xref: /reactos/dll/win32/wininet/cookie.c (revision b5218987)
1 /*
2  * Wininet - cookie handling stuff
3  *
4  * Copyright 2002 TransGaming Technologies Inc.
5  *
6  * David Hammerton
7  *
8  * This library is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU Lesser General Public
10  * License as published by the Free Software Foundation; either
11  * version 2.1 of the License, or (at your option) any later version.
12  *
13  * This library is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16  * Lesser General Public License for more details.
17  *
18  * You should have received a copy of the GNU Lesser General Public
19  * License along with this library; if not, write to the Free Software
20  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
21  */
22 
23 #include "ws2tcpip.h"
24 
25 #include <stdarg.h>
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <assert.h>
30 
31 #include "windef.h"
32 #include "winbase.h"
33 #include "wininet.h"
34 #include "lmcons.h"
35 #include "winerror.h"
36 
37 #include "wine/debug.h"
38 #include "internet.h"
39 
40 #define RESPONSE_TIMEOUT        30            /* FROM internet.c */
41 
42 
43 WINE_DEFAULT_DEBUG_CHANNEL(wininet);
44 
45 /* FIXME
46  *     Cookies could use A LOT OF MEMORY. We need some kind of memory management here!
47  */
48 
49 struct _cookie_domain_t;
50 struct _cookie_container_t;
51 
52 typedef struct _cookie_t {
53     struct list entry;
54 
55     struct _cookie_container_t *container;
56 
57     WCHAR *name;
58     WCHAR *data;
59     DWORD flags;
60     FILETIME expiry;
61     FILETIME create;
62 } cookie_t;
63 
64 typedef struct _cookie_container_t {
65     struct list entry;
66 
67     WCHAR *cookie_url;
68     substr_t path;
69     struct _cookie_domain_t *domain;
70 
71     struct list cookie_list;
72 } cookie_container_t;
73 
74 typedef struct _cookie_domain_t {
75     struct list entry;
76 
77     WCHAR *domain;
78     unsigned subdomain_len;
79 
80     struct _cookie_domain_t *parent;
81     struct list subdomain_list;
82 
83     /* List of stored paths sorted by length of the path. */
84     struct list path_list;
85 } cookie_domain_t;
86 
87 static CRITICAL_SECTION cookie_cs;
88 static CRITICAL_SECTION_DEBUG cookie_cs_debug =
89 {
90     0, 0, &cookie_cs,
91     { &cookie_cs_debug.ProcessLocksList, &cookie_cs_debug.ProcessLocksList },
92     0, 0, { (DWORD_PTR)(__FILE__ ": cookie_cs") }
93 };
94 static CRITICAL_SECTION cookie_cs = { &cookie_cs_debug, -1, 0, 0, 0, 0 };
95 static struct list domain_list = LIST_INIT(domain_list);
96 
97 static cookie_domain_t *get_cookie_domain(substr_t domain, BOOL create)
98 {
99     const WCHAR *ptr = domain.str + domain.len, *ptr_end, *subdomain_ptr;
100     cookie_domain_t *iter, *current_domain, *prev_domain = NULL;
101     struct list *current_list = &domain_list;
102 
103     while(1) {
104         for(ptr_end = ptr--; ptr > domain.str && *ptr != '.'; ptr--);
105         subdomain_ptr = *ptr == '.' ? ptr+1 : ptr;
106 
107         current_domain = NULL;
108         LIST_FOR_EACH_ENTRY(iter, current_list, cookie_domain_t, entry) {
109             if(ptr_end-subdomain_ptr == iter->subdomain_len
110                     && !memcmp(subdomain_ptr, iter->domain, iter->subdomain_len*sizeof(WCHAR))) {
111                 current_domain = iter;
112                 break;
113             }
114         }
115 
116         if(!current_domain) {
117             if(!create)
118                 return prev_domain;
119 
120             current_domain = heap_alloc(sizeof(*current_domain));
121             if(!current_domain)
122                 return NULL;
123 
124             current_domain->domain = heap_strndupW(subdomain_ptr, domain.str + domain.len - subdomain_ptr);
125             if(!current_domain->domain) {
126                 heap_free(current_domain);
127                 return NULL;
128             }
129 
130             current_domain->subdomain_len = ptr_end-subdomain_ptr;
131 
132             current_domain->parent = prev_domain;
133             list_init(&current_domain->path_list);
134             list_init(&current_domain->subdomain_list);
135 
136             list_add_tail(current_list, &current_domain->entry);
137         }
138 
139         if(ptr == domain.str)
140             return current_domain;
141 
142         prev_domain = current_domain;
143         current_list = &current_domain->subdomain_list;
144     }
145 }
146 
147 static WCHAR *create_cookie_url(substr_t domain, substr_t path, substr_t *ret_path)
148 {
149     WCHAR user[UNLEN], *p, *url;
150     DWORD len, user_len, i;
151 
152     static const WCHAR cookie_prefix[] = {'C','o','o','k','i','e',':'};
153 
154     user_len = ARRAY_SIZE(user);
155     if(!GetUserNameW(user, &user_len))
156         return FALSE;
157     user_len--;
158 
159     len = ARRAY_SIZE(cookie_prefix) + user_len + 1 /* @ */ + domain.len + path.len;
160     url = heap_alloc((len+1) * sizeof(WCHAR));
161     if(!url)
162         return NULL;
163 
164     memcpy(url, cookie_prefix, sizeof(cookie_prefix));
165     p = url + ARRAY_SIZE(cookie_prefix);
166 
167     memcpy(p, user, user_len*sizeof(WCHAR));
168     p += user_len;
169 
170     *p++ = '@';
171 
172     memcpy(p, domain.str, domain.len*sizeof(WCHAR));
173     p += domain.len;
174 
175     for(i=0; i < path.len; i++)
176         p[i] = tolowerW(path.str[i]);
177     p[path.len] = 0;
178 
179     ret_path->str = p;
180     ret_path->len = path.len;
181     return url;
182 }
183 
184 static cookie_container_t *get_cookie_container(substr_t domain, substr_t path, BOOL create)
185 {
186     cookie_domain_t *cookie_domain;
187     cookie_container_t *cookie_container, *iter;
188 
189     cookie_domain = get_cookie_domain(domain, create);
190     if(!cookie_domain)
191         return NULL;
192 
193     LIST_FOR_EACH_ENTRY(cookie_container, &cookie_domain->path_list, cookie_container_t, entry) {
194         if(cookie_container->path.len < path.len)
195             break;
196 
