File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / libpdel / http / servlet / http_servlet_cookieauth.3
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Tue Feb 21 23:25:53 2012 UTC (12 years, 8 months ago) by misho
Branches: libpdel, MAIN
CVS tags: v0_5_3, HEAD
libpdel

.\" Copyright (c) 2001-2002 Packet Design, LLC.
.\" All rights reserved.
.\" 
.\" Subject to the following obligations and disclaimer of warranty,
.\" use and redistribution of this software, in source or object code
.\" forms, with or without modifications are expressly permitted by
.\" Packet Design; provided, however, that:
.\" 
.\"    (i)  Any and all reproductions of the source or object code
.\"         must include the copyright notice above and the following
.\"         disclaimer of warranties; and
.\"    (ii) No rights are granted, in any manner or form, to use
.\"         Packet Design trademarks, including the mark "PACKET DESIGN"
.\"         on advertising, endorsements, or otherwise except as such
.\"         appears in the above copyright notice or in the software.
.\" 
.\" THIS SOFTWARE IS BEING PROVIDED BY PACKET DESIGN "AS IS", AND
.\" TO THE MAXIMUM EXTENT PERMITTED BY LAW, PACKET DESIGN MAKES NO
.\" REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING
.\" THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED
.\" WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
.\" OR NON-INFRINGEMENT.  PACKET DESIGN DOES NOT WARRANT, GUARANTEE,
.\" OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS
.\" OF THE USE OF THIS SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY,
.\" RELIABILITY OR OTHERWISE.  IN NO EVENT SHALL PACKET DESIGN BE
.\" LIABLE FOR ANY DAMAGES RESULTING FROM OR ARISING OUT OF ANY USE
.\" OF THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY DIRECT,
.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL
.\" DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, LOSS OF
.\" USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY THEORY OF
.\" LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
.\" THE USE OF THIS SOFTWARE, EVEN IF PACKET DESIGN IS ADVISED OF
.\" THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" Author: Archie Cobbs <archie@freebsd.org>
.\"
.\" $Id: http_servlet_cookieauth.3,v 1.1.1.1 2012/02/21 23:25:53 misho Exp $
.\"
.Dd April 22, 2002
.Dt HTTP_SERVLET_COOKIEAUTH 3
.Os
.Sh NAME
.Nm http_servlet_cookieauth
.Nd HTTP secure cookie authentication servlet
.Sh LIBRARY
PDEL Library (libpdel, \-lpdel)
.Sh SYNOPSIS
.In sys/types.h
.In stdio.h
.In netinet/in.h
.In openssl/ssl.h
.In pdel/http/http_defs.h
.In pdel/http/http_server.h
.In pdel/http/servlet/cookieauth.h
.Ft "struct http_servlet *"
.Fn http_servlet_cookieauth_create "const char *redirect" "int append" "http_servlet_cookieauth_reqd_t *authreqd" "void *arg" "void (*destroy)(void *)" "const char *privkey" "const void *id" "size_t idlen" "const char *cookiename"
.Ft int
.Fn http_servlet_cookieauth_login "struct http_response *resp" "const char *privkey" "const char *username" "u_int max_linger" "time_t expire" "int session_only" "const u_char *id" "size_t idlen" "const char *cookiename" "const char *path" "const char *domain" "int secure"
.Ft int
.Fn http_servlet_cookieauth_logout "const char *cookiename" "const char *path" "const char *domain" "struct http_response *resp"
.Ft "char *"
.Fn http_servlet_cookieauth_user "const char *privkey" "const void *id" "size_t idlen" "const char *cookiename" "struct http_request *req" "const char *mtype"
.Sh DESCRIPTION
.Fn http_servlet_cookieauth_create
creates a new servlet that enforces client authentication using
public key cryptography and HTTP cookies.
Any requests that fail to present a valid cookie are redirected to
a login page.
The servlet should be registered with a lower order than the other
servlets that it protects, so that it executes first.
.Pp
.Fa redirect
and
.Fa append
are used when redirecting a request, and are the same as the arguments to
.Xr http_servlet_redirect_create 3 .
.Pp
.Fa authreqd
is invoked for every request and is a pointer to a function of this type:
.Pp
.Bd -literal -compact -offset 3n
typedef int http_servlet_cookieauth_reqd_t(void *arg,
              struct http_request *req);
.Ed
.Pp
The
.Fa arg
is the same value supplied to
.Fn http_servlet_cookieauth_create .
.Fn authreqd
should return a non-zero value if the request requires a valid login cookie
to proceed.
If
.Fn authreqd
returns zero, no authentication will be required.
Typically this is used to make an exception for the login page, etc.
.Pp
.Fa privkey
is a pointer to a PEM-encoded RSA private key.
If the HTTP server supports SSL, the server private key may be used
for convenience (though this slightly weakens overall security).
.Pp
.Fa id
points to arbitrary binary data having length
.Fa idlen
that uniquely identifies the authenticated resource.
Only cookies generated with the same identity and signed with the same
RSA private key will satisfy this servlet (see
.Fn http_servlet_cookieauth_login
below).
The identity information should not be too long, to avoid overflowing
the client's 4K cookie buffer.
.Pp
The
.Fa cookiename
specifies the name to use for the cookie; multiple cookies with
different names may be used simultaneously.
.Pp
When the servlet is destroyed, if
.Fa destroy
is not
.Dv NULL ,
it will be invoked with
.Fa arg
as its parameter.
