From fb630e16c622a775e6f174f03179ac614d98ca09 Mon Sep 17 00:00:00 2001 From: Olaf Rempel Date: Tue, 4 Apr 2006 15:14:40 +0200 Subject: [PATCH] version 1.00 --- Makefile | 12 ++++++ format.css | 78 +++++++++++++++++++++++++++++++++ index.php | 120 +++++++++++++++++++++++++++++++++++++++++++++++++++ ip_check.c | 92 +++++++++++++++++++++++++++++++++++++++ ip_check.sql | 11 +++++ 5 files changed, 313 insertions(+) create mode 100644 Makefile create mode 100644 format.css create mode 100644 index.php create mode 100644 ip_check.c create mode 100644 ip_check.sql diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..49b3e42 --- /dev/null +++ b/Makefile @@ -0,0 +1,12 @@ +all: ip_check + +ip_check: ip_check.c + gcc -Wall -I/usr/include/mysql -L/usr/lib/mysql -lmysqlclient ip_check.c -o ip_check + +clean: + rm ip_check + +install: ip_check + rm -f /usr/lib/squid/ip_check + cp ip_check /usr/lib/squid/ + chmod 755 /usr/lib/squid/ip_check diff --git a/format.css b/format.css new file mode 100644 index 0000000..d23331d --- /dev/null +++ b/format.css @@ -0,0 +1,78 @@ +/* Allgemeines */ +p,ul,ol,li,td { + font-family: Arial,sans-serif; + font-size:9pt; + color:#000000; +} + +h1 { + font-family: Arial,sans-serif; + font-size:12pt; + color:#000000; + } + +h2 { + font-family: Arial,sans-serif; + font-size:10pt; + color:#000000; + } + +h3 { + font-family: Arial,sans-serif; + font-size:8pt; + color:#000000; + font-weight: normal; + } + +p.confirm { + color:#008000; +} + +p.fehler { + color:#CC0000; +} + +/* Tabellen */ + +td.navbar { + font-family:Arial,sans-serif; + font-size:9pt; + color:#FFFFFF; + text-decoration: none; + background-color:#333366; +} + +.navlink { + font-family:Arial,sans-serif; + font-size:9pt; + color:#FFFFFF; + text-decoration: none; + } +a.navlink:hover { text-decoration: underline; } + +/* Tabellen mit Hintegrundfarbe */ + +td.dblau { + background-color: #D8E0F9; + } +td.hblau { + background-color: #EFF3F7; + } + +/* Sitzplan */ + +td.sitzborder { + background-color:#666699; +} + +td.sitzcontent { + font-family:Arial,sans-serif; + font-size:9pt; + color:#FFFFFF; + text-decoration: none; + background-color:#333366; +} + +td.tiny { + font-size:8pt; +} \ No newline at end of file diff --git a/index.php b/index.php new file mode 100644 index 0000000..b34b256 --- /dev/null +++ b/index.php @@ -0,0 +1,120 @@ + + + + + +

Squid ACLs

+ + 32) { + $formerr= "Ungültige Netmask."; + } + } else { + $form['mask']= 32; + } + + // wenn kein fehler, dann in DB einfuegen + if (!isset($formerr)) { + $sql= "INSERT INTO acl SET ". + "flags = '".$form['acl']."', ". + "ip = INET_ATON('".$form['ip']."'), ". + "mask = '".$form['mask']."', ". + "url = '".$form['url']."', ". + "info = '".$form['info']."'"; + + mysql_query($sql); + unset($_POST); + + } else { + echo '

'.$formerr.'

