mainnika/nginx-auth-ldap
1
0
Fork 0
mirror of https://github.com/mainnika/nginx-auth-ldap.git synced 2026-06-13 02:13:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Minor code formatting cleanup

Browse Source
This commit is contained in:
Jiri Hruska
2013-08-30 02:36:52 +02:00
parent 1b6ee8e0c1
commit 16c3452ec0
1 changed files with 63 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ngx_http_auth_ldap_module.c
+45 -35
View File
@@ -242,16 +242,15 @@ ngx_http_auth_ldap_ldap_server(ngx_conf_t *cf, ngx_command_t *dummy, void *conf)
{ {
char *rv; char *rv;
ngx_str_t *value; ngx_str_t *value;
ngx_http_auth_ldap_server_t *server; ngx_http_auth_ldap_server_t *server;
ngx_http_auth_ldap_main_conf_t *cnf = conf; ngx_http_auth_ldap_main_conf_t *cnf = conf;
// It should be safe to just use latest server from array /* It should be safe to just use latest server from array */
server = ((ngx_http_auth_ldap_server_t *) cnf->servers->elts + (cnf->servers->nelts - 1)); server = ((ngx_http_auth_ldap_server_t *) cnf->servers->elts + (cnf->servers->nelts - 1));
value = cf->args->elts; value = cf->args->elts;
// TODO: Add more validation /* TODO: Add more validation */
if (ngx_strcmp(value[0].data, "url") == 0) { if (ngx_strcmp(value[0].data, "url") == 0) {
return ngx_http_auth_ldap_parse_url(cf, server); return ngx_http_auth_ldap_parse_url(cf, server);
} else if (ngx_strcmp(value[0].data, "binddn") == 0) { } else if (ngx_strcmp(value[0].data, "binddn") == 0) {
@@ -277,8 +276,8 @@ ngx_http_auth_ldap_ldap_server(ngx_conf_t *cf, ngx_command_t *dummy, void *conf)
* Parse auth_ldap directive * Parse auth_ldap directive
*/ */
static char * static char *
ngx_http_auth_ldap(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { ngx_http_auth_ldap(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_str_t *value = cf->args->elts; ngx_str_t *value = cf->args->elts;
ngx_http_auth_ldap_loc_conf_t *cnf = conf; ngx_http_auth_ldap_loc_conf_t *cnf = conf;
u_char *p; u_char *p;
@@ -305,8 +304,8 @@ ngx_http_auth_ldap(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) {
* Parse auth_ldap_servers directive * Parse auth_ldap_servers directive
*/ */
static char * static char *
ngx_http_auth_ldap_servers(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { ngx_http_auth_ldap_servers(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_http_auth_ldap_loc_conf_t *cnf; ngx_http_auth_ldap_loc_conf_t *cnf;
ngx_http_auth_ldap_main_conf_t *mconf; ngx_http_auth_ldap_main_conf_t *mconf;
ngx_http_auth_ldap_server_t *server, *s, **target; ngx_http_auth_ldap_server_t *server, *s, **target;
@@ -356,12 +355,12 @@ ngx_http_auth_ldap_servers(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) {
* Parse URL conf parameter * Parse URL conf parameter
*/ */
static char * static char *
ngx_http_auth_ldap_parse_url(ngx_conf_t *cf, ngx_http_auth_ldap_server_t *server) { ngx_http_auth_ldap_parse_url(ngx_conf_t *cf, ngx_http_auth_ldap_server_t *server)
{
ngx_str_t *value; ngx_str_t *value;
u_char *p; u_char *p;
value = cf->args->elts;
server->url = *value; value = cf->args->elts;
int rc = ldap_url_parse((const char *) value[1].data, &server->ludpp); int rc = ldap_url_parse((const char *) value[1].data, &server->ludpp);
if (rc != LDAP_SUCCESS) { if (rc != LDAP_SUCCESS) {
@@ -414,7 +413,7 @@ ngx_http_auth_ldap_parse_url(ngx_conf_t *cf, ngx_http_auth_ldap_server_t *server
return NGX_CONF_ERROR; return NGX_CONF_ERROR;
} }
server->url.len = ngx_strlen(server->ludpp->lud_scheme) + ngx_strlen(server->ludpp->lud_host) + 11; // 11 = len("://:/") + len("65535") + len("\0") server->url.len = ngx_strlen(server->ludpp->lud_scheme) + ngx_strlen(server->ludpp->lud_host) + 11; /* 11 = len("://:/") + len("65535") + len("\0") */
server->url.data = ngx_pcalloc(cf->pool, server->url.len); server->url.data = ngx_pcalloc(cf->pool, server->url.len);
p = ngx_sprintf(server->url.data, "%s://%s:%d/", (const char*) server->ludpp->lud_scheme, p = ngx_sprintf(server->url.data, "%s://%s:%d/", (const char*) server->ludpp->lud_scheme,
(const char*) server->ludpp->lud_host, server->ludpp->lud_port); (const char*) server->ludpp->lud_host, server->ludpp->lud_port);
@@ -427,8 +426,8 @@ ngx_http_auth_ldap_parse_url(ngx_conf_t *cf, ngx_http_auth_ldap_server_t *server
* Parse "require" conf parameter * Parse "require" conf parameter
*/ */
static char * static char *
ngx_http_auth_ldap_parse_require(ngx_conf_t *cf, ngx_http_auth_ldap_server_t *server) { ngx_http_auth_ldap_parse_require(ngx_conf_t *cf, ngx_http_auth_ldap_server_t *server)
{
ngx_str_t *value; ngx_str_t *value;
ngx_http_complex_value_t* target = NULL; ngx_http_complex_value_t* target = NULL;
ngx_http_compile_complex_value_t ccv; ngx_http_compile_complex_value_t ccv;
@@ -481,7 +480,8 @@ ngx_http_auth_ldap_parse_require(ngx_conf_t *cf, ngx_http_auth_ldap_server_t *se
* Parse "satisfy" conf parameter * Parse "satisfy" conf parameter
*/ */
static char * static char *
ngx_http_auth_ldap_parse_satisfy(ngx_conf_t *cf, ngx_http_auth_ldap_server_t *server) { ngx_http_auth_ldap_parse_satisfy(ngx_conf_t *cf, ngx_http_auth_ldap_server_t *server)
{
ngx_str_t *value; ngx_str_t *value;
value = cf->args->elts; value = cf->args->elts;
@@ -554,7 +554,8 @@ ngx_http_auth_ldap_init_main_conf(ngx_conf_t *cf, void *parent)
* Create location conf * Create location conf
*/ */
static void * static void *
ngx_http_auth_ldap_create_loc_conf(ngx_conf_t *cf) { ngx_http_auth_ldap_create_loc_conf(ngx_conf_t *cf)
{
ngx_http_auth_ldap_loc_conf_t *conf; ngx_http_auth_ldap_loc_conf_t *conf;
conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_auth_ldap_loc_conf_t)); conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_auth_ldap_loc_conf_t));
if (conf == NULL) { if (conf == NULL) {
@@ -569,7 +570,8 @@ ngx_http_auth_ldap_create_loc_conf(ngx_conf_t *cf) {
* Merge location conf * Merge location conf
*/ */
static char * static char *
ngx_http_auth_ldap_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) { ngx_http_auth_ldap_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
{
ngx_http_auth_ldap_loc_conf_t *prev = parent; ngx_http_auth_ldap_loc_conf_t *prev = parent;
ngx_http_auth_ldap_loc_conf_t *conf = child; ngx_http_auth_ldap_loc_conf_t *conf = child;
@@ -601,7 +603,9 @@ ngx_http_auth_ldap_init_worker(ngx_cycle_t *cycle)
/** /**
* Init module and add ldap auth handler to NGX_HTTP_ACCESS_PHASE * Init module and add ldap auth handler to NGX_HTTP_ACCESS_PHASE
*/ */
static ngx_int_t ngx_http_auth_ldap_init(ngx_conf_t *cf) { static ngx_int_t
ngx_http_auth_ldap_init(ngx_conf_t *cf)
{
ngx_http_handler_pt *h; ngx_http_handler_pt *h;
ngx_http_core_main_conf_t *cmcf; ngx_http_core_main_conf_t *cmcf;
@@ -719,7 +723,9 @@ ngx_http_auth_ldap_update_cache(ngx_http_auth_ldap_ctx_t *ctx,
/** /**
* Respond with "403 Forbidden" and add correct headers * Respond with "403 Forbidden" and add correct headers
*/ */
static ngx_int_t ngx_http_auth_ldap_set_realm(ngx_http_request_t *r, ngx_str_t *realm) { static ngx_int_t
ngx_http_auth_ldap_set_realm(ngx_http_request_t *r, ngx_str_t *realm)
{
r->headers_out.www_authenticate = ngx_list_push(&r->headers_out.headers); r->headers_out.www_authenticate = ngx_list_push(&r->headers_out.headers);
if (r->headers_out.www_authenticate == NULL) { if (r->headers_out.www_authenticate == NULL) {
return NGX_HTTP_INTERNAL_SERVER_ERROR; return NGX_HTTP_INTERNAL_SERVER_ERROR;
