autenticacion squid con php y mysql

confiurar squid

editar /etc/squid/squid.conf y cambiar linea

auth_param basic program /usr/sbin/pam_auth

por
auth_param basic program /usr/bin/php /usr/lib/squid/php_auth.php

configurar una base de datos

en mysql crear una base de datos con

DROP TABLE IF EXISTS `w4n_squidusersdb`;
CREATE TABLE IF NOT EXISTS `w4n_squidusersdb` (
  `SUD_USER` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT 'SUD_USER' COMMENT 'SUD_USER',
  `SUD_PASSWORD` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT 'SUD_PASSWORD' COMMENT 'SUD_PASSWORD',
  `SUD_DESCRIPTION` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT 'SUD_DESCRIPTION' COMMENT 'SUD_DESCRIPTION',
  `SUD_CREATED_AT` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT 'SUD_CREATED_AT' COMMENT 'SUD_CREATED_AT',
  `SUD_LAST_UPDATE` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT 'SUD_LAST_UPDATE' COMMENT 'SUD_LAST_UPDATE',
  `SUD_LAST_ACCESS` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT 'SUD_LAST_ACCESS' COMMENT 'SUD_LAST_ACCESS',
  `SUD_NOTES` text COLLATE utf8_unicode_ci NOT NULL COMMENT 'SUD_NOTES',
  `ENABLED` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT 'SUD_ENABLED' COMMENT 'SUD_ENABLED',
  PRIMARY KEY (`SUD_USER`),
  KEY `SUD_USER` (`SUD_USER`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci COMMENT='w4n_squidusersdb';
 
INSERT INTO `w4n_squidusersdb` (`SUD_USER`, `SUD_PASSWORD`, `SUD_DESCRIPTION`, `SUD_CREATED_AT`, `SUD_LAST_UPDATE`, `SUD_LAST_ACCESS`, `SUD_NOTES`, `ENABLED`) VALUES
('centos', 'centos', 'descripcion centos', '1377263061', '1377263061', '1377263061', 'comentario', '1'),

script para autenticacion

crear un archivo en /usr/lib64/squid/php_auth.php (en otros casos /usr/lib/squid/, o directorio especifico) e insertar el codigo

<?php
###!/usr/bin/php
 
$GLOBALS ["syssrv"] = "127.0.0.1";
$GLOBALS ["sysprt"] = "3306";
$GLOBALS ["sysusr"] = "root";
$GLOBALS ["syspas"] = "mec0vm201007";
$GLOBALS ["sysdbs"] = "web4net";
$GLOBALS ["systbl"] = "`w4n_squidusersdb`";
 
### check inpurt data to test user input
if (f_squid_login () !== FALSE) {
  fwrite (STDOUT, "OK\n");
}
else {
  fwrite (STDOUT, "ERR\n");
}
 
function f_squid_login () {
  @ $sesval = f_stdin_reader ();
  @ $username = $sesval [0]."";
  @ $password = $sesval [1]."";
  if (($username != "") AND ($password != "")) {
    ## return false when stdin is not an enable user and password
    if (f_data_check ($username, $password, "s") !== FALSE) {
      f_data_check ($username, $password, "u");
      $rt = TRUE;
    }
    else {
      $rt = FALSE;
    }
  }
  else {
    $rt = FALSE;
  }
  return $rt;
}
 
function f_data_check () {
  if (func_num_args () == 3) { $usr = func_get_arg (0).""; $pas = func_get_arg (1).""; $act = func_get_arg (2).""; }
  else { $usr = FALSE; $pas = FALSE; $act = FALSE; }
  if (($usr !== FALSE) AND ($pas !== FALSE) AND ($act !== FALSE)) {
    $sql0a = "SELECT * FROM ".$GLOBALS ["systbl"]."";
    $sql0b = "UPDATE ".$GLOBALS ["systbl"]."";
    $sql1b = "SET  `SUD_LAST_ACCESS` = UNIX_TIMESTAMP ()";
    $sql2 = "WHERE `SUD_USER` LIKE '".$usr."' AND `SUD_PASSWORD` LIKE '".$pas."' AND `ENABLED` = '1'";
    $sql3a = "LIMIT 1";
    if ($act == "s") {
      $sql = $sql0a." ".$sql2." ".$sql3a;
      $rt = f_mysql_sys ($sql);
    }
    elseif ($act == "u") {
      $sql = $sql0b." ".$sql1b." ".$sql2;
      $rt = f_mysql_sys ($sql);
    }
    else {
      $rt = FALSE;
    }
  }
  else {
    $rt = FALSE;
  }
  return $rt;
}
 
function f_stdin_reader () {
  ### rad the standard in value and return an array with 2 values
  $entry = fopen ("php://stdin", "r");
  $entry = fgets ($entry);
  $entry = str_replace ("\\n", "", trim ($entry));
  if (strstr ($entry, " ") !== FALSE) { $values = explode (" ", $entry); }
  else { $values = array ("", ""); }
  return $values;
}
 
function f_mysql_sys () {
  if (func_num_args () == 1) { $syssql = func_get_arg (0).""; }
  else { $syssql = "SHOW errors"; }
  @ $syscnx = mysql_connect ($GLOBALS ["syssrv"].":".$GLOBALS ["sysprt"], $GLOBALS ["sysusr"], $GLOBALS ["syspas"]);
  if ($syscnx !== FALSE) { 
    @ $sysdbc = mysql_select_db ($GLOBALS ["sysdbs"], $syscnx);
    if ($sysdbc !== FALSE) { 
      if (($rsql = mysql_query ($syssql, $syscnx)) !== FALSE) {
        $rt = $rsql;
      }
      else {
        $rt = FALSE;
      }
    }
    else {
      $rt = FALSE;
    }
    mysql_close ($syscnx);
  }
  else {
    $rt = FALSE;
  }
  return $rt;
}
?>

testing de script

echo "usuario contraseƱa\n" | php /usr/lib/squid/php_auth.php

Referencias

KSEltar
20130906 075822 PYT

Unless otherwise stated, the content of this page is licensed under GNU Free Documentation License.