How To: Write Custom Basic Authentication Plugin for Squid in Python

Mission

To write a Python program which can be used to authenticate for Squid proxy server. This is useful when you don’t want to configure complex systems like LDAP, ntlm etc.

Use Cases

  1. When you want to authenticate clients using mysql database.
  2. When you want to authenticate clients using flat files or /etc/passwd file or some custom service on your network.

How to proceed

From auth_param section in squid.conf file:

Specify the command for the external authenticator. Such a program reads a line containing "username password" and replies "OK" or "ERR" in an endless loop. "ERR" responses may optionally be followed by a error description available as %m in the returned error page.

By default, the basic authentication scheme is not used unless a program is specified.

That clearly states that our python program should read a line from standard input (stdin) and write the appropriate response to the standard output (stdout). But there are some issues with I/O. The output should be unbuffered and should be flushed to standard output immediately after the response is known.

So, lets see a small program where we authenticate using a function ‘matchpassword()‘. This function returns True when username, password pair matches and returns False when they mismatch.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#!/usr/bin/python
 
import sys
import socket
"""USAGE:The function returns True if the user and passwd match False otherwise"""
def matchpasswd(login,passwd):
    # Write your own function definition. 
    # Use mysql, files, /etc/passwd or some service or whatever you want
    pass
 
while True:
    # read a line from stdin
    line = sys.stdin.readline()
    # remove '\n' from line
    line = line.strip()
    # extract username and password from line
    username = line[:line.find(' ')]
    password = line[line.find(' ')+1:]
 
    if matchpasswd(username, password):
        sys.stdout.write('OK\n')
    else:
        sys.stdout.write('ERR\n')
    # Flush the output to stdout.
    sys.stdout.flush()

Save the above file somewhere. We save this example file in /etc/squid/custom_auth.py .Now, we have the function for authenticating clients. We need to configure squid to use custom_auth.py . Below is the squid configuration for telling squid to use the above program as basic authenticator.

1
2
3
4
5
6
7
8
9
10
11
# you need to specify /usr/bin/python if your file is not executable and needs an interpreter to be invoked.
# Replace /usr/bin/python with /usr/bin/php , if you write auth program in php.
auth_param basic program /usr/bin/python /etc/squid/custom_auth.py
# how many instances of the above program should run concurrently
auth_param basic children 5
# display some message to clients when they are asked for username, password
auth_param basic realm Please enter your proxy server username and password
# for how much time the authentication should be valid
auth_param basic credentialsttl 2 hours
# whether username, password should be case sensitive or not
auth_param basic casesensitive on

Now, to force clients to authenticate, configure the acls as follow. Below we assume, you want to force all clients on your lan to authenticate for using proxy server.

1
2
3
4
5
6
# acl to force proxy authentication
acl authenticated proxy_auth REQUIRED
# acl to define IPs from your lan
acl lan src 192.168.0.0/16
# acl to force clients on your lan to authenticate
http_access allow lan authenticated

Now, reload/restart squid. That’s all we need to write and use a custom authentication plugin for squid.

Limitation

Username can’t contain spaces. Otherwise program will not be able to parse/extract username, password from standard input.

 

How To: Install PHP-Ming

Yesterday, I came across a library called ming for php which can do wonders while converting videos to .swf (flash), images to .swf and much more. The best thing is that ming provides wrappers in C/C++/PHP/Python/Perl/Tcl etc. So, can be used within any one of these languages. But, the damn thing drove me crazy while installing. It was very tough experience installing it as the available howtos didn’t help much. But finally I somehow managed with the installation and it worked :) So, I thought of writing this how to, so that anyone having the same problem can find it helpful.

Here is a complete howto on installing php-ming in Fedora. (I installed it on Fedora 7 and with php5, but howto is supposed to work with other versions as well.) Though there are rpms available for earlier versions of ming, but I wanted the latest, so installed from source.

Resources:
libming : http://www.libming.net/
PHP : http://php.net/

Step 1

First of all make sure that you have php-devel package, otherwise you will not be able to install ming at all. Do the following as root.

[root@bordeaux root]# rpm -q php-devel [Enter]

If the above command says php-devel is not installed, then fetch php-devel for your php version from here and install as given below, else proceed to step 2.

[root@bordeaux root]# rpm -hiv php-devel-5.2.2-3.i386.rpm [Enter]

Step 2

Download latest version of ming from here.

Step 3

Untar the downloaded package.

[saini@bordeaux saini]# tar -xvzf ming-0.4.0.beta5.tar.gz [Enter]

Step 4

Change directory to ‘./ming-0.4.0.beta5′ and issue ./configure and make as given below

1
2
3
4
[saini@bordeaux saini]# cd ming-0.4.0.beta5 [Enter]
[saini@bordeaux ming-0.4.0.beta5]# ./configure --enable-cXX --enable-php [Enter]
[saini@bordeaux ming-0.4.0.beta5]# make [Enter]
[root@bordeaux ming-0.4.0.beta5]# make install [Enter] (as root)

Step 5

Go to ‘./php_ext’ directory and issue ‘make’ and ‘make install’.

1
2
3
[saini@bordeaux ming-0.4.0.beta5]# cd php_ext [Enter]
[saini@bordeaux php_ext]# make [Enter]
[root@bordeaux php_ext]# make install [Enter] (as root)

Step 6

Open make_modules.sh in your favorite editor and uncomment the line ‘make install’ and run make_modules.sh.

[root@bordeaux php_ext]# bash make_modules.sh [Enter] (as root)

Step 7

Go to ‘./tmp/modules/’ directory and copy ming.so to ‘/usr/lib/php/modules/’

1
2
[root@bordeaux php_ext]# cd tmp/modules/ [Enter]
[root@bordeaux modules]# cp ming.so /usr/lib/php/modules/ [Enter] (as root)

If ming.so is not found in ‘php_ext/tmp/modules/, then update your db using ‘updatedb’ and locate ming.so and if found on locate, then copy it to ‘/usr/lib/php/modules/’. If not found at all, try recompiling or issue some random commands related to make.

Step 8

Go to ‘/usr/local/lib/’ and check if libming.so, libming.so.0 etc. are present there. If yes proceed else I don’t know what to do :(

Step 9(a)

Go to ‘/usr/lib/php/modules/’ and issue these commands.

1
2
3
4
[root@bordeaux modules]# ln -s /usr/local/lib/libming.so libming.so (as root)
[root@bordeaux modules]# ln -s /usr/local/lib/libming.so.0 libming.so.0 (as root)
[root@bordeaux modules]# ln -s /usr/local/lib/libming.so.0.3.0 libming.so.0.3.0 (as root)
[root@bordeaux modules]# ln -s /usr/local/lib/libming.so.0.4.0 libming.so.0.4.0 (as root)

Step 9(b)

Go to ‘/usr/lib/’ and issue these commands.

1
2
3
4
[root@bordeaux lib]# ln -s /usr/local/lib/libming.so libming.so (as root)
[root@bordeaux lib]# ln -s /usr/local/lib/libming.so.0 libming.so.0 (as root)
[root@bordeaux lib]# ln -s /usr/local/lib/libming.so.0.3.0 libming.so.0.3.0 (as root)
[root@bordeaux lib]# ln -s /usr/local/lib/libming.so.0.4.0 libming.so.0.4.0 (as root)

Step 10

Restart the httpd service by issuing the command below

[root@bordeaux root]# service httpd restart [Enter] (as root)

Step 11

Write a file ‘/var/www/html/info.php’ with following contents

phpinfo();

and point your web browser to http://localhost/info.php . Now search for ‘ming’ and check whether its enabled or not.

PHP Ming in Fedora

If enabled, yes you have successfully installed php-ming :) Hope this helps.

