modules/metadata/mod_usertrack.c - httpd - Git at Google

 /* Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 /* User Tracking Module (Was mod_cookies.c)
  *
  * *** IMPORTANT NOTE: This module is not designed to generate
  * *** cryptographically secure cookies.  This means you should not
  * *** use cookies generated by this module for authentication purposes
  *
  * This Apache module is designed to track users paths through a site.
  * It uses the client-side state ("Cookie") protocol developed by Netscape.
  * It is known to work on most browsers.
  *
  * Each time a page is requested we look to see if the browser is sending
  * us a Cookie: header that we previously generated.
  *
  * If we don't find one then the user hasn't been to this site since
  * starting their browser or their browser doesn't support cookies.  So
  * we generate a unique Cookie for the transaction and send it back to
  * the browser (via a "Set-Cookie" header)
  * Future requests from the same browser should keep the same Cookie line.
  *
  * By matching up all the requests with the same cookie you can
  * work out exactly what path a user took through your site.  To log
  * the cookie use the " %{Cookie}n " directive in a custom access log;
  *
  * Example 1 : If you currently use the standard Log file format (CLF)
  * and use the command "TransferLog somefilename", add the line
  *       LogFormat "%h %l %u %t \"%r\" %s %b %{Cookie}n"
  * to your config file.
  *
  * Example 2 : If you used to use the old "CookieLog" directive, you
  * can emulate it by adding the following command to your config file
  *       CustomLog filename "%{Cookie}n \"%r\" %t"
  *
  * Mark Cox, mjc@apache.org, 6 July 95
  *
  * This file replaces mod_cookies.c
  */

 #include "apr.h"
 #include "apr_lib.h"
 #include "apr_strings.h"

 #define APR_WANT_STRFUNC
 #include "apr_want.h"

 #include "httpd.h"
 #include "http_config.h"
 #include "http_core.h"
 #include "http_request.h"
 #include "http_log.h"


 module AP_MODULE_DECLARE_DATA usertrack_module;

 typedef struct {
     int always;
     int expires;
 } cookie_log_state;

 typedef enum {
     CT_UNSET,
     CT_NETSCAPE,
     CT_COOKIE,
     CT_COOKIE2
 } cookie_type_e;

 typedef struct {
     int enabled;
     cookie_type_e style;
     const char *cookie_name;
     const char *cookie_domain;
     char *regexp_string;  /* used to compile regexp; save for debugging */
     ap_regex_t *regexp;  /* used to find usertrack cookie in cookie header */
     int is_secure;
     int is_httponly;
     const char *samesite;
 } cookie_dir_rec;

 /* Make Cookie: Now we have to generate something that is going to be
  * pretty unique.  We can base it on the pid, time, hostip */

 #define COOKIE_NAME "Apache"

 static void make_cookie(request_rec *r)
 {
     cookie_log_state *cls = ap_get_module_config(r->server->module_config,
                                                  &usertrack_module);
     char cookiebuf[2 * (sizeof(apr_uint64_t) + sizeof(int)) + 2];
     unsigned int random;
     apr_time_t now = r->request_time ? r->request_time : apr_time_now();
     char *new_cookie;
     cookie_dir_rec *dcfg;

     ap_random_insecure_bytes(&random, sizeof(random));
     apr_snprintf(cookiebuf, sizeof(cookiebuf), "%x.%" APR_UINT64_T_HEX_FMT,
                  random, (apr_uint64_t)now);
     dcfg = ap_get_module_config(r->per_dir_config, &usertrack_module);
     if (cls->expires) {

         /* Cookie with date; as strftime '%a, %d-%h-%y %H:%M:%S GMT' */
         new_cookie = apr_psprintf(r->pool, "%s=%s; path=/",
                                   dcfg->cookie_name, cookiebuf);

