1 #ifndef HEADER_CURL_COOKIE_H 2 #define HEADER_CURL_COOKIE_H 3 /*************************************************************************** 4 * _ _ ____ _ 5 * Project ___| | | | _ \| | 6 * / __| | | | |_) | | 7 * | (__| |_| | _ <| |___ 8 * \___|\___/|_| \_\_____| 9 * 10 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 11 * 12 * This software is licensed as described in the file COPYING, which 13 * you should have received as part of this distribution. The terms 14 * are also available at https://curl.se/docs/copyright.html. 15 * 16 * You may opt to use, copy, modify, merge, publish, distribute and/or sell 17 * copies of the Software, and permit persons to whom the Software is 18 * furnished to do so, under the terms of the COPYING file. 19 * 20 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 21 * KIND, either express or implied. 22 * 23 * SPDX-License-Identifier: curl 24 * 25 ***************************************************************************/ 26 #include "curl_setup.h" 27 28 #include <curl/curl.h> 29 30 #include "llist.h" 31 32 struct Cookie { 33 struct Curl_llist_node node; /* for the main cookie list */ 34 struct Curl_llist_node getnode; /* for getlist */ 35 char *name; /* <this> = value */ 36 char *value; /* name = <this> */ 37 char *path; /* path = <this> which is in Set-Cookie: */ 38 char *spath; /* sanitized cookie path */ 39 char *domain; /* domain = <this> */ 40 curl_off_t expires; /* expires = <this> */ 41 int creationtime; /* time when the cookie was written */ 42 BIT(tailmatch); /* tail-match the domain name */ 43 BIT(secure); /* the 'secure' keyword was used */ 44 BIT(livecookie); /* updated from a server, not a stored file */ 45 BIT(httponly); /* the httponly directive is present */ 46 BIT(prefix_secure); /* secure prefix is set */ 47 BIT(prefix_host); /* host prefix is set */ 48 }; 49 50 /* 51 * Available cookie prefixes, as defined in 52 * draft-ietf-httpbis-rfc6265bis-02 53 */ 54 #define COOKIE_PREFIX__SECURE (1<<0) 55 #define COOKIE_PREFIX__HOST (1<<1) 56 57 #define COOKIE_HASH_SIZE 63 58 59 struct CookieInfo { 60 /* linked lists of cookies we know of */ 61 struct Curl_llist cookielist[COOKIE_HASH_SIZE]; 62 curl_off_t next_expiration; /* the next time at which expiration happens */ 63 int numcookies; /* number of cookies in the "jar" */ 64 int lastct; /* last creation-time used in the jar */ 65 bool running; /* state info, for cookie adding information */ 66 bool newsession; /* new session, discard session cookies on load */ 67 }; 68 69 /* The maximum sizes we accept for cookies. RFC 6265 section 6.1 says 70 "general-use user agents SHOULD provide each of the following minimum 71 capabilities": 72 73 - At least 4096 bytes per cookie (as measured by the sum of the length of 74 the cookie's name, value, and attributes). 75 In the 6265bis draft document section 5.4 it is phrased even stronger: "If 76 the sum of the lengths of the name string and the value string is more than 77 4096 octets, abort these steps and ignore the set-cookie-string entirely." 78 */ 79 80 /** Limits for INCOMING cookies **/ 81 82 /* The longest we allow a line to be when reading a cookie from an HTTP header 83 or from a cookie jar */ 84 #define MAX_COOKIE_LINE 5000 85 86 /* Maximum length of an incoming cookie name or content we deal with. Longer 87 cookies are ignored. */ 88 #define MAX_NAME 4096 89 90 /* Maximum number of Set-Cookie: lines accepted in a single response. If more 91 such header lines are received, they are ignored. This value must be less 92 than 256 since an unsigned char is used to count. */ 93 #define MAX_SET_COOKIE_AMOUNT 50 94 95 /** Limits for OUTGOING cookies **/ 96 97 /* Maximum size for an outgoing cookie line libcurl will use in an http 98 request. This is the default maximum length used in some versions of Apache 99 httpd. */ 100 #define MAX_COOKIE_HEADER_LEN 8190 101 102 /* Maximum number of cookies libcurl will send in a single request, even if 103 there might be more cookies that match. One reason to cap the number is to 104 keep the maximum HTTP request within the maximum allowed size. */ 105 #define MAX_COOKIE_SEND_AMOUNT 150 106 107 struct Curl_easy; 108 /* 109 * Add a cookie to the internal list of cookies. The domain and path arguments 110 * are only used if the header boolean is TRUE. 111 */ 112 113 struct Cookie *Curl_cookie_add(struct Curl_easy *data, 114 struct CookieInfo *c, bool header, 115 bool noexpiry, const char *lineptr, 116 const char *domain, const char *path, 117 bool secure); 118 119 int Curl_cookie_getlist(struct Curl_easy *data, 120 struct CookieInfo *c, const char *host, 121 const char *path, bool secure, 122 struct Curl_llist *list); 123 void Curl_cookie_clearall(struct CookieInfo *cookies); 124 void Curl_cookie_clearsess(struct CookieInfo *cookies); 125 126 #if defined(CURL_DISABLE_HTTP) || defined(CURL_DISABLE_COOKIES) 127 #define Curl_cookie_list(x) NULL 128 #define Curl_cookie_loadfiles(x) Curl_nop_stmt 129 #define Curl_cookie_init(x,y,z,w) NULL 130 #define Curl_cookie_cleanup(x) Curl_nop_stmt 131 #define Curl_flush_cookies(x,y) Curl_nop_stmt 132 #else 133 void Curl_flush_cookies(struct Curl_easy *data, bool cleanup); 134 void Curl_cookie_cleanup(struct CookieInfo *c); 135 struct CookieInfo *Curl_cookie_init(struct Curl_easy *data, 136 const char *file, struct CookieInfo *inc, 137 bool newsession); 138 struct curl_slist *Curl_cookie_list(struct Curl_easy *data); 139 void Curl_cookie_loadfiles(struct Curl_easy *data); 140 #endif 141 142 #endif /* HEADER_CURL_COOKIE_H */ 143
