Check Slave credential headers (#1935)
This commit is contained in:
Christophe Maudoux
parent
5c7905e342
commit
9784e75ead
|
|
@ -54,7 +54,7 @@ our $authParameters = {
|
|||
radiusParams => [qw(radiusAuthnLevel radiusSecret radiusServer)],
|
||||
remoteParams => [qw(remotePortal remoteCookieName remoteGlobalStorage remoteGlobalStorageOptions)],
|
||||
restParams => [qw(restAuthnLevel restAuthUrl restUserDBUrl restPwdConfirmUrl restPwdModifyUrl)],
|
||||
slaveParams => [qw(slaveAuthnLevel slaveExportedVars slaveUserHeader slaveMasterIP slaveHeaderName slaveHeaderContent)],
|
||||
slaveParams => [qw(slaveAuthnLevel slaveUserHeader slaveMasterIP slaveHeaderName slaveHeaderContent slaveExportedVars)],
|
||||
sslParams => [qw(SSLAuthnLevel SSLVar SSLVarIf sslByAjax sslHost)],
|
||||
twitterParams => [qw(twitterAuthnLevel twitterKey twitterSecret twitterAppName twitterUserField)],
|
||||
webidParams => [qw(webIDAuthnLevel webIDExportedVars webIDWhitelist)],
|
||||
|
|
|
|||
|
|
@ -142,7 +142,7 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
|
|||
eval {
|
||||
do {
|
||||
qr/$_[0]/;
|
||||
}
|
||||
}
|
||||
};
|
||||
return $@ ? ( 0, "__badRegexp__: $@" ) : 1;
|
||||
}
|
||||
|
|
@ -223,8 +223,7 @@ m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\
|
|||
},
|
||||
'select' => {
|
||||
'test' => sub {
|
||||
my $test =
|
||||
grep( { $_ eq $_[0]; }
|
||||
my $test = grep( { $_ eq $_[0]; }
|
||||
map( { $_->{'k'}; } @{ $_[2]{'select'}; } ) );
|
||||
return $test
|
||||
? 1
|
||||
|
|
@ -1616,7 +1615,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
|
|||
eval {
|
||||
do {
|
||||
qr/$_[0]/;
|
||||
}
|
||||
}
|
||||
};
|
||||
return $@ ? 0 : 1;
|
||||
},
|
||||
|
|
|
|||
|
|
@ -386,9 +386,9 @@ sub tree {
|
|||
title => 'slaveParams',
|
||||
help => 'authslave.html',
|
||||
nodes => [
|
||||
'slaveAuthnLevel', 'slaveExportedVars',
|
||||
'slaveUserHeader', 'slaveMasterIP',
|
||||
'slaveHeaderName', 'slaveHeaderContent'
|
||||
'slaveAuthnLevel', 'slaveUserHeader',
|
||||
'slaveMasterIP', 'slaveHeaderName',
|
||||
'slaveHeaderContent', 'slaveExportedVars',
|
||||
]
|
||||
},
|
||||
{
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
|
|
@ -23,6 +23,11 @@ sub extractFormInfo {
|
|||
return PE_FORBIDDENIP
|
||||
unless ( $self->checkIP($req) and $self->checkHeader($req) );
|
||||
|
||||
unless ( $self->conf->{slaveUserHeader} ){
|
||||
$self->logger->debug('slaveUserHeader is undefined');
|
||||
return PE_USERNOTFOUND;
|
||||
};
|
||||
|
||||
my $user_header = $self->conf->{slaveUserHeader};
|
||||
$user_header = 'HTTP_' . uc($user_header);
|
||||
$user_header =~ s/\-/_/g;
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ use base qw(Exporter);
|
|||
use strict;
|
||||
|
||||
our @EXPORT = qw(checkIP checkHeader);
|
||||
our $VERSION = '2.0.0';
|
||||
our $VERSION = '2.0.6';
|
||||
|
||||
# RUNNING METHODS
|
||||
|
||||
|
|
@ -34,8 +34,15 @@ sub checkHeader {
|
|||
return 1
|
||||
unless ( $self->conf->{slaveHeaderName}
|
||||
and $self->conf->{slaveHeaderContent} );
|
||||
my $headerContent = $req->{ $self->conf->{slaveHeaderName} };
|
||||
return 1 if ( $self->conf->{slaveHeaderContent} =~ /\b$headerContent\b/ );
|
||||
|
||||
my $slave_header = 'HTTP_' . uc( $self->{conf}->{slaveHeaderName} );
|
||||
$slave_header =~ s/\-/_/g;
|
||||
my $headerContent = $req->env->{$slave_header};
|
||||
$self->logger->debug("Required Slave header => $self->{conf}->{slaveHeaderName}");
|
||||
$self->logger->debug("Received Slave header content => $headerContent");
|
||||
return 1
|
||||
if ( $headerContent
|
||||
and $self->conf->{slaveHeaderContent} =~ /\b$headerContent\b/ );
|
||||
|
||||
$self->userLogger->warn('Matching header not found for Slave module ');
|
||||
return 0;
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user