197         if(path.len == cookie_container->path.len && !strncmpiW(cookie_container->path.str, path.str, path.len))
198             return cookie_container;
199     }
200 
201     if(!create)
202         return NULL;
203 
204     cookie_container = heap_alloc(sizeof(*cookie_container));
205     if(!cookie_container)
206         return NULL;
207 
208     cookie_container->cookie_url = create_cookie_url(substrz(cookie_domain->domain), path, &cookie_container->path);
209     if(!cookie_container->cookie_url) {
210         heap_free(cookie_container);
211         return NULL;
212     }
213 
214     cookie_container->domain = cookie_domain;
215     list_init(&cookie_container->cookie_list);
216 
217     LIST_FOR_EACH_ENTRY(iter, &cookie_domain->path_list, cookie_container_t, entry) {
218         if(iter->path.len <= path.len) {
219             list_add_before(&iter->entry, &cookie_container->entry);
220             return cookie_container;
221         }
222     }
223 
224     list_add_tail(&cookie_domain->path_list, &cookie_container->entry);
225     return cookie_container;
226 }
227 
228 static void delete_cookie(cookie_t *cookie)
229 {
230     list_remove(&cookie->entry);
231 
232     heap_free(cookie->name);
233     heap_free(cookie->data);
234     heap_free(cookie);
235 }
236 
237 static cookie_t *alloc_cookie(substr_t name, substr_t data, FILETIME expiry, FILETIME create_time, DWORD flags)
238 {
239     cookie_t *new_cookie;
240 
241     new_cookie = heap_alloc_zero(sizeof(*new_cookie));
242     if(!new_cookie)
243         return NULL;
244 
245     new_cookie->expiry = expiry;
246     new_cookie->create = create_time;
247     new_cookie->flags = flags;
248     list_init(&new_cookie->entry);
249 
250     if(name.str && !(new_cookie->name = heap_strndupW(name.str, name.len))) {
251         delete_cookie(new_cookie);
252         return NULL;
253     }
254 
255     if(data.str && !(new_cookie->data = heap_strndupW(data.str, data.len))) {
256         delete_cookie(new_cookie);
257         return NULL;
258     }
259 
260     return new_cookie;
261 }
262 
263 static cookie_t *find_cookie(cookie_container_t *container, substr_t name)
264 {
265     cookie_t *iter;
266 
267     LIST_FOR_EACH_ENTRY(iter, &container->cookie_list, cookie_t, entry) {
268         if(strlenW(iter->name) == name.len && !strncmpiW(iter->name, name.str, name.len))
269             return iter;
270     }
271 
272     return NULL;
273 }
274 
275 static void add_cookie(cookie_container_t *container, cookie_t *new_cookie)
276 {
277     TRACE("Adding %s=%s to %s\n", debugstr_w(new_cookie->name), debugstr_w(new_cookie->data),
278           debugstr_w(container->cookie_url));
279 
280     list_add_tail(&container->cookie_list, &new_cookie->entry);
281     new_cookie->container = container;
282 }
283 
284 static void replace_cookie(cookie_container_t *container, cookie_t *new_cookie)
285 {
286     cookie_t *old_cookie;
287 
288     old_cookie = find_cookie(container, substrz(new_cookie->name));
289     if(old_cookie)
290         delete_cookie(old_cookie);
291 
292     add_cookie(container, new_cookie);
293 }
294 
295 static BOOL cookie_match_path(cookie_container_t *container, substr_t path)
296 {
297     return path.len >= container->path.len && !strncmpiW(container->path.str, path.str, container->path.len);
298 }
299 
300 static BOOL load_persistent_cookie(substr_t domain, substr_t path)
301 {
302     INTERNET_CACHE_ENTRY_INFOW *info;
303     cookie_container_t *cookie_container;
304     cookie_t *new_cookie;
305     HANDLE cookie;
306     char *str = NULL, *pbeg, *pend;
307     DWORD size, flags;
308     WCHAR *name, *data;
309     FILETIME expiry, create, time;
310 
311     cookie_container = get_cookie_container(domain, path, TRUE);
312     if(!cookie_container)
313         return FALSE;
314 
315     size = 0;
316     RetrieveUrlCacheEntryStreamW(cookie_container->cookie_url, NULL, &size, FALSE, 0);
317     if(GetLastError() != ERROR_INSUFFICIENT_BUFFER)
318         return TRUE;
319     info = heap_alloc(size);
320     if(!info)
321         return FALSE;
322     cookie = RetrieveUrlCacheEntryStreamW(cookie_container->cookie_url, info, &size, FALSE, 0);
323     size = info->dwSizeLow;
324     heap_free(info);
325     if(!cookie)
326         return FALSE;
327 
328     if(!(str = heap_alloc(size+1)) || !ReadUrlCacheEntryStream(cookie, 0, str, &size, 0)) {
329         UnlockUrlCacheEntryStream(cookie, 0);
330         heap_free(str);
331         return FALSE;
332     }
333     str[size] = 0;
334     UnlockUrlCacheEntryStream(cookie, 0);
335 
336     GetSystemTimeAsFileTime(&time);
337     for(pbeg=str; pbeg && *pbeg; name=data=NULL) {
338         pend = strchr(pbeg, '\n');
339         if(!pend)
340             break;
341         *pend = 0;
342         name = heap_strdupAtoW(pbeg);
343 
344         pbeg = pend+1;
345         pend = strchr(pbeg, '\n');
346         if(!pend)
347             break;
348         *pend = 0;
349         data = heap_strdupAtoW(pbeg);
350 
351         pbeg = strchr(pend+1, '\n');
352         if(!pbeg)
353             break;
354         sscanf(pbeg, "%u %u %u %u %u", &flags, &expiry.dwLowDateTime, &expiry.dwHighDateTime,
355                 &create.dwLowDateTime, &create.dwHighDateTime);
356 
357         /* skip "*\n" */
358         pbeg = strchr(pbeg, '*');
359         if(pbeg) {
360             pbeg++;
361             if(*pbeg)
362                 pbeg++;
363         }
364 
365         if(!name || !data)
366             break;
367 
368         if(CompareFileTime(&time, &expiry) <= 0) {
369             new_cookie = alloc_cookie(substr(NULL, 0), substr(NULL, 0), expiry, create, flags);
370             if(!new_cookie)
371                 break;
372 
373             new_cookie->name = name;
374             new_cookie->data = data;
375 
376             replace_cookie(cookie_container, new_cookie);
377         }else {
378             heap_free(name);
379             heap_free(data);
380         }
381     }
382     heap_free(str);
