1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276 |
- /*
- * This file is part of the UCB release of Plan 9. It is subject to the license
- * terms in the LICENSE file found in the top-level directory of this
- * distribution and at http://akaros.cs.berkeley.edu/files/Plan9License. No
- * part of the UCB release of Plan 9, including this file, may be copied,
- * modified, propagated, or distributed except according to the terms contained
- * in the LICENSE file.
- */
- /*
- * Cookie file system. Allows hget and multiple webfs's to collaborate.
- * Conventionally mounted on /mnt/webcookies.
- */
- #include <u.h>
- #include <libc.h>
- #include <bio.h>
- #include <ndb.h>
- #include <fcall.h>
- #include <thread.h>
- #include <9p.h>
- #include <ctype.h>
- int debug = 0;
- typedef struct Cookie Cookie;
- typedef struct Jar Jar;
- struct Cookie
- {
- /* external info */
- char* name;
- char* value;
- char* dom; /* starts with . */
- char* path;
- char* version;
- char* comment; /* optional, may be nil */
- uint expire; /* time of expiration: ~0 means when webcookies dies */
- int secure;
- int explicitdom; /* dom was explicitly set */
- int explicitpath; /* path was explicitly set */
- int netscapestyle;
- /* internal info */
- int deleted;
- int mark;
- int ondisk;
- };
- struct Jar
- {
- Cookie *c;
- int nc;
- int mc;
- Qid qid;
- int dirty;
- char *file;
- char *lockfile;
- };
- struct {
- char *s;
- int offset;
- int ishttp;
- } stab[] = {
- "domain", offsetof(Cookie, dom), 1,
- "path", offsetof(Cookie, path), 1,
- "name", offsetof(Cookie, name), 0,
- "value", offsetof(Cookie, value), 0,
- "comment", offsetof(Cookie, comment), 1,
- "version", offsetof(Cookie, version), 1,
- };
- struct {
- char *s;
- int offset;
- } itab[] = {
- "expire", offsetof(Cookie, expire),
- "secure", offsetof(Cookie, secure),
- "explicitdomain", offsetof(Cookie, explicitdom),
- "explicitpath", offsetof(Cookie, explicitpath),
- "netscapestyle", offsetof(Cookie, netscapestyle),
- };
- #pragma varargck type "J" Jar*
- #pragma varargck type "K" Cookie*
- /* HTTP format */
- int
- jarfmt(Fmt *fmt)
- {
- int i;
- Jar *jar;
- jar = va_arg(fmt->args, Jar*);
- if(jar == nil || jar->nc == 0)
- return fmtstrcpy(fmt, "");
- fmtprint(fmt, "Cookie: ");
- if(jar->c[0].version)
- fmtprint(fmt, "$Version=%s; ", jar->c[0].version);
- for(i=0; i<jar->nc; i++)
- fmtprint(fmt, "%s%s=%s", i ? "; ":"", jar->c[i].name, jar->c[i].value);
- fmtprint(fmt, "\r\n");
- return 0;
- }
- /* individual cookie */
- int
- cookiefmt(Fmt *fmt)
- {
- int j, k, first;
- char *t;
- Cookie *c;
- c = va_arg(fmt->args, Cookie*);
- first = 1;
- for(j=0; j<nelem(stab); j++){
- t = *(char**)((char*)c+stab[j].offset);
- if(t == nil)
- continue;
- if(first)
- first = 0;
- else
- fmtprint(fmt, " ");
- fmtprint(fmt, "%s=%q", stab[j].s, t);
- }
- for(j=0; j<nelem(itab); j++){
- k = *(int*)((char*)c+itab[j].offset);
- if(k == 0)
- continue;
- if(first)
- first = 0;
- else
- fmtprint(fmt, " ");
- fmtprint(fmt, "%s=%ud", itab[j].s, k);
- }
- return 0;
- }
- /*
- * sort cookies:
- * - alpha by name
- * - alpha by domain
- * - longer paths first, then alpha by path (RFC2109 4.3.4)
- */
- int
- cookiecmp(const Cookie *a, const Cookie *b)
