if (!$inputStr) { continue; } writeLog("Request: {$inputStr}", true); // ttl = time to live (if we cache this result) $ttl = SQUID_DEFAULT_TTL; // get client IP and MAC for starters $input = explode(" ", $inputStr); $srcIP = $input[0]; $onLan = true; // we could do more sanity checks here, but Squid is a trustworthy input source if (!$srcIP) { writeReply(SQUID_FAILURE_CODE . " message=\"Invalid input to external_auth. IP address expected.\""); continue; } if (isOnLan($srcIP)) { $arp = `arp -n {$srcIP}`; $matches = array(); if (preg_match("/(([0-9a-f]{1,2}:){5}[0-9a-f]{1,2})/i", $arp, $matches)) { // ensure the MAC address is 17 characters long (OS X hosts don't add leading zeroes) $macBytes = explode(":", strtolower($matches[0])); $mac = ""; foreach ($macBytes as $macByte) { if ($mac) { $mac .= ":"; } if (strlen($macByte) == 2) { $mac .= $macByte; } else { $mac .= "0{$macByte}"; }
<?php define("SQUID_ROOT", dirname(__FILE__) . "/.."); require_once SQUID_ROOT . "/common.php"; if (!$isSecure) { exit; } $srcIP = $_SERVER["REMOTE_ADDR"]; // defaults for LAN clients (no authentication performed during PAC request) $pacFile = SQUID_ROOT . "/pac.lan.js"; $subs = array(); if (!isOnLan($srcIP)) { $guid = _get("g"); $sn = _get("s"); if (!$guid || !$sn) { exit("Invalid request."); } $conn = new mysqli(SQUID_DB_SERVER, SQUID_DB_USERNAME, SQUID_DB_PASSWORD, SQUID_DB_NAME); if (mysqli_connect_error()) { exit("Unable to connect to database. " . mysqli_connect_error()); } $pacFile = SQUID_ROOT . "/pac.blocked.js"; getLock(); // do we already have an authenticated session? // TODO: check server_name matches an active server (and retain in wan_sessions) $q = $conn->prepare("select user_devices.username, user_devices.serial_number, user_devices.user_guid, wan_sessions.session_id, wan_sessions.proxy_port,\n\t(select group_concat(distinct proxy_port separator ',') from wan_sessions where ip_address = ? and expiry_time_utc > ADDTIME(UTC_TIMESTAMP(), '0:00:05') group by ip_address) as used_ports\nfrom user_devices\n\tleft join wan_sessions on user_devices.username = wan_sessions.username and user_devices.serial_number = wan_sessions.serial_number and wan_sessions.ip_address = ? and wan_sessions.expiry_time_utc > ADDTIME(UTC_TIMESTAMP(), '0:00:05')\nwhere user_devices.user_guid = ? and user_devices.serial_number = ?"); if (!$q) { releaseLock(); exit("Unable to query the database."); } $q->bind_param("ssss", $srcIP, $srcIP, $guid, $sn);