383     heap_free(name);
384     heap_free(data);
385 
386     return TRUE;
387 }
388 
389 static BOOL save_persistent_cookie(cookie_container_t *container)
390 {
391     static const WCHAR txtW[] = {'t','x','t',0};
392 
393     WCHAR cookie_file[MAX_PATH];
394     HANDLE cookie_handle;
395     cookie_t *cookie_container = NULL, *cookie_iter;
396     BOOL do_save = FALSE;
397     char buf[64], *dyn_buf;
398     FILETIME time;
399     DWORD bytes_written;
400     size_t len;
401 
402     /* check if there's anything to save */
403     GetSystemTimeAsFileTime(&time);
404     LIST_FOR_EACH_ENTRY_SAFE(cookie_container, cookie_iter, &container->cookie_list, cookie_t, entry)
405     {
406         if((cookie_container->expiry.dwLowDateTime || cookie_container->expiry.dwHighDateTime)
407                 && CompareFileTime(&time, &cookie_container->expiry) > 0) {
408             delete_cookie(cookie_container);
409             continue;
410         }
411 
412         if(!(cookie_container->flags & INTERNET_COOKIE_IS_SESSION)) {
413             do_save = TRUE;
414             break;
415         }
416     }
417 
418     if(!do_save) {
419         DeleteUrlCacheEntryW(container->cookie_url);
420         return TRUE;
421     }
422 
423     if(!CreateUrlCacheEntryW(container->cookie_url, 0, txtW, cookie_file, 0))
424         return FALSE;
425 
426     cookie_handle = CreateFileW(cookie_file, GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL);
427     if(cookie_handle == INVALID_HANDLE_VALUE) {
428         DeleteFileW(cookie_file);
429         return FALSE;
430     }
431 
432     LIST_FOR_EACH_ENTRY(cookie_container, &container->cookie_list, cookie_t, entry)
433     {
434         if(cookie_container->flags & INTERNET_COOKIE_IS_SESSION)
435             continue;
436 
437         dyn_buf = heap_strdupWtoA(cookie_container->name);
438         if(!dyn_buf || !WriteFile(cookie_handle, dyn_buf, strlen(dyn_buf), &bytes_written, NULL)) {
439             heap_free(dyn_buf);
440             do_save = FALSE;
441             break;
442         }
443         heap_free(dyn_buf);
444         if(!WriteFile(cookie_handle, "\n", 1, &bytes_written, NULL)) {
445             do_save = FALSE;
446             break;
447         }
448 
449         dyn_buf = heap_strdupWtoA(cookie_container->data);
450         if(!dyn_buf || !WriteFile(cookie_handle, dyn_buf, strlen(dyn_buf), &bytes_written, NULL)) {
451             heap_free(dyn_buf);
452             do_save = FALSE;
453             break;
454         }
455         heap_free(dyn_buf);
456         if(!WriteFile(cookie_handle, "\n", 1, &bytes_written, NULL)) {
457             do_save = FALSE;
458             break;
459         }
460 
461         dyn_buf = heap_strdupWtoA(container->domain->domain);
462         if(!dyn_buf || !WriteFile(cookie_handle, dyn_buf, strlen(dyn_buf), &bytes_written, NULL)) {
463             heap_free(dyn_buf);
464             do_save = FALSE;
465             break;
466         }
467         heap_free(dyn_buf);
468 
469         len = WideCharToMultiByte(CP_ACP, 0, container->path.str, container->path.len, NULL, 0, NULL, NULL);
470         dyn_buf = heap_alloc(len+1);
471         if(dyn_buf) {
472             WideCharToMultiByte(CP_ACP, 0, container->path.str, container->path.len, dyn_buf, len, NULL, NULL);
473             dyn_buf[len] = 0;
474         }
475         if(!dyn_buf || !WriteFile(cookie_handle, dyn_buf, strlen(dyn_buf), &bytes_written, NULL)) {
476             heap_free(dyn_buf);
477             do_save = FALSE;
478             break;
479         }
480         heap_free(dyn_buf);
481 
482         sprintf(buf, "\n%u\n%u\n%u\n%u\n%u\n*\n", cookie_container->flags,
483                 cookie_container->expiry.dwLowDateTime, cookie_container->expiry.dwHighDateTime,
484                 cookie_container->create.dwLowDateTime, cookie_container->create.dwHighDateTime);
485         if(!WriteFile(cookie_handle, buf, strlen(buf), &bytes_written, NULL)) {
486             do_save = FALSE;
487             break;
488         }
489     }
490 
491     CloseHandle(cookie_handle);
492     if(!do_save) {
493         ERR("error saving cookie file\n");
494         DeleteFileW(cookie_file);
495         return FALSE;
496     }
497 
498     memset(&time, 0, sizeof(time));
499     return CommitUrlCacheEntryW(container->cookie_url, cookie_file, time, time, 0, NULL, 0, txtW, 0);
500 }
501 
502 static BOOL cookie_parse_url(const WCHAR *url, substr_t *host, substr_t *path)
503 {
504     URL_COMPONENTSW comp = { sizeof(comp) };
505     static const WCHAR rootW[] = {'/',0};
506 
507     comp.dwHostNameLength = 1;
508     comp.dwUrlPathLength = 1;
509 
510     if(!InternetCrackUrlW(url, 0, 0, &comp) || !comp.dwHostNameLength)
511         return FALSE;
512 
513     /* discard the webpage off the end of the path */
514     while(comp.dwUrlPathLength && comp.lpszUrlPath[comp.dwUrlPathLength-1] != '/')
515         comp.dwUrlPathLength--;
516 
517     *host = substr(comp.lpszHostName, comp.dwHostNameLength);
518     *path = comp.dwUrlPathLength ? substr(comp.lpszUrlPath, comp.dwUrlPathLength) : substr(rootW, 1);
519     return TRUE;
520 }
521 
522 typedef struct {
523     cookie_t **cookies;
524     unsigned cnt;
525     unsigned size;
526 
527     unsigned string_len;
528 } cookie_set_t;
529 
530 static DWORD get_cookie(substr_t host, substr_t path, DWORD flags, cookie_set_t *res)
531 {
532     static const WCHAR empty_path[] = { '/',0 };
533 
534     const WCHAR *p;
535     cookie_domain_t *domain;
536     cookie_container_t *container;
537     FILETIME tm;
538 
539     GetSystemTimeAsFileTime(&tm);
540 
541     p = host.str + host.len;
542     while(p > host.str && p[-1] != '.') p--;
543     while(p != host.str) {
544         p--;
545         while(p > host.str && p[-1] != '.') p--;
546         if(p == host.str) break;
547 
548         load_persistent_cookie(substr(p, host.str+host.len-p), substr(empty_path, 1));
549     }
550 
551     p = path.str + path.len;
552     do {
