|
Packit |
90a5c9 |
/* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
Packit |
90a5c9 |
* contributor license agreements. See the NOTICE file distributed with
|
|
Packit |
90a5c9 |
* this work for additional information regarding copyright ownership.
|
|
Packit |
90a5c9 |
* The ASF licenses this file to You under the Apache License, Version 2.0
|
|
Packit |
90a5c9 |
* (the "License"); you may not use this file except in compliance with
|
|
Packit |
90a5c9 |
* the License. You may obtain a copy of the License at
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* http://www.apache.org/licenses/LICENSE-2.0
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* Unless required by applicable law or agreed to in writing, software
|
|
Packit |
90a5c9 |
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
Packit |
90a5c9 |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
Packit |
90a5c9 |
* See the License for the specific language governing permissions and
|
|
Packit |
90a5c9 |
* limitations under the License.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#include "util_cookies.h"
|
|
Packit |
90a5c9 |
#include "apr_lib.h"
|
|
Packit |
90a5c9 |
#include "apr_strings.h"
|
|
Packit |
90a5c9 |
#include "http_config.h"
|
|
Packit |
90a5c9 |
#include "http_core.h"
|
|
Packit |
90a5c9 |
#include "http_log.h"
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#define LOG_PREFIX "ap_cookie: "
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* we know core's module_index is 0 */
|
|
Packit |
90a5c9 |
#undef APLOG_MODULE_INDEX
|
|
Packit |
90a5c9 |
#define APLOG_MODULE_INDEX AP_CORE_MODULE_INDEX
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/**
|
|
Packit |
90a5c9 |
* Write an RFC2109 compliant cookie.
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* @param r The request
|
|
Packit |
90a5c9 |
* @param name The name of the cookie.
|
|
Packit |
90a5c9 |
* @param val The value to place in the cookie.
|
|
Packit |
90a5c9 |
* @param attrs The string containing additional cookie attributes. If NULL, the
|
|
Packit |
90a5c9 |
* DEFAULT_ATTRS will be used.
|
|
Packit |
90a5c9 |
* @param maxage If non zero, a Max-Age header will be added to the cookie.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
AP_DECLARE(apr_status_t) ap_cookie_write(request_rec * r, const char *name, const char *val,
|
|
Packit |
90a5c9 |
const char *attrs, long maxage, ...)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
const char *buffer;
|
|
Packit |
90a5c9 |
const char *rfc2109;
|
|
Packit |
90a5c9 |
apr_table_t *t;
|
|
Packit |
90a5c9 |
va_list vp;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* handle expiry */
|
|
Packit |
90a5c9 |
buffer = "";
|
|
Packit |
90a5c9 |
if (maxage) {
|
|
Packit |
90a5c9 |
buffer = apr_pstrcat(r->pool, "Max-Age=", apr_ltoa(r->pool, maxage), ";", NULL);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* create RFC2109 compliant cookie */
|
|
Packit |
90a5c9 |
rfc2109 = apr_pstrcat(r->pool, name, "=", val, ";", buffer,
|
|
Packit |
90a5c9 |
attrs && *attrs ? attrs : DEFAULT_ATTRS, NULL);
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00007) LOG_PREFIX
|
|
Packit |
90a5c9 |
"user '%s' set cookie: '%s'", r->user, rfc2109);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* write the cookie to the header table(s) provided */
|
|
Packit |
90a5c9 |
va_start(vp, maxage);
|
|
Packit |
90a5c9 |
while ((t = va_arg(vp, apr_table_t *))) {
|
|
Packit |
90a5c9 |
apr_table_addn(t, SET_COOKIE, rfc2109);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
va_end(vp);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return APR_SUCCESS;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/**
|
|
Packit |
90a5c9 |
* Write an RFC2965 compliant cookie.
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* @param r The request
|
|
Packit |
90a5c9 |
* @param name2 The name of the cookie.
|
|
Packit |
90a5c9 |
* @param val The value to place in the cookie.
|
|
Packit |
90a5c9 |
* @param attrs2 The string containing additional cookie attributes. If NULL, the
|
|
Packit |
90a5c9 |
* DEFAULT_ATTRS will be used.
