2 * Cookie file system. Allows hget and multiple webfs's to collaborate.
3 * Conventionally mounted on /mnt/webcookies.
17 typedef struct Cookie Cookie;
18 typedef struct Jar Jar;
25 char* dom; /* starts with . */
28 char* comment; /* optional, may be nil */
30 uint expire; /* time of expiration: ~0 means when webcookies dies */
32 int explicitdom; /* dom was explicitly set */
33 int explicitpath; /* path was explicitly set */
59 "domain", offsetof(Cookie, dom), 1,
60 "path", offsetof(Cookie, path), 1,
61 "name", offsetof(Cookie, name), 0,
62 "value", offsetof(Cookie, value), 0,
63 "comment", offsetof(Cookie, comment), 1,
64 "version", offsetof(Cookie, version), 1,
71 "expire", offsetof(Cookie, expire),
72 "secure", offsetof(Cookie, secure),
73 "explicitdomain", offsetof(Cookie, explicitdom),
74 "explicitpath", offsetof(Cookie, explicitpath),
75 "netscapestyle", offsetof(Cookie, netscapestyle),
78 #pragma varargck type "J" Jar*
79 #pragma varargck type "K" Cookie*
88 jar = va_arg(fmt->args, Jar*);
89 if(jar == nil || jar->nc == 0)
90 return fmtstrcpy(fmt, "");
92 fmtprint(fmt, "Cookie: ");
94 fmtprint(fmt, "$Version=%s; ", jar->c[0].version);
95 for(i=0; i<jar->nc; i++)
96 fmtprint(fmt, "%s%s=%s", i ? "; ":"", jar->c[i].name, jar->c[i].value);
97 fmtprint(fmt, "\r\n");
101 /* individual cookie */
109 c = va_arg(fmt->args, Cookie*);
112 for(j=0; j<nelem(stab); j++){
113 t = *(char**)((char*)c+stab[j].offset);
120 fmtprint(fmt, "%s=%q", stab[j].s, t);
122 for(j=0; j<nelem(itab); j++){
123 k = *(int*)((char*)c+itab[j].offset);
130 fmtprint(fmt, "%s=%ud", itab[j].s, k);
139 * - longer paths first, then alpha by path (RFC2109 4.3.4)
142 cookiecmp(Cookie *a, Cookie *b)
146 if((i = strcmp(a->name, b->name)) != 0)
148 if((i = cistrcmp(a->dom, b->dom)) != 0)
150 if((i = strlen(b->path) - strlen(a->path)) != 0)
152 if((i = strcmp(a->path, b->path)) != 0)
158 exactcookiecmp(Cookie *a, Cookie *b)
162 if((i = cookiecmp(a, b)) != 0)
164 if((i = strcmp(a->value, b->value)) != 0)
166 if(a->version || b->version){
171 if((i = strcmp(a->version, b->version)) != 0)
174 if(a->comment || b->comment){
179 if((i = strcmp(a->comment, b->comment)) != 0)
182 if((i = b->expire - a->expire) != 0)
184 if((i = b->secure - a->secure) != 0)
186 if((i = b->explicitdom - a->explicitdom) != 0)
188 if((i = b->explicitpath - a->explicitpath) != 0)
190 if((i = b->netscapestyle - a->netscapestyle) != 0)
197 freecookie(Cookie *c)
201 for(i=0; i<nelem(stab); i++)
202 free(*(char**)((char*)c+stab[i].offset));
206 copycookie(Cookie *c)
211 for(i=0; i<nelem(stab); i++){
212 ps = (char**)((char*)c+stab[i].offset);
214 *ps = estrdup9p(*ps);
219 delcookie(Jar *j, Cookie *c)
225 if(i < 0 || i >= j->nc)
231 addcookie(Jar *j, Cookie *c)
235 if(!c->name || !c->value || !c->path || !c->dom){
236 fprint(2, "not adding incomplete cookie\n");
241 fprint(2, "add %K\n", c);
243 for(i=0; i<j->nc; i++)
244 if(cookiecmp(&j->c[i], c) == 0){
246 fprint(2, "cookie %K matches %K\n", &j->c[i], c);
247 if(exactcookiecmp(&j->c[i], c) == 0){
249 fprint(2, "\texactly\n");
253 delcookie(j, &j->c[i]);
259 j->c = erealloc9p(j->c, j->mc*sizeof(Cookie));
262 copycookie(&j->c[j->nc]);
271 for(i=j->nc-1; i>=0; i--){
274 freecookie(&j->c[i]);
276 j->c[i] = j->c[j->nc];
281 addtojar(Jar *jar, char *line, int ondisk)
285 char *f[20], *attr, *val, **pstr;
287 memset(&c, 0, sizeof c);
290 nf = tokenize(line, f, nelem(f));
293 if((val = strchr(attr, '=')) != nil)
297 /* string attributes */
298 for(j=0; j<nelem(stab); j++){
299 if(strcmp(stab[j].s, attr) == 0){
300 pstr = (char**)((char*)&c+stab[j].offset);
304 /* integer attributes */
305 for(j=0; j<nelem(itab); j++){
306 if(strcmp(itab[j].s, attr) == 0){
307 pint = (int*)((char*)&c+itab[j].offset);
311 *pint = strtoul(val, 0, 0);
315 if(c.name==nil || c.value==nil || c.dom==nil || c.path==nil){
317 fprint(2, "ignoring fractional cookie %K\n", &c);
328 jar = emalloc9p(sizeof(Jar));
333 expirejar(Jar *jar, int exiting)
340 for(i=0; i<jar->nc; i++){
341 if(jar->c[i].expire < now || (exiting && jar->c[i].expire==~0)){
342 delcookie(jar, &jar->c[i]);
352 int i, fd, doread, dowrite;
362 dowrite = jar->dirty;
365 if((d = dirstat(jar->file)) == nil)
368 if(q.path != d->qid.path || q.vers != d->qid.vers){
375 if(!doread && !dowrite)
380 if((fd = create(jar->lockfile, OWRITE, DMEXCL|0600)) < 0){
388 fprint(2, "open %s: %r", jar->lockfile);
389 werrstr("cannot acquire jar lock: %r");
394 for(i=0; i<jar->nc; i++) /* mark is cleared by addcookie */
395 jar->c[i].mark = jar->c[i].ondisk;
397 if((b = Bopen(jar->file, OREAD)) == nil){
399 fprint(2, "Bopen %s: %r", jar->file);
400 werrstr("cannot read cookie file %s: %r", jar->file);
404 for(; (line = Brdstr(b, '\n', 1)) != nil; free(line)){
407 addtojar(jar, line, 1);
411 for(i=0; i<jar->nc; i++)
413 delcookie(jar, &jar->c[i]);
419 i = create(jar->file, OWRITE, 0600);
420 if(i < 0 || (b = Bfdopen(i, OWRITE)) == nil){
422 fprint(2, "Bopen write %s: %r", jar->file);
428 Bprint(b, "# webcookies cookie jar\n");
429 Bprint(b, "# comments and non-standard fields will be lost\n");
430 for(i=0; i<jar->nc; i++){
431 if(jar->c[i].expire == ~0)
433 Bprint(b, "%K\n", &jar->c[i]);
434 jar->c[i].ondisk = 1;
437 if((d = dirfstat(Bfildes(b))) != nil){
461 fprint(2, "warning: cannot rewrite cookie jar: %r\n");
463 for(i=0; i<jar->nc; i++)
464 freecookie(&jar->c[i]);
479 file = estrdup9p(file);
480 lock = emalloc9p(strlen(file)+10);
482 if((p = strrchr(lock, '/')) != nil)
486 memmove(p+2, p, strlen(p)+1);
489 jar->lockfile = lock;
493 if(syncjar(jar) < 0){
502 * Domain name matching is per RFC2109, section 2:
504 * Hosts names can be specified either as an IP address or a FQHN
505 * string. Sometimes we compare one host name with another. Host A's
506 * name domain-matches host B's if
508 * * both host names are IP addresses and their host name strings match
511 * * both host names are FQDN strings and their host name strings match
514 * * A is a FQDN string and has the form NB, where N is a non-empty name
515 * string, B has the form .B', and B' is a FQDN string. (So, x.y.com
516 * domain-matches .y.com but not y.com.)
