ole32: Check buffer bounds when reading storage properties.
[wine.git] / dlls / wininet / cookie.c
blobb5f779b26783cfd67a86c05539fbdd74cfaa1f68
1 /*
2 * Wininet - cookie handling stuff
4 * Copyright 2002 TransGaming Technologies Inc.
6 * David Hammerton
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2.1 of the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
23 #include "ws2tcpip.h"
25 #include <stdarg.h>
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <assert.h>
30 #include <wchar.h>
32 #include "windef.h"
33 #include "winbase.h"
34 #include "wininet.h"
35 #include "lmcons.h"
36 #include "winerror.h"
38 #include "wine/debug.h"
39 #include "internet.h"
41 #define RESPONSE_TIMEOUT 30 /* FROM internet.c */
44 WINE_DEFAULT_DEBUG_CHANNEL(wininet);
46 /* FIXME
47 * Cookies could use A LOT OF MEMORY. We need some kind of memory management here!
50 struct _cookie_domain_t;
51 struct _cookie_container_t;
53 typedef struct _cookie_t {
54 struct list entry;
56 struct _cookie_container_t *container;
58 WCHAR *name;
59 WCHAR *data;
60 DWORD flags;
61 FILETIME expiry;
62 FILETIME create;
63 } cookie_t;
65 typedef struct _cookie_container_t {
66 struct list entry;
68 WCHAR *cookie_url;
69 substr_t path;
70 struct _cookie_domain_t *domain;
72 struct list cookie_list;
73 } cookie_container_t;
75 typedef struct _cookie_domain_t {
76 struct list entry;
78 WCHAR *domain;
79 unsigned subdomain_len;
81 struct _cookie_domain_t *parent;
82 struct list subdomain_list;
84 /* List of stored paths sorted by length of the path. */
85 struct list path_list;
86 } cookie_domain_t;
88 static CRITICAL_SECTION cookie_cs;
89 static CRITICAL_SECTION_DEBUG cookie_cs_debug =
91 0, 0, &cookie_cs,
92 { &cookie_cs_debug.ProcessLocksList, &cookie_cs_debug.ProcessLocksList },
93 0, 0, { (DWORD_PTR)(__FILE__ ": cookie_cs") }
95 static CRITICAL_SECTION cookie_cs = { &cookie_cs_debug, -1, 0, 0, 0, 0 };
96 static struct list domain_list = LIST_INIT(domain_list);
98 static cookie_domain_t *get_cookie_domain(substr_t domain, BOOL create)
100 const WCHAR *ptr = domain.str + domain.len, *ptr_end, *subdomain_ptr;
101 cookie_domain_t *iter, *current_domain, *prev_domain = NULL;
102 struct list *current_list = &domain_list;
104 while(1) {
105 for(ptr_end = ptr--; ptr > domain.str && *ptr != '.'; ptr--);
106 subdomain_ptr = *ptr == '.' ? ptr+1 : ptr;
108 current_domain = NULL;
109 LIST_FOR_EACH_ENTRY(iter, current_list, cookie_domain_t, entry) {
110 if(ptr_end-subdomain_ptr == iter->subdomain_len
111 && !memcmp(subdomain_ptr, iter->domain, iter->subdomain_len*sizeof(WCHAR))) {
112 current_domain = iter;
113 break;
117 if(!current_domain) {
118 if(!create)
119 return prev_domain;
121 current_domain = heap_alloc(sizeof(*current_domain));
122 if(!current_domain)
123 return NULL;
125 current_domain->domain = heap_strndupW(subdomain_ptr, domain.str + domain.len - subdomain_ptr);
126 if(!current_domain->domain) {
127 heap_free(current_domain);
128 return NULL;
131 current_domain->subdomain_len = ptr_end-subdomain_ptr;
133 current_domain->parent = prev_domain;
134 list_init(&current_domain->path_list);
135 list_init(&current_domain->subdomain_list);
137 list_add_tail(current_list, &current_domain->entry);
140 if(ptr == domain.str)
141 return current_domain;
143 prev_domain = current_domain;
144 current_list = &current_domain->subdomain_list;
148 static WCHAR *create_cookie_url(substr_t domain, substr_t path, substr_t *ret_path)
150 WCHAR user[UNLEN], *p, *url;
151 DWORD len, user_len, i;
153 static const WCHAR cookie_prefix[] = {'C','o','o','k','i','e',':'};
155 user_len = ARRAY_SIZE(user);
156 if(!GetUserNameW(user, &user_len))
157 return FALSE;
158 user_len--;
160 len = ARRAY_SIZE(cookie_prefix) + user_len + 1 /* @ */ + domain.len + path.len;
161 url = heap_alloc((len+1) * sizeof(WCHAR));
162 if(!url)
163 return NULL;
165 memcpy(url, cookie_prefix, sizeof(cookie_prefix));
166 p = url + ARRAY_SIZE(cookie_prefix);
168 memcpy(p, user, user_len*sizeof(WCHAR));
169 p += user_len;
171 *p++ = '@';
173 memcpy(p, domain.str, domain.len*sizeof(WCHAR));
174 p += domain.len;
176 for(i=0; i < path.len; i++)
177 p[i] = towlower(path.str[i]);
178 p[path.len] = 0;
180 ret_path->str = p;
181 ret_path->len = path.len;
182 return url;
185 static cookie_container_t *get_cookie_container(substr_t domain, substr_t path, BOOL create)
187 cookie_domain_t *cookie_domain;
188 cookie_container_t *cookie_container, *iter;
190 cookie_domain = get_cookie_domain(domain, create);
191 if(!cookie_domain)
192 return NULL;
194 LIST_FOR_EACH_ENTRY(cookie_container, &cookie_domain->path_list, cookie_container_t, entry) {
195 if(cookie_container->path.len < path.len)
196 break;