|
|
Packit |
90a5c9 |
* @param maxage If non zero, a Max-Age header will be added to the cookie.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
AP_DECLARE(apr_status_t) ap_cookie_write2(request_rec * r, const char *name2, const char *val,
|
|
Packit |
90a5c9 |
const char *attrs2, long maxage, ...)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
const char *buffer;
|
|
Packit |
90a5c9 |
const char *rfc2965;
|
|
Packit |
90a5c9 |
apr_table_t *t;
|
|
Packit |
90a5c9 |
va_list vp;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* handle expiry */
|
|
Packit |
90a5c9 |
buffer = "";
|
|
Packit |
90a5c9 |
if (maxage) {
|
|
Packit |
90a5c9 |
buffer = apr_pstrcat(r->pool, "Max-Age=", apr_ltoa(r->pool, maxage), ";", NULL);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* create RFC2965 compliant cookie */
|
|
Packit |
90a5c9 |
rfc2965 = apr_pstrcat(r->pool, name2, "=", val, ";", buffer,
|
|
Packit |
90a5c9 |
attrs2 && *attrs2 ? attrs2 : DEFAULT_ATTRS, NULL);
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00008) LOG_PREFIX
|
|
Packit |
90a5c9 |
"user '%s' set cookie2: '%s'", r->user, rfc2965);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* write the cookie to the header table(s) provided */
|
|
Packit |
90a5c9 |
va_start(vp, maxage);
|
|
Packit |
90a5c9 |
while ((t = va_arg(vp, apr_table_t *))) {
|
|
Packit |
90a5c9 |
apr_table_addn(t, SET_COOKIE2, rfc2965);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
va_end(vp);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return APR_SUCCESS;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/**
|
|
Packit |
90a5c9 |
* Remove an RFC2109 compliant cookie.
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* @param r The request
|
|
Packit |
90a5c9 |
* @param name The name of the cookie.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
AP_DECLARE(apr_status_t) ap_cookie_remove(request_rec * r, const char *name, const char *attrs, ...)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
apr_table_t *t;
|
|
Packit |
90a5c9 |
va_list vp;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* create RFC2109 compliant cookie */
|
|
Packit |
90a5c9 |
const char *rfc2109 = apr_pstrcat(r->pool, name, "=;Max-Age=0;",
|
|
Packit |
90a5c9 |
attrs ? attrs : CLEAR_ATTRS, NULL);
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00009) LOG_PREFIX
|
|
Packit |
90a5c9 |
"user '%s' removed cookie: '%s'", r->user, rfc2109);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* write the cookie to the header table(s) provided */
|
|
Packit |
90a5c9 |
va_start(vp, attrs);
|
|
Packit |
90a5c9 |
while ((t = va_arg(vp, apr_table_t *))) {
|
|
Packit |
90a5c9 |
apr_table_addn(t, SET_COOKIE, rfc2109);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
va_end(vp);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return APR_SUCCESS;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/**
|
|
Packit |
90a5c9 |
* Remove an RFC2965 compliant cookie.
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* @param r The request
|
|
Packit |
90a5c9 |
* @param name2 The name of the cookie.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
AP_DECLARE(apr_status_t) ap_cookie_remove2(request_rec * r, const char *name2, const char *attrs2, ...)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
apr_table_t *t;
|
|
Packit |
90a5c9 |
va_list vp;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* create RFC2965 compliant cookie */
|
|
Packit |
90a5c9 |
const char *rfc2965 = apr_pstrcat(r->pool, name2, "=;Max-Age=0;",
|
|
Packit |
90a5c9 |
attrs2 ? attrs2 : CLEAR_ATTRS, NULL);
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00010) LOG_PREFIX
|
|
Packit |
90a5c9 |
"user '%s' removed cookie2: '%s'", r->user, rfc2965);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* write the cookie to the header table(s) provided */
|
|
Packit |
90a5c9 |
va_start(vp, attrs2);
|
|
Packit |
90a5c9 |
while ((t = va_arg(vp, apr_table_t *))) {
|
|
Packit |
90a5c9 |
apr_table_addn(t, SET_COOKIE2, rfc2965);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
va_end(vp);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return APR_SUCCESS;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* Iterate through the cookies, isolate our cookie and then remove it.