- {
- int i;
- if((i = strcmp(a->name, b->name)) != 0)
- return i;
- if((i = cistrcmp(a->dom, b->dom)) != 0)
- return i;
- if((i = strlen(b->path) - strlen(a->path)) != 0)
- return i;
- if((i = strcmp(a->path, b->path)) != 0)
- return i;
- return 0;
- }
- int
- exactcookiecmp(Cookie *a, Cookie *b)
- {
- int i;
- if((i = cookiecmp(a, b)) != 0)
- return i;
- if((i = strcmp(a->value, b->value)) != 0)
- return i;
- if(a->version || b->version){
- if(!a->version)
- return -1;
- if(!b->version)
- return 1;
- if((i = strcmp(a->version, b->version)) != 0)
- return i;
- }
- if(a->comment || b->comment){
- if(!a->comment)
- return -1;
- if(!b->comment)
- return 1;
- if((i = strcmp(a->comment, b->comment)) != 0)
- return i;
- }
- if((i = b->expire - a->expire) != 0)
- return i;
- if((i = b->secure - a->secure) != 0)
- return i;
- if((i = b->explicitdom - a->explicitdom) != 0)
- return i;
- if((i = b->explicitpath - a->explicitpath) != 0)
- return i;
- if((i = b->netscapestyle - a->netscapestyle) != 0)
- return i;
- return 0;
- }
- void
- freecookie(Cookie *c)
- {
- int i;
- for(i=0; i<nelem(stab); i++)
- free(*(char**)((char*)c+stab[i].offset));
- }
- void
- copycookie(Cookie *c)
- {
- int i;
- char **ps;
- for(i=0; i<nelem(stab); i++){
- ps = (char**)((char*)c+stab[i].offset);
- if(*ps)
- *ps = estrdup9p(*ps);
- }
- }
- void
- delcookie(Jar *j, Cookie *c)
- {
- int i;
- j->dirty = 1;
- i = c - j->c;
- if(i < 0 || i >= j->nc)
- abort();
- c->deleted = 1;
- }
- void
- addcookie(Jar *j, Cookie *c)
- {
- int i;
- if(!c->name || !c->value || !c->path || !c->dom){
- fprint(2, "not adding incomplete cookie\n");
- return;
- }
- if(debug)
- fprint(2, "add %K\n", c);
- for(i=0; i<j->nc; i++)
- if(cookiecmp(&j->c[i], c) == 0){
- if(debug)
- fprint(2, "cookie %K matches %K\n", &j->c[i], c);
- if(exactcookiecmp(&j->c[i], c) == 0){
- if(debug)
- fprint(2, "\texactly\n");
- j->c[i].mark = 0;
- return;
- }
- delcookie(j, &j->c[i]);
- }
- j->dirty = 1;
- if(j->nc == j->mc){
- j->mc += 16;
- j->c = erealloc9p(j->c, j->mc*sizeof(Cookie));
- }
- j->c[j->nc] = *c;
- copycookie(&j->c[j->nc]);
- j->nc++;
- }
- void
- purgejar(Jar *j)
- {
- int i;
- for(i=j->nc-1; i>=0; i--){
- if(!j->c[i].deleted)
- continue;
- freecookie(&j->c[i]);
- --j->nc;
- j->c[i] = j->c[j->nc];
- }
- }
- void
- addtojar(Jar *jar, char *line, int ondisk)
- {
- Cookie c;
- int i, j, nf, *pint;
- char *f[20], *attr, *val, **pstr;
-
- memset(&c, 0, sizeof c);
- c.expire = ~0;
- c.ondisk = ondisk;
- nf = tokenize(line, f, nelem(f));
- for(i=0; i<nf; i++){
- attr = f[i];
- if((val = strchr(attr, '=')) != nil)
- *val++ = '\0';
- else
- val = "";
- /* string attributes */
- for(j=0; j<nelem(stab); j++){
- if(strcmp(stab[j].s, attr) == 0){
- pstr = (char**)((char*)&c+stab[j].offset);
- *pstr = val;
- }
- }
- /* integer attributes */
- for(j=0; j<nelem(itab); j++){
- if(strcmp(itab[j].s, attr) == 0){
- pint = (int*)((char*)&c+itab[j].offset);
- if(val[0]=='\0')
- *pint = 1;
- else
- *pint = strtoul(val, 0, 0);
- }
- }
- }
- if(c.name==nil || c.value==nil || c.dom==nil || c.path==nil){
- if(debug)
- fprint(2, "ignoring fractional cookie %K\n", &c);
- return;
- }
- addcookie(jar, &c);
- }
- Jar*
- newjar(void)
- {