 

How To: Install Javascript Plugin in Eclipse

Today, I installed Eclipse on my Fedora 7 desktop. Everything is fine, but the default Eclipse does not have a plugin for JavaScript. So , I searched a lot on Google and read a lot of reviews about some JavaScript plugins available for Eclipse. And I finally reached the JSEclipse plugin by Adobe Labs. I had a good experience with it. Its great to work with and if you are looking for a javascript plugin for eclipse, just don’t search any more and install it. JSEclipse can be downloaded from here after registering with Adobe. Following are the simple steps to install the JSEclipse.

Launch Eclipse and do as suggested in images.

Step 1 :

Follow this image :

Help Software Updates Find And Install

Step 2:

Select “Search new features to install” and click next.

Search New Features To Install

Step 3:

Click “New archived site” and select the package or zip file you just downloaded from the above link and click open.

Choose New Archived Site

Step 4: Click OK.

Select Local Zip File And Click Open Then Click OK

Step 5: Check the package if not checked and click next.

Click Finish

Step 6: Check the features you want to install and click next.

Select Features To Install And Click Next

Step 7: Accept Terms and conditions and click next.

Accept Terms And Conditions

Step 8: Click finish and when it ask to restart eclipse just click yes.

Click Finish

Step 9: Voila !! JavaScript plugin is installed now. Have fun with it.

Eclipse With Javascript Plugin

PS: A lot of howtos are pending. Will Try to finish them asap 😀

 

QuadKonsole – Programme Better

Well, the era of Quad Core computing is approaching fast. But everybody can’t just enjoy the computing powers of those high end processors due to very high cost and maintenance(power supply and heat) problems. If you are a programmer and and use linux, then you can at least have a Quad Core Konsole. I found a small application here which can change the way you program and can make programming very easy and fast. It has four konsoles tiled in one single window and comes with very easy navigation controls. You may want to give it a try. Below is a screenshot of QuadKonsole.

Quad Core Konsole

Quad Core Konsole

 

Hack: Mange Fluctuating Wireless

I am trying this small script with a so called gui 😉 . This helps managing my wireless in the extreme conditions. Just a shell script. Run the script as root otherwise it’ll not work.

Get the script here or copy the code below.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#!/bin/bash
#
#	Author - Kulbir Saini, IIIT Hyderabad.
#	Home - http://saini.co.in/
#	KWirelessManger - Just for fun.(It works ... its not just fun).
#
 
#Give the popup life.
POPUP_LIFE="10"
#kdialog --passivepopup "Welcome to 'KWirelessManager'"  ${POPUP_LIFE} &
#Give your device name for proceeding further. It may be one of wlan0, ra0, eth0, ipw2200 etc...
WLAN_DEVICE="wlan0"
#Give your WLAN host to be connected.
WLAN_HOST="IIIT WLAN"
CONNECTED=0
while [[ 1 ]];
do
	iwlist ${WLAN_DEVICE} scanning 2> /dev/null > /tmp/iwlist.aps
	grep -e "Cell" /tmp/iwlist.aps | tr " " "\t" | cut -f15 > /tmp/iwlist.apadd
	ACCESS_POINTS_IN_RANGE=`wc -l /tmp/iwlist.apadd`
	for ACCESS_POINT_ADDRESS in `cat /tmp/iwlist.apadd`
	do
		iwconfig ${WLAN_DEVICE} ap ${ACCESS_POINT_ADDRESS}
		#kdialog --passivepopup "Connceting to Access Point ${ACCESS_POINT_ADDRESS} ..." ${POPUP_LIFE} &
		echo "Connceting to Access Point ${ACCESS_POINT_ADDRESS} ..."
		WLAN_STATUS=`service network restart | tail -1 | grep "FAILED"`
		if [[ ${WLAN_STATUS} == "" ]];
		then
			#kdialog --passivepopup "You are connected to ${WLAN_HOST}." ${POPUP_LIFE} &
			echo "You are connected to ${WLAN_HOST}."
			CONNECTED=1
			break
		else
			#kdialog --passivepopup "Failed to connect to the Access Point ${ACCESS_POINT_ADDRESS} :(" ${POPUP_LIFE} &
			echo "Failed to connect to the Access Point ${ACCESS_POINT_ADDRESS} :("
			CONNECTED=0
		fi
	done
	if [[ ${CONNECTED} == 1 ]];
	then
		sleep 180;
	fi
done

