1 #ifndef HEADER_CURL_COOKIE_H 2 #define HEADER_CURL_COOKIE_H 3 /*************************************************************************** 4 * _ _ ____ _ 5 * Project ___| | | | _ \| | 6 * / __| | | | |_) | | 7 * | (__| |_| | _ <| |___ 8 * \___|\___/|_| \_\_____| 9 * 10 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 11 * 12 * This software is licensed as described in the file COPYING, which 13 * you should have received as part of this distribution. The terms 14 * are also available at https://curl.se/docs/copyright.html. 15 * 16 * You may opt to use, copy, modify, merge, publish, distribute and/or sell 17 * copies of the Software, and permit persons to whom the Software is 18 * furnished to do so, under the terms of the COPYING file. 19 * 20 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 21 * KIND, either express or implied. 22 * 23 * SPDX-License-Identifier: curl 24 * 25 ***************************************************************************/ 26 #include "curl_setup.h" 27 28 #include <curl/curl.h> 29 30 struct Cookie { 31 struct Cookie *next; /* next in the chain */ 32 char *name; /* <this> = value */ 33 char *value; /* name = <this> */ 34 char *path; /* path = <this> which is in Set-Cookie: */ 35 char *spath; /* sanitized cookie path */ 36 char *domain; /* domain = <this> */ 37 curl_off_t expires; /* expires = <this> */ 38 char *expirestr; /* the plain text version */ 39 40 /* RFC 2109 keywords. Version=1 means 2109-compliant cookie sending */ 41 char *version; /* Version = <value> */ 42 char *maxage; /* Max-Age = <value> */ 43 44 bool tailmatch; /* whether we do tail-matching of the domain name */ 45 bool secure; /* whether the 'secure' keyword was used */ 46 bool livecookie; /* updated from a server, not a stored file */ 47 bool httponly; /* true if the httponly directive is present */ 48 int creationtime; /* time when the cookie was written */ 49 unsigned char prefix; /* bitmap fields indicating which prefix are set */ 50 }; 51 52 /* 53 * Available cookie prefixes, as defined in 54 * draft-ietf-httpbis-rfc6265bis-02 55 */ 56 #define COOKIE_PREFIX__SECURE (1<<0) 57 #define COOKIE_PREFIX__HOST (1<<1) 58 59 #define COOKIE_HASH_SIZE 256 60 61 struct CookieInfo { 62 /* linked list of cookies we know of */ 63 struct Cookie *cookies[COOKIE_HASH_SIZE]; 64 65 char *filename; /* file we read from/write to */ 66 long numcookies; /* number of cookies in the "jar" */ 67 bool running; /* state info, for cookie adding information */ 68 bool newsession; /* new session, discard session cookies on load */ 69 int lastct; /* last creation-time used in the jar */ 70 curl_off_t next_expiration; /* the next time at which expiration happens */ 71 }; 72 73 /* This is the maximum line length we accept for a cookie line. RFC 2109 74 section 6.3 says: 75 76 "at least 4096 bytes per cookie (as measured by the size of the characters 77 that comprise the cookie non-terminal in the syntax description of the 78 Set-Cookie header)" 79 80 We allow max 5000 bytes cookie header. Max 4095 bytes length per cookie 81 name and value. Name + value may not exceed 4096 bytes. 82 83 */ 84 #define MAX_COOKIE_LINE 5000 85 86 /* Maximum length of an incoming cookie name or content we deal with. Longer 87 cookies are ignored. */ 88 #define MAX_NAME 4096 89 #define MAX_NAME_TXT "4095" 90 91 /* Maximum size for an outgoing cookie line libcurl will use in an http 92 request. This is the default maximum length used in some versions of Apache 93 httpd. */ 94 #define MAX_COOKIE_HEADER_LEN 8190 95 96 /* Maximum number of cookies libcurl will send in a single request, even if 97 there might be more cookies that match. One reason to cap the number is to 98 keep the maximum HTTP request within the maximum allowed size. */ 99 #define MAX_COOKIE_SEND_AMOUNT 150 100 101 /* Maximum number of Set-Cookie: lines accepted in a single response. If more 102 such header lines are received, they are ignored. This value must be less 103 than 256 since an unsigned char is used to count. */ 104 #define MAX_SET_COOKIE_AMOUNT 50 105 106 struct Curl_easy; 107 /* 108 * Add a cookie to the internal list of cookies. The domain and path arguments 109 * are only used if the header boolean is TRUE. 110 */ 111 112 struct Cookie *Curl_cookie_add(struct Curl_easy *data, 113 struct CookieInfo *c, bool header, 114 bool noexpiry, char *lineptr, 115 const char *domain, const char *path, 116 bool secure); 117 118 struct Cookie *Curl_cookie_getlist(struct Curl_easy *data, 119 struct CookieInfo *c, const char *host, 120 const char *path, bool secure); 121 void Curl_cookie_freelist(struct Cookie *cookies); 122 void Curl_cookie_clearall(struct CookieInfo *cookies); 123 void Curl_cookie_clearsess(struct CookieInfo *cookies); 124 125 #if defined(CURL_DISABLE_HTTP) || defined(CURL_DISABLE_COOKIES) 126 #define Curl_cookie_list(x) NULL 127 #define Curl_cookie_loadfiles(x) Curl_nop_stmt 128 #define Curl_cookie_init(x,y,z,w) NULL 129 #define Curl_cookie_cleanup(x) Curl_nop_stmt 130 #define Curl_flush_cookies(x,y) Curl_nop_stmt 131 #else 132 void Curl_flush_cookies(struct Curl_easy *data, bool cleanup); 133 void Curl_cookie_cleanup(struct CookieInfo *c); 134 struct CookieInfo *Curl_cookie_init(struct Curl_easy *data, 135 const char *file, struct CookieInfo *inc, 136 bool newsession); 137 struct curl_slist *Curl_cookie_list(struct Curl_easy *data); 138 void Curl_cookie_loadfiles(struct Curl_easy *data); 139 #endif 140 141 #endif /* HEADER_CURL_COOKIE_H */ 142