X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/disorder/blobdiff_plain/b12be54a68a7738d948d866eb7b9231f8e55a12e..985bb670b4e07d35cb1580780253ded2524a342e:/lib/cookies.c

diff --git a/lib/cookies.c b/lib/cookies.c
index 4ac9f65..0ff17b5 100644
--- a/lib/cookies.c
+++ b/lib/cookies.c
@@ -1,44 +1,40 @@
 /*
  * This file is part of DisOrder
- * Copyright (C) 2007 Richard Kettlewell
+ * Copyright (C) 2007, 2008 Richard Kettlewell
  *
- * This program is free software; you can redistribute it and/or modify
+ * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation, either version 3 of the License, or
  * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
  * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
- * USA
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 /** @file lib/cookies.c
  * @brief Cookie support
  */
 
-#include <config.h>
-#include "types.h"
+#include "common.h"
 
-#include <stdlib.h>
-#include <string.h>
-#include <stdio.h>
 #include <errno.h>
 #include <time.h>
 #include <gcrypt.h>
+#include <pcre.h>
 
 #include "cookies.h"
 #include "hash.h"
 #include "mem.h"
 #include "log.h"
 #include "printf.h"
-#include "mime.h"
+#include "base64.h"
 #include "configuration.h"
 #include "kvp.h"
+#include "trackdb.h"
 
 /** @brief Hash function used in signing HMAC */
 #define ALGO GCRY_MD_SHA1
@@ -79,6 +75,16 @@ static void newkey(void) {
     hash_foreach(revoked, revoked_cleanup_callback, &now);
 }
 
+/** @brief Base64 mapping table for cookies
+ *
+ * Stupid Safari cannot cope with quoted cookies, so cookies had better not
+ * need quoting.  We use $ to separate the parts of the cookie and +%# to where
+ * MIME uses +/=; see @ref base64.c.  See http_separator() for the characters
+ * to avoid.
+ */
+static const char cookie_base64_table[] =
+  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+%#";
+
 /** @brief Sign @p subject with @p key and return the base64 of the result
  * @param key Key to sign with (@ref HASHSIZE bytes)
  * @param subject Subject string
@@ -102,7 +108,7 @@ static char *sign(const uint8_t *key,
   }
   gcry_md_write(h, subject, strlen(subject));
   sig = gcry_md_read(h, ALGO);
-  sig64 = mime_to_base64(sig, HASHSIZE);
+  sig64 = generic_to_base64(sig, HASHSIZE, cookie_base64_table);
   gcry_md_close(h);
   return sig64;
 }
@@ -112,31 +118,27 @@ static char *sign(const uint8_t *key,
  * @return Cookie or NULL
  */
 char *make_cookie(const char *user) {
-  char *password;
+  const char *password;
   time_t now;
   char *b, *bp, *c, *g;
-  int n;
 
-  /* semicolons aren't allowed in usernames */
-  if(strchr(user, ';')) {
-    error(0, "make_cookie for username with semicolon");
+  /* dollar signs aren't allowed in usernames */
+  if(strchr(user, '$')) {
+    error(0, "make_cookie for username with dollar sign");
     return 0;
   }
   /* look up the password */
-  for(n = 0; n < config->allow.n
-	&& strcmp(config->allow.s[n].s[0], user); ++n)
-    ;
-  if(n >= config->allow.n) {
+  password = trackdb_get_password(user);
+  if(!password) {
     error(0, "make_cookie for nonexistent user");
     return 0;
   }
-  password = config->allow.s[n].s[1];
   /* make sure we have a valid signing key */
   time(&now);
   if(now >= signing_key_validity_limit)
     newkey();
   /* construct the subject */
-  byte_xasprintf(&b, "%jx;%s;", (intmax_t)now + config->cookie_login_lifetime,
+  byte_xasprintf(&b, "%jx$%s$", (intmax_t)now + config->cookie_login_lifetime,
 		 urlencodestring(user));
   byte_xasprintf(&bp, "%s%s", b, password);
   /* sign it */
@@ -149,14 +151,16 @@ char *make_cookie(const char *user) {
 
 /** @brief Verify a cookie
  * @param cookie Cookie to verify
+ * @param rights Where to store rights value
  * @return Verified user or NULL
  */
-char *verify_cookie(const char *cookie) {
+char *verify_cookie(const char *cookie, rights_type *rights) {
   char *c1, *c2;
   intmax_t t;
   time_t now;
-  char *user, *bp, *password, *sig;
-  int n;
+  char *user, *bp, *sig;
+  const char *password;
+  struct kvp *k;
 
   /* check the revocation list */
   if(revoked && hash_find(revoked, cookie)) {
@@ -170,12 +174,12 @@ char *verify_cookie(const char *cookie) {
     error(errno, "error parsing cookie timestamp");
     return 0;
   }
-  if(*c1 != ';') {
+  if(*c1 != '$') {
     error(0, "invalid cookie timestamp");
     return 0;
   }
-  /* There'd better be two semicolons */
-  c2 = strchr(c1 + 1, ';');
+  /* There'd better be two dollar signs */
+  c2 = strchr(c1 + 1, '$');
   if(c2 == 0) {
     error(0, "invalid cookie syntax");
     return 0;
@@ -189,17 +193,18 @@ char *verify_cookie(const char *cookie) {
     return 0;
   }
   /* look up the password */
-  for(n = 0; n < config->allow.n
-	&& strcmp(config->allow.s[n].s[0], user); ++n)
-    ;
-  if(n >= config->allow.n) {
+  k = trackdb_getuserinfo(user);
+  if(!k) {
     error(0, "verify_cookie for nonexistent user");
     return 0;
   }
-  password = config->allow.s[n].s[1];
+  password = kvp_get(k, "password");
+  if(!password) password = "";
+  if(parse_rights(kvp_get(k, "rights"), rights, 1))
+    return 0;
   /* construct the expected subject.  We re-encode the timestamp and the
    * password. */
-  byte_xasprintf(&bp, "%jx;%s;%s", t, urlencodestring(user), password);
+  byte_xasprintf(&bp, "%jx$%s$%s", t, urlencodestring(user), password);
   /* Compute the expected signature.  NB we base64 the expected signature and
    * compare that rather than exposing our base64 parser to the cookie. */
   if(!(sig = sign(signing_key, bp)))
@@ -231,7 +236,7 @@ void revoke_cookie(const char *cookie) {
   /* reject bogus cookies */
   if(errno)
     return;
-  if(*ptr != ';')
+  if(*ptr != '$')
     return;
   /* make sure the revocation list exists */
   if(!revoked)