         if ((dcfg->style == CT_UNSET) || (dcfg->style == CT_NETSCAPE)) {
             apr_time_exp_t tms;
             apr_time_exp_gmt(&tms, r->request_time
                                  + apr_time_from_sec(cls->expires));
             new_cookie = apr_psprintf(r->pool,
                                        "%s; expires=%s, "
                                        "%.2d-%s-%.2d %.2d:%.2d:%.2d GMT",
                                        new_cookie, apr_day_snames[tms.tm_wday],
                                        tms.tm_mday,
                                        apr_month_snames[tms.tm_mon],
                                        tms.tm_year % 100,
                                        tms.tm_hour, tms.tm_min, tms.tm_sec);
         }
         else {
             new_cookie = apr_psprintf(r->pool, "%s; max-age=%d",
                                       new_cookie, cls->expires);
         }
     }
     else {
         new_cookie = apr_psprintf(r->pool, "%s=%s; path=/",
                                   dcfg->cookie_name, cookiebuf);
     }
     if (dcfg->cookie_domain != NULL) {
         new_cookie = apr_pstrcat(r->pool, new_cookie, "; domain=",
                                  dcfg->cookie_domain,
                                  (dcfg->style == CT_COOKIE2
                                   ? "; version=1"
                                   : ""),
                                  NULL);
     }
     if (dcfg->samesite != NULL) {
         new_cookie = apr_pstrcat(r->pool, new_cookie, "; ",
                                  dcfg->samesite,
                                  NULL);
     }
     if (dcfg->is_secure) {
         new_cookie = apr_pstrcat(r->pool, new_cookie, "; Secure",
                                  NULL);
     }
     if (dcfg->is_httponly) {
         new_cookie = apr_pstrcat(r->pool, new_cookie, "; HttpOnly",
                                  NULL);
     }


     apr_table_addn(r->err_headers_out,
                    (dcfg->style == CT_COOKIE2 ? "Set-Cookie2" : "Set-Cookie"),
                    new_cookie);
     apr_table_setn(r->notes, "cookie", apr_pstrdup(r->pool, cookiebuf));   /* log first time */
 }

 /* dcfg->regexp is "^cookie_name=([^;]+)|;[ \t]+cookie_name=([^;]+)",
  * which has three subexpressions, $0..$2 */
 #define NUM_SUBS 3

 static void set_and_comp_regexp(cookie_dir_rec *dcfg,
                                 apr_pool_t *p,
                                 const char *cookie_name)
 {
     int danger_chars = 0;
     const char *sp = cookie_name;

     /* The goal is to end up with this regexp,
      * ^cookie_name=([^;,]+)|[;,][ \t]+cookie_name=([^;,]+)
      * with cookie_name obviously substituted either
      * with the real cookie name set by the user in httpd.conf, or with the
      * default COOKIE_NAME. */

     /* Anyway, we need to escape the cookie_name before pasting it
      * into the regex
      */
     while (*sp) {
         if (!apr_isalnum(*sp)) {
             ++danger_chars;
         }
         ++sp;
     }

     if (danger_chars) {
         char *cp;
         cp = apr_palloc(p, sp - cookie_name + danger_chars + 1); /* 1 == \0 */
         sp = cookie_name;
         cookie_name = cp;
         while (*sp) {
             if (!apr_isalnum(*sp)) {
                 *cp++ = '\\';
             }
             *cp++ = *sp++;
         }
         *cp = '\0';
     }

     dcfg->regexp_string = apr_pstrcat(p, "^",
                                       cookie_name,
                                       "=([^;,]+)|[;,][ \t]*",
                                       cookie_name,
                                       "=([^;,]+)", NULL);

     dcfg->regexp = ap_pregcomp(p, dcfg->regexp_string, AP_REG_EXTENDED);
     ap_assert(dcfg->regexp != NULL);
 }

 static int spot_cookie(request_rec *r)
 {
     cookie_dir_rec *dcfg = ap_get_module_config(r->per_dir_config,
                                                 &usertrack_module);
     const char *cookie_header;
     ap_regmatch_t regm[NUM_SUBS];

     /* Do not run in subrequests */
     if (!dcfg->enabled || r->main) {
         return DECLINED;
     }

     if ((cookie_header = apr_table_get(r->headers_in, "Cookie"))) {
         if (!ap_regexec(dcfg->regexp, cookie_header, NUM_SUBS, regm, 0)) {
             char *cookieval = NULL;
             int err = 0;
             /* Our regexp,
              * ^cookie_name=([^;]+)|;[ \t]+cookie_name=([^;]+)
              * only allows for $1 or $2 to be available. ($0 is always
              * filled with the entire matched expression, not just
              * the part in parentheses.) So just check for either one
              * and assign to cookieval if present. */
             if (regm[1].rm_so != -1) {
                 cookieval = ap_pregsub(r->pool, "$1", cookie_header,
                                        NUM_SUBS, regm);
                 if (cookieval == NULL)
                     err = 1;
             }
             if (regm[2].rm_so != -1) {
                 cookieval = ap_pregsub(r->pool, "$2", cookie_header,
                                        NUM_SUBS, regm);
                 if (cookieval == NULL)
                     err = 1;
             }
             if (err) {
                 ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, APLOGNO(01499)
                               "Failed to extract cookie value (out of mem?)");
                 return HTTP_INTERNAL_SERVER_ERROR;
             }
             /* Set the cookie in a note, for logging */
             apr_table_setn(r->notes, "cookie", cookieval);

             return DECLINED;    /* There's already a cookie, no new one */
         }
     }
     make_cookie(r);
     return OK;                  /* We set our cookie */
 }

 static void *make_cookie_log_state(apr_pool_t *p, server_rec *s)
 {
     cookie_log_state *cls =
     (cookie_log_state *) apr_palloc(p, sizeof(cookie_log_state));

     cls->expires = 0;

     return (void *) cls;
 }

 static void *make_cookie_dir(apr_pool_t *p, char *d)
 {
     cookie_dir_rec *dcfg;

     dcfg = (cookie_dir_rec *) apr_pcalloc(p, sizeof(cookie_dir_rec));
     dcfg->cookie_name = COOKIE_NAME;
     dcfg->style = CT_UNSET;
     /* calloc'ed to disabled: enabled, cookie_domain, samesite, is_secure,
      * is_httponly */

     /* In case the user does not use the CookieName directive,
      * we need to compile the regexp for the default cookie name. */
     set_and_comp_regexp(dcfg, p, COOKIE_NAME);

     return dcfg;
 }

 static const char *set_cookie_exp(cmd_parms *parms, void *dummy,
                                   const char *arg)
 {
     cookie_log_state *cls;
     time_t factor, modifier = 0;
     time_t num = 0;
     char *word;

     cls  = ap_get_module_config(parms->server->module_config,
                                 &usertrack_module);
     /* The simple case first - all numbers (we assume) */
     if (apr_isdigit(arg[0]) && apr_isdigit(arg[strlen(arg) - 1])) {
         cls->expires = atol(arg);
         return NULL;
     }

     /*
      * The harder case - stolen from mod_expires
      *
      * CookieExpires "[plus] {<num> <type>}*"
      */

     word = ap_getword_conf(parms->temp_pool, &arg);
     if (!strncasecmp(word, "plus", 1)) {
         word = ap_getword_conf(parms->temp_pool, &arg);
     };

     /* {<num> <type>}* */
     while (word[0]) {
         /* <num> */
         if (apr_isdigit(word[0]))
             num = atoi(word);
         else
             return "bad expires code, numeric value expected.";

         /* <type> */
         word = ap_getword_conf(parms->temp_pool, &arg);
         if (!word[0])
             return "bad expires code, missing <type>";

         if (!strncasecmp(word, "years", 1))
             factor = 60 * 60 * 24 * 365;
         else if (!strncasecmp(word, "months", 2))
             factor = 60 * 60 * 24 * 30;
         else if (!strncasecmp(word, "weeks", 1))
             factor = 60 * 60 * 24 * 7;
         else if (!strncasecmp(word, "days", 1))
             factor = 60 * 60 * 24;
         else if (!strncasecmp(word, "hours", 1))
             factor = 60 * 60;
         else if (!strncasecmp(word, "minutes", 2))
             factor = 60;
         else if (!strncasecmp(word, "seconds", 1))
             factor = 1;
         else
             return "bad expires code, unrecognized type";

         modifier = modifier + factor * num;

         /* next <num> */
         word = ap_getword_conf(parms->temp_pool, &arg);
     }

     cls->expires = modifier;

     return NULL;
 }

 static const char *set_cookie_name(cmd_parms *cmd, void *mconfig,
                                    const char *name)
 {
     cookie_dir_rec *dcfg = (cookie_dir_rec *) mconfig;

     dcfg->cookie_name = name;

     set_and_comp_regexp(dcfg, cmd->pool, name);

     if (dcfg->regexp == NULL) {
         return "Regular expression could not be compiled.";
     }
     if (dcfg->regexp->re_nsub + 1 != NUM_SUBS) {
         return apr_pstrcat(cmd->pool, "Invalid cookie name \"",
                            name, "\"", NULL);
     }

     return NULL;
 }

 /*
  * Set the value for the 'Domain=' attribute.
  */
 static const char *set_cookie_domain(cmd_parms *cmd, void *mconfig,
                                      const char *name)
 {
     cookie_dir_rec *dcfg;

     dcfg = (cookie_dir_rec *) mconfig;