- Jar *jar;
- jar = emalloc9p(sizeof(Jar));
- return jar;
- }
- int
- expirejar(Jar *jar, int exiting)
- {
- int i, n;
- uint now;
- now = time(0);
- n = 0;
- for(i=0; i<jar->nc; i++){
- if(jar->c[i].expire < now || (exiting && jar->c[i].expire==~0)){
- delcookie(jar, &jar->c[i]);
- n++;
- }
- }
- return n;
- }
- int
- syncjar(Jar *jar)
- {
- int i, fd;
- char *line;
- Dir *d;
- Biobuf *b;
- Qid q;
- if(jar->file==nil)
- return 0;
- memset(&q, 0, sizeof q);
- if((d = dirstat(jar->file)) != nil){
- q = d->qid;
- if(d->qid.path != jar->qid.path || d->qid.vers != jar->qid.vers)
- jar->dirty = 1;
- free(d);
- }
- if(jar->dirty == 0)
- return 0;
- fd = -1;
- for(i=0; i<50; i++){
- if((fd = create(jar->lockfile, OWRITE, DMEXCL|0666)) < 0){
- sleep(100);
- continue;
- }
- break;
- }
- if(fd < 0){
- if(debug)
- fprint(2, "open %s: %r", jar->lockfile);
- werrstr("cannot acquire jar lock: %r");
- return -1;
- }
- for(i=0; i<jar->nc; i++) /* mark is cleared by addcookie */
- jar->c[i].mark = jar->c[i].ondisk;
- if((b = Bopen(jar->file, OREAD)) == nil){
- if(debug)
- fprint(2, "Bopen %s: %r", jar->file);
- werrstr("cannot read cookie file %s: %r", jar->file);
- close(fd);
- return -1;
- }
- for(; (line = Brdstr(b, '\n', 1)) != nil; free(line)){
- if(*line == '#')
- continue;
- addtojar(jar, line, 1);
- }
- Bterm(b);
- for(i=0; i<jar->nc; i++)
- if(jar->c[i].mark)
- delcookie(jar, &jar->c[i]);
- purgejar(jar);
- b = Bopen(jar->file, OWRITE);
- if(b == nil){
- if(debug)
- fprint(2, "Bopen write %s: %r", jar->file);
- close(fd);
- return -1;
- }
- Bprint(b, "# webcookies cookie jar\n");
- Bprint(b, "# comments and non-standard fields will be lost\n");
- for(i=0; i<jar->nc; i++){
- if(jar->c[i].expire == ~0)
- continue;
- Bprint(b, "%K\n", &jar->c[i]);
- jar->c[i].ondisk = 1;
- }
- Bterm(b);
- jar->dirty = 0;
- close(fd);
- if((d = dirstat(jar->file)) != nil){
- jar->qid = d->qid;
- free(d);
- }
- return 0;
- }
- Jar*
- readjar(char *file)
- {
- char *lock, *p;
- Jar *jar;
- jar = newjar();
- lock = emalloc9p(strlen(file)+10);
- strcpy(lock, file);
- if((p = strrchr(lock, '/')) != nil)
- p++;
- else
- p = lock;
- memmove(p+2, p, strlen(p)+1);
- p[0] = 'L';
- p[1] = '.';
- jar->lockfile = lock;
- jar->file = file;
- jar->dirty = 1;
- if(syncjar(jar) < 0){
- free(jar->file);
- free(jar->lockfile);
- free(jar);
- return nil;
- }
- return jar;
- }
- void
- closejar(Jar *jar)
- {
- int i;
- expirejar(jar, 0);
- if(syncjar(jar) < 0)
- fprint(2, "warning: cannot rewrite cookie jar: %r\n");
- for(i=0; i<jar->nc; i++)
- freecookie(&jar->c[i]);
- free(jar->file);
- free(jar);
- }
- /*
- * Domain name matching is per RFC2109, section 2:
- *
- * Hosts names can be specified either as an IP address or a FQHN
- * string. Sometimes we compare one host name with another. Host A's
- * name domain-matches host B's if
- *
- * * both host names are IP addresses and their host name strings match
- * exactly; or
- *
- * * both host names are FQDN strings and their host name strings match
- * exactly; or
- *
- * * A is a FQDN string and has the form NB, where N is a non-empty name
- * string, B has the form .B', and B' is a FQDN string. (So, x.y.com
- * domain-matches .y.com but not y.com.)
