From 4e223dbd2316927f79ef99e93d1991b3d15e99d7 Mon Sep 17 00:00:00 2001 From: Andreas Peters Date: Wed, 21 Feb 2018 11:26:46 +0100 Subject: [PATCH 1/8] add debug Signed-off-by: Andreas Peters --- ngx_http_auth_ldap_module.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ngx_http_auth_ldap_module.c b/ngx_http_auth_ldap_module.c index 18d359b..e7e606d 100644 --- a/ngx_http_auth_ldap_module.c +++ b/ngx_http_auth_ldap_module.c @@ -2200,6 +2200,7 @@ ngx_http_auth_ldap_check_group(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t * ngx_memcpy(gr, val.data, val.len); gr[val.len] = '\0'; tail_gr = ngx_strchr(gr, ','); + if (tail_gr == NULL) { ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: Incorrect group DN: \"%s\"", gr); ctx->outcome = OUTCOME_ERROR; @@ -2235,6 +2236,8 @@ ngx_http_auth_ldap_check_group(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t * r->pool, for_filter); ngx_sprintf(filter, "(&(%s)(%s=%s))", cn_gr, ctx->server->group_attribute.data, user_val); + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: user \"%s\"", (const char *) user_val); + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: group \"%s\"", (const char *) cn_gr); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: Search group filter is \"%s\"", (const char *) filter); attrs[0] = LDAP_NO_ATTRS; attrs[1] = NULL; From 5f9f013601b8a76e2dfa787b8e1ca5077abb1db4 Mon Sep 17 00:00:00 2001 From: Andreas Peters Date: Wed, 21 Feb 2018 13:22:11 +0100 Subject: [PATCH 2/8] add more rebug Signed-off-by: Andreas Peters --- ngx_http_auth_ldap_module.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ngx_http_auth_ldap_module.c b/ngx_http_auth_ldap_module.c index e7e606d..28a81c9 100644 --- a/ngx_http_auth_ldap_module.c +++ b/ngx_http_auth_ldap_module.c @@ -2237,6 +2237,7 @@ ngx_http_auth_ldap_check_group(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t * for_filter); ngx_sprintf(filter, "(&(%s)(%s=%s))", cn_gr, ctx->server->group_attribute.data, user_val); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: user \"%s\"", (const char *) user_val); + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: group_atr \"%s\"", (const char *) ctx->server->group_attribute.data); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: group \"%s\"", (const char *) cn_gr); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: Search group filter is \"%s\"", (const char *) filter); attrs[0] = LDAP_NO_ATTRS; From 961832fe8e15e2112986cfd3bbfe4a73e4ceca9e Mon Sep 17 00:00:00 2001 From: Andreas Peters Date: Wed, 21 Feb 2018 15:18:33 +0100 Subject: [PATCH 3/8] much more debug --- ngx_http_auth_ldap_module.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ngx_http_auth_ldap_module.c b/ngx_http_auth_ldap_module.c index 28a81c9..5a4e564 100644 --- a/ngx_http_auth_ldap_module.c +++ b/ngx_http_auth_ldap_module.c @@ -2239,6 +2239,8 @@ ngx_http_auth_ldap_check_group(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t * ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: user \"%s\"", (const char *) user_val); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: group_atr \"%s\"", (const char *) ctx->server->group_attribute.data); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: group \"%s\"", (const char *) cn_gr); + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: ctx_dn \"%s\"", (const char *) ctx->dn.data); + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: ctx_user_dn \"%s\"", (const char *) ctx->user_dn.data); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: Search group filter is \"%s\"", (const char *) filter); attrs[0] = LDAP_NO_ATTRS; attrs[1] = NULL; From 583a5093ac3f8ec6eabebc962266f0f0ec76dd7a Mon Sep 17 00:00:00 2001 From: Andreas Peters Date: Wed, 21 Feb 2018 16:41:09 +0100 Subject: [PATCH 4/8] change debug mode --- ngx_http_auth_ldap_module.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ngx_http_auth_ldap_module.c b/ngx_http_auth_ldap_module.c index 5a4e564..1644bef 100644 --- a/ngx_http_auth_ldap_module.c +++ b/ngx_http_auth_ldap_module.c @@ -2236,12 +2236,12 @@ ngx_http_auth_ldap_check_group(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t * r->pool, for_filter); ngx_sprintf(filter, "(&(%s)(%s=%s))", cn_gr, ctx->server->group_attribute.data, user_val); - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: user \"%s\"", (const char *) user_val); - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: group_atr \"%s\"", (const char *) ctx->server->group_attribute.data); - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: group \"%s\"", (const char *) cn_gr); - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: ctx_dn \"%s\"", (const char *) ctx->dn.data); - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: ctx_user_dn \"%s\"", (const char *) ctx->user_dn.data); - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: Search group filter is \"%s\"", (const char *) filter); + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: user \"%s\"", (const char *) user_val); + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: group_atr \"%s\"", (const char *) ctx->server->group_attribute.data); + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: group \"%s\"", (const char *) cn_gr); + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: ctx_dn \"%s\"", (const char *) ctx->dn.data); + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: ctx_user_dn \"%s\"", (const char *) ctx->user_dn.data); + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: Search group filter is \"%s\"", (const char *) filter); attrs[0] = LDAP_NO_ATTRS; attrs[1] = NULL; rc = ldap_search_ext(ctx->c->ld, tail_gr, LDAP_SCOPE_ONELEVEL, (const char *) filter, attrs, 0, NULL, NULL, NULL, 0, &ctx->c->msgid); From 49cfe7820a39d74b603c98f75e35b3d7d3031ad8 Mon Sep 17 00:00:00 2001 From: Andreas Peters Date: Wed, 21 Feb 2018 16:43:01 +0100 Subject: [PATCH 5/8] remove ctx --- ngx_http_auth_ldap_module.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/ngx_http_auth_ldap_module.c b/ngx_http_auth_ldap_module.c index 1644bef..c8f39c6 100644 --- a/ngx_http_auth_ldap_module.c +++ b/ngx_http_auth_ldap_module.c @@ -2239,8 +2239,6 @@ ngx_http_auth_ldap_check_group(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t * ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: user \"%s\"", (const char *) user_val); ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: group_atr \"%s\"", (const char *) ctx->server->group_attribute.data); ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: group \"%s\"", (const char *) cn_gr); - ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: ctx_dn \"%s\"", (const char *) ctx->dn.data); - ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: ctx_user_dn \"%s\"", (const char *) ctx->user_dn.data); ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: Search group filter is \"%s\"", (const char *) filter); attrs[0] = LDAP_NO_ATTRS; attrs[1] = NULL; From 3aa566d576d7dafed74b739c4e8c394b92471318 Mon Sep 17 00:00:00 2001 From: Andreas Peters Date: Wed, 21 Feb 2018 17:03:04 +0100 Subject: [PATCH 6/8] change user_dn to dn --- ngx_http_auth_ldap_module.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ngx_http_auth_ldap_module.c b/ngx_http_auth_ldap_module.c index c8f39c6..f3c2677 100644 --- a/ngx_http_auth_ldap_module.c +++ b/ngx_http_auth_ldap_module.c @@ -2214,9 +2214,9 @@ ngx_http_auth_ldap_check_group(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t * if (ctx->server->group_attribute_dn == 1) { user_val = ngx_pcalloc( r->pool, - ctx->user_dn.len + 1); - ngx_memcpy(user_val, ctx->user_dn.data, ctx->user_dn.len); - user_val[ctx->user_dn.len] = '\0'; + ctx->dn.len + 1); + ngx_memcpy(user_val, ctx->dn.data, ctx->dn.len); + user_val[ctx->dn.len] = '\0'; } else { user_val = ngx_pcalloc( r->pool, From 82d79f849036f8c10a1ebd787eed2d1c7ffdd2b0 Mon Sep 17 00:00:00 2001 From: Andreas Peters Date: Wed, 21 Feb 2018 17:04:33 +0100 Subject: [PATCH 7/8] remove debug lines --- ngx_http_auth_ldap_module.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/ngx_http_auth_ldap_module.c b/ngx_http_auth_ldap_module.c index f3c2677..db41470 100644 --- a/ngx_http_auth_ldap_module.c +++ b/ngx_http_auth_ldap_module.c @@ -2236,9 +2236,6 @@ ngx_http_auth_ldap_check_group(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t * r->pool, for_filter); ngx_sprintf(filter, "(&(%s)(%s=%s))", cn_gr, ctx->server->group_attribute.data, user_val); - ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: user \"%s\"", (const char *) user_val); - ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: group_atr \"%s\"", (const char *) ctx->server->group_attribute.data); - ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: group \"%s\"", (const char *) cn_gr); ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: Search group filter is \"%s\"", (const char *) filter); attrs[0] = LDAP_NO_ATTRS; attrs[1] = NULL; From e67df3d5fedfa12d398ba347c2fabc63b7bac603 Mon Sep 17 00:00:00 2001 From: Andreas Peters Date: Wed, 21 Feb 2018 17:18:05 +0100 Subject: [PATCH 8/8] change error to debug --- ngx_http_auth_ldap_module.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ngx_http_auth_ldap_module.c b/ngx_http_auth_ldap_module.c index db41470..a1b466c 100644 --- a/ngx_http_auth_ldap_module.c +++ b/ngx_http_auth_ldap_module.c @@ -2236,7 +2236,7 @@ ngx_http_auth_ldap_check_group(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t * r->pool, for_filter); ngx_sprintf(filter, "(&(%s)(%s=%s))", cn_gr, ctx->server->group_attribute.data, user_val); - ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: Search group filter is \"%s\"", (const char *) filter); + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: Search group filter is \"%s\"", (const char *) filter); attrs[0] = LDAP_NO_ATTRS; attrs[1] = NULL; rc = ldap_search_ext(ctx->c->ld, tail_gr, LDAP_SCOPE_ONELEVEL, (const char *) filter, attrs, 0, NULL, NULL, NULL, 0, &ctx->c->msgid);