From: Art Cancro <ajc@citadel.org>
Date: Thu, 23 Dec 1999 04:54:48 +0000 (+0000)
Subject: * Changed session cookie from hexadecimal encoding to base64
X-Git-Tag: v7.86~7377
X-Git-Url: https://code.citadel.org/?p=citadel.git;a=commitdiff_plain;h=b545fb8daf1d3aeec8e3a66a61ea46274fde10eb

* Changed session cookie from hexadecimal encoding to base64
* Removed overly verbose logging
---

diff --git a/webcit/ChangeLog b/webcit/ChangeLog
index f05a62311..d9e4c1f05 100644
--- a/webcit/ChangeLog
+++ b/webcit/ChangeLog
@@ -1,4 +1,8 @@
 $Log$
+Revision 1.121  1999/12/23 04:54:48  ajc
+* Changed session cookie from hexadecimal encoding to base64
+* Removed overly verbose logging
+
 Revision 1.120  1999/12/12 18:12:28  ajc
 * get http request: clear hold buffer before starting to read in HTTP request.
   This was causing some requests to get corrupted.
@@ -361,3 +365,4 @@ Sun Dec  6 19:50:55 EST 1998 Art Cancro <ajc@uncnsrd.mt-kisco.ny.us>
 
 1998-12-03 Nathan Bryant <bryant@cs.usm.maine.edu>
 	* webserver.c: warning fix
+
diff --git a/webcit/context_loop.c b/webcit/context_loop.c
index c40cee998..2cdd78088 100644
--- a/webcit/context_loop.c
+++ b/webcit/context_loop.c
@@ -217,10 +217,6 @@ void context_loop(int sock)
 	memset(hold, 0, sizeof(hold));
 	do {
 		if (req_gets(sock, buf, hold) < 0) return;
-		fprintf(stderr, "%sReq: %s%s\n",
-			( (req==NULL) ? "\033[32m" : "" ) ,
-			buf,
-			( (req==NULL) ? "\033[0m" : "" )  );
 		if (!strncasecmp(buf, "Cookie: webcit=", 15)) {
 			cookie_to_stuff(&buf[15], &desired_session,
 				NULL, NULL, NULL);
@@ -247,6 +243,7 @@ void context_loop(int sock)
 	 * (or doesn't support them) and we have to barf & bail.
 	 */
 	strcpy(buf, req->line);
+	fprintf(stderr, "%s\n", buf);
 	if (!strncasecmp(buf, "GET ", 4)) strcpy(buf, &buf[4]);
 	else if (!strncasecmp(buf, "HEAD ", 5)) strcpy(buf, &buf[5]);
 	if (buf[1]==' ') buf[1]=0;
diff --git a/webcit/cookie_conversion.c b/webcit/cookie_conversion.c
index 5f139fdf5..22bdb58a0 100644
--- a/webcit/cookie_conversion.c
+++ b/webcit/cookie_conversion.c
@@ -20,20 +20,147 @@
 #include <signal.h>
 #include "webcit.h"
 
