aware for now that there is no natural connection between auth credentials and "page".


> > These groups and users are in a remote server
>
> What sort of server?  How are the groups defined?

It is a web server

Er, okay...

> > that I use with a webservice

> What does "webservice" mean?

Remote method/function that respond me when I sent  user/pass this respond
me with the group that user belongs I have another method/function/script
by http that respond me what is the group that user belongs

Okay, I guess it might be possible to get Squid to use ACLs based on the
result of an HTTP request, but I've never seen it done like this before.

This part is not a problem for me.

Maybe someone else on the list can suggest how this might be made to work.

> > so with I have created a helper for authorization
>
> Tell us how this helper works.

I thought that using a helper for autorization I can restricted the pages
used for each member group

Have you created a helper, or not?
Yes!!

If you have created one, please tell us how it works.

This helper that I created
<?php

$f = fopen("php://stdin", "r");
while (!(feof($f))) {
     $line = fgets($f);
     if ($line) {
         $fields = explode(' ', trim($line));
         $username = rawurldecode($fields[0]);
         $password = rawurldecode($fields[1]);
//
         if ($username=="edwin" &&  $password=="1234")
               fwrite(STDOUT, "OK\n");
         else
              fwrite(STDOUT, "ERR\n");
     }
}
?>
This helper is just for testing , but when I tested it doent work


What are your squid.conf settings using that helper?


FYI: PHP has known problems that prevent it being a successful helper language most of the time <https://wiki.squid-cache.org/Features/AddonHelpers#What_language_are_helper_meant_to_be_written_in.3F>

Squid bundles with *_fake_auth helpers you can base your code on when developing a custom helper. They handle the I/O with Squid properly for their matching Squid version and should be easily extended for doing actual auth checks.


> How does it identify one group from another?

Uhm...the structere are differents , really there are in different tables
in my DB that is in the server

So, you're doing an HTTP request to a web server, which then looks up the user
in a database, and returns a result as an HTTP response...

Surely it would be easier (and quicker / more efficient) to get Squid to
interrogate the database?

> > the problem is how can i do this ACL

I wouldn't start from there, so I hope someone else here can suggest a way of
getting this to work.


What made you start with this approach in the first place?

Now, I changed the approach , I just want one group for everything and other, localnet restricted,instead of use 4 groups just 2 one for admin, other for


The weird thing is this use of a web server as an intermediary between Squid and the actual user/group database. What made you use it in the first place instead of connecting Squid to the database?

[ I am one of the people who can help you get it to work, but it is only with the trouble doing at all if there is a good reason. Auth is a complex enough topic already just by itself. ]

Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux