mainnika/nginx-auth-ldap
1
0
Fork 0
mirror of https://github.com/mainnika/nginx-auth-ldap.git synced 2026-05-22 15:53:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use ngx_http_complex_value_t instead of custom script handling

Browse Source 
Makes the code smaller and cleaner by just using the core functionality.
This commit is contained in:
Jiri Hruska
2013-07-22 15:39:08 +02:00
parent 17fce4fe0a
commit 4947e2047d
1 changed files with 43 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ngx_http_auth_ldap_module.c
+43 -85
View File
@@ -29,12 +29,6 @@
#include <ngx_http.h>
#include <ldap.h>
typedef struct {
ngx_str_t value;
ngx_array_t *lengths;
ngx_array_t *values;
} ngx_ldap_require_t;
typedef struct {
LDAPURLDesc *ludpp;
ngx_str_t url;
@@ -46,8 +40,8 @@ typedef struct {
ngx_str_t group_attribute;
ngx_flag_t group_attribute_dn;
ngx_array_t *require_group; /* array of ngx_ldap_require_t */
ngx_array_t *require_user; /* array of ngx_ldap_require_t */
ngx_array_t *require_group; /* array of ngx_http_complex_value_t */
ngx_array_t *require_user; /* array of ngx_http_complex_value_t */
ngx_flag_t require_valid_user;
ngx_flag_t satisfy_all;
} ngx_http_auth_ldap_server_t;
@@ -336,65 +330,43 @@ ngx_http_auth_ldap_parse_url(ngx_conf_t *cf, ngx_http_auth_ldap_server_t *server
static char *
ngx_http_auth_ldap_parse_require(ngx_conf_t *cf, ngx_http_auth_ldap_server_t *server) {
ngx_http_script_compile_t sc;
ngx_str_t *value;
ngx_http_complex_value_t* rule = NULL;
ngx_http_compile_complex_value_t ccv;
value = cf->args->elts;
if (server->require_user == NULL) {
server->require_user = ngx_array_create(cf->pool, 4, sizeof(ngx_ldap_require_t));
if (server->require_user == NULL) {
return NGX_CONF_ERROR;
}
}
if (server->require_group == NULL) {
server->require_group = ngx_array_create(cf->pool, 4, sizeof(ngx_ldap_require_t));
if (server->require_group == NULL) {
return NGX_CONF_ERROR;
}
}
if (ngx_strcmp(value[1].data, "valid_user") == 0) {
server->require_valid_user = 1;
}
if (ngx_strcmp(value[1].data, "user") == 0 || ngx_strcmp(value[1].data, "group") == 0)
{
ngx_int_t n;
ngx_ldap_require_t *rule = NULL;
if (ngx_strcmp(value[1].data, "user") == 0) {
rule = ngx_array_push(server->require_user);
}
if (ngx_strcmp(value[1].data, "group") == 0) {
rule = ngx_array_push(server->require_group);
}
if (rule == NULL) {
return NGX_CONF_ERROR;
}
rule->value.data = value[2].data;
rule->value.len = value[2].len;
rule->values = NULL;
rule->lengths = NULL;
n = ngx_http_script_variables_count(&value[2]);
if(n > 0) {
ngx_memzero(&sc, sizeof(ngx_http_script_compile_t));
sc.cf = cf;
sc.source = &value[2];
sc.lengths = &rule->lengths;
sc.values = &rule->values;
sc.complete_lengths = 1;
sc.complete_values = 1;
if (ngx_http_script_compile(&sc) != NGX_OK) {
return NGX_CONF_OK;
} else if (ngx_strcmp(value[1].data, "user") == 0) {
if (server->require_user == NULL) {
server->require_user = ngx_array_create(cf->pool, 4, sizeof(ngx_http_complex_value_t));
if (server->require_user == NULL) {
return NGX_CONF_ERROR;
}
}
rule = ngx_array_push(server->require_user);
} else if (ngx_strcmp(value[1].data, "group") == 0) {
if (server->require_group == NULL) {
server->require_group = ngx_array_create(cf->pool, 4, sizeof(ngx_http_complex_value_t));
if (server->require_group == NULL) {
return NGX_CONF_ERROR;
}
}
rule = ngx_array_push(server->require_group);
}
if (rule == NULL) {
return NGX_CONF_ERROR;
}
ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t));
ccv.cf = cf;
ccv.value = &value[2];
ccv.complex_value = rule;
if (ngx_http_compile_complex_value(&ccv) != NGX_OK) {
return NGX_CONF_ERROR;
}
return NGX_CONF_OK;
@@ -573,7 +545,7 @@ static ngx_int_t ngx_http_auth_ldap_authenticate_against_server(ngx_http_request
LDAPMessage *searchResult;
char *dn;
u_char *p, *filter;
ngx_ldap_require_t *value;
ngx_http_complex_value_t *value;
ngx_uint_t i;
struct berval bvalue;
ngx_flag_t pass = NGX_CONF_UNSET;
@@ -635,21 +607,14 @@ static ngx_int_t ngx_http_auth_ldap_authenticate_against_server(ngx_http_request
value = server->require_user->elts;
for (i = 0; i < server->require_user->nelts; i++) {
ngx_str_t val;
if (value[i].lengths == NULL) {
val = value[i].value;
} else {
if (ngx_http_script_run(r, &val, value[i].lengths->elts, 0,
value[i].values->elts) == NULL)
{
ldap_memfree(dn);
ldap_msgfree(searchResult);
ldap_unbind_s(ld);
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
val.data[val.len] = '\0';
if (ngx_http_complex_value(r, &value[i], &val) != NGX_OK) {
ldap_memfree(dn);
ldap_msgfree(searchResult);
ldap_unbind_s(ld);
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: compare with: %s", val.data);
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: compare with: %V", &val);
if (ngx_strncmp(val.data, dn, val.len) == 0) {
pass = 1;
if (server->satisfy_all == 0) {
@@ -680,21 +645,14 @@ static ngx_int_t ngx_http_auth_ldap_authenticate_against_server(ngx_http_request
for (i = 0; i < server->require_group->nelts; i++) {
ngx_str_t val;
if (value[i].lengths == NULL) {
val = value[i].value;
} else {
if (ngx_http_script_run(r, &val, value[i].lengths->elts, 0,
value[i].values->elts) == NULL)
{
ldap_memfree(dn);
ldap_msgfree(searchResult);
ldap_unbind_s(ld);
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
val.data[val.len] = '\0';
if (ngx_http_complex_value(r, &value[i], &val) != NGX_OK) {
ldap_memfree(dn);
ldap_msgfree(searchResult);
ldap_unbind_s(ld);
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: group compare with: %s", val.data);
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: group compare with: %V", &val);
rc = ldap_compare_ext_s(ld, (const char*) val.data, (const char*) server->group_attribute.data,
&bvalue, NULL, NULL);