'; + } + +} + +// keine form daten vorhanden -> defaults +if (!isset($_POST['form'])) { + $form= array("acl" => 2, "ip" => "", "mask" => 32, "url" => "", "info" => ""); +} + +?> + + +
+ + + + + + + + + + "ALLOW", 2 => "DENY"); + +$sql= "SELECT id, flags, INET_NTOA(ip) AS ip, mask, url, info FROM acl ORDER BY ip, url"; +$res= mysql_query($sql); + +$tdclass= "hblau"; +while ($row= mysql_fetch_assoc($res)) { + echo ''."\n". + ''."\n". + ''."\n". + ''."\n". + ''."\n"; + + $tdclass= ($tdclass == "hblau") ? "dblau" : "hblau"; +} +?> + + + + + + + + + +
ACLIP / MaskURLBeschreibungX
'.$aclArr[$row['flags']].''.$row['ip'].(($row['mask'] != 32) ? ' /'.$row['mask'] : '').''.$row['url'].''.$row['info'].'DEL
+ + \ No newline at end of file diff --git a/ip_check.c b/ip_check.c new file mode 100644 index 0000000..04ff797 --- /dev/null +++ b/ip_check.c @@ -0,0 +1,92 @@ +/* +** external Squid Auth via MySQL DB +** +** accepts/denys squid requests based on +** SRC ip and DST domain. +** +** (c) by 05/2004 Olaf 'razzor' Rempel +** razzor AT kopf MINUS tisch DOT de +*/ + +#include +#include +#include +#include +#include "mysql.h" + +#define DBHOST "localhost" +#define DBUSER "squid" +#define DBPASS "squid" +#define DBDATABASE "squid" + +#define RET_UNDEF 0 +#define RET_ALLOW 1 +#define RET_DENY 2 + +int main (int argc, char *argv[]) { + MYSQL mysql; + MYSQL_RES *result; + MYSQL_ROW row; + + char *cp, *ipstr, *urlstr; + char line[1024]; + char query[1024]; + int ret; + + setvbuf (stdout, NULL, _IOLBF, 0); + + mysql_init(&mysql); + if (!mysql_real_connect(&mysql, DBHOST, DBUSER, DBPASS, DBDATABASE, 0, NULL, 0)) { + printf("ERR\n"); + exit(-1); + } + + while (fgets (line, sizeof (line), stdin)) { + if ((cp= strchr (line, '\n')) != NULL) { + *cp= '\0'; + } + + if ((cp= strtok (line, " \t")) != NULL) { + ipstr= cp; + urlstr= strtok (NULL, " \t"); + + } else { + printf ("ERR\n"); + continue; + } + + sprintf(query, "SELECT flags FROM acl " \ + "WHERE inet_aton('%s') & pow(2, 32)-pow(2, 32 - mask) = ip & pow(2, 32) - pow(2, 32 - mask) AND " \ + "( url = RIGHT('%s', LENGTH(url)) OR url = '' )", ipstr, urlstr); + + mysql_query(&mysql, query); + result= mysql_store_result(&mysql); + + ret= RET_UNDEF; + while ((row= mysql_fetch_row(result))) { + // ALLOW + if (*row[0] == '1' && ret != RET_DENY) + ret= RET_ALLOW; + + // DENY + if (*row[0] == '2') + ret= RET_DENY; + } + + mysql_free_result(result); + result= NULL; + + switch (ret) { + case RET_ALLOW: + printf("OK\n"); + break; + + case RET_UNDEF: + case RET_DENY: + printf ("ERR\n"); + break; + } + } + return 0; +} + diff --git a/ip_check.sql b/ip_check.sql new file mode 100644 index 0000000..62ed64c --- /dev/null +++ b/ip_check.sql @@ -0,0 +1,11 @@ +DROP TABLE IF EXISTS acl; +CREATE TABLE acl ( + id int(11) NOT NULL auto_increment, + flags int(11) NOT NULL default '0', + ip int(10) unsigned NOT NULL default '0', + mask int(11) NOT NULL default '0', + url varchar(128) NOT NULL default '', + info varchar(32) NOT NULL default '', + PRIMARY KEY (id), + UNIQUE KEY unique01 (ip,mask,url) +) TYPE=MyISAM;