01-17-06 10:55 PM
Hi all,
I ma trying to set-up proxy authentication for users which are
currently outsode of our network. I have a small program which
recognizes who is allowed to connect and who is not:
#!/usr/local/bin/php
<?php
$EXIT_SUCCESS = "OK";
$EXIT_ERROR = "ERR";
$server = "a.b.c.d";
while (!feof(STDIN)) {
$str = fgets(STDIN,1024);
$str = trim($str);
$arguments = split('(\ )+',$str);
if (!(isset($arguments['0'])) || (!isset($arguments['1']))) {
echo "$EXIT_ERROR";
echo "\n";
continue;
}
$username = $arguments['0'];
$password = $arguments['1'];
$conn = @imap_open("{" . $server .
":993/imap/ssl/novalidate-cert/norsh}INBOX", "$username", "$password",
OP_READONLY);
if ($conn == false) {
echo $EXIT_ERROR;
echo "\n";
} else {
echo $EXIT_SUCCESS;
echo "\n";
}
}
?>
This program works fine from commandline. Squids starts 5 instances of
it but this is the last thing it does with it - the scripts never get
anything to their standard input fro squid process (I verified this by
intercepting mail() commands into the body of the while-loop). Here is
my squid configuration excerpt:
auth_param basic program /scripts/auth/squid_auth_imap.php
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl vnejsi_autorizace proxy_auth REQUIRED
http_access allow vnejsi_autorizace
>From the point of view of the web client: it gets the appropriate
header
Proxy-Authenticate: Basic realm="Squid proxy-caching web server"
client sends new request with usename:passowrd but squid everytime
denies the request.
This is on FreeBSD with squid installed from ports collection:
Squid Cache: Version 2.5.STABLE12
configure options: --bindir=/usr/local/sbin
--sysconfdir=/usr/local/etc/squid --datadir=/usr/local/etc/squid
--libexecdir=/usr/local/libexec/squid --localstatedir=/usr/local/squid
'--enable-removal-policies=lru heap' '--enable-auth=basic ntlm digest'
'--enable-basic-auth-helpers=NCSA PAM MSNT SMB winbind YP'
--enable-digest-auth-helpers=password
'--enable-external-acl-helpers=ip_user unix_group wbinfo_group
winbind_group' '--enable-ntlm-auth-helpers=SMB winbind'
'--enable-storeio=ufs diskd null' --enable-ssl --with-openssl=/usr
--enable-cache-digests --enable-underscores --enable-stacktraces
'--enable-err-languages=Bulgarian Catalan Czech Danish Dutch English
Estonian Finnish French German Greek Hebrew Hungarian Italian
Japanese Korean Lithuanian Polish Portuguese Romanian Russian-1251
Russian-koi8-r Serbian Simplify_Chinese Slovak Spanish Swedish
Traditional_Chinese Turkish' --enable-default-err-language=English
--prefix=/usr/local amd64-portbld-freebsd5.4
What should I do now to get auth data passed to my script ?
Thanks in advance,
David Komanek
[ Post a follow-up to this message ]
| 