518 * Note that domain-match is not a commutative operation: a.b.c.com
519 * domain-matches .c.com, but not the reverse.
521 * (This does not verify that IP addresses and FQDN's are well-formed.)
524 isdomainmatch(char *name, char *pattern)
528 if(cistrcmp(name, pattern + (pattern[0]=='.'))==0)
531 if(strcmp(ipattr(name), "dom")==0 && pattern[0]=='.'){
532 lname = strlen(name);
533 lpattern = strlen(pattern);
534 if(lname >= lpattern && cistrcmp(name+lname-lpattern, pattern)==0)
543 * - domain must match
544 * - path in cookie must be a prefix of request path
545 * - cookie must not have expired
548 iscookiematch(Cookie *c, char *dom, char *path, uint now)
550 return isdomainmatch(dom, c->dom)
551 && strncmp(c->path, path, strlen(c->path))==0
556 * Produce a subjar of matching cookies.
557 * Secure cookies are only included if secure is set.
560 cookiesearch(Jar *jar, char *dom, char *path, int issecure)
569 for(i=0; i<jar->nc; i++){
571 if(!c->deleted && (issecure || !c->secure) && iscookiematch(c, dom, path, now))
576 werrstr("no cookies found");
579 qsort(j->c, j->nc, sizeof(j->c[0]), (int(*)(const void*, const void*))cookiecmp);
584 * RFC2109 4.3.2 security checks
587 isbadcookie(Cookie *c, char *dom, char *path)
589 if(strncmp(c->path, path, strlen(c->path)) != 0)
590 return "cookie path is not a prefix of the request path";
592 if(c->explicitdom && c->dom[0] != '.')
593 return "cookie domain doesn't start with dot";
595 if(strlen(c->dom)<=2 || memchr(c->dom+1, '.', strlen(c->dom)-2) == nil)
596 return "cookie domain doesn't have embedded dots";
598 if(!isdomainmatch(dom, c->dom))
599 return "request host does not match cookie domain";
601 if(strcmp(ipattr(dom), "dom")==0 && strlen(dom)>strlen(c->dom)
602 && memchr(dom, '.', strlen(dom)-strlen(c->dom)) != nil)
603 return "request host contains dots before cookie domain";
609 * Sunday, 25-Jan-2002 12:24:36 GMT
610 * Sunday, 25 Jan 2002 12:24:36 GMT
611 * Sun, 25 Jan 02 12:24:36 GMT
616 return year%4==0 && (year%100!=0 || year%400==0);
626 static int mday[2][12] = {
627 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31,
628 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31,
630 static char *wday[] = {
631 "Sunday", "Monday", "Tuesday", "Wednesday",
632 "Thursday", "Friday", "Saturday",
634 static char *mon[] = {
635 "Jan", "Feb", "Mar", "Apr", "May", "Jun",
636 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec",
639 memset(&tm, 0, sizeof(tm));
643 for(i=0; i<nelem(wday); i++){
644 if(cistrncmp(s, wday[i], strlen(wday[i])) == 0){
645 s += strlen(wday[i]);
648 if(cistrncmp(s, wday[i], 3) == 0){
655 fprint(2, "bad wday (%s)\n", os);
658 if(*s++ != ',' || *s++ != ' '){
660 fprint(2, "bad wday separator (%s)\n", os);
665 if(!isdigit(s[0]) || !isdigit(s[1]) || (s[2]!='-' && s[2]!=' ')){
667 fprint(2, "bad day of month (%s)\n", os);
670 tm.mday = strtol(s, 0, 10);
674 for(i=0; i<nelem(mon); i++)
675 if(cistrncmp(s, mon[i], 3) == 0){
682 fprint(2, "bad month (%s)\n", os);
685 if(s[0] != '-' && s[0] != ' '){