- *
- * Note that domain-match is not a commutative operation: a.b.c.com
- * domain-matches .c.com, but not the reverse.
- *
- * (This does not verify that IP addresses and FQDN's are well-formed.)
- */
- int
- isdomainmatch(char *name, char *pattern)
- {
- int lname, lpattern;
- if(cistrcmp(name, pattern)==0)
- return 1;
- if(strcmp(ipattr(name), "dom")==0 && pattern[0]=='.'){
- lname = strlen(name);
- lpattern = strlen(pattern);
- if(lname >= lpattern && cistrcmp(name+lname-lpattern, pattern)==0)
- return 1;
- }
- return 0;
- }
- /*
- * RFC2109 4.3.4:
- * - domain must match
- * - path in cookie must be a prefix of request path
- * - cookie must not have expired
- */
- int
- iscookiematch(Cookie *c, char *dom, char *path, uint now)
- {
- return isdomainmatch(dom, c->dom)
- && strncmp(c->path, path, strlen(c->path))==0
- && c->expire >= now;
- }
- /*
- * Produce a subjar of matching cookies.
- * Secure cookies are only included if secure is set.
- */
- Jar*
- cookiesearch(Jar *jar, char *dom, char *path, int issecure)
- {
- int i;
- Jar *j;
- uint now;
- now = time(0);
- j = newjar();
- for(i=0; i<jar->nc; i++)
- if((issecure || !jar->c[i].secure) && iscookiematch(&jar->c[i], dom, path, now))
- addcookie(j, &jar->c[i]);
- if(j->nc == 0){
- closejar(j);
- werrstr("no cookies found");
- return nil;
- }
- qsort(j->c, j->nc, sizeof(j->c[0]), (int(*)(const void*, const void*))cookiecmp);
- return j;
- }
- /*
- * RFC2109 4.3.2 security checks
- */
- char*
- isbadcookie(Cookie *c, char *dom, char *path)
- {
- if(strncmp(c->path, path, strlen(c->path)) != 0)
- return "cookie path is not a prefix of the request path";
- if(c->explicitdom && c->dom[0] != '.')
- return "cookie domain doesn't start with dot";
- if(memchr(c->dom+1, '.', strlen(c->dom)-1-1) == nil)
- return "cookie domain doesn't have embedded dots";
- if(!isdomainmatch(dom, c->dom))
- return "request host does not match cookie domain";
- if(strcmp(ipattr(dom), "dom")==0
- && memchr(dom, '.', strlen(dom)-strlen(c->dom)) != nil)
- return "request host contains dots before cookie domain";
- return 0;
- }
- /*
- * Sunday, 25-Jan-2002 12:24:36 GMT
- * Sunday, 25 Jan 2002 12:24:36 GMT
- * Sun, 25 Jan 02 12:24:36 GMT
- */
- int
- isleap(int year)
- {
- return year%4==0 && (year%100!=0 || year%400==0);
- }
- uint
- strtotime(char *s)
- {
- char *os;
- int i;
- Tm tm;
- static int mday[2][12] = {
- 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31,
- 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31,
- };
- static char *wday[] = {
- "Sunday", "Monday", "Tuesday", "Wednesday",
- "Thursday", "Friday", "Saturday",
- };
- static char *mon[] = {
- "Jan", "Feb", "Mar", "Apr", "May", "Jun",
- "Jul", "Aug", "Sep", "Oct", "Nov", "Dec",
- };
- os = s;
- /* Sunday, */
- for(i=0; i<nelem(wday); i++){
