DEFINE_CGI_PARAM_NO_RADIO("hide-user-agent", ACTION_HIDE_USER_AGENT, ACTION_STRING_USER_AGENT, "Privoxy " VERSION)
DEFINE_ACTION_STRING ("limit-connect", ACTION_LIMIT_CONNECT, ACTION_STRING_LIMIT_CONNECT)
DEFINE_CGI_PARAM_NO_RADIO("limit-connect", ACTION_LIMIT_CONNECT, ACTION_STRING_LIMIT_CONNECT, "443")
+DEFINE_ACTION_STRING ("limit-cookie-lifetime", ACTION_LIMIT_COOKIE_LIFETIME, ACTION_STRING_LIMIT_COOKIE_LIFETIME)
+DEFINE_CGI_PARAM_CUSTOM ("limit-cookie-lifetime", ACTION_LIMIT_COOKIE_LIFETIME, ACTION_STRING_LIMIT_COOKIE_LIFETIME, "60")
DEFINE_ACTION_STRING ("overwrite-last-modified", ACTION_OVERWRITE_LAST_MODIFIED, ACTION_STRING_LAST_MODIFIED)
DEFINE_CGI_PARAM_RADIO ("overwrite-last-modified", ACTION_OVERWRITE_LAST_MODIFIED, ACTION_STRING_LAST_MODIFIED, "block", 0)
DEFINE_CGI_PARAM_RADIO ("overwrite-last-modified", ACTION_OVERWRITE_LAST_MODIFIED, ACTION_STRING_LAST_MODIFIED, "reset-to-request-time", 1)
-const char parsers_rcs[] = "$Id: parsers.c,v 1.261 2012/11/09 10:46:06 fabiankeil Exp $";
+const char parsers_rcs[] = "$Id: parsers.c,v 1.262 2012/11/11 12:37:42 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/parsers.c,v $
return JB_ERR_OK;
}
+/*********************************************************************
+ *
+ * Function : add_cooky_expiry_date
+ *
+ * Description : Adds a cookie expiry date to a string.
+ *
+ * Parameters :
+ * 1 : cookie = On input, pointer to cookie to modify.
+ * On output, pointer to the modified header.
+ * The original string is freed.
+ * 2 : lifetime = Seconds the cookie should be valid
+ *
+ * Returns : N/A
+ *
+ *********************************************************************/
+static void add_cookie_expiry_date(char **cookie, time_t lifetime)
+{
+ char tmp[50];
+ struct tm *timeptr = NULL;
+ time_t expiry_date = time(NULL) + lifetime;
+#ifdef HAVE_GMTIME_R
+ struct tm gmt;
+
+ timeptr = gmtime_r(&expiry_date, &gmt);
+#elif defined(MUTEX_LOCKS_AVAILABLE)
+ privoxy_mutex_lock(&gmtime_mutex);
+ timeptr = gmtime(&expiry_date);
+ privoxy_mutex_unlock(&gmtime_mutex);
+#else
+ timeptr = gmtime(&expiry_date);
+#endif
+
+ if (NULL == timeptr)
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "Failed to get the time in add_cooky_expiry_date()");
+ }
+ strftime(tmp, sizeof(tmp), "; expires=%a, %d-%b-%Y %H:%M:%S GMT", timeptr);
+ if (JB_ERR_OK != string_append(cookie, tmp))
+ {
+ log_error(LOG_LEVEL_FATAL, "Out of memory in add_cooky_expiry()");
+ }
+}
+
/*********************************************************************
*
*********************************************************************/
static jb_err server_set_cookie(struct client_state *csp, char **header)
{
- time_t now;
- time_t cookie_time;
-
if ((csp->action->flags & ACTION_CRUNCH_INCOMING_COOKIES) != 0)
{
log_error(LOG_LEVEL_HEADER, "Crunching incoming cookie: %s", *header);
freez(*header);
}
- else if ((csp->action->flags & ACTION_SESSION_COOKIES_ONLY) != 0)
+ else if ((0 != (csp->action->flags & ACTION_SESSION_COOKIES_ONLY))
+ || (0 != (csp->action->flags & ACTION_LIMIT_COOKIE_LIFETIME)))
{
- /* Flag whether or not to log a message */
- int changed = 0;
+ time_t now;
+ time_t cookie_time;
+ long cookie_lifetime = 0;
+ int expiry_date_acceptable = 0;
/* A variable to store the tag we're working on */
char *cur_tag;
time(&now);
+ if ((csp->action->flags & ACTION_LIMIT_COOKIE_LIFETIME) != 0)
+ {
+ const char *param = csp->action->string[ACTION_STRING_LIMIT_COOKIE_LIFETIME];
+
+ cookie_lifetime = strtol(param, NULL, 0);
+ if (cookie_lifetime < 0)
+ {
+ log_error(LOG_LEVEL_FATAL, "Invalid cookie lifetime limit: %s", param);
+ }
+ cookie_lifetime *= 60U;
+ }
+
/* Loop through each tag in the cookie */
while (*cur_tag)
{
log_error(LOG_LEVEL_ERROR,
"Can't parse \'%s\', send by %s. Unsupported time format?", cur_tag, csp->http->url);
string_move(cur_tag, next_tag);
- changed = 1;
+ expiry_date_acceptable = 0;
}
else
{
* anyway, which in many cases will be shorter
* than a browser session.
