version 1.00

2006-04-04 15:14:40 +02:00 · 2006-04-04 15:14:40 +02:00 · fb630e16c6
commit fb630e16c6
5 changed files with 313 additions and 0 deletions
--- a/12
+++ b/12
@ -0,0 +1,12 @@
+all: ip_check
+
+ip_check: ip_check.c
+	gcc -Wall -I/usr/include/mysql -L/usr/lib/mysql -lmysqlclient ip_check.c -o ip_check
+
+clean:
+	rm ip_check
+
+install: ip_check
+	rm -f /usr/lib/squid/ip_check
+	cp ip_check /usr/lib/squid/
+	chmod 755 /usr/lib/squid/ip_check
--- a/format.css
+++ b/format.css
@ -0,0 +1,78 @@
+/* Allgemeines */
+p,ul,ol,li,td {
+        font-family: Arial,sans-serif;
+        font-size:9pt;
+        color:#000000;
+}
+
+h1      {
+        font-family: Arial,sans-serif;
+        font-size:12pt;
+        color:#000000;
+        }
+
+h2      {
+        font-family: Arial,sans-serif;
+        font-size:10pt;
+        color:#000000;
+        }
+
+h3      {
+        font-family: Arial,sans-serif;
+        font-size:8pt;
+        color:#000000;
+        font-weight: normal;
+        }
+
+p.confirm {
+        color:#008000;
+}
+
+p.fehler {
+        color:#CC0000;
+}
+
+/* Tabellen */
+
+td.navbar {
+        font-family:Arial,sans-serif;
+        font-size:9pt;
+        color:#FFFFFF;
+        text-decoration: none;
+        background-color:#333366;
+}
+
+.navlink {
+        font-family:Arial,sans-serif;
+        font-size:9pt;
+        color:#FFFFFF;
+        text-decoration: none;
+        }
+a.navlink:hover { text-decoration: underline; }
+
+/* Tabellen mit Hintegrundfarbe */
+
+td.dblau {
+        background-color: #D8E0F9;
+        }
+td.hblau {
+        background-color: #EFF3F7;
+        }
+
+/* Sitzplan */
+
+td.sitzborder {
+        background-color:#666699;
+}
+
+td.sitzcontent {
+        font-family:Arial,sans-serif;
+        font-size:9pt;
+        color:#FFFFFF;
+        text-decoration: none;
+        background-color:#333366;
+}
+
+td.tiny {
+  font-size:8pt;
+}
--- a/index.php
+++ b/index.php
@ -0,0 +1,120 @@
+<?php
+define ("DBHOST", "localhost");
+define ("DBUSER", "squid");
+define ("DBPASS", "squid");
+define ("DBDATABASE", "squid");
+
+mysql_pconnect(DBHOST, DBUSER, DBPASS) or die("");
+mysql_select_db(DBDATABASE) or die("");
+?>
+
+<html><head>
+<link rel="stylesheet" type="text/css" href="format.css">
+</head><body bgcolor="#FFFFFF">
+<h1>Squid ACLs</h1>
+
+<?php
+if (isset($_GET['del'])) {
+    $sql= "DELETE FROM acl WHERE id = '".$_GET['del']."'";
+    mysql_query($sql);
+}
+
+//
+if (isset($_POST['form'])) {
+    $form= $_POST['form'];
+
+    // ACL targets abpruefen
+    if ($form['acl'] != 1 && $form['acl'] != 2)
+        $formerr= "Unbekanntes ACL Target.";
+
+
+    // IP aufspalten
+    $ip= explode("/", trim($form['fullip']));
+    $iplong= ip2long($ip[0]);
+
+    // IP gueltig?
+    if (trim($ip[0]) == long2ip($iplong)) {
+        $form['ip']= long2ip($iplong);
+    } else {
+        $form['ip']= trim($ip[0]);
+        $formerr= "Ung&uuml;ltige IP.";
+    }
+
+    // mask gueltig?
+    if (isset($ip[1])) {
+        $form['mask']= trim($ip[1]);
+        if ($ip[1] <= 0 || $ip[1] > 32) {
+            $formerr= "Ung&uuml;ltige Netmask.";
+        }
+    } else {
+        $form['mask']= 32;
+    }
+
+    // wenn kein fehler, dann in DB einfuegen
+    if (!isset($formerr)) {
+        $sql= "INSERT INTO acl SET ".
+              "flags = '".$form['acl']."', ".
+              "ip = INET_ATON('".$form['ip']."'), ".
+              "mask = '".$form['mask']."', ".
+              "url = '".$form['url']."', ".
+              "info = '".$form['info']."'";
+
+        mysql_query($sql);
+        unset($_POST);
+
+    } else {
+        echo '<p class="fehler">'.$formerr.'</p>';
+    }
+
+}
+
+// keine form daten vorhanden -> defaults
+if (!isset($_POST['form'])) {
+    $form= array("acl" => 2, "ip" => "", "mask" => 32, "url" => "", "info" => "");
+}
+
+?>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td class="navbar">
+<table width="100%" cellspacing="1" cellpadding="3">
+  <tr>
+    <td class="navbar" align="center"><b>ACL</b></td>
+    <td class="navbar" align="center"><b>IP / Mask</b></td>
+    <td class="navbar" align="center"><b>URL</b></td>
+    <td class="navbar" align="center"><b>Beschreibung</b></td>
+    <td class="navbar" align="center"><b>X</b></td>
+  </tr>
+
+<?php
+$aclArr= array(1 => "ALLOW", 2 => "DENY");
+
+$sql= "SELECT id, flags, INET_NTOA(ip) AS ip, mask, url, info FROM acl ORDER BY ip, url";
+$res= mysql_query($sql);
+
+$tdclass= "hblau";
+while ($row= mysql_fetch_assoc($res)) {
+    echo '<tr><td class="'.$tdclass.'" align="center">'.$aclArr[$row['flags']].'</td>'."\n".
