2005-09-15 09:58:31 -04:00
|
|
|
/* Internal cookies implementation */
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
#include "config.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <sys/stat.h> /* OS/2 needs this after sys/types.h */
|
|
|
|
#include <time.h>
|
|
|
|
|
|
|
|
#include "elinks.h"
|
|
|
|
|
|
|
|
#if 0
|
|
|
|
#define DEBUG_COOKIES
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#include "bfu/dialog.h"
|
|
|
|
#include "cookies/cookies.h"
|
|
|
|
#include "cookies/dialogs.h"
|
2020-05-10 09:52:33 -04:00
|
|
|
#include "cookies/path.h"
|
2005-09-15 09:58:31 -04:00
|
|
|
#include "cookies/parser.h"
|
|
|
|
#include "config/home.h"
|
|
|
|
#include "config/kbdbind.h"
|
|
|
|
#include "config/options.h"
|
2021-08-08 15:25:08 -04:00
|
|
|
#include "intl/libintl.h"
|
2005-09-15 09:58:31 -04:00
|
|
|
#include "main/module.h"
|
|
|
|
#include "main/object.h"
|
2006-12-09 09:24:24 -05:00
|
|
|
#include "main/select.h"
|
2005-09-15 09:58:31 -04:00
|
|
|
#include "protocol/date.h"
|
|
|
|
#include "protocol/header.h"
|
|
|
|
#include "protocol/protocol.h"
|
|
|
|
#include "protocol/uri.h"
|
|
|
|
#include "session/session.h"
|
|
|
|
#include "terminal/terminal.h"
|
|
|
|
#include "util/conv.h"
|
|
|
|
#ifdef DEBUG_COOKIES
|
|
|
|
#include "util/error.h"
|
|
|
|
#endif
|
|
|
|
#include "util/file.h"
|
|
|
|
#include "util/memory.h"
|
|
|
|
#include "util/secsave.h"
|
|
|
|
#include "util/string.h"
|
|
|
|
#include "util/time.h"
|
|
|
|
|
|
|
|
#define COOKIES_FILENAME "cookies"
|
|
|
|
|
|
|
|
|
|
|
|
static int cookies_nosave = 0;
|
|
|
|
|
2007-07-26 15:39:08 -04:00
|
|
|
static INIT_LIST_OF(struct cookie, cookies);
|
2005-09-15 09:58:31 -04:00
|
|
|
|
|
|
|
struct c_domain {
|
|
|
|
LIST_HEAD(struct c_domain);
|
|
|
|
|
2021-01-02 10:20:27 -05:00
|
|
|
char domain[1]; /* Must be at end of struct. */
|
2005-09-15 09:58:31 -04:00
|
|
|
};
|
|
|
|
|
2006-12-09 07:31:58 -05:00
|
|
|
/* List of domains for which there may be cookies. This supposedly
|
|
|
|
* speeds up @send_cookies for other domains. Each element is a
|
|
|
|
* struct c_domain. No other data structures have pointers to these
|
|
|
|
* objects. Currently the domains remain in the list until
|
|
|
|
* @done_cookies clears the whole list. */
|
2007-07-26 15:39:08 -04:00
|
|
|
static INIT_LIST_OF(struct c_domain, c_domains);
|
2005-09-15 09:58:31 -04:00
|
|
|
|
2007-07-26 15:39:08 -04:00
|
|
|
/* List of servers for which there are cookies. */
|
|
|
|
static INIT_LIST_OF(struct cookie_server, cookie_servers);
|
2005-09-15 09:58:31 -04:00
|
|
|
|
2006-12-09 09:24:24 -05:00
|
|
|
/* Only @set_cookies_dirty may make this nonzero. */
|
2005-09-15 09:58:31 -04:00
|
|
|
static int cookies_dirty = 0;
|
|
|
|
|
|
|
|
enum cookies_option {
|
|
|
|
COOKIES_TREE,
|
|
|
|
|
|
|
|
COOKIES_ACCEPT_POLICY,
|
|
|
|
COOKIES_MAX_AGE,
|
|
|
|
COOKIES_PARANOID_SECURITY,
|
|
|
|
COOKIES_SAVE,
|
|
|
|
COOKIES_RESAVE,
|
|
|
|
|
|
|
|
COOKIES_OPTIONS,
|
|
|
|
};
|
|
|
|
|
bug 764: Initialize the right member of union option_value
INIT_OPTION used to initialize union option_value at compile time by
casting the default value to LIST_OF(struct option) *, which is the
type of the first member. On sparc64 and other big-endian systems
where sizeof(int) < sizeof(struct list_head *), this tended to leave
option->value.number as zero, thus messing up OPT_INT and OPT_BOOL
at least. OPT_LONG however tended to work right.
This would be easy to fix with C99 designated initializers,
but doc/hacking.txt says ELinks must be kept C89 compatible.
Another solution would be to make register_options() read the
value from option->value.tree (the first member), cast it back
to the right type, and write it to the appropriate member;
but that would still require somewhat dubious conversions
between integers, data pointers, and function pointers.
So here's a rather more invasive solution. Add struct option_init,
which is somewhat similar to struct option but has non-overlapping
members for different types of values, to ensure nothing is lost
in compile-time conversions. Move unsigned char *path from struct
option_info to struct option_init, and replace struct option_info
with a union that contains struct option_init and struct option.
Now, this union can be initialized with no portability problems,
and register_options() then moves the values from struct option_init
to their final places in struct option.
In my x86 ELinks build with plenty of options configured in, this
change bloated the text section by 340 bytes but compressed the data
section by 2784 bytes, presumably because union option_info is a
pointer smaller than struct option_info was.
(cherry picked from elinks-0.12 commit e5f6592ee20780a61f70feeb1f9e17631b9c5835)
Conflicts:
src/protocol/fsp/fsp.c: All options had been removed in 0.13.GIT.
src/protocol/smb/smb2.c: Ditto.
2009-08-15 15:39:07 -04:00
|
|
|
static union option_info cookies_options[] = {
|
2022-03-02 12:30:25 -05:00
|
|
|
INIT_OPT_TREE("", N_("Cookies"),
|
|
|
|
"cookies", OPT_ZERO,
|
2005-09-15 09:58:31 -04:00
|
|
|
N_("Cookies options.")),
|
|
|
|
|
2022-03-02 12:30:25 -05:00
|
|
|
INIT_OPT_INT("cookies", N_("Accept policy"),
|
|
|
|
"accept_policy", OPT_ZERO,
|
2005-09-15 09:58:31 -04:00
|
|
|
COOKIES_ACCEPT_NONE, COOKIES_ACCEPT_ALL, COOKIES_ACCEPT_ALL,
|
|
|
|
N_("Cookies accepting policy:\n"
|
|
|
|
"0 is accept no cookies\n"
|
|
|
|
"1 is ask for confirmation before accepting cookie\n"
|
|
|
|
"2 is accept all cookies")),
|
|
|
|
|
2022-03-02 12:30:25 -05:00
|
|
|
INIT_OPT_INT("cookies", N_("Maximum age"),
|
|
|
|
"max_age", OPT_ZERO, -1, 10000, -1,
|
2005-09-15 09:58:31 -04:00
|
|
|
N_("Cookie maximum age (in days):\n"
|
|
|
|
"-1 is use cookie's expiration date if any\n"
|
Rewrap lines in option documentation.