553         load_persistent_cookie(host, substr(path.str, p-path.str));
554 
555         p--;
556         while(p > path.str && p[-1] != '/') p--;
557     }while(p != path.str);
558 
559     domain = get_cookie_domain(host, FALSE);
560     if(!domain) {
561         TRACE("Unknown host %s\n", debugstr_wn(host.str, host.len));
562         return ERROR_NO_MORE_ITEMS;
563     }
564 
565     for(domain = get_cookie_domain(host, FALSE); domain; domain = domain->parent) {
566         LIST_FOR_EACH_ENTRY(container, &domain->path_list, cookie_container_t, entry) {
567             struct list *cursor, *cursor2;
568 
569             if(!cookie_match_path(container, path))
570                 continue;
571 
572             LIST_FOR_EACH_SAFE(cursor, cursor2, &container->cookie_list) {
573                 cookie_t *cookie_iter = LIST_ENTRY(cursor, cookie_t, entry);
574 
575                 /* check for expiry */
576                 if((cookie_iter->expiry.dwLowDateTime != 0 || cookie_iter->expiry.dwHighDateTime != 0)
577                     && CompareFileTime(&tm, &cookie_iter->expiry)  > 0) {
578                     TRACE("Found expired cookie. deleting\n");
579                     delete_cookie(cookie_iter);
580                     continue;
581                 }
582 
583                 if((cookie_iter->flags & INTERNET_COOKIE_HTTPONLY) && !(flags & INTERNET_COOKIE_HTTPONLY))
584                     continue;
585 
586                 if(!res->size) {
587                     res->cookies = heap_alloc(4*sizeof(*res->cookies));
588                     if(!res->cookies)
589                         continue;
590                     res->size = 4;
591                 }else if(res->cnt == res->size) {
592                     cookie_t **new_cookies = heap_realloc(res->cookies, res->size*2*sizeof(*res->cookies));
593                     if(!new_cookies)
594                         continue;
595                     res->cookies = new_cookies;
596                     res->size *= 2;
597                 }
598 
599                 TRACE("%s = %s domain %s path %s\n", debugstr_w(cookie_iter->name), debugstr_w(cookie_iter->data),
600                       debugstr_w(domain->domain), debugstr_wn(container->path.str, container->path.len));
601 
602                 if(res->cnt)
603                     res->string_len += 2; /* '; ' */
604                 res->cookies[res->cnt++] = cookie_iter;
605 
606                 res->string_len += strlenW(cookie_iter->name);
607                 if(*cookie_iter->data)
608                     res->string_len += 1 /* = */ + strlenW(cookie_iter->data);
609             }
610         }
611     }
612 
613     return ERROR_SUCCESS;
614 }
615 
616 static void cookie_set_to_string(const cookie_set_t *cookie_set, WCHAR *str)
617 {
618     WCHAR *ptr = str;
619     unsigned i, len;
620 
621     for(i=0; i<cookie_set->cnt; i++) {
622         if(i) {
623             *ptr++ = ';';
624             *ptr++ = ' ';
625         }
626 
627         len = strlenW(cookie_set->cookies[i]->name);
628         memcpy(ptr, cookie_set->cookies[i]->name, len*sizeof(WCHAR));
629         ptr += len;
630 
631         if(*cookie_set->cookies[i]->data) {
632             *ptr++ = '=';
633             len = strlenW(cookie_set->cookies[i]->data);
634             memcpy(ptr, cookie_set->cookies[i]->data, len*sizeof(WCHAR));
635             ptr += len;
636         }
637     }
638 
639     assert(ptr-str == cookie_set->string_len);
640     TRACE("%s\n", debugstr_wn(str, ptr-str));
641 }
642 
643 DWORD get_cookie_header(const WCHAR *host, const WCHAR *path, WCHAR **ret)
644 {
645     cookie_set_t cookie_set = {0};
646     DWORD res;
647 
648     static const WCHAR cookieW[] = {'C','o','o','k','i','e',':',' '};
649 
650     EnterCriticalSection(&cookie_cs);
651 
652     res = get_cookie(substrz(host), substrz(path), INTERNET_COOKIE_HTTPONLY, &cookie_set);
653     if(res != ERROR_SUCCESS) {
654         LeaveCriticalSection(&cookie_cs);
655         return res;
656     }
657 
658     if(cookie_set.cnt) {
659         WCHAR *header, *ptr;
660 
661         ptr = header = heap_alloc(sizeof(cookieW) + (cookie_set.string_len + 3 /* crlf0 */) * sizeof(WCHAR));
662         if(header) {
663             memcpy(ptr, cookieW, sizeof(cookieW));
664             ptr += ARRAY_SIZE(cookieW);
665 
666             cookie_set_to_string(&cookie_set, ptr);
667             heap_free(cookie_set.cookies);
668             ptr += cookie_set.string_len;
669 
670             *ptr++ = '\r';
671             *ptr++ = '\n';
672             *ptr++ = 0;
673 
674             *ret = header;
675         }else {
676             res = ERROR_NOT_ENOUGH_MEMORY;
677         }
678     }else {
679         *ret = NULL;
680     }
681 
682     LeaveCriticalSection(&cookie_cs);
683     return res;
684 }
685 
686 static void free_cookie_domain_list(struct list *list)
687 {
688     cookie_container_t *container;
689     cookie_domain_t *domain;
690 
691     while(!list_empty(list)) {
692         domain = LIST_ENTRY(list_head(list), cookie_domain_t, entry);
693 
694         free_cookie_domain_list(&domain->subdomain_list);
695 
696         while(!list_empty(&domain->path_list)) {
697             container = LIST_ENTRY(list_head(&domain->path_list), cookie_container_t, entry);
698 
699             while(!list_empty(&container->cookie_list))
700                 delete_cookie(LIST_ENTRY(list_head(&container->cookie_list), cookie_t, entry));
701 
702             heap_free(container->cookie_url);
703             list_remove(&container->entry);
704             heap_free(container);
705         }
706 
707         heap_free(domain->domain);
708         list_remove(&domain->entry);
709         heap_free(domain);
710     }
711 }
712 
713 /***********************************************************************
714  *           InternetGetCookieExW (WININET.@)
715  *
716  * Retrieve cookie from the specified url
717  *
718  *  It should be noted that on windows the lpszCookieName parameter is "not implemented".