     /*
      * Apply the restrictions on cookie domain attributes.
      */
     if (!name[0]) {
         return "CookieDomain values may not be null";
     }
     if (name[0] != '.') {
         return "CookieDomain values must begin with a dot";
     }
     if (ap_strchr_c(&name[1], '.') == NULL) {
         return "CookieDomain values must contain at least one embedded dot";
     }

     dcfg->cookie_domain = name;
     return NULL;
 }

 /*
  * Make a note of the cookie style we should use.
  */
 static const char *set_cookie_style(cmd_parms *cmd, void *mconfig,
                                     const char *name)
 {
     cookie_dir_rec *dcfg;

     dcfg = (cookie_dir_rec *) mconfig;

     if (strcasecmp(name, "Netscape") == 0) {
         dcfg->style = CT_NETSCAPE;
     }
     else if ((strcasecmp(name, "Cookie") == 0)
              || (strcasecmp(name, "RFC2109") == 0)) {
         dcfg->style = CT_COOKIE;
     }
     else if ((strcasecmp(name, "Cookie2") == 0)
              || (strcasecmp(name, "RFC2965") == 0)) {
         dcfg->style = CT_COOKIE2;
     }
     else {
         return apr_psprintf(cmd->pool, "Invalid %s keyword: '%s'",
                             cmd->cmd->name, name);
     }

     return NULL;
 }

 /*
  * SameSite enabled disabled
  */

 static const char *set_samesite_value(cmd_parms *cmd, void *mconfig,
                                     const char *name)
 {
     cookie_dir_rec *dcfg;

     dcfg = (cookie_dir_rec *) mconfig;

     if (strcasecmp(name, "strict") == 0) {
         dcfg->samesite = "SameSite=Strict";
     } else if (strcasecmp(name, "lax") == 0) {
         dcfg->samesite = "SameSite=Lax";
     } else if (strcasecmp(name, "none") == 0) {
         dcfg->samesite = "SameSite=None";
     } else {
         return "CookieSameSite accepts 'Strict', 'Lax', or 'None'";
     }


     return NULL;
 }

 static const command_rec cookie_log_cmds[] = {
     AP_INIT_TAKE1("CookieExpires", set_cookie_exp, NULL, OR_FILEINFO,
                   "an expiry date code"),
     AP_INIT_TAKE1("CookieDomain", set_cookie_domain, NULL, OR_FILEINFO,
                   "domain to which this cookie applies"),
     AP_INIT_TAKE1("CookieStyle", set_cookie_style, NULL, OR_FILEINFO,
                   "'Netscape', 'Cookie' (RFC2109), or 'Cookie2' (RFC2965)"),
     AP_INIT_FLAG("CookieTracking", ap_set_flag_slot,
                  (void *)APR_OFFSETOF(cookie_dir_rec, enabled), OR_FILEINFO,
                  "whether or not to enable cookies"),
     AP_INIT_TAKE1("CookieName", set_cookie_name, NULL, OR_FILEINFO,
                   "name of the tracking cookie"),
     AP_INIT_TAKE1("CookieSameSite", set_samesite_value, NULL, OR_FILEINFO,
                   "SameSite setting"),
     AP_INIT_FLAG("CookieSecure", ap_set_flag_slot,
                  (void *)APR_OFFSETOF(cookie_dir_rec, is_secure), OR_FILEINFO,
                  "is cookie secure"),
     AP_INIT_FLAG("CookieHttpOnly", ap_set_flag_slot,
                  (void *)APR_OFFSETOF(cookie_dir_rec, is_httponly),OR_FILEINFO,
                  "is cookie http only"),

     {NULL}
 };

 static void register_hooks(apr_pool_t *p)
 {
     ap_hook_fixups(spot_cookie,NULL,NULL,APR_HOOK_REALLY_FIRST);
 }