Documentation strings of most options used to contain a "\n" at the
end of each source line. When the option manager displayed these
strings, it treated each "\n" as a hard newline. On 80x24 terminals
however, the option description window has only 60 columes available
for the text (with the default setup.h), and the hard newlines were
further apart, so the option manager wrapped the text a second time,
resulting in rather ugly output where long lones are interleaved with
short ones. This could also cause the text to take up too much
vertical space and not fit in the window.
Replace most of those hard newlines with spaces so that the option
manager (or perhaps BFU) will take care of the wrapping. At the same
time, rewrap the strings in source code so that the source lines are
at most 79 columns wide.
In some options though, there is a list of possible values and their
meanings. In those lists, if the description of one value does not
fit in one line, then continuation lines should be indented. The
option manager and BFU are not currently able to do that. So, keep
the hard newlines in those lists, but rewrap them to 60 columns so
that they are less likely to require further wrapping at runtime.
2009-03-07 13:48:38 -05:00
|
|
|
"0 is force expiration at the end of session, ignoring\n"
|
|
|
|
" cookie's expiration date\n"
|
|
|
|
"1+ is use cookie's expiration date, but limit age to the\n"
|
|
|
|
" given number of days")),
|
2005-09-15 09:58:31 -04:00
|
|
|
|
2022-03-02 12:30:25 -05:00
|
|
|
INIT_OPT_BOOL("cookies", N_("Paranoid security"),
|
|
|
|
"paranoid_security", OPT_ZERO, 0,
|
Rewrap lines in option documentation.
Documentation strings of most options used to contain a "\n" at the
end of each source line. When the option manager displayed these
strings, it treated each "\n" as a hard newline. On 80x24 terminals
however, the option description window has only 60 columes available
for the text (with the default setup.h), and the hard newlines were
further apart, so the option manager wrapped the text a second time,
resulting in rather ugly output where long lones are interleaved with
short ones. This could also cause the text to take up too much
vertical space and not fit in the window.
Replace most of those hard newlines with spaces so that the option
manager (or perhaps BFU) will take care of the wrapping. At the same
time, rewrap the strings in source code so that the source lines are
at most 79 columns wide.
In some options though, there is a list of possible values and their
meanings. In those lists, if the description of one value does not
fit in one line, then continuation lines should be indented. The
option manager and BFU are not currently able to do that. So, keep
the hard newlines in those lists, but rewrap them to 60 columns so
that they are less likely to require further wrapping at runtime.
2009-03-07 13:48:38 -05:00
|
|
|
N_("When enabled, we'll require three dots in cookies domain "
|
|
|
|
"for all non-international domains (instead of just two "
|
|
|
|
"dots). Some countries have generic second level domains "
|
|
|
|
"(eg. .com.pl, .co.uk) and allowing sites to set cookies "
|
|
|
|
"for these generic domains could potentially be very bad. "
|
|
|
|
"Note, it is off by default as it breaks a lot of sites.")),
|
2005-09-15 09:58:31 -04:00
|
|
|
|
2022-03-02 12:30:25 -05:00
|
|
|
INIT_OPT_BOOL("cookies", N_("Saving"),
|
|
|
|
"save", OPT_ZERO, 1,
|
Rewrap lines in option documentation.
Documentation strings of most options used to contain a "\n" at the
end of each source line. When the option manager displayed these
strings, it treated each "\n" as a hard newline. On 80x24 terminals
however, the option description window has only 60 columes available
for the text (with the default setup.h), and the hard newlines were
further apart, so the option manager wrapped the text a second time,
resulting in rather ugly output where long lones are interleaved with
short ones. This could also cause the text to take up too much
vertical space and not fit in the window.
Replace most of those hard newlines with spaces so that the option
manager (or perhaps BFU) will take care of the wrapping. At the same
time, rewrap the strings in source code so that the source lines are
at most 79 columns wide.
In some options though, there is a list of possible values and their
meanings. In those lists, if the description of one value does not
fit in one line, then continuation lines should be indented. The
option manager and BFU are not currently able to do that. So, keep
the hard newlines in those lists, but rewrap them to 60 columns so
that they are less likely to require further wrapping at runtime.
2009-03-07 13:48:38 -05:00
|
|
|
N_("Whether cookies should be loaded from and saved to "
|
|
|
|
"disk.")),
|
2005-09-15 09:58:31 -04:00
|
|
|
|
2022-03-02 12:30:25 -05:00
|
|
|
INIT_OPT_BOOL("cookies", N_("Resaving"),
|
|
|
|
"resave", OPT_ZERO, 1,
|
Rewrap lines in option documentation.
Documentation strings of most options used to contain a "\n" at the
end of each source line. When the option manager displayed these
strings, it treated each "\n" as a hard newline. On 80x24 terminals
however, the option description window has only 60 columes available
for the text (with the default setup.h), and the hard newlines were
further apart, so the option manager wrapped the text a second time,
resulting in rather ugly output where long lones are interleaved with
short ones. This could also cause the text to take up too much
vertical space and not fit in the window.
Replace most of those hard newlines with spaces so that the option
manager (or perhaps BFU) will take care of the wrapping. At the same
time, rewrap the strings in source code so that the source lines are
at most 79 columns wide.
In some options though, there is a list of possible values and their
meanings. In those lists, if the description of one value does not
fit in one line, then continuation lines should be indented. The
option manager and BFU are not currently able to do that. So, keep
the hard newlines in those lists, but rewrap them to 60 columns so
that they are less likely to require further wrapping at runtime.
2009-03-07 13:48:38 -05:00
|
|
|
N_("Save cookies after each change in cookies list? "
|
|
|
|
"No effect when cookie saving (cookies.save) is off.")),
|
2005-09-15 09:58:31 -04:00
|
|
|
|
|
|
|
NULL_OPTION_INFO,
|
|
|
|
};
|
|
|
|
|
|
|
|
#define get_opt_cookies(which) cookies_options[(which)].option.value
|
|
|
|
#define get_cookies_accept_policy() get_opt_cookies(COOKIES_ACCEPT_POLICY).number
|
|
|
|
#define get_cookies_max_age() get_opt_cookies(COOKIES_MAX_AGE).number
|
|
|
|
#define get_cookies_paranoid_security() get_opt_cookies(COOKIES_PARANOID_SECURITY).number
|
|
|
|
#define get_cookies_save() get_opt_cookies(COOKIES_SAVE).number
|
|
|
|
#define get_cookies_resave() get_opt_cookies(COOKIES_RESAVE).number
|
|
|
|
|
2006-05-27 17:56:42 -04:00
|
|
|
struct cookie_server *
|
2021-01-02 10:20:27 -05:00
|
|
|
get_cookie_server(char *host, int hostlen)
|
2005-09-15 09:58:31 -04:00
|
|
|
{
|
|
|
|
struct cookie_server *sort_spot = NULL;
|
|
|
|
struct cookie_server *cs;
|
|
|
|
|
|
|
|
foreach (cs, cookie_servers) {
|
|
|
|
/* XXX: We must count with cases like "x.co" vs "x.co.uk"
|
|
|
|
* below! */
|
|
|
|
int cslen = strlen(cs->host);
|
2008-10-18 21:25:00 -04:00
|
|
|
int cmp = c_strncasecmp(cs->host, host, hostlen);
|
2005-09-15 09:58:31 -04:00
|
|
|
|
|
|
|
if (!sort_spot && (cmp > 0 || (cmp == 0 && cslen > hostlen))) {
|
|
|
|
/* This is the first @cs with name greater than @host,
|
|
|
|
* our dream sort spot! */
|
|
|
|
sort_spot = cs->prev;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (cmp || cslen != hostlen)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
object_lock(cs);
|
|
|
|
return cs;
|
|
|
|
}
|
|
|
|
|
2022-01-16 15:08:50 -05:00
|
|
|
cs = (struct cookie_server *)mem_calloc(1, sizeof(*cs) + hostlen);
|
2005-09-15 09:58:31 -04:00
|
|
|
if (!cs) return NULL;
|
|
|
|
|
|
|
|
memcpy(cs->host, host, hostlen);
|
|
|
|
object_nolock(cs, "cookie_server");
|
|
|
|
|
|
|
|
cs->box_item = add_listbox_folder(&cookie_browser, NULL, cs);
|
|
|
|
|
|
|
|
object_lock(cs);
|
|
|
|
|
|
|
|
if (!sort_spot) {
|
|
|
|
/* No sort spot found, therefore this sorts at the end. */
|
|
|
|
add_to_list_end(cookie_servers, cs);
|
|
|
|
del_from_list(cs->box_item);
|
|
|
|
add_to_list_end(cookie_browser.root.child, cs->box_item);
|
|
|
|
} else {
|
|
|
|
/* Sort spot found, sort after it. */
|
|
|
|
add_at_pos(sort_spot, cs);
|
|
|
|
if (sort_spot != (struct cookie_server *) &cookie_servers) {
|
|
|
|
del_from_list(cs->box_item);
|
|
|
|
add_at_pos(sort_spot->box_item, cs->box_item);
|
|
|
|
} /* else we are already at the top anyway. */
|
|
|
|
}
|
|
|
|
|
|
|
|
return cs;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
done_cookie_server(struct cookie_server *cs)
|
|
|
|
{
|
|
|
|
object_unlock(cs);
|
|
|
|
if (is_object_used(cs)) return;
|
|
|
|
|
|
|
|
if (cs->box_item) done_listbox_item(&cookie_browser, cs->box_item);
|
|
|
|
del_from_list(cs);
|
|
|
|
mem_free(cs);
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
done_cookie(struct cookie *c)
|
|
|
|
{
|
|
|
|
if (c->box_item) done_listbox_item(&cookie_browser, c->box_item);
|
|
|
|
if (c->server) done_cookie_server(c->server);
|
|
|
|
mem_free_if(c->name);
|
|
|
|
mem_free_if(c->value);
|
|
|
|
mem_free_if(c->path);
|
|
|
|
mem_free_if(c->domain);
|
|
|
|
mem_free(c);
|
|
|
|
}
|
|
|
|
|
2006-12-09 08:03:08 -05:00
|
|
|
/* The cookie @c can be either in @cookies or in @cookie_queries.
|
|
|
|
* Because changes in @cookie_queries should not affect the cookie
|
|
|
|
* file, this function does not set @cookies_dirty. Instead, the
|
|
|
|
* caller must do that if appropriate. */
|
2005-09-15 09:58:31 -04:00
|
|
|
void
|
|
|
|
delete_cookie(struct cookie *c)
|
|
|
|
{
|
|
|
|
del_from_list(c);
|
|
|
|
done_cookie(c);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Check whether cookie's domain matches server.
|
|
|
|
* It returns 1 if ok, 0 else. */
|
|
|
|
static int
|
2021-01-02 10:20:27 -05:00
|
|
|
is_domain_security_ok(char *domain, char *server, int server_len)
|
2005-09-15 09:58:31 -04:00
|
|
|
{
|
|
|
|
int i;
|
|
|
|
int domain_len;
|
|
|
|
int need_dots;
|
|
|
|
|
|
|
|
if (domain[0] == '.') domain++;
|
|
|
|
domain_len = strlen(domain);
|
|
|
|
|
|
|
|
/* Match domain and server.. */
|
|
|
|
|
2008-10-18 21:25:00 -04:00
|
|
|
/* XXX: Hmm, can't we use c_strlcasecmp() here? --pasky */
|
2005-09-15 09:58:31 -04:00
|
|
|
|
|
|
|
if (domain_len > server_len) return 0;
|
|
|
|
|
|
|
|
/* Ensure that the domain is atleast a substring of the server before
|
|
|
|
* continuing. */
|
2008-10-18 21:25:00 -04:00
|
|
|
if (c_strncasecmp(domain, server + server_len - domain_len, domain_len))
|
2005-09-15 09:58:31 -04:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
/* Allow domains which are same as servers. --<rono@sentuny.com.au> */
|
|
|
|
/* Mozilla does it as well ;))) and I can't figure out any security
|
|
|
|
* risk. --pasky */
|
|
|
|
if (server_len == domain_len)
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
/* Check whether the server is an IP address, and require an exact host
|
|
|
|
* match for the cookie, so any chance of IP address funkiness is
|
|
|
|
* eliminated (e.g. the alias 127.1 domain-matching 99.54.127.1). Idea
|
|
|
|
* from mozilla. (bug 562) */
|
|
|
|
if (is_ip_address(server, server_len))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
/* Also test if domain is secure en ugh.. */
|
|
|
|
|
|
|
|
need_dots = 1;
|
|
|
|
|
|
|
|
if (get_cookies_paranoid_security()) {
|
|
|
|
/* This is somehow controversial attempt (by the way violating
|
|
|
|
* RFC) to increase cookies security in national domains, done
|
|
|
|
* by Mikulas. As it breaks a lot of sites, I decided to make
|
|
|
|
* this optional and off by default. I also don't think this
|
|
|
|
* improves security considerably, as it's SITE'S fault and
|
|
|
|
* also no other browser probably does it. --pasky */
|
|
|
|
/* Mikulas' comment: Some countries have generic 2-nd level
|
|
|
|
* domains (like .com.pl, .co.uk ...) and it would be very bad
|
|
|
|
* if someone set cookies for these generic domains. Imagine
|
|
|
|
* for example that server http://brutalporn.com.pl sets cookie
|
|
|
|
* Set-Cookie: user_is=perverse_pig; domain=.com.pl -- then
|
|
|
|
* this cookie would be sent to all commercial servers in
|
|
|
|
* Poland. */
|
|
|
|
need_dots = 2;
|
|
|
|
|
|
|
|
if (domain_len > 0) {
|
|
|
|
int pos = end_with_known_tld(domain, domain_len);
|
|
|
|
|
|
|
|
if (pos >= 1 && domain[pos - 1] == '.')
