Commit | Line | Data |
---|---|---|
1e97629d RK |
1 | /* |
2 | * This file is part of DisOrder. | |
3 | * Copyright (C) 2008 Richard Kettlewell | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify | |
6 | * it under the terms of the GNU General Public License as published by | |
7 | * the Free Software Foundation; either version 2 of the License, or | |
8 | * (at your option) any later version. | |
9 | * | |
10 | * This program is distributed in the hope that it will be useful, but | |
11 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
13 | * General Public License for more details. | |
14 | * | |
15 | * You should have received a copy of the GNU General Public License | |
16 | * along with this program; if not, write to the Free Software | |
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 | |
18 | * USA | |
19 | */ | |
20 | ||
21 | #include "disorder-cgi.h" | |
22 | ||
23 | /** @brief Client used by CGI | |
24 | * | |
25 | * The caller should arrange for this to be created before any of | |
26 | * these expansions are used (if it cannot connect then it's safe to | |
27 | * leave it as NULL). | |
28 | */ | |
29 | disorder_client *dcgi_client; | |
30 | ||
d0b6635e RK |
31 | /** @brief Return true if @p a is better than @p b |
32 | * | |
33 | * NB. We don't bother checking if the path is right, we merely check for the | |
34 | * longest path. This isn't a security hole: if the browser wants to send us | |
35 | * bad cookies it's quite capable of sending just the right path anyway. The | |
36 | * point of choosing the longest path is to avoid using a cookie set by another | |
37 | * CGI script which shares a path prefix with us, which would allow it to | |
38 | * maliciously log users out. | |
39 | * | |
40 | * Such a script could still "maliciously" log someone in, if it had acquired a | |
41 | * suitable cookie. But it could just log in directly if it had that, so there | |
42 | * is no obvious vulnerability here either. | |
43 | */ | |
44 | static int better_cookie(const struct cookie *a, const struct cookie *b) { | |
45 | if(a->path && b->path) | |
46 | /* If both have a path then the one with the longest path is best */ | |
47 | return strlen(a->path) > strlen(b->path); | |
48 | else if(a->path) | |
49 | /* If only @p a has a path then it is better */ | |
50 | return 1; | |
51 | else | |
52 | /* If neither have a path, or if only @p b has a path, then @p b is | |
53 | * better */ | |
54 | return 0; | |
55 | } | |
56 | ||
1e97629d RK |
57 | /** @brief Login cookie */ |
58 | char *dcgi_cookie; | |
59 | ||
d0b6635e RK |
60 | /** @brief Set @ref login_cookie */ |
61 | void dcgi_get_cookie(void) { | |
62 | const char *cookie_env; | |
63 | int n, best_cookie; | |
64 | struct cookiedata cd; | |
65 | ||
66 | /* See if there's a cookie */ | |
67 | cookie_env = getenv("HTTP_COOKIE"); | |
68 | if(cookie_env) { | |
69 | /* This will be an HTTP header */ | |
70 | if(!parse_cookie(cookie_env, &cd)) { | |
71 | /* Pick the best available cookie from all those offered */ | |
72 | best_cookie = -1; | |
73 | for(n = 0; n < cd.ncookies; ++n) { | |
74 | /* Is this the right cookie? */ | |
75 | if(strcmp(cd.cookies[n].name, "disorder")) | |
76 | continue; | |
77 | /* Is it better than anything we've seen so far? */ | |
78 | if(best_cookie < 0 | |
79 | || better_cookie(&cd.cookies[n], &cd.cookies[best_cookie])) | |
80 | best_cookie = n; | |
81 | } | |
82 | if(best_cookie != -1) | |
83 | dcgi_cookie = cd.cookies[best_cookie].value; | |
84 | } else | |
85 | error(0, "could not parse cookie field '%s'", cookie_env); | |
86 | } | |
87 | } | |
88 | ||
1e97629d RK |
89 | /** @brief Return a Cookie: header */ |
90 | char *dcgi_cookie_header(void) { | |
91 | struct dynstr d[1]; | |
92 | struct url u; | |
93 | char *s; | |
94 | ||
95 | memset(&u, 0, sizeof u); | |
96 | dynstr_init(d); | |
97 | parse_url(config->url, &u); | |
98 | if(dcgi_cookie) { | |
99 | dynstr_append_string(d, "disorder="); | |
100 | dynstr_append_string(d, dcgi_cookie); | |
101 | } else { | |
102 | /* Force browser to discard cookie */ | |
103 | dynstr_append_string(d, "disorder=none;Max-Age=0"); | |
104 | } | |
105 | if(u.path) { | |
106 | /* The default domain matches the request host, so we need not override | |
107 | * that. But the default path only goes up to the rightmost /, which would | |
108 | * cause the browser to expose the cookie to other CGI programs on the same | |
109 | * web server. */ | |
110 | dynstr_append_string(d, ";Version=1;Path="); | |
111 | /* Formally we are supposed to quote the path, since it invariably has a | |
112 | * slash in it. However Safari does not parse quoted paths correctly, so | |
113 | * this won't work. Fortunately nothing else seems to care about proper | |
114 | * quoting of paths, so in practice we get with it. (See also | |
115 | * parse_cookie() where we are liberal about cookie paths on the way back | |
116 | * in.) */ | |
117 | dynstr_append_string(d, u.path); | |
118 | } | |
119 | dynstr_terminate(d); | |
120 | byte_xasprintf(&s, "Set-Cookie: %s", d->vec); | |
121 | return s; | |
122 | } | |
123 | ||
124 | /** @brief Log in as the current user or guest if none */ | |
125 | void dcgi_login(void) { | |
126 | /* Junk old data */ | |
127 | dcgi_lookup_reset(); | |
128 | /* Junk the old connection if there is one */ | |
129 | if(dcgi_client) | |
130 | disorder_close(dcgi_client); | |
131 | /* Create a new connection */ | |
132 | dcgi_client = disorder_new(0); | |
133 | /* Reconnect */ | |
134 | if(disorder_connect_cookie(dcgi_client, dcgi_cookie)) { | |
0d0253c9 | 135 | dcgi_error("connect"); |
1e97629d RK |
136 | exit(0); |
137 | } | |
138 | /* If there was a cookie but it went bad, we forget it */ | |
139 | if(dcgi_cookie && !strcmp(disorder_user(dcgi_client), "guest")) | |
140 | dcgi_cookie = 0; | |
141 | } | |
142 | ||
143 | /* | |
144 | Local Variables: | |
145 | c-basic-offset:2 | |
146 | comment-column:40 | |
147 | fill-column:79 | |
148 | indent-tabs-mode:nil | |
149 | End: | |
150 | */ |