.Pp
.Fn http_servlet_cookieauth_login
causes a cookie to be generated and passed to the client via
.Fa resp .
When the client includes this cookie in a subsequent HTTP request,
the servlet will allow the request to proceed.
The
.Fa privkey ,
.Fa id ,
and
.Fa idlen
arguments must match the same arguments to
.Fn http_servlet_cookieauth_create .
.Pp
.Fa username
is an arbirary string that may be retrieved in a subsequent request by
.Fn http_servlet_cookieauth_user
(see below).
.Pp
.Fa max_linger ,
if non-zero, specifies a maximum time in seconds between requests before
the cookie becomes invalid.
This means each request will cause a new cookie to be generated.
If an otherwise valid cookie is received but it was generated more than
.Fa max_linger
seconds ago, it is rejected.
.Pp
.Fa expire
specifies an absolute time at which the cookie should expire.
Cookies presented beyond their expiration time (which should only be sent
if the client is broken, malicious, or not synchronized) will be rejected.
.Pp
.Fa session_only
specifies that the client should be instructed to discard the cookie
when the client's session terminates.
Implementation of this feature is client-dependent.
.Pp
.Fa path
and
.Fa domain
may be
.Dv NULL
to use the default, which means the client should send the cookie with
all requests to this web server.
Otherwise, see
.Li "http://www.netscape.com/newsref/std/cookie_spec.html"
for a description.
.Pp
The
.Fa secure
flag indicates to the client that this cookie should only be sent over
an HTTPS (i.e., encrypted) connection.
Implementation of this feature is client-dependent.
.Pp
.Fn http_servlet_cookieauth_logout
invalidates the client cookie by sending the client an invalid cookie
which should overwrite the valid one.
Correct implementation of this feature is client-dependent.
Note also that it's possible (though unlikely) that this function may
return an error, in which case the invalid cookie was not sent.
.Pp
.Fn http_servlet_cookieauth_user
retrieves the
.Fa username
argument previously passed to
.Fn http_servlet_cookieauth_login
from a valid cookie included with the HTTP request
.Fa req .
The string is dynamically allocated with
.Xr typed_mem 3
type
.Fa mtype
and must be eventually freed by the caller.
The identity specified by
.Fa id
and
.Fa idlen
must be the same as when the cookie was created.
If
.Fa req
does not contain a valid cookie,
.Dv NULL
is returned.
.Pp
Note that it is not necessary to create a servlet in order to use the
.Fn http_servlet_cookieauth_login ,
.Fn http_servlet_cookieauth_logout ,
and
.Fn http_servlet_cookieauth_user
functions.
.Sh SECURITY NOTES
Because public key cryptography is used, as long as the RSA private key
is kept secret then there is no known way for an attacker to create a
.Em new
cookie that appears valid to this servlet.
However, if an attacker somehow acquires an existing cookie before its
expiration time, it can be presented by the hacker and will fool this
servlet into believing that the attacker had previously authenticated.
.Pp
Also, while the information in the cookie includes a secure digital
signature that is used to validate the cookie, the cookie itself is
.Em not
encrypted.
In particular, the
.Fa username
will travel across the HTTP connection (and be stored on the browser's
computer) unprotected.
.Pp
For these reasons,
.Sy "this servlet should only be used with SSL web servers" .
.Pp
Creation of the identity must be done carefully to avoid security holes.
The important point is to avoid using the same identity and private key
to secure two things that should be considered different from an
authentication point of view.
Therefore, any information which makes the identity unique to the
particular resource being protected is good.
.Pp
A common pitfall is creating an identity by concatenating strings
without inserting a separator character that does not appear in
the strings. E.g., the concatenation of
.Dq abc
and
.Dq def
is the same as the concatenation of
.Dq ab
and
.Dq cdef.
However,
.Dq abc:def
is different from
.Dq ab:cdef .
.Pp
Hashing the identity components together is a good way to limit
.Fa idlen
and therefore the size of the cookie.
However, if hashing is done a secure hash function such
as MD5 or SHA-1 should be used.
.Sh RETURN VALUES
.Fn http_servlet_cookieauth_create ,
.Fn http_servlet_cookieauth_login ,
.Fn http_servlet_cookieauth_logout ,
and
.Fn http_servlet_cookieauth_user
return
.Dv NULL
or -1 and set
.Va errno
to an appropriate value to indicate failure.
.Pp
The
.Va errno
value
.Er EACCES
is used to indicate that no valid cookie was found.
.Sh SEE ALSO
.Xr http_request 3 ,
.Xr http_response 3 ,
.Xr http_server 3 ,
.Xr http_servlet 3 ,
.Xr http_servlet_basicauth 3 ,
.Xr http_servlet_redirect 3 ,
.Xr libpdel 3 ,
.Xr md5 3 ,
.Xr sha 3 ,
.Xr typed_mem 3
.Rs
.%T "Persistent Client State HTTP Cookies"
.%O "http://www.netscape.com/newsref/std/cookie_spec.html"
.Re
.Rs
.%A D. Kristol
.%A L. Montulli
.%T "HTTP State Management Mechanism"
.%O RFC 2109
.Re
.Sh HISTORY
The PDEL library was developed at Packet Design, LLC.
.Dv "http://www.packetdesign.com/"
.Sh AUTHORS
.An Archie Cobbs Aq archie@freebsd.org
.Sh BUGS
The client must support HTTP cookies for any of this to work.
.Pp
Only the original Netscape cookie spec is supported;
RFC 2109 support should be added.

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>