- if(cistrncmp(s, wday[i], strlen(wday[i])) == 0){
- s += strlen(wday[i]);
- break;
- }
- if(cistrncmp(s, wday[i], 3) == 0){
- s += 3;
- break;
- }
- }
- if(i==nelem(wday)){
- if(debug)
- fprint(2, "bad wday (%s)\n", os);
- return -1;
- }
- if(*s++ != ',' || *s++ != ' '){
- if(debug)
- fprint(2, "bad wday separator (%s)\n", os);
- return -1;
- }
- /* 25- */
- if(!isdigit(s[0]) || !isdigit(s[1]) || (s[2]!='-' && s[2]!=' ')){
- if(debug)
- fprint(2, "bad day of month (%s)\n", os);
- return -1;
- }
- tm.mday = strtol(s, 0, 10);
- s += 3;
- /* Jan- */
- for(i=0; i<nelem(mon); i++)
- if(cistrncmp(s, mon[i], 3) == 0){
- tm.mon = i;
- s += 3;
- break;
- }
- if(i==nelem(mon)){
- if(debug)
- fprint(2, "bad month (%s)\n", os);
- return -1;
- }
- if(s[0] != '-' && s[0] != ' '){
- if(debug)
- fprint(2, "bad month separator (%s)\n", os);
- return -1;
- }
- s++;
- /* 2002 */
- if(!isdigit(s[0]) || !isdigit(s[1])){
- if(debug)
- fprint(2, "bad year (%s)\n", os);
- return -1;
- }
- tm.year = strtol(s, 0, 10);
- s += 2;
- if(isdigit(s[0]) && isdigit(s[1]))
- s += 2;
- else{
- if(tm.year <= 68)
- tm.year += 2000;
- else
- tm.year += 1900;
- }
- if(tm.mday==0 || tm.mday > mday[isleap(tm.year)][tm.mon]){
- if(debug)
- fprint(2, "invalid day of month (%s)\n", os);
- return -1;
- }
- tm.year -= 1900;
- if(*s++ != ' '){
- if(debug)
- fprint(2, "bad year separator (%s)\n", os);
- return -1;
- }
- if(!isdigit(s[0]) || !isdigit(s[1]) || s[2]!=':'
- || !isdigit(s[3]) || !isdigit(s[4]) || s[5]!=':'
- || !isdigit(s[6]) || !isdigit(s[7]) || s[8]!=' '){
- if(debug)
- fprint(2, "bad time (%s)\n", os);
- return -1;
- }
- tm.hour = atoi(s);
- tm.min = atoi(s+3);
- tm.sec = atoi(s+6);
- if(tm.hour >= 24 || tm.min >= 60 || tm.sec >= 60){
- if(debug)
- fprint(2, "invalid time (%s)\n", os);
- return -1;
- }
- s += 9;
- if(cistrcmp(s, "GMT") != 0){
- if(debug)
- fprint(2, "time zone not GMT (%s)\n", os);
- return -1;
- }
- strcpy(tm.zone, "GMT");
- tm.yday = 0;
- return tm2sec(&tm);
- }
- /*
- * skip linear whitespace. we're a bit more lenient than RFC2616 2.2.
- */
- char*
- skipspace(char *s)
- {
- while(*s=='\r' || *s=='\n' || *s==' ' || *s=='\t')
- s++;
- return s;
- }
- /*
- * Try to identify old netscape headers.
- * The old headers:
- * - didn't allow spaces around the '='
- * - used an 'Expires' attribute
- * - had no 'Version' attribute
- * - had no quotes
- * - allowed whitespace in values
- * - apparently separated attr/value pairs with ';' exclusively
- */
- int
- isnetscape(char *hdr)
- {
- char *s;
- for(s=hdr; (s=strchr(s, '=')) != nil; s++){
- if(isspace(s[1]) || (s > hdr && isspace(s[-1])))
- return 0;
- if(s[1]=='"')
- return 0;
- }
- if(cistrstr(hdr, "version="))
- return 0;
- return 1;
- }
- /*
- * Parse HTTP response headers, adding cookies to jar.
- * Overwrites the headers. May overwrite path.
