[squid-users] squid authentication to remote sql server

Yuri Voinov yvoinov at gmail.com
Tue Feb 10 20:29:13 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



11.02.15 12:24, Ahmad пишет:
> Thank you amos , but I have an issue with connection : Here is my
> mysql info : ======== grant select on squid.* to 'squid'@'%'
> identified by 'squid'; ===================== mysql> show
> databases; +--------------------+ | Database           | 
> +--------------------+ | information_schema | | mysql
> | | squid              | +--------------------+ 3 rows in set (0.00
> sec)
> 
> mysql> use squid Database changed mysql> ; ERROR: No query
> specified
> 
> mysql> show tables; +-----------------+ | Tables_in_squid | 
> +-----------------+ | passwd          | +-----------------+ 1 row
> in set (0.00 sec)
> 
> mysql> select from * passwd; ERROR 1064 (42000): You have an error
> in your SQL syntax; check the manual that corresponds to your MySQL
> server version for the right syntax to use near 'from * passwd' at
> line 1 mysql> select * from  passwd; 
> +--------+----------+---------+-----------+---------------------+ |
> user   | password | enabled | fullname  | comment             | 
> +--------+----------+---------+-----------+---------------------+ |
> Nikesh | test     |       1 | Test User | for testing purpose | 
> +--------+----------+---------+-----------+---------------------+ 1
> row in set (0.00 sec)
> 
> mysql> show GRANTS FOR 'squid' -> ; 
> +------------------------------------------------------------------------------------------------------+
>
> 
| Grants for squid@%
                               |
> +------------------------------------------------------------------------------------------------------+
>
> 
| GRANT USAGE ON *.* TO 'squid'@'%' IDENTIFIED BY PASSWORD
'*AFD42D37182BDB40880BEF624CC64B0F4A1E35B4' |
> | GRANT SELECT ON `squid`.* TO 'squid'@'%'
> | 
> +------------------------------------------------------------------------------------------------------+
>
> 
2 rows in set (0.00 sec)
> 
> mysql> ===========================================
> 
> now on the squid box , I do the conection below :
> 
> here is the connection from remote squid: /lib/squid/basic_db_auth
> --dsn "DBI:mysql:database=squid:host=x.x189.177" --user "squid"
> --password "squid" --table "user" --usercol "user" --passwdcol
> "password" --cond "" --plaintext
> 
> 
> 
> 
> 
> DBD::mysql::st execute failed: Table 'squid.user' doesn't exist at
> /lib/squid/basic_db_auth line 215, <> line 1. DBD::mysql::st
> execute failed: MySQL server has gone away at
> /lib/squid/basic_db_auth line 218, <> line 1. ERR database error 
> DBD::mysql::st execute failed: Table 'squid.user' doesn't exist at
> /lib/squid/basic_db_auth line 215, <> line 2. DBD::mysql::st
> execute failed: MySQL server has gone away at
> /lib/squid/basic_db_auth line 218, <> line 2. ERR database error 
> DBD::mysql::st execute failed: Table 'squid.user' doesn't exist at
> /lib/squid/basic_db_auth line 215, <> line 3. DBD::mysql::st
> execute failed: MySQL server has gone away at
> /lib/squid/basic_db_auth line 218, <> line 3. ERR database error 
> DBD::mysql::st execute failed: Table 'squid.user' doesn't exist at
> /lib/squid/basic_db_auth line 215, <> line 4. DBD::mysql::st
> execute failed: MySQL server has gone away at
> /lib/squid/basic_db_auth line 218, <> line 4. ERR database error 
> ^C
> 
> 
> Selinux , iptables are down on both mahcines .
> 
> 
> Any other things we need to look @  ??????
> 
> The question is being asked , is it suid or mysql issue??

This is database issue. Your user have not object provolege to access
table. This is default database behavoiur. the principle of least
privilege.