198 if(path.len == cookie_container->path.len && !wcsnicmp(cookie_container->path.str, path.str, path.len))
199 return cookie_container;
202 if(!create)
203 return NULL;
205 cookie_container = heap_alloc(sizeof(*cookie_container));
206 if(!cookie_container)
207 return NULL;
209 cookie_container->cookie_url = create_cookie_url(substrz(cookie_domain->domain), path, &cookie_container->path);
210 if(!cookie_container->cookie_url) {
211 heap_free(cookie_container);
212 return NULL;
215 cookie_container->domain = cookie_domain;
216 list_init(&cookie_container->cookie_list);
218 LIST_FOR_EACH_ENTRY(iter, &cookie_domain->path_list, cookie_container_t, entry) {
219 if(iter->path.len <= path.len) {
220 list_add_before(&iter->entry, &cookie_container->entry);
221 return cookie_container;
225 list_add_tail(&cookie_domain->path_list, &cookie_container->entry);
226 return cookie_container;
229 static void delete_cookie(cookie_t *cookie)
231 list_remove(&cookie->entry);
233 heap_free(cookie->name);
234 heap_free(cookie->data);
235 heap_free(cookie);
238 static cookie_t *alloc_cookie(substr_t name, substr_t data, FILETIME expiry, FILETIME create_time, DWORD flags)
240 cookie_t *new_cookie;
242 new_cookie = heap_alloc_zero(sizeof(*new_cookie));
243 if(!new_cookie)
244 return NULL;
246 new_cookie->expiry = expiry;
247 new_cookie->create = create_time;
248 new_cookie->flags = flags;
249 list_init(&new_cookie->entry);
251 if(name.str && !(new_cookie->name = heap_strndupW(name.str, name.len))) {
252 delete_cookie(new_cookie);
253 return NULL;
256 if(data.str && !(new_cookie->data = heap_strndupW(data.str, data.len))) {
257 delete_cookie(new_cookie);
258 return NULL;
261 return new_cookie;
264 static cookie_t *find_cookie(cookie_container_t *container, substr_t name)
266 cookie_t *iter;
268 LIST_FOR_EACH_ENTRY(iter, &container->cookie_list, cookie_t, entry) {
269 if(lstrlenW(iter->name) == name.len && !wcsnicmp(iter->name, name.str, name.len))
270 return iter;
273 return NULL;
276 static void add_cookie(cookie_container_t *container, cookie_t *new_cookie)
278 TRACE("Adding %s=%s to %s\n", debugstr_w(new_cookie->name), debugstr_w(new_cookie->data),
279 debugstr_w(container->cookie_url));
281 list_add_tail(&container->cookie_list, &new_cookie->entry);
282 new_cookie->container = container;
285 static void replace_cookie(cookie_container_t *container, cookie_t *new_cookie)
287 cookie_t *old_cookie;
289 old_cookie = find_cookie(container, substrz(new_cookie->name));
290 if(old_cookie)
291 delete_cookie(old_cookie);
293 add_cookie(container, new_cookie);
296 static BOOL cookie_match_path(cookie_container_t *container, substr_t path)
298 return path.len >= container->path.len && !wcsnicmp(container->path.str, path.str, container->path.len);
301 static BOOL load_persistent_cookie(substr_t domain, substr_t path)
303 INTERNET_CACHE_ENTRY_INFOW *info;
304 cookie_container_t *cookie_container;
305 cookie_t *new_cookie;
306 HANDLE cookie;
307 char *str = NULL, *pbeg, *pend;
308 DWORD size, flags;
309 WCHAR *name, *data;
310 FILETIME expiry, create, time;
312 cookie_container = get_cookie_container(domain, path, TRUE);
313 if(!cookie_container)
314 return FALSE;
316 size = 0;
317 RetrieveUrlCacheEntryStreamW(cookie_container->cookie_url, NULL, &size, FALSE, 0);
318 if(GetLastError() != ERROR_INSUFFICIENT_BUFFER)
319 return TRUE;
320 info = heap_alloc(size);
321 if(!info)
322 return FALSE;
323 cookie = RetrieveUrlCacheEntryStreamW(cookie_container->cookie_url, info, &size, FALSE, 0);
324 size = info->dwSizeLow;
325 heap_free(info);
326 if(!cookie)
327 return FALSE;
329 if(!(str = heap_alloc(size+1)) || !ReadUrlCacheEntryStream(cookie, 0, str, &size, 0)) {
330 UnlockUrlCacheEntryStream(cookie, 0);
331 heap_free(str);
332 return FALSE;
334 str[size] = 0;
335 UnlockUrlCacheEntryStream(cookie, 0);
337 GetSystemTimeAsFileTime(&time);
338 for(pbeg=str; pbeg && *pbeg; name=data=NULL) {
339 pend = strchr(pbeg, '\n');
340 if(!pend)
341 break;
342 *pend = 0;
343 name = heap_strdupAtoW(pbeg);
345 pbeg = pend+1;
346 pend = strchr(pbeg, '\n');
347 if(!pend)
348 break;
349 *pend = 0;
350 data = heap_strdupAtoW(pbeg);
352 pbeg = strchr(pend+1, '\n');
353 if(!pbeg)
354 break;
355 sscanf(pbeg, "%u %u %u %u %u", &flags, &expiry.dwLowDateTime, &expiry.dwHighDateTime,
356 &create.dwLowDateTime, &create.dwHighDateTime);
358 /* skip "*\n" */
359 pbeg = strchr(pbeg, '*');
360 if(pbeg) {
361 pbeg++;
362 if(*pbeg)
363 pbeg++;
366 if(!name || !data)
367 break;
369 if(CompareFileTime(&time, &expiry) <= 0) {
370 new_cookie = alloc_cookie(substr(NULL, 0), substr(NULL, 0), expiry, create, flags);
371 if(!new_cookie)
372 break;
374 new_cookie->name = name;
375 new_cookie->data = data;