- */
- char* parsecookie(Cookie*, char*, char**, int, char*, char*);
- int
- parsehttp(Jar *jar, char *hdr, char *dom, char *path)
- {
- static char setcookie[] = "Set-Cookie:";
- char *e, *p, *nextp;
- Cookie c;
- int isns, n;
- isns = isnetscape(hdr);
- n = 0;
- for(p=hdr; p; p=nextp){
- p = skipspace(p);
- if(*p == '\0')
- break;
- nextp = strchr(p, '\n');
- if(nextp != nil)
- *nextp++ = '\0';
- if(debug)
- fprint(2, "?%s\n", p);
- if(cistrncmp(p, setcookie, strlen(setcookie)) != 0)
- continue;
- if(debug)
- fprint(2, "%s\n", p);
- p = skipspace(p+strlen(setcookie));
- for(; *p; p=skipspace(p)){
- if((e = parsecookie(&c, p, &p, isns, dom, path)) != nil){
- if(debug)
- fprint(2, "parse cookie: %s\n", e);
- break;
- }
- if((e = isbadcookie(&c, dom, path)) != nil){
- if(debug)
- fprint(2, "reject cookie; %s\n", e);
- continue;
- }
- addcookie(jar, &c);
- n++;
- }
- }
- return n;
- }
- static char*
- skipquoted(char *s)
- {
- /*
- * Sec 2.2 of RFC2616 defines a "quoted-string" as:
- *
- * quoted-string = ( <"> *(qdtext | quoted-pair ) <"> )
- * qdtext = <any TEXT except <">>
- * quoted-pair = "\" CHAR
- *
- * TEXT is any octet except CTLs, but including LWS;
- * LWS is [CR LF] 1*(SP | HT);
- * CHARs are ASCII octets 0-127; (NOTE: we reject 0's)
- * CTLs are octets 0-31 and 127;
- */
- if(*s != '"')
- return s;
- for(s++; 32 <= *s && *s < 127 && *s != '"'; s++)
- if(*s == '\\' && *(s+1) != '\0')
- s++;
- return s;
- }
- static char*
- skiptoken(char *s)
- {
- /*
- * Sec 2.2 of RFC2616 defines a "token" as
- * 1*<any CHAR except CTLs or separators>;
- * CHARs are ASCII octets 0-127;
- * CTLs are octets 0-31 and 127;
- * separators are "()<>@,;:\/[]?={}", double-quote, SP (32), and HT (9)
- */
- while(32 <= *s && *s < 127 && strchr("()<>@,;:[]?={}\" \t\\", *s)==nil)
- s++;
- return s;
- }
- static char*
- skipvalue(char *s, int isns)
- {
- char *t;
- /*
- * An RFC2109 value is an HTTP token or an HTTP quoted string.
- * Netscape servers ignore the spec and rely on semicolons, apparently.
- */
- if(isns){
- if((t = strchr(s, ';')) == nil)
- t = s+strlen(s);
- return t;
- }
- if(*s == '"')
- return skipquoted(s);
- return skiptoken(s);
- }
- /*
- * RMID=80b186bb64c03c65fab767f8; expires=Monday, 10-Feb-2003 04:44:39 GMT;
- * path=/; domain=.nytimes.com
- */
- char*
- parsecookie(Cookie *c, char *p, char **e, int isns, char *dom,
- char *path)
- {
- int i, done;
- char *t, *u, *attr, *val;
- memset(c, 0, sizeof *c);
- c->expire = ~0;
- /* NAME=VALUE */
- t = skiptoken(p);
- c->name = p;
- p = skipspace(t);
- if(*p != '='){
- Badname:
- return "malformed cookie: no NAME=VALUE";
- }
- *t = '\0';
- p = skipspace(p+1);
- t = skipvalue(p, isns);
- if(*t)
- *t++ = '\0';
- c->value = p;
- p = skipspace(t);
- if(c->name[0]=='\0' || c->value[0]=='\0')
- goto Badname;
- done = 0;
- for(; *p && !done; p=skipspace(p)){
- attr = p;
- t = skiptoken(p);
- u = skipspace(t);
- switch(*u){
- case '\0':
- *t = '\0';
- p = val = u;
- break;
- case ';':
- *t = '\0';
- val = "";
- p = u+1;
- break;
- case '=':
- *t = '\0';
- val = skipspace(u+1);
- p = skipvalue(val, isns);
- if(*p==',')