687 fprint(2, "bad month separator (%s)\n", os);
693 if(!isdigit(s[0]) || !isdigit(s[1])){
695 fprint(2, "bad year (%s)\n", os);
698 tm.year = strtol(s, 0, 10);
700 if(isdigit(s[0]) && isdigit(s[1]))
708 if(tm.mday==0 || tm.mday > mday[isleap(tm.year)][tm.mon]){
710 fprint(2, "invalid day of month (%s)\n", os);
716 fprint(2, "bad year separator (%s)\n", os);
720 if(!isdigit(s[0]) || !isdigit(s[1]) || s[2]!=':'
721 || !isdigit(s[3]) || !isdigit(s[4]) || s[5]!=':'
722 || !isdigit(s[6]) || !isdigit(s[7]) || s[8]!=' '){
724 fprint(2, "bad time (%s)\n", os);
728 tm.hour = strtol(s, 0, 10);
729 tm.min = strtol(s+3, 0, 10);
730 tm.sec = strtol(s+6, 0, 10);
731 if(tm.hour >= 24 || tm.min >= 60 || tm.sec >= 60){
733 fprint(2, "invalid time (%s)\n", os);
738 if(cistrcmp(s, "GMT") != 0){
740 fprint(2, "time zone not GMT (%s)\n", os);
743 strcpy(tm.zone, "GMT");
749 * skip linear whitespace. we're a bit more lenient than RFC2616 2.2.
754 while(*s=='\r' || *s=='\n' || *s==' ' || *s=='\t')
760 * Try to identify old netscape headers.
762 * - didn't allow spaces around the '='
763 * - used an 'Expires' attribute
764 * - had no 'Version' attribute
766 * - allowed whitespace in values
767 * - apparently separated attr/value pairs with ';' exclusively
770 isnetscape(char *hdr)
774 for(s=hdr; (s=strchr(s, '=')) != nil; s++){
775 if(isspace(s[1]) || (s > hdr && isspace(s[-1])))
780 if(cistrstr(hdr, "version="))
786 * Parse HTTP response headers, adding cookies to jar.
787 * Overwrites the headers. May overwrite path.
789 char* parsecookie(Cookie*, char*, char**, int, char*, char*);
791 parsehttp(Jar *jar, char *hdr, char *dom, char *path)
793 static char setcookie[] = "Set-Cookie:";
798 isns = isnetscape(hdr);
800 for(p=hdr; p; p=nextp){
804 nextp = strchr(p, '\n');
808 fprint(2, "?%s\n", p);
809 if(cistrncmp(p, setcookie, strlen(setcookie)) != 0)
812 fprint(2, "%s\n", p);
813 p = skipspace(p+strlen(setcookie));
814 for(; *p; p=skipspace(p)){
815 if((e = parsecookie(&c, p, &p, isns, dom, path)) != nil){
817 fprint(2, "parse cookie: %s\n", e);
820 if((e = isbadcookie(&c, dom, path)) != nil){
822 fprint(2, "reject cookie; %s\n", e);
836 * Sec 2.2 of RFC2616 defines a "quoted-string" as:
838 * quoted-string = ( <"> *(qdtext | quoted-pair ) <"> )
839 * qdtext = <any TEXT except <">>
840 * quoted-pair = "\" CHAR
842 * TEXT is any octet except CTLs, but including LWS;
843 * LWS is [CR LF] 1*(SP | HT);
844 * CHARs are ASCII octets 0-127; (NOTE: we reject 0's)
845 * CTLs are octets 0-31 and 127;
850 for(s++; 32 <= *s && *s < 127 && *s != '"'; s++)
851 if(*s == '\\' && *(s+1) != '\0')
860 * Sec 2.2 of RFC2616 defines a "token" as
861 * 1*<any CHAR except CTLs or separators>;
862 * CHARs are ASCII octets 0-127;
863 * CTLs are octets 0-31 and 127;
864 * separators are "()<>@,;:\/[]?={}", double-quote, SP (32), and HT (9)
866 while(32 <= *s && *s < 127 && strchr("()<>@,;:[]?={}\" \t\\", *s)==nil)
873 skipvalue(char *s, int isns)
878 * An RFC2109 value is an HTTP token or an HTTP quoted string.
