|
|
@ -33,6 +33,7 @@ typedef struct { |
|
|
|
|
|
|
|
|
|
|
|
ngx_array_t *require_group; |
|
|
|
ngx_array_t *require_group; |
|
|
|
ngx_array_t *require_user; |
|
|
|
ngx_array_t *require_user; |
|
|
|
|
|
|
|
ngx_flag_t require_valid_user; |
|
|
|
ngx_flag_t satisfy_all; |
|
|
|
ngx_flag_t satisfy_all; |
|
|
|
} ngx_http_auth_ldap_loc_conf_t; |
|
|
|
} ngx_http_auth_ldap_loc_conf_t; |
|
|
|
|
|
|
|
|
|
|
@ -81,7 +82,7 @@ static ngx_command_t ngx_http_auth_ldap_commands[] = { |
|
|
|
NULL }, |
|
|
|
NULL }, |
|
|
|
{ |
|
|
|
{ |
|
|
|
ngx_string("auth_ldap_require"), |
|
|
|
ngx_string("auth_ldap_require"), |
|
|
|
NGX_HTTP_MAIN_CONF | NGX_HTTP_SRV_CONF | NGX_HTTP_LOC_CONF | NGX_HTTP_LMT_CONF | NGX_CONF_TAKE2, |
|
|
|
NGX_HTTP_MAIN_CONF | NGX_HTTP_SRV_CONF | NGX_HTTP_LOC_CONF | NGX_HTTP_LMT_CONF | NGX_CONF_TAKE12, |
|
|
|
ngx_http_auth_ldap_require, |
|
|
|
ngx_http_auth_ldap_require, |
|
|
|
NGX_HTTP_LOC_CONF_OFFSET, |
|
|
|
NGX_HTTP_LOC_CONF_OFFSET, |
|
|
|
0, |
|
|
|
0, |
|
|
@ -244,6 +245,10 @@ ngx_http_auth_ldap_require(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (ngx_strcmp(value[1].data, "valid_user") == 0) { |
|
|
|
|
|
|
|
alcf->require_valid_user=1; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if (ngx_strcmp(value[1].data, "user") == 0) { |
|
|
|
if (ngx_strcmp(value[1].data, "user") == 0) { |
|
|
|
rule = ngx_array_push(alcf->require_user); |
|
|
|
rule = ngx_array_push(alcf->require_user); |
|
|
|
if (rule == NULL) { |
|
|
|
if (rule == NULL) { |
|
|
@ -273,6 +278,7 @@ ngx_http_auth_basic_create_loc_conf(ngx_conf_t *cf) { |
|
|
|
return NULL; |
|
|
|
return NULL; |
|
|
|
} |
|
|
|
} |
|
|
|
conf->satisfy_all = NGX_CONF_UNSET; |
|
|
|
conf->satisfy_all = NGX_CONF_UNSET; |
|
|
|
|
|
|
|
conf->require_valid_user = NGX_CONF_UNSET; |
|
|
|
conf->group_attribute_dn = NGX_CONF_UNSET; |
|
|
|
conf->group_attribute_dn = NGX_CONF_UNSET; |
|
|
|
return conf; |
|
|
|
return conf; |
|
|
|
} |
|
|
|
} |
|
|
@ -291,6 +297,7 @@ ngx_http_auth_ldap_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) { |
|
|
|
ngx_conf_merge_str_value(conf->bind_dn_passwd, prev->bind_dn_passwd, ""); |
|
|
|
ngx_conf_merge_str_value(conf->bind_dn_passwd, prev->bind_dn_passwd, ""); |
|
|
|
ngx_conf_merge_str_value(conf->group_attribute, prev->group_attribute, "member"); |
|
|
|
ngx_conf_merge_str_value(conf->group_attribute, prev->group_attribute, "member"); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ngx_conf_merge_value(conf->require_valid_user, prev->require_valid_user,0); |
|
|
|
ngx_conf_merge_value(conf->satisfy_all, prev->satisfy_all,0); |
|
|
|
ngx_conf_merge_value(conf->satisfy_all, prev->satisfy_all,0); |
|
|
|
ngx_conf_merge_value(conf->group_attribute_dn, prev->group_attribute_dn,1); |
|
|
|
ngx_conf_merge_value(conf->group_attribute_dn, prev->group_attribute_dn,1); |
|
|
|
|
|
|
|
|
|
|
@ -380,9 +387,7 @@ ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t |
|
|
|
LDAPURLDesc *ludpp = conf->ludpp; |
|
|
|
LDAPURLDesc *ludpp = conf->ludpp; |
|
|
|
int version = LDAP_VERSION3; |
|
|
|
int version = LDAP_VERSION3; |
|
|
|
struct berval bvalue; |
|
|
|
struct berval bvalue; |
|
|
|
struct timeval timeOut = { |
|
|
|
struct timeval timeOut = {10, 0}; |
|
|
|
10, |
|
|
|
|
|
|
|
0 }; |
|
|
|
|
|
|
|
int reqcert = LDAP_OPT_X_TLS_ALLOW; |
|
|
|
int reqcert = LDAP_OPT_X_TLS_ALLOW; |
|
|
|
|
|
|
|
|
|
|
|
int rc; |
|
|
|
int rc; |
|
|
@ -524,16 +529,22 @@ ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if (pass == 1) { |
|
|
|
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: result DN1 %d", conf->require_valid_user); |
|
|
|
|
|
|
|
if (pass == 1 || (conf->require_valid_user == 1)) { |
|
|
|
/// Bind user to the server
|
|
|
|
/// Bind user to the server
|
|
|
|
rc = ldap_simple_bind_s(ld, dn, (const char *) uinfo->password.data); |
|
|
|
rc = ldap_simple_bind_s(ld, dn, (const char *) uinfo->password.data); |
|
|
|
if (rc != LDAP_SUCCESS) { |
|
|
|
if (rc != LDAP_SUCCESS) { |
|
|
|
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, |
|
|
|
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, |
|
|
|
"LDAP: ldap_simple_bind_s error: %d, %s", rc, ldap_err2string(rc)); |
|
|
|
"LDAP: ldap_simple_bind_s error: %d, %s", rc, ldap_err2string(rc)); |
|
|
|
pass = 0; |
|
|
|
pass = 0; |
|
|
|
|
|
|
|
} else |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
|
|
|
|
|
|
|
"LDAP: User bind successful", NULL); |
|
|
|
|
|
|
|
pass = 1; |
|
|
|
} |
|
|
|
} |
|
|
|
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: User bind successful", NULL); |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
ldap_memfree(dn); |
|
|
|
ldap_memfree(dn); |
|
|
|
} |
|
|
|
} |
|
|
|