summaryrefslogtreecommitdiffstats
path: root/registry
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2021-03-31 12:58:11 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2021-03-31 12:58:11 +0000
commitf99c4526d94d3e04124c5c48ab4a3da6ca53a458 (patch)
treea2ed8860030cc49f492b09b3222d593c65619800 /registry
parentAdding upstream version 1.29.3. (diff)
downloadnetdata-f99c4526d94d3e04124c5c48ab4a3da6ca53a458.tar.xz
netdata-f99c4526d94d3e04124c5c48ab4a3da6ca53a458.zip
Adding upstream version 1.30.0.upstream/1.30.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'registry')
-rw-r--r--registry/README.md11
-rw-r--r--registry/registry.c19
-rw-r--r--registry/registry_init.c1
-rw-r--r--registry/registry_internals.h1
-rw-r--r--registry/registry_person.c4
-rw-r--r--registry/registry_person.h2
-rw-r--r--registry/registry_url.c6
-rw-r--r--registry/registry_url.h2
8 files changed, 37 insertions, 9 deletions
diff --git a/registry/README.md b/registry/README.md
index 968292c0b..1544a57d1 100644
--- a/registry/README.md
+++ b/registry/README.md
@@ -176,6 +176,17 @@ There can be up to 2 files:
Both files are machine readable text files.
+### How can I disable the SameSite and Secure cookies?
+
+Beginning with `v1.30.0`, when the Netdata Agent's web server processes a request, it delivers the `SameSite=none`
+and `Secure` cookies. If you have problems accessing the local Agent dashboard or Netdata Cloud, disable these
+cookies by [editing `netdata.conf`](/docs/configure/nodes.md#use-edit-config-to-edit-configuration-files):
+
+```conf
+[registry]
+ enable cookies SameSite and Secure = no
+```
+
## The future
The registry opens a whole world of new possibilities for Netdata. Check here what we think:
diff --git a/registry/registry.c b/registry/registry.c
index b14f4ee4a..8148745fe 100644
--- a/registry/registry.c
+++ b/registry/registry.c
@@ -23,7 +23,7 @@ static inline void registry_unlock(void) {
// COOKIES
static void registry_set_cookie(struct web_client *w, const char *guid) {
- char edate[100];
+ char edate[100], domain[512];
time_t et = now_realtime_sec() + registry.persons_expiration;
struct tm etmbuf, *etm = gmtime_r(&et, &etmbuf);
strftime(edate, sizeof(edate), "%a, %d %b %Y %H:%M:%S %Z", etm);
@@ -31,7 +31,22 @@ static void registry_set_cookie(struct web_client *w, const char *guid) {
snprintfz(w->cookie1, NETDATA_WEB_REQUEST_COOKIE_SIZE, NETDATA_REGISTRY_COOKIE_NAME "=%s; Expires=%s", guid, edate);
if(registry.registry_domain && registry.registry_domain[0])
- snprintfz(w->cookie2, NETDATA_WEB_REQUEST_COOKIE_SIZE, NETDATA_REGISTRY_COOKIE_NAME "=%s; Domain=%s; Expires=%s", guid, registry.registry_domain, edate);
+ snprintfz(domain, 511, "Domain=%s", registry.registry_domain);
+ else
+ domain[0]='\0';
+
+ int length = snprintfz(w->cookie2, NETDATA_WEB_REQUEST_COOKIE_SIZE,
+ NETDATA_REGISTRY_COOKIE_NAME "=%s; Expires=%s; %s",
+ guid, edate, domain);
+
+ size_t remaining_length = NETDATA_WEB_REQUEST_COOKIE_SIZE - length;
+ // 25 is the necessary length to add new cookies
+ if (registry.enable_cookies_samesite_secure) {
+ if (length > 0 && remaining_length > 25)
+ snprintfz(&w->cookie2[length], remaining_length, "; SameSite=None; Secure");
+ else
+ error("Netdata does not have enough space to store cookies SameSite and Secure");
+ }
}
static inline void registry_set_person_cookie(struct web_client *w, REGISTRY_PERSON *p) {
diff --git a/registry/registry_init.c b/registry/registry_init.c
index ffdb83f3a..36673ff0f 100644
--- a/registry/registry_init.c
+++ b/registry/registry_init.c
@@ -39,6 +39,7 @@ int registry_init(void) {
registry.registry_to_announce = config_get(CONFIG_SECTION_REGISTRY, "registry to announce", "https://registry.my-netdata.io");
registry.hostname = config_get(CONFIG_SECTION_REGISTRY, "registry hostname", netdata_configured_hostname);
registry.verify_cookies_redirects = config_get_boolean(CONFIG_SECTION_REGISTRY, "verify browser cookies support", 1);
+ registry.enable_cookies_samesite_secure = config_get_boolean(CONFIG_SECTION_REGISTRY, "enable cookies SameSite and Secure", 1);
