[disorder] / cgi / login.c

/*
 * This file is part of DisOrder.
 * Copyright (C) 2008 Richard Kettlewell
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

#include "disorder-cgi.h"

/** @brief Client used by CGI
 *
 * The caller should arrange for this to be created before any of
 * these expansions are used (if it cannot connect then it's safe to
 * leave it as NULL).
 */
disorder_client *dcgi_client;

/** @brief Return true if @p a is better than @p b
 *
 * NB. We don't bother checking if the path is right, we merely check for the
 * longest path.  This isn't a security hole: if the browser wants to send us
 * bad cookies it's quite capable of sending just the right path anyway.  The
 * point of choosing the longest path is to avoid using a cookie set by another
 * CGI script which shares a path prefix with us, which would allow it to
 * maliciously log users out.
 *
 * Such a script could still "maliciously" log someone in, if it had acquired a
 * suitable cookie.  But it could just log in directly if it had that, so there
 * is no obvious vulnerability here either.
 */
static int better_cookie(const struct cookie *a, const struct cookie *b) {
  if(a->path && b->path)
    /* If both have a path then the one with the longest path is best */
    return strlen(a->path) > strlen(b->path);
  else if(a->path)
    /* If only @p a has a path then it is better */
    return 1;
  else
    /* If neither have a path, or if only @p b has a path, then @p b is
     * better */
    return 0;
}

/** @brief Login cookie */
char *dcgi_cookie;

/** @brief Set @ref login_cookie */
void dcgi_get_cookie(void) {
  const char *cookie_env;
  int n, best_cookie;
  struct cookiedata cd;

  /* See if there's a cookie */
  cookie_env = getenv("HTTP_COOKIE");
  if(cookie_env) {
    /* This will be an HTTP header */
    if(!parse_cookie(cookie_env, &cd)) {
      /* Pick the best available cookie from all those offered */
      best_cookie = -1;
      for(n = 0; n < cd.ncookies; ++n) {
	/* Is this the right cookie? */
	if(strcmp(cd.cookies[n].name, "disorder"))
	  continue;
	/* Is it better than anything we've seen so far? */
	if(best_cookie < 0
	   || better_cookie(&cd.cookies[n], &cd.cookies[best_cookie]))
	  best_cookie = n;
      }
      if(best_cookie != -1)
	dcgi_cookie = cd.cookies[best_cookie].value;
    } else
      error(0, "could not parse cookie field '%s'", cookie_env);
  }
}

/** @brief Return a Cookie: header */
char *dcgi_cookie_header(void) {
  struct dynstr d[1];
  struct url u;
  char *s;

  memset(&u, 0, sizeof u);
  dynstr_init(d);
  parse_url(config->url, &u);
  if(dcgi_cookie) {
    dynstr_append_string(d, "disorder=");
    dynstr_append_string(d, dcgi_cookie);
  } else {
    /* Force browser to discard cookie */
    dynstr_append_string(d, "disorder=none;Max-Age=0");
  }
  if(u.path) {
    /* The default domain matches the request host, so we need not override
     * that.  But the default path only goes up to the rightmost /, which would
     * cause the browser to expose the cookie to other CGI programs on the same
     * web server. */
    dynstr_append_string(d, ";Version=1;Path=");
    /* Formally we are supposed to quote the path, since it invariably has a
     * slash in it.  However Safari does not parse quoted paths correctly, so
     * this won't work.  Fortunately nothing else seems to care about proper
     * quoting of paths, so in practice we get with it.  (See also
     * parse_cookie() where we are liberal about cookie paths on the way back
     * in.) */
    dynstr_append_string(d, u.path);
  }
  dynstr_terminate(d);
  byte_xasprintf(&s, "Set-Cookie: %s", d->vec);
  return s;
}

/** @brief Log in as the current user or guest if none */
void dcgi_login(void) {
  /* Junk old data */
  dcgi_lookup_reset();
  /* Junk the old connection if there is one */
  if(dcgi_client)
    disorder_close(dcgi_client);
  /* Create a new connection */
  dcgi_client = disorder_new(0);
  /* Reconnect */
  if(disorder_connect_cookie(dcgi_client, dcgi_cookie)) {
    dcgi_error("connect");
    exit(0);
  }
  /* If there was a cookie but it went bad, we forget it */
  if(dcgi_cookie && !strcmp(disorder_user(dcgi_client), "guest"))
    dcgi_cookie = 0;
}

/*
Local Variables:
c-basic-offset:2
comment-column:40
fill-column:79
indent-tabs-mode:nil
End:
*/
Commit	Line	Data
1e97629d RK	1	/*
	2	* This file is part of DisOrder.
	3	* Copyright (C) 2008 Richard Kettlewell
	4	*
e7eb3a27	5	* This program is free software: you can redistribute it and/or modify
1e97629d	6	* it under the terms of the GNU General Public License as published by
e7eb3a27	7	* the Free Software Foundation, either version 3 of the License, or
1e97629d RK	8	* (at your option) any later version.
1e97629d RK	9	*
e7eb3a27 RK	10	* This program is distributed in the hope that it will be useful,
	11	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	12	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	13	* GNU General Public License for more details.
	14	*
1e97629d	15	* You should have received a copy of the GNU General Public License
e7eb3a27	16	* along with this program. If not, see <http://www.gnu.org/licenses/>.
1e97629d RK	17	*/
	18
	19	#include "disorder-cgi.h"
	20
	21	/** @brief Client used by CGI
	22	*
	23	* The caller should arrange for this to be created before any of
	24	* these expansions are used (if it cannot connect then it's safe to
	25	* leave it as NULL).
	26	*/
	27	disorder_client *dcgi_client;
	28
d0b6635e RK	29	/** @brief Return true if @p a is better than @p b
	30	*
	31	* NB. We don't bother checking if the path is right, we merely check for the
	32	* longest path. This isn't a security hole: if the browser wants to send us
	33	* bad cookies it's quite capable of sending just the right path anyway. The
	34	* point of choosing the longest path is to avoid using a cookie set by another
	35	* CGI script which shares a path prefix with us, which would allow it to
	36	* maliciously log users out.
	37	*
	38	* Such a script could still "maliciously" log someone in, if it had acquired a
	39	* suitable cookie. But it could just log in directly if it had that, so there
	40	* is no obvious vulnerability here either.
	41	*/
	42	static int better_cookie(const struct cookie a, const struct cookie b) {
	43	if(a->path && b->path)
	44	/* If both have a path then the one with the longest path is best */
	45	return strlen(a->path) > strlen(b->path);
	46	else if(a->path)
	47	/* If only @p a has a path then it is better */
	48	return 1;
	49	else
	50	/* If neither have a path, or if only @p b has a path, then @p b is
	51	* better */
	52	return 0;
	53	}
	54
1e97629d RK	55	/** @brief Login cookie */
	56	char *dcgi_cookie;
	57
d0b6635e RK	58	/** @brief Set @ref login_cookie */
	59	void dcgi_get_cookie(void) {
	60	const char *cookie_env;
	61	int n, best_cookie;
	62	struct cookiedata cd;
	63
	64	/* See if there's a cookie */
	65	cookie_env = getenv("HTTP_COOKIE");
	66	if(cookie_env) {
	67	/* This will be an HTTP header */
	68	if(!parse_cookie(cookie_env, &cd)) {
	69	/* Pick the best available cookie from all those offered */
	70	best_cookie = -1;
	71	for(n = 0; n < cd.ncookies; ++n) {
	72	/* Is this the right cookie? */
	73	if(strcmp(cd.cookies[n].name, "disorder"))
	74	continue;
	75	/* Is it better than anything we've seen so far? */
	76	if(best_cookie < 0
	77	\|\| better_cookie(&cd.cookies[n], &cd.cookies[best_cookie]))
	78	best_cookie = n;
	79	}
	80	if(best_cookie != -1)
	81	dcgi_cookie = cd.cookies[best_cookie].value;
	82	} else
	83	error(0, "could not parse cookie field '%s'", cookie_env);
	84	}
	85	}
	86
1e97629d RK	87	/** @brief Return a Cookie: header */
	88	char *dcgi_cookie_header(void) {
	89	struct dynstr d[1];
	90	struct url u;
	91	char *s;
	92
	93	memset(&u, 0, sizeof u);
	94	dynstr_init(d);
	95	parse_url(config->url, &u);
	96	if(dcgi_cookie) {
	97	dynstr_append_string(d, "disorder=");
	98	dynstr_append_string(d, dcgi_cookie);
	99	} else {
	100	/* Force browser to discard cookie */
	101	dynstr_append_string(d, "disorder=none;Max-Age=0");
	102	}
	103	if(u.path) {
	104	/* The default domain matches the request host, so we need not override
	105	* that. But the default path only goes up to the rightmost /, which would
	106	* cause the browser to expose the cookie to other CGI programs on the same
	107	* web server. */
	108	dynstr_append_string(d, ";Version=1;Path=");
	109	/* Formally we are supposed to quote the path, since it invariably has a
	110	* slash in it. However Safari does not parse quoted paths correctly, so
	111	* this won't work. Fortunately nothing else seems to care about proper
	112	* quoting of paths, so in practice we get with it. (See also
	113	* parse_cookie() where we are liberal about cookie paths on the way back
	114	* in.) */
	115	dynstr_append_string(d, u.path);
	116	}
	117	dynstr_terminate(d);
	118	byte_xasprintf(&s, "Set-Cookie: %s", d->vec);
	119	return s;
	120	}
	121
	122	/** @brief Log in as the current user or guest if none */
	123	void dcgi_login(void) {
	124	/* Junk old data */
	125	dcgi_lookup_reset();
	126	/* Junk the old connection if there is one */
	127	if(dcgi_client)
	128	disorder_close(dcgi_client);
	129	/* Create a new connection */
	130	dcgi_client = disorder_new(0);
	131	/* Reconnect */
	132	if(disorder_connect_cookie(dcgi_client, dcgi_cookie)) {
0d0253c9	133	dcgi_error("connect");
1e97629d RK	134	exit(0);
	135	}
	136	/* If there was a cookie but it went bad, we forget it */
	137	if(dcgi_cookie && !strcmp(disorder_user(dcgi_client), "guest"))
	138	dcgi_cookie = 0;
	139	}
	140
	141	/*
	142	Local Variables:
	143	c-basic-offset:2
	144	comment-column:40
	145	fill-column:79
	146	indent-tabs-mode:nil
	147	End:
	148	*/