1 | #ifndef HEADER_CURL_COOKIE_H |
2 | #define |
3 | /*************************************************************************** |
4 | * _ _ ____ _ |
5 | * Project ___| | | | _ \| | |
6 | * / __| | | | |_) | | |
7 | * | (__| |_| | _ <| |___ |
8 | * \___|\___/|_| \_\_____| |
9 | * |
10 | * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. |
11 | * |
12 | * This software is licensed as described in the file COPYING, which |
13 | * you should have received as part of this distribution. The terms |
14 | * are also available at https://curl.se/docs/copyright.html. |
15 | * |
16 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
17 | * copies of the Software, and permit persons to whom the Software is |
18 | * furnished to do so, under the terms of the COPYING file. |
19 | * |
20 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
21 | * KIND, either express or implied. |
22 | * |
23 | * SPDX-License-Identifier: curl |
24 | * |
25 | ***************************************************************************/ |
26 | #include "curl_setup.h" |
27 | |
28 | #include <curl/curl.h> |
29 | |
30 | struct Cookie { |
31 | struct Cookie *next; /* next in the chain */ |
32 | char *name; /* <this> = value */ |
33 | char *value; /* name = <this> */ |
34 | char *path; /* path = <this> which is in Set-Cookie: */ |
35 | char *spath; /* sanitized cookie path */ |
36 | char *domain; /* domain = <this> */ |
37 | curl_off_t expires; /* expires = <this> */ |
38 | bool tailmatch; /* whether we do tail-matching of the domain name */ |
39 | bool secure; /* whether the 'secure' keyword was used */ |
40 | bool livecookie; /* updated from a server, not a stored file */ |
41 | bool httponly; /* true if the httponly directive is present */ |
42 | int creationtime; /* time when the cookie was written */ |
43 | unsigned char prefix; /* bitmap fields indicating which prefix are set */ |
44 | }; |
45 | |
46 | /* |
47 | * Available cookie prefixes, as defined in |
48 | * draft-ietf-httpbis-rfc6265bis-02 |
49 | */ |
50 | #define COOKIE_PREFIX__SECURE (1<<0) |
51 | #define COOKIE_PREFIX__HOST (1<<1) |
52 | |
53 | #define COOKIE_HASH_SIZE 63 |
54 | |
55 | struct CookieInfo { |
56 | /* linked list of cookies we know of */ |
57 | struct Cookie *cookies[COOKIE_HASH_SIZE]; |
58 | curl_off_t next_expiration; /* the next time at which expiration happens */ |
59 | int numcookies; /* number of cookies in the "jar" */ |
60 | int lastct; /* last creation-time used in the jar */ |
61 | bool running; /* state info, for cookie adding information */ |
62 | bool newsession; /* new session, discard session cookies on load */ |
63 | }; |
64 | |
65 | /* The maximum sizes we accept for cookies. RFC 6265 section 6.1 says |
66 | "general-use user agents SHOULD provide each of the following minimum |
67 | capabilities": |
68 | |
69 | - At least 4096 bytes per cookie (as measured by the sum of the length of |
70 | the cookie's name, value, and attributes). |
71 | In the 6265bis draft document section 5.4 it is phrased even stronger: "If |
72 | the sum of the lengths of the name string and the value string is more than |
73 | 4096 octets, abort these steps and ignore the set-cookie-string entirely." |
74 | */ |
75 | |
76 | /** Limits for INCOMING cookies **/ |
77 | |
78 | /* The longest we allow a line to be when reading a cookie from a HTTP header |
79 | or from a cookie jar */ |
80 | #define MAX_COOKIE_LINE 5000 |
81 | |
82 | /* Maximum length of an incoming cookie name or content we deal with. Longer |
83 | cookies are ignored. */ |
84 | #define MAX_NAME 4096 |
85 | |
86 | /* Maximum number of Set-Cookie: lines accepted in a single response. If more |
87 | such header lines are received, they are ignored. This value must be less |
88 | than 256 since an unsigned char is used to count. */ |
89 | #define MAX_SET_COOKIE_AMOUNT 50 |
90 | |
91 | /** Limits for OUTGOING cookies **/ |
92 | |
93 | /* Maximum size for an outgoing cookie line libcurl will use in an http |
94 | request. This is the default maximum length used in some versions of Apache |
95 | httpd. */ |
96 | #define 8190 |
97 | |
98 | /* Maximum number of cookies libcurl will send in a single request, even if |
99 | there might be more cookies that match. One reason to cap the number is to |
100 | keep the maximum HTTP request within the maximum allowed size. */ |
101 | #define MAX_COOKIE_SEND_AMOUNT 150 |
102 | |
103 | struct Curl_easy; |
104 | /* |
105 | * Add a cookie to the internal list of cookies. The domain and path arguments |
106 | * are only used if the header boolean is TRUE. |
107 | */ |
108 | |
109 | struct Cookie *Curl_cookie_add(struct Curl_easy *data, |
110 | struct CookieInfo *c, bool , |
111 | bool noexpiry, const char *lineptr, |
112 | const char *domain, const char *path, |
113 | bool secure); |
114 | |
115 | struct Cookie *Curl_cookie_getlist(struct Curl_easy *data, |
116 | struct CookieInfo *c, const char *host, |
117 | const char *path, bool secure); |
118 | void Curl_cookie_freelist(struct Cookie *cookies); |
119 | void Curl_cookie_clearall(struct CookieInfo *cookies); |
120 | void Curl_cookie_clearsess(struct CookieInfo *cookies); |
121 | |
122 | #if defined(CURL_DISABLE_HTTP) || defined(CURL_DISABLE_COOKIES) |
123 | #define Curl_cookie_list(x) NULL |
124 | #define Curl_cookie_loadfiles(x) Curl_nop_stmt |
125 | #define Curl_cookie_init(x,y,z,w) NULL |
126 | #define Curl_cookie_cleanup(x) Curl_nop_stmt |
127 | #define Curl_flush_cookies(x,y) Curl_nop_stmt |
128 | #else |
129 | void Curl_flush_cookies(struct Curl_easy *data, bool cleanup); |
130 | void Curl_cookie_cleanup(struct CookieInfo *c); |
131 | struct CookieInfo *Curl_cookie_init(struct Curl_easy *data, |
132 | const char *file, struct CookieInfo *inc, |
133 | bool newsession); |
134 | struct curl_slist *Curl_cookie_list(struct Curl_easy *data); |
135 | void Curl_cookie_loadfiles(struct Curl_easy *data); |
136 | #endif |
137 | |
138 | #endif /* HEADER_CURL_COOKIE_H */ |
139 | |