Squid 2.6通过mysql_auth方式认证
2010-05-31 14:29
316 查看
一、解压缩打补丁
#wget http://people.arxnet.hu/airween/mysql_auth/mysql_auth-0.8.tar.gz
#wget http://www.zero-sys.net/portal/download/additionalselect.patch
#tar xvzf mysql_auth-0.8.tar.gz
#cd mysql_auth-0.8
#patch -p1 <
../additionalselect.patch
patching file src/confparser.c
patching file src/define.h
patching file src/mysql_auth.c
patching file src/mysql_auth.conf
注:这个补丁主要是增加一个可以暂时封停账号的字段
isactive
二、建立
mysql_auth
用到的数据库及管理数据库的用户和密码
#cd
/home/soft/squid/mysql_auth-0.8/scripts
#vi create_script
GRANT SELECT,INSERT,UPDATE,DELETE ON
mysql_auth.data TO squid@localhost IDENTIFIED BY 'squid2341
';
注:这个是规定了
squid
用户使用
squid2341
的密码,管理
mysql_auth
数据库的
data
表
#/usr/local/mysql/bin/mysql -u root -p <
create_script
Enter password: 这里要手工建立一个isactive的字段,create_script里面没有建立。
# /usr/local/mysql/bin/mysql -u squid -p
mysql_auth
Enter password:Welcome to the MySQL monitor.
mysql> insert into data (user, password,
isactive) values ('liwentao', '123456',’1’);
Query OK, 1 row affected (0.00
sec)
if you want to store
your passwords in encrypted format:
三、编译前修改参数
#cd /home/soft/squid/mysql_auth-0.8
#vi Makefile
CFLAGS =
-I/usr/local/include -L/usr/local/mysql/lib
install:
$(INSTALL) -o squid
-g squid
-m 755
mysql_auth /usr/local/squid/libexec/mysql_auth
$(INSTALL) -o root -g
root -m 700 mypasswd /usr/local/bin/mypasswd
$(INSTALL) -o squid
-g squid
-m 600
$(CONF) /usr/local/squid/etc/mysql_auth.conf
$(INSTALL) -o squid
-g squid
-m 600
$(CONF) /usr/local/squid/etc/mysql_auth.conf.default
#vi ./src/define.h
#define CONFIG_FILE "/usr/local/squid/etc/mysql_auth.conf
"
#define VAR_HOST_NAME "hostname"
#define DEF_HOST_NAME "localhost"
/*
* username
*/
#define VAR_USER_NAME "user"
#define DEF_USER_NAME "squid
"
/*
* user's (above)
password
*/
#define VAR_USER_PASSWORD
"password"
#define DEF_USER_PASSWORD "squid2341
"
/*
* database name
*/
#define VAR_DATABASE_NAME
"database"
#define DEF_DATABASE_NAME "mysql_auth
"
/*
* socket name
*/
#define VAR_MYSQLD_SOCKET
"mysqld_socket"
#define DEF_MYSQLD_SOCKET "/tmp/mysql.sock
"
/*
* table name
*/
#define VAR_TABLE_NAME "table"
#define DEF_TABLE_NAME "data
"
/*
* user column name
*/
#define VAR_USER_COLUMN
"user_column"
#define DEF_USER_COLUMN "user"
/*
* password column
name
*/
#define VAR_PASSWORD_COLUMN
"password_column"
#define DEF_PASSWORD_COLUMN
"password"
/*
*
var_additionalselect
* additional sql-select
stuff
*/
#define VAR_ADDITIONALSELECT
"additionalselect"
#define DEF_ADDITIONALSELECT "AND 1
"
/*
* use encrypted password
format
*/
#define VAR_ENCRYPT_PASSWORD_FORM
"encrypt_password_form"
#define DEF_ENCRYPT_PASSWORD_FORM "no
"
/*
* max length of line in config
file
*/
#define MAXLENGTH 512
/*
* max length of username or
passwords
*/
#define MAX_STRLEN 64
/*
* structure for variable
options
*/
struct my_params {
char
*var_host_name;
char
*var_user_name;
char
*var_user_password;
char
*var_database_name;
char
*var_mysqld_socket;
char
*var_table_name;
char *var_user_column;
char
*var_password_column;
char
*var_encrypt_password_form;
char
*var_additionalselect;
};
password
squid2341
mysqld_socket
/tmp/mysql.sock
additionalselect
AND isactive =
1
编译安装:
#ln -s /usr/local/mysql/include/ /usr/local/include/mysql
#cd
/home/soft/squid/mysql_auth-0.8
注意:这里强调下:
#vi Makefile
CFLAGS =
-I/usr/local/include -L/usr/local/mysql/lib
系统会寻找第一个路径下的
mysql/mysql.h
,第二个路径下的
libmysqlclients.a
所以我就
#ln -s
/usr/local/mysql/include/
/usr/local/include/mysql
人为制造了一个
mysql
的子目录来满足
不然会出现以下错误,搞了我半小时,有点郁闷
gcc
-I/usr/local/mysql/include -L/usr/local/mysql/lib
-c -o
src/mysql_auth.o src/mysql_auth.c
src/mysql_auth.c:24:25:
error: mysql/mysql.h: No such file or directory
src/mysql_auth.c: In
function ‘main’:
src/mysql_auth.c:37:
error: ‘MYSQL’ undeclared (first use in this function)
src/mysql_auth.c:37:
error: (Each undeclared identifier is reported only once
src/mysql_auth.c:37:
error: for each function it appears in.)
