mirror of
https://github.com/mainnika/nginx-auth-ldap.git
synced 2026-07-03 20:22:33 +00:00
Source format
This commit is contained in:
+27
-35
@@ -46,8 +46,8 @@ static void * ngx_http_auth_basic_create_loc_conf(ngx_conf_t *);
|
||||
static char * ngx_http_auth_ldap_merge_loc_conf(ngx_conf_t *, void *, void *);
|
||||
static ngx_int_t ngx_http_auth_ldap_set_realm(ngx_http_request_t *r, ngx_str_t *realm);
|
||||
static ngx_ldap_userinfo* ngx_http_auth_ldap_get_user_info(ngx_http_request_t *);
|
||||
static ngx_int_t ngx_http_auth_ldap_authenticate(ngx_http_request_t *, ngx_http_auth_ldap_ctx_t *,
|
||||
ngx_str_t *, ngx_http_auth_ldap_loc_conf_t *);
|
||||
static ngx_int_t ngx_http_auth_ldap_authenticate(ngx_http_request_t *, ngx_http_auth_ldap_ctx_t *, ngx_str_t *,
|
||||
ngx_http_auth_ldap_loc_conf_t *);
|
||||
static char * ngx_http_auth_ldap(ngx_conf_t *cf, void *post, void *data);
|
||||
static ngx_conf_post_handler_pt ngx_http_auth_ldap_p = ngx_http_auth_ldap;
|
||||
|
||||
@@ -123,8 +123,7 @@ static ngx_http_module_t ngx_http_auth_ldap_module_ctx = {
|
||||
};
|
||||
|
||||
ngx_module_t ngx_http_auth_ldap_module = {
|
||||
NGX_MODULE_V1,
|
||||
&ngx_http_auth_ldap_module_ctx, /* module context */
|
||||
NGX_MODULE_V1, &ngx_http_auth_ldap_module_ctx, /* module context */
|
||||
ngx_http_auth_ldap_commands, /* module directives */
|
||||
NGX_HTTP_MODULE, /* module type */
|
||||
NULL, /* init master */
|
||||
@@ -134,7 +133,8 @@ ngx_module_t ngx_http_auth_ldap_module = {
|
||||
NULL, /* exit thread */
|
||||
NULL, /* exit process */
|
||||
NULL, /* exit master */
|
||||
NGX_MODULE_V1_PADDING };
|
||||
NGX_MODULE_V1_PADDING /**/
|
||||
};
|
||||
|
||||
static char *
|
||||
ngx_http_auth_ldap_url(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) {
|
||||
@@ -316,8 +316,7 @@ ngx_http_auth_ldap_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) {
|
||||
return NGX_CONF_OK;
|
||||
}
|
||||
|
||||
static ngx_int_t
|
||||
ngx_http_auth_ldap_handler(ngx_http_request_t *r) {
|
||||
static ngx_int_t ngx_http_auth_ldap_handler(ngx_http_request_t *r) {
|
||||
int rc;
|
||||
ngx_http_auth_ldap_ctx_t *ctx;
|
||||
ngx_http_auth_ldap_loc_conf_t *alcf;
|
||||
@@ -363,6 +362,7 @@ ngx_http_auth_ldap_get_user_info(ngx_http_request_t *r) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
uname_buf = ngx_palloc(r->pool, len + 1);
|
||||
if (uname_buf == NULL) {
|
||||
return NULL;
|
||||
@@ -378,8 +378,7 @@ ngx_http_auth_ldap_get_user_info(ngx_http_request_t *r) {
|
||||
return uinfo;
|
||||
}
|
||||
|
||||
static ngx_int_t
|
||||
ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t *ctx,
|
||||
static ngx_int_t ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t *ctx,
|
||||
ngx_str_t *passwd, ngx_http_auth_ldap_loc_conf_t *conf) {
|
||||
|
||||
LDAP *ld;
|
||||
@@ -427,8 +426,8 @@ ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t
|
||||
|
||||
rc = ldap_initialize(&ld, (const char*) conf->url.data);
|
||||
if (rc != LDAP_SUCCESS) {
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "LDAP: Session initializing failed: %d, %s, (%s)",
|
||||
rc, ldap_err2string(rc), (const char*)conf->url.data);
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "LDAP: Session initializing failed: %d, %s, (%s)", rc,
|
||||
ldap_err2string(rc), (const char*) conf->url.data);
|
||||
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
||||
}
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: Session initialized", NULL);
|
||||
@@ -444,20 +443,21 @@ ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: Bind successful", NULL);
|
||||
|
||||
/// Create filter for search users by uid
|
||||
filter = ngx_pcalloc(r->pool, ngx_strlen(ludpp->lud_filter)+ ngx_strlen("(&(=))")
|
||||
+ ngx_strlen(ludpp->lud_attrs[0]) + uinfo->username.len +1);
|
||||
filter = ngx_pcalloc(
|
||||
r->pool,
|
||||
ngx_strlen(ludpp->lud_filter) + ngx_strlen("(&(=))") + ngx_strlen(ludpp->lud_attrs[0]) + uinfo->username.len
|
||||
+ 1);
|
||||
p = ngx_sprintf(filter, "(&%s(%s=%s))", ludpp->lud_filter, ludpp->lud_attrs[0], uinfo->username.data);
