1#include "base.h"
2#include "log.h"
3#include "buffer.h"
4
5#include "plugin.h"
6
7#include <ctype.h>
8#include <stdlib.h>
9#include <string.h>
10
11#include "md5.h"
12
13/* plugin config for all request/connections */
14
15typedef struct {
16	buffer *cookie_name;
17	buffer *cookie_domain;
18	unsigned int cookie_max_age;
19} plugin_config;
20
21typedef struct {
22	PLUGIN_DATA;
23
24	plugin_config **config_storage;
25
26	plugin_config conf;
27} plugin_data;
28
29/* init the plugin data */
30INIT_FUNC(mod_usertrack_init) {
31	plugin_data *p;
32
33	p = calloc(1, sizeof(*p));
34
35	return p;
36}
37
38/* detroy the plugin data */
39FREE_FUNC(mod_usertrack_free) {
40	plugin_data *p = p_d;
41
42	UNUSED(srv);
43
44	if (!p) return HANDLER_GO_ON;
45
46	if (p->config_storage) {
47		size_t i;
48		for (i = 0; i < srv->config_context->used; i++) {
49			plugin_config *s = p->config_storage[i];
50
51			if (NULL == s) continue;
52
53			buffer_free(s->cookie_name);
54			buffer_free(s->cookie_domain);
55
56			free(s);
57		}
58		free(p->config_storage);
59	}
60
61	free(p);
62
63	return HANDLER_GO_ON;
64}
65
66/* handle plugin config and check values */
67
68SETDEFAULTS_FUNC(mod_usertrack_set_defaults) {
69	plugin_data *p = p_d;
70	size_t i = 0;
71
72	config_values_t cv[] = {
73		{ "usertrack.cookie-name",       NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },       /* 0 */
74		{ "usertrack.cookie-max-age",    NULL, T_CONFIG_INT, T_CONFIG_SCOPE_CONNECTION },          /* 1 */
75		{ "usertrack.cookie-domain",     NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },       /* 2 */
76
77		{ "usertrack.cookiename",        NULL, T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_CONNECTION },
78		{ NULL,                          NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
79	};
80
81	if (!p) return HANDLER_ERROR;
82
83	p->config_storage = calloc(1, srv->config_context->used * sizeof(plugin_config *));
84
85	for (i = 0; i < srv->config_context->used; i++) {
86		data_config const* config = (data_config const*)srv->config_context->data[i];
87		plugin_config *s;
88
89		s = calloc(1, sizeof(plugin_config));
90		s->cookie_name    = buffer_init();
91		s->cookie_domain  = buffer_init();
92		s->cookie_max_age = 0;
93
94		cv[0].destination = s->cookie_name;
95		cv[1].destination = &(s->cookie_max_age);
96		cv[2].destination = s->cookie_domain;
97
98		p->config_storage[i] = s;
99
100		if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) {
101			return HANDLER_ERROR;
102		}
103
104		if (buffer_string_is_empty(s->cookie_name)) {
105			buffer_copy_string_len(s->cookie_name, CONST_STR_LEN("TRACKID"));
106		} else {
107			size_t j, len = buffer_string_length(s->cookie_name);
108			for (j = 0; j < len; j++) {
109				char c = s->cookie_name->ptr[j] | 32;
110				if (c < 'a' || c > 'z') {
111					log_error_write(srv, __FILE__, __LINE__, "sb",
112							"invalid character in usertrack.cookie-name:",
113							s->cookie_name);
114
115					return HANDLER_ERROR;
116				}
117			}
118		}
119
120		if (!buffer_string_is_empty(s->cookie_domain)) {
121			size_t j, len = buffer_string_length(s->cookie_domain);
122			for (j = 0; j < len; j++) {
123				char c = s->cookie_domain->ptr[j];
124				if (c <= 32 || c >= 127 || c == '"' || c == '\\') {
125					log_error_write(srv, __FILE__, __LINE__, "sb",
126							"invalid character in usertrack.cookie-domain:",
127							s->cookie_domain);
128
129					return HANDLER_ERROR;
130				}
131			}
132		}
133	}
134
135	return HANDLER_GO_ON;
136}
137
138#define PATCH(x) \
139	p->conf.x = s->x;
140static int mod_usertrack_patch_connection(server *srv, connection *con, plugin_data *p) {
141	size_t i, j;
142	plugin_config *s = p->config_storage[0];
143
144	PATCH(cookie_name);
145	PATCH(cookie_domain);
146	PATCH(cookie_max_age);
147
148	/* skip the first, the global context */
149	for (i = 1; i < srv->config_context->used; i++) {