registry_update_cloud_base_url();
setenv("NETDATA_REGISTRY_HOSTNAME", registry.hostname, 1);
diff --git a/registry/registry_internals.h b/registry/registry_internals.h
index 0eb83a436..3caf0aad8 100644
--- a/registry/registry_internals.h
+++ b/registry/registry_internals.h
@@ -40,6 +40,7 @@ struct registry {
char *cloud_base_url;
time_t persons_expiration; // seconds to expire idle persons
int verify_cookies_redirects;
+ int enable_cookies_samesite_secure;
size_t max_url_length;
size_t max_name_length;
diff --git a/registry/registry_person.c b/registry/registry_person.c
index 268b0bd13..fae1520c4 100644
--- a/registry/registry_person.c
+++ b/registry/registry_person.c
@@ -32,7 +32,7 @@ inline REGISTRY_PERSON_URL *registry_person_url_index_find(REGISTRY_PERSON *p, c
inline REGISTRY_PERSON_URL *registry_person_url_index_add(REGISTRY_PERSON *p, REGISTRY_PERSON_URL *pu) {
debug(D_REGISTRY, "Registry: registry_person_url_index_add('%s', '%s')", p->guid, pu->url->url);
- REGISTRY_PERSON_URL *tpu = (REGISTRY_PERSON_URL *)avl_insert(&(p->person_urls), (avl *)(pu));
+ REGISTRY_PERSON_URL *tpu = (REGISTRY_PERSON_URL *)avl_insert(&(p->person_urls), (avl_t *)(pu));
if(tpu != pu)
error("Registry: registry_person_url_index_add('%s', '%s') already exists as '%s'", p->guid, pu->url->url, tpu->url->url);
@@ -41,7 +41,7 @@ inline REGISTRY_PERSON_URL *registry_person_url_index_add(REGISTRY_PERSON *p, RE
inline REGISTRY_PERSON_URL *registry_person_url_index_del(REGISTRY_PERSON *p, REGISTRY_PERSON_URL *pu) {
debug(D_REGISTRY, "Registry: registry_person_url_index_del('%s', '%s')", p->guid, pu->url->url);
- REGISTRY_PERSON_URL *tpu = (REGISTRY_PERSON_URL *)avl_remove(&(p->person_urls), (avl *)(pu));
+ REGISTRY_PERSON_URL *tpu = (REGISTRY_PERSON_URL *)avl_remove(&(p->person_urls), (avl_t *)(pu));
if(!tpu)
error("Registry: registry_person_url_index_del('%s', '%s') deleted nothing", p->guid, pu->url->url);
else if(tpu != pu)
diff --git a/registry/registry_person.h b/registry/registry_person.h
index 9a4aa959b..42419bfe9 100644
--- a/registry/registry_person.h
+++ b/registry/registry_person.h
@@ -10,7 +10,7 @@
// for each PERSON-URL pair we keep this
struct registry_person_url {
- avl avl; // binary tree node
+ avl_t avl; // binary tree node
REGISTRY_URL *url; // de-duplicated URL
REGISTRY_MACHINE *machine; // link the MACHINE of this URL
diff --git a/registry/registry_url.c b/registry/registry_url.c
index 9ac3ce10c..559799d8f 100644
--- a/registry/registry_url.c
+++ b/registry/registry_url.c
@@ -13,11 +13,11 @@ int registry_url_compare(void *a, void *b) {
}
inline REGISTRY_URL *registry_url_index_add(REGISTRY_URL *u) {
- return (REGISTRY_URL *)avl_insert(&(registry.registry_urls_root_index), (avl *)(u));
+ return (REGISTRY_URL *)avl_insert(&(registry.registry_urls_root_index), (avl_t *)(u));
}
inline REGISTRY_URL *registry_url_index_del(REGISTRY_URL *u) {
- return (REGISTRY_URL *)avl_remove(&(registry.registry_urls_root_index), (avl *)(u));
+ return (REGISTRY_URL *)avl_remove(&(registry.registry_urls_root_index), (avl_t *)(u));
}
REGISTRY_URL *registry_url_get(const char *url, size_t urllen) {
@@ -33,7 +33,7 @@ REGISTRY_URL *registry_url_get(const char *url, size_t urllen) {
strncpyz(n->url, url, n->len);
n->hash = simple_hash(n->url);
- REGISTRY_URL *u = (REGISTRY_URL *)avl_search(&(registry.registry_urls_root_index), (avl *)n);
+ REGISTRY_URL *u = (REGISTRY_URL *)avl_search(&(registry.registry_urls_root_index), (avl_t *)n);
if(!u) {
debug(D_REGISTRY, "Registry: registry_url_get('%s', %zu): allocating %zu bytes", url, urllen, sizeof(REGISTRY_URL) + urllen);
u = callocz(1, sizeof(REGISTRY_URL) + urllen); // no need for +1, 1 is already in REGISTRY_URL
diff --git a/registry/registry_url.h b/registry/registry_url.h
index c684f1c35..0cc364fdf 100644
--- a/registry/registry_url.h
+++ b/registry/registry_url.h
@@ -12,7 +12,7 @@
// we store them here and we keep pointers elsewhere
struct registry_url {
- avl avl;
+ avl_t avl;
uint32_t hash; // the index hash
uint32_t links; // the number of links to this URL - when none is left, we free it