+         '<td class="'.$tdclass.'">'.$row['ip'].(($row['mask'] != 32) ? ' /'.$row['mask'] : '').'</td>'."\n".
+         '<td class="'.$tdclass.'"><a href="http://'.$row['url'].'" target="_blank">'.$row['url'].'</td>'."\n".
+         '<td class="'.$tdclass.'">'.$row['info'].'</td>'."\n".
+         '<td class="'.$tdclass.'" align="center"><a href="'.$_SERVER['PHP_SELF'].'?del='.$row['id'].'"><font color="#ff0000">DEL</font></td></tr>'."\n";
+
+    $tdclass= ($tdclass == "hblau") ? "dblau" : "hblau";
+}
+?>
+
+<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" name="squid">
+<tr><td class="dblau"><select name="form[acl]">
+  <option value="1" <?php if ($form['acl'] == 1) echo "selected"; ?>>ALLOW</option>
+  <option value="2" <?php if ($form['acl'] == 2) echo "selected"; ?>>DENY</option>
+</select></td>
+<td class="dblau"><input type="text" name="form[fullip]" value="<?php echo $form['ip'].(($form['mask'] != 32) ? ' /'.$form['mask'] : '') ?>"></td>
+<td class="dblau"><input type="text" name="form[url]" value="<?php echo $form['url'] ?>"></td>
+<td class="dblau"><input type="text" name="form[info]" value="<?php echo $form['info'] ?>"></td>
+<td class="dblau"><input type="submit" value="ADD"></td></tr>
+</form>
+
+</table></td></tr></table>
+
+</body></html>
--- a/ip_check.c
+++ b/ip_check.c
@ -0,0 +1,92 @@
+/*
+** external Squid Auth via MySQL DB
+**
+** accepts/denys squid requests based on
+** SRC ip and DST domain.
+**
+** (c) by 05/2004 Olaf 'razzor' Rempel
+** razzor AT kopf MINUS tisch DOT de
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include "mysql.h"
+
+#define DBHOST "localhost"
+#define DBUSER "squid"
+#define DBPASS "squid"
+#define DBDATABASE "squid"
+
+#define RET_UNDEF 0
+#define RET_ALLOW 1
+#define RET_DENY  2
+
+int main (int argc, char *argv[]) {
+    MYSQL mysql;
+    MYSQL_RES *result;
+    MYSQL_ROW row;
+
+    char *cp, *ipstr, *urlstr;
+    char line[1024];
+    char query[1024];
+    int ret;
+
+    setvbuf (stdout, NULL, _IOLBF, 0);
+
+    mysql_init(&mysql);
+    if (!mysql_real_connect(&mysql, DBHOST, DBUSER, DBPASS, DBDATABASE, 0, NULL, 0)) {
+        printf("ERR\n");
+        exit(-1);
+    }
+
+    while (fgets (line, sizeof (line), stdin)) {
+        if ((cp= strchr (line, '\n')) != NULL) {
+            *cp= '\0';
+        }
+
+        if ((cp= strtok (line, " \t")) != NULL) {
+            ipstr= cp;
+            urlstr= strtok (NULL, " \t");
+
+        } else {
+            printf ("ERR\n");
+            continue;
+        }
+
+        sprintf(query, "SELECT flags FROM acl " \
+                        "WHERE inet_aton('%s') & pow(2, 32)-pow(2, 32 - mask) = ip & pow(2, 32) - pow(2, 32 - mask) AND " \
+                        "( url = RIGHT('%s', LENGTH(url)) OR url = '' )", ipstr, urlstr);
+
+        mysql_query(&mysql, query);
+        result= mysql_store_result(&mysql);
+
+        ret= RET_UNDEF;
+        while ((row= mysql_fetch_row(result))) {
+            // ALLOW
+            if (*row[0] == '1' && ret != RET_DENY)
+                ret= RET_ALLOW;
+
+            // DENY
+            if (*row[0] == '2')
+                ret= RET_DENY;
+        }
+
+        mysql_free_result(result);
+        result= NULL;
+
+        switch (ret) {
+            case RET_ALLOW:
+                printf("OK\n");
+                break;
+
+            case RET_UNDEF:
+            case RET_DENY:
+                printf ("ERR\n");
+                break;
+        }
+    }
+    return 0;
+}
+
--- a/ip_check.sql
+++ b/ip_check.sql
@ -0,0 +1,11 @@
+DROP TABLE IF EXISTS acl;
+CREATE TABLE acl (
+  id int(11) NOT NULL auto_increment,
+  flags int(11) NOT NULL default '0',
+  ip int(10) unsigned NOT NULL default '0',
+  mask int(11) NOT NULL default '0',
+  url varchar(128) NOT NULL default '',
+  info varchar(32) NOT NULL default '',
+  PRIMARY KEY  (id),
+  UNIQUE KEY unique01 (ip,mask,url)
+) TYPE=MyISAM;