Forum Discussion
Seclab_Supporto
Jun 28, 2010Nimbostratus
when CLIENT_ACCEPTED {
set authinsck_ldap 0
set forceauth_ldap 1
set ckname_ldap xxxxx
set ckpass_ldap xxxxx
set ckvalue_ldap [IP::client_addr]
}
when HTTP_REQUEST {
set ckdomain_ldap [HTTP::host]
set asid_ldap [AUTH::start pam default_ldap]
if {[HTTP::cookie exists $ckname_ldap]} {
log local0. "---> HTTEST Cookie esistente"
HTTP::cookie decrypt $ckname_ldap $ckpass_ldap 128
log local0. "---> HTTEST Cookie DECIFRATO"
if {[HTTP::cookie value $ckname_ldap] eq $ckvalue_ldap} {
log local0. "---> HTTEST Cookie valido"
set forceauth_ldap 0
Rimuovo Header Authorization con credenziali utente autenticato
set userHT_ldap [HTTP::username]
HTTP::header remove Authorization
Inserisco Header per Authentication offloading
HTTP::header insert Authorization "xxxxxxx"
HTTP::header insert iv-user xxxxxx
HTTP::header insert Via xxxxxxx
}
else {
log local0. "---> HTTEST Cookie esistente MA NON VALIDO"
}
HTTP::cookie remove $ckname_ldap
}
else {
log local0. "---> HTTEST Cookie Inesistente"
}
if {$forceauth_ldap eq 1} {
LDAP Authentication
[log local0. "---> HTTEST LDAP"
AUTH::username_credential $asid_ldap [HTTP::username]
AUTH::password_credential $asid_ldap [HTTP::password]
AUTH::authenticate $asid_ldap
HTTP::collect
log local0. "---> HTTEST Invio Richiesta LDAP"
}
}
when HTTP_RESPONSE {
if { $ldap eq 1} {
if {$authinsck_ldap eq 1} {
HTTP::cookie insert name $ckname_ldap value $ckvalue_ldap path / domain $ckdomain_ldap
HTTP::cookie insert name $ckname_ldap value $ckvalue_ldap path / domain .xxxxxx.it
HTTP::cookie secure $ckname_ldap enable
HTTP::cookie encrypt $ckname_ldap $ckpass_ldap 128
log local0. "---> HTTEST Scrivo Cookie"
}
}
}
when AUTH_SUCCESS {
if { $ldap eq 1} {
if {$asid_ldap eq [AUTH::last_event_session_id]} {
set authinsck_ldap 1
HTTP::release
log local0. "---> HTTEST SUCCESSO"
}
}
}
when AUTH_FAILURE {
if { $ldap eq 1} {
if {$asid_ldap eq [AUTH::last_event_session_id]} {
HTTP::respond 401 "WWW-Authenticate" "Basic realm=\"\""
log local0. "---> HTTEST FALLITO"
}
}
}
when AUTH_WANTCREDENTIAL {
if { $ldap eq 1} {
if {$asid_ldap eq [AUTH::last_event_session_id]} {
HTTP::respond 401 "WWW-Authenticate" "Basic realm=\"\""
log local0. "---> HTTEST WANT CRED"
set ldap 0
}
}
}
when AUTH_ERROR {
if { $ldap eq 1} {
if {$asid_ldap eq [AUTH::last_event_session_id]} {
HTTP::respond 401
log local0. "---> HTTEST ERROR"
}
}
}