Update to 2021-01-19 15:00

master
Daniel Berteaud 4 years ago
parent d3c932cdcf
commit c825abf67e
  1. 6
      roles/lemonldap_ng/defaults/main.yml
  2. 28
      roles/lemonldap_ng/templates/llng_headers.inc.j2

@ -62,9 +62,3 @@ llng_handler_db_user: lemonldapnghandler
# llng_db_pass: s3cr3t.
# llng_handler_db_pass
# List of headers to protect. Those will be cleared for unauthenticated users
llng_protected_headers:
- Auth-User
- User-Name
- User-Groups
- User-Mail

@ -28,11 +28,25 @@ auth_request_set $headername14 $upstream_http_headername14;
auth_request_set $headervalue14 $upstream_http_headervalue14;
auth_request_set $headername15 $upstream_http_headername15;
auth_request_set $headervalue15 $upstream_http_headervalue15;
auth_request_set $deleteheader1 $upstream_http_deleteheader1;
auth_request_set $deleteheader2 $upstream_http_deleteheader2;
auth_request_set $deleteheader3 $upstream_http_deleteheader3;
auth_request_set $deleteheader4 $upstream_http_deleteheader4;
auth_request_set $deleteheader5 $upstream_http_deleteheader5;
auth_request_set $deleteheader6 $upstream_http_deleteheader6;
auth_request_set $deleteheader7 $upstream_http_deleteheader7;
auth_request_set $deleteheader8 $upstream_http_deleteheader8;
auth_request_set $deleteheader9 $upstream_http_deleteheader9;
auth_request_set $deleteheader10 $upstream_http_deleteheader10;
auth_request_set $deleteheader11 $upstream_http_deleteheader11;
auth_request_set $deleteheader12 $upstream_http_deleteheader12;
auth_request_set $deleteheader13 $upstream_http_deleteheader13;
auth_request_set $deleteheader14 $upstream_http_deleteheader14;
auth_request_set $deleteheader15 $upstream_http_deleteheader15;
auth_request_set $lmcookie $upstream_http_cookie;
access_by_lua '
i = 1
local i = 1
ngx.req.set_header("Cookie",ngx.var.lmcookie)
if ngx.var.lmremote_user ~= nil and ngx.var.lmremote_user ~= "" then
while true do
if ngx.var["headername"..i] ~= nil then
ngx.req.set_header(ngx.var["headername"..i],ngx.var["headervalue"..i])
@ -41,9 +55,13 @@ access_by_lua '
end
i = i + 1
end
i = 1
while true do
if ngx.var["deleteheader"..i] ~= nil then
ngx.req.clear_header(ngx.var["deleteheader"..i])
else
{% for header in llng_protected_headers %}
ngx.req.set_header("{{ header }}",nil)
{% endfor %}
break
end
i = i + 1
end
';

Loading…
Cancel
Save