 AP_DECLARE_MODULE(usertrack) = {
     STANDARD20_MODULE_STUFF,
     make_cookie_dir,            /* dir config creater */
     NULL,                       /* dir merger --- default is to override */
     make_cookie_log_state,      /* server config */
     NULL,                       /* merge server configs */
     cookie_log_cmds,            /* command apr_table_t */
     register_hooks              /* register hooks */
 };
	/* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	/* User Tracking Module (Was mod_cookies.c)
	*
	* *** IMPORTANT NOTE: This module is not designed to generate
	* *** cryptographically secure cookies. This means you should not
	* *** use cookies generated by this module for authentication purposes
	*
	* This Apache module is designed to track users paths through a site.
	* It uses the client-side state ("Cookie") protocol developed by Netscape.
	* It is known to work on most browsers.
	*
	* Each time a page is requested we look to see if the browser is sending
	* us a Cookie: header that we previously generated.
	*
	* If we don't find one then the user hasn't been to this site since
	* starting their browser or their browser doesn't support cookies. So
	* we generate a unique Cookie for the transaction and send it back to
	* the browser (via a "Set-Cookie" header)
	* Future requests from the same browser should keep the same Cookie line.
	*
	* By matching up all the requests with the same cookie you can
	* work out exactly what path a user took through your site. To log
	* the cookie use the " %{Cookie}n " directive in a custom access log;
	*
	* Example 1 : If you currently use the standard Log file format (CLF)
	* and use the command "TransferLog somefilename", add the line
	* LogFormat "%h %l %u %t \"%r\" %s %b %{Cookie}n"
	* to your config file.
	*
	* Example 2 : If you used to use the old "CookieLog" directive, you
	* can emulate it by adding the following command to your config file
	* CustomLog filename "%{Cookie}n \"%r\" %t"
	*
	* Mark Cox, mjc@apache.org, 6 July 95
	*
	* This file replaces mod_cookies.c
	*/

	#include "apr.h"
	#include "apr_lib.h"
	#include "apr_strings.h"

	#define APR_WANT_STRFUNC
	#include "apr_want.h"

	#include "httpd.h"
	#include "http_config.h"
	#include "http_core.h"
	#include "http_request.h"
	#include "http_log.h"


	module AP_MODULE_DECLARE_DATA usertrack_module;

	typedef struct {
	int always;
	int expires;
	} cookie_log_state;

	typedef enum {
	CT_UNSET,
	CT_NETSCAPE,
	CT_COOKIE,
	CT_COOKIE2
	} cookie_type_e;

	typedef struct {
	int enabled;
	cookie_type_e style;
	const char *cookie_name;
	const char *cookie_domain;
	char regexp_string; / used to compile regexp; save for debugging */
	ap_regex_t regexp; / used to find usertrack cookie in cookie header */
	int is_secure;
	int is_httponly;
	const char *samesite;
	} cookie_dir_rec;

	/* Make Cookie: Now we have to generate something that is going to be
	* pretty unique. We can base it on the pid, time, hostip */

	#define COOKIE_NAME "Apache"

	static void make_cookie(request_rec *r)
	{
	cookie_log_state *cls = ap_get_module_config(r->server->module_config,
	&usertrack_module);
	char cookiebuf[2 * (sizeof(apr_uint64_t) + sizeof(int)) + 2];
	unsigned int random;
	apr_time_t now = r->request_time ? r->request_time : apr_time_now();
	char *new_cookie;
	cookie_dir_rec *dcfg;

	ap_random_insecure_bytes(&random, sizeof(random));
	apr_snprintf(cookiebuf, sizeof(cookiebuf), "%x.%" APR_UINT64_T_HEX_FMT,
	random, (apr_uint64_t)now);
	dcfg = ap_get_module_config(r->per_dir_config, &usertrack_module);
	if (cls->expires) {

	/* Cookie with date; as strftime '%a, %d-%h-%y %H:%M:%S GMT' */
	new_cookie = apr_psprintf(r->pool, "%s=%s; path=/",
	dcfg->cookie_name, cookiebuf);