719  *    So it won't be implemented here.
720  *
721  * RETURNS
722  *    TRUE  on success
723  *    FALSE on failure
724  *
725  */
726 BOOL WINAPI InternetGetCookieExW(LPCWSTR lpszUrl, LPCWSTR lpszCookieName,
727         LPWSTR lpCookieData, LPDWORD lpdwSize, DWORD flags, void *reserved)
728 {
729     cookie_set_t cookie_set = {0};
730     substr_t host, path;
731     DWORD res;
732     BOOL ret;
733 
734     TRACE("(%s, %s, %p, %p, %x, %p)\n", debugstr_w(lpszUrl),debugstr_w(lpszCookieName), lpCookieData, lpdwSize, flags, reserved);
735 
736     if (flags & ~INTERNET_COOKIE_HTTPONLY)
737         FIXME("flags 0x%08x not supported\n", flags);
738 
739     if (!lpszUrl)
740     {
741         SetLastError(ERROR_INVALID_PARAMETER);
742         return FALSE;
743     }
744 
745     ret = cookie_parse_url(lpszUrl, &host, &path);
746     if (!ret) {
747         SetLastError(ERROR_INVALID_PARAMETER);
748         return FALSE;
749     }
750 
751     EnterCriticalSection(&cookie_cs);
752 
753     res = get_cookie(host, path, flags, &cookie_set);
754     if(res != ERROR_SUCCESS) {
755         LeaveCriticalSection(&cookie_cs);
756         SetLastError(res);
757         return FALSE;
758     }
759 
760     if(cookie_set.cnt) {
761         if(!lpCookieData || cookie_set.string_len+1 > *lpdwSize) {
762             *lpdwSize = (cookie_set.string_len + 1) * sizeof(WCHAR);
763             TRACE("returning %u\n", *lpdwSize);
764             if(lpCookieData) {
765                 SetLastError(ERROR_INSUFFICIENT_BUFFER);
766                 ret = FALSE;
767             }
768         }else {
769             *lpdwSize = cookie_set.string_len + 1;
770             cookie_set_to_string(&cookie_set, lpCookieData);
771             lpCookieData[cookie_set.string_len] = 0;
772         }
773     }else {
774         TRACE("no cookies found for %s\n", debugstr_wn(host.str, host.len));
775         SetLastError(ERROR_NO_MORE_ITEMS);
776         ret = FALSE;
777     }
778 
779     heap_free(cookie_set.cookies);
780     LeaveCriticalSection(&cookie_cs);
781     return ret;
782 }
783 
784 /***********************************************************************
785  *           InternetGetCookieW (WININET.@)
786  *
787  * Retrieve cookie for the specified URL.
788  */
789 BOOL WINAPI InternetGetCookieW(const WCHAR *url, const WCHAR *name, WCHAR *data, DWORD *size)
790 {
791     TRACE("(%s, %s, %s, %p)\n", debugstr_w(url), debugstr_w(name), debugstr_w(data), size);
792 
793     return InternetGetCookieExW(url, name, data, size, 0, NULL);
794 }
795 
796 /***********************************************************************
797  *           InternetGetCookieExA (WININET.@)
798  *
799  * Retrieve cookie from the specified url
800  *
801  * RETURNS
802  *    TRUE  on success
803  *    FALSE on failure
804  *
805  */
806 BOOL WINAPI InternetGetCookieExA(LPCSTR lpszUrl, LPCSTR lpszCookieName,
807         LPSTR lpCookieData, LPDWORD lpdwSize, DWORD flags, void *reserved)
808 {
809     WCHAR *url, *name;
810     DWORD len, size = 0;
811     BOOL r;
812 
813     TRACE("(%s %s %p %p(%u) %x %p)\n", debugstr_a(lpszUrl), debugstr_a(lpszCookieName),
814           lpCookieData, lpdwSize, lpdwSize ? *lpdwSize : 0, flags, reserved);
815 
816     url = heap_strdupAtoW(lpszUrl);
817     name = heap_strdupAtoW(lpszCookieName);
818 
819     r = InternetGetCookieExW( url, name, NULL, &len, flags, reserved );
820     if( r )
821     {
822         WCHAR *szCookieData;
823 
824         szCookieData = heap_alloc(len * sizeof(WCHAR));
825         if( !szCookieData )
826         {
827             r = FALSE;
828         }
829         else
830         {
831             r = InternetGetCookieExW( url, name, szCookieData, &len, flags, reserved );
832 
833             if(r) {
834                 size = WideCharToMultiByte( CP_ACP, 0, szCookieData, len, NULL, 0, NULL, NULL);
835                 if(lpCookieData) {
836                     if(*lpdwSize >= size) {
837                         WideCharToMultiByte( CP_ACP, 0, szCookieData, len, lpCookieData, *lpdwSize, NULL, NULL);
838                     }else {
839                         SetLastError(ERROR_INSUFFICIENT_BUFFER);
840                         r = FALSE;
841                     }
842                 }
843             }
844 
845             heap_free( szCookieData );
846         }
847     }
848     *lpdwSize = size;
849     heap_free( name );
850     heap_free( url );
851     return r;
852 }
853 
854 /***********************************************************************
855  *           InternetGetCookieA (WININET.@)
856  *
857  * See InternetGetCookieW.
