Squid 2.6通過mysql

一、解壓縮打補丁
#wget http://people.arxnet.hu/airween/mysql_auth/mysql_auth-0.8.tar.gz
#wget http://www.zero-sys.net/portal/download/additionalselect.patch
#tar xvzf mysql_auth-0.8.tar.gz
#cd mysql_auth-0.8
#patch -p1 < ../additionalselect.patch
patching file src/confparser.c
patching file src/define.h
patching file src/mysql_auth.c
patching file src/mysql_auth.conf

注：這個補丁主要是增加一個可以暫時封停賬號的字段 isactive

二、建立 mysql_auth 用到的數據庫及管理數據庫的用戶和密碼
#cd /home/soft/squid/mysql_auth-0.8/scripts
#vi create_script
GRANT SELECT,INSERT,UPDATE,DELETE ON mysql_auth.data TO squid@localhost IDENTIFIED BY 'squid2341 ';

注：這個是規定了 squid 用戶使用 squid2341 的密碼，管理 mysql_auth 數據庫的 data 表

#/usr/local/mysql/bin/mysql -u root -p < create_script
Enter password:

這裡要手工建立一個isactive的字段，create_script裡面沒有建立。

# /usr/local/mysql/bin/mysql -u squid -p mysql_auth
Enter password:
Welcome to the MySQL monitor.

mysql> insert into data (user, password, isactive) values ('liwentao', '123456',’1’);
Query OK, 1 row affected (0.00 sec)

if you want to store your passwords in encrypted format:

shell> mysql -u your_user_name -p mysql_auth

Enter password:

Welcome message...

mysql> insert into data (user, password,isactive) values ('liwentao', password("123456"),’1’);

Query OK, 1 row affected (0.00 sec)

三、編譯前修改參數
#cd /home/soft/squid/mysql_auth-0.8
#vi Makefile
CFLAGS = -I/usr/local/include -L/usr/local/mysql/lib

install:
$(INSTALL) -o squid -g squid -m 755 mysql_auth /usr/local/squid/libexec/mysql_auth
$(INSTALL) -o root -g root -m 700 mypasswd /usr/local/bin/mypasswd
$(INSTALL) -o squid -g squid -m 600 $(CONF) /usr/local/squid/etc/mysql_auth.conf
$(INSTALL) -o squid -g squid -m 600 $(CONF) /usr/local/squid/etc/mysql_auth.conf.default


#vi ./src/define.h
#define CONFIG_FILE "/usr/local/squid/etc/mysql_auth.conf "

#define VAR_HOST_NAME "hostname"
#define DEF_HOST_NAME "localhost"

/*
* username
*/
#define VAR_USER_NAME "user"
#define DEF_USER_NAME "squid "

/*
* user's (above) password
*/
#define VAR_USER_PASSWORD "password"
#define DEF_USER_PASSWORD "squid2341 "

/*
* database name
*/
#define VAR_DATABASE_NAME "database"
#define DEF_DATABASE_NAME "mysql_auth "

/*
* socket name
*/
#define VAR_MYSQLD_SOCKET "mysqld_socket"
#define DEF_MYSQLD_SOCKET "/tmp/mysql.sock "

/*
* table name
*/
#define VAR_TABLE_NAME "table"
#define DEF_TABLE_NAME "data "

/*
* user column name
*/
#define VAR_USER_COLUMN "user_column"
#define DEF_USER_COLUMN "user"

/*
* password column name
*/
#define VAR_PASSWORD_COLUMN "password_column"
#define DEF_PASSWORD_COLUMN "password"

/*
* var_additionalselect
* additional sql-select stuff
*/
#define VAR_ADDITIONALSELECT "additionalselect"
#define DEF_ADDITIONALSELECT "AND 1 "

/*
* use encrypted password format
*/
#define VAR_ENCRYPT_PASSWORD_FORM "encrypt_password_form"
#define DEF_ENCRYPT_PASSWORD_FORM "no "

/*
* max length of line in config file
*/
#define MAXLENGTH 512

/*
* max length of username or passwords
*/
#define MAX_STRLEN 64

/*
* structure for variable options
*/
struct my_params {
char *var_host_name;
char *var_user_name;
char *var_user_password;
char *var_database_name;
char *var_mysqld_socket;
char *var_table_name;
char *var_user_column;
char *var_password_column;
char *var_encrypt_password_form;
char *var_additionalselect;
};