- done = 1;
- if(*p)
- *p++ = '\0';
- break;
- case ',':
- if(!isns){
- val = "";
- p = u;
- *p++ = '\0';
- done = 1;
- break;
- }
- default:
- if(debug)
- fprint(2, "syntax: %s\n", p);
- return "syntax error";
- }
- for(i=0; i<nelem(stab); i++)
- if(stab[i].ishttp && cistrcmp(stab[i].s, attr)==0)
- *(char**)((char*)c+stab[i].offset) = val;
- if(cistrcmp(attr, "expires") == 0){
- if(!isns)
- return "non-netscape cookie has Expires tag";
- if(!val[0])
- return "bad expires tag";
- c->expire = strtotime(val);
- if(c->expire == ~0)
- return "cannot parse netscape expires tag";
- }
- if(cistrcmp(attr, "max-age") == 0)
- c->expire = time(0)+atoi(val);
- if(cistrcmp(attr, "secure") == 0)
- c->secure = 1;
- }
- if(c->dom)
- c->explicitdom = 1;
- else
- c->dom = dom;
- if(c->path)
- c->explicitpath = 1;
- else{
- c->path = path;
- if((t = strchr(c->path, '?')) != 0)
- *t = '\0';
- if((t = strrchr(c->path, '/')) != 0)
- *t = '\0';
- }
- c->netscapestyle = isns;
- *e = p;
- return nil;
- }
- Jar *jar;
- enum
- {
- Xhttp = 1,
- Xcookies,
- NeedUrl = 0,
- HaveUrl,
- };
- typedef struct Aux Aux;
- struct Aux
- {
- int state;
- char *dom;
- char *path;
- char *inhttp;
- char *outhttp;
- char *ctext;
- int rdoff;
- };
- enum
- {
- AuxBuf = 4096,
- MaxCtext = 16*1024*1024,
- };
- void
- fsopen(Req *r)
- {
- char *s, *es;
- int i, sz;
- Aux *a;
- switch((uintptr)r->fid->file->aux){
- case Xhttp:
- syncjar(jar);
- a = emalloc9p(sizeof(Aux));
- r->fid->aux = a;
- a->inhttp = emalloc9p(AuxBuf);
- a->outhttp = emalloc9p(AuxBuf);
- break;
- case Xcookies:
- syncjar(jar);
- a = emalloc9p(sizeof(Aux));
- r->fid->aux = a;
- if(r->ifcall.mode&OTRUNC){
- a->ctext = emalloc9p(1);
- a->ctext[0] = '\0';
- }else{
- sz = 256*jar->nc+1024; /* BUG should do better */
- a->ctext = emalloc9p(sz);
- a->ctext[0] = '\0';
- s = a->ctext;
- es = s+sz;
- for(i=0; i<jar->nc; i++)
- s = seprint(s, es, "%K\n", &jar->c[i]);
- }
- break;
- }
- respond(r, nil);
- }
- void
- fsread(Req *r)
- {
- Aux *a;
- a = r->fid->aux;
- switch((uintptr)r->fid->file->aux){
- case Xhttp:
- if(a->state == NeedUrl){
- respond(r, "must write url before read");
- return;
- }
- r->ifcall.offset = a->rdoff;
- readstr(r, a->outhttp);
- a->rdoff += r->ofcall.count;
- respond(r, nil);
- return;
- case Xcookies:
- readstr(r, a->ctext);
- respond(r, nil);
- return;
- default:
- respond(r, "bug in webcookies");
- return;
- }
- }
- void
- fswrite(Req *r)
- {
- Aux *a;
- int i, sz, hlen, issecure;
- char buf[1024], *p;
- Jar *j;
- a = r->fid->aux;
- switch((uintptr)r->fid->file->aux){
- case Xhttp:
- if(a->state == NeedUrl){
- if(r->ifcall.count >= sizeof buf){
- respond(r, "url too long");
- return;
- }
- memmove(buf, r->ifcall.data, r->ifcall.count);
- buf[r->ifcall.count] = '\0';
- issecure = 0;
- if(cistrncmp(buf, "http://", 7) == 0)
- hlen = 7;
- else if(cistrncmp(buf, "https://", 8) == 0){
- hlen = 8;
- issecure = 1;
- }else{
- respond(r, "url must begin http:// or https://");
- return;
- }
- if(buf[hlen]=='/'){
- respond(r, "url without host name");
- return;
- }
- p = strchr(buf+hlen, '/');
- if(p == nil)
- a->path = estrdup9p("/");