src/mysql_auth.c:37:
error: expected ‘;’ before ‘connect’
src/mysql_auth.c:38:
error: ‘MYSQL_RES’ undeclared (first use in this function)
src/mysql_auth.c:38:
error: ‘result’ undeclared (first use in this function)
src/mysql_auth.c:39:
error: ‘MYSQL_ROW’ undeclared (first use in this function)
src/mysql_auth.c:39:
error: expected ‘;’ before ‘row’
src/mysql_auth.c:63:
error: ‘connect’ undeclared (first use in this function)
src/mysql_auth.c:185:
error: ‘row’ undeclared (first use in this function)
make: ***
[src/mysql_auth.o] Error 1
测试:
mysql_auth
编译安装完毕后
可以使用以下命令直接生成用户密码,也可以删除用户,数据库的名称跟管理数据库的用户和密码都在mysql_auth.conf中设置。
#mypasswd lwt
123456
可以用以下命令删除用户
#mypasswd -d lwt
Squid.conf changes
启动
squid
#su squid -c "/usr/local/squid/bin/RunCache
&"
经过测试,如果是内网有其他非
172.21.0.0/16
网段的网络地址,从其他地方路由过来网段比如
10.14.0
.0
在
squid
设置中,是通不过透明代理的设置上网的,因为
acl
没有针对他们地址的许可。
但是这一部分的网络客户,可以通过
ie
、右键属性、连接、局域网设置
172.21.41.15
3128
的方式上网。
而对于原有的内网地址,
172.21.0.0/16
段的客户,还是能透明代理上网!
同时注意,在数据库中,如果把
isactive
设置成
0
的话,这个账号就会被暂时封掉,表现为再次弹出输入用户名密码的窗口。
在
sarg
的日志的界面中,显示如下
内网地址透明代理的日志
userid
是
ip
地址,用户认证的部分为用户名。
#wget http://people.arxnet.hu/airween/mysql_auth/mysql_auth-0.8.tar.gz
#wget http://www.zero-sys.net/portal/download/additionalselect.patch
#tar xvzf mysql_auth-0.8.tar.gz
#cd mysql_auth-0.8
#patch -p1 <
../additionalselect.patch
patching file src/confparser.c
patching file src/define.h
patching file src/mysql_auth.c
patching file src/mysql_auth.conf
注:这个补丁主要是增加一个可以暂时封停账号的字段
isactive
二、建立
mysql_auth
用到的数据库及管理数据库的用户和密码
#cd
/home/soft/squid/mysql_auth-0.8/scripts
#vi create_script
GRANT SELECT,INSERT,UPDATE,DELETE ON
mysql_auth.data TO squid@localhost IDENTIFIED BY 'squid2341
';
注:这个是规定了
squid
用户使用
squid2341
的密码,管理
mysql_auth
数据库的
data
表
#/usr/local/mysql/bin/mysql -u root -p <
create_script
Enter password: 这里要手工建立一个isactive的字段,create_script里面没有建立。
# /usr/local/mysql/bin/mysql -u squid -p
mysql_auth
Enter password:Welcome to the MySQL monitor.