@@ -736,7 +742,9 @@ static ngx_int_t ngx_http_auth_ldap_set_realm(ngx_http_request_t *r, ngx_str_t *
/** /**
* LDAP Authentication handler * LDAP Authentication handler
*/ */
static ngx_int_t ngx_http_auth_ldap_handler(ngx_http_request_t *r) { static ngx_int_t
ngx_http_auth_ldap_handler(ngx_http_request_t *r)
{
ngx_http_auth_ldap_loc_conf_t *alcf; ngx_http_auth_ldap_loc_conf_t *alcf;
ngx_http_auth_ldap_ctx_t *ctx; ngx_http_auth_ldap_ctx_t *ctx;
int rc; int rc;
@@ -756,7 +764,8 @@ static ngx_int_t ngx_http_auth_ldap_handler(ngx_http_request_t *r) {
return NGX_HTTP_INTERNAL_SERVER_ERROR; return NGX_HTTP_INTERNAL_SERVER_ERROR;
} }
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP username: %V", &r->headers_in.user); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP username: %V",
&r->headers_in.user);
if (r->headers_in.passwd.len == 0) if (r->headers_in.passwd.len == 0)
{ {
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP password is empty"); ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP password is empty");
@@ -776,9 +785,10 @@ static ngx_int_t ngx_http_auth_ldap_handler(ngx_http_request_t *r) {
/** /**
* Read user credentials from request, set LDAP parameters and call authentication against required servers * Read user credentials from request, set LDAP parameters and call authentication against required servers
*/ */
static ngx_int_t ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t *ctx, static ngx_int_t
ngx_http_auth_ldap_loc_conf_t *conf) { ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t *ctx,
ngx_http_auth_ldap_loc_conf_t *conf)
{
ngx_http_auth_ldap_server_t *server; ngx_http_auth_ldap_server_t *server;
int rc; int rc;
ngx_uint_t i; ngx_uint_t i;
@@ -787,7 +797,7 @@ static ngx_int_t ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http
int reqcert = LDAP_OPT_X_TLS_ALLOW; int reqcert = LDAP_OPT_X_TLS_ALLOW;
struct timeval timeOut = { 10, 0 }; struct timeval timeOut = { 10, 0 };
/// Set LDAP version to 3 and set connection timeout. /* Set LDAP version to 3 and set connection timeout. */
ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &version); ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &version);
ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &timeOut); ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &timeOut);
@@ -832,8 +842,8 @@ static ngx_int_t ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http
* Actual authentication against LDAP server * Actual authentication against LDAP server
*/ */
static ngx_int_t ngx_http_auth_ldap_authenticate_against_server(ngx_http_request_t *r, ngx_http_auth_ldap_server_t *server, static ngx_int_t ngx_http_auth_ldap_authenticate_against_server(ngx_http_request_t *r, ngx_http_auth_ldap_server_t *server,
ngx_http_auth_ldap_loc_conf_t *conf) { ngx_http_auth_ldap_loc_conf_t *conf)
{
LDAPURLDesc *ludpp = server->ludpp; LDAPURLDesc *ludpp = server->ludpp;
int rc; int rc;
LDAP *ld; LDAP *ld;
@@ -861,25 +871,25 @@ static ngx_int_t ngx_http_auth_ldap_authenticate_against_server(ngx_http_request
} }
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: Session initialized", NULL); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: Session initialized", NULL);
/// Bind to the server /* Bind to the server */
rc = ldap_simple_bind_s(ld, (const char *) server->bind_dn.data, (const char *) server->bind_dn_passwd.data); rc = ldap_simple_bind_s(ld, (const char *) server->bind_dn.data, (const char *) server->bind_dn_passwd.data);
if (rc != LDAP_SUCCESS) { if (rc != LDAP_SUCCESS) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "LDAP [%s]: ldap_simple_bind_s error: %d, %s", server->url.data, rc, ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "LDAP [%s]: ldap_simple_bind_s error: %d, %s", server->url.data, rc,