377 replace_cookie(cookie_container, new_cookie);
378 }else {
379 heap_free(name);
380 heap_free(data);
383 heap_free(str);
384 heap_free(name);
385 heap_free(data);
387 return TRUE;
390 static BOOL save_persistent_cookie(cookie_container_t *container)
392 static const WCHAR txtW[] = {'t','x','t',0};
394 WCHAR cookie_file[MAX_PATH];
395 HANDLE cookie_handle;
396 cookie_t *cookie_container = NULL, *cookie_iter;
397 BOOL do_save = FALSE;
398 char buf[64], *dyn_buf;
399 FILETIME time;
400 DWORD bytes_written;
401 size_t len;
403 /* check if there's anything to save */
404 GetSystemTimeAsFileTime(&time);
405 LIST_FOR_EACH_ENTRY_SAFE(cookie_container, cookie_iter, &container->cookie_list, cookie_t, entry)
407 if((cookie_container->expiry.dwLowDateTime || cookie_container->expiry.dwHighDateTime)
408 && CompareFileTime(&time, &cookie_container->expiry) > 0) {
409 delete_cookie(cookie_container);
410 continue;
413 if(!(cookie_container->flags & INTERNET_COOKIE_IS_SESSION)) {
414 do_save = TRUE;
415 break;
419 if(!do_save) {
420 DeleteUrlCacheEntryW(container->cookie_url);
421 return TRUE;
424 if(!CreateUrlCacheEntryW(container->cookie_url, 0, txtW, cookie_file, 0))
425 return FALSE;
427 cookie_handle = CreateFileW(cookie_file, GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL);
428 if(cookie_handle == INVALID_HANDLE_VALUE) {
429 DeleteFileW(cookie_file);
430 return FALSE;
433 LIST_FOR_EACH_ENTRY(cookie_container, &container->cookie_list, cookie_t, entry)
435 if(cookie_container->flags & INTERNET_COOKIE_IS_SESSION)
436 continue;
438 dyn_buf = heap_strdupWtoA(cookie_container->name);
439 if(!dyn_buf || !WriteFile(cookie_handle, dyn_buf, strlen(dyn_buf), &bytes_written, NULL)) {
440 heap_free(dyn_buf);
441 do_save = FALSE;
442 break;
444 heap_free(dyn_buf);
445 if(!WriteFile(cookie_handle, "\n", 1, &bytes_written, NULL)) {
446 do_save = FALSE;
447 break;
450 dyn_buf = heap_strdupWtoA(cookie_container->data);
451 if(!dyn_buf || !WriteFile(cookie_handle, dyn_buf, strlen(dyn_buf), &bytes_written, NULL)) {
452 heap_free(dyn_buf);
453 do_save = FALSE;
454 break;
456 heap_free(dyn_buf);
457 if(!WriteFile(cookie_handle, "\n", 1, &bytes_written, NULL)) {
458 do_save = FALSE;
459 break;
462 dyn_buf = heap_strdupWtoA(container->domain->domain);
463 if(!dyn_buf || !WriteFile(cookie_handle, dyn_buf, strlen(dyn_buf), &bytes_written, NULL)) {
464 heap_free(dyn_buf);
465 do_save = FALSE;
466 break;
468 heap_free(dyn_buf);
470 len = WideCharToMultiByte(CP_ACP, 0, container->path.str, container->path.len, NULL, 0, NULL, NULL);
471 dyn_buf = heap_alloc(len+1);
472 if(dyn_buf) {
473 WideCharToMultiByte(CP_ACP, 0, container->path.str, container->path.len, dyn_buf, len, NULL, NULL);
474 dyn_buf[len] = 0;
476 if(!dyn_buf || !WriteFile(cookie_handle, dyn_buf, strlen(dyn_buf), &bytes_written, NULL)) {
477 heap_free(dyn_buf);
478 do_save = FALSE;
479 break;
481 heap_free(dyn_buf);
483 sprintf(buf, "\n%u\n%u\n%u\n%u\n%u\n*\n", cookie_container->flags,
484 cookie_container->expiry.dwLowDateTime, cookie_container->expiry.dwHighDateTime,
485 cookie_container->create.dwLowDateTime, cookie_container->create.dwHighDateTime);
486 if(!WriteFile(cookie_handle, buf, strlen(buf), &bytes_written, NULL)) {
487 do_save = FALSE;
488 break;
492 CloseHandle(cookie_handle);
493 if(!do_save) {
494 ERR("error saving cookie file\n");
495 DeleteFileW(cookie_file);
496 return FALSE;
499 memset(&time, 0, sizeof(time));
500 return CommitUrlCacheEntryW(container->cookie_url, cookie_file, time, time, 0, NULL, 0, txtW, 0);
503 static BOOL cookie_parse_url(const WCHAR *url, substr_t *host, substr_t *path)
505 URL_COMPONENTSW comp = { sizeof(comp) };
506 static const WCHAR rootW[] = {'/',0};
508 comp.dwHostNameLength = 1;
509 comp.dwUrlPathLength = 1;
511 if(!InternetCrackUrlW(url, 0, 0, &comp) || !comp.dwHostNameLength)
512 return FALSE;
514 /* discard the webpage off the end of the path */
515 while(comp.dwUrlPathLength && comp.lpszUrlPath[comp.dwUrlPathLength-1] != '/')
516 comp.dwUrlPathLength--;
518 *host = substr(comp.lpszHostName, comp.dwHostNameLength);
519 *path = comp.dwUrlPathLength ? substr(comp.lpszUrlPath, comp.dwUrlPathLength) : substr(rootW, 1);
520 return TRUE;
523 typedef struct {
524 cookie_t **cookies;
525 unsigned cnt;
526 unsigned size;
528 unsigned string_len;
529 } cookie_set_t;
531 static DWORD get_cookie(substr_t host, substr_t path, DWORD flags, cookie_set_t *res)
533 static const WCHAR empty_path[] = { '/',0 };
535 const WCHAR *p;
536 cookie_domain_t *domain;
537 cookie_container_t *container;
538 FILETIME tm;
540 GetSystemTimeAsFileTime(&tm);
542 p = host.str + host.len;
543 while(p > host.str && p[-1] != '.') p--;
