1 | #ifndef HEADER_CURL_COOKIE_H |
2 | #define |
3 | /*************************************************************************** |
4 | * _ _ ____ _ |
5 | * Project ___| | | | _ \| | |
6 | * / __| | | | |_) | | |
7 | * | (__| |_| | _ <| |___ |
8 | * \___|\___/|_| \_\_____| |
9 | * |
10 | * Copyright (C) 1998 - 2022, Daniel Stenberg, <[email protected]>, et al. |
11 | * |
12 | * This software is licensed as described in the file COPYING, which |
13 | * you should have received as part of this distribution. The terms |
14 | * are also available at https://curl.se/docs/copyright.html. |
15 | * |
16 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
17 | * copies of the Software, and permit persons to whom the Software is |
18 | * furnished to do so, under the terms of the COPYING file. |
19 | * |
20 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
21 | * KIND, either express or implied. |
22 | * |
23 | * SPDX-License-Identifier: curl |
24 | * |
25 | ***************************************************************************/ |
26 | #include "curl_setup.h" |
27 | |
28 | #include <curl/curl.h> |
29 | |
30 | struct Cookie { |
31 | struct Cookie *next; /* next in the chain */ |
32 | char *name; /* <this> = value */ |
33 | char *value; /* name = <this> */ |
34 | char *path; /* path = <this> which is in Set-Cookie: */ |
35 | char *spath; /* sanitized cookie path */ |
36 | char *domain; /* domain = <this> */ |
37 | curl_off_t expires; /* expires = <this> */ |
38 | char *expirestr; /* the plain text version */ |
39 | |
40 | /* RFC 2109 keywords. Version=1 means 2109-compliant cookie sending */ |
41 | char *version; /* Version = <value> */ |
42 | char *maxage; /* Max-Age = <value> */ |
43 | |
44 | bool tailmatch; /* whether we do tail-matching of the domain name */ |
45 | bool secure; /* whether the 'secure' keyword was used */ |
46 | bool livecookie; /* updated from a server, not a stored file */ |
47 | bool httponly; /* true if the httponly directive is present */ |
48 | int creationtime; /* time when the cookie was written */ |
49 | unsigned char prefix; /* bitmap fields indicating which prefix are set */ |
50 | }; |
51 | |
52 | /* |
53 | * Available cookie prefixes, as defined in |
54 | * draft-ietf-httpbis-rfc6265bis-02 |
55 | */ |
56 | #define COOKIE_PREFIX__SECURE (1<<0) |
57 | #define COOKIE_PREFIX__HOST (1<<1) |
58 | |
59 | #define COOKIE_HASH_SIZE 256 |
60 | |
61 | struct CookieInfo { |
62 | /* linked list of cookies we know of */ |
63 | struct Cookie *cookies[COOKIE_HASH_SIZE]; |
64 | |
65 | char *filename; /* file we read from/write to */ |
66 | long numcookies; /* number of cookies in the "jar" */ |
67 | bool running; /* state info, for cookie adding information */ |
68 | bool newsession; /* new session, discard session cookies on load */ |
69 | int lastct; /* last creation-time used in the jar */ |
70 | curl_off_t next_expiration; /* the next time at which expiration happens */ |
71 | }; |
72 | |
73 | /* This is the maximum line length we accept for a cookie line. RFC 2109 |
74 | section 6.3 says: |
75 | |
76 | "at least 4096 bytes per cookie (as measured by the size of the characters |
77 | that comprise the cookie non-terminal in the syntax description of the |
78 | Set-Cookie header)" |
79 | |
80 | We allow max 5000 bytes cookie header. Max 4095 bytes length per cookie |
81 | name and value. Name + value may not exceed 4096 bytes. |
82 | |
83 | */ |
84 | #define MAX_COOKIE_LINE 5000 |
85 | |
86 | /* Maximum length of an incoming cookie name or content we deal with. Longer |
87 | cookies are ignored. */ |
88 | #define MAX_NAME 4096 |
89 | #define MAX_NAME_TXT "4095" |
90 | |
91 | /* Maximum size for an outgoing cookie line libcurl will use in an http |
92 | request. This is the default maximum length used in some versions of Apache |
93 | httpd. */ |
94 | #define 8190 |
95 | |
96 | /* Maximum number of cookies libcurl will send in a single request, even if |
97 | there might be more cookies that match. One reason to cap the number is to |
98 | keep the maximum HTTP request within the maximum allowed size. */ |
99 | #define MAX_COOKIE_SEND_AMOUNT 150 |
100 | |
101 | /* Maximum number of Set-Cookie: lines accepted in a single response. If more |
102 | such header lines are received, they are ignored. This value must be less |
103 | than 256 since an unsigned char is used to count. */ |
104 | #define MAX_SET_COOKIE_AMOUNT 50 |
105 | |
106 | struct Curl_easy; |
107 | /* |
108 | * Add a cookie to the internal list of cookies. The domain and path arguments |
109 | * are only used if the header boolean is TRUE. |
110 | */ |
111 | |
112 | struct Cookie *Curl_cookie_add(struct Curl_easy *data, |
113 | struct CookieInfo *c, bool , |
114 | bool noexpiry, char *lineptr, |
115 | const char *domain, const char *path, |
116 | bool secure); |
117 | |
118 | struct Cookie *Curl_cookie_getlist(struct Curl_easy *data, |
119 | struct CookieInfo *c, const char *host, |
120 | const char *path, bool secure); |
121 | void Curl_cookie_freelist(struct Cookie *cookies); |
122 | void Curl_cookie_clearall(struct CookieInfo *cookies); |
123 | void Curl_cookie_clearsess(struct CookieInfo *cookies); |
124 | |
125 | #if defined(CURL_DISABLE_HTTP) || defined(CURL_DISABLE_COOKIES) |
126 | #define Curl_cookie_list(x) NULL |
127 | #define Curl_cookie_loadfiles(x) Curl_nop_stmt |
128 | #define Curl_cookie_init(x,y,z,w) NULL |
129 | #define Curl_cookie_cleanup(x) Curl_nop_stmt |
130 | #define Curl_flush_cookies(x,y) Curl_nop_stmt |
131 | #else |
132 | void Curl_flush_cookies(struct Curl_easy *data, bool cleanup); |
133 | void Curl_cookie_cleanup(struct CookieInfo *c); |
134 | struct CookieInfo *Curl_cookie_init(struct Curl_easy *data, |
135 | const char *file, struct CookieInfo *inc, |
136 | bool newsession); |
137 | struct curl_slist *Curl_cookie_list(struct Curl_easy *data); |
138 | void Curl_cookie_loadfiles(struct Curl_easy *data); |
139 | #endif |
140 | |
141 | #endif /* HEADER_CURL_COOKIE_H */ |
142 | |