Please suggest any optimization and do tell if u like it.

 

Hack: Mail Filter – Shell Script

This is an attempt by me to filter mails on a Linux machine. You can run this file on your home directory at mail server and it will help you to sort mails on the basis of

  • From which user the mail has come or from which domain it came,
  • to which user or domain mail was sent and
  • the keywords in the subject part of the mail.

Actually its very slow as shell is very slow , I cant help it . It scan your entire mbox file in the home directory by default. Copy the code and paste in a file say filter.sh and change its permissions to executable. Place it in you home directory at the mail server and run.

Example
You want to see all mails from username@gmail.com just run and it will ask for input,
press 1
From: username [Enter]
It will display all the mails from that are lying there in your mbox one by one.

Get the script here or copy the code below.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
#!/bin/bash
#################################
#   Author - Kulbir Saini       #
#   Home - http://sain.ico.in/  #
#################################
 
#shell script to filter mails.
echo -e -n "\033[32mWelcome to the mail filter system \nWhat do you want to do? \nCheck mails on basis of \n1) Sender... \n2) Receiver... \n3) Subject... \n4) Quit... \nPress(1,2,3,4): \033[0m"
read int <&2
while [[ 1 ]];do
while [[ 1 ]];do
count=0;	line=""
if [[ $int == 1 ]];then
	echo -n -e "\033[32mFrom:\033[0m "
	read from <&2
	i=0
	clear
	while read line ;do
	loopbreak=0;	nextmessagestatus=1;	mailtostatus=1;		mailsubstatus=1;	stat=1;
	toecho=`echo $line | grep -E "^From:+" | grep -E "${from}"`
	if [ "$toecho" != "" ];then
		i=`expr $i + 1`
		echo -e "${toecho}"
		while read line ; do
		mailto=`echo $line | grep -E "^To:+"`
		mailsub=`echo $line | grep -E "^Subject:+"`
		if [[ "$mailto" != "" ]] && [[ $mailtostatus == 1 ]];then
			echo $mailto
			mailtostatus=0
		fi
		if [[ "$mailsub" != "" ]] && [[ $mailsubstatus == 1 ]];then
			echo $mailsub
			mailsubstatus=0
		fi
		if [[ $mailtostatus == 0 ]] && [[ $mailsubstatus == 0 ]] && [[ $stat == 1 ]];then
			echo -e "\033[33mStarting of the Message${i}:\033[0m"
			stat=0
		fi
		fromstatus=`echo $line | grep -E "^X-UID:+"`
			if [[ $fromstatus != "" ]];then
			while read line; do
				loopstatus=`echo $line | grep -E "^From +"`
				if [[ $loopstatus != "" ]];then
				loopbreak=1
				break
				fi
				echo $line
			done
			if [[ $loopbreak == 1 ]];then
			echo -e -n "\033[33mEnd of the Message${i}.\nDisplay next message(y/n):\033[0m"
			read messagestatus <&2
			if [[ "$messagestatus" == "y" ]];then
				clear
			else
				nextmessagestatus=0
			fi
			break
			fi
			fi
		done
		count=`expr $count + 1`
	fi
	if [[ $nextmessagestatus == 0 ]];then
		break
	fi
	done
	if [[ $count == 0 ]];then
		echo -e "\033[32mNo mail(s) From: ${from}.\n\033[0m"
	else
		echo -e "\033[32mTotal $count mail(s) From: ${from}.\n\033[0m"
	fi
elif [[ $int == 2 ]];then
	echo -n -e "\033[32mTo: \033[0m"
	read to <&2
	i=0
	clear
	while read line ;do
	loopbreak=0;	nextmessagestatus=1
	toecho=`echo $line | grep -E "^To:+" | grep -E "${to}"`
	if [[ "$toecho" != "" ]];then
		echo -e "$toecho"
		i=`expr $i + 1`
		while read line; do
			tostatus=`echo $line | grep -E "^X-UID:+"`
			if [[ $tostatus != "" ]];then
			echo -e "\033[33mStarting of the Message${i}:\033[0m"
			while read line; do
				loopstatus=`echo $line | grep -E "^From +"`
				if [[ $loopstatus != "" ]];then
				loopbreak=1
				break
				fi
				echo $line
			done
			if [[ $loopbreak == 1 ]];then
			echo -e -n "\033[33mEnd of the Message${i}. \nDisplay next message(y/n): \033[0m"
			read messagestatus <&2
			if [[ $messagestatus == "y" ]];then
				clear
			else
				nextmessagestatus=0
			fi
			break
			fi
			fi
		done
		count=`expr $count + 1`
	fi
	if [[ $nextmessagestatus == 0 ]];then
		break
	fi
	done
	if [[ $count == 0 ]];then
		echo -e "\033[32mNo mail(s) to: ${to}.\n\033[0m"
	else 
		echo -e "\033[32mTotal $count mail(s) To: ${to}.\n\033[0m"
	fi
elif [[ $int == 3 ]];then
	echo -n -e "\033[32mSubject:\033[0m "
 