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* If our cookie appears two or more times, but with different values,
|
|
Packit |
90a5c9 |
* remove it twice and set the duplicated flag to true. Remove any
|
|
Packit |
90a5c9 |
* $path or other attributes following our cookie if present. If we end
|
|
Packit |
90a5c9 |
* up with an empty cookie, remove the whole header.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
static int extract_cookie_line(void *varg, const char *key, const char *val)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
ap_cookie_do *v = varg;
|
|
Packit |
90a5c9 |
char *last1, *last2;
|
|
Packit |
90a5c9 |
char *cookie = apr_pstrdup(v->r->pool, val);
|
|
Packit |
90a5c9 |
const char *name = apr_pstrcat(v->r->pool, v->name ? v->name : "", "=", NULL);
|
|
Packit |
90a5c9 |
apr_size_t len = strlen(name);
|
|
Packit |
90a5c9 |
const char *new_cookie = "";
|
|
Packit |
90a5c9 |
const char *comma = ",";
|
|
Packit |
90a5c9 |
char *next1;
|
|
Packit |
90a5c9 |
const char *semi = ";";
|
|
Packit |
90a5c9 |
char *next2;
|
|
Packit |
90a5c9 |
const char *sep = "";
|
|
Packit |
90a5c9 |
int cookies = 0;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* find the cookie called name */
|
|
Packit |
90a5c9 |
int eat = 0;
|
|
Packit |
90a5c9 |
next1 = apr_strtok(cookie, comma, &last1);
|
|
Packit |
90a5c9 |
while (next1) {
|
|
Packit |
90a5c9 |
next2 = apr_strtok(next1, semi, &last2);
|
|
Packit |
90a5c9 |
while (next2) {
|
|
Packit |
90a5c9 |
char *trim = next2;
|
|
Packit |
90a5c9 |
while (apr_isspace(*trim)) {
|
|
Packit |
90a5c9 |
trim++;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
if (!strncmp(trim, name, len)) {
|
|
Packit |
90a5c9 |
if (v->encoded) {
|
|
Packit |
90a5c9 |
if (strcmp(v->encoded, trim + len)) {
|
|
Packit |
90a5c9 |
v->duplicated = 1;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
v->encoded = apr_pstrdup(v->r->pool, trim + len);
|
|
Packit |
90a5c9 |
eat = 1;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else {
|
|
Packit |
90a5c9 |
if (*trim != '$') {
|
|
Packit |
90a5c9 |
cookies++;
|
|
Packit |
90a5c9 |
eat = 0;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
if (!eat) {
|
|
Packit |
90a5c9 |
new_cookie = apr_pstrcat(v->r->pool, new_cookie, sep, next2, NULL);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
next2 = apr_strtok(NULL, semi, &last2);
|
|
Packit |
90a5c9 |
sep = semi;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
next1 = apr_strtok(NULL, comma, &last1);
|
|
Packit |
90a5c9 |
sep = comma;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* any cookies left over? */
|
|
Packit |
90a5c9 |
if (cookies) {
|
|
Packit |
90a5c9 |
apr_table_addn(v->new_cookies, key, new_cookie);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return 1;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/**
|
|
Packit |
90a5c9 |
* Read a cookie called name, placing its value in val.
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* Both the Cookie and Cookie2 headers are scanned for the cookie.
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* If the cookie is duplicated, this function returns APR_EGENERAL. If found,
|
|
Packit |
90a5c9 |
* and if remove is non zero, the cookie will be removed from the headers, and
|
|
Packit |
90a5c9 |
* thus kept private from the backend.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
AP_DECLARE(apr_status_t) ap_cookie_read(request_rec * r, const char *name, const char **val,
|
|
Packit |
90a5c9 |
int remove)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ap_cookie_do v;
|
|
Packit |
90a5c9 |
v.r = r;
|
|
Packit |
90a5c9 |
v.encoded = NULL;
|
|
Packit |
90a5c9 |
v.new_cookies = apr_table_make(r->pool, 10);
|
|
Packit |
90a5c9 |
v.duplicated = 0;
|
|
Packit |
90a5c9 |
v.name = name;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
apr_table_do(extract_cookie_line, &v, r->headers_in,
|
|
Packit |
90a5c9 |
"Cookie", "Cookie2", NULL);
|
|
Packit |
90a5c9 |
if (v.duplicated) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00011) LOG_PREFIX
|
|
Packit |
90a5c9 |
"client submitted cookie '%s' more than once: %s", v.name, r->uri);
|
|
Packit |
90a5c9 |
return APR_EGENERAL;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* remove our cookie(s), and replace them */
|
|
Packit |
90a5c9 |
if (remove) {
|
|
Packit |
90a5c9 |
apr_table_unset(r->headers_in, "Cookie");
|
|
Packit |
90a5c9 |
apr_table_unset(r->headers_in, "Cookie2");
|
|
Packit |
90a5c9 |
r->headers_in = apr_table_overlay(r->pool, r->headers_in, v.new_cookies);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
*val = v.encoded;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return APR_SUCCESS;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/**
|
|
Packit |
90a5c9 |
* Sanity check a given string that it exists, is not empty,
|
|
Packit |
90a5c9 |
* and does not contain the special characters '=', ';' and '&'.
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* It is used to sanity check the cookie names.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
AP_DECLARE(apr_status_t) ap_cookie_check_string(const char *string)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
if (!string || !*string || ap_strchr_c(string, '=') || ap_strchr_c(string, '&') ||
|
|
Packit |
90a5c9 |
ap_strchr_c(string, ';')) {
|
|
Packit |
90a5c9 |
return APR_EGENERAL;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
return APR_SUCCESS;
|
|
Packit |
90a5c9 |
}
|