*/
- if (cookie_time - now < 0)
+ if (cookie_time < now)
{
log_error(LOG_LEVEL_HEADER,
"Cookie \'%s\' is already expired and can pass unmodified.", *header);
/* Just in case some clown sets more then one expiration date */
cur_tag = next_tag;
+ expiry_date_acceptable = 1;
+ }
+ else if ((cookie_lifetime != 0) && (cookie_time < (now + cookie_lifetime)))
+ {
+ log_error(LOG_LEVEL_HEADER, "Cookie \'%s\' can pass unmodified. "
+ "Its lifetime is below the limit.", *header);
+ /* Just in case some clown sets more then one expiration date */
+ cur_tag = next_tag;
+ expiry_date_acceptable = 1;
}
else
{
string_move(cur_tag, next_tag);
/* That changed the header, need to issue a log message */
- changed = 1;
+ expiry_date_acceptable = 0;
/*
* Note that the next tag has now been moved to *cur_tag,
}
}
- if (changed)
+ if (!expiry_date_acceptable)
{
assert(NULL != *header);
- log_error(LOG_LEVEL_HEADER, "Cookie rewritten to a temporary one: %s",
- *header);
+ if (cookie_lifetime == 0)
+ {
+ log_error(LOG_LEVEL_HEADER, "Cookie rewritten to a temporary one: %s",
+ *header);
+ }
+ else
+ {
+ add_cookie_expiry_date(header, cookie_lifetime);
+ log_error(LOG_LEVEL_HEADER, "Cookie rewritten to: %s", *header);
+ }
}
}
#ifndef PROJECT_H_INCLUDED
#define PROJECT_H_INCLUDED
/** Version string. */
-#define PROJECT_H_VERSION "$Id: project.h,v 1.190 2012/10/21 13:00:06 fabiankeil Exp $"
+#define PROJECT_H_VERSION "$Id: project.h,v 1.191 2012/10/23 10:19:04 fabiankeil Exp $"
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/project.h,v $
#define ACTION_OVERWRITE_LAST_MODIFIED 0x02000000UL
/** Action bitmap: Replace or block Accept-Language header */
#define ACTION_HIDE_ACCEPT_LANGUAGE 0x04000000UL
+/** Action bitmap: Limit the cookie lifetime */
+#define ACTION_LIMIT_COOKIE_LIFETIME 0x08000000UL
/** Action string index: How to deanimate GIFs */
#define ACTION_STRING_BLOCK 16
/** Action string index: what to do with the "X-Forwarded-For" header. */
#define ACTION_STRING_CHANGE_X_FORWARDED_FOR 17
+/** Action string index: how many minutes cookies should be valid. */
+#define ACTION_STRING_LIMIT_COOKIE_LIFETIME 18
/** Number of string actions. */
-#define ACTION_STRING_COUNT 18
+#define ACTION_STRING_COUNT 19
/* To make the ugly hack in sed easier to understand */