mysql> insert into data (user, password,
isactive) values ('liwentao', '123456',’1’);
Query OK, 1 row affected (0.00
sec)
if you want to store
your passwords in encrypted format:
shell> mysql -u your_user_name -p mysql_auth
Enter password:
Welcome message...
mysql> insert into data (user, password,isactive) values ('liwentao', password("123456"),’1’);
Query OK, 1 row affected (0.00 sec)
三、编译前修改参数
#cd /home/soft/squid/mysql_auth-0.8
#vi Makefile
CFLAGS =
-I/usr/local/include -L/usr/local/mysql/lib
install:
$(INSTALL) -o squid
-g squid
-m 755
mysql_auth /usr/local/squid/libexec/mysql_auth
$(INSTALL) -o root -g
root -m 700 mypasswd /usr/local/bin/mypasswd
$(INSTALL) -o squid
-g squid
-m 600
$(CONF) /usr/local/squid/etc/mysql_auth.conf
$(INSTALL) -o squid
-g squid
-m 600
$(CONF) /usr/local/squid/etc/mysql_auth.conf.default
#vi ./src/define.h
#define CONFIG_FILE "/usr/local/squid/etc/mysql_auth.conf
"
#define VAR_HOST_NAME "hostname"
#define DEF_HOST_NAME "localhost"
/*
* username
*/
#define VAR_USER_NAME "user"
#define DEF_USER_NAME "squid
"
/*
* user's (above)
password
*/
#define VAR_USER_PASSWORD
"password"
#define DEF_USER_PASSWORD "squid2341
"
/*
* database name
*/
#define VAR_DATABASE_NAME
"database"
#define DEF_DATABASE_NAME "mysql_auth
"
/*
* socket name
*/
#define VAR_MYSQLD_SOCKET
"mysqld_socket"
#define DEF_MYSQLD_SOCKET "/tmp/mysql.sock
"
/*
* table name
*/
#define VAR_TABLE_NAME "table"
#define DEF_TABLE_NAME "data
"
/*
* user column name
*/
#define VAR_USER_COLUMN
"user_column"
#define DEF_USER_COLUMN "user"
/*
* password column
name
*/
#define VAR_PASSWORD_COLUMN
"password_column"
#define DEF_PASSWORD_COLUMN
"password"
/*
*
var_additionalselect
* additional sql-select
stuff
*/
#define VAR_ADDITIONALSELECT
"additionalselect"
#define DEF_ADDITIONALSELECT "AND 1
"
/*
* use encrypted password
format
*/
#define VAR_ENCRYPT_PASSWORD_FORM
"encrypt_password_form"
#define DEF_ENCRYPT_PASSWORD_FORM "no
"
/*
* max length of line in config
file
*/
#define MAXLENGTH 512
/*
* max length of username or
passwords
*/
#define MAX_STRLEN 64
/*
* structure for variable
options
*/
struct my_params {
char
*var_host_name;
char
*var_user_name;
char
*var_user_password;
char
*var_database_name;
char
*var_mysqld_socket;
char
*var_table_name;
char *var_user_column;
char
*var_password_column;
char
*var_encrypt_password_form;
char
*var_additionalselect;
};
#vi src/mysql_auth.conf
password
squid2341
mysqld_socket
/tmp/mysql.sock
additionalselect
AND isactive =
1
编译安装:
#ln -s /usr/local/mysql/include/ /usr/local/include/mysql
#cd
/home/soft/squid/mysql_auth-0.8
注意:这里强调下:
#vi Makefile
CFLAGS =
-I/usr/local/include -L/usr/local/mysql/lib
系统会寻找第一个路径下的
mysql/mysql.h
,第二个路径下的
libmysqlclients.a
所以我就
#ln -s
/usr/local/mysql/include/
/usr/local/include/mysql
人为制造了一个
mysql
的子目录来满足
不然会出现以下错误,搞了我半小时,有点郁闷
gcc
-I/usr/local/mysql/include -L/usr/local/mysql/lib
-c -o
src/mysql_auth.o src/mysql_auth.c
src/mysql_auth.c:24:25:
error: mysql/mysql.h: No such file or directory
src/mysql_auth.c: In
function ‘main’:
src/mysql_auth.c:37:
error: ‘MYSQL’ undeclared (first use in this function)
src/mysql_auth.c:37:
error: (Each undeclared identifier is reported only once
src/mysql_auth.c:37:
error: for each function it appears in.)
