#! /bin/sh

# Copyright (c) 2003-2011
# Distributed Systems Software.  All rights reserved.
# See the file LICENSE for redistribution information.
#
# $Id: cas_middleware_test 2528 2011-09-23 21:54:05Z brachman $

# This CGI script is a simple (and fragile!) replacement for a CAS-compliant
# server-side component.  It can be used for testing local_cas_authenticate
# or as the basis of a middleware component for using the CAS protocol
# with local_cas_authenticate.

# These are the only instructions.
# See dacs_authenticate(8) for additional detail.
#
# 1. Install this script in a CGI directory with appropriate ownership and
#    permissions.  It should not be DACS-wrapped.
#
# 2. Configure dacs.conf as follows.
#
# 2.a Add this clause:
#
# <Auth id="CASTEST">
#   URL "http://example.com/cgi-bin/dacs/local_cas_authenticate"
#   STYLE "cas,add_roles"
#   CONTROL "sufficient"
#   OPTION "CAS_SERVER_URI=http://example.com/cgi-bin/cas_middleware_test"
# </Auth>
#
# 2.b Change http://example.com/cgi-bin/dacs/local_cas_authenticate
#     to be the URL for your local_cas_authenticate
#
# 2.c Change http://example.com/cgi-bin/cas_middleware_test
#     to be the URL that will invoke this script.
#
# To try it:
# Logging in as white/white will login successfully with roles
# Logging in as gray/gray will login successfully without roles
# Logging in as anything else will fail

# 3. Configure this path for your environment
cgiparse="/usr/local/dacs/bin/cgiparse"


tmpfile1=/tmp/dacstmp.$$

$cgiparse > $tmpfile1

login() {

  s="$1"

  if test -z "$s"
  then
    show_error "The 'service' argument is required"
    exit 1
  fi

  echo "Content-Type: text/html"
  echo ""

  echo "<html><head><title>CAS Middleware Test -- Login</title></head>"
  echo "<body>"
  echo "<h1>CAS Middleware Test -- Login</h1>"
  echo "<form method=\"GET\" action=\"${SCRIPT_NAME}/submit\">"

  echo "<table>"
  echo "<tr>"
  echo "<td><b>Username</b></td>"
  echo "<td><input type=\"TEXT\" size=\"25\" name=\"username\"></td>"
  echo "</tr>"

  echo "<tr>"
  echo "<td><b>Password</b></td>"
  echo "<td><input type=\"PASSWORD\" size=\"25\" name=\"password\"></td>"
  echo "</tr>"

  echo "<tr>"
  echo "<td></td>"
  echo "<td><input type=\"SUBMIT\" value=\" Login \"></td>"
  echo "</tr>"

  echo "<input type=\"HIDDEN\" name=\"service\" value=\"$s\"></td>"
  echo "</table>"

  echo "</form>"
  echo "service=\"$s\"</br>"
  echo "</body></html>"
}

submit() {

  u=$1
  p=$2
  s=$3

  if test -z "$s" -o -z "$u" -o -z "$p"
  then
    show_error "The 'username', 'password' and 'service' arguments are required"
    exit 1
  fi

  ticket=
  case $u in
  white) if test "$u" = "$p"
         then
           ticket="ticket=ticket.$$:$u:good-fella,nice-guy"
         fi
         ;;

  gray)  if test "$u" = "$p"
         then
           ticket="ticket=ticket.$$:$u:"
         fi
         ;;
  esac

  if test -n "${ticket}"
  then
    if test `expr "$s" : ".*?"` -ne 0
    then
      r="${s}&${ticket}"
    else
      r="${s}?${ticket}"
    fi
  else
    r="${s}"
  fi

  echo "Status: 302"
  echo "Location: $r"
  echo ""

}

validate() {

  t="$1"

  if test -z "$t"
  then
    show_error "The 'ticket' argument is required"
    exit 1
  fi

  ifs="$IFS"
  IFS=":"
  set -- $t
  IFS="$ifs"
  tn="$1"
  u="$2"
  r="$3"

  echo "Content-Type: text/plain"
  echo ""

  if test -z "$tn" -o -z "$u"
  then
    echo "no"
    echo ""
    echo ""
  else
    echo "yes"
    echo "$u"
    echo "$r"
  fi

}

show_error() {

  echo "Content-Type: text/plain"
  echo ""
  echo "$1"
}

do_login=
do_submit=
do_validate=

if test -z $PATH_INFO
then
  show_error "No service was specified"
  exit 1
elif test ${PATH_INFO} = "/login"
then
  do_login=1
elif test ${PATH_INFO} = "/submit"
then
  do_submit=1
elif test ${PATH_INFO} = "/validate"
then
  do_validate=1
else
  show_error "Unrecognized service request"
  exit 1
fi

password=
service=
ticket=
username=

done=
while test "${done}x" = "x"
do
  a=
  b=
  read a b
  if [ $? = 1 ]
  then done=1
    break
  else
    case $a in
    password)          password="$b" ;;
    service)           service="$b" ;;
    ticket)            ticket="$b" ;;
    username)          username="$b" ;;

    *)     ;;
    esac
  fi
done < $tmpfile1

rm -f $tmpfile1

if test -n "${do_login}"
then
  login "$service"
elif test -n "${do_submit}"
then
  submit "$username" "$password" "$service"
elif test -n "${do_validate}"
then
  validate "$ticket"
else
  show_error "Internal error"
  exit 1
fi

exit 0