879 * Netscape servers ignore the spec and rely on semicolons, apparently.
882 if((t = strchr(s, ';')) == nil)
887 return skipquoted(s);
892 * RMID=80b186bb64c03c65fab767f8; expires=Monday, 10-Feb-2003 04:44:39 GMT;
893 * path=/; domain=.nytimes.com
896 parsecookie(Cookie *c, char *p, char **e, int isns, char *dom, char *path)
899 char *t, *u, *attr, *val;
901 memset(c, 0, sizeof *c);
910 return "malformed cookie: no NAME=VALUE";
914 t = skipvalue(p, isns);
919 if(c->name[0]=='\0' || c->value[0]=='\0')
923 for(; *p && !done; p=skipspace(p)){
939 val = skipspace(u+1);
940 p = skipvalue(val, isns);
956 fprint(2, "syntax: %s\n", p);
957 return "syntax error";
959 for(i=0; i<nelem(stab); i++)
960 if(stab[i].ishttp && cistrcmp(stab[i].s, attr)==0)
961 *(char**)((char*)c+stab[i].offset) = val;
962 if(cistrcmp(attr, "expires") == 0){
964 return "non-netscape cookie has Expires tag";
966 return "bad expires tag";
967 c->expire = strtotime(val);
969 return "cannot parse netscape expires tag";
971 if(cistrcmp(attr, "max-age") == 0)
972 c->expire = time(0)+atoi(val);
973 if(cistrcmp(attr, "secure") == 0)
979 /* add leading dot for explicit domain */
980 if(c->dom[0] != '.' && strcmp(ipattr(c->dom), "dom") == 0){
981 static char ddom[1024];
984 ddom[sizeof(ddom)-1] = '\0';
985 strncpy(ddom+1, c->dom, sizeof(ddom)-2);
994 static char dpath[1024];
996 /* implicit path is "directory" of request-uri's path component */
997 dpath[sizeof(dpath)-1] = '\0';
998 strncpy(dpath, path, sizeof(dpath)-1);
999 if((t = strrchr(dpath, '/')) != nil)
1003 c->netscapestyle = isns;
1019 typedef struct Aux Aux;
1033 MaxCtext = 16*1024*1024,
1043 switch((uintptr)r->fid->file->aux){
1046 a = emalloc9p(sizeof(Aux));
1048 a->inhttp = emalloc9p(AuxBuf);
1049 a->outhttp = emalloc9p(AuxBuf);
1054 a = emalloc9p(sizeof(Aux));
1056 if(r->ifcall.mode&OTRUNC){
1057 a->ctext = emalloc9p(1);
1060 sz = 256*jar->nc+1024; /* BUG should do better */
1061 a->ctext = emalloc9p(sz);
1065 for(i=0; i<jar->nc; i++)
1066 s = seprint(s, es, "%K\n", &jar->c[i]);
1079 switch((uintptr)r->fid->file->aux){
1081 if(a->state == NeedUrl){
1082 respond(r, "must write url before read");
1085 r->ifcall.offset = a->rdoff;
1086 readstr(r, a->outhttp);
1087 a->rdoff += r->ofcall.count;
1092 readstr(r, a->ctext);
1097 respond(r, "bug in webcookies");
1106 int i, sz, hlen, issecure;
1111 switch((uintptr)r->fid->file->aux){
1113 if(a->state == NeedUrl){
1114 if(r->ifcall.count >= sizeof buf){
