/usr/share/weblogin/login.fcgi is in webauth-weblogin 4.0.2-1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 | #!/usr/bin/perl -w
#
# login.fcgi -- WebLogin login page for WebAuth.
#
# This is the front page for user authentication for weblogin. It accepts
# information from the user, passes it to the WebKDC for authentication, sets
# appropriate cookies, and displays the confirmation page and return links.
#
# It should use FastCGI if available, using the Perl CGI::Fast module's
# ability to fall back on regular operation if FastCGI isn't available.
#
# Written by Roland Schemers <schemers@stanford.edu>
# Extensive updates by Russ Allbery <rra@stanford.edu>
# Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2011
# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
##############################################################################
# Modules and declarations
##############################################################################
require 5.006;
use strict;
use CGI ();
use CGI::Cookie ();
use CGI::Fast ();
use WebLogin ();
use WebKDC ();
use WebKDC::Config ();
# Set to true in our signal handler to indicate that the script should exit
# once it finishes processing the current request.
our $EXITING = 0;
# The names of the template pages that we use. The beginning of the main
# routine changes the values here to be Template Toolkit objects.
our %PAGES = (confirm => 'confirm.tmpl',
error => 'error.tmpl',
login => 'login.tmpl',
logout => 'logout.tmpl',
multifactor => 'multifactor.tmpl',
pwchange => 'pwchange.tmpl');
# If the WebKDC is localhost, disable LWP certificate verification. The
# WebKDC will have a certificate matching its public name, which will never
# match localhost, and we should be able to trust the server when connecting
# directly to localhost.
if ($WebKDC::Config::URL =~ m,^https://localhost/,) {
$ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;
}
##############################################################################
# Main routine
##############################################################################
# Exit safely if we get a SIGTERM.
$SIG{TERM} = sub { $EXITING = 1 };
# The main loop. If we're not running under FastCGI, CGI::Fast will detect
# that and only run us through the loop once. Otherwise, we live in this
# processing loop until the FastCGI socket closes.
while (my $q = CGI::Fast->new) {
my $weblogin = WebLogin->new (PARAMS => { pages => \%PAGES },
QUERY => $q);
$weblogin->run;
# Done on each pass through the FastCGI loop. Restart the script if its
# modification time has changed.
} continue {
exit if $EXITING;
exit if -M $ENV{SCRIPT_FILENAME} < 0;
}
|