/* ** external Squid Auth via MySQL DB ** ** accepts/denys squid requests based on ** SRC ip and DST domain. ** ** (c) by 05/2004 Olaf 'razzor' Rempel ** razzor AT kopf MINUS tisch DOT de */ #include #include #include #include #include "mysql.h" #define DBHOST "localhost" #define DBUSER "squid" #define DBPASS "squid" #define DBDATABASE "squid" #define RET_UNDEF 0 #define RET_ALLOW 1 #define RET_DENY 2 int main (int argc, char *argv[]) { MYSQL mysql; MYSQL_RES *result; MYSQL_ROW row; char *cp, *ipstr, *urlstr; char line[1024]; char query[1024]; int ret; setvbuf (stdout, NULL, _IOLBF, 0); mysql_init(&mysql); if (!mysql_real_connect(&mysql, DBHOST, DBUSER, DBPASS, DBDATABASE, 0, NULL, 0)) { printf("ERR\n"); exit(-1); } while (fgets (line, sizeof (line), stdin)) { if ((cp= strchr (line, '\n')) != NULL) { *cp= '\0'; } if ((cp= strtok (line, " \t")) != NULL) { ipstr= cp; urlstr= strtok (NULL, " \t"); } else { printf ("ERR\n"); continue; } sprintf(query, "SELECT flags FROM acl " \ "WHERE inet_aton('%s') & pow(2, 32)-pow(2, 32 - mask) = ip & pow(2, 32) - pow(2, 32 - mask) AND " \ "( url = RIGHT('%s', LENGTH(url)) OR url = '' )", ipstr, urlstr); mysql_query(&mysql, query); result= mysql_store_result(&mysql); ret= RET_UNDEF; while ((row= mysql_fetch_row(result))) { // ALLOW if (*row[0] == '1' && ret != RET_DENY) ret= RET_ALLOW; // DENY if (*row[0] == '2') ret= RET_DENY; } mysql_free_result(result); result= NULL; switch (ret) { case RET_ALLOW: printf("OK\n"); break; case RET_UNDEF: case RET_DENY: printf ("ERR\n"); break; } } return 0; }