1115 respond(r, "url too long");
1118 memmove(buf, r->ifcall.data, r->ifcall.count);
1119 buf[r->ifcall.count] = '\0';
1121 if(cistrncmp(buf, "http://", 7) == 0)
1123 else if(cistrncmp(buf, "https://", 8) == 0){
1127 respond(r, "url must begin http:// or https://");
1131 respond(r, "url without host name");
1134 p = strchr(buf+hlen, '/');
1136 a->path = estrdup9p("/");
1138 a->path = estrdup9p(p);
1141 if((p = strchr(a->path, '#')) != nil)
1143 if((p = strchr(a->path, '?')) != nil)
1146 a->dom = estrdup9p(buf+hlen);
1148 j = cookiesearch(jar, a->dom, a->path, issecure);
1150 fprint(2, "search %s %s got %p\n", a->dom, a->path, j);
1152 fprint(2, "%d cookies\n", j->nc);
1153 for(i=0; i<j->nc; i++)
1154 fprint(2, "%K\n", &j->c[i]);
1157 snprint(a->outhttp, AuxBuf, "%J", j);
1160 if(strlen(a->inhttp)+r->ifcall.count >= AuxBuf){
1161 respond(r, "http headers too large");
1164 memmove(a->inhttp+strlen(a->inhttp), r->ifcall.data, r->ifcall.count);
1166 r->ofcall.count = r->ifcall.count;
1171 sz = r->ifcall.count+r->ifcall.offset;
1172 if(sz > strlen(a->ctext)){
1174 respond(r, "cookie file too large");
1177 a->ctext = erealloc9p(a->ctext, sz+1);
1178 a->ctext[sz] = '\0';
1180 memmove(a->ctext+r->ifcall.offset, r->ifcall.data, r->ifcall.count);
1181 r->ofcall.count = r->ifcall.count;
1186 respond(r, "bug in webcookies");
1192 fsdestroyfid(Fid *fid)
1201 switch((uintptr)fid->file->aux){
1203 parsehttp(jar, a->inhttp, a->dom, a->path);
1206 for(i=0; i<jar->nc; i++)
1208 for(p=a->ctext; *p; p=nextp){
1209 if((nextp = strchr(p, '\n')) != nil)
1213 addtojar(jar, p, 0);
1215 for(i=0; i<jar->nc; i++)
1217 delcookie(jar, &jar->c[i]);
1241 .destroyfid= fsdestroyfid,
1248 fprint(2, "usage: webcookies [-f file] [-m mtpt] [-s service]\n");
1253 main(int argc, char **argv)
1255 char *file, *mtpt, *home, *srv;
1259 mtpt = "/mnt/webcookies";
1268 file = EARGF(usage());
1271 srv = EARGF(usage());
1274 mtpt = EARGF(usage());
1284 fmtinstall('J', jarfmt);
1285 fmtinstall('K', cookiefmt);
1288 home = getenv("home");
1290 sysfatal("no cookie file specified and no $home");
1291 file = emalloc9p(strlen(home)+30);
1293 strcat(file, "/lib/webcookies");
1296 jar = readjar(file);
1298 sysfatal("readjar: %r");
1300 fs.tree = alloctree("cookie", "cookie", DMDIR|0555, nil);
1301 closefile(createfile(fs.tree->root, "http", "cookie", 0666, (void*)Xhttp));
1302 closefile(createfile(fs.tree->root, "cookies", "cookie", 0666, (void*)Xcookies));
1304 postmountsrv(&fs, srv, mtpt, MREPL);