ldap_err2string(rc)); ldap_err2string(rc));
ldap_unbind_s(ld); ldap_unbind_s(ld);
// Do not throw 500 in case connection failure, multiple servers might be used for failover scenario /* Do not throw 500 in case connection failure, multiple servers might be used for failover scenario */
return 0; return 0;
} }
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: Bind successful", NULL); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: Bind successful", NULL);
if (server->require_valid_user_dn.value.data != NULL) { if (server->require_valid_user_dn.value.data != NULL) {
// Construct user DN /* Construct user DN */
if (ngx_http_complex_value(r, &server->require_valid_user_dn, &dn) != NGX_OK) { if (ngx_http_complex_value(r, &server->require_valid_user_dn, &dn) != NGX_OK) {
ldap_unbind_s(ld); ldap_unbind_s(ld);
return NGX_HTTP_INTERNAL_SERVER_ERROR; return NGX_HTTP_INTERNAL_SERVER_ERROR;
} }
} else { } else {
/// Create filter for search users by uid /* Create filter for search users by uid */
filter = ngx_pcalloc( filter = ngx_pcalloc(
r->pool, r->pool,
(ludpp->lud_filter != NULL ? ngx_strlen(ludpp->lud_filter) : ngx_strlen("(objectClass=*)")) + (ludpp->lud_filter != NULL ? ngx_strlen(ludpp->lud_filter) : ngx_strlen("(objectClass=*)")) +
@@ -891,7 +901,7 @@ static ngx_int_t ngx_http_auth_ldap_authenticate_against_server(ngx_http_request
*p = 0; *p = 0;
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: filter %s", (const char*) filter); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: filter %s", (const char*) filter);
/// Search the directory /* Search the directory */
rc = ldap_search_ext_s(ld, ludpp->lud_dn, ludpp->lud_scope, (const char*) filter, NULL, 0, NULL, NULL, &timeOut, 0, rc = ldap_search_ext_s(ld, ludpp->lud_dn, ludpp->lud_scope, (const char*) filter, NULL, 0, NULL, NULL, &timeOut, 0,
&searchResult); &searchResult);
@@ -918,7 +928,7 @@ static ngx_int_t ngx_http_auth_ldap_authenticate_against_server(ngx_http_request
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: result DN %V", &dn); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: result DN %V", &dn);
/// Check require user /* Check require user */
if (server->require_user != NULL) { if (server->require_user != NULL) {
value = server->require_user->elts; value = server->require_user->elts;
for (i = 0; i < server->require_user->nelts; i++) { for (i = 0; i < server->require_user->nelts; i++) {
@@ -945,7 +955,7 @@ static ngx_int_t ngx_http_auth_ldap_authenticate_against_server(ngx_http_request
} }
} }
/// Check require group /* Check require group */
if (server->require_group != NULL) { if (server->require_group != NULL) {
if (server->group_attribute_dn == 1) { if (server->group_attribute_dn == 1) {
bvalue.bv_val = (char*) dn.data; bvalue.bv_val = (char*) dn.data;
@@ -990,9 +1000,9 @@ static ngx_int_t ngx_http_auth_ldap_authenticate_against_server(ngx_http_request
} }
} }
/// Check valid user /* Check valid user */
if (pass != 0 || (server->require_valid_user == 1 && server->satisfy_all == 0 && pass == 0)) { if (pass != 0 || (server->require_valid_user == 1 && server->satisfy_all == 0 && pass == 0)) {
/// Bind user to the server /* Bind user to the server */
rc = ldap_simple_bind_s(ld, (const char *) dn.data, (const char *) r->headers_in.passwd.data); rc = ldap_simple_bind_s(ld, (const char *) dn.data, (const char *) r->headers_in.passwd.data);
if (rc != LDAP_SUCCESS) { if (rc != LDAP_SUCCESS) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "LDAP: ldap_simple_bind_s error: %d, %s", rc, ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "LDAP: ldap_simple_bind_s error: %d, %s", rc,