- else{
- a->path = estrdup9p(p);
- *p = '\0';
- }
- a->dom = estrdup9p(buf+hlen);
- a->state = HaveUrl;
- j = cookiesearch(jar, a->dom, a->path, issecure);
- if(debug){
- fprint(2, "search %s %s got %p\n", a->dom, a->path, j);
- if(j){
- fprint(2, "%d cookies\n", j->nc);
- for(i=0; i<j->nc; i++)
- fprint(2, "%K\n", &j->c[i]);
- }
- }
- snprint(a->outhttp, AuxBuf, "%J", j);
- if(j)
- closejar(j);
- }else{
- if(strlen(a->inhttp)+r->ifcall.count >= AuxBuf){
- respond(r, "http headers too large");
- return;
- }
- memmove(a->inhttp+strlen(a->inhttp), r->ifcall.data, r->ifcall.count);
- }
- r->ofcall.count = r->ifcall.count;
- respond(r, nil);
- return;
- case Xcookies:
- sz = r->ifcall.count+r->ifcall.offset;
- if(sz > strlen(a->ctext)){
- if(sz >= MaxCtext){
- respond(r, "cookie file too large");
- return;
- }
- a->ctext = erealloc9p(a->ctext, sz+1);
- a->ctext[sz] = '\0';
- }
- memmove(a->ctext+r->ifcall.offset, r->ifcall.data, r->ifcall.count);
- r->ofcall.count = r->ifcall.count;
- respond(r, nil);
- return;
- default:
- respond(r, "bug in webcookies");
- return;
- }
- }
- void
- fsdestroyfid(Fid *fid)
- {
- char *p, *nextp;
- Aux *a;
- int i;
- a = fid->aux;
- if(a == nil)
- return;
- switch((uintptr)fid->file->aux){
- case Xhttp:
- parsehttp(jar, a->inhttp, a->dom, a->path);
- break;
- case Xcookies:
- for(i=0; i<jar->nc; i++)
- jar->c[i].mark = 1;
- for(p=a->ctext; *p; p=nextp){
- if((nextp = strchr(p, '\n')) != nil)
- *nextp++ = '\0';
- else
- nextp = "";
- addtojar(jar, p, 0);
- }
- for(i=0; i<jar->nc; i++)
- if(jar->c[i].mark)
- delcookie(jar, &jar->c[i]);
- break;
- }
- syncjar(jar);
- free(a->dom);
- free(a->path);
- free(a->inhttp);
- free(a->outhttp);
- free(a->ctext);
- free(a);
- }
- void
- fsend(Srv *s)
- {
- closejar(jar);
- }
- Srv fs =
- {
- .open= fsopen,
- .read= fsread,
- .write= fswrite,
- .destroyfid= fsdestroyfid,
- .end= fsend,
- };
- void
- usage(void)
- {
- fprint(2, "usage: webcookies [-f file] [-m mtpt] [-s service]\n");
- exits("usage");
- }
-
- void
- main(int argc, char **argv)
- {
- char *file, *mtpt, *home, *srv;
- file = nil;
- srv = nil;
- mtpt = "/mnt/webcookies";
- ARGBEGIN{
- case 'D':
- chatty9p++;
- break;
- case 'd':
- debug = 1;
- break;
- case 'f':
- file = EARGF(usage());
- break;
- case 's':
- srv = EARGF(usage());
- break;
- case 'm':
- mtpt = EARGF(usage());
- break;
- default:
- usage();
- }ARGEND
- if(argc != 0)
- usage();
- quotefmtinstall();
- fmtinstall('J', jarfmt);
- fmtinstall('K', cookiefmt);
- if(file == nil){
- home = getenv("home");
- if(home == nil)
- sysfatal("no cookie file specified and no $home");
- file = emalloc9p(strlen(home)+30);
- strcpy(file, home);
- strcat(file, "/lib/webcookies");
- }
- if(access(file, AEXIST) < 0)
- close(create(file, OWRITE, 0666));
- jar = readjar(file);
- if(jar == nil)
- sysfatal("readjar: %r");
- fs.tree = alloctree("cookie", "cookie", DMDIR|0555, nil);
- closefile(createfile(fs.tree->root, "http", "cookie", 0666, (void*)Xhttp));
- closefile(createfile(fs.tree->root, "cookies", "cookie", 0666, (void*)Xcookies));
- postmountsrv(&fs, srv, mtpt, MREPL);
- exits(nil);
- }
|