|
|
|
|
need_dots = 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
for (i = 0; domain[i]; i++)
|
|
|
|
if (domain[i] == '.' && !--need_dots)
|
|
|
|
break;
|
|
|
|
|
|
|
|
if (need_dots > 0) return 0;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2006-05-31 17:36:11 -04:00
|
|
|
/* Allocate a struct cookie and initialize it with the specified
|
|
|
|
* values (rather than copies). Returns NULL on error. On success,
|
|
|
|
* the cookie is basically safe for @done_cookie or @accept_cookie,
|
|
|
|
* although you may also want to set the remaining members and check
|
|
|
|
* @get_cookies_accept_policy and @is_domain_security_ok.
|
|
|
|
*
|
2021-01-02 10:20:27 -05:00
|
|
|
* The char * arguments must be allocated with @mem_alloc or
|
2006-05-31 17:36:11 -04:00
|
|
|
* equivalent, because @done_cookie will @mem_free them. Likewise,
|
|
|
|
* the caller must already have locked @server. If @init_cookie
|
|
|
|
* fails, then it frees the strings itself, and unlocks @server.
|
|
|
|
*
|
|
|
|
* If any parameter is NULL, then @init_cookie fails and does not
|
|
|
|
* consider that a bug. This means callers can use e.g. @stracpy
|
|
|
|
* and let @init_cookie check whether the call ran out of memory. */
|
|
|
|
struct cookie *
|
2021-01-02 10:20:27 -05:00
|
|
|
init_cookie(char *name, char *value,
|
|
|
|
char *path, char *domain,
|
2006-05-31 17:36:11 -04:00
|
|
|
struct cookie_server *server)
|
|
|
|
{
|
2022-01-16 15:08:50 -05:00
|
|
|
struct cookie *cookie = (struct cookie *)mem_calloc(1, sizeof(*cookie));
|
2007-10-15 06:59:41 -04:00
|
|
|
|
2006-05-31 17:36:11 -04:00
|
|
|
if (!cookie || !name || !value || !path || !domain || !server) {
|
|
|
|
mem_free_if(cookie);
|
|
|
|
mem_free_if(name);
|
|
|
|
mem_free_if(value);
|
|
|
|
mem_free_if(path);
|
|
|
|
mem_free_if(domain);
|
|
|
|
done_cookie_server(server);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
object_nolock(cookie, "cookie"); /* Debugging purpose. */
|
|
|
|
|
|
|
|
cookie->name = name;
|
|
|
|
cookie->value = value;
|
|
|
|
cookie->domain = domain;
|
|
|
|
cookie->path = path;
|
|
|
|
cookie->server = server; /* the caller already locked it for us */
|
|
|
|
|
|
|
|
return cookie;
|
|
|
|
}
|
|
|
|
|
2005-09-15 09:58:31 -04:00
|
|
|
void
|
2021-01-02 10:20:27 -05:00
|
|
|
set_cookie(struct uri *uri, char *str)
|
2005-09-15 09:58:31 -04:00
|
|
|
{
|
2021-01-02 10:20:27 -05:00
|
|
|
char *path, *domain;
|
2005-09-15 09:58:31 -04:00
|
|
|
struct cookie *cookie;
|
|
|
|
struct cookie_str cstr;
|
|
|
|
int max_age;
|
|
|
|
|
|
|
|
if (get_cookies_accept_policy() == COOKIES_ACCEPT_NONE)
|
|
|
|
return;
|
|
|
|
|
|
|
|
#ifdef DEBUG_COOKIES
|
|
|
|
DBG("set_cookie -> (%s) %s", struri(uri), str);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
if (!parse_cookie_str(&cstr, str)) return;
|
|
|
|
|
2016-08-21 16:02:46 -04:00
|
|
|
switch (parse_header_param(str, "path", &path, 0)) {
|
2021-01-02 10:20:27 -05:00
|
|
|
char *path_end;
|
2005-09-15 09:58:31 -04:00
|
|
|
|
2006-05-31 17:36:11 -04:00
|
|
|
case HEADER_PARAM_FOUND:
|
2020-05-02 14:40:06 -04:00
|
|
|
if (!path[0])
|
2006-05-31 17:36:11 -04:00
|
|
|
add_to_strn(&path, "/");
|
2005-09-15 09:58:31 -04:00
|
|
|
|
2006-05-31 17:36:11 -04:00
|
|
|
if (path[0] != '/') {
|
|
|
|
add_to_strn(&path, "x");
|
|
|
|
memmove(path + 1, path, strlen(path) - 1);
|
|
|
|
path[0] = '/';
|
|
|
|
}
|
|
|
|
break;
|
2005-09-15 09:58:31 -04:00
|
|
|
|
2006-05-31 17:36:11 -04:00
|
|
|
case HEADER_PARAM_NOT_FOUND:
|
|
|
|
path = get_uri_string(uri, URI_PATH);
|
|
|
|
if (!path)
|
|
|
|
return;
|
2005-09-15 09:58:31 -04:00
|
|
|
|
2022-01-18 14:42:29 -05:00
|
|
|
path_end = strrchr(path, '/');
|
2006-05-31 17:36:11 -04:00
|
|
|
if (path_end)
|
2020-05-02 14:40:06 -04:00
|
|
|
path_end[0] = '\0';
|
2006-05-31 17:36:11 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
default: /* error */
|
2005-09-15 09:58:31 -04:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2016-08-21 16:02:46 -04:00
|
|
|
if (parse_header_param(str, "domain", &domain, 0) == HEADER_PARAM_NOT_FOUND)
|
2006-05-31 17:36:11 -04:00
|
|
|
domain = memacpy(uri->host, uri->hostlen);
|
|
|
|
if (domain && domain[0] == '.')
|
|
|
|
memmove(domain, domain + 1, strlen(domain));
|
|
|
|
|
|
|
|
cookie = init_cookie(memacpy(str, cstr.nam_end - str),
|
|
|
|
memacpy(cstr.val_start, cstr.val_end - cstr.val_start),
|
|
|
|
path,
|
|
|
|
domain,
|
|
|
|
get_cookie_server(uri->host, uri->hostlen));
|
|
|
|
if (!cookie) return;
|
|
|
|
/* @cookie now owns @path and @domain. */
|
|
|
|
|
2005-09-15 09:58:31 -04:00
|
|
|
#if 0
|
|
|
|
/* We don't actually set ->accept at the moment. But I have kept it
|
|
|
|
* since it will maybe help to fix bug 77 - Support for more
|
|
|
|
* finegrained control upon accepting of cookies. */
|
|
|
|
if (!cookie->server->accept) {
|
|
|
|
#ifdef DEBUG_COOKIES
|
|
|
|
DBG("Dropped.");
|
|
|
|
#endif
|
|
|
|
done_cookie(cookie);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/* Set cookie expiration if needed.