	read subject <&2
	clear
	i=0
	while read line ;do
	loopbreak=0;	nextmessagestatus=1
	toecho=`echo $line | grep -E "^Subject:+" | grep -E "${subject}"`
	if [[ "$toecho" != "" ]];then
		echo "$toecho"
		i=`expr $i + 1`
		while read line; do
		substatus=`echo $line | grep -E "^X-UID:+"`
		if [[ $substatus != "" ]];then
		echo -e "\033[33mStarting of the Message${i}:\033[0m"
		while read line ; do
			loopstatus=`echo $line | grep -E "^From +"`
			if [[ $loopstatus != "" ]];then
			loopbreak=1
			break
			fi
			echo $line
		done
		if [[ $loopbreak == 1 ]];then
		echo -e -n "\033[33mEnd of the message${i}. \nDisplay next message(y/n): \033[0m"
		read messagestatus <&2
		if [[ $messagestatus == "y" ]];then
			clear
		else
			nextmessagestatus=0
		fi
		break
		fi
		fi
		done
		count=`expr $count + 1`
	fi
	if [[ $nextmessagestatus == 0 ]];then
		break
	fi
	done
	if [[ $count == 0 ]];then
		echo -e "\033[32mNo mail(s) with Subject: ${subject}.\n\033[0m"
	else
		echo -e "\033[32mTotal $count mail(s) with Subject: ${subject}.\033[0m\n"
	fi
elif [[ $int == 4 ]];then
	echo -e "\033[32mThank you for using this utility. \nPlease visit again.\033[0m"
	exit
else
	echo -e "\033[32mI could not understand that. \nPlease try again.\033[0m\n"
fi
echo -e -n "\033[32m1) Sender... \n2) Receiver... \n3) Subject... \n4) Quit... \nPress(1,2,3,4):\033[0m "
read int <&2
break
done < mbox 
done
 

