public_git
/
nginx-ldap-auth
mirror of https://github.com/nginxinc/nginx-ldap-auth.git
1
0
Fork 1
Code Issues Releases Wiki Activity

Merge 2583830d46 into 850f5ea5ca

This commit is contained in:
Ganesh Iyer 2018-08-20 09:48:31 +00:00 committed by GitHub
parent 850f5ea5ca 2583830d46
commit 17d47237cd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
nginx-ldap-auth-daemon.py
View File

@ -18,6 +18,7 @@ from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
# Requests are processed in separate thread # Requests are processed in separate thread
import threading import threading
from SocketServer import ThreadingMixIn from SocketServer import ThreadingMixIn
import urllib
class AuthHTTPServer(ThreadingMixIn, HTTPServer): class AuthHTTPServer(ThreadingMixIn, HTTPServer):
pass pass
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------
@ -51,7 +52,7 @@ class AuthHandler(BaseHTTPRequestHandler):
ctx['action'] = 'performing authorization' ctx['action'] = 'performing authorization'
auth_header = self.headers.get('Authorization') auth_header = self.headers.get('Authorization')
auth_cookie = self.get_cookie(ctx['cookiename']) auth_cookie = self.get_cookie(ctx['cookiename'])
auth_cookie = urllib.unquote(auth_cookie)
if auth_cookie != None and auth_cookie != '': if auth_cookie != None and auth_cookie != '':
auth_header = "Basic " + auth_cookie auth_header = "Basic " + auth_cookie
self.log_message("using username/password from cookie %s" % self.log_message("using username/password from cookie %s" %
@ -71,9 +72,8 @@ class AuthHandler(BaseHTTPRequestHandler):
ctx['action'] = 'decoding credentials' ctx['action'] = 'decoding credentials'
try: try:
auth_decoded = base64.b64decode(auth_header[6:]) auth_decoded = urllib.unquote(base64.b64decode(auth_header[6:]))
user, passwd = auth_decoded.split(':', 1) user, passwd = auth_decoded.split(':', 1)
except: except:
self.auth_failed(ctx) self.auth_failed(ctx)
return True return True
@ -165,8 +165,7 @@ class LDAPAuthHandler(AuthHandler):
return self.params return self.params
# GET handler for the authentication request # GET handler for the authentication request
def do_GET(self): def do_GET(self):
ctx = dict() ctx = dict()
self.ctx = ctx self.ctx = ctx
@ -214,8 +213,7 @@ class LDAPAuthHandler(AuthHandler):
ldap_obj.set_option(ldap.OPT_REFERRALS, 0) ldap_obj.set_option(ldap.OPT_REFERRALS, 0)
ctx['action'] = 'binding as search user' ctx['action'] = 'binding as search user'
ldap_obj.bind_s(ctx['binddn'], ctx['bindpasswd'], ldap.AUTH_SIMPLE) ldap_obj.bind_s(ctx['binddn'], ctx['bindpasswd'], ldap.AUTH_SIMPLE)
ctx['action'] = 'preparing search filter' ctx['action'] = 'preparing search filter'
searchfilter = ctx['template'] % { 'username': ctx['user'] } searchfilter = ctx['template'] % { 'username': ctx['user'] }