From 6643650bdd8df68d1438f9c48d59d491f4a4499f Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Sun, 11 Nov 2012 12:38:42 +0000 Subject: [PATCH] Add limit-cookie-lifetime{} action It can be used to let cookies expire before the end of the session. limit-cookie-lifetime{0} creates session cookies and can thus replace the session-cookies-only action in the future. --- actionlist.h | 2 ++ parsers.c | 99 +++++++++++++++++++++++++++++++++++++++++++++------- project.h | 8 +++-- 3 files changed, 94 insertions(+), 15 deletions(-) diff --git a/actionlist.h b/actionlist.h index 3f40de97..b8aac4ae 100644 --- a/actionlist.h +++ b/actionlist.h @@ -104,6 +104,8 @@ DEFINE_ACTION_STRING ("hide-user-agent", ACTION_HIDE_USER_AGENT, DEFINE_CGI_PARAM_NO_RADIO("hide-user-agent", ACTION_HIDE_USER_AGENT, ACTION_STRING_USER_AGENT, "Privoxy " VERSION) DEFINE_ACTION_STRING ("limit-connect", ACTION_LIMIT_CONNECT, ACTION_STRING_LIMIT_CONNECT) DEFINE_CGI_PARAM_NO_RADIO("limit-connect", ACTION_LIMIT_CONNECT, ACTION_STRING_LIMIT_CONNECT, "443") +DEFINE_ACTION_STRING ("limit-cookie-lifetime", ACTION_LIMIT_COOKIE_LIFETIME, ACTION_STRING_LIMIT_COOKIE_LIFETIME) +DEFINE_CGI_PARAM_CUSTOM ("limit-cookie-lifetime", ACTION_LIMIT_COOKIE_LIFETIME, ACTION_STRING_LIMIT_COOKIE_LIFETIME, "60") DEFINE_ACTION_STRING ("overwrite-last-modified", ACTION_OVERWRITE_LAST_MODIFIED, ACTION_STRING_LAST_MODIFIED) DEFINE_CGI_PARAM_RADIO ("overwrite-last-modified", ACTION_OVERWRITE_LAST_MODIFIED, ACTION_STRING_LAST_MODIFIED, "block", 0) DEFINE_CGI_PARAM_RADIO ("overwrite-last-modified", ACTION_OVERWRITE_LAST_MODIFIED, ACTION_STRING_LAST_MODIFIED, "reset-to-request-time", 1) diff --git a/parsers.c b/parsers.c index 9f58a9d7..5df119e2 100644 --- a/parsers.c +++ b/parsers.c @@ -1,4 +1,4 @@ -const char parsers_rcs[] = "$Id: parsers.c,v 1.261 2012/11/09 10:46:06 fabiankeil Exp $"; +const char parsers_rcs[] = "$Id: parsers.c,v 1.262 2012/11/11 12:37:42 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/parsers.c,v $ @@ -3804,6 +3804,50 @@ static jb_err server_http(struct client_state *csp, char **header) return JB_ERR_OK; } +/********************************************************************* + * + * Function : add_cooky_expiry_date + * + * Description : Adds a cookie expiry date to a string. + * + * Parameters : + * 1 : cookie = On input, pointer to cookie to modify. + * On output, pointer to the modified header. + * The original string is freed. + * 2 : lifetime = Seconds the cookie should be valid + * + * Returns : N/A + * + *********************************************************************/ +static void add_cookie_expiry_date(char **cookie, time_t lifetime) +{ + char tmp[50]; + struct tm *timeptr = NULL; + time_t expiry_date = time(NULL) + lifetime; +#ifdef HAVE_GMTIME_R + struct tm gmt; + + timeptr = gmtime_r(&expiry_date, &gmt); +#elif defined(MUTEX_LOCKS_AVAILABLE) + privoxy_mutex_lock(&gmtime_mutex); + timeptr = gmtime(&expiry_date); + privoxy_mutex_unlock(&gmtime_mutex); +#else + timeptr = gmtime(&expiry_date); +#endif + + if (NULL == timeptr) + { + log_error(LOG_LEVEL_FATAL, + "Failed to get the time in add_cooky_expiry_date()"); + } + strftime(tmp, sizeof(tmp), "; expires=%a, %d-%b-%Y %H:%M:%S GMT", timeptr); + if (JB_ERR_OK != string_append(cookie, tmp)) + { + log_error(LOG_LEVEL_FATAL, "Out of memory in add_cooky_expiry()"); + } +} + /********************************************************************* * @@ -3830,18 +3874,18 @@ static jb_err server_http(struct client_state *csp, char **header) *********************************************************************/ static jb_err server_set_cookie(struct client_state *csp, char **header) { - time_t now; - time_t cookie_time; - if ((csp->action->flags & ACTION_CRUNCH_INCOMING_COOKIES) != 0) { log_error(LOG_LEVEL_HEADER, "Crunching incoming cookie: %s", *header); freez(*header); } - else if ((csp->action->flags & ACTION_SESSION_COOKIES_ONLY) != 0) + else if ((0 != (csp->action->flags & ACTION_SESSION_COOKIES_ONLY)) + || (0 != (csp->action->flags & ACTION_LIMIT_COOKIE_LIFETIME))) { - /* Flag whether or not to log a message */ - int changed = 0; + time_t now; + time_t cookie_time; + long cookie_lifetime = 0; + int expiry_date_acceptable = 0; /* A variable to store the tag we're working on */ char *cur_tag; @@ -3857,6 +3901,18 @@ static jb_err server_set_cookie(struct client_state *csp, char **header) time(&now); + if ((csp->action->flags & ACTION_LIMIT_COOKIE_LIFETIME) != 0) + { + const char *param = csp->action->string[ACTION_STRING_LIMIT_COOKIE_LIFETIME]; + + cookie_lifetime = strtol(param, NULL, 0); + if (cookie_lifetime < 0) + { + log_error(LOG_LEVEL_FATAL, "Invalid cookie lifetime limit: %s", param); + } + cookie_lifetime *= 60U; + } + /* Loop through each tag in the cookie */ while (*cur_tag) { @@ -3910,7 +3966,7 @@ static jb_err server_set_cookie(struct client_state *csp, char **header) log_error(LOG_LEVEL_ERROR, "Can't parse \'%s\', send by %s. Unsupported time format?", cur_tag, csp->http->url); string_move(cur_tag, next_tag); - changed = 1; + expiry_date_acceptable = 0; } else { @@ -3948,12 +4004,21 @@ static jb_err server_set_cookie(struct client_state *csp, char **header) * anyway, which in many cases will be shorter * than a browser session. */ - if (cookie_time - now < 0) + if (cookie_time < now) { log_error(LOG_LEVEL_HEADER, "Cookie \'%s\' is already expired and can pass unmodified.", *header); /* Just in case some clown sets more then one expiration date */ cur_tag = next_tag; + expiry_date_acceptable = 1; + } + else if ((cookie_lifetime != 0) && (cookie_time < (now + cookie_lifetime))) + { + log_error(LOG_LEVEL_HEADER, "Cookie \'%s\' can pass unmodified. " + "Its lifetime is below the limit.", *header); + /* Just in case some clown sets more then one expiration date */ + cur_tag = next_tag; + expiry_date_acceptable = 1; } else { @@ -3964,7 +4029,7 @@ static jb_err server_set_cookie(struct client_state *csp, char **header) string_move(cur_tag, next_tag); /* That changed the header, need to issue a log message */ - changed = 1; + expiry_date_acceptable = 0; /* * Note that the next tag has now been moved to *cur_tag, @@ -3981,11 +4046,19 @@ static jb_err server_set_cookie(struct client_state *csp, char **header) } } - if (changed) + if (!expiry_date_acceptable) { assert(NULL != *header); - log_error(LOG_LEVEL_HEADER, "Cookie rewritten to a temporary one: %s", - *header); + if (cookie_lifetime == 0) + { + log_error(LOG_LEVEL_HEADER, "Cookie rewritten to a temporary one: %s", + *header); + } + else + { + add_cookie_expiry_date(header, cookie_lifetime); + log_error(LOG_LEVEL_HEADER, "Cookie rewritten to: %s", *header); + } } } diff --git a/project.h b/project.h index d69dbf01..0ebd2147 100644 --- a/project.h +++ b/project.h @@ -1,7 +1,7 @@ #ifndef PROJECT_H_INCLUDED #define PROJECT_H_INCLUDED /** Version string. */ -#define PROJECT_H_VERSION "$Id: project.h,v 1.190 2012/10/21 13:00:06 fabiankeil Exp $" +#define PROJECT_H_VERSION "$Id: project.h,v 1.191 2012/10/23 10:19:04 fabiankeil Exp $" /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/project.h,v $ @@ -500,6 +500,8 @@ struct iob #define ACTION_OVERWRITE_LAST_MODIFIED 0x02000000UL /** Action bitmap: Replace or block Accept-Language header */ #define ACTION_HIDE_ACCEPT_LANGUAGE 0x04000000UL +/** Action bitmap: Limit the cookie lifetime */ +#define ACTION_LIMIT_COOKIE_LIFETIME 0x08000000UL /** Action string index: How to deanimate GIFs */ @@ -538,8 +540,10 @@ struct iob #define ACTION_STRING_BLOCK 16 /** Action string index: what to do with the "X-Forwarded-For" header. */ #define ACTION_STRING_CHANGE_X_FORWARDED_FOR 17 +/** Action string index: how many minutes cookies should be valid. */ +#define ACTION_STRING_LIMIT_COOKIE_LIFETIME 18 /** Number of string actions. */ -#define ACTION_STRING_COUNT 18 +#define ACTION_STRING_COUNT 19 /* To make the ugly hack in sed easier to understand */ -- 2.39.2