[MINOR] Allow to specify a domain for a cookie

This patch allows to specify a domain used when inserting a cookie
providing a session stickiness. Usefull for example with wildcard domains.

The patch adds one new variable to the struct proxy: cookiedomain.
When set the domain is appended to a Set-Cookie header.

Domain name is validated using the new invalid_domainchar() function.
It is basically invalid_char() limited to [A-Za-z0-9_.-]. Yes, the test
is too trivial and does not cover all wrong situations, but the main
purpose is to detect most common mistakes, not intentional abuses.

The underscore ("_") character is not RFC-valid but as it is
often (mis)used so I decided to allow it.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 399bebb6d53a6dd592680ee75c73d9ec04777dc5..220990fee773bfed0da47fbd14ecf7d32ed8b3a4 100644 (file)
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -1087,7 +1087,7 @@ contimeout <timeout>
              "timeout server", "contimeout".
 
 
-cookie <name> [ rewrite|insert|prefix ] [ indirect ] [ nocache ] [ postonly ]
+cookie <name> [ rewrite|insert|prefix ] [ indirect ] [ nocache ] [ postonly ] [domain <domain>]
   Enable cookie-based persistence in a backend.
   May be used in sections :   defaults | frontend | listen | backend
                                  yes   |    no    |   yes  |   yes
@@ -1167,6 +1167,10 @@ cookie <name> [ rewrite|insert|prefix ] [ indirect ] [ nocache ] [ postonly ]
               persistence cookie in the cache.
               See also the "insert" and "nocache" options.
 
+    domain    This option allows to specify the domain at which a cookie is
+              inserted. It requires exactly one paramater: a valid domain
+              name.
+
   There can be only one persistence cookie per HTTP backend, and it can be
   declared in a defaults section. The value of the cookie will be the value
   indicated after the "cookie" keyword in a "server" statement. If no cookie

diff --git a/include/common/standard.h b/include/common/standard.h
index a120f56bd46db38c020cf3d32cf4296fd1bb91ec..dae7bd54f71ece71e9cd29ef95eb182971433ec7 100644 (file)
--- a/include/common/standard.h
+++ b/include/common/standard.h
@@ -135,6 +135,13 @@ extern int ishex(char s);
  */
 extern const char *invalid_char(const char *name);
 
+/*
+ * Checks <domainname> for invalid characters. Valid chars are [A-Za-z0-9_.-].
+ * If an invalid character is found, a pointer to it is returned.
+ * If everything is fine, NULL is returned.
+ */
+extern const char *invalid_domainchar(const char *name);
+
 /*
  * converts <str> to a struct sockaddr_un* which is locally allocated.
  * The format is "/path", where "/path" is a path to a UNIX domain socket.

diff --git a/include/types/proxy.h b/include/types/proxy.h
index fe69b08967471604b7276d0091ba787e71eebefc..81e182dd0b31a4334e75ebb49854bce13a6b9eb2 100644 (file)
--- a/include/types/proxy.h
+++ b/include/types/proxy.h
@@ -161,6 +161,7 @@ struct proxy {
                void (*server_drop_conn)(struct server *);/* to be called when connection is dropped */
        } lbprm;                                /* LB parameters for all algorithms */
 
+       char *cookiedomain;                     /* domain used to insert the cookie */
        char *cookie_name;                      /* name of the cookie to look for */
        int  cookie_len;                        /* strlen(cookie_name), computed only once */
        char *url_param_name;                   /* name of the URL parameter used for hashing */

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 7dbadd1e7e0b02a05f8d05c03162c1ee4df19241..9ca8ae64f46a3235645984e5b36ad2f11b4ae681 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -895,8 +895,33 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int inv)
                        else if (!strcmp(args[cur_arg], "prefix")) {
                                curproxy->options |= PR_O_COOK_PFX;
                        }
+                       else if (!strcmp(args[cur_arg], "domain")) {
+                               if (!*args[cur_arg + 1]) {
+                                       Alert("parsing [%s:%d]: '%s' expects <domain> as argument.\n",
+                                               file, linenum, args[cur_arg]);
+                                       return -1;
+                               }
+
+                               if (*args[cur_arg + 1] != '.' || !strchr(args[cur_arg + 1] + 1, '.')) {
+                                       /* rfc2109, 4.3.2 Rejecting Cookies */
+                                       Alert("parsing [%s:%d]: domain '%s' contains no embedded"
+                                               " dots or does not start with a dot.\n",
+                                               file, linenum, args[cur_arg + 1]);
+                                       return -1;
+                               }
+
+                               err = invalid_domainchar(args[cur_arg + 1]);
+                               if (err) {
+                                       Alert("parsing [%s:%d]: character '%c' is not permitted in domain name '%s'.\n",
+                                               file, linenum, *err, args[cur_arg + 1]);
+                                       return -1;
+                               }
+
+                               curproxy->cookiedomain = strdup(args[cur_arg + 1]);
+                               cur_arg++;
+                       }
                        else {
-                               Alert("parsing [%s:%d] : '%s' supports 'rewrite', 'insert', 'prefix', 'indirect', 'nocache' and 'postonly' options.\n",
+                               Alert("parsing [%s:%d] : '%s' supports 'rewrite', 'insert', 'prefix', 'indirect', 'nocache' and 'postonly', 'domain' options.\n",
                                      file, linenum, args[0]);
                                return -1;
                        }

diff --git a/src/proto_http.c b/src/proto_http.c
index 2c07030639a7e81b5e997512fd56cdaab685c3a1..3caeba1cff0e271d84b0bc55009c68bf4c49f73a 100644 (file)
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -3222,6 +3222,9 @@ int process_srv(struct session *t)
                                      t->be->cookie_name,
                                      t->srv->cookie ? t->srv->cookie : "; Expires=Thu, 01-Jan-1970 00:00:01 GMT");
 
+                       if (t->be->cookiedomain)
+                               len += sprintf(trash+len, "; domain=%s", t->be->cookiedomain);
+
                        if (unlikely(http_header_add_tail2(rep, &txn->rsp, &txn->hdr_idx,
                                                           trash, len)) < 0)
                                goto return_bad_resp;

diff --git a/src/standard.c b/src/standard.c
index 7f749f957505a0517f9100250f80e2e644588c9f..a85552866c8035c5ad5dbf78a025627caaa2f8b8 100644 (file)
--- a/src/standard.c
+++ b/src/standard.c
@@ -140,6 +140,27 @@ const char *invalid_char(const char *name)
        return NULL;
 }
 
+/*
+ * Checks <domainname> for invalid characters. Valid chars are [A-Za-z0-9_.-].
+ * If an invalid character is found, a pointer to it is returned.
+ * If everything is fine, NULL is returned.
+ */
+const char *invalid_domainchar(const char *name) {
+
+       if (!*name)
+               return name;
+
+       while (*name) {
+               if (!isalnum((int)*name) && *name != '.' &&
+                   *name != '_' && *name != '-')
+                       return name;
+
+               name++;
+       }
+
+       return NULL;
+}
+
 /*
  * converts <str> to a struct sockaddr_in* which is locally allocated.
  * The format is "addr:port", where "addr" can be a dotted IPv4 address,