registry responds with both domain and host cookies; registry uses snprintfz, strncpyz

diff --git a/src/registry.c b/src/registry.c
index 13194a009391a928c453192690b19a0a549d6aaa..0517caae422fa6b0fac4bd2692ac88ea57da15d0 100644 (file)
--- a/src/registry.c
+++ b/src/registry.c
@@ -340,8 +340,7 @@ static inline URL *registry_url_allocate_nolock(const char *url, size_t urllen)
 
        // a simple strcpy() should do the job
        // but I prefer to be safe, since the caller specified urllen
-       strncpy(u->url, url, urllen);
-       u->url[urllen] = '\0';
+       strncpyz(u->url, url, urllen);
 
        u->len = urllen;
        u->links = 0;
@@ -424,8 +423,7 @@ static inline MACHINE *registry_machine_allocate(const char *machine_guid, time_
        MACHINE *m = malloc(sizeof(MACHINE));
        if(!m) fatal("Registry: cannot allocate memory for new machine '%s'", machine_guid);
 
-       strncpy(m->guid, machine_guid, 36);
-       m->guid[36] = '\0';
+       strncpyz(m->guid, machine_guid, 36);
 
        debug(D_REGISTRY, "Registry: registry_machine_allocate('%s'): creating dictionary of urls", machine_guid);
        m->urls = dictionary_create(DICTIONARY_FLAGS);
@@ -488,8 +486,7 @@ static inline PERSON_URL *registry_person_url_allocate(PERSON *p, MACHINE *m, UR
 
        // a simple strcpy() should do the job
        // but I prefer to be safe, since the caller specified urllen
-       strncpy(pu->name, name, namelen);
-       pu->name[namelen] = '\0';
+       strncpyz(pu->name, name, namelen);
 
        pu->machine = m;
        pu->first_t = pu->last_t = when;
@@ -552,10 +549,8 @@ static inline PERSON *registry_person_allocate(const char *person_guid, time_t w
                                info("Registry: generated person guid '%s' found in the registry. Retrying...", p->guid);
                }
        }
-       else {
-               strncpy(p->guid, person_guid, 36);
-               p->guid[36] = '\0';
-       }
+       else
+               strncpyz(p->guid, person_guid, 36);
 
        debug(D_REGISTRY, "Registry: registry_person_allocate('%s'): creating dictionary of urls", p->guid);
        p->urls = dictionary_create(DICTIONARY_FLAGS);
@@ -1022,12 +1017,10 @@ static inline void registry_set_person_cookie(struct web_client *w, PERSON *p) {
        struct tm etmbuf, *etm = gmtime_r(&et, &etmbuf);
        strftime(edate, sizeof(edate), "%a, %d %b %Y %H:%M:%S %Z", etm);
 
-       if(registry.registry_domain && registry.registry_domain[0])
-               snprintf(w->cookie, COOKIE_MAX, NETDATA_REGISTRY_COOKIE_NAME "=%s; Domain=%s; Expires=%s", p->guid, registry.registry_domain, edate);
-       else
-               snprintf(w->cookie, COOKIE_MAX, NETDATA_REGISTRY_COOKIE_NAME "=%s; Expires=%s", p->guid, edate);
+       snprintfz(w->cookie1, COOKIE_MAX, NETDATA_REGISTRY_COOKIE_NAME "=%s; Expires=%s", p->guid, edate);
 
-       w->cookie[COOKIE_MAX] = '\0';
+       if(registry.registry_domain && registry.registry_domain[0])
+               snprintfz(w->cookie2, COOKIE_MAX, NETDATA_REGISTRY_COOKIE_NAME "=%s; Domain=%s; Expires=%s", p->guid, registry.registry_domain, edate);
 }
 
 static inline void registry_json_header(struct web_client *w, const char *action, const char *status) {
@@ -1399,8 +1392,8 @@ int registry_save(void) {
        char tmp_filename[FILENAME_MAX + 1];
        char old_filename[FILENAME_MAX + 1];
 
-       snprintf(old_filename, FILENAME_MAX, "%s.old", registry.db_filename);
-       snprintf(tmp_filename, FILENAME_MAX, "%s.tmp", registry.db_filename);
+       snprintfz(old_filename, FILENAME_MAX, "%s.old", registry.db_filename);
+       snprintfz(tmp_filename, FILENAME_MAX, "%s.tmp", registry.db_filename);
 
        debug(D_REGISTRY, "Registry: Creating file '%s'", tmp_filename);
        FILE *fp = fopen(tmp_filename, "w");
@@ -1643,14 +1636,14 @@ int registry_init(void) {
        }
 