> 
> Wt other thing need to check ?
> 
I think, MySQL manuals. :)

> 
> ========== squid -v Squid Cache: Version 3.5.1 Service Name: squid 
> configure options:  '--prefix=/usr' '--includedir=/include'
> '--mandir=/share/man' '--infodir=/share/info' '--sysconfdir=/etc'
> '--enable-cachemgr-hostname=drx' '--localstatedir=/var'
> '--libexecdir=/lib/squid' '--disable-maintainer-mode'
> '--disable-dependency-tracking' '--disable-silent-rules'
> '--srcdir=.' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid'
> '--mandir=/usr/share/man' '--enable-inline' '--enable-async-io=8'
> '--enable-storeio=ufs,aufs,diskd,rock'
> '--enable-removal-policies=lru,heap' '--enable-delay-pools'
> '--enable-cache-digests' '--enable-underscores'
> '--enable-icap-client' '--enable-follow-x-forwarded-for'
> '--enable-auth'
> '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM'
> '--enable-ntlm-auth-helpers=smb_lm'
> '--enable-digest-auth-helpers=ldap,password'
> '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-esi'
> '--disable-translation' '--with-logdir=/var/log/squid'
> '--with-pidfile=/var/run/squid.pid' '--with-filedescriptors=131072'
> '--with-large-files' '--with-default-user=squid'
> '--enable-linux-netfilter' '--enable-ltdl-convenience'
> '--enable-ssl' '--enable-ssl-crtd' '--enable-arp-acl'
> 'CXXFLAGS=-DMAXTCPLISTENPORTS=20000' '--with-openssl'
> '--enable-snmp' [root at squid ~]# ==================================
> 
> Thanks again for help -----Original Message----- From: squid-users
> [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of
> Amos Jeffries Sent: Monday, February 9, 2015 4:15 PM To:
> squid-users at lists.squid-cache.org Subject: Re: [squid-users] squid
> authentication to remote sql server
> 
> On 10/02/2015 5:01 p.m., Ahmad wrote:
>> Hi ,
>> 
>> I followed the article in  :
>> 
>> http://wiki.squid-cache.org/ConfigExamples/Authenticate/Mysql
>> 
>> 
>> 
>> 
>> 
>> I need to connect  squid to external sql server  , what do I need
>> to modify in the helper command ?
>> 
>> 
>> 
>> I think that the command below :
>> 
>> ""auth_param basic program /usr/local/squid/libexec/squid_db_auth
>>  --user someuser --password xxxx --plaintext --persist
>> 
>> 
>> 
>> Shoud include the ip  & port of the sql server .
>> 
> 
> The Data Source Name (--dsn) parameter is the option string passed
> to the Perl DBI module for locating the database to use.
> 
> It takes the syntax:
> 
> "DSN:" driver ":" params
> 
> The params bit depends on what database driver (type) is. The
> "mysql" driver uses semi-colon separated key=value pairs.
> 
> So you can write something like:
> 
> --dsn "DSN:mysql:host=example.com;port=3306;database=squid"
> 
> 
> Amos _______________________________________________ squid-users
> mailing list squid-users at lists.squid-cache.org 
> http://lists.squid-cache.org/listinfo/squid-users
> 
> _______________________________________________ squid-users mailing
> list squid-users at lists.squid-cache.org 
> http://lists.squid-cache.org/listinfo/squid-users
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJU2moZAAoJENNXIZxhPexGBNYH/2vArGMG2/iepXT3FV29ZqAK
XsBd8Cn+FzssnlmGiwp6yfNurMJVxu1DlAtRC8HOvduoI4IwfF1E4L/cFhfFw+Zr
uTyVwb1nzZ/yFrErjU2XEE0Va4pGtskAKWgSXnOSo1cJ9af+IltLtWZGbv1RO6yO
4mvCosjJX4TosFVO/bi4xIssqz+4+Yn249HXzey8DA/kiIkUF7TMi09ttwp6yW1w
YxTu5MAy7gNNpbCwgBaosLl+1JpJt+r7/Omdv8ojNJ838TtR/iDDu6TAlf6PEVud
/Y002/uo2QrOp7jfc9nkbhsBXXWKUzCCKKVf0wEgJLs6c/wDikSfgI+55AaZ3Fg=
=cJ4m
-----END PGP SIGNATURE-----

More information about the squid-users mailing list