mod_usertrack.c revision 26a4456dd6f1a5d7d7fff766551461a578687c4a
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2000-2004 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
*
* Portions of this software are based upon public domain software
* originally written at the National Center for Supercomputing Applications,
* University of Illinois, Urbana-Champaign.
*/
/* User Tracking Module (Was mod_cookies.c)
*
* *** IMPORTANT NOTE: This module is not designed to generate
* *** cryptographically secure cookies. This means you should not
* *** use cookies generated by this module for authentication purposes
*
* This Apache module is designed to track users paths through a site.
* It uses the client-side state ("Cookie") protocol developed by Netscape.
* It is known to work on most browsers.
*
* Each time a page is requested we look to see if the browser is sending
* us a Cookie: header that we previously generated.
*
* If we don't find one then the user hasn't been to this site since
* starting their browser or their browser doesn't support cookies. So
* we generate a unique Cookie for the transaction and send it back to
* the browser (via a "Set-Cookie" header)
* Future requests from the same browser should keep the same Cookie line.
*
* By matching up all the requests with the same cookie you can
* work out exactly what path a user took through your site. To log
* the cookie use the " %{Cookie}n " directive in a custom access log;
*
* Example 1 : If you currently use the standard Log file format (CLF)
* and use the command "TransferLog somefilename", add the line
* LogFormat "%h %l %u %t \"%r\" %s %b %{Cookie}n"
* to your config file.
*
* Example 2 : If you used to use the old "CookieLog" directive, you
* can emulate it by adding the following command to your config file
* CustomLog filename "%{Cookie}n \"%r\" %t"
*
* Mark Cox, mjc@apache.org, 6 July 95
*
* This file replaces mod_cookies.c
*/
#include "apr.h"
#include "apr_lib.h"
#include "apr_strings.h"
#define APR_WANT_STRFUNC
#include "apr_want.h"
#include "httpd.h"
#include "http_config.h"
#include "http_core.h"
#include "http_request.h"
typedef struct {
int always;
int expires;
typedef enum {
typedef struct {
int enabled;
char *cookie_name;
char *cookie_domain;
char *regexp_string; /* used to compile regexp; save for debugging */
/* Make Cookie: Now we have to generate something that is going to be
* pretty unique. We can base it on the pid, time, hostip */
#define COOKIE_NAME "Apache"
static void make_cookie(request_rec *r)
{
/* 1024 == hardcoded constant */
char cookiebuf[1024];
char *new_cookie;
REMOTE_NAME, NULL);
/* XXX: hmm, this should really tie in with mod_unique_id */
apr_time_now());
/* Cookie with date; as strftime '%a, %d-%h-%y %H:%M:%S GMT' */
"%s; expires=%s, "
"%.2d-%s-%.2d %.2d:%.2d:%.2d GMT",
}
else {
}
}
else {
}
? "; version=1"
: ""),
NULL);
}
return;
}
/* dcfg->regexp is "^cookie_name=([^;]+)|;[ \t]+cookie_name=([^;]+)",
* which has three subexpressions, $0..$2 */
#define NUM_SUBS 3
static int spot_cookie(request_rec *r)
{
const char *cookie_header;
/* Do not run in subrequests */
return DECLINED;
}
? "Cookie2"
: "Cookie")))) {
/* Our regexp,
* ^cookie_name=([^;]+)|;[ \t]+cookie_name=([^;]+)
* only allows for $1 or $2 to be available. ($0 is always
* filled with the entire matched expression, not just
* the part in parentheses.) So just check for either one
* and assign to cookieval if present. */
}
}
/* Set the cookie in a note, for logging */
return DECLINED; /* There's already a cookie, no new one */
}
}
make_cookie(r);
return OK; /* We set our cookie */
}
{
return (void *) cls;
}
static void *make_cookie_dir(apr_pool_t *p, char *d)
{
return dcfg;
}
{
return NULL;
}
const char *arg)
{
char *word;
/* The simple case first - all numbers (we assume) */
return NULL;
}
/*
* The harder case - stolen from mod_expires
*
* CookieExpires "[plus] {<num> <type>}*"
*/
};
/* {<num> <type>}* */
while (word[0]) {
/* <num> */
if (apr_isdigit(word[0]))
else
return "bad expires code, numeric value expected.";
/* <type> */
if (!word[0])
return "bad expires code, missing <type>";
factor = 0;
factor = 60;
factor = 1;
else
return "bad expires code, unrecognized type";
/* next <num> */
}
return NULL;
}
const char *name)
{
/* The goal is to end up with this regexp,
* ^cookie_name=([^;]+)|;[ \t]+cookie_name=([^;]+)
* with cookie_name
* obviously substituted with the real cookie name set by the
* user in httpd.conf. */
"=([^;]+)|;[ \t]+", name,
"=([^;]+)", NULL);
return "Regular expression could not be compiled.";
}
}
return NULL;
}
/*
* Set the value for the 'Domain=' attribute.
*/
const char *name)
{
/*
* Apply the restrictions on cookie domain attributes.
*/
return "CookieDomain values may not be null";
}
if (name[0] != '.') {
return "CookieDomain values must begin with a dot";
}
return "CookieDomain values must contain at least one embedded dot";
}
return NULL;
}
/*
* Make a note of the cookie style we should use.
*/
const char *name)
{
}
}
}
else {
}
return NULL;
}
static const command_rec cookie_log_cmds[] = {
"an expiry date code"),
"domain to which this cookie applies"),
"'Netscape', 'Cookie' (RFC2109), or 'Cookie2' (RFC2965)"),
"whether or not to enable cookies"),
"name of the tracking cookie"),
{NULL}
};
static void register_hooks(apr_pool_t *p)
{
}
make_cookie_dir, /* dir config creater */
NULL, /* dir merger --- default is to override */
make_cookie_log_state, /* server config */
NULL, /* merge server configs */
cookie_log_cmds, /* command apr_table_t */
register_hooks /* register hooks */
};