|
||||
*p = 0;
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: filter %s", (const char*) filter);
|
||||
|
||||
/// Search the directory
|
||||
rc = ldap_search_ext_s(ld, ludpp->lud_dn, ludpp->lud_scope, (const char*) filter, NULL, 0,
|
||||
NULL, NULL, &timeOut, 0, &searchResult);
|
||||
rc = ldap_search_ext_s(ld, ludpp->lud_dn, ludpp->lud_scope, (const char*) filter, NULL, 0, NULL, NULL, &timeOut, 0,
|
||||
&searchResult);
|
||||
|
||||
if (rc != LDAP_SUCCESS) {
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "LDAP: ldap_search_ext_s: %d, %s", rc,
|
||||
ldap_err2string(rc));
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "LDAP: ldap_search_ext_s: %d, %s", rc, ldap_err2string(rc));
|
||||
ldap_msgfree(searchResult);
|
||||
ldap_unbind_s(ld);
|
||||
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
||||
@@ -471,8 +471,7 @@ ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t
|
||||
/// Check require user
|
||||
value = conf->require_user->elts;
|
||||
for (i = 0; i < conf->require_user->nelts; i++) {
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: compare with: %s",
|
||||
value[i].data);
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: compare with: %s", value[i].data);
|
||||
if (ngx_strncmp(value[i].data, dn, value[i].len) == 0) {
|
||||
pass = 1;
|
||||
if (conf->satisfy_all == 0) {
|
||||
@@ -489,8 +488,7 @@ ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t
|
||||
}
|
||||
|
||||
/// Check require group
|
||||
if (conf->group_attribute_dn == 1)
|
||||
{
|
||||
if (conf->group_attribute_dn == 1) {
|
||||
bvalue.bv_val = dn;
|
||||
bvalue.bv_len = ngx_strlen(dn);
|
||||
} else {
|
||||
@@ -500,11 +498,9 @@ ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t
|
||||
|
||||
value = conf->require_group->elts;
|
||||
for (i = 0; i < conf->require_group->nelts; i++) {
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: compare with: %s",
|
||||
value[i].data);
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: compare with: %s", value[i].data);
|
||||
|
||||
rc = ldap_compare_ext_s(ld, (const char*) value[i].data,
|
||||
(const char*) conf->group_attribute.data,
|
||||
rc = ldap_compare_ext_s(ld, (const char*) value[i].data, (const char*) conf->group_attribute.data,
|
||||
&bvalue, NULL, NULL);
|
||||
|
||||
if (rc != LDAP_COMPARE_TRUE && rc != LDAP_COMPARE_FALSE) {
|
||||
@@ -534,13 +530,11 @@ ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t
|
||||
/// Bind user to the server
|
||||
rc = ldap_simple_bind_s(ld, dn, (const char *) uinfo->password.data);
|
||||
if (rc != LDAP_SUCCESS) {
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
|
||||
"LDAP: ldap_simple_bind_s error: %d, %s", rc, ldap_err2string(rc));
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "LDAP: ldap_simple_bind_s error: %d, %s", rc,
|
||||
ldap_err2string(rc));
|
||||
pass = 0;
|
||||
} else
|
||||
{
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
|
||||
"LDAP: User bind successful", NULL);
|
||||
} else {
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: User bind successful", NULL);
|
||||
pass = 1;
|
||||
}
|
||||
}
|
||||
@@ -558,8 +552,7 @@ ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
static ngx_int_t
|
||||
ngx_http_auth_ldap_set_realm(ngx_http_request_t *r, ngx_str_t *realm) {
|
||||
static ngx_int_t ngx_http_auth_ldap_set_realm(ngx_http_request_t *r, ngx_str_t *realm) {
|
||||
r->headers_out.www_authenticate = ngx_list_push(&r->headers_out.headers);
|
||||
if (r->headers_out.www_authenticate == NULL) {
|
||||
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
||||
@@ -604,8 +597,7 @@ ngx_http_auth_ldap(ngx_conf_t *cf, void *post, void *data) {
|
||||
return NGX_CONF_OK;
|
||||
}
|
||||
|
||||
static ngx_int_t
|
||||
ngx_http_auth_ldap_init(ngx_conf_t *cf) {
|
||||
static ngx_int_t ngx_http_auth_ldap_init(ngx_conf_t *cf) {
|
||||
ngx_http_handler_pt *h;
|
||||
ngx_http_core_main_conf_t *cmcf;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user