|
|
|
|
* Cookie expires at end of session by default,
|
|
|
|
* set to 0 by calloc().
|
|
|
|
*
|
|
|
|
* max_age:
|
|
|
|
* -1 is use cookie's expiration date if any
|
|
|
|
* 0 is force expiration at the end of session,
|
|
|
|
* ignoring cookie's expiration date
|
|
|
|
* 1+ is use cookie's expiration date,
|
|
|
|
* but limit age to the given number of days.
|
|
|
|
*/
|
|
|
|
|
|
|
|
max_age = get_cookies_max_age();
|
|
|
|
if (max_age) {
|
2021-01-02 10:20:27 -05:00
|
|
|
char *date;
|
2006-05-30 02:32:01 -04:00
|
|
|
time_t expires;
|
2005-09-15 09:58:31 -04:00
|
|
|
|
2016-08-21 16:02:46 -04:00
|
|
|
switch (parse_header_param(str, "expires", &date, 0)) {
|
2006-05-30 02:32:01 -04:00
|
|
|
case HEADER_PARAM_FOUND:
|
|
|
|
expires = parse_date(&date, NULL, 0, 1); /* Convert date to seconds. */
|
2005-09-15 09:58:31 -04:00
|
|
|
|
|
|
|
mem_free(date);
|
|
|
|
|
|
|
|
if (expires) {
|
|
|
|
if (max_age > 0) {
|
2006-05-30 02:37:31 -04:00
|
|
|
time_t seconds = ((time_t) max_age)*24*3600;
|
2005-09-15 09:58:31 -04:00
|
|
|
time_t deadline = time(NULL) + seconds;
|
|
|
|
|
|
|
|
if (expires > deadline) /* Over-aged cookie ? */
|
|
|
|
expires = deadline;
|
|
|
|
}
|
|
|
|
|
|
|
|
cookie->expires = expires;
|
|
|
|
}
|
2006-05-30 02:32:01 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case HEADER_PARAM_NOT_FOUND:
|
|
|
|
break;
|
|
|
|
|
|
|
|
default: /* error */
|
|
|
|
done_cookie(cookie);
|
|
|
|
return;
|
2005-09-15 09:58:31 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-08-21 16:02:46 -04:00
|
|
|
cookie->secure = (parse_header_param(str, "secure", NULL, 0)
|
2006-05-30 02:32:01 -04:00
|
|
|
== HEADER_PARAM_FOUND);
|
2018-08-25 09:28:29 -04:00
|
|
|
cookie->httponly = (parse_header_param(str, "httponly", NULL, 0)
|
|
|
|
== HEADER_PARAM_FOUND);
|
2005-09-15 09:58:31 -04:00
|
|
|
#ifdef DEBUG_COOKIES
|
|
|
|
{
|
|
|
|
DBG("Got cookie %s = %s from %s, domain %s, "
|
2018-08-25 09:28:29 -04:00
|
|
|
"expires at %"TIME_PRINT_FORMAT", secure %d, httponly %d", cookie->name,
|
2005-09-15 09:58:31 -04:00
|
|
|
cookie->value, cookie->server->host, cookie->domain,
|
2018-08-25 09:28:29 -04:00
|
|
|
(time_print_T) cookie->expires, cookie->secure, cookie->httponly);
|
2005-09-15 09:58:31 -04:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
if (!is_domain_security_ok(cookie->domain, uri->host, uri->hostlen)) {
|
|
|
|
#ifdef DEBUG_COOKIES
|
|
|
|
DBG("Domain security violated: %s vs %.*s", cookie->domain,
|
|
|
|
uri->hostlen, uri->host);
|
|
|
|
#endif
|
|
|
|
mem_free(cookie->domain);
|
|
|
|
cookie->domain = memacpy(uri->host, uri->hostlen);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* We have already check COOKIES_ACCEPT_NONE */
|
|
|
|
if (get_cookies_accept_policy() == COOKIES_ACCEPT_ASK) {
|
|
|
|
add_to_list(cookie_queries, cookie);
|
|
|
|
add_questions_entry(accept_cookie_dialog, cookie);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
accept_cookie(cookie);
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
accept_cookie(struct cookie *cookie)
|
|
|
|
{
|
|
|
|
struct c_domain *cd;
|
|
|
|
struct listbox_item *root = cookie->server->box_item;
|
|
|
|
int domain_len;
|
|
|
|
|
|
|
|
if (root)
|
|
|
|
cookie->box_item = add_listbox_leaf(&cookie_browser, root, cookie);
|
|
|
|
|
|
|
|
/* Do not weed out duplicates when loading the cookie file. It doesn't
|
|
|
|
* scale at all, being O(N^2) and taking about 2s with my 500 cookies
|
|
|
|
* (so if you don't notice that 100ms with your 100 cookies, that's
|
|
|
|
* not an argument). --pasky */
|
|
|
|
if (!cookies_nosave) {
|
|
|
|
struct cookie *c, *next;
|
|
|
|
|
|
|
|
foreachsafe (c, next, cookies) {
|
2008-10-18 21:25:00 -04:00
|
|
|
if (c_strcasecmp(c->name, cookie->name)
|
|
|
|
|| c_strcasecmp(c->domain, cookie->domain))
|
2005-09-15 09:58:31 -04:00
|
|
|
continue;
|
|
|
|
|
|
|
|
delete_cookie(c);
|
2006-12-09 09:24:24 -05:00
|
|
|
/* @set_cookies_dirty will be called below. */
|
2005-09-15 09:58:31 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
add_to_list(cookies, cookie);
|
2006-12-09 09:24:24 -05:00
|
|
|
set_cookies_dirty();
|
2005-09-15 09:58:31 -04:00
|
|
|
|
|
|
|
/* XXX: This crunches CPU too. --pasky */
|
|
|
|
foreach (cd, c_domains)
|
2008-10-18 21:25:00 -04:00
|
|
|
if (!c_strcasecmp(cd->domain, cookie->domain))
|
2005-09-15 09:58:31 -04:00
|
|
|
return;
|
|
|
|
|
|
|
|
domain_len = strlen(cookie->domain);
|
|
|
|
/* One byte is reserved for domain in struct c_domain. */
|
2022-01-16 13:09:27 -05:00
|
|
|
cd = (struct c_domain *)mem_alloc(sizeof(*cd) + domain_len);
|
2005-09-15 09:58:31 -04:00
|
|
|
if (!cd) return;
|
|
|
|
|
|
|
|
memcpy(cd->domain, cookie->domain, domain_len + 1);
|
|
|
|
add_to_list(c_domains, cd);
|
|
|
|
}
|
|
|
|
|
|
|
|
#if 0
|
|
|
|
static unsigned int cookie_id = 0;
|
|
|
|
|
|
|
|
static void
|
|
|
|
delete_cookie(struct cookie *c)
|
|
|
|
{
|
|
|
|
struct c_domain *cd;
|
|
|
|
struct cookie *d;
|
|
|
|
|
|
|
|