	if ((dcfg->style == CT_UNSET) \|\| (dcfg->style == CT_NETSCAPE)) {
	apr_time_exp_t tms;
	apr_time_exp_gmt(&tms, r->request_time
	+ apr_time_from_sec(cls->expires));
	new_cookie = apr_psprintf(r->pool,
	"%s; expires=%s, "
	"%.2d-%s-%.2d %.2d:%.2d:%.2d GMT",
	new_cookie, apr_day_snames[tms.tm_wday],
	tms.tm_mday,
	apr_month_snames[tms.tm_mon],
	tms.tm_year % 100,
	tms.tm_hour, tms.tm_min, tms.tm_sec);
	}
	else {
	new_cookie = apr_psprintf(r->pool, "%s; max-age=%d",
	new_cookie, cls->expires);
	}
	}
	else {
	new_cookie = apr_psprintf(r->pool, "%s=%s; path=/",
	dcfg->cookie_name, cookiebuf);
	}
	if (dcfg->cookie_domain != NULL) {
	new_cookie = apr_pstrcat(r->pool, new_cookie, "; domain=",
	dcfg->cookie_domain,
	(dcfg->style == CT_COOKIE2
	? "; version=1"
	: ""),
	NULL);
	}
	if (dcfg->samesite != NULL) {
	new_cookie = apr_pstrcat(r->pool, new_cookie, "; ",
	dcfg->samesite,
	NULL);
	}
	if (dcfg->is_secure) {
	new_cookie = apr_pstrcat(r->pool, new_cookie, "; Secure",
	NULL);
	}
	if (dcfg->is_httponly) {
	new_cookie = apr_pstrcat(r->pool, new_cookie, "; HttpOnly",
	NULL);
	}



	apr_table_addn(r->err_headers_out,
	(dcfg->style == CT_COOKIE2 ? "Set-Cookie2" : "Set-Cookie"),
	new_cookie);
	apr_table_setn(r->notes, "cookie", apr_pstrdup(r->pool, cookiebuf)); /* log first time */
	}

	/* dcfg->regexp is "^cookie_name=([^;]+)\|;[ \t]+cookie_name=([^;]+)",
	* which has three subexpressions, $0..$2 */
	#define NUM_SUBS 3

	static void set_and_comp_regexp(cookie_dir_rec *dcfg,
	apr_pool_t *p,
	const char *cookie_name)
	{
	int danger_chars = 0;
	const char *sp = cookie_name;

	/* The goal is to end up with this regexp,
	* ^cookie_name=([^;,]+)\|[;,][ \t]+cookie_name=([^;,]+)
	* with cookie_name obviously substituted either
	* with the real cookie name set by the user in httpd.conf, or with the
	* default COOKIE_NAME. */

	/* Anyway, we need to escape the cookie_name before pasting it
	* into the regex
	*/
	while (*sp) {
	if (!apr_isalnum(*sp)) {
	++danger_chars;
	}
	++sp;
	}

	if (danger_chars) {
	char *cp;
	cp = apr_palloc(p, sp - cookie_name + danger_chars + 1); /* 1 == \0 */
	sp = cookie_name;
	cookie_name = cp;
	while (*sp) {
	if (!apr_isalnum(*sp)) {
	*cp++ = '\\';
	}
	cp++ = sp++;
	}
	*cp = '\0';
	}

	dcfg->regexp_string = apr_pstrcat(p, "^",
	cookie_name,
	"=([^;,]+)\|[;,][ \t]*",
	cookie_name,
	"=([^;,]+)", NULL);

	dcfg->regexp = ap_pregcomp(p, dcfg->regexp_string, AP_REG_EXTENDED);
	ap_assert(dcfg->regexp != NULL);
	}

	static int spot_cookie(request_rec *r)
	{
	cookie_dir_rec *dcfg = ap_get_module_config(r->per_dir_config,
	&usertrack_module);
	const char *cookie_header;
	ap_regmatch_t regm[NUM_SUBS];

	/* Do not run in subrequests */
	if (!dcfg->enabled \|\| r->main) {
	return DECLINED;
	}

	if ((cookie_header = apr_table_get(r->headers_in, "Cookie"))) {
	if (!ap_regexec(dcfg->regexp, cookie_header, NUM_SUBS, regm, 0)) {
	char *cookieval = NULL;
	int err = 0;
	/* Our regexp,
	* ^cookie_name=([^;]+)\|;[ \t]+cookie_name=([^;]+)
	* only allows for $1 or $2 to be available. ($0 is always
	* filled with the entire matched expression, not just
	* the part in parentheses.) So just check for either one
	* and assign to cookieval if present. */
	if (regm[1].rm_so != -1) {
	cookieval = ap_pregsub(r->pool, "$1", cookie_header,
	NUM_SUBS, regm);
	if (cookieval == NULL)
	err = 1;
	}
	if (regm[2].rm_so != -1) {
	cookieval = ap_pregsub(r->pool, "$2", cookie_header,
	NUM_SUBS, regm);
	if (cookieval == NULL)
	err = 1;
	}
	if (err) {
	ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, APLOGNO(01499)
	"Failed to extract cookie value (out of mem?)");
	return HTTP_INTERNAL_SERVER_ERROR;
	}
	/* Set the cookie in a note, for logging */
	apr_table_setn(r->notes, "cookie", cookieval);