+#define TRUE  1
+#define FALSE 0
+
+typedef unsigned char byte;	      /* Byte type */
+static byte dtable[256];	      /* base64 encode / decode table */
+
+/*
+ * decode_base64() and encode_base64() are adaptations of code by
+ * John Walker, found in full in the file "base64.c" included with the Citadel
+ * server.  The difference between those functions and these is that
+ * these are intended to encode/decode small string buffers, and those are
+ * intended to encode/decode entire MIME parts.
+ */
+
+void encode_base64(char *dest, char *source)
+{
+    int i, hiteof = FALSE;
+    int spos = 0;
+    int dpos = 0;
+
+    /*	Fill dtable with character encodings.  */
+
+    for (i = 0; i < 26; i++) {
+        dtable[i] = 'A' + i;
+        dtable[26 + i] = 'a' + i;
+    }
+    for (i = 0; i < 10; i++) {
+        dtable[52 + i] = '0' + i;
+    }
+    dtable[62] = '+';
+    dtable[63] = '/';
+
+    while (!hiteof) {
+	byte igroup[3], ogroup[4];
+	int c, n;
+
+	igroup[0] = igroup[1] = igroup[2] = 0;
+	for (n = 0; n < 3; n++) {
+	    c = source[spos++];
+	    if (c == 0) {
+		hiteof = TRUE;
+		break;
+	    }
+	    igroup[n] = (byte) c;
+	}
+	if (n > 0) {
+	    ogroup[0] = dtable[igroup[0] >> 2];
+	    ogroup[1] = dtable[((igroup[0] & 3) << 4) | (igroup[1] >> 4)];
+	    ogroup[2] = dtable[((igroup[1] & 0xF) << 2) | (igroup[2] >> 6)];
+	    ogroup[3] = dtable[igroup[2] & 0x3F];
+
+            /* Replace characters in output stream with "=" pad
+	       characters if fewer than three characters were
+	       read from the end of the input stream. */
+
+	    if (n < 3) {
+                ogroup[3] = '=';
+		if (n < 2) {
+                    ogroup[2] = '=';
+		}
+	    }
+	    for (i = 0; i < 4; i++) {
+		dest[dpos++] = ogroup[i];
+		dest[dpos] = 0;
+	    }
+	}
+    }
+}
+
+
+
+void decode_base64(char *dest, char *source)
+{
+    int i;
+    int dpos = 0;
+    int spos = 0;
+
+    for (i = 0; i < 255; i++) {
+	dtable[i] = 0x80;
+    }
+    for (i = 'A'; i <= 'Z'; i++) {
+        dtable[i] = 0 + (i - 'A');
+    }
+    for (i = 'a'; i <= 'z'; i++) {
+        dtable[i] = 26 + (i - 'a');
+    }
+    for (i = '0'; i <= '9'; i++) {
+        dtable[i] = 52 + (i - '0');
+    }
+    dtable['+'] = 62;
+    dtable['/'] = 63;
+    dtable['='] = 0;
+
+    /*CONSTANTCONDITION*/
+    while (TRUE) {
+	byte a[4], b[4], o[3];
+
+	for (i = 0; i < 4; i++) {
+	    int c = source[spos++];
+
+	    if (c == 0) {
+		if (i > 0) {
+		    return;
+		}
+		return;
+	    }
+	    if (dtable[c] & 0x80) {
+		/* Ignoring errors: discard invalid character. */
+		i--;
+		continue;
+	    }
+	    a[i] = (byte) c;
+	    b[i] = (byte) dtable[c];
+	}
+	o[0] = (b[0] << 2) | (b[1] >> 4);
+	o[1] = (b[1] << 4) | (b[2] >> 2);
+	o[2] = (b[2] << 6) | b[3];
+        i = a[2] == '=' ? 1 : (a[3] == '=' ? 2 : 3);
+	if (i>=1) dest[dpos++] = o[0];
+	if (i>=2) dest[dpos++] = o[1];
+	if (i>=3) dest[dpos++] = o[2];
+	dest[dpos] = 0;
+	if (i < 3) {
+	    return;
+	}
+    }
+}
+
+
+
+
+
 /*
  * Pack all session info into one easy-to-digest cookie.  Healthy and delicious!
  */
 void stuff_to_cookie(char *cookie, int session, char *user, char *pass, char *room)
 {
 	char buf[256];
-	int i;
 
 	sprintf(buf, "%d|%s|%s|%s", session, user, pass, room);
-	strcpy(cookie, "");
-
-	for (i = 0; i < strlen(buf); ++i)
-		sprintf(&cookie[strlen(cookie)], "%02X", buf[i]);
-
+	encode_base64(cookie, buf);
 }
 
 
@@ -43,12 +170,8 @@ void stuff_to_cookie(char *cookie, int session, char *user, char *pass, char *ro
 void cookie_to_stuff(char *cookie, int *session, char *user, char *pass, char *room)
 {
 	char buf[256];
-	int i;
 
-	for (i = 0; i < strlen(cookie); i = i + 2) {
-		sscanf(&cookie[i], "%02x", (unsigned int *) &buf[i / 2]);
-		buf[(i / 2) + 1] = 0;
-	}
+	decode_base64(buf, cookie);
 
 	if (session != NULL)
 		*session = extract_int(buf, 0);