diff options
Diffstat (limited to 'APACHE_1_3_42/src/modules/standard/mod_usertrack.c')
-rw-r--r-- | APACHE_1_3_42/src/modules/standard/mod_usertrack.c | 590 |
1 files changed, 590 insertions, 0 deletions
diff --git a/APACHE_1_3_42/src/modules/standard/mod_usertrack.c b/APACHE_1_3_42/src/modules/standard/mod_usertrack.c new file mode 100644 index 0000000000..92e05f096b --- /dev/null +++ b/APACHE_1_3_42/src/modules/standard/mod_usertrack.c @@ -0,0 +1,590 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* User Tracking Module (Was mod_cookies.c) + * + * *** IMPORTANT NOTE: This module is not designed to generate + * *** cryptographically secure cookies. This means you should not + * *** use cookies generated by this module for authentication purposes + * + * This Apache module is designed to track users paths through a site. + * It uses the client-side state ("Cookie") protocol developed by Netscape. + * It is known to work on most browsers. + * + * Each time a page is requested we look to see if the browser is sending + * us a Cookie: header that we previously generated. + * + * If we don't find one then the user hasn't been to this site since + * starting their browser or their browser doesn't support cookies. So + * we generate a unique Cookie for the transaction and send it back to + * the browser (via a "Set-Cookie" header) + * Future requests from the same browser should keep the same Cookie line. + * + * By matching up all the requests with the same cookie you can + * work out exactly what path a user took through your site. To log + * the cookie use the " %{Cookie}n " directive in a custom access log; + * + * Example 1 : If you currently use the standard Log file format (CLF) + * and use the command "TransferLog somefilename", add the line + * LogFormat "%h %l %u %t \"%r\" %s %b %{Cookie}n" + * to your config file. + * + * Example 2 : If you used to use the old "CookieLog" directive, you + * can emulate it by adding the following command to your config file + * CustomLog filename "%{Cookie}n \"%r\" %t" + * + * Mark Cox, mjc@apache.org, 6 July 95 + * + * This file replaces mod_cookies.c + */ + +#include "httpd.h" +#include "http_config.h" +#include "http_core.h" +#if !defined(WIN32) && !defined(MPE) && !defined(TPF41) +#include <sys/time.h> +#endif + +module MODULE_VAR_EXPORT usertrack_module; + +typedef struct { + int always; + time_t expires; +} cookie_log_state; + +typedef enum { + CT_UNSET, + CT_NETSCAPE, + CT_COOKIE, + CT_COOKIE2 +} cookie_type_e; + +typedef enum { + CF_NORMAL, + CF_COMPACT +} cookie_format_e; + +typedef struct { + int enabled; + cookie_type_e style; + cookie_format_e format; + char *cookie_name; + char *cookie_domain; + char *prefix_string; + char *regexp_string; /* used to compile regexp; save for debugging */ + regex_t *regexp; /* used to find usertrack cookie in cookie header */ +} cookie_dir_rec; + +/* Define this to allow post-2000 cookies. Cookies use two-digit dates, + * so it might be dicey. (Netscape does it correctly, but others may not) + */ +#define MILLENIAL_COOKIES + +/* Default name of the cookie + */ +#define COOKIE_NAME "Apache" + + +/* Make cookie id: Try to make something unique based on + * pid, time, and hostid, plus the user-configurable prefix. + * + */ +static char * make_cookie_id(char * buffer, int bufsize, request_rec *r, + cookie_format_e cformat) +{ +#if defined(NO_GETTIMEOFDAY) && !defined(NO_TIMES) + clock_t mpe_times; + struct tms mpe_tms; +#elif !defined(WIN32) + struct timeval tv; +#ifdef NETWARE + time_t tz = 0; +#else + struct timezone tz = {0, 0}; +#endif /* defined(NETWARE) */ +#endif + + cookie_dir_rec *dcfg; + + long reqtime = (long) r->request_time; + long clocktime; + + unsigned long ipaddr = ntohl(r->connection->remote_addr.sin_addr.s_addr); + const char *rname = ap_get_remote_host(r->connection, r->per_dir_config, + REMOTE_NAME); + dcfg = ap_get_module_config(r->per_dir_config, &usertrack_module); + +#if