[Security:medium] AuthSlave does not check credential headers
Concerned version
Version: %2.X.X
Platform: All
Summary
Set AuthSlave parameters like this :
Authentication level => 2
Header for user login => CN
Master's IP address => 127.0.0.1
Control header name => AAA
Control header content => AAA
maudoux@L520[lemonldap-ng](v2.0 *%=)$ curl -k https://127.0.0.1:19876 -H 'CN: dwho' -H 'Host: auth.example.com' -H 'Accept: application/json'
{"error":"0","result":1,"id":"0a4977be81111375c19d8ed7bad9dd6de471f35fdc19a4c40efca15abe150318"}
Logs
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [info] No cookie found
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Build URL http://auth.example.com/
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Redirect 127.0.0.1 to portal (url was /)
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] User not authenticated, Try in use, cancel redirection
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Start routing default route
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Processing controlUrl
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Processing code ref
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Processing code ref
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Launching ::Plugins::AutoSignin::check
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Processing extractFormInfo
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Processing getUser
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Processing authenticate
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] -> authResult = 0
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Processing setAuthSessionInfo
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Processing setSessionInfo
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Processing setMacros
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Processing setGroups
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Processing setPersistentSessionInfo
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Persistent session found for dwho
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Restore persistent parameter _loginHistory
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Restore persistent parameter _2fDevices
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Restore persistent parameter _updateTime
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Processing setLocalGroups
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Processing store
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Store 20190913182413 in session key _startTime
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Store 20190913182337 in session key _updateTime
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Store 2 in session key authenticationLevel
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Store HASH(0x55ba11259770) in session key _loginHistory
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Dump: $VAR1 = {'successLogin' => [{'_utime' => '1568391817','ipAddr' => '127.0.0.1'},{'_utime' => '1568391429','ipAddr' => '127.0.0.1'},{'ipAddr' => '127.0.0.1','_utime' => '1568391070'},{'ipAddr' => '127.0.0.1','_utime' => '1548016089'}]};
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Store Slave in session key _userDB
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Store 1568391853 in session key _utime
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Store 127.0.0.1 in session key ipAddr
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Store curl/7.58.0 in session key UA
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Store Slave in session key _auth
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Store **** in session key _2fDevices
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Store dwho in session key _whatToTrace
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Store dwho in session key _user
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Store 1568391853 in session key _lastAuthnUTime
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Store en in session key _language
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Try to get a new SSO session
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Return SSO session fe567620f438c5a5ff5d679f41fb0a8fc5e1c8264153663f79d16dd34cc52caf
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Processing secondFactor
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Loading 2F Devices ...
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] -> 2F Device(s) found
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Looking for expired 2F device(s)...
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Looking if totp2F is available
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Processing code ref
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Launching ::Plugins::GrantSession::run
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [notice] Session granted for dwho by Slave (127.0.0.1)
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] [notice] Session granted for dwho by Slave (127.0.0.1)
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Processing storeHistory
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Current login saved into successLogin
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Found 'whatToTrace' -> dwho
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Update dwho persistent session
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Update sessionInfo _loginHistory
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Dump: $VAR1 = {'successLogin' => [{'_utime' => '1568391853','ipAddr' => '127.0.0.1'},{'_utime' => '1568391817','ipAddr' => '127.0.0.1'},{'_utime' => '1568391429','ipAddr' => '127.0.0.1'},{'ipAddr' => '127.0.0.1','_utime' => '1568391070'},{'ipAddr' => '127.0.0.1','_utime' => '1548016089'}]};
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Try to get SSO session fe567620f438c5a5ff5d679f41fb0a8fc5e1c8264153663f79d16dd34cc52caf
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Get session fe567620f438c5a5ff5d679f41fb0a8fc5e1c8264153663f79d16dd34cc52caf from Portal::Main::Run
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Return SSO session fe567620f438c5a5ff5d679f41fb0a8fc5e1c8264153663f79d16dd34cc52caf
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Processing buildCookie
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Processing code ref
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Launching ::Plugins::Notifications::checkNotifDuringAuth
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Processing code ref
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Launching ::Plugins::History::run
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Processing code ref
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Cleaning pdata
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [notice] dwho connected
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] [notice] dwho connected
[Fri Sep 13 18:24:13 2019] [LLNG:4620] [debug] Processing to JSON response
auth.example.com:80 127.0.0.1 - - [13/Sep/2019:18:24:13 +0200] "GET / HTTP/1.1" 200 1929 -