858  */
859 BOOL WINAPI InternetGetCookieA(const char *url, const char *name, char *data, DWORD *size)
860 {
861     TRACE("(%s, %s, %p, %p)\n", debugstr_a(url), debugstr_a(name), data, size);
862 
863     return InternetGetCookieExA(url, name, data, size, 0, NULL);
864 }
865 
866 static BOOL is_domain_legal_for_cookie(substr_t domain, substr_t full_domain)
867 {
868     const WCHAR *ptr;
869 
870     if(!domain.len || *domain.str == '.' || !full_domain.len || *full_domain.str == '.') {
871         SetLastError(ERROR_INVALID_NAME);
872         return FALSE;
873     }
874 
875     if(domain.len > full_domain.len || !memchrW(domain.str, '.', domain.len) || !memchrW(full_domain.str, '.', full_domain.len))
876         return FALSE;
877 
878     ptr = full_domain.str + full_domain.len - domain.len;
879     if (strncmpiW(domain.str, ptr, domain.len) || (full_domain.len > domain.len && ptr[-1] != '.')) {
880         SetLastError(ERROR_INVALID_PARAMETER);
881         return FALSE;
882     }
883 
884     return TRUE;
885 }
886 
887 /***********************************************************************
888  *           IsDomainLegalCookieDomainW (WININET.@)
889  */
890 BOOL WINAPI IsDomainLegalCookieDomainW(const WCHAR *domain, const WCHAR *full_domain)
891 {
892     FIXME("(%s, %s) semi-stub\n", debugstr_w(domain), debugstr_w(full_domain));
893 
894     if (!domain || !full_domain) {
895         SetLastError(ERROR_INVALID_PARAMETER);
896         return FALSE;
897     }
898 
899     return is_domain_legal_for_cookie(substrz(domain), substrz(full_domain));
900 }
901 
902 static void substr_skip(substr_t *str, size_t len)
903 {
904     assert(str->len >= len);
905     str->str += len;
906     str->len -= len;
907 }
908 
909 DWORD set_cookie(substr_t domain, substr_t path, substr_t name, substr_t data, DWORD flags)
910 {
911     cookie_container_t *container;
912     cookie_t *thisCookie;
913     substr_t value;
914     const WCHAR *end_ptr;
915     FILETIME expiry, create;
916     BOOL expired = FALSE, update_persistent = FALSE;
917     DWORD cookie_flags = 0, len;
918 
919     TRACE("%s %s %s=%s %x\n", debugstr_wn(domain.str, domain.len), debugstr_wn(path.str, path.len),
920           debugstr_wn(name.str, name.len), debugstr_wn(data.str, data.len), flags);
921 
922     memset(&expiry,0,sizeof(expiry));
923     GetSystemTimeAsFileTime(&create);
924 
925     /* lots of information can be parsed out of the cookie value */
926 
927     if(!(end_ptr = memchrW(data.str, ';', data.len)))
928        end_ptr = data.str + data.len;
929     value = substr(data.str, end_ptr-data.str);
930     data.str += value.len;
931     data.len -= value.len;
932 
933     for(;;) {
934         static const WCHAR szDomain[] = {'d','o','m','a','i','n','='};
935         static const WCHAR szPath[] = {'p','a','t','h','='};
936         static const WCHAR szExpires[] = {'e','x','p','i','r','e','s','='};
937         static const WCHAR szSecure[] = {'s','e','c','u','r','e'};
938         static const WCHAR szHttpOnly[] = {'h','t','t','p','o','n','l','y'};
939         static const WCHAR szVersion[] = {'v','e','r','s','i','o','n','='};
940         static const WCHAR max_ageW[] = {'m','a','x','-','a','g','e','='};
941 
942         /* Skip ';' */
943         if(data.len)
944             substr_skip(&data, 1);
945 
946         while(data.len && *data.str == ' ')
947             substr_skip(&data, 1);
948 
949         if(!data.len)
950             break;
951 
952         if(!(end_ptr = memchrW(data.str, ';', data.len)))
953             end_ptr = data.str + data.len;
954 
955         if(data.len >= (len = ARRAY_SIZE(szDomain)) && !strncmpiW(data.str, szDomain, len)) {
956             substr_skip(&data, len);
957 
958             if(data.len && *data.str == '.')
