fws
/
ansible-roles
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update to 2021-01-19 15:00

Browse Source
master
Daniel Berteaud 4 years ago
parent d3c932cdcf
commit c825abf67e
2 changed files with 31 additions and 19 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      roles/lemonldap_ng/defaults/main.yml
  2. 44
      roles/lemonldap_ng/templates/llng_headers.inc.j2

6
roles/lemonldap_ng/defaults/main.yml
Unescape View File

@ -62,9 +62,3 @@ llng_handler_db_user: lemonldapnghandler
# llng_db_pass: s3cr3t. # llng_db_pass: s3cr3t.
# llng_handler_db_pass # llng_handler_db_pass
# List of headers to protect. Those will be cleared for unauthenticated users
llng_protected_headers:
- Auth-User
- User-Name
- User-Groups
- User-Mail

44
roles/lemonldap_ng/templates/llng_headers.inc.j2
Unescape View File

@ -28,22 +28,40 @@ auth_request_set $headername14 $upstream_http_headername14;
auth_request_set $headervalue14 $upstream_http_headervalue14; auth_request_set $headervalue14 $upstream_http_headervalue14;
auth_request_set $headername15 $upstream_http_headername15; auth_request_set $headername15 $upstream_http_headername15;
auth_request_set $headervalue15 $upstream_http_headervalue15; auth_request_set $headervalue15 $upstream_http_headervalue15;
auth_request_set $deleteheader1 $upstream_http_deleteheader1;
auth_request_set $deleteheader2 $upstream_http_deleteheader2;
auth_request_set $deleteheader3 $upstream_http_deleteheader3;
auth_request_set $deleteheader4 $upstream_http_deleteheader4;
auth_request_set $deleteheader5 $upstream_http_deleteheader5;
auth_request_set $deleteheader6 $upstream_http_deleteheader6;
auth_request_set $deleteheader7 $upstream_http_deleteheader7;
auth_request_set $deleteheader8 $upstream_http_deleteheader8;
auth_request_set $deleteheader9 $upstream_http_deleteheader9;
auth_request_set $deleteheader10 $upstream_http_deleteheader10;
auth_request_set $deleteheader11 $upstream_http_deleteheader11;
auth_request_set $deleteheader12 $upstream_http_deleteheader12;
auth_request_set $deleteheader13 $upstream_http_deleteheader13;
auth_request_set $deleteheader14 $upstream_http_deleteheader14;
auth_request_set $deleteheader15 $upstream_http_deleteheader15;
auth_request_set $lmcookie $upstream_http_cookie; auth_request_set $lmcookie $upstream_http_cookie;
access_by_lua ' access_by_lua '
i = 1 local i = 1
ngx.req.set_header("Cookie",ngx.var.lmcookie) ngx.req.set_header("Cookie",ngx.var.lmcookie)
if ngx.var.lmremote_user ~= nil and ngx.var.lmremote_user ~= "" then while true do
while true do if ngx.var["headername"..i] ~= nil then
if ngx.var["headername"..i] ~= nil then ngx.req.set_header(ngx.var["headername"..i],ngx.var["headervalue"..i])
ngx.req.set_header(ngx.var["headername"..i],ngx.var["headervalue"..i]) else
else break
break end
end i = i + 1
i = i +1 end
i = 1
while true do
if ngx.var["deleteheader"..i] ~= nil then
ngx.req.clear_header(ngx.var["deleteheader"..i])
else
break
end end
else i = i + 1
{% for header in llng_protected_headers %}
ngx.req.set_header("{{ header }}",nil)
{% endfor %}
end end
'; ';

Write Preview
Loading…
Cancel
Save