#ifndef HEADER_CURL_COOKIE_H1#define HEADER_CURL_COOKIE_H2/***************************************************************************3* _ _ ____ _4* Project ___| | | | _ \| |5* / __| | | | |_) | |6* | (__| |_| | _ <| |___7* \___|\___/|_| \_\_____|8*9* Copyright (C) Daniel Stenberg, <[email protected]>, et al.10*11* This software is licensed as described in the file COPYING, which12* you should have received as part of this distribution. The terms13* are also available at https://curl.se/docs/copyright.html.14*15* You may opt to use, copy, modify, merge, publish, distribute and/or sell16* copies of the Software, and permit persons to whom the Software is17* furnished to do so, under the terms of the COPYING file.18*19* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY20* KIND, either express or implied.21*22* SPDX-License-Identifier: curl23*24***************************************************************************/25#include "curl_setup.h"2627#include <curl/curl.h>2829#include "llist.h"3031struct Cookie {32struct Curl_llist_node node; /* for the main cookie list */33struct Curl_llist_node getnode; /* for getlist */34char *name; /* <this> = value */35char *value; /* name = <this> */36char *path; /* path = <this> which is in Set-Cookie: */37char *spath; /* sanitized cookie path */38char *domain; /* domain = <this> */39curl_off_t expires; /* expires = <this> */40unsigned int creationtime; /* time when the cookie was written */41BIT(tailmatch); /* tail-match the domain name */42BIT(secure); /* the 'secure' keyword was used */43BIT(livecookie); /* updated from a server, not a stored file */44BIT(httponly); /* the httponly directive is present */45BIT(prefix_secure); /* secure prefix is set */46BIT(prefix_host); /* host prefix is set */47};4849/*50* Available cookie prefixes, as defined in51* draft-ietf-httpbis-rfc6265bis-0252*/53#define COOKIE_PREFIX__SECURE (1<<0)54#define COOKIE_PREFIX__HOST (1<<1)5556#define COOKIE_HASH_SIZE 635758struct CookieInfo {59/* linked lists of cookies we know of */60struct Curl_llist cookielist[COOKIE_HASH_SIZE];61curl_off_t next_expiration; /* the next time at which expiration happens */62unsigned int numcookies; /* number of cookies in the "jar" */63unsigned int lastct; /* last creation-time used in the jar */64BIT(running); /* state info, for cookie adding information */65BIT(newsession); /* new session, discard session cookies on load */66};6768/* The maximum sizes we accept for cookies. RFC 6265 section 6.1 says69"general-use user agents SHOULD provide each of the following minimum70capabilities":7172- At least 4096 bytes per cookie (as measured by the sum of the length of73the cookie's name, value, and attributes).74In the 6265bis draft document section 5.4 it is phrased even stronger: "If75the sum of the lengths of the name string and the value string is more than764096 octets, abort these steps and ignore the set-cookie-string entirely."77*/7879/** Limits for INCOMING cookies **/8081/* The longest we allow a line to be when reading a cookie from an HTTP header82or from a cookie jar */83#define MAX_COOKIE_LINE 50008485/* Maximum length of an incoming cookie name or content we deal with. Longer86cookies are ignored. */87#define MAX_NAME 40968889/* Maximum number of Set-Cookie: lines accepted in a single response. If more90such header lines are received, they are ignored. This value must be less91than 256 since an unsigned char is used to count. */92#define MAX_SET_COOKIE_AMOUNT 509394/** Limits for OUTGOING cookies **/9596/* Maximum size for an outgoing cookie line libcurl will use in an http97request. This is the default maximum length used in some versions of Apache98httpd. */99#define MAX_COOKIE_HEADER_LEN 8190100101/* Maximum number of cookies libcurl will send in a single request, even if102there might be more cookies that match. One reason to cap the number is to103keep the maximum HTTP request within the maximum allowed size. */104#define MAX_COOKIE_SEND_AMOUNT 150105106struct Curl_easy;107/*108* Add a cookie to the internal list of cookies. The domain and path arguments109* are only used if the header boolean is TRUE.110*/111112struct Cookie *Curl_cookie_add(struct Curl_easy *data,113struct CookieInfo *c, bool header,114bool noexpiry, const char *lineptr,115const char *domain, const char *path,116bool secure);117118int Curl_cookie_getlist(struct Curl_easy *data,119struct CookieInfo *c, const char *host,120const char *path, bool secure,121struct Curl_llist *list);122void Curl_cookie_clearall(struct CookieInfo *cookies);123void Curl_cookie_clearsess(struct CookieInfo *cookies);124125#if defined(CURL_DISABLE_HTTP) || defined(CURL_DISABLE_COOKIES)126#define Curl_cookie_list(x) NULL127#define Curl_cookie_loadfiles(x) Curl_nop_stmt128#define Curl_cookie_init(x,y,z,w) NULL129#define Curl_cookie_cleanup(x) Curl_nop_stmt130#define Curl_flush_cookies(x,y) Curl_nop_stmt131#else132void Curl_flush_cookies(struct Curl_easy *data, bool cleanup);133void Curl_cookie_cleanup(struct CookieInfo *c);134struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,135const char *file, struct CookieInfo *inc,136bool newsession);137struct curl_slist *Curl_cookie_list(struct Curl_easy *data);138void Curl_cookie_loadfiles(struct Curl_easy *data);139#endif140141#endif /* HEADER_CURL_COOKIE_H */142143144