Update to 2021-01-19 15:00

master
Daniel Berteaud 4 years ago
parent d3c932cdcf
commit c825abf67e
  1. 6
      roles/lemonldap_ng/defaults/main.yml
  2. 30
      roles/lemonldap_ng/templates/llng_headers.inc.j2

@ -62,9 +62,3 @@ llng_handler_db_user: lemonldapnghandler
# llng_db_pass: s3cr3t. # llng_db_pass: s3cr3t.
# llng_handler_db_pass # llng_handler_db_pass
# List of headers to protect. Those will be cleared for unauthenticated users
llng_protected_headers:
- Auth-User
- User-Name
- User-Groups
- User-Mail

@ -28,22 +28,40 @@ auth_request_set $headername14 $upstream_http_headername14;
auth_request_set $headervalue14 $upstream_http_headervalue14; auth_request_set $headervalue14 $upstream_http_headervalue14;
auth_request_set $headername15 $upstream_http_headername15; auth_request_set $headername15 $upstream_http_headername15;
auth_request_set $headervalue15 $upstream_http_headervalue15; auth_request_set $headervalue15 $upstream_http_headervalue15;
auth_request_set $deleteheader1 $upstream_http_deleteheader1;
auth_request_set $deleteheader2 $upstream_http_deleteheader2;
auth_request_set $deleteheader3 $upstream_http_deleteheader3;
auth_request_set $deleteheader4 $upstream_http_deleteheader4;
auth_request_set $deleteheader5 $upstream_http_deleteheader5;
auth_request_set $deleteheader6 $upstream_http_deleteheader6;
auth_request_set $deleteheader7 $upstream_http_deleteheader7;
auth_request_set $deleteheader8 $upstream_http_deleteheader8;
auth_request_set $deleteheader9 $upstream_http_deleteheader9;
auth_request_set $deleteheader10 $upstream_http_deleteheader10;
auth_request_set $deleteheader11 $upstream_http_deleteheader11;
auth_request_set $deleteheader12 $upstream_http_deleteheader12;
auth_request_set $deleteheader13 $upstream_http_deleteheader13;
auth_request_set $deleteheader14 $upstream_http_deleteheader14;
auth_request_set $deleteheader15 $upstream_http_deleteheader15;
auth_request_set $lmcookie $upstream_http_cookie; auth_request_set $lmcookie $upstream_http_cookie;
access_by_lua ' access_by_lua '
i = 1 local i = 1
ngx.req.set_header("Cookie",ngx.var.lmcookie) ngx.req.set_header("Cookie",ngx.var.lmcookie)
if ngx.var.lmremote_user ~= nil and ngx.var.lmremote_user ~= "" then
while true do while true do
if ngx.var["headername"..i] ~= nil then if ngx.var["headername"..i] ~= nil then
ngx.req.set_header(ngx.var["headername"..i],ngx.var["headervalue"..i]) ngx.req.set_header(ngx.var["headername"..i],ngx.var["headervalue"..i])
else else
break break
end end
i = i +1 i = i + 1
end end
i = 1
while true do
if ngx.var["deleteheader"..i] ~= nil then
ngx.req.clear_header(ngx.var["deleteheader"..i])
else else
{% for header in llng_protected_headers %} break
ngx.req.set_header("{{ header }}",nil) end
{% endfor %} i = i + 1
end end
'; ';

Loading…
Cancel
Save