	return DECLINED; /* There's already a cookie, no new one */
	}
	}
	make_cookie(r);
	return OK; /* We set our cookie */
	}

	static void make_cookie_log_state(apr_pool_t p, server_rec *s)
	{
	cookie_log_state *cls =
	(cookie_log_state *) apr_palloc(p, sizeof(cookie_log_state));

	cls->expires = 0;

	return (void *) cls;
	}

	static void make_cookie_dir(apr_pool_t p, char *d)
	{
	cookie_dir_rec *dcfg;

	dcfg = (cookie_dir_rec *) apr_pcalloc(p, sizeof(cookie_dir_rec));
	dcfg->cookie_name = COOKIE_NAME;
	dcfg->style = CT_UNSET;
	/* calloc'ed to disabled: enabled, cookie_domain, samesite, is_secure,
	* is_httponly */

	/* In case the user does not use the CookieName directive,
	* we need to compile the regexp for the default cookie name. */
	set_and_comp_regexp(dcfg, p, COOKIE_NAME);

	return dcfg;
	}

	static const char set_cookie_exp(cmd_parms parms, void *dummy,
	const char *arg)
	{
	cookie_log_state *cls;
	time_t factor, modifier = 0;
	time_t num = 0;
	char *word;

	cls = ap_get_module_config(parms->server->module_config,
	&usertrack_module);
	/* The simple case first - all numbers (we assume) */
	if (apr_isdigit(arg[0]) && apr_isdigit(arg[strlen(arg) - 1])) {
	cls->expires = atol(arg);
	return NULL;
	}

	/*
	* The harder case - stolen from mod_expires
	*
	* CookieExpires "[plus] {<num> <type>}*"
	*/

	word = ap_getword_conf(parms->temp_pool, &arg);
	if (!strncasecmp(word, "plus", 1)) {
	word = ap_getword_conf(parms->temp_pool, &arg);
	};

	/* {<num> <type>}* */
	while (word[0]) {
	/* <num> */
	if (apr_isdigit(word[0]))
	num = atoi(word);
	else
	return "bad expires code, numeric value expected.";

	/* <type> */
	word = ap_getword_conf(parms->temp_pool, &arg);
	if (!word[0])
	return "bad expires code, missing <type>";

	if (!strncasecmp(word, "years", 1))
	factor = 60 * 60 * 24 * 365;
	else if (!strncasecmp(word, "months", 2))
	factor = 60 * 60 * 24 * 30;
	else if (!strncasecmp(word, "weeks", 1))
	factor = 60 * 60 * 24 * 7;
	else if (!strncasecmp(word, "days", 1))
	factor = 60 * 60 * 24;
	else if (!strncasecmp(word, "hours", 1))
	factor = 60 * 60;
	else if (!strncasecmp(word, "minutes", 2))
	factor = 60;
	else if (!strncasecmp(word, "seconds", 1))
	factor = 1;
	else
	return "bad expires code, unrecognized type";

	modifier = modifier + factor * num;

	/* next <num> */
	word = ap_getword_conf(parms->temp_pool, &arg);
	}

	cls->expires = modifier;

	return NULL;
	}

	static const char set_cookie_name(cmd_parms cmd, void *mconfig,
	const char *name)
	{
	cookie_dir_rec dcfg = (cookie_dir_rec ) mconfig;

	dcfg->cookie_name = name;

	set_and_comp_regexp(dcfg, cmd->pool, name);

	if (dcfg->regexp == NULL) {
	return "Regular expression could not be compiled.";
	}
	if (dcfg->regexp->re_nsub + 1 != NUM_SUBS) {
	return apr_pstrcat(cmd->pool, "Invalid cookie name \"",
	name, "\"", NULL);
	}

	return NULL;
	}

	/*
	* Set the value for the 'Domain=' attribute.
	*/
	static const char set_cookie_domain(cmd_parms cmd, void *mconfig,
	const char *name)
	{
	cookie_dir_rec *dcfg;

	dcfg = (cookie_dir_rec *) mconfig;