foreach (d, cookies)
|
2008-10-18 21:25:00 -04:00
|
|
|
if (!c_strcasecmp(d->domain, c->domain))
|
2005-09-15 09:58:31 -04:00
|
|
|
goto end;
|
|
|
|
|
|
|
|
foreach (cd, c_domains) {
|
2008-10-18 21:25:00 -04:00
|
|
|
if (!c_strcasecmp(cd->domain, c->domain)) {
|
2005-09-15 09:58:31 -04:00
|
|
|
del_from_list(cd);
|
|
|
|
mem_free(cd);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
end:
|
|
|
|
del_from_list(c);
|
|
|
|
done_cookie(c);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static struct
|
|
|
|
cookie *find_cookie_id(void *idp)
|
|
|
|
{
|
|
|
|
int id = (int) idp;
|
|
|
|
struct cookie *c;
|
|
|
|
|
|
|
|
foreach (c, cookies)
|
|
|
|
if (c->id == id)
|
|
|
|
return c;
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
reject_cookie(void *idp)
|
|
|
|
{
|
|
|
|
struct cookie *c = find_cookie_id(idp);
|
|
|
|
|
|
|
|
if (!c) return;
|
|
|
|
|
|
|
|
delete_cookie(c);
|
2006-12-09 09:24:24 -05:00
|
|
|
set_cookies_dirty(); /* @find_cookie_id doesn't use @cookie_queries */
|
2005-09-15 09:58:31 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
cookie_default(void *idp, int a)
|
|
|
|
{
|
|
|
|
struct cookie *c = find_cookie_id(idp);
|
|
|
|
|
|
|
|
if (c) c->server->accept = a;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
accept_cookie_always(void *idp)
|
|
|
|
{
|
|
|
|
cookie_default(idp, 1);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
accept_cookie_never(void *idp)
|
|
|
|
{
|
|
|
|
cookie_default(idp, 0);
|
|
|
|
reject_cookie(idp);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
2019-04-21 06:27:40 -04:00
|
|
|
static struct string *
|
2018-08-25 09:28:29 -04:00
|
|
|
send_cookies_common(struct uri *uri, unsigned int httponly)
|
2005-09-15 09:58:31 -04:00
|
|
|
{
|
|
|
|
struct c_domain *cd;
|
|
|
|
struct cookie *c, *next;
|
2021-01-02 10:20:27 -05:00
|
|
|
char *path = NULL;
|
2019-04-21 06:27:40 -04:00
|
|
|
static struct string header;
|
2005-12-12 11:00:08 -05:00
|
|
|
time_t now;
|
2005-09-15 09:58:31 -04:00
|
|
|
|
|
|
|
if (!uri->host || !uri->data)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
foreach (cd, c_domains)
|
|
|
|
if (is_in_domain(cd->domain, uri->host, uri->hostlen)) {
|
|
|
|
path = get_uri_string(uri, URI_PATH);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!path) return NULL;
|
|
|
|
|
2022-01-09 11:03:31 -05:00
|
|
|
if (!init_string(&header)) {
|
|
|
|
mem_free(path);
|
|
|
|
return NULL;
|
|
|
|
}
|
2005-09-15 09:58:31 -04:00
|
|
|
|
2005-12-12 11:00:08 -05:00
|
|
|
now = time(NULL);
|
2005-09-15 09:58:31 -04:00
|
|
|
foreachsafe (c, next, cookies) {
|
|
|
|
if (!is_in_domain(c->domain, uri->host, uri->hostlen)
|
|
|
|
|| !is_path_prefix(c->path, path))
|
|
|
|
continue;
|
|
|
|
|
2005-12-12 11:00:08 -05:00
|
|
|
if (c->expires && c->expires <= now) {
|
2005-09-15 09:58:31 -04:00
|
|
|
#ifdef DEBUG_COOKIES
|
2007-01-12 16:47:45 -05:00
|
|
|
DBG("Cookie %s=%s (exp %"TIME_PRINT_FORMAT") expired.",
|
|
|
|
c->name, c->value, (time_print_T) c->expires);
|
2005-09-15 09:58:31 -04:00
|
|
|
#endif
|
|
|
|
delete_cookie(c);
|
|
|
|
|
2006-12-09 09:24:24 -05:00
|
|
|
set_cookies_dirty();
|
2005-09-15 09:58:31 -04:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Not sure if this is 100% right..? --pasky */
|
|
|
|
if (c->secure && uri->protocol != PROTOCOL_HTTPS)
|
|
|
|
continue;
|
|
|
|
|
2018-08-25 09:28:29 -04:00
|
|
|
if (c->httponly && httponly)
|
|
|
|
continue;
|
|
|
|
|
2005-09-15 09:58:31 -04:00
|
|
|
if (header.length)
|
|
|
|
add_to_string(&header, "; ");
|
|
|
|
|
|
|
|
add_to_string(&header, c->name);
|
|
|
|
add_char_to_string(&header, '=');
|
|
|
|
add_to_string(&header, c->value);
|
|
|
|
#ifdef DEBUG_COOKIES
|
|
|
|
DBG("Cookie: %s=%s", c->name, c->value);
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
|
|
|
mem_free(path);
|
|
|
|
|
|
|
|
if (!header.length) {
|
|
|
|
done_string(&header);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
return &header;
|
|
|
|
}
|
|
|
|
|
2019-04-21 06:27:40 -04:00
|
|
|
struct string *
|
2018-08-25 09:28:29 -04:00
|
|
|
send_cookies(struct uri *uri)
|
|
|
|
{
|
|
|
|
return send_cookies_common(uri, 0);
|
|
|
|
}
|
|
|
|
|
2019-04-21 06:27:40 -04:00
|
|
|
struct string *
|
2018-08-25 09:28:29 -04:00
|
|
|
send_cookies_js(struct uri *uri)
|
|
|
|
{
|
|
|
|
return send_cookies_common(uri, 1);
|
|
|
|
}
|
|
|
|
|
2005-09-15 09:58:31 -04:00
|
|
|
static void done_cookies(struct module *module);
|
|
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
load_cookies(void) {
|
|
|
|
/* Buffer size is set to be enough to read long lines that
|
|
|
|
* save_cookies may write. 6 is choosen after the fprintf(..) call
|
|
|
|
* in save_cookies(). --Zas */
|
2021-01-02 10:20:27 -05:00
|
|
|
char in_buffer[6 * MAX_STR_LEN];
|
2022-01-31 09:54:55 -05:00
|
|
|
const char *cookfile_orig = COOKIES_FILENAME;
|
2022-06-25 10:24:15 -04:00
|
|
|
char *cookfile = NULL;
|
2005-09-15 09:58:31 -04:00
|
|
|
FILE *fp;
|
2005-12-12 11:00:08 -05:00
|
|
|