src/mysql_auth.c:37:
error: expected ‘;’ before ‘connect’
src/mysql_auth.c:38:
error: ‘MYSQL_RES’ undeclared (first use in this function)
src/mysql_auth.c:38:
error: ‘result’ undeclared (first use in this function)
src/mysql_auth.c:39:
error: ‘MYSQL_ROW’ undeclared (first use in this function)
src/mysql_auth.c:39:
error: expected ‘;’ before ‘row’
src/mysql_auth.c:63:
error: ‘connect’ undeclared (first use in this function)
src/mysql_auth.c:185:
error: ‘row’ undeclared (first use in this function)
make: ***
[src/mysql_auth.o] Error 1
测试:
mysql_auth
编译安装完毕后
可以使用以下命令直接生成用户密码,也可以删除用户,数据库的名称跟管理数据库的用户和密码都在mysql_auth.conf中设置。
#mypasswd lwt
123456
可以用以下命令删除用户
#mypasswd -d lwt
Squid.conf changes
#vi /usr/local/squid/etc/squid.conf
http_port 172.21.41.15:3128 transparent
注意: http_port 这个还是用作透明代理的配置,监听内网真实网卡
acl inside src 172.21.0.0/16
http_access allow inside
注意:这一部分还是许可内部网络
auth_param basic realm Squid proxy server
auth_param basic program /usr/local/squid/libexec/mysql_auth
auth_param basic credentialsttl 5
auth_param basic children 5
acl mysqlauth proxy_auth REQUIRED
http_access allow mysqlauth
注意:这一部分,是许可用户认证
http_access deny all
启动
squid
#su squid -c "/usr/local/squid/bin/RunCache
&"
经过测试,如果是内网有其他非
172.21.0.0/16
网段的网络地址,从其他地方路由过来网段比如
10.14.0
.0
在
squid
设置中,是通不过透明代理的设置上网的,因为
acl
没有针对他们地址的许可。
同时对于
http_port 172.21.41.15:3128 transparent也是不要去修改或者增加一个针对
10.14.0
.1
监听,网络是直接设置成
172.21.41.15 3128
的
squid
代理,跟
10.14.0.0/16
段的路径是完全不一样的。
但是这一部分的网络客户,可以通过
ie
、右键属性、连接、局域网设置
172.21.41.15
3128
的方式上网。
而对于原有的内网地址,
172.21.0.0/16
段的客户,还是能透明代理上网!
同时注意,在数据库中,如果把
isactive
设置成
0
的话,这个账号就会被暂时封掉,表现为再次弹出输入用户名密码的窗口。
在
sarg
的日志的界面中,显示如下
内网地址透明代理的日志
userid
是
ip
地址,用户认证的部分为用户名。
相关文章推荐
- Squid 3.1.7通过mysql_auth方式认证
- Squid 3.1.7通过mysql_auth方式认证
- nagios系列(七)nagios通过自定义脚本的方式监控mysql主从同步
- Mysql中通过processlist方式查询Mysql数据库当前连接的用户及会话信息
- mysql通过拷贝数据文件的方式进行数据库迁移
- 通过"named pipe"方式或"TCP/IP"方式,测试本机MySQL客户端对本机MySQL服务器的连接通信
- squid的ncsa_auth用户认证代理
- mosquitto中auth-plug的mysql认证与授权
- 在Spring-Boot中实现通用Auth认证的几种方式
- 如何通过cachemgr.cgi以web方式查看squid的详细运行状态
- Linux下通过RPM方式卸载MySQL
- mysql通过拷贝数据文件的方式进行数据库迁移
- 通过TCP/IP方式连接 “不能上到 mysqL 服务器连接 ”解决方法
- mysql 通过拷贝数据文件的方式进行数据库迁移实例
- mysqlhotcopy 通过ftp方式异地备份数据库
- LCDS2.6不再集成webtier方式的集成(动态访问mxml和jsp嵌入mxml的tag)。需要通过集成webtier.war来处理
- 通过注解的方式集成Spring 4 MVC+Hibernate 4+MySQL+Maven,开发项目样例
- VS2013通过MySQL方式连接到MySQL
- zabbix监控mysql数据库(推荐这种方式:zabbix通过mpm监控mysql的环境搭建)