From bb623e8fca6fd67635eac42e26c11abcc45e46a5 Mon Sep 17 00:00:00 2001
Message-Id: <bb623e8fca6fd67635eac42e26c11abcc45e46a5.1715001280.git.mdw@distorted.org.uk>
From: Mark Wooding <mdw@chiark.greenend.org.uk>
Date: Sat, 9 Mar 2013 05:29:10 +0000
Subject: [PATCH] Keep track of whether a CGI request is carried over SSL.
Organization: Straylight/Edgeware

From: Mark Wooding <mdw@distorted.org.uk>

If it is, then tie the cookie so that it's only returned to us over
SSL-encrypted links.
---
 cgi.py      | 10 ++++++++++
 chpwd       |  4 ++++
 httpauth.py |  3 ++-
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/cgi.py b/cgi.py
index 05c6c9e..0bd66cc 100644
--- a/cgi.py
+++ b/cgi.py
@@ -291,6 +291,7 @@ SPECIAL = {}
 PARAM = []
 PARAMDICT = {}
 PATH = []
+SSLP = False
 
 ## Regular expressions for splitting apart query and cookie strings.
 R_QSPLIT = RX.compile('[;&]')
@@ -346,8 +347,13 @@ def cgiparse():
   `PATH'
         The trailing `PATH_INFO' path, split at `/' markers, with any
         trailing empty component removed.
+
+  `SSLP'
+        True if the client connection is carried over SSL or TLS.
   """
 
+  global SSLP
+
   def getenv(var):
     try: return ENV[var]
     except KeyError: raise U.ExpectedError, (500, "No `%s' supplied" % var)
@@ -402,6 +408,10 @@ def cgiparse():
     if pp and not pp[-1]: pp.pop()
     PATH[:] = pp
 
+  ## Check the crypto for the connection.
+  if ENV.get('SSL_PROTOCOL'):
+    SSLP = True
+
 ###--------------------------------------------------------------------------
 ### CGI subcommands.
 
diff --git a/chpwd b/chpwd
index 5517274..1e4248b 100755
--- a/chpwd
+++ b/chpwd
@@ -73,6 +73,9 @@ for short, long, props in [
     'metavar': 'FILE', 'dest': 'config',
     'default': OS.path.join(HOME, 'chpwd.conf'),
     'help': 'read configuration from FILE.' }),
+  ('-s', '--ssl', {
+    'dest': 'sslp', 'action': 'store_true',
+    'help': 'pretend CGI connection is carried over SSL/TLS' }),
   ('-u', '--user', {
     'metavar': 'USER', 'dest': 'user', 'default': None,
     'help': "impersonate USER, and default context to `userv'." })]:
@@ -259,6 +262,7 @@ if __name__ == '__main__':
     with cli_errors():
       OPTS, args = OPTPARSE.parse_args()
       CONF.loadconfig(OPTS.config)
+      CGI.SSLP = OPTS.sslp
       ctx = OPTS.context
       if OPTS.user:
         CU.set_user(OPTS.user)
diff --git a/httpauth.py b/httpauth.py
index 22648dd..e29686c 100644
--- a/httpauth.py
+++ b/httpauth.py
@@ -257,9 +257,10 @@ def cmd_auth(u, pw):
     CGI.redirect(CGI.action('login', why = 'AUTHFAIL'))
   else:
     t = mint_token(u)
-    CGI.redirect(CGI.action('list'),
+    CGI.redirect(CGI.action('list', u),
                  set_cookie = CGI.cookie('chpwd-token', t,
                                          httponly = True,
+                                         secure = CGI.SSLP,
                                          path = CFG.SCRIPT_NAME,
                                          max_age = (CFG.SECRETLIFE -
                                                     CFG.SECRETFRESH)))
-- 
[mdw]