time_t now;
|
2005-09-15 09:58:31 -04:00
|
|
|
|
|
|
|
if (elinks_home) {
|
2022-01-31 09:54:55 -05:00
|
|
|
cookfile = straconcat(elinks_home, cookfile_orig,
|
2021-01-02 10:20:27 -05:00
|
|
|
(char *) NULL);
|
2005-09-15 09:58:31 -04:00
|
|
|
if (!cookfile) return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Do it here, as we will delete whole cookies list if the file was
|
|
|
|
* removed */
|
|
|
|
cookies_nosave = 1;
|
|
|
|
done_cookies(&cookies_module);
|
|
|
|
cookies_nosave = 0;
|
|
|
|
|
2022-01-31 09:54:55 -05:00
|
|
|
if (elinks_home) {
|
|
|
|
fp = fopen(cookfile, "rb");
|
|
|
|
mem_free(cookfile);
|
|
|
|
} else {
|
|
|
|
fp = fopen(cookfile_orig, "rb");
|
|
|
|
}
|
2005-09-15 09:58:31 -04:00
|
|
|
if (!fp) return;
|
|
|
|
|
|
|
|
/* XXX: We don't want to overwrite the cookies file
|
|
|
|
* periodically to our death. */
|
|
|
|
cookies_nosave = 1;
|
|
|
|
|
2005-12-12 11:00:08 -05:00
|
|
|
now = time(NULL);
|
2005-09-15 09:58:31 -04:00
|
|
|
while (fgets(in_buffer, 6 * MAX_STR_LEN, fp)) {
|
|
|
|
struct cookie *cookie;
|
2021-01-02 10:20:27 -05:00
|
|
|
char *p, *q = in_buffer;
|
2018-08-25 09:28:29 -04:00
|
|
|
enum { NAME = 0, VALUE, SERVER, PATH, DOMAIN, EXPIRES, SECURE, HTTPONLY, MEMBERS };
|
2016-04-20 15:23:55 -04:00
|
|
|
int member;
|
2005-09-15 09:58:31 -04:00
|
|
|
struct {
|
2021-01-02 10:20:27 -05:00
|
|
|
char *pos;
|
2005-09-15 09:58:31 -04:00
|
|
|
int len;
|
|
|
|
} members[MEMBERS];
|
|
|
|
time_t expires;
|
|
|
|
|
|
|
|
/* First find all members. */
|
|
|
|
for (member = NAME; member < MEMBERS; member++, q = ++p) {
|
2022-01-18 14:30:48 -05:00
|
|
|
p = strchr(q, '\t');
|
2005-09-15 09:58:31 -04:00
|
|
|
if (!p) {
|
|
|
|
if (member + 1 != MEMBERS) break; /* last field ? */
|
2022-01-18 14:30:48 -05:00
|
|
|
p = strchr(q, '\n');
|
2005-09-15 09:58:31 -04:00
|
|
|
if (!p) break;
|
|
|
|
}
|
|
|
|
|
|
|
|
members[member].pos = q;
|
|
|
|
members[member].len = p - q;
|
|
|
|
}
|
|
|
|
|
2018-08-25 09:28:29 -04:00
|
|
|
if ((member != HTTPONLY) && (member != MEMBERS)) continue; /* Invalid line. */
|
2005-09-15 09:58:31 -04:00
|
|
|
|
|
|
|
/* Skip expired cookies if any. */
|
|
|
|
expires = str_to_time_t(members[EXPIRES].pos);
|
2005-12-12 11:00:08 -05:00
|
|
|
if (!expires || expires <= now) {
|
2006-12-09 09:24:24 -05:00
|
|
|
set_cookies_dirty();
|
2005-09-15 09:58:31 -04:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Prepare cookie if all members and fields was read. */
|
2022-01-16 15:08:50 -05:00
|
|
|
cookie = (struct cookie *)mem_calloc(1, sizeof(*cookie));
|
2005-09-15 09:58:31 -04:00
|
|
|
if (!cookie) continue;
|
|
|
|
|
|
|
|
cookie->server = get_cookie_server(members[SERVER].pos, members[SERVER].len);
|
|
|
|
cookie->name = memacpy(members[NAME].pos, members[NAME].len);
|
|
|
|
cookie->value = memacpy(members[VALUE].pos, members[VALUE].len);
|
|
|
|
cookie->path = memacpy(members[PATH].pos, members[PATH].len);
|
|
|
|
cookie->domain = memacpy(members[DOMAIN].pos, members[DOMAIN].len);
|
|
|
|
|
|
|
|
/* Check whether all fields were correctly allocated. */
|
|
|
|
if (!cookie->server || !cookie->name || !cookie->value
|
|
|
|
|| !cookie->path || !cookie->domain) {
|
|
|
|
done_cookie(cookie);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
cookie->expires = expires;
|
|
|
|
cookie->secure = !!atoi(members[SECURE].pos);
|
2018-08-25 09:28:29 -04:00
|
|
|
cookie->httponly = (member == MEMBERS) && !!atoi(members[HTTPONLY].pos);
|
2005-09-15 09:58:31 -04:00
|
|
|
|
|
|
|
accept_cookie(cookie);
|
|
|
|
}
|
|
|
|
|
|
|
|
cookies_nosave = 0;
|
|
|
|
fclose(fp);
|
|
|
|
}
|
|
|
|
|
2006-12-09 09:24:24 -05:00
|
|
|
static void
|
|
|
|
resave_cookies_bottom_half(void *always_null)
|
|
|
|
{
|
|
|
|
if (get_cookies_save() && get_cookies_resave())
|
2006-12-09 11:27:40 -05:00
|
|
|
save_cookies(NULL); /* checks cookies_dirty */
|
2006-12-09 09:24:24 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Note that the cookies have been modified, and register a bottom
|
|
|
|
* half for saving them if appropriate. We use a bottom half so that
|
|
|
|
* if something makes multiple changes and calls this for each change,
|
|
|
|
* the cookies get saved only once at the end. */
|
|
|
|
void
|
|
|
|
set_cookies_dirty(void)
|
|
|
|
{
|
|
|
|
/* Do not check @cookies_dirty here. If the previous attempt
|
|
|
|
* to save cookies failed, @cookies_dirty can still be nonzero
|
|
|
|
* even though @resave_cookies_bottom_half is no longer in the
|
|
|
|
* queue. */
|
|
|
|
cookies_dirty = 1;
|
|
|
|
/* If @resave_cookies_bottom_half is already in the queue,
|
|
|
|
* @register_bottom_half does nothing. */
|
|
|
|
register_bottom_half(resave_cookies_bottom_half, NULL);
|
|
|
|
}
|
|
|
|
|
2006-12-09 11:27:40 -05:00
|
|
|
/* @term is non-NULL if the user told ELinks to save cookies, or NULL
|
|
|
|
* if ELinks decided that on its own. In the former case, this
|
|
|
|
* function reports errors to @term, unless CONFIG_SMALL is defined.
