X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/disorder/blobdiff_plain/f0feb22e80bfe438c16d212a7cc8be6d2282b6ac..dda7681934e228545aae11623fbd253fe7b8928f:/lib/cookies.c diff --git a/lib/cookies.c b/lib/cookies.c index 666c6ce..70c8097 100644 --- a/lib/cookies.c +++ b/lib/cookies.c @@ -32,14 +32,16 @@ #include #include +#include "rights.h" #include "cookies.h" #include "hash.h" #include "mem.h" #include "log.h" #include "printf.h" -#include "mime.h" +#include "base64.h" #include "configuration.h" #include "kvp.h" +#include "rights.h" #include "trackdb.h" /** @brief Hash function used in signing HMAC */ @@ -81,6 +83,16 @@ static void newkey(void) { hash_foreach(revoked, revoked_cleanup_callback, &now); } +/** @brief Base64 mapping table for cookies + * + * Stupid Safari cannot cope with quoted cookies, so cookies had better not + * need quoting. We use $ to separate the parts of the cookie and +%# to where + * MIME uses +/=; see @ref base64.c. See http_separator() for the characters + * to avoid. + */ +static const char cookie_base64_table[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+%#"; + /** @brief Sign @p subject with @p key and return the base64 of the result * @param key Key to sign with (@ref HASHSIZE bytes) * @param subject Subject string @@ -104,7 +116,7 @@ static char *sign(const uint8_t *key, } gcry_md_write(h, subject, strlen(subject)); sig = gcry_md_read(h, ALGO); - sig64 = mime_to_base64(sig, HASHSIZE); + sig64 = generic_to_base64(sig, HASHSIZE, cookie_base64_table); gcry_md_close(h); return sig64; } @@ -118,9 +130,9 @@ char *make_cookie(const char *user) { time_t now; char *b, *bp, *c, *g; - /* semicolons aren't allowed in usernames */ - if(strchr(user, ';')) { - error(0, "make_cookie for username with semicolon"); + /* dollar signs aren't allowed in usernames */ + if(strchr(user, '$')) { + error(0, "make_cookie for username with dollar sign"); return 0; } /* look up the password */ @@ -134,7 +146,7 @@ char *make_cookie(const char *user) { if(now >= signing_key_validity_limit) newkey(); /* construct the subject */ - byte_xasprintf(&b, "%jx;%s;", (intmax_t)now + config->cookie_login_lifetime, + byte_xasprintf(&b, "%jx$%s$", (intmax_t)now + config->cookie_login_lifetime, urlencodestring(user)); byte_xasprintf(&bp, "%s%s", b, password); /* sign it */ @@ -147,14 +159,16 @@ char *make_cookie(const char *user) { /** @brief Verify a cookie * @param cookie Cookie to verify + * @param rights Where to store rights value * @return Verified user or NULL */ -char *verify_cookie(const char *cookie) { +char *verify_cookie(const char *cookie, rights_type *rights) { char *c1, *c2; intmax_t t; time_t now; char *user, *bp, *sig; const char *password; + struct kvp *k; /* check the revocation list */ if(revoked && hash_find(revoked, cookie)) { @@ -168,12 +182,12 @@ char *verify_cookie(const char *cookie) { error(errno, "error parsing cookie timestamp"); return 0; } - if(*c1 != ';') { + if(*c1 != '$') { error(0, "invalid cookie timestamp"); return 0; } - /* There'd better be two semicolons */ - c2 = strchr(c1 + 1, ';'); + /* There'd better be two dollar signs */ + c2 = strchr(c1 + 1, '$'); if(c2 == 0) { error(0, "invalid cookie syntax"); return 0; @@ -187,14 +201,18 @@ char *verify_cookie(const char *cookie) { return 0; } /* look up the password */ - password = trackdb_get_password(user); - if(!password) { + k = trackdb_getuserinfo(user); + if(!k) { error(0, "verify_cookie for nonexistent user"); return 0; } + password = kvp_get(k, "password"); + if(!password) password = ""; + if(parse_rights(kvp_get(k, "rights"), rights, 1)) + return 0; /* construct the expected subject. We re-encode the timestamp and the * password. */ - byte_xasprintf(&bp, "%jx;%s;%s", t, urlencodestring(user), password); + byte_xasprintf(&bp, "%jx$%s$%s", t, urlencodestring(user), password); /* Compute the expected signature. NB we base64 the expected signature and * compare that rather than exposing our base64 parser to the cookie. */ if(!(sig = sign(signing_key, bp))) @@ -226,7 +244,7 @@ void revoke_cookie(const char *cookie) { /* reject bogus cookies */ if(errno) return; - if(*ptr != ';') + if(*ptr != '$') return; /* make sure the revocation list exists */ if(!revoked)