Hack: Graphical Implementation of CP Command

To use this graphical interface do as directed below:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#!/bin/bash
##############################
# Author - Kulbir Saini      #
# Home - http://saini.co.in/ #
##############################
 
if [ $1 == -i ] || [ $1 == -f ];then          
	if [ ! -s $2 ] && [ ! -f $2 ] && [ ! -d $2 ];then
		dialog --title "Copy daemon" --backtitle "copy:" --infobox "file:$2 doesn't exist.\nCan't copy...\nPress any key..." 5 30; read
	elif [ ! $3 ];then
		dialog --title "Copy daemon" --backtitle "copy:" --infobox "Invalid arguements...\nCan't copy...\nPress any key..." 5 30; read
	elif [ -d $3 ];then
		dialog --title "Copy daemon" --backtitle "copy:" --infobox "$3: is a directory.\nCan't copy...\nPress any key..." 5 30; read
	elif [ -d $2 ];then
		dialog --title "Copy daemon" --backtitle "copy:" --infobox "$2: is a directory.\nCan't copy...\nPress any key..." 5 30; read
	elif [ -s $3 -o -f $3 ];then
		dialog --title "Copy daemon" --backtitle "copy:" --yesno "Do you want to overwrite file:$3" 10 60;
		select=$?
		case $select in 
			0) echo -e "i'm ordered to overwrite file:$3 \noverwriting...\noverwritten file:$3" ; cp -f $2 $3 ;;
			1) echo "i'm ordered not to overwrite.";;
			255) echo "cancelled by you by pressing [Esc].";;
		esac
	else
		dialog --title "Copy daemon" --backtitle "copy:" --yesno "Do you want to copy the file:$2 to file:$3" 10 60 ;
		select1=$?
		case $select1 in
			0) echo -e "i'm ordered to copy file:$2 to file:$3 \ncopying...\ncopied to file:$3" ; cp $2 $3 ;;
			1) echo "i'm ordered not to copy.";;
			255) echo "cancelled by you by pressing [Esc].";;
		esac
	fi
elif [ ! -s $1 ] && [ ! -f $1 ] && [ ! -d $1 ];then
	dialog --title "Copy daemon" --backtitle "copy:" --infobox "file:$1 doesn't exist.\nCan't copy...\nPress any key..." 5 30; read
elif [ ! $2 ];then
	dialog --title "Copy daemon" --backtitle "copy:" --infobox "Invalid arguements...\nCan't copy...\nPress any key..." 5 30; read
elif [ -d $2 ];then
	dialog --title "Copy daemon" --backtitle "copy:" --infobox "$2: is a directory.\nCan't copy...\nPress any key..." 5 30; read
elif [ -d $1 ];then
	dialog --title "Copy daemon" --backtitle "copy:" --infobox "$1: is a directory.\nCan't copy...\nPress any key..." 5 30; read
elif [ -s $2 -o -f $2 ];then
	dialog --title "Copy daemon" --backtitle "copy:" --yesno "Do you want to overwrite file:$2" 10 60;
	select=$?
	case $select in 
		0) echo -e "i'm ordered to overwrite file:$2 \noverwriting...\noverwritten file:$2" ; cp -f $1 $2 ;;
		1) echo "i'm ordered not to overwrite.";;
		255) echo "cancelled by you by pressing [Esc].";;
	esac
else
	dialog --title "Copy daemon" --backtitle "copy:" --yesno "Do you want to copy the file:$1 to file:$2" 10 60 ;
	select1=$?
	case $select1 in
		0) echo -e "i'm ordered to copy file:$1 to file:$2 \ncopying...\ncopied to file:$2" ; cp $1 $2 ;;
		1) echo "i'm ordered not to copy.";;
		255) echo "cancelled by you by pressing [Esc].";;
	esac
fi

1. Get the script here .

2. Move it to a file named ‘copy’.

3. Create a director ‘bin’ in your home directory.

4. Write

export PATH=$PATH:${HOME }/bin/

to your ~/.bashrc file.

5. Execute .bashrc by issuing

[saini@localhost ~]# . .bashrc

6. If you want to copy a file foo.txt to bar.txt then do it as

[saini@localhost ~]# copy foo.txt bar.txt [Enter]

Done.