Check Slave credential headers (#1935)
This commit is contained in:
parent
5c7905e342
commit
9784e75ead
|
@ -54,7 +54,7 @@ our $authParameters = {
|
||||||
radiusParams => [qw(radiusAuthnLevel radiusSecret radiusServer)],
|
radiusParams => [qw(radiusAuthnLevel radiusSecret radiusServer)],
|
||||||
remoteParams => [qw(remotePortal remoteCookieName remoteGlobalStorage remoteGlobalStorageOptions)],
|
remoteParams => [qw(remotePortal remoteCookieName remoteGlobalStorage remoteGlobalStorageOptions)],
|
||||||
restParams => [qw(restAuthnLevel restAuthUrl restUserDBUrl restPwdConfirmUrl restPwdModifyUrl)],
|
restParams => [qw(restAuthnLevel restAuthUrl restUserDBUrl restPwdConfirmUrl restPwdModifyUrl)],
|
||||||
slaveParams => [qw(slaveAuthnLevel slaveExportedVars slaveUserHeader slaveMasterIP slaveHeaderName slaveHeaderContent)],
|
slaveParams => [qw(slaveAuthnLevel slaveUserHeader slaveMasterIP slaveHeaderName slaveHeaderContent slaveExportedVars)],
|
||||||
sslParams => [qw(SSLAuthnLevel SSLVar SSLVarIf sslByAjax sslHost)],
|
sslParams => [qw(SSLAuthnLevel SSLVar SSLVarIf sslByAjax sslHost)],
|
||||||
twitterParams => [qw(twitterAuthnLevel twitterKey twitterSecret twitterAppName twitterUserField)],
|
twitterParams => [qw(twitterAuthnLevel twitterKey twitterSecret twitterAppName twitterUserField)],
|
||||||
webidParams => [qw(webIDAuthnLevel webIDExportedVars webIDWhitelist)],
|
webidParams => [qw(webIDAuthnLevel webIDExportedVars webIDWhitelist)],
|
||||||
|
|
|
@ -142,7 +142,7 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
|
||||||
eval {
|
eval {
|
||||||
do {
|
do {
|
||||||
qr/$_[0]/;
|
qr/$_[0]/;
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
return $@ ? ( 0, "__badRegexp__: $@" ) : 1;
|
return $@ ? ( 0, "__badRegexp__: $@" ) : 1;
|
||||||
}
|
}
|
||||||
|
@ -223,8 +223,7 @@ m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\
|
||||||
},
|
},
|
||||||
'select' => {
|
'select' => {
|
||||||
'test' => sub {
|
'test' => sub {
|
||||||
my $test =
|
my $test = grep( { $_ eq $_[0]; }
|
||||||
grep( { $_ eq $_[0]; }
|
|
||||||
map( { $_->{'k'}; } @{ $_[2]{'select'}; } ) );
|
map( { $_->{'k'}; } @{ $_[2]{'select'}; } ) );
|
||||||
return $test
|
return $test
|
||||||
? 1
|
? 1
|
||||||
|
@ -1616,7 +1615,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
|
||||||
eval {
|
eval {
|
||||||
do {
|
do {
|
||||||
qr/$_[0]/;
|
qr/$_[0]/;
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
return $@ ? 0 : 1;
|
return $@ ? 0 : 1;
|
||||||
},
|
},
|
||||||
|
|
|
@ -386,9 +386,9 @@ sub tree {
|
||||||
title => 'slaveParams',
|
title => 'slaveParams',
|
||||||
help => 'authslave.html',
|
help => 'authslave.html',
|
||||||
nodes => [
|
nodes => [
|
||||||
'slaveAuthnLevel', 'slaveExportedVars',
|
'slaveAuthnLevel', 'slaveUserHeader',
|
||||||
'slaveUserHeader', 'slaveMasterIP',
|
'slaveMasterIP', 'slaveHeaderName',
|
||||||
'slaveHeaderName', 'slaveHeaderContent'
|
'slaveHeaderContent', 'slaveExportedVars',
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
File diff suppressed because one or more lines are too long
|
@ -23,6 +23,11 @@ sub extractFormInfo {
|
||||||
return PE_FORBIDDENIP
|
return PE_FORBIDDENIP
|
||||||
unless ( $self->checkIP($req) and $self->checkHeader($req) );
|
unless ( $self->checkIP($req) and $self->checkHeader($req) );
|
||||||
|
|
||||||
|
unless ( $self->conf->{slaveUserHeader} ){
|
||||||
|
$self->logger->debug('slaveUserHeader is undefined');
|
||||||
|
return PE_USERNOTFOUND;
|
||||||
|
};
|
||||||
|
|
||||||
my $user_header = $self->conf->{slaveUserHeader};
|
my $user_header = $self->conf->{slaveUserHeader};
|
||||||
$user_header = 'HTTP_' . uc($user_header);
|
$user_header = 'HTTP_' . uc($user_header);
|
||||||
$user_header =~ s/\-/_/g;
|
$user_header =~ s/\-/_/g;
|
||||||
|
|
|
@ -10,7 +10,7 @@ use base qw(Exporter);
|
||||||
use strict;
|
use strict;
|
||||||
|
|
||||||
our @EXPORT = qw(checkIP checkHeader);
|
our @EXPORT = qw(checkIP checkHeader);
|
||||||
our $VERSION = '2.0.0';
|
our $VERSION = '2.0.6';
|
||||||
|
|
||||||
# RUNNING METHODS
|
# RUNNING METHODS
|
||||||
|
|
||||||
|
@ -34,8 +34,15 @@ sub checkHeader {
|
||||||
return 1
|
return 1
|
||||||
unless ( $self->conf->{slaveHeaderName}
|
unless ( $self->conf->{slaveHeaderName}
|
||||||
and $self->conf->{slaveHeaderContent} );
|
and $self->conf->{slaveHeaderContent} );
|
||||||
my $headerContent = $req->{ $self->conf->{slaveHeaderName} };
|
|
||||||
return 1 if ( $self->conf->{slaveHeaderContent} =~ /\b$headerContent\b/ );
|
my $slave_header = 'HTTP_' . uc( $self->{conf}->{slaveHeaderName} );
|
||||||
|
$slave_header =~ s/\-/_/g;
|
||||||
|
my $headerContent = $req->env->{$slave_header};
|
||||||
|
$self->logger->debug("Required Slave header => $self->{conf}->{slaveHeaderName}");
|
||||||
|
$self->logger->debug("Received Slave header content => $headerContent");
|
||||||
|
return 1
|
||||||
|
if ( $headerContent
|
||||||
|
and $self->conf->{slaveHeaderContent} =~ /\b$headerContent\b/ );
|
||||||
|
|
||||||
$self->userLogger->warn('Matching header not found for Slave module ');
|
$self->userLogger->warn('Matching header not found for Slave module ');
|
||||||
return 0;
|
return 0;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user