2 * This file is part of DisOrder.
3 * Copyright (C) 2008 Richard Kettlewell
5 * This program is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, either version 3 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
19 * @brief Web login support
21 #include "disorder-cgi.h"
23 /** @brief Client used by CGI
25 * The caller should arrange for this to be created before any of
26 * these expansions are used (if it cannot connect then it's safe to
29 disorder_client
*dcgi_client
;
31 /** @brief Return true if @p a is better than @p b
33 * NB. We don't bother checking if the path is right, we merely check for the
34 * longest path. This isn't a security hole: if the browser wants to send us
35 * bad cookies it's quite capable of sending just the right path anyway. The
36 * point of choosing the longest path is to avoid using a cookie set by another
37 * CGI script which shares a path prefix with us, which would allow it to
38 * maliciously log users out.
40 * Such a script could still "maliciously" log someone in, if it had acquired a
41 * suitable cookie. But it could just log in directly if it had that, so there
42 * is no obvious vulnerability here either.
44 static int better_cookie(const struct cookie
*a
, const struct cookie
*b
) {
45 if(a
->path
&& b
->path
)
46 /* If both have a path then the one with the longest path is best */
47 return strlen(a
->path
) > strlen(b
->path
);
49 /* If only @p a has a path then it is better */
52 /* If neither have a path, or if only @p b has a path, then @p b is
57 /** @brief Login cookie */
60 /** @brief Set @ref dcgi_cookie */
61 void dcgi_get_cookie(void) {
62 const char *cookie_env
;
66 /* See if there's a cookie */
67 cookie_env
= getenv("HTTP_COOKIE");
69 /* This will be an HTTP header */
70 if(!parse_cookie(cookie_env
, &cd
)) {
71 /* Pick the best available cookie from all those offered */
73 for(n
= 0; n
< cd
.ncookies
; ++n
) {
74 /* Is this the right cookie? */
75 if(strcmp(cd
.cookies
[n
].name
, "disorder"))
77 /* Is it better than anything we've seen so far? */
79 || better_cookie(&cd
.cookies
[n
], &cd
.cookies
[best_cookie
]))
83 dcgi_cookie
= cd
.cookies
[best_cookie
].value
;
85 disorder_error(0, "could not parse cookie field '%s'", cookie_env
);
89 /** @brief Return a Cookie: header */
90 char *dcgi_cookie_header(void) {
95 memset(&u
, 0, sizeof u
);
97 parse_url(config
->url
, &u
);
99 dynstr_append_string(d
, "disorder=");
100 dynstr_append_string(d
, dcgi_cookie
);
102 /* Force browser to discard cookie */
103 dynstr_append_string(d
, "disorder=none;Max-Age=0");
106 /* The default domain matches the request host, so we need not override
107 * that. But the default path only goes up to the rightmost /, which would
108 * cause the browser to expose the cookie to other CGI programs on the same
110 dynstr_append_string(d
, ";Version=1;Path=");
111 /* Formally we are supposed to quote the path, since it invariably has a
112 * slash in it. However Safari does not parse quoted paths correctly, so
113 * this won't work. Fortunately nothing else seems to care about proper
114 * quoting of paths, so in practice we get with it. (See also
115 * parse_cookie() where we are liberal about cookie paths on the way back
117 dynstr_append_string(d
, u
.path
);
120 byte_xasprintf(&s
, "Set-Cookie: %s", d
->vec
);
124 /** @brief Log in as the current user or guest if none */
125 void dcgi_login(void) {
128 /* Junk the old connection if there is one */
130 disorder_close(dcgi_client
);
131 /* Create a new connection */
132 dcgi_client
= disorder_new(0);
134 if(disorder_connect_cookie(dcgi_client
, dcgi_cookie
)) {
135 dcgi_error("connect");
138 /* If there was a cookie but it went bad, we forget it */
139 if(dcgi_cookie
&& !strcmp(disorder_user(dcgi_client
), "guest"))