Re: [squid-users] authentication / acl

On Wed, May 11, 2005 at 09:02:23PM +1200, D & E Radel wrote:
> From: "Chris Knipe" <savage@savage.za.org>
>
> >I've written a custom authentication handler, which does seem to work.
> >Reads
> >from STDIN, Authenticates, and returns either OK or ERR on STDOUT back to
> >squid.
> >
> >My next step, I want to allow a certain block of addresses http_acess,
> >deny
> >everyone else, but also allow any request that was successfully
> >authenticated.
> >
> >I've got the following in squid.conf
> >
> ># Authentication scripts
> >auth_param basic program /usr/local/libexec/squid/my_auth
> ...
> >A quick debug, shows that squid is never passing the information to the
> >authentication
> >script, so I'm not sure what I did wrong... My auth_param should be fine
> >though, right???
>
> How are you reading the STDIN in your script? I recently was shown how:
>
> #!/bin/sh
> while read INP; do
> x = `echo $INP | /usr/lib/squid/ldap_auth -R .........`
> ....
>

I'm possitive this is right (I'll be HIGHLY surprised if it is not), but yeah.
The Radius Authentication perl script operates on the same way... Relavent section
of the perl code....

my $GlobalDB = Mysql->connect(DBHost, DBName, DBUser, DBPass);
$GlobalDB->{'GlobalDB'}->{'PrintError'} = 0;
if ($GlobalDB) {
  # This is the main loop for authentication requests
  while (<STDIN>) {
    chop($_);
    my @Info = split(/ /, $_);
    my $SQL = $GlobalDB->query("VALIDATE USER ON MYSQL USING $INFO[0] AND $INFO[1]");
    if ($SQL->numrows != 1) {
      print "ERR";
    } else {
      print "OK";
    }
  }
}

The queries never make it to my database. When running the script for testing
purposes, it works...

root@pyro:/usr/local/libexec/squid# /usr/local/libexec/squid/cenergy_auth
<username> <password>
OK^C

Squid does start the perl childs to run the script. I am however doubting that
Squid actually sends the requests off to the script - the scripts never queries
anything to the database when ran from squid ..... :(

--
Chris.