	/*
	* Apply the restrictions on cookie domain attributes.
	*/
	if (!name[0]) {
	return "CookieDomain values may not be null";
	}
	if (name[0] != '.') {
	return "CookieDomain values must begin with a dot";
	}
	if (ap_strchr_c(&name[1], '.') == NULL) {
	return "CookieDomain values must contain at least one embedded dot";
	}

	dcfg->cookie_domain = name;
	return NULL;
	}

	/*
	* Make a note of the cookie style we should use.
	*/
	static const char set_cookie_style(cmd_parms cmd, void *mconfig,
	const char *name)
	{
	cookie_dir_rec *dcfg;

	dcfg = (cookie_dir_rec *) mconfig;

	if (strcasecmp(name, "Netscape") == 0) {
	dcfg->style = CT_NETSCAPE;
	}
	else if ((strcasecmp(name, "Cookie") == 0)
	\|\| (strcasecmp(name, "RFC2109") == 0)) {
	dcfg->style = CT_COOKIE;
	}
	else if ((strcasecmp(name, "Cookie2") == 0)
	\|\| (strcasecmp(name, "RFC2965") == 0)) {
	dcfg->style = CT_COOKIE2;
	}
	else {
	return apr_psprintf(cmd->pool, "Invalid %s keyword: '%s'",
	cmd->cmd->name, name);
	}

	return NULL;
	}

	/*
	* SameSite enabled disabled
	*/

	static const char set_samesite_value(cmd_parms cmd, void *mconfig,
	const char *name)
	{
	cookie_dir_rec *dcfg;

	dcfg = (cookie_dir_rec *) mconfig;

	if (strcasecmp(name, "strict") == 0) {
	dcfg->samesite = "SameSite=Strict";
	} else if (strcasecmp(name, "lax") == 0) {
	dcfg->samesite = "SameSite=Lax";
	} else if (strcasecmp(name, "none") == 0) {
	dcfg->samesite = "SameSite=None";
	} else {
	return "CookieSameSite accepts 'Strict', 'Lax', or 'None'";
	}


	return NULL;
	}

	static const command_rec cookie_log_cmds[] = {
	AP_INIT_TAKE1("CookieExpires", set_cookie_exp, NULL, OR_FILEINFO,
	"an expiry date code"),
	AP_INIT_TAKE1("CookieDomain", set_cookie_domain, NULL, OR_FILEINFO,
	"domain to which this cookie applies"),
	AP_INIT_TAKE1("CookieStyle", set_cookie_style, NULL, OR_FILEINFO,
	"'Netscape', 'Cookie' (RFC2109), or 'Cookie2' (RFC2965)"),
	AP_INIT_FLAG("CookieTracking", ap_set_flag_slot,
	(void *)APR_OFFSETOF(cookie_dir_rec, enabled), OR_FILEINFO,
	"whether or not to enable cookies"),
	AP_INIT_TAKE1("CookieName", set_cookie_name, NULL, OR_FILEINFO,
	"name of the tracking cookie"),
	AP_INIT_TAKE1("CookieSameSite", set_samesite_value, NULL, OR_FILEINFO,
	"SameSite setting"),
	AP_INIT_FLAG("CookieSecure", ap_set_flag_slot,
	(void *)APR_OFFSETOF(cookie_dir_rec, is_secure), OR_FILEINFO,
	"is cookie secure"),
	AP_INIT_FLAG("CookieHttpOnly", ap_set_flag_slot,
	(void *)APR_OFFSETOF(cookie_dir_rec, is_httponly),OR_FILEINFO,
	"is cookie http only"),

	{NULL}
	};

	static void register_hooks(apr_pool_t *p)
	{
	ap_hook_fixups(spot_cookie,NULL,NULL,APR_HOOK_REALLY_FIRST);
	}

	AP_DECLARE_MODULE(usertrack) = {
	STANDARD20_MODULE_STUFF,
	make_cookie_dir, /* dir config creater */
	NULL, /* dir merger --- default is to override */
	make_cookie_log_state, /* server config */
	NULL, /* merge server configs */
	cookie_log_cmds, /* command apr_table_t */
	register_hooks /* register hooks */
	};