959                 substr_skip(&data, 1);
960 
961             if(!is_domain_legal_for_cookie(substr(data.str, end_ptr-data.str), domain))
962                 return COOKIE_STATE_UNKNOWN;
963 
964             domain = substr(data.str, end_ptr-data.str);
965             TRACE("Parsing new domain %s\n", debugstr_wn(domain.str, domain.len));
966         }else if(data.len >= (len = ARRAY_SIZE(szPath)) && !strncmpiW(data.str, szPath, len)) {
967             substr_skip(&data, len);
968             path = substr(data.str, end_ptr - data.str);
969             TRACE("Parsing new path %s\n", debugstr_wn(path.str, path.len));
970         }else if(data.len >= (len = ARRAY_SIZE(szExpires)) && !strncmpiW(data.str, szExpires, len)) {
971             SYSTEMTIME st;
972             WCHAR buf[128];
973 
974             substr_skip(&data, len);
975 
976             if(end_ptr - data.str < ARRAY_SIZE(buf)-1) {
977                 memcpy(buf, data.str, data.len*sizeof(WCHAR));
978                 buf[data.len] = 0;
979 
980                 if (InternetTimeToSystemTimeW(data.str, &st, 0)) {
981                     SystemTimeToFileTime(&st, &expiry);
982 
983                     if (CompareFileTime(&create,&expiry) > 0) {
984                         TRACE("Cookie already expired.\n");
985                         expired = TRUE;
986                     }
987                 }
988             }
989         }else if(data.len >= (len = ARRAY_SIZE(szSecure)) && !strncmpiW(data.str, szSecure, len)) {
990             substr_skip(&data, len);
991             FIXME("secure not handled\n");
992         }else if(data.len >= (len = ARRAY_SIZE(szHttpOnly)) && !strncmpiW(data.str, szHttpOnly, len)) {
993             substr_skip(&data, len);
994 
995             if(!(flags & INTERNET_COOKIE_HTTPONLY)) {
996                 WARN("HTTP only cookie added without INTERNET_COOKIE_HTTPONLY flag\n");
997                 SetLastError(ERROR_INVALID_OPERATION);
998                 return COOKIE_STATE_REJECT;
999             }
1000 
1001             cookie_flags |= INTERNET_COOKIE_HTTPONLY;
1002         }else if(data.len >= (len = ARRAY_SIZE(szVersion)) && !strncmpiW(data.str, szVersion, len)) {
1003             substr_skip(&data, len);
1004 
1005             FIXME("version not handled (%s)\n",debugstr_wn(data.str, data.len));
1006         }else if(data.len >= (len = ARRAY_SIZE(max_ageW)) && !strncmpiW(data.str, max_ageW, len)) {
1007             /* Native doesn't support Max-Age attribute. */
1008             WARN("Max-Age ignored\n");
1009         }else if(data.len) {
1010             FIXME("Unknown additional option %s\n", debugstr_wn(data.str, data.len));
1011         }
1012 
1013         substr_skip(&data, end_ptr - data.str);
1014     }
1015 
1016     EnterCriticalSection(&cookie_cs);
1017 
1018     load_persistent_cookie(domain, path);
1019 
1020     container = get_cookie_container(domain, path, !expired);
1021     if(!container) {
1022         LeaveCriticalSection(&cookie_cs);
1023         return COOKIE_STATE_ACCEPT;
1024     }
1025 
1026     if(!expiry.dwLowDateTime && !expiry.dwHighDateTime)
1027         cookie_flags |= INTERNET_COOKIE_IS_SESSION;
1028     else
1029         update_persistent = TRUE;
1030 
1031     if ((thisCookie = find_cookie(container, name))) {
1032         if ((thisCookie->flags & INTERNET_COOKIE_HTTPONLY) && !(flags & INTERNET_COOKIE_HTTPONLY)) {
1033             WARN("An attempt to override httponly cookie\n");
1034             SetLastError(ERROR_INVALID_OPERATION);
1035             LeaveCriticalSection(&cookie_cs);
1036             return COOKIE_STATE_REJECT;
1037         }
1038 
1039         if (!(thisCookie->flags & INTERNET_COOKIE_IS_SESSION))
1040             update_persistent = TRUE;
1041         delete_cookie(thisCookie);
1042     }
1043 
1044     TRACE("setting cookie %s=%s for domain %s path %s\n", debugstr_wn(name.str, name.len),
1045           debugstr_wn(value.str, value.len), debugstr_w(container->domain->domain),
1046           debugstr_wn(container->path.str, container->path.len));
1047 
1048     if (!expired) {
1049         cookie_t *new_cookie;
1050 
1051         new_cookie = alloc_cookie(name, value, expiry, create, cookie_flags);
1052         if(!new_cookie) {
1053             LeaveCriticalSection(&cookie_cs);
1054             return COOKIE_STATE_UNKNOWN;
1055         }
1056 
1057         add_cookie(container, new_cookie);
1058     }
1059 
1060     if (!update_persistent || save_persistent_cookie(container))
1061     {
1062         LeaveCriticalSection(&cookie_cs);
1063         return COOKIE_STATE_ACCEPT;
1064     }
1065     LeaveCriticalSection(&cookie_cs);
1066     return COOKIE_STATE_UNKNOWN;
1067 }
1068 
1069 /***********************************************************************
1070  *           InternetSetCookieExW (WININET.@)
1071  *
1072  * Sets cookie for the specified url
1073  */
1074 DWORD WINAPI InternetSetCookieExW(LPCWSTR lpszUrl, LPCWSTR lpszCookieName,
1075         LPCWSTR lpCookieData, DWORD flags, DWORD_PTR reserved)
1076 {
1077     substr_t host, path, name, data;
1078     BOOL ret;
1079 
1080     TRACE("(%s, %s, %s, %x, %lx)\n", debugstr_w(lpszUrl), debugstr_w(lpszCookieName),
1081           debugstr_w(lpCookieData), flags, reserved);
1082 
1083     if (flags & ~INTERNET_COOKIE_HTTPONLY)
1084         FIXME("flags %x not supported\n", flags);
1085 
1086     if (!lpszUrl || !lpCookieData)
1087     {
1088         SetLastError(ERROR_INVALID_PARAMETER);
1089         return COOKIE_STATE_UNKNOWN;
1090     }
1091 
1092     ret = cookie_parse_url(lpszUrl, &host, &path);
1093     if (!ret || !host.len) return COOKIE_STATE_UNKNOWN;
1094 
1095     if (!lpszCookieName) {
1096         const WCHAR *ptr;
1097 
1098         /* some apps (or is it us??) try to add a cookie with no cookie name, but
1099          * the cookie data in the form of name[=data].
1100          */
1101         if (!(ptr = strchrW(lpCookieData, '=')))
1102             ptr = lpCookieData + strlenW(lpCookieData);
1103 
1104         name = substr(lpCookieData, ptr - lpCookieData);
1105         data = substrz(*ptr == '=' ? ptr+1 : ptr);
1106     }else {
1107         name = substrz(lpszCookieName);
1108         data = substrz(lpCookieData);
1109     }
1110 
1111     return set_cookie(host, path, name, data, flags);
1112 }
1113 
1114 /***********************************************************************
1115  *           InternetSetCookieW (WININET.@)
1116  *
1117  * Sets a cookie for the specified URL.