#vi src/mysql_auth.conf

password squid2341
mysqld_socket /tmp/mysql.sock
additionalselect AND isactive = 1

編譯安裝：
#ln -s /usr/local/mysql/include/ /usr/local/include/mysql
#cd /home/soft/squid/mysql_auth-0.8

注意：這裡強調下：
#vi Makefile
CFLAGS = -I/usr/local/include -L/usr/local/mysql/lib

系統會尋找第一個路徑下的 mysql/mysql.h ，第二個路徑下的 libmysqlclients.a
所以我就 #ln -s /usr/local/mysql/include/ /usr/local/include/mysql 人為制造了一個 mysql 的子目錄來滿足

不然會出現以下錯誤，搞了我半小時，有點郁悶
gcc -I/usr/local/mysql/include -L/usr/local/mysql/lib -c -o src/mysql_auth.o src/mysql_auth.c
src/mysql_auth.c:24:25: error: mysql/mysql.h: No such file or directory
src/mysql_auth.c: In function ‘main’:
src/mysql_auth.c:37: error: ‘MYSQL’ undeclared (first use in this function)
src/mysql_auth.c:37: error: (Each undeclared identifier is reported only once
src/mysql_auth.c:37: error: for each function it appears in.)
src/mysql_auth.c:37: error: expected ‘;’ before ‘connect’
src/mysql_auth.c:38: error: ‘MYSQL_RES’ undeclared (first use in this function)
src/mysql_auth.c:38: error: ‘result’ undeclared (first use in this function)
src/mysql_auth.c:39: error: ‘MYSQL_ROW’ undeclared (first use in this function)
src/mysql_auth.c:39: error: expected ‘;’ before ‘row’
src/mysql_auth.c:63: error: ‘connect’ undeclared (first use in this function)
src/mysql_auth.c:185: error: ‘row’ undeclared (first use in this function)
make: *** [src/mysql_auth.o] Error 1

測試： mysql_auth
編譯安裝完畢後
可以使用以下命令直接生成用戶密碼，也可以刪除用戶，數據庫的名稱跟管理數據庫的用戶和密碼都在mysql_auth.conf中設置。
#mypasswd lwt 123456

可以用以下命令刪除用戶
#mypasswd -d lwt

Squid.conf changes

#vi /usr/local/squid/etc/squid.conf

http_port 172.21.41.15:3128 transparent

注意：http_port

這個還是用作透明代理的配置，監聽內網真實網卡

acl inside src 172.21.0.0/16

http_access allow inside

注意：這一部分還是許可內部網絡

auth_param basic realm Squid proxy serve

auth_param basic program /usr/local/squid/libexec/mysql_auth

auth_param basic credentialsttl 5

auth_param basic children 5

acl mysqlauth proxy_auth REQUIRED

http_access allow mysqlauth

注意：這一部分，是許可用戶認證

http_access deny all

啟動 squid
#su squid -c "/usr/local/squid/bin/RunCache &"

經過測試，如果是內網有其他非 172.21.0.0/16 網段的網絡地址，從其他地方路由過來網段比如 10.14.0 .0
在 squid 設置中，是通不過透明代理的設置上網的，因為 acl 沒有針對他們地址的許可。

同時對於
http_port 172.21.41.15:3128 transparent 


也是不要去修改或者增加一個針對10.14.0.1


監聽，網絡是直接設置成172.21.41.15 3128的squid代理，跟10.14.0.0/16段的路徑是完全不一樣的。

但是這一部分的網絡客戶，可以通過 ie 、右鍵屬性、連接、局域網設置 172.21.41.15 3128 的方式上網。



而對於原有的內網地址， 172.21.0.0/16 段的客戶，還是能透明代理上網！

同時注意，在數據庫中，如果把 isactive 設置成 0 的話，這個賬號就會被暫時封掉，表現為再次彈出輸入用戶名密碼的窗口。

在 sarg 的日志的界面中，顯示如下

內網地址透明代理的日志 userid 是 ip 地址，用戶認證的部分為用戶名。