From c825abf67e060e590be3e0af57963b980fc78d69 Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <daniel@firewall-services.com>
Date: Tue, 19 Jan 2021 15:00:07 +0100
Subject: [PATCH] Update to 2021-01-19 15:00

---
 roles/lemonldap_ng/defaults/main.yml             |  6 ----
 roles/lemonldap_ng/templates/llng_headers.inc.j2 | 44 +++++++++++++++++-------
 2 files changed, 31 insertions(+), 19 deletions(-)

diff --git a/roles/lemonldap_ng/defaults/main.yml b/roles/lemonldap_ng/defaults/main.yml
index 0a4bc3a..ea2a90b 100644
--- a/roles/lemonldap_ng/defaults/main.yml
+++ b/roles/lemonldap_ng/defaults/main.yml
@@ -62,9 +62,3 @@ llng_handler_db_user: lemonldapnghandler
 # llng_db_pass: s3cr3t.
 # llng_handler_db_pass
 
-# List of headers to protect. Those will be cleared for unauthenticated users
-llng_protected_headers:
-  - Auth-User
-  - User-Name
-  - User-Groups
-  - User-Mail
diff --git a/roles/lemonldap_ng/templates/llng_headers.inc.j2 b/roles/lemonldap_ng/templates/llng_headers.inc.j2
index 80f5b4e..a5c8b48 100644
--- a/roles/lemonldap_ng/templates/llng_headers.inc.j2
+++ b/roles/lemonldap_ng/templates/llng_headers.inc.j2
@@ -28,22 +28,40 @@ auth_request_set $headername14 $upstream_http_headername14;
 auth_request_set $headervalue14 $upstream_http_headervalue14;
 auth_request_set $headername15 $upstream_http_headername15;
 auth_request_set $headervalue15 $upstream_http_headervalue15;
+auth_request_set $deleteheader1 $upstream_http_deleteheader1;
+auth_request_set $deleteheader2 $upstream_http_deleteheader2;
+auth_request_set $deleteheader3 $upstream_http_deleteheader3;
+auth_request_set $deleteheader4 $upstream_http_deleteheader4;
+auth_request_set $deleteheader5 $upstream_http_deleteheader5;
+auth_request_set $deleteheader6 $upstream_http_deleteheader6;
+auth_request_set $deleteheader7 $upstream_http_deleteheader7;
+auth_request_set $deleteheader8 $upstream_http_deleteheader8;
+auth_request_set $deleteheader9 $upstream_http_deleteheader9;
+auth_request_set $deleteheader10 $upstream_http_deleteheader10;
+auth_request_set $deleteheader11 $upstream_http_deleteheader11;
+auth_request_set $deleteheader12 $upstream_http_deleteheader12;
+auth_request_set $deleteheader13 $upstream_http_deleteheader13;
+auth_request_set $deleteheader14 $upstream_http_deleteheader14;
+auth_request_set $deleteheader15 $upstream_http_deleteheader15;
 auth_request_set $lmcookie $upstream_http_cookie;
 access_by_lua '
-  i = 1
+  local i = 1
   ngx.req.set_header("Cookie",ngx.var.lmcookie)
-  if ngx.var.lmremote_user ~= nil and ngx.var.lmremote_user ~= "" then
-    while true do
-      if ngx.var["headername"..i] ~= nil then
-        ngx.req.set_header(ngx.var["headername"..i],ngx.var["headervalue"..i])
-      else
-        break
-      end
-      i = i +1
+  while true do
+    if ngx.var["headername"..i] ~= nil then
+      ngx.req.set_header(ngx.var["headername"..i],ngx.var["headervalue"..i])
+    else
+      break
+    end
+    i = i + 1
+  end
+  i = 1
+  while true do
+    if ngx.var["deleteheader"..i] ~= nil then
+          ngx.req.clear_header(ngx.var["deleteheader"..i])
+    else
+      break
     end
-  else
-{% for header in llng_protected_headers %}
-    ngx.req.set_header("{{ header }}",nil)
-{% endfor %}
+    i = i + 1
   end
 ';