defined(NO_GETTIMEOFDAY) && !defined(NO_TIMES) +/* We lack gettimeofday(), so we must use time() to obtain the epoch + seconds, and then times() to obtain CPU clock ticks (milliseconds). + Combine this together to obtain a hopefully unique cookie ID. */ + + mpe_times = times(&mpe_tms); + clocktime = (long) mpe_tms.tms_utime; + +#elif defined(NETWARE) + clocktime = (long) clock(); + +#elif defined(WIN32) + /* + * We lack gettimeofday() and we lack times(). So we'll use + * GetTickCount(), which returns milliseconds since Windows + * was started. It should be relatively unique. + */ + + clocktime = (long) GetTickCount(); + +#else + gettimeofday(&tv, &tz); + + reqtime = (long) tv.tv_sec; + if (cformat == CF_COMPACT) + clocktime = (long) (tv.tv_usec % 65535); + else + clocktime = (long) (tv.tv_usec / 1000); +#endif + + if (cformat == CF_COMPACT) + ap_snprintf(buffer, bufsize, "%s%lx%x%lx%lx", + dcfg->prefix_string, ipaddr, (int) getpid(), + reqtime, clocktime); + else + ap_snprintf(buffer, bufsize, "%s%s.%d%ld%ld", + dcfg->prefix_string, rname, (int) getpid(), + reqtime, clocktime); + + return buffer; +} + + + +static void make_cookie(request_rec *r) +{ + cookie_log_state *cls = ap_get_module_config(r->server->module_config, + &usertrack_module); + + /* 1024 == hardcoded constant */ + char cookiebuf[1024]; + char *new_cookie; + cookie_dir_rec *dcfg; + + dcfg = ap_get_module_config(r->per_dir_config, &usertrack_module); + + make_cookie_id(cookiebuf, sizeof(cookiebuf), r, dcfg->format); + + if (cls->expires) { + struct tm *tms; + time_t when; + + when = cls->expires; + if ((dcfg->style == CT_UNSET) || (dcfg->style == CT_NETSCAPE)) { + when += r->request_time; + +#ifndef MILLENIAL_COOKIES + /* + * Only two-digit date string, so we can't trust "00" or more. + * Therefore, we knock it all back to just before midnight on + * 1/1/2000 (which is 946684799) + */ + + if (when > 946684799) + when = 946684799; +#endif + } + tms = gmtime(&when); + + /* Cookie with date; as strftime '%a, %d-%h-%y %H:%M:%S GMT' */ + new_cookie = ap_psprintf(r->pool, "%s=%s; path=/", + dcfg->cookie_name, cookiebuf); + if ((dcfg->style == CT_UNSET) || (dcfg->style == CT_NETSCAPE)) { + new_cookie = ap_psprintf(r->pool, "%s; " + "expires=%s, %.2d-%s-%.2d " + "%.2d:%.2d:%.2d GMT", + new_cookie, + ap_day_snames[tms->tm_wday], + tms->tm_mday, + ap_month_snames[tms->tm_mon], + tms->tm_year % 100, + tms->tm_hour, tms->tm_min, tms->tm_sec); + } + else { + new_cookie = ap_psprintf(r->pool, "%s; max-age=%d", + new_cookie, (int) when); + } + } + else { + new_cookie = ap_psprintf(r->pool, "%s=%s; path=/", + dcfg->cookie_name, cookiebuf); + } + if (dcfg->cookie_domain != NULL) { + new_cookie = ap_psprintf(r->pool, "%s; domain=%s", + new_cookie, dcfg->cookie_domain); + } + if (dcfg->style == CT_COOKIE2) { + new_cookie = ap_pstrcat(r->pool, new_cookie, "; version=1", NULL); + } + + ap_table_addn(r->headers_out, + (dcfg->style == CT_COOKIE2 ? "Set-Cookie2" : "Set-Cookie"), + new_cookie); + ap_table_setn(r->notes, "cookie", ap_pstrdup(r->pool, cookiebuf)); /* log first time */ + return; +} + +/* + * dcfg->regexp is "^cookie_name=([^;]+)|;[ \t]+cookie_name=([^;]+)", + * which has three subexpressions, $0..$2 + */ +#define NUM_SUBS 3 + +static void set_and_comp_regexp(cookie_dir_rec *dcfg, + pool *p, + const char *cookie_name) +{ + int danger_chars = 0; + const char *sp = cookie_name; + + /* + * The goal is to end up with this regexp, + * ^cookie_name=([^;]+)|;[\t]+cookie_name=([^;]+) + * with cookie_name obviously substituted either + * with the real cookie name set by the user in httpd.conf, + * or with the default COOKIE_NAME. + */ + + /* Anyway, we need to escape the cookie_name before pasting it + * into the regex + */ + while (*sp) { + if (!ap_isalnum(*sp)) { + ++danger_chars; + } + ++sp; + } + + if (danger_chars) { + char *cp; + cp = ap_palloc(p, sp - cookie_name + danger_chars + 1); /* 1 == \0 */ + sp = cookie_name; + cookie_name = cp; + while (*sp) { + if (!ap_isalnum(*sp)) { + *cp++ = '\\'; + } + *cp++ = *sp++; + } + *cp = '\0'; + } + + dcfg->regexp_string = ap_pstrcat(p, "^", cookie_name, + "=([^;]+)|;[ \t]+", cookie_name, + "=([^;]+)", NULL); + dcfg->regexp = ap_pregcomp(p, dcfg->regexp_string, REG_EXTENDED); + ap_assert(dcfg->regexp != NULL); +} + +static int spot_cookie(request_rec *r) +{ + cookie_dir_rec *dcfg = ap_get_module_config(r->per_dir_config, + &usertrack_module); + const char *cookie_header; + regmatch_t regm[NUM_SUBS]; + + if (!dcfg->enabled) { + return DECLINED; + } + + if ((cookie_header = ap_table_get(r->headers_in, "Cookie"))) { + if (!ap_regexec(dcfg->regexp, cookie_header, NUM_SUBS, regm, 0)) { + char *cookieval = NULL; + /* Our regexp, + * ^cookie_name=([^;]+)|;[ \t]+cookie_name=([^;]+) + * only allows for $1 or $2 to be available. ($0 is always + * filled with the entire matched expression, not just + * the part in parentheses.) So just check for either one + * and assign to cookieval if present. */ + if (regm[1].rm_so != -1) { + cookieval = ap_pregsub(r->pool, "$1", cookie_header, + NUM_SUBS, regm); + } + if (regm[2].rm_so != -1) { + cookieval = ap_pregsub(r->pool, "$2", cookie_header, + NUM_SUBS, regm); + } + /* Set the cookie in a note, for logging */ + ap_table_setn(r->notes, "cookie", cookieval); + + return DECLINED; /* There's already a cookie, no new one */ + } + } + make_cookie(r); + return OK; /* We set our cookie */ +} + +static void *make_cookie_log_state(pool *p, server_rec *s) +{ + cookie_log_state *cls = + (cookie_log_state *) ap_palloc(p, sizeof(cookie_log_state)); + + cls->expires = 0; + + return (void *) cls; +} + +static void *make_cookie_dir(pool *p, char *d) +{ + cookie_dir_rec *dcfg; + + dcfg = (cookie_dir_rec *) ap_pcalloc(p, sizeof(cookie_dir_rec)); + dcfg->cookie_name = COOKIE_NAME; + dcfg->cookie_domain = NULL; + dcfg->prefix_string = ""; + dcfg->style = CT_UNSET; + dcfg->format = CF_NORMAL; + dcfg->enabled = 0; + /* + * In case the user does not use the CookieName directive, + * we need to compile the regexp for the default cookie name. + */ + set_and_comp_regexp(dcfg, p, COOKIE_NAME); + return dcfg; +} + +static const char *set_cookie_enable(cmd_parms *cmd, void *mconfig, int arg) +{ + cookie_dir_rec *dcfg = mconfig; + + dcfg->enabled = arg; + return NULL; +} + +static const char *set_cookie_exp(cmd_parms *parms, void *dummy, + const char *arg) +{ + cookie_log_state *cls; + time_t factor, modifier = 0; + time_t num = 0; + char *word; + + cls = ap_get_module_config(parms->server->module_config, + &usertrack_module); + /* The simple case first - all numbers (we assume) */ + if (ap_isdigit(arg[0]) && ap_isdigit(arg[strlen(arg) - 1])) { + cls->expires = atol(arg); + return NULL; + } + + /* + * The harder case - stolen from mod_expires + * + * CookieExpires "[plus] {<num> <type>}*" + */ + + word = ap_getword_conf(parms->pool, &arg); + if (!strncasecmp(word, "plus", 1)) { + word = ap_getword_conf(parms->pool, &arg); + }; + + /* {<num> <type>}* */ + while (word[0]) { + /* <num> */ + if (ap_isdigit(word[0])) + num = atoi(word); + else + return "bad expires code, numeric value expected."; + + /* <type> */ + word = ap_getword_conf(parms->pool, &arg); + if (!word[0]) + return "bad expires code, missing <type>"; + + factor = 0; + if (!strncasecmp(word, "years", 1)) + factor = 60 * 60 * 24 * 365; + else if (!strncasecmp(word, "months", 2)) + factor = 60 * 60 * 24 * 30; + else if (!strncasecmp(word, "weeks", 1)) + factor = 60 * 60 * 24 * 7; + else if (!strncasecmp(word, "days", 1)) + factor = 60 * 60 * 24; + else if (!strncasecmp(word, "hours", 1)) + factor = 60 * 60; + else if (!strncasecmp(word, "minutes", 2)) + factor = 60; + else if (!strncasecmp(word, "seconds", 1)) + factor = 1; + else + return "bad expires code, unrecognized type"; + + modifier = modifier + factor * num; + + /* next <num> */ + word = ap_getword_conf(parms->pool, &arg); + } + + cls->expires = modifier; + + return NULL; +} + +static const char *set_cookie_name(cmd_parms *cmd, void *mconfig, char *name) +{ + cookie_dir_rec *dcfg = (cookie_dir_rec *) mconfig; + + dcfg->cookie_name = ap_pstrdup(cmd->pool, name); + + set_and_comp_regexp(dcfg, cmd->pool, name); + + if (dcfg->regexp == NULL) { + return "Regular expression could not be compiled."; + } + if (dcfg->regexp->re_nsub + 1 != NUM_SUBS) { + return ap_pstrcat(cmd->pool, "Invalid cookie name \"", + name, "\"", NULL); + } + + return NULL; +} + +/* + * Set the value for the 'Domain=' attribute. + */ +static const char *set_cookie_domain(cmd_parms *cmd, void *mconfig, char *name) +{ + cookie_dir_rec *dcfg; + + dcfg = (cookie_dir_rec *) mconfig; + + /* + * Apply the restrictions on cookie domain attributes. + */ + if (strlen(name) == 0) { + return "CookieDomain values may not be null"; + } + if (name[0] != '.') { + return "CookieDomain values must begin with a dot"; + } + if (strchr(&name[1], '.') == NULL) { + return "CookieDomain values must contain at least one embedded dot"; + } + + dcfg->cookie_domain = ap_pstrdup(cmd->pool, name); + return NULL; +} + +/* + * Make a note of the cookie style we should use. + */ +static const char *set_cookie_style(cmd_parms *cmd, void *mconfig, char *name) +{ + cookie_dir_rec *dcfg; + + dcfg = (cookie_dir_rec *) mconfig; + + if (strcasecmp(name, "Netscape") == 0) { + dcfg->style = CT_NETSCAPE; + } + else if ((strcasecmp(name, "Cookie") == 0) + || (strcasecmp(name, "RFC2109") == 0)) { + dcfg->style = CT_COOKIE; + } + else if ((strcasecmp(name, "Cookie2") == 0) + || (strcasecmp(name, "RFC2965") == 0)) { + dcfg->style = CT_COOKIE2; + } + else { + return ap_psprintf(cmd->pool, "Invalid %s keyword: '%s'", + cmd->cmd->name, name); + } + + return NULL; +} + +/* + * Make a note of the cookie format we should use. + */ +static const char *set_cookie_format(cmd_parms *cmd, void *mconfig, char *name) +{ + cookie_dir_rec *dcfg; + + dcfg = (cookie_dir_rec *) mconfig; + + if (strcasecmp(name, "Normal") == 0) { + dcfg->format = CF_NORMAL; + } + else if (strcasecmp(name, "Compact") == 0) { + dcfg->format = CF_COMPACT; + } + else { + return ap_psprintf(cmd->pool, "Invalid %s keyword: '%s'", + cmd->cmd->name, name); + } + + return NULL; +} + +static const char *set_cookie_prefix(cmd_parms *cmd, void *mconfig, char *name) +{ + cookie_dir_rec *dcfg = (cookie_dir_rec *) mconfig; + + dcfg->prefix_string = ap_pstrdup(cmd->pool, name); + + return NULL; +} + + +static const command_rec cookie_log_cmds[] = { + {"CookieExpires", set_cookie_exp, NULL, OR_FILEINFO, TAKE1, + "an expiry date code"}, + {"CookieTracking", set_cookie_enable, NULL, OR_FILEINFO, FLAG, + "whether or not to enable cookies"}, + {"CookieName", set_cookie_name, NULL, OR_FILEINFO, TAKE1, + "name of the tracking cookie"}, + {"CookieDomain", set_cookie_domain, NULL, OR_FILEINFO, TAKE1, + "domain to which this cookie applies"}, + {"CookieStyle", set_cookie_style, NULL, OR_FILEINFO, TAKE1, + "'Netscape', 'Cookie' (RFC2109), or 'Cookie2' (RFC2965)"}, + {"CookieFormat", set_cookie_format, NULL, OR_FILEINFO, TAKE1, + "'Normal' or 'Compact'"}, + {"CookiePrefix", set_cookie_prefix, NULL, OR_FILEINFO, TAKE1, + "String prepended to cookie"}, + {NULL} +}; + +module MODULE_VAR_EXPORT usertrack_module = { + STANDARD_MODULE_STUFF, + NULL, /* initializer */ + make_cookie_dir, /* dir config creater */ + NULL, /* dir merger --- default is to override */ + make_cookie_log_state, /* server config */ + NULL, /* merge server configs */ + cookie_log_cmds, /* command table */ + NULL, /* handlers */ + NULL, /* filename translation */ + NULL, /* check_user_id */ + NULL, /* check auth */ + NULL, /* check access */ + NULL, /* type_checker */ + spot_cookie, /* fixups */ + NULL, /* logger */ + NULL, /* header parser */ + NULL, /* child_init */ + NULL, /* child_exit */ + NULL /* post read-request */ +}; + + + |