93 lines
2.0 KiB
C
93 lines
2.0 KiB
C
/*
|
|
** external Squid Auth via MySQL DB
|
|
**
|
|
** accepts/denys squid requests based on
|
|
** SRC ip and DST domain.
|
|
**
|
|
** (c) by 05/2004 Olaf 'razzor' Rempel
|
|
** razzor AT kopf MINUS tisch DOT de
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <unistd.h>
|
|
#include <string.h>
|
|
#include "mysql.h"
|
|
|
|
#define DBHOST "localhost"
|
|
#define DBUSER "squid"
|
|
#define DBPASS "squid"
|
|
#define DBDATABASE "squid"
|
|
|
|
#define RET_UNDEF 0
|
|
#define RET_ALLOW 1
|
|
#define RET_DENY 2
|
|
|
|
int main (int argc, char *argv[]) {
|
|
MYSQL mysql;
|
|
MYSQL_RES *result;
|
|
MYSQL_ROW row;
|
|
|
|
char *cp, *ipstr, *urlstr;
|
|
char line[1024];
|
|
char query[1024];
|
|
int ret;
|
|
|
|
setvbuf (stdout, NULL, _IOLBF, 0);
|
|
|
|
mysql_init(&mysql);
|
|
if (!mysql_real_connect(&mysql, DBHOST, DBUSER, DBPASS, DBDATABASE, 0, NULL, 0)) {
|
|
printf("ERR\n");
|
|
exit(-1);
|
|
}
|
|
|
|
while (fgets (line, sizeof (line), stdin)) {
|
|
if ((cp= strchr (line, '\n')) != NULL) {
|
|
*cp= '\0';
|
|
}
|
|
|
|
if ((cp= strtok (line, " \t")) != NULL) {
|
|
ipstr= cp;
|
|
urlstr= strtok (NULL, " \t");
|
|
|
|
} else {
|
|
printf ("ERR\n");
|
|
continue;
|
|
}
|
|
|
|
sprintf(query, "SELECT flags FROM acl " \
|
|
"WHERE inet_aton('%s') & pow(2, 32)-pow(2, 32 - mask) = ip & pow(2, 32) - pow(2, 32 - mask) AND " \
|
|
"( url = RIGHT('%s', LENGTH(url)) OR url = '' )", ipstr, urlstr);
|
|
|
|
mysql_query(&mysql, query);
|
|
result= mysql_store_result(&mysql);
|
|
|
|
ret= RET_UNDEF;
|
|
while ((row= mysql_fetch_row(result))) {
|
|
// ALLOW
|
|
if (*row[0] == '1' && ret != RET_DENY)
|
|
ret= RET_ALLOW;
|
|
|
|
// DENY
|
|
if (*row[0] == '2')
|
|
ret= RET_DENY;
|
|
}
|
|
|
|
mysql_free_result(result);
|
|
result= NULL;
|
|
|
|
switch (ret) {
|
|
case RET_ALLOW:
|
|
printf("OK\n");
|
|
break;
|
|
|
|
case RET_UNDEF:
|
|
case RET_DENY:
|
|
printf ("ERR\n");
|
|
break;
|
|
}
|
|
}
|
|
return 0;
|
|
}
|
|
|