|
1
|
#!/usr/bin/perl -w
|
|
2
|
|
|
3
|
|
|
4
|
# mod_auth_tkt sample logout script
|
|
5
|
#
|
|
6
|
# Note that this needs script needs to be available locally on all domains
|
|
7
|
# if using multiple domains (unlike login.cgi, which only needs to exist
|
|
8
|
# on one domain).
|
|
9
|
#
|
|
10
|
|
|
11
|
use File::Basename;
|
|
12
|
#use lib dirname($ENV{SCRIPT_FILENAME});
|
|
13
|
use lib "./";
|
|
14
|
use Apache::AuthTkt 0.03;
|
|
15
|
use AuthTktConfig;
|
|
16
|
use CGI qw(:standard);
|
|
17
|
use URI::Escape;
|
|
18
|
use URI;
|
|
19
|
use Data::Dumper;
|
|
20
|
use strict;
|
|
21
|
|
|
22
|
# Clear up tainted environment
|
|
23
|
$ENV{PATH} = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin';
|
|
24
|
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
|
|
25
|
|
|
26
|
# ------------------------------------------------------------------------
|
|
27
|
# Configuration settings in AuthTktConfig.pm
|
|
28
|
|
|
29
|
# ------------------------------------------------------------------------
|
|
30
|
# Main code begins
|
|
31
|
my $at = Apache::AuthTkt->new(conf => $ENV{MOD_AUTH_TKT_CONF});
|
|
32
|
my $q = CGI->new;
|
|
33
|
my ($server_name, $server_port) = split /:/, $ENV{HTTP_HOST};
|
|
34
|
$server_name ||= $ENV{SERVER_NAME};
|
|
35
|
$server_port ||= $ENV{SERVER_PORT};
|
|
36
|
my $AUTH_DOMAIN = $AuthTktConfig::COOKIE_BASE || $at->domain|| $server_name;
|
|
37
|
my $back = '';
|
|
38
|
$back = $AuthTktConfig::FIXED_BACK_LOCATION if $AuthTktConfig::FIXED_BACK_LOCATION;
|
|
39
|
$back ||= $q->cookie($at->back_cookie_name) if $at->back_cookie_name;
|
|
40
|
$back ||= $q->param($at->back_arg_name) if $at->back_arg_name;
|
|
41
|
$back = $AuthTktConfig::DEFAULT_BACK_LOCATION if $AuthTktConfig::DEFAULT_BACK_LOCATION;
|
|
42
|
#$back ||= $ENV{HTTP_REFERER} if $ENV{HTTP_REFERER} && $AuthTktConfig::BACK_REFERER;
|
|
43
|
if ($back && $back =~ m!^/!) {
|
|
44
|
my $hostname = $server_name;
|
|
45
|
my $port = $server_port;
|
|
46
|
$hostname .= ':' . $port if $port && $port != 80 && $port != 443;
|
|
47
|
$back = sprintf "http%s://%s%s", ($port == 443 ? 's' : ''), $hostname, $back;
|
|
48
|
} elsif ($back && $back !~ m/^http/i) {
|
|
49
|
$back = 'http://' . $back;
|
|
50
|
}
|
|
51
|
$back = uri_unescape($back) if $back =~ m/^https?%3A%2F%2F/;
|
|
52
|
my $back_html = escapeHTML($back) if $back;
|
|
53
|
|
|
54
|
# Logout by resetting the auth cookie
|
|
55
|
my @cookies = cookie(-name => $at->cookie_name, -value => '', -expires => '-1h', -path => '/',
|
|
56
|
($AUTH_DOMAIN ? (-domain => $AUTH_DOMAIN) : ()));
|
|
57
|
push @cookies, map { cookie(-name => $_, -value => '', -expires => '-1h', path => '/',
|
|
58
|
($AUTH_DOMAIN ? (-domain => $AUTH_DOMAIN) : ()) ) } @AuthTktConfig::NUKE_COOKIES;
|
|
59
|
|
|
60
|
|
|
61
|
#my $user = $ENV{'REMOTE_USER'};
|
|
62
|
#my $account = $q->cookie('steamaccount') if ($q); # User is requesting access to another account
|
|
63
|
#if ($account ne $user) {
|
|
64
|
# $user = $account;
|
|
65
|
