From aa2fa2207412afe9c5eceffd0d06cd77a9cad09b Mon Sep 17 00:00:00 2001 From: Xavier Date: Tue, 15 Oct 2019 21:46:04 +0200 Subject: [PATCH] Add regexp capture feature in rules (#321) --- .../lib/Lemonldap/NG/Handler/Main/Reload.pm | 5 +++-- .../lib/Lemonldap/NG/Handler/Main/Run.pm | 5 +++-- .../t/60-Lemonldap-NG-Handler-PSGI.t | 12 ++++++++++++ lemonldap-ng-handler/t/lmConf-1.json | 1 + 4 files changed, 19 insertions(+), 4 deletions(-) diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm index 4b2f57c2e..b6c6f7f74 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm @@ -572,9 +572,10 @@ sub substitute { $expr =~ s/\$ip\b/\$ENV{REMOTE_ADDR}/sg; # substitute vars with session data, excepts special vars $_ and $\d+ - $expr =~ s/\$(?!(?:ENV|env)\b)(_\w+|[a-zA-Z]\w*)/\$s->{$1}/sg; + $expr =~ s/\$(?!(?:ENV|env|_rulematch)\b)(_\w+|[a-zA-Z]\w*)/\$s->{$1}/sg; $expr =~ s/\$ENV\{/\$r->{env}->\{/g; $expr =~ s/\$env->\{/\$r->{env}->\{/g; + $expr =~ s/\$_rulematch\[/\$m->\[/g; return $expr; } @@ -582,7 +583,7 @@ sub substitute { sub buildSub { my ( $class, $val ) = @_; my $res = - $class->tsv->{jail}->jail_reval("sub{my (\$r,\$s)=\@_;return($val)}"); + $class->tsv->{jail}->jail_reval("sub{my (\$r,\$s,\$m)=\@_;return($val)}"); unless ($res) { $class->logger->error( $class->tsv->{jail}->error ); } diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm index 7683015cb..6d254e183 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm @@ -284,11 +284,12 @@ sub grant { ) { if ( $uri =~ $class->tsv->{locationRegexp}->{$vhost}->[$i] ) { + my $match = [ undef, @{^CAPTURE} ] || []; $class->logger->debug( 'Regexp "' . $class->tsv->{locationConditionText}->{$vhost}->[$i] . '" match' ); return $class->tsv->{locationCondition}->{$vhost}->[$i] - ->( $req, $session ); + ->( $req, $session, $match ); } } unless ( $class->tsv->{defaultCondition}->{$vhost} ) { @@ -298,7 +299,7 @@ sub grant { return 0; } $class->logger->debug("$vhost: Apply default rule"); - return $class->tsv->{defaultCondition}->{$vhost}->( $req, $session ); + return $class->tsv->{defaultCondition}->{$vhost}->( $req, $session, [] ); } ## @rmethod protected int forbidden(string uri) diff --git a/lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t b/lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t index 1282334bc..c0764b8c8 100644 --- a/lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t +++ b/lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t @@ -37,6 +37,12 @@ ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 ); count(2); +ok( $res = $client->_get( '/user_dwho/', undef, undef, "lemonldap=$sessionId" ), + 'Regexp query' ); +ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 ); + +count(2); + # Denied query ok( $res = $client->_get( '/deny', undef, undef, "lemonldap=$sessionId" ), 'Denied query' ); @@ -44,6 +50,12 @@ ok( $res->[0] == 403, 'Code is 403' ) or explain( $res->[0], 403 ); count(2); +ok( $res = $client->_get( '/user_rtyler/', undef, undef, "lemonldap=$sessionId" ), + 'Regexp deny query' ); +ok( $res->[0] == 403, 'Code is 403' ) or explain( $res, 403 ); + +count(2); + # Bad cookie ok( $res = $client->_get( diff --git a/lemonldap-ng-handler/t/lmConf-1.json b/lemonldap-ng-handler/t/lmConf-1.json index 855abb617..bc031dd3f 100644 --- a/lemonldap-ng-handler/t/lmConf-1.json +++ b/lemonldap-ng-handler/t/lmConf-1.json @@ -43,6 +43,7 @@ "test1.example.com": { "^/logout": "logout_sso", "^/deny": "deny", + "^/user_(\\w+)/": "$uid eq $_rulematch[1]", "default": "accept" }, "test2.example.com": {