544 while(p != host.str) {
545 p--;
546 while(p > host.str && p[-1] != '.') p--;
547 if(p == host.str) break;
549 load_persistent_cookie(substr(p, host.str+host.len-p), substr(empty_path, 1));
552 p = path.str + path.len;
553 do {
554 load_persistent_cookie(host, substr(path.str, p-path.str));
556 p--;
557 while(p > path.str && p[-1] != '/') p--;
558 }while(p != path.str);
560 domain = get_cookie_domain(host, FALSE);
561 if(!domain) {
562 TRACE("Unknown host %s\n", debugstr_wn(host.str, host.len));
563 return ERROR_NO_MORE_ITEMS;
566 for(domain = get_cookie_domain(host, FALSE); domain; domain = domain->parent) {
567 LIST_FOR_EACH_ENTRY(container, &domain->path_list, cookie_container_t, entry) {
568 struct list *cursor, *cursor2;
570 if(!cookie_match_path(container, path))
571 continue;
573 LIST_FOR_EACH_SAFE(cursor, cursor2, &container->cookie_list) {
574 cookie_t *cookie_iter = LIST_ENTRY(cursor, cookie_t, entry);
576 /* check for expiry */
577 if((cookie_iter->expiry.dwLowDateTime != 0 || cookie_iter->expiry.dwHighDateTime != 0)
578 && CompareFileTime(&tm, &cookie_iter->expiry) > 0) {
579 TRACE("Found expired cookie. deleting\n");
580 delete_cookie(cookie_iter);
581 continue;
584 if((cookie_iter->flags & INTERNET_COOKIE_HTTPONLY) && !(flags & INTERNET_COOKIE_HTTPONLY))
585 continue;
587 if(!res->size) {
588 res->cookies = heap_alloc(4*sizeof(*res->cookies));
589 if(!res->cookies)
590 continue;
591 res->size = 4;
592 }else if(res->cnt == res->size) {
593 cookie_t **new_cookies = heap_realloc(res->cookies, res->size*2*sizeof(*res->cookies));
594 if(!new_cookies)
595 continue;
596 res->cookies = new_cookies;
597 res->size *= 2;
600 TRACE("%s = %s domain %s path %s\n", debugstr_w(cookie_iter->name), debugstr_w(cookie_iter->data),
601 debugstr_w(domain->domain), debugstr_wn(container->path.str, container->path.len));
603 if(res->cnt)
604 res->string_len += 2; /* '; ' */
605 res->cookies[res->cnt++] = cookie_iter;
607 res->string_len += lstrlenW(cookie_iter->name);
608 if(*cookie_iter->data)
609 res->string_len += 1 /* = */ + lstrlenW(cookie_iter->data);
614 return ERROR_SUCCESS;
617 static void cookie_set_to_string(const cookie_set_t *cookie_set, WCHAR *str)
619 WCHAR *ptr = str;
620 unsigned i, len;
622 for(i=0; i<cookie_set->cnt; i++) {
623 if(i) {
624 *ptr++ = ';';
625 *ptr++ = ' ';
628 len = lstrlenW(cookie_set->cookies[i]->name);
629 memcpy(ptr, cookie_set->cookies[i]->name, len*sizeof(WCHAR));
630 ptr += len;
632 if(*cookie_set->cookies[i]->data) {
633 *ptr++ = '=';
634 len = lstrlenW(cookie_set->cookies[i]->data);
635 memcpy(ptr, cookie_set->cookies[i]->data, len*sizeof(WCHAR));
636 ptr += len;
640 assert(ptr-str == cookie_set->string_len);
641 TRACE("%s\n", debugstr_wn(str, ptr-str));
644 DWORD get_cookie_header(const WCHAR *host, const WCHAR *path, WCHAR **ret)
646 cookie_set_t cookie_set = {0};
647 DWORD res;
649 static const WCHAR cookieW[] = {'C','o','o','k','i','e',':',' '};
651 EnterCriticalSection(&cookie_cs);
653 res = get_cookie(substrz(host), substrz(path), INTERNET_COOKIE_HTTPONLY, &cookie_set);
654 if(res != ERROR_SUCCESS) {
655 LeaveCriticalSection(&cookie_cs);
656 return res;
659 if(cookie_set.cnt) {
660 WCHAR *header, *ptr;
662 ptr = header = heap_alloc(sizeof(cookieW) + (cookie_set.string_len + 3 /* crlf0 */) * sizeof(WCHAR));
663 if(header) {
664 memcpy(ptr, cookieW, sizeof(cookieW));
665 ptr += ARRAY_SIZE(cookieW);
667 cookie_set_to_string(&cookie_set, ptr);
668 heap_free(cookie_set.cookies);
669 ptr += cookie_set.string_len;
671 *ptr++ = '\r';
672 *ptr++ = '\n';
673 *ptr++ = 0;
675 *ret = header;
676 }else {
677 res = ERROR_NOT_ENOUGH_MEMORY;
679 }else {
680 *ret = NULL;
683 LeaveCriticalSection(&cookie_cs);
684 return res;
687 static void free_cookie_domain_list(struct list *list)
689 cookie_container_t *container;
690 cookie_domain_t *domain;
692 while(!list_empty(list)) {
693 domain = LIST_ENTRY(list_head(list), cookie_domain_t, entry);
695 free_cookie_domain_list(&domain->subdomain_list);
697 while(!list_empty(&domain->path_list)) {
698 container = LIST_ENTRY(list_head(&domain->path_list), cookie_container_t, entry);
700 while(!list_empty(&container->cookie_list))
701 delete_cookie(LIST_ENTRY(list_head(&container->cookie_list), cookie_t, entry));
703 heap_free(container->cookie_url);
704 list_remove(&container->entry);
705 heap_free(container);
708 heap_free(domain->domain);
709 list_remove(&domain->entry);
710 heap_free(domain);
714 /***********************************************************************
715 * InternetGetCookieExW (WININET.@)
717 * Retrieve cookie from the specified url
719 * It should be noted that on windows the lpszCookieName parameter is "not implemented".