150		data_config *dc = (data_config *)srv->config_context->data[i];
151		s = p->config_storage[i];
152
153		/* condition didn't match */
154		if (!config_check_cond(srv, con, dc)) continue;
155
156		/* merge config */
157		for (j = 0; j < dc->value->used; j++) {
158			data_unset *du = dc->value->data[j];
159
160			if (buffer_is_equal_string(du->key, CONST_STR_LEN("usertrack.cookie-name"))) {
161				PATCH(cookie_name);
162			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("usertrack.cookie-max-age"))) {
163				PATCH(cookie_max_age);
164			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("usertrack.cookie-domain"))) {
165				PATCH(cookie_domain);
166			}
167		}
168	}
169
170	return 0;
171}
172#undef PATCH
173
174URIHANDLER_FUNC(mod_usertrack_uri_handler) {
175	plugin_data *p = p_d;
176	data_string *ds;
177	unsigned char h[16];
178	li_MD5_CTX Md5Ctx;
179	char hh[LI_ITOSTRING_LENGTH];
180
181	if (buffer_is_empty(con->uri.path)) return HANDLER_GO_ON;
182
183	mod_usertrack_patch_connection(srv, con, p);
184
185	if (NULL != (ds = (data_string *)array_get_element(con->request.headers, "Cookie"))) {
186		char *g;
187		/* we have a cookie, does it contain a valid name ? */
188
189		/* parse the cookie
190		 *
191		 * check for cookiename + (WS | '=')
192		 *
193		 */
194
195		if (NULL != (g = strstr(ds->value->ptr, p->conf.cookie_name->ptr))) {
196			char *nc;
197
198			/* skip WS */
199			for (nc = g + buffer_string_length(p->conf.cookie_name); *nc == ' ' || *nc == '\t'; nc++);
200
201			if (*nc == '=') {
202				/* ok, found the key of our own cookie */
203
204				if (strlen(nc) > 32) {
205					/* i'm lazy */
206					return HANDLER_GO_ON;
207				}
208			}
209		}
210	}
211
212	/* set a cookie */
213	if (NULL == (ds = (data_string *)array_get_unused_element(con->response.headers, TYPE_STRING))) {
214		ds = data_response_init();
215	}
216	buffer_copy_string_len(ds->key, CONST_STR_LEN("Set-Cookie"));
217	buffer_copy_buffer(ds->value, p->conf.cookie_name);
218	buffer_append_string_len(ds->value, CONST_STR_LEN("="));
219
220
221	/* taken from mod_auth.c */
222
223	/* generate shared-secret */
224	li_MD5_Init(&Md5Ctx);
225	li_MD5_Update(&Md5Ctx, CONST_BUF_LEN(con->uri.path));
226	li_MD5_Update(&Md5Ctx, CONST_STR_LEN("+"));
227
228	/* we assume sizeof(time_t) == 4 here, but if not it ain't a problem at all */
229	li_itostr(hh, srv->cur_ts);
230	li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
231	li_MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
232	li_itostr(hh, rand());
233	li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
234
235	li_MD5_Final(h, &Md5Ctx);
236
237	buffer_append_string_encoded(ds->value, (char *)h, 16, ENCODING_HEX);
238	buffer_append_string_len(ds->value, CONST_STR_LEN("; Path=/"));
239	buffer_append_string_len(ds->value, CONST_STR_LEN("; Version=1"));
240
241	if (!buffer_string_is_empty(p->conf.cookie_domain)) {
242		buffer_append_string_len(ds->value, CONST_STR_LEN("; Domain="));
243		buffer_append_string_encoded(ds->value, CONST_BUF_LEN(p->conf.cookie_domain), ENCODING_REL_URI);
244	}
245
246	if (p->conf.cookie_max_age) {
247		buffer_append_string_len(ds->value, CONST_STR_LEN("; max-age="));
248		buffer_append_int(ds->value, p->conf.cookie_max_age);
249	}
250
251	array_insert_unique(con->response.headers, (data_unset *)ds);
252
253	return HANDLER_GO_ON;
254}
255
256/* this function is called at dlopen() time and inits the callbacks */
257
258int mod_usertrack_plugin_init(plugin *p);
259int mod_usertrack_plugin_init(plugin *p) {
260	p->version     = LIGHTTPD_VERSION_ID;
261	p->name        = buffer_init_string("usertrack");
262
263	p->init        = mod_usertrack_init;
264	p->handle_uri_clean  = mod_usertrack_uri_handler;
265	p->set_defaults  = mod_usertrack_set_defaults;
266	p->cleanup     = mod_usertrack_free;
267
268	p->data        = NULL;
269
270	return 0;
271}
272