1 # ===================================================================== 2 # openidSetup.awk: RPC I/O function for rpclib/openidSetup. 3 # 4 # Copyright (c) 2007,2008,2009,2010 Carlo Strozzi 5 # 6 # This program is free software; you can redistribute it and/or modify 7 # it under the terms of the GNU General Public License as published by 8 # the Free Software Foundation; version 2 dated June, 1991. 9 # 10 # This program is distributed in the hope that it will be useful, 11 # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 # GNU General Public License for more details. 14 # 15 # You should have received a copy of the GNU General Public License 16 # along with this program; if not, write to the Free Software 17 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 18 # 19 # ===================================================================== 20 21 # ===================================================================== 22 # void _userproc(int mode) 23 # ===================================================================== 24 25 function _userproc(mode, value,tmp,tmp1) { 26 27 if (mode == _O_REQUEST) { # request. 28 29 # target group 30 value = _request("1",1) 31 32 # group must not be null and it may not contain the 33 # unescaped ``.'' character. 34 35 if (value != _NULL && value !~ /\./) { 36 _rcset("cgi.group",unixify(value)) 37 _rcset("cgi.group.literal",value) 38 } 39 40 # Mandatory OpenID identity URL (note the use of 41 # recommended argument name here). 42 # For the moment I will not accept spaces in the URL, 43 # but since they may theoretically be acceptable I may 44 # have to change this in the future, we'll see. 45 46 if ((value=_request("openid_url",1)) != _NULL && \ 47 length(value) < 256 && value !~ /[ \t\r\n<>]/) { 48 49 # OpenID specs mandate URL canonicalization. 50 51 tmp = "http://" 52 53 if (sub(/^[hH][tT][tT][pP]:\/\//,"",value)); 54 else if (sub(/^[hH][tT][tT][pP][sS]:\/\//,"",value)) 55 tmp = "https://" 56 57 while (gsub(/\/\//,"/",value)); # Squeeze repeated slashes. 58 59 sub(/\/+$/,"",value) # Chop trailing slashes. 60 61 tmp1 = value 62 63 sub(/[^\/]*\/*/,"/",value) # Strip host[:port] 64 65 sub(/\/.*/,"",tmp1) # Strip /path 66 67 tmp1 = tolower(tmp1) # FQDN part 68 69 # Be paranoid regarding hostname syntax by requiring that 70 # it be at least a two-component FQDN. See other paranoid 71 # HTTP library implementations for futher suggestions, like 72 # Perl's LWPx::ParanoidAgent among the others. 73 74 if (tmp1 !~ /^[-a-z0-9]+(\.[-a-z0-9]+)+/) tmp1 = _NULL 75 76 if (tmp1 == _NULL) { 77 tmp = "-" 78 value = _NULL 79 } 80 } 81 82 # Assign the resulting identity URL. 83 value = tmp tmp1 value 84 _rcset("cgi.openid.url",value) 85 86 # escape grep(1) regexp chars in URL. 87 gsub(/[][\\^$.*|()]/,"\\\&",value) 88 sub(/\/+$/,"/*",value) 89 _rcset("cgi.grep.uri",value) 90 91 # The following test is necessary since the address could, 92 # at least in theory, have been set to any string by the 93 # remote user, due to how it is handled to cope with stunnel(8) 94 # and the lack of transproxy support in kernel 2.4.x. 95 96 if (_isipaddr(ENVIRON["REMOTE_ADDR"]) == _TRUE) 97 value = ENVIRON["REMOTE_ADDR"] 98 else value = "0.0.0.0" 99 100 _rcset("REMOTE_ADDR",value) 101 } 102 103 else { # response 104 105 # generic template conditionals. 106 107 ifsections() 108 } 109 } 110 111 # EOF