720 * So it won't be implemented here.
722 * RETURNS
723 * TRUE on success
724 * FALSE on failure
727 BOOL WINAPI InternetGetCookieExW(LPCWSTR lpszUrl, LPCWSTR lpszCookieName,
728 LPWSTR lpCookieData, LPDWORD lpdwSize, DWORD flags, void *reserved)
730 cookie_set_t cookie_set = {0};
731 substr_t host, path;
732 DWORD res;
733 BOOL ret;
735 TRACE("(%s, %s, %p, %p, %x, %p)\n", debugstr_w(lpszUrl),debugstr_w(lpszCookieName), lpCookieData, lpdwSize, flags, reserved);
737 if (flags & ~INTERNET_COOKIE_HTTPONLY)
738 FIXME("flags 0x%08x not supported\n", flags);
740 if (!lpszUrl)
742 SetLastError(ERROR_INVALID_PARAMETER);
743 return FALSE;
746 ret = cookie_parse_url(lpszUrl, &host, &path);
747 if (!ret) {
748 SetLastError(ERROR_INVALID_PARAMETER);
749 return FALSE;
752 EnterCriticalSection(&cookie_cs);
754 res = get_cookie(host, path, flags, &cookie_set);
755 if(res != ERROR_SUCCESS) {
756 LeaveCriticalSection(&cookie_cs);
757 SetLastError(res);
758 return FALSE;
761 if(cookie_set.cnt) {
762 if(!lpCookieData || cookie_set.string_len+1 > *lpdwSize) {
763 *lpdwSize = (cookie_set.string_len + 1) * sizeof(WCHAR);
764 TRACE("returning %u\n", *lpdwSize);
765 if(lpCookieData) {
766 SetLastError(ERROR_INSUFFICIENT_BUFFER);
767 ret = FALSE;
769 }else {
770 *lpdwSize = cookie_set.string_len + 1;
771 cookie_set_to_string(&cookie_set, lpCookieData);
772 lpCookieData[cookie_set.string_len] = 0;
774 }else {
775 TRACE("no cookies found for %s\n", debugstr_wn(host.str, host.len));
776 SetLastError(ERROR_NO_MORE_ITEMS);
777 ret = FALSE;
780 heap_free(cookie_set.cookies);
781 LeaveCriticalSection(&cookie_cs);
782 return ret;
785 /***********************************************************************
786 * InternetGetCookieW (WININET.@)
788 * Retrieve cookie for the specified URL.
790 BOOL WINAPI InternetGetCookieW(const WCHAR *url, const WCHAR *name, WCHAR *data, DWORD *size)
792 TRACE("(%s, %s, %s, %p)\n", debugstr_w(url), debugstr_w(name), debugstr_w(data), size);
794 return InternetGetCookieExW(url, name, data, size, 0, NULL);
797 /***********************************************************************
798 * InternetGetCookieExA (WININET.@)
800 * Retrieve cookie from the specified url
802 * RETURNS
803 * TRUE on success
804 * FALSE on failure
807 BOOL WINAPI InternetGetCookieExA(LPCSTR lpszUrl, LPCSTR lpszCookieName,
808 LPSTR lpCookieData, LPDWORD lpdwSize, DWORD flags, void *reserved)
810 WCHAR *url, *name;
811 DWORD len, size = 0;
812 BOOL r;
814 TRACE("(%s %s %p %p(%u) %x %p)\n", debugstr_a(lpszUrl), debugstr_a(lpszCookieName),
815 lpCookieData, lpdwSize, lpdwSize ? *lpdwSize : 0, flags, reserved);
817 url = heap_strdupAtoW(lpszUrl);
818 name = heap_strdupAtoW(lpszCookieName);
820 r = InternetGetCookieExW( url, name, NULL, &len, flags, reserved );
821 if( r )
823 WCHAR *szCookieData;
825 szCookieData = heap_alloc(len * sizeof(WCHAR));
826 if( !szCookieData )
828 r = FALSE;
830 else
832 r = InternetGetCookieExW( url, name, szCookieData, &len, flags, reserved );
834 if(r) {
835 size = WideCharToMultiByte( CP_ACP, 0, szCookieData, len, NULL, 0, NULL, NULL);
836 if(lpCookieData) {
837 if(*lpdwSize >= size) {
838 WideCharToMultiByte( CP_ACP, 0, szCookieData, len, lpCookieData, *lpdwSize, NULL, NULL);
839 }else {
840 SetLastError(ERROR_INSUFFICIENT_BUFFER);
841 r = FALSE;
846 heap_free( szCookieData );
849 *lpdwSize = size;
850 heap_free( name );
851 heap_free( url );
852 return r;
855 /***********************************************************************
856 * InternetGetCookieA (WININET.@)
858 * See InternetGetCookieW.