|
|
|
|
* In the latter case, this function does not save the cookies if it
|
|
|
|
* thinks the file is already up to date. */
|
2005-09-15 09:58:31 -04:00
|
|
|
void
|
2006-12-09 11:27:40 -05:00
|
|
|
save_cookies(struct terminal *term) {
|
2005-09-15 09:58:31 -04:00
|
|
|
struct cookie *c;
|
2021-01-02 10:20:27 -05:00
|
|
|
char *cookfile;
|
2005-09-15 09:58:31 -04:00
|
|
|
struct secure_save_info *ssi;
|
2005-12-12 11:00:08 -05:00
|
|
|
time_t now;
|
2005-09-15 09:58:31 -04:00
|
|
|
|
2006-12-09 11:27:40 -05:00
|
|
|
#ifdef CONFIG_SMALL
|
2007-04-26 09:02:04 -04:00
|
|
|
# define CANNOT_SAVE_COOKIES(flags, message)
|
2006-12-09 11:27:40 -05:00
|
|
|
#else
|
|
|
|
# define CANNOT_SAVE_COOKIES(flags, message) \
|
|
|
|
do { \
|
|
|
|
if (term) \
|
|
|
|
info_box(term, flags, N_("Cannot save cookies"),\
|
|
|
|
ALIGN_LEFT, message); \
|
|
|
|
} while (0)
|
|
|
|
#endif
|
|
|
|
|
|
|
|
if (cookies_nosave) {
|
|
|
|
assert(term == NULL);
|
|
|
|
if_assert_failed {}
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
if (!elinks_home) {
|
|
|
|
CANNOT_SAVE_COOKIES(0, N_("ELinks was started without a home directory."));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
if (!cookies_dirty && !term)
|
|
|
|
return;
|
|
|
|
if (get_cmd_opt_bool("anonymous")) {
|
|
|
|
CANNOT_SAVE_COOKIES(0, N_("ELinks was started with the -anonymous option."));
|
2005-09-15 09:58:31 -04:00
|
|
|
return;
|
2006-12-09 11:27:40 -05:00
|
|
|
}
|
2005-09-15 09:58:31 -04:00
|
|
|
|
2007-03-11 06:59:11 -04:00
|
|
|
cookfile = straconcat(elinks_home, COOKIES_FILENAME,
|
2021-01-02 10:20:27 -05:00
|
|
|
(char *) NULL);
|
2006-12-09 11:27:40 -05:00
|
|
|
if (!cookfile) {
|
|
|
|
CANNOT_SAVE_COOKIES(0, N_("Out of memory"));
|
|
|
|
return;
|
|
|
|
}
|
2005-09-15 09:58:31 -04:00
|
|
|
|
2006-01-10 17:49:35 -05:00
|
|
|
ssi = secure_open(cookfile);
|
2005-09-15 09:58:31 -04:00
|
|
|
mem_free(cookfile);
|
2006-12-09 11:27:40 -05:00
|
|
|
if (!ssi) {
|
|
|
|
CANNOT_SAVE_COOKIES(MSGBOX_NO_TEXT_INTL,
|
|
|
|
secsave_strerror(secsave_errno, term));
|
|
|
|
return;
|
|
|
|
}
|
2005-09-15 09:58:31 -04:00
|
|
|
|
2005-12-12 11:00:08 -05:00
|
|
|
now = time(NULL);
|
2005-09-15 09:58:31 -04:00
|
|
|
foreach (c, cookies) {
|
2005-12-12 11:00:08 -05:00
|
|
|
if (!c->expires || c->expires <= now) continue;
|
2022-01-29 12:21:58 -05:00
|
|
|
if (secure_fprintf(ssi, "%s\t%s\t%s\t%s\t%s\t%" TIME_PRINT_FORMAT "\t%d\t%d\n",
|
2005-09-15 09:58:31 -04:00
|
|
|
c->name, c->value,
|
|
|
|
c->server->host,
|
|
|
|
empty_string_or_(c->path),
|
|
|
|
empty_string_or_(c->domain),
|
2018-08-25 09:28:29 -04:00
|
|
|
(time_print_T) c->expires, c->secure, c->httponly) < 0)
|
2005-09-15 09:58:31 -04:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2006-12-09 11:27:40 -05:00
|
|
|
secsave_errno = SS_ERR_OTHER; /* @secure_close doesn't always set it */
|
2005-09-15 09:58:31 -04:00
|
|
|
if (!secure_close(ssi)) cookies_dirty = 0;
|
2006-12-09 11:27:40 -05:00
|
|
|
else {
|
|
|
|
CANNOT_SAVE_COOKIES(MSGBOX_NO_TEXT_INTL,
|
|
|
|
secsave_strerror(secsave_errno, term));
|
|
|
|
}
|
2007-04-26 09:02:04 -04:00
|
|
|
#undef CANNOT_SAVE_COOKIES
|
2005-09-15 09:58:31 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
init_cookies(struct module *module)
|
|
|
|
{
|
|
|
|
if (get_cookies_save())
|
|
|
|
load_cookies();
|
|
|
|
}
|
|
|
|
|
2006-12-09 09:24:24 -05:00
|
|
|
/* Like @delete_cookie, this function does not set @cookies_dirty.
|
|
|
|
* The caller must do that if appropriate. */
|
2005-09-15 09:58:31 -04:00
|
|
|
static void
|
2007-07-26 15:39:08 -04:00
|
|
|
free_cookies_list(LIST_OF(struct cookie) *list)
|
2005-09-15 09:58:31 -04:00
|
|
|
{
|
|
|
|
while (!list_empty(*list)) {
|
2022-01-24 13:32:42 -05:00
|
|
|
struct cookie *cookie = (struct cookie *)list->next;
|
2005-09-15 09:58:31 -04:00
|
|
|
|
|
|
|
delete_cookie(cookie);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
done_cookies(struct module *module)
|
|
|
|
{
|
|
|
|
free_list(c_domains);
|
|
|
|
|
|
|
|
if (!cookies_nosave && get_cookies_save())
|
2006-12-09 11:27:40 -05:00
|
|
|
save_cookies(NULL);
|
2005-09-15 09:58:31 -04:00
|
|
|
|
|
|
|
free_cookies_list(&cookies);
|
|
|
|
free_cookies_list(&cookie_queries);
|
2006-12-09 09:24:24 -05:00
|
|
|
/* If @save_cookies failed above, @cookies_dirty can still be
|
|
|
|
* nonzero. Now if @resave_cookies_bottom_half were in the
|
|
|
|
* queue, it could save the empty @cookies list to the file.
|
|
|
|
* Prevent that. */
|
|
|
|
cookies_dirty = 0;
|
2005-09-15 09:58:31 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
struct module cookies_module = struct_module(
|
|
|
|
/* name: */ N_("Cookies"),
|
|
|
|
/* options: */ cookies_options,
|
|
|
|
/* events: */ NULL,
|
|
|
|
/* submodules: */ NULL,
|
|
|
|
/* data: */ NULL,
|
|
|
|
/* init: */ init_cookies,
|
|
|
|
/* done: */ done_cookies
|
|
|
|
);
|