1118  */
1119 BOOL WINAPI InternetSetCookieW(const WCHAR *url, const WCHAR *name, const WCHAR *data)
1120 {
1121     TRACE("(%s, %s, %s)\n", debugstr_w(url), debugstr_w(name), debugstr_w(data));
1122 
1123     return InternetSetCookieExW(url, name, data, 0, 0) == COOKIE_STATE_ACCEPT;
1124 }
1125 
1126 /***********************************************************************
1127  *           InternetSetCookieA (WININET.@)
1128  *
1129  * Sets cookie for the specified url
1130  *
1131  * RETURNS
1132  *    TRUE  on success
1133  *    FALSE on failure
1134  *
1135  */
1136 BOOL WINAPI InternetSetCookieA(LPCSTR lpszUrl, LPCSTR lpszCookieName,
1137     LPCSTR lpCookieData)
1138 {
1139     LPWSTR data, url, name;
1140     BOOL r;
1141 
1142     TRACE("(%s,%s,%s)\n", debugstr_a(lpszUrl),
1143         debugstr_a(lpszCookieName), debugstr_a(lpCookieData));
1144 
1145     url = heap_strdupAtoW(lpszUrl);
1146     name = heap_strdupAtoW(lpszCookieName);
1147     data = heap_strdupAtoW(lpCookieData);
1148 
1149     r = InternetSetCookieW( url, name, data );
1150 
1151     heap_free( data );
1152     heap_free( name );
1153     heap_free( url );
1154     return r;
1155 }
1156 
1157 /***********************************************************************
1158  *           InternetSetCookieExA (WININET.@)
1159  *
1160  * See InternetSetCookieExW.
1161  */
1162 DWORD WINAPI InternetSetCookieExA( LPCSTR lpszURL, LPCSTR lpszCookieName, LPCSTR lpszCookieData,
1163                                    DWORD dwFlags, DWORD_PTR dwReserved)
1164 {
1165     WCHAR *data, *url, *name;
1166     DWORD r;
1167 
1168     TRACE("(%s, %s, %s, %x, %lx)\n", debugstr_a(lpszURL), debugstr_a(lpszCookieName),
1169           debugstr_a(lpszCookieData), dwFlags, dwReserved);
1170 
1171     url = heap_strdupAtoW(lpszURL);
1172     name = heap_strdupAtoW(lpszCookieName);
1173     data = heap_strdupAtoW(lpszCookieData);
1174 
1175     r = InternetSetCookieExW(url, name, data, dwFlags, dwReserved);
1176 
1177     heap_free( data );
1178     heap_free( name );
1179     heap_free( url );
1180     return r;
1181 }
1182 
1183 /***********************************************************************
1184  *           InternetClearAllPerSiteCookieDecisions (WININET.@)
1185  *
1186  * Clears all per-site decisions about cookies.
1187  *
1188  * RETURNS
1189  *    TRUE  on success
1190  *    FALSE on failure
1191  *
1192  */
1193 BOOL WINAPI InternetClearAllPerSiteCookieDecisions( VOID )
1194 {
1195     FIXME("stub\n");
1196     return TRUE;
1197 }
1198 
1199 /***********************************************************************
1200  *           InternetEnumPerSiteCookieDecisionA (WININET.@)
1201  *
1202  * See InternetEnumPerSiteCookieDecisionW.
1203  */
1204 BOOL WINAPI InternetEnumPerSiteCookieDecisionA( LPSTR pszSiteName, ULONG *pcSiteNameSize,
1205                                                 ULONG *pdwDecision, ULONG dwIndex )
1206 {
1207     FIXME("(%s, %p, %p, 0x%08x) stub\n",
1208           debugstr_a(pszSiteName), pcSiteNameSize, pdwDecision, dwIndex);
1209     return FALSE;
1210 }
1211 
1212 /***********************************************************************
1213  *           InternetEnumPerSiteCookieDecisionW (WININET.@)
1214  *
1215  * Enumerates all per-site decisions about cookies.
1216  *
1217  * RETURNS
1218  *    TRUE  on success
1219  *    FALSE on failure
1220  *
1221  */
1222 BOOL WINAPI InternetEnumPerSiteCookieDecisionW( LPWSTR pszSiteName, ULONG *pcSiteNameSize,
1223                                                 ULONG *pdwDecision, ULONG dwIndex )
1224 {
1225     FIXME("(%s, %p, %p, 0x%08x) stub\n",
1226           debugstr_w(pszSiteName), pcSiteNameSize, pdwDecision, dwIndex);
1227     return FALSE;
1228 }
1229 
1230 /***********************************************************************
1231  *           InternetGetPerSiteCookieDecisionA (WININET.@)
1232  */
1233 BOOL WINAPI InternetGetPerSiteCookieDecisionA( LPCSTR pwchHostName, ULONG *pResult )
1234 {
1235     FIXME("(%s, %p) stub\n", debugstr_a(pwchHostName), pResult);
1236     return FALSE;
1237 }
1238 
1239 /***********************************************************************
1240  *           InternetGetPerSiteCookieDecisionW (WININET.@)
1241  */
1242 BOOL WINAPI InternetGetPerSiteCookieDecisionW( LPCWSTR pwchHostName, ULONG *pResult )
1243 {
1244     FIXME("(%s, %p) stub\n", debugstr_w(pwchHostName), pResult);
1245     return FALSE;
1246 }
1247 
1248 /***********************************************************************
1249  *           InternetSetPerSiteCookieDecisionA (WININET.@)
1250  */
1251 BOOL WINAPI InternetSetPerSiteCookieDecisionA( LPCSTR pchHostName, DWORD dwDecision )
1252 {
1253     FIXME("(%s, 0x%08x) stub\n", debugstr_a(pchHostName), dwDecision);
1254     return FALSE;
1255 }
1256 
1257 /***********************************************************************
1258  *           InternetSetPerSiteCookieDecisionW (WININET.@)
1259  */
1260 BOOL WINAPI InternetSetPerSiteCookieDecisionW( LPCWSTR pchHostName, DWORD dwDecision )
1261 {
1262     FIXME("(%s, 0x%08x) stub\n", debugstr_w(pchHostName), dwDecision);
1263     return FALSE;
1264 }
1265 
1266 void free_cookie(void)
1267 {
1268     EnterCriticalSection(&cookie_cs);
1269 
1270     free_cookie_domain_list(&domain_list);
1271 
1272     LeaveCriticalSection(&cookie_cs);
1273 }
1274