        // filenames
-       snprintf(filename, FILENAME_MAX, "%s/netdata.public.unique.id", registry.pathname);
+       snprintfz(filename, FILENAME_MAX, "%s/netdata.public.unique.id", registry.pathname);
        registry.machine_guid_filename = config_get("registry", "netdata unique id file", filename);
        registry_get_this_machine_guid();
 
-       snprintf(filename, FILENAME_MAX, "%s/registry.db", registry.pathname);
+       snprintfz(filename, FILENAME_MAX, "%s/registry.db", registry.pathname);
        registry.db_filename = config_get("registry", "registry db file", filename);
 
-       snprintf(filename, FILENAME_MAX, "%s/registry-log.db", registry.pathname);
+       snprintfz(filename, FILENAME_MAX, "%s/registry-log.db", registry.pathname);
        registry.log_filename = config_get("registry", "registry log file", filename);
 
        // configuration options
@@ -1883,7 +1876,7 @@ int test1(int argc, char **argv) {
                uuid_unparse(uuid, machines_guids[m]);
 
                char buf[FILENAME_MAX + 1];
-               snprintf(buf, FILENAME_MAX, "http://%u.netdata.rocks/", m+1);
+               snprintfz(buf, FILENAME_MAX, "http://%u.netdata.rocks/", m+1);
                machines_urls[m] = strdup(buf);
 
                // fprintf(stderr, "\tmachine %u: '%s', url: '%s'\n", m + 1, machines_guids[m], machines_urls[m]);
@@ -1970,7 +1963,7 @@ int test1(int argc, char **argv) {
                        char *url = machines_urls[tm];
                        char buf[FILENAME_MAX + 1];
                        if (random() % 10000 == 1234) {
-                               snprintf(buf, FILENAME_MAX, "http://random.%ld.netdata.rocks/", random());
+                               snprintfz(buf, FILENAME_MAX, "http://random.%ld.netdata.rocks/", random());
                                url = buf;
                        }
                        else if (random() % 1000 == 123)

diff --git a/src/web_client.c b/src/web_client.c
index 39cabdf000310a0267e19c384488c096c6a47f03..601dda083ae0172e4b65be9d0e9ecd3f19cc6264 100644 (file)
--- a/src/web_client.c
+++ b/src/web_client.c
@@ -175,7 +175,8 @@ void web_client_reset(struct web_client *w)
        }
 
        w->last_url[0] = '\0';
-       w->cookie[0] = '\0';
+       w->cookie1[0] = '\0';
+       w->cookie2[0] = '\0';
        w->origin[0] = '*';
        w->origin[1] = '\0';
 
@@ -801,6 +802,9 @@ int web_client_api_request_v1_registry(struct web_client *w, char *url)
 
        debug(D_WEB_CLIENT, "%llu: API v1 registry with URL '%s'", w->id, url);
 
+       // FIXME
+       // The browser may send multiple cookies with our id
+       
        char *cookie = strstr(w->response.data->buffer, " " NETDATA_REGISTRY_COOKIE_NAME "=");
        if(cookie)
                strncpyz(person_guid, &cookie[sizeof(NETDATA_REGISTRY_COOKIE_NAME) + 1], 36);
@@ -1655,10 +1659,16 @@ void web_client_process(struct web_client *w) {
                , date
                );
 
-       if(w->cookie[0]) {
+       if(w->cookie1[0]) {
+               buffer_sprintf(w->response.header_output,
+                  "Set-Cookie: %s\r\n",
+                  w->cookie1);
+       }
+
+       if(w->cookie2[0]) {
                buffer_sprintf(w->response.header_output,
                   "Set-Cookie: %s\r\n",
-                  w->cookie);
+                  w->cookie2);
        }
 
        if(w->mode == WEB_CLIENT_MODE_OPTIONS) {

diff --git a/src/web_client.h b/src/web_client.h
index de1e1ec51bb68a36ba6c3e05589e223143f435e9..f663be4a1d28eec1279ae90cc8798bd642762782 100644 (file)
--- a/src/web_client.h
+++ b/src/web_client.h
@@ -61,7 +61,8 @@ struct web_client {
 
        struct timeval tv_in, tv_ready;
 
-       char cookie[COOKIE_MAX+1];
+       char cookie1[COOKIE_MAX+1];
+       char cookie2[COOKIE_MAX+1];
        char origin[ORIGIN_MAX+1];
 
        int mode;