#! /bin/sh # Secure Cross Host Authentication System 401 Redirector # Copyright (C) 2000 Brian Ristuccia # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # echo "401-Argument: $QUERY_STRING" >&2 # Are these next two lines dangerous security-wise? IFS="," set -- $QUERY_STRING if [ "x$1" = "x" ] then echo "401-Sending user to login page" >&2 echo "HTTP/1.1 302 Moved Temporarily" echo "Location: https://login.978.org/login.cgi?url=https://${HTTP_HOST}${REQUEST_URI}" # echo "401-Location: https://login.978.org/login.cgi?url=https://${HTTP_HOST}${REDIRECT_URL}" >&2 echo "Expires: Thu, 01 Dec 1994 16:00:00 GMT" echo "Cache-Control: no-cache" echo echo "$1" echo "$2" set >&2 else # Code to check with login server for new version of authentication # database would go here. echo "401-Setting cookie and sending user to destination URL" >&2 echo "HTTP/1.1 302 Moved Temporarily" # echo "HTTP/1.1 200 OK" # echo "Content-Type: text/plain" echo "Location: $2" echo "401-Location: $2" >&2 echo "Set-Cookie: tollhouse=$1; PATH=/" echo "401-Set-Cookie: tollhouse=$1; PATH=/ Secure" >&2 echo "Expires: Thu, 01 Dec 1994 16:00:00 GMT" echo "Cache-Control: no-cache" echo echo "$1" echo "$2" set fi