135/netdisco
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improve security of REMOTE_USER handling (B. Marshall)

Browse Source
This commit is contained in:
Oliver Gorwits
2016-09-30 17:12:30 +01:00
parent 7b27002495
commit 4b59d55690
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Netdisco/Changes
View File

@@ -5,6 +5,10 @@
* Add systemd guide * Add systemd guide
* Add environment variable for https reverse proxy (B. Marshall) * Add environment variable for https reverse proxy (B. Marshall)
[BUG FIXES]
* Improve security of REMOTE_USER handling (B. Marshall)
2.033006 - 2016-03-20 2.033006 - 2016-03-20
[ENHANCEMENTS] [ENHANCEMENTS]

8
Netdisco/lib/App/Netdisco/Web/AuthN.pm
View File

@@ -9,11 +9,15 @@ hook 'before' => sub {
? request->uri : uri_for('/inventory')->path); ? request->uri : uri_for('/inventory')->path);
if (! session('logged_in_user') && request->path ne uri_for('/login')->path) { if (! session('logged_in_user') && request->path ne uri_for('/login')->path) {
if (setting('trust_x_remote_user') and scalar request->header('X-REMOTE_USER')) { if (setting('trust_x_remote_user')
and scalar request->header('X-REMOTE_USER')
and length scalar request->header('X-REMOTE_USER')) {
session(logged_in_user => scalar request->header('X-REMOTE_USER')); session(logged_in_user => scalar request->header('X-REMOTE_USER'));
session(logged_in_user_realm => 'users'); session(logged_in_user_realm => 'users');
} }
elsif (setting('trust_remote_user') and $ENV{REMOTE_USER}) { elsif (setting('trust_remote_user')
and defined $ENV{REMOTE_USER}
and length $ENV{REMOTE_USER}) {
session(logged_in_user => $ENV{REMOTE_USER}); session(logged_in_user => $ENV{REMOTE_USER});
session(logged_in_user_realm => 'users'); session(logged_in_user_realm => 'users');
} }