[squid-users] writing my own authenticator

From: paul cooper <pdcooper@dont-contact.us>
Date: Fri, 21 Mar 2008 12:04:15 -0000 (UTC)

so ip_user wont actually do what i want ( the book isnt clear actually
what it is there for) - thanks Henrik

what i want is to get the currently logged-in user and pass it to squid
which will then authenticate against that with no further dialog boxes etc
 . i can then add eg time-based ACLs

So i thought id try my own. eventually i suspect i'll use gewtpwuid() and
look up in /etc/passwd.

#!/usr/bin/perl -wl
$|=1;
 my @names=("andrew","anne","nick","emma");
my $username = `whoami` or die "Couldn't execute command: $!";
   chomp($username);
open (F, '>/tmp/data.txt');
print F "$username\n";
close (F);
my $i=0;
while ($i<$#names)
{
if ($names[$i] eq $username){print "OK user=$username";exit;}
$i++;
}
print "ERR";

and this returns the current user and writes it to the file.

my squid.conf

hepworth andrew # cat /etc/squid/squid.conf |grep ^acl
acl all src 0.0.0.0/0.0.0.0
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl purge method PURGE
acl CONNECT method CONNECT
acl annes external MyAclHelper
acl QUERY urlpath_regex cgi-bin \?
acl apache rep_header Server ^Apache
hepworth andrew # cat /etc/squid/squid.conf |grep ^http
http_access Safe_ports allow
http_access allow annes
http_access deny all
http_port 3128
hepworth andrew # cat /etc/squid/squid.conf |grep ^external
external_acl_type MyAclHelper /etc/squid/myaclhelper
hepworth andrew #

do i need an auth_param directive as well ? if so what ?

so when i request a web page it asks me for a username and password and
myaclhelper doesnt write the text file. Should it be doing the
2008/03/21 12:00:16| helperOpenServers: Starting 5 'getpwname_auth' processes
 line ?

hepworth squid # /usr/local/squid/sbin/squid -N -d6
2008/03/21 12:00:16| Starting Squid Cache version 2.6.STABLE18 for
i686-pc-linux-gnu...
2008/03/21 12:00:16| Process ID 19869
2008/03/21 12:00:16| With 1024 file descriptors available
2008/03/21 12:00:16| Using epoll for the IO loop
2008/03/21 12:00:16| Performing DNS Tests...
2008/03/21 12:00:16| Successful DNS name lookup tests...
2008/03/21 12:00:16| DNS Socket created at 0.0.0.0, port 32860, FD 6
2008/03/21 12:00:16| Adding domain home.nw from /etc/resolv.conf
2008/03/21 12:00:16| Adding nameserver 192.168.0.254 from /etc/resolv.conf
2008/03/21 12:00:16| helperOpenServers: Starting 5 'getpwname_auth' processes
2008/03/21 12:00:16| Unlinkd pipe opened on FD 17
2008/03/21 12:00:16| Swap maxSize 102400 KB, estimated 7876 objects
2008/03/21 12:00:16| Target number of buckets: 393
2008/03/21 12:00:16| Using 8192 Store buckets
2008/03/21 12:00:16| Max Mem size: 8192 KB
2008/03/21 12:00:16| Max Swap size: 102400 KB
2008/03/21 12:00:16| Rebuilding storage in /usr/local/squid/var/cache (CLEAN)
2008/03/21 12:00:16| Using Least Load store dir selection
2008/03/21 12:00:16| Current Directory is /etc/squid
2008/03/21 12:00:16| Loaded Icons.
2008/03/21 12:00:16| Accepting proxy HTTP connections at 0.0.0.0, port
3128, FD 19.
2008/03/21 12:00:16| Accepting ICP messages at 0.0.0.0, port 3130, FD 20.
2008/03/21 12:00:16| WCCP Disabled.
2008/03/21 12:00:16| Ready to serve requests.
2008/03/21 12:00:17| Done reading /usr/local/squid/var/cache swaplog (688
entries)
2008/03/21 12:00:17| Finished rebuilding storage from disk.
2008/03/21 12:00:17| 688 Entries scanned
2008/03/21 12:00:17| 0 Invalid entries.
2008/03/21 12:00:17| 0 With invalid flags.
2008/03/21 12:00:17| 688 Objects loaded.
2008/03/21 12:00:17| 0 Objects expired.
2008/03/21 12:00:17| 0 Objects cancelled.
2008/03/21 12:00:17| 0 Duplicate URLs purged.
2008/03/21 12:00:17| 0 Swapfile clashes avoided.
2008/03/21 12:00:17| Took 0.4 seconds (1801.4 objects/sec).
2008/03/21 12:00:17| Beginning Validation Procedure
2008/03/21 12:00:17| Completed Validation Procedure
2008/03/21 12:00:17| Validated 688 Entries
2008/03/21 12:00:17| store_swap_size = 4320k
2008/03/21 12:00:17| storeLateRelease: released 0 objects
Received on Fri Mar 21 2008 - 06:03:46 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT