#ifndef HEADER_CURL_COOKIE_H1#define HEADER_CURL_COOKIE_H2/***************************************************************************3* _ _ ____ _4* Project ___| | | | _ \| |5* / __| | | | |_) | |6* | (__| |_| | _ <| |___7* \___|\___/|_| \_\_____|8*9* Copyright (C) Daniel Stenberg, <[email protected]>, et al.10*11* This software is licensed as described in the file COPYING, which12* you should have received as part of this distribution. The terms13* are also available at https://curl.se/docs/copyright.html.14*15* You may opt to use, copy, modify, merge, publish, distribute and/or sell16* copies of the Software, and permit persons to whom the Software is17* furnished to do so, under the terms of the COPYING file.18*19* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY20* KIND, either express or implied.21*22* SPDX-License-Identifier: curl23*24***************************************************************************/25#include "curl_setup.h"2627#include "llist.h"2829struct Cookie {30struct Curl_llist_node node; /* for the main cookie list */31struct Curl_llist_node getnode; /* for getlist */32char *name; /* <this> = value */33char *value; /* name = <this> */34char *path; /* canonical path */35char *domain; /* domain = <this> */36curl_off_t expires; /* expires = <this> */37unsigned int creationtime; /* time when the cookie was written */38BIT(tailmatch); /* tail-match the domain name */39BIT(secure); /* the 'secure' keyword was used */40BIT(livecookie); /* updated from server, not a stored file */41BIT(httponly); /* the httponly directive is present */42BIT(prefix_secure); /* secure prefix is set */43BIT(prefix_host); /* host prefix is set */44};4546/*47* Available cookie prefixes, as defined in48* draft-ietf-httpbis-rfc6265bis-0249*/50#define COOKIE_PREFIX__SECURE (1 << 0)51#define COOKIE_PREFIX__HOST (1 << 1)5253#define COOKIE_HASH_SIZE 635455struct CookieInfo {56/* linked lists of cookies we know of */57struct Curl_llist cookielist[COOKIE_HASH_SIZE];58curl_off_t next_expiration; /* the next time at which expiration happens */59unsigned int numcookies; /* number of cookies in the "jar" */60unsigned int lastct; /* last creation-time used in the jar */61BIT(running); /* state info, for cookie adding information */62BIT(newsession); /* new session, discard session cookies on load */63};6465/* The maximum sizes we accept for cookies. RFC 6265 section 6.1 says66"general-use user agents SHOULD provide each of the following minimum67capabilities":6869- At least 4096 bytes per cookie (as measured by the sum of the length of70the cookie's name, value, and attributes).71In the 6265bis draft document section 5.4 it is phrased even stronger: "If72the sum of the lengths of the name string and the value string is more than734096 octets, abort these steps and ignore the set-cookie-string entirely."74*/7576/** Limits for INCOMING cookies **/7778/* The longest we allow a line to be when reading a cookie from an HTTP header79or from a cookie jar */80#define MAX_COOKIE_LINE 50008182/* Maximum length of an incoming cookie name or content we deal with. Longer83cookies are ignored. */84#define MAX_NAME 40968586/* Maximum number of Set-Cookie: lines accepted in a single response. If more87such header lines are received, they are ignored. This value must be less88than 256 since an unsigned char is used to count. */89#define MAX_SET_COOKIE_AMOUNT 509091/** Limits for OUTGOING cookies **/9293/* Maximum size for an outgoing cookie line libcurl will use in an http94request. This is the default maximum length used in some versions of Apache95httpd. */96#define MAX_COOKIE_HEADER_LEN 81909798/* Maximum number of cookies libcurl will send in a single request, even if99there might be more cookies that match. One reason to cap the number is to100keep the maximum HTTP request within the maximum allowed size. */101#define MAX_COOKIE_SEND_AMOUNT 150102103struct Curl_easy;104struct connectdata;105106/*107* Add a cookie to the internal list of cookies. The domain and path arguments108* are only used if the header boolean is TRUE.109*/110111bool Curl_secure_context(struct connectdata *conn, const char *host);112CURLcode Curl_cookie_add(struct Curl_easy *data,113struct CookieInfo *c, bool header,114bool noexpiry, const char *lineptr,115const char *domain, const char *path,116bool secure) WARN_UNUSED_RESULT;117CURLcode Curl_cookie_getlist(struct Curl_easy *data, struct connectdata *conn,118bool *okay, const char *host,119struct Curl_llist *list) WARN_UNUSED_RESULT;120void Curl_cookie_clearall(struct CookieInfo *cookies);121void Curl_cookie_clearsess(struct CookieInfo *cookies);122123#if defined(CURL_DISABLE_HTTP) || defined(CURL_DISABLE_COOKIES)124#define Curl_cookie_list(x) NULL125#define Curl_cookie_loadfiles(x) CURLE_OK126#define Curl_cookie_init() NULL127#define Curl_cookie_run(x) Curl_nop_stmt128#define Curl_cookie_cleanup(x) Curl_nop_stmt129#define Curl_flush_cookies(x, y) Curl_nop_stmt130#else131void Curl_flush_cookies(struct Curl_easy *data, bool cleanup);132void Curl_cookie_cleanup(struct CookieInfo *c);133struct CookieInfo *Curl_cookie_init(void);134struct curl_slist *Curl_cookie_list(struct Curl_easy *data);135CURLcode Curl_cookie_loadfiles(struct Curl_easy *data) WARN_UNUSED_RESULT;136void Curl_cookie_run(struct Curl_easy *data);137#endif138139#endif /* HEADER_CURL_COOKIE_H */140141142