#}
|
|
66
|
#$user = $1 if $user =~ /(.+)/; #untaint
|
|
67
|
#`pkill -TERM -f "$user~ui_update.cgi"`; # Kill ui_update which in turn removes tasks from /tmp
|
|
68
|
|
|
69
|
my $session = $q->param('s');
|
|
70
|
`pkill -f ~$session.tasks` if ($session);
|
|
71
|
|
|
72
|
my $redirected = 0;
|
|
73
|
if ( $q->param('js') ) {
|
|
74
|
print $q->header(-content_type => "application/javascript", -cookie => \@cookies);
|
|
75
|
print qq|document.cookie = '| . $at->cookie_name . qq|=; Domain=$AUTH_DOMAIN; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;';\n|;
|
|
76
|
exit;
|
|
77
|
} elsif ($back) {
|
|
78
|
my $b = URI->new($back);
|
|
79
|
# If $back domain doesn't match $AUTH_DOMAIN, add ticket reset to back
|
|
80
|
if (!($b->host =~ /$AUTH_DOMAIN/i) && !($AUTH_DOMAIN !~ /$b->host/i)) {
|
|
81
|
$back .= $b->query ? '&' : '?';
|
|
82
|
$back .= $at->cookie_name . '=';
|
|
83
|
}
|
|
84
|
|
|
85
|
if ($AuthTktConfig::DEBUG) {
|
|
86
|
print $q->header(-cookie => \@cookies);
|
|
87
|
} else {
|
|
88
|
# Set (local) cookie, and redirect to $back
|
|
89
|
print $q->header(
|
|
90
|
-cookie => \@cookies,
|
|
91
|
-location => $back,
|
|
92
|
);
|
|
93
|
# For some reason, a Location: redirect doesn't seem to then see the cookie,
|
|
94
|
# but a meta refresh one does - weird
|
|
95
|
print $q->start_html(
|
|
96
|
-head => meta({
|
|
97
|
-http_equiv => 'Pragma', -content => "no-cache"
|
|
98
|
}),
|
|
99
|
# -head => meta({
|
|
100
|
# -http_equiv => 'refresh', -content => "0;URL=$back"
|
|
101
|
# -http_equiv => 'refresh', -content => "0;URL=login"
|
|
102
|
# })
|
|
103
|
);
|
|
104
|
# $redirected = 1;
|
|
105
|
}
|
|
106
|
}
|
|
107
|
|
|
108
|
# If no $back, just set the auth cookie and hope for the best
|
|
109
|
else {
|
|
110
|
print $q->header(-cookie => \@cookies);
|
|
111
|
}
|
|
112
|
|
|
113
|
my @style = ();
|
|
114
|
@style = ( '-style' => { src => $AuthTktConfig::STYLESHEET } )
|
|
115
|
if $AuthTktConfig::STYLESHEET;
|
|
116
|
my $title = $AuthTktConfig::TITLE || "Logout Page";
|
|
117
|
|
|
118
|
unless ($redirected) {
|
|
119
|
# If here, either some kind of error or no back ref found
|
|
120
|
print $q->start_html(
|
|
121
|
-head => meta({
|
|
122
|
-http_equiv => 'Pragma', -content => "no-cache"
|
|
123
|
}),
|
|
124
|
-title => $title,
|
|
125
|
@style,
|
|
126
|
);
|
|
127
|
print <<EOD;
|
|
128
|
<div align="center">
|
|
129
|
<!-- h1>$title</h1 -->
|
|
130
|
EOD
|
|
131
|
if ($AuthTktConfig::DEBUG) {
|
|
132
|
print <<EOD;
|
|
133
|
<pre>
|
|
134
|
back: $back
|
|
135
|
back_html: $back_html
|
|
136
|
</pre>
|
|
137
|
EOD
|
|
138
|
}
|
|
139
|
print <<EOD;
|
|
140
|
<p>You are now logged out of $AUTH_DOMAIN.</p>
|
|
141
|
<!-- script>document.location="login";</script -->
|
|
142
|
EOD
|
|
143
|
print qq(<p><a href="$back_html">Previous Page</a></p>\n) if $back_html;
|
|
144
|
print <<EOD;
|
|
145
|
</div>
|
|
146
|
</body>
|
|
147
|
</html>
|
|
148
|
EOD
|
|
149
|
}
|
|
150
|
|
|
151
|
# vim:sw=2:sm:cin
|
|
152
|
|