860 BOOL WINAPI InternetGetCookieA(const char *url, const char *name, char *data, DWORD *size)
862 TRACE("(%s, %s, %p, %p)\n", debugstr_a(url), debugstr_a(name), data, size);
864 return InternetGetCookieExA(url, name, data, size, 0, NULL);
867 static BOOL is_domain_legal_for_cookie(substr_t domain, substr_t full_domain)
869 const WCHAR *ptr;
871 if(!domain.len || *domain.str == '.' || !full_domain.len || *full_domain.str == '.') {
872 SetLastError(ERROR_INVALID_NAME);
873 return FALSE;
876 if(domain.len > full_domain.len || !wmemchr(domain.str, '.', domain.len) || !wmemchr(full_domain.str, '.', full_domain.len))
877 return FALSE;
879 ptr = full_domain.str + full_domain.len - domain.len;
880 if (wcsnicmp(domain.str, ptr, domain.len) || (full_domain.len > domain.len && ptr[-1] != '.')) {
881 SetLastError(ERROR_INVALID_PARAMETER);
882 return FALSE;
885 return TRUE;
888 /***********************************************************************
889 * IsDomainLegalCookieDomainW (WININET.@)
891 BOOL WINAPI IsDomainLegalCookieDomainW(const WCHAR *domain, const WCHAR *full_domain)
893 FIXME("(%s, %s) semi-stub\n", debugstr_w(domain), debugstr_w(full_domain));
895 if (!domain || !full_domain) {
896 SetLastError(ERROR_INVALID_PARAMETER);
897 return FALSE;
900 return is_domain_legal_for_cookie(substrz(domain), substrz(full_domain));
903 static void substr_skip(substr_t *str, size_t len)
905 assert(str->len >= len);
906 str->str += len;
907 str->len -= len;
910 DWORD set_cookie(substr_t domain, substr_t path, substr_t name, substr_t data, DWORD flags)
912 cookie_container_t *container;
913 cookie_t *thisCookie;
914 substr_t value;
915 const WCHAR *end_ptr;
916 FILETIME expiry, create;
917 BOOL expired = FALSE, update_persistent = FALSE;
918 DWORD cookie_flags = 0, len;
920 TRACE("%s %s %s=%s %x\n", debugstr_wn(domain.str, domain.len), debugstr_wn(path.str, path.len),
921 debugstr_wn(name.str, name.len), debugstr_wn(data.str, data.len), flags);
923 memset(&expiry,0,sizeof(expiry));
924 GetSystemTimeAsFileTime(&create);
926 /* lots of information can be parsed out of the cookie value */
928 if(!(end_ptr = wmemchr(data.str, ';', data.len)))
929 end_ptr = data.str + data.len;
930 value = substr(data.str, end_ptr-data.str);
931 data.str += value.len;
932 data.len -= value.len;
934 for(;;) {
935 static const WCHAR szDomain[] = {'d','o','m','a','i','n','='};
936 static const WCHAR szPath[] = {'p','a','t','h','='};
937 static const WCHAR szExpires[] = {'e','x','p','i','r','e','s','='};
938 static const WCHAR szSecure[] = {'s','e','c','u','r','e'};
939 static const WCHAR szHttpOnly[] = {'h','t','t','p','o','n','l','y'};
940 static const WCHAR szVersion[] = {'v','e','r','s','i','o','n','='};
941 static const WCHAR max_ageW[] = {'m','a','x','-','a','g','e','='};
943 /* Skip ';' */
944 if(data.len)
945 substr_skip(&data, 1);
947 while(data.len && *data.str == ' ')
948 substr_skip(&data, 1);
950 if(!data.len)
951 break;
953 if(!(end_ptr = wmemchr(data.str, ';', data.len)))
954 end_ptr = data.str + data.len;
956 if(data.len >= (len = ARRAY_SIZE(szDomain)) && !wcsnicmp(data.str, szDomain, len)) {
957 substr_skip(&data, len);
959 if(data.len && *data.str == '.')
