Re: [squid-users] authenticate_program and PHP

From: Daniël Mostertman <daniel@dont-contact.us>
Date: Sun, 8 Apr 2001 08:53:04 -0700

Hi Mark,

I've tried using PHP but since it's a web-language it always displays an
"content-type text/html" header
(or close), this way, it's not doing what it's supposed to, because it
should only give back OK or ERR.

Besides, the program should stay running in the background untill Squid
closes it's connection to it.
The PHP processor kills the PHP script after execution, and the output is
send to /dev/stderr, not stdout.

In case of MySQL authentication,this might be easier:
There's also a MySQL authentication program out there... I've got the
C-source right here...

You can specify the host/user/pass/db/table/user-row/pass-row and then
compile it...

We use this at the office for a pretty big amount of users and
we haven't experienced any problems as of yet...

I can't remember where I got it from, and in the source there's only an
e-mail address..

So here's the sourcecode from the file, just copy/paste it into mysql_auth.c
and enter this at the console (please note that you need to compile it with
linking to the mysql libs):

cc -I /usr/local/mysql/include -O -o mysql_auth mysql_auth.c -L
/usr/local/mysql/lib -lmysqlclient -lm

------------------------------------ CUT
HERE ------------------------------------
/*
 * mysql_auth.c
 *
 * Copyright 1998 Frank Liu (frank@ctcqnx4.ctc.cummins.com)
 * Distributed under the GPL
 *
 * 26 Sep 1999, version 2:
 * 1. fixed a bug where A_TABLE is defined but never used.
 * (thanks to luciano.ghezzi@linux.it)
 * 2. now you can choose to use either clear text password or
 * encrypted password in the MySQL table.
 * 13 Nov 1998, version 1:
 * initial release
 * Needs to be compiled/linked with MySQL libs.
 * Assuming MySQL header files are installed in /usr/local/mysql/include
 * and MySQL libs in /usr/local/mysql/lib
 *
 * On my Linux box:
 *
 * cc -I /usr/local/mysql/include -O -o mysql_auth mysql_auth.c \
       -L /usr/local/mysql/lib -lmysqlclient -lm
 *
 * Then modify the squid.conf to use this external auth program:
 *
 * authenticate_program /usr/local/squid/bin/mysql_auth
 *
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "mysql.h"

/* comment out next line if you use clear text password in MySQL DB */
#define ENCRYPTED_PASS

/* can use NULL for localhost, current user, or no password */
#define DBHOST "localhost"
#define DBUSER "nobody"
#define DB "www"
#define DBPASSWORD NULL

/* table for the user database for the squid authentication,
   column names for auth username and auth password */
#define A_TABLE "user"
#define A_USERNAME "username"
#define A_PASSWORD "passwd"

#define BUFSIZE 256

void main(int argc, char *argv[])
{
    char buf[BUFSIZE], qbuf[BUFSIZE];
    char *p;
    MYSQL mysql,*sock;
    MYSQL_RES *res;

    /* make standard output line buffered */
    if (setvbuf(stdout, NULL, _IOLBF, 0) != 0)
        return;

    while (1) {
        if (fgets(buf, BUFSIZE, stdin) == NULL)
            break;
        if ((p = strchr(buf, '\n')) != NULL)
            *p = '\0'; /* strip \n */
        if ((p = strchr(buf, ' ')) == NULL) {
            (void) printf("ERR\n");
            continue;
        }
        *p++ = '\0';

        /* buf is username and p is password now */

        if (!(sock = mysql_connect(&mysql, DBHOST, DBUSER, DBPASSWORD)))
        {
            /* couldn't connect to database server */
            (void) printf("ERR\n");
            continue;
        }
        if (mysql_select_db(sock, DB))
        {
            /* couldn't use the database */
            (void) printf("ERR\n");
            mysql_close(sock);
            continue;
        }
        sprintf(qbuf, "select " A_USERNAME " from " A_TABLE " where "
                       A_USERNAME "='%s' and " A_PASSWORD

#ifdef ENCRYPTED_PASS
                      "=password('%s')", buf, p);
#else
                      "='%s'", buf, p);
#endif
        if(mysql_query(sock,qbuf) || !(res=mysql_store_result(sock)))
        {
            /* query failed */
            (void) printf("ERR\n");
            mysql_close(sock);
            continue;
        }
        if ( res->row_count !=0 )
            (void) printf("OK\n");
        else
            (void) printf("ERR\n");
        mysql_free_result(res);
        mysql_close(sock);
    }
    exit(0);
}
------------------------------------ CUT
HERE ------------------------------------

This works perfectly!

// Daniël

----- Original Message -----
From: "Mark Hall" <mark@smallplanetonline.com>
To: <squid-users@squid-cache.org>
Sent: Saturday, April 07, 2001 6:24 PM
Subject: [squid-users] authenticate_program and PHP

> I work at a 7-12 school, and we use the squid proxy server to accelerate
> web access. I've recently learned that squid contains a
> authenticate_program command that can be used to connect to a mysql
> database to authenticate users and track their surfing. The example I
heard
> about uses perl, but I was wondering if anyone has any experience merging
> squid with mysql via PHP?
>
> I'm a coding newbie, so any specific examples would be greatly
appreciated!
>
Received on Sat Apr 07 2001 - 23:48:18 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:11 MST