960 substr_skip(&data, 1);
962 if(!is_domain_legal_for_cookie(substr(data.str, end_ptr-data.str), domain))
963 return COOKIE_STATE_UNKNOWN;
965 domain = substr(data.str, end_ptr-data.str);
966 TRACE("Parsing new domain %s\n", debugstr_wn(domain.str, domain.len));
967 }else if(data.len >= (len = ARRAY_SIZE(szPath)) && !wcsnicmp(data.str, szPath, len)) {
968 substr_skip(&data, len);
969 path = substr(data.str, end_ptr - data.str);
970 TRACE("Parsing new path %s\n", debugstr_wn(path.str, path.len));
971 }else if(data.len >= (len = ARRAY_SIZE(szExpires)) && !wcsnicmp(data.str, szExpires, len)) {
972 SYSTEMTIME st;
973 WCHAR buf[128];
975 substr_skip(&data, len);
977 if(end_ptr - data.str < ARRAY_SIZE(buf)-1) {
978 memcpy(buf, data.str, data.len*sizeof(WCHAR));
979 buf[data.len] = 0;
981 if (InternetTimeToSystemTimeW(data.str, &st, 0)) {
982 SystemTimeToFileTime(&st, &expiry);
984 if (CompareFileTime(&create,&expiry) > 0) {
985 TRACE("Cookie already expired.\n");
986 expired = TRUE;
990 }else if(data.len >= (len = ARRAY_SIZE(szSecure)) && !wcsnicmp(data.str, szSecure, len)) {
991 substr_skip(&data, len);
992 FIXME("secure not handled\n");
993 }else if(data.len >= (len = ARRAY_SIZE(szHttpOnly)) && !wcsnicmp(data.str, szHttpOnly, len)) {
994 substr_skip(&data, len);
996 if(!(flags & INTERNET_COOKIE_HTTPONLY)) {
997 WARN("HTTP only cookie added without INTERNET_COOKIE_HTTPONLY flag\n");
998 SetLastError(ERROR_INVALID_OPERATION);
999 return COOKIE_STATE_REJECT;
1002 cookie_flags |= INTERNET_COOKIE_HTTPONLY;
1003 }else if(data.len >= (len = ARRAY_SIZE(szVersion)) && !wcsnicmp(data.str, szVersion, len)) {
1004 substr_skip(&data, len);
1006 FIXME("version not handled (%s)\n",debugstr_wn(data.str, data.len));
1007 }else if(data.len >= (len = ARRAY_SIZE(max_ageW)) && !wcsnicmp(data.str, max_ageW, len)) {
1008 /* Native doesn't support Max-Age attribute. */
1009 WARN("Max-Age ignored\n");
1010 }else if(data.len) {
1011 FIXME("Unknown additional option %s\n", debugstr_wn(data.str, data.len));
1014 substr_skip(&data, end_ptr - data.str);
1017 EnterCriticalSection(&cookie_cs);
1019 load_persistent_cookie(domain, path);
1021 container = get_cookie_container(domain, path, !expired);
1022 if(!container) {
1023 LeaveCriticalSection(&cookie_cs);
1024 return COOKIE_STATE_ACCEPT;
1027 if(!expiry.dwLowDateTime && !expiry.dwHighDateTime)
1028 cookie_flags |= INTERNET_COOKIE_IS_SESSION;
1029 else
1030 update_persistent = TRUE;
1032 if ((thisCookie = find_cookie(container, name))) {
1033 if ((thisCookie->flags & INTERNET_COOKIE_HTTPONLY) && !(flags & INTERNET_COOKIE_HTTPONLY)) {
1034 WARN("An attempt to override httponly cookie\n");
1035 SetLastError(ERROR_INVALID_OPERATION);
1036 LeaveCriticalSection(&cookie_cs);
1037 return COOKIE_STATE_REJECT;
1040 if (!(thisCookie->flags & INTERNET_COOKIE_IS_SESSION))
1041 update_persistent = TRUE;
1042 delete_cookie(thisCookie);
1045 TRACE("setting cookie %s=%s for domain %s path %s\n", debugstr_wn(name.str, name.len),
1046 debugstr_wn(value.str, value.len), debugstr_w(container->domain->domain),
1047 debugstr_wn(container->path.str, container->path.len));
1049 if (!expired) {
1050 cookie_t *new_cookie;
1052 new_cookie = alloc_cookie(name, value, expiry, create, cookie_flags);
1053 if(!new_cookie) {
1054 LeaveCriticalSection(&cookie_cs);
1055 return COOKIE_STATE_UNKNOWN;
1058 add_cookie(container, new_cookie);
1061 if (!update_persistent || save_persistent_cookie(container))
1063 LeaveCriticalSection(&cookie_cs);
1064 return COOKIE_STATE_ACCEPT;
1066 LeaveCriticalSection(&cookie_cs);
1067 return COOKIE_STATE_UNKNOWN;
1070 /***********************************************************************
1071 * InternetSetCookieExW (WININET.@)
1073 * Sets cookie for the specified url
1075 DWORD WINAPI InternetSetCookieExW(LPCWSTR lpszUrl, LPCWSTR lpszCookieName,
1076 LPCWSTR lpCookieData, DWORD flags, DWORD_PTR reserved)
1078 substr_t host, path, name, data;
1079 BOOL ret;
1081 TRACE("(%s, %s, %s, %x, %lx)\n", debugstr_w(lpszUrl), debugstr_w(lpszCookieName),
1082 debugstr_w(lpCookieData), flags, reserved);
1084 if (flags & ~INTERNET_COOKIE_HTTPONLY)
1085 FIXME("flags %x not supported\n", flags);
1087 if (!lpszUrl || !lpCookieData)
1089 SetLastError(ERROR_INVALID_PARAMETER);
1090 return COOKIE_STATE_UNKNOWN;
1093 ret = cookie_parse_url(lpszUrl, &host, &path);
1094 if (!ret || !host.len) return COOKIE_STATE_UNKNOWN;
1096 if (!lpszCookieName) {
1097 const WCHAR *ptr;
1099 /* some apps (or is it us??) try to add a cookie with no cookie name, but
1100 * the cookie data in the form of name[=data].
1102 if (!(ptr = wcschr(lpCookieData, '=')))
1103 ptr = lpCookieData + lstrlenW(lpCookieData);
1105 name = substr(lpCookieData, ptr - lpCookieData);
1106 data = substrz(*ptr == '=' ? ptr+1 : ptr);
1107 }else {
1108 name = substrz(lpszCookieName);
1109 data = substrz(lpCookieData);
1112 return set_cookie(host, path, name, data, flags);
1115 /***********************************************************************
1116 * InternetSetCookieW (WININET.@)
1118 * Sets a cookie for the specified URL.
1120 BOOL WINAPI InternetSetCookieW(const WCHAR *url, const WCHAR *name, const WCHAR *data)
1122 TRACE("(%s, %s, %s)\n", debugstr_w(url), debugstr_w(name), debugstr_w(data));
1124 return InternetSetCookieExW(url, name, data, 0, 0) == COOKIE_STATE_ACCEPT;
1127 /***********************************************************************
1128 * InternetSetCookieA (WININET.@)
1130 * Sets cookie for the specified url
1132 * RETURNS
1133 * TRUE on success
1134 * FALSE on failure
1137 BOOL WINAPI InternetSetCookieA(LPCSTR lpszUrl, LPCSTR lpszCookieName,
1138 LPCSTR lpCookieData)
1140 LPWSTR data, url, name;
1141 BOOL r;
1143 TRACE("(%s,%s,%s)\n", debugstr_a(lpszUrl),
1144 debugstr_a(lpszCookieName), debugstr_a(lpCookieData));
1146 url = heap_strdupAtoW(lpszUrl);
1147 name = heap_strdupAtoW(lpszCookieName);
1148 data = heap_strdupAtoW(lpCookieData);
1150 r = InternetSetCookieW( url, name, data );
1152 heap_free( data );
1153 heap_free( name );
1154 heap_free( url );
1155 return r;
1158 /***********************************************************************
1159 * InternetSetCookieExA (WININET.@)
1161 * See InternetSetCookieExW.
1163 DWORD WINAPI InternetSetCookieExA( LPCSTR lpszURL, LPCSTR lpszCookieName, LPCSTR lpszCookieData,
1164 DWORD dwFlags, DWORD_PTR dwReserved)
1166 WCHAR *data, *url, *name;
1167 DWORD r;
1169 TRACE("(%s, %s, %s, %x, %lx)\n", debugstr_a(lpszURL), debugstr_a(lpszCookieName),
1170 debugstr_a(lpszCookieData), dwFlags, dwReserved);
1172 url = heap_strdupAtoW(lpszURL);
1173 name = heap_strdupAtoW(lpszCookieName);
1174 data = heap_strdupAtoW(lpszCookieData);
1176 r = InternetSetCookieExW(url, name, data, dwFlags, dwReserved);
1178 heap_free( data );
1179 heap_free( name );
1180 heap_free( url );
1181 return r;
1184 /***********************************************************************
1185 * InternetClearAllPerSiteCookieDecisions (WININET.@)
1187 * Clears all per-site decisions about cookies.
1189 * RETURNS
1190 * TRUE on success
1191 * FALSE on failure
1194 BOOL WINAPI InternetClearAllPerSiteCookieDecisions( VOID )
1196 FIXME("stub\n");
1197 return TRUE;
1200 /***********************************************************************
1201 * InternetEnumPerSiteCookieDecisionA (WININET.@)
1203 * See InternetEnumPerSiteCookieDecisionW.
1205 BOOL WINAPI InternetEnumPerSiteCookieDecisionA( LPSTR pszSiteName, ULONG *pcSiteNameSize,
1206 ULONG *pdwDecision, ULONG dwIndex )
1208 FIXME("(%s, %p, %p, 0x%08x) stub\n",
1209 debugstr_a(pszSiteName), pcSiteNameSize, pdwDecision, dwIndex);
1210 return FALSE;
1213 /***********************************************************************
1214 * InternetEnumPerSiteCookieDecisionW (WININET.@)
1216 * Enumerates all per-site decisions about cookies.
1218 * RETURNS
1219 * TRUE on success
1220 * FALSE on failure
1223 BOOL WINAPI InternetEnumPerSiteCookieDecisionW( LPWSTR pszSiteName, ULONG *pcSiteNameSize,
1224 ULONG *pdwDecision, ULONG dwIndex )
1226 FIXME("(%s, %p, %p, 0x%08x) stub\n",
1227 debugstr_w(pszSiteName), pcSiteNameSize, pdwDecision, dwIndex);
1228 return FALSE;
1231 /***********************************************************************
1232 * InternetGetPerSiteCookieDecisionA (WININET.@)
1234 BOOL WINAPI InternetGetPerSiteCookieDecisionA( LPCSTR pwchHostName, ULONG *pResult )
1236 FIXME("(%s, %p) stub\n", debugstr_a(pwchHostName), pResult);
1237 return FALSE;
1240 /***********************************************************************
1241 * InternetGetPerSiteCookieDecisionW (WININET.@)
1243 BOOL WINAPI InternetGetPerSiteCookieDecisionW( LPCWSTR pwchHostName, ULONG *pResult )
1245 FIXME("(%s, %p) stub\n", debugstr_w(pwchHostName), pResult);
1246 return FALSE;
1249 /***********************************************************************
1250 * InternetSetPerSiteCookieDecisionA (WININET.@)
1252 BOOL WINAPI InternetSetPerSiteCookieDecisionA( LPCSTR pchHostName, DWORD dwDecision )
1254 FIXME("(%s, 0x%08x) stub\n", debugstr_a(pchHostName), dwDecision);
1255 return FALSE;
1258 /***********************************************************************
1259 * InternetSetPerSiteCookieDecisionW (WININET.@)
1261 BOOL WINAPI InternetSetPerSiteCookieDecisionW( LPCWSTR pchHostName, DWORD dwDecision )
1263 FIXME("(%s, 0x%08x) stub\n", debugstr_w(pchHostName), dwDecision);
1264 return FALSE;
1267 void free_cookie(void)
1269 EnterCriticalSection(&cookie_cs);
1271 free_cookie_domain_list(&domain_list);
1273 LeaveCriticalSection(&cookie_cs);