Sync tnftp with NetBSD:
[dragonfly.git] / contrib / tnftp / fetch.c
1 /*      $NetBSD: fetch.c,v 1.183 2007/12/05 03:46:33 lukem Exp $        */
2
3 /*-
4  * Copyright (c) 1997-2007 The NetBSD Foundation, Inc.
5  * All rights reserved.
6  *
7  * This code is derived from software contributed to The NetBSD Foundation
8  * by Luke Mewburn.
9  *
10  * This code is derived from software contributed to The NetBSD Foundation
11  * by Scott Aaron Bamford.
12  *
13  * Redistribution and use in source and binary forms, with or without
14  * modification, are permitted provided that the following conditions
15  * are met:
16  * 1. Redistributions of source code must retain the above copyright
17  *    notice, this list of conditions and the following disclaimer.
18  * 2. Redistributions in binary form must reproduce the above copyright
19  *    notice, this list of conditions and the following disclaimer in the
20  *    documentation and/or other materials provided with the distribution.
21  * 3. All advertising materials mentioning features or use of this software
22  *    must display the following acknowledgement:
23  *      This product includes software developed by the NetBSD
24  *      Foundation, Inc. and its contributors.
25  * 4. Neither the name of The NetBSD Foundation nor the names of its
26  *    contributors may be used to endorse or promote products derived
27  *    from this software without specific prior written permission.
28  *
29  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
30  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
31  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
32  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
33  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
34  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
35  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
36  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
37  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
38  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
39  * POSSIBILITY OF SUCH DAMAGE.
40  */
41
42 #include <sys/cdefs.h>
43 #ifndef lint
44 __RCSID("$NetBSD: fetch.c,v 1.183 2007/12/05 03:46:33 lukem Exp $");
45 #endif /* not lint */
46
47 /*
48  * FTP User Program -- Command line file retrieval
49  */
50
51 #include <sys/types.h>
52 #include <sys/param.h>
53 #include <sys/socket.h>
54 #include <sys/stat.h>
55 #include <sys/time.h>
56
57 #include <netinet/in.h>
58
59 #include <arpa/ftp.h>
60 #include <arpa/inet.h>
61
62 #include <ctype.h>
63 #include <err.h>
64 #include <errno.h>
65 #include <netdb.h>
66 #include <fcntl.h>
67 #include <stdio.h>
68 #include <stdlib.h>
69 #include <string.h>
70 #include <unistd.h>
71 #include <time.h>
72
73 #include "ftp_var.h"
74 #include "version.h"
75
76 typedef enum {
77         UNKNOWN_URL_T=-1,
78         HTTP_URL_T,
79         FTP_URL_T,
80         FILE_URL_T,
81         CLASSIC_URL_T
82 } url_t;
83
84 void            aborthttp(int);
85 #ifndef NO_AUTH
86 static int      auth_url(const char *, char **, const char *, const char *);
87 static void     base64_encode(const unsigned char *, size_t, unsigned char *);
88 #endif
89 static int      go_fetch(const char *);
90 static int      fetch_ftp(const char *);
91 static int      fetch_url(const char *, const char *, char *, char *);
92 static const char *match_token(const char **, const char *);
93 static int      parse_url(const char *, const char *, url_t *, char **,
94                             char **, char **, char **, in_port_t *, char **);
95 static void     url_decode(char *);
96
97 static int      redirect_loop;
98
99
100 #define STRNEQUAL(a,b)  (strncasecmp((a), (b), sizeof((b))-1) == 0)
101 #define ISLWS(x)        ((x)=='\r' || (x)=='\n' || (x)==' ' || (x)=='\t')
102 #define SKIPLWS(x)      do { while (ISLWS((*x))) x++; } while (0)
103
104
105 #define ABOUT_URL       "about:"        /* propaganda */
106 #define FILE_URL        "file://"       /* file URL prefix */
107 #define FTP_URL         "ftp://"        /* ftp URL prefix */
108 #define HTTP_URL        "http://"       /* http URL prefix */
109
110
111 /*
112  * Determine if token is the next word in buf (case insensitive).
113  * If so, advance buf past the token and any trailing LWS, and
114  * return a pointer to the token (in buf).  Otherwise, return NULL.
115  * token may be preceded by LWS.
116  * token must be followed by LWS or NUL.  (I.e, don't partial match).
117  */
118 static const char *
119 match_token(const char **buf, const char *token)
120 {
121         const char      *p, *orig;
122         size_t          tlen;
123
124         tlen = strlen(token);
125         p = *buf;
126         SKIPLWS(p);
127         orig = p;
128         if (strncasecmp(p, token, tlen) != 0)
129                 return NULL;
130         p += tlen;
131         if (*p != '\0' && !ISLWS(*p))
132                 return NULL;
133         SKIPLWS(p);
134         orig = *buf;
135         *buf = p;
136         return orig;
137 }
138
139 #ifndef NO_AUTH
140 /*
141  * Generate authorization response based on given authentication challenge.
142  * Returns -1 if an error occurred, otherwise 0.
143  * Sets response to a malloc(3)ed string; caller should free.
144  */
145 static int
146 auth_url(const char *challenge, char **response, const char *guser,
147         const char *gpass)
148 {
149         const char      *cp, *scheme, *errormsg;
150         char            *ep, *clear, *realm;
151         char             user[BUFSIZ], *pass;
152         int              rval;
153         size_t           len, clen, rlen;
154
155         *response = NULL;
156         clear = realm = NULL;
157         rval = -1;
158         cp = challenge;
159         scheme = "Basic";       /* only support Basic authentication */
160
161         DPRINTF("auth_url: challenge `%s'\n", challenge);
162
163         if (! match_token(&cp, scheme)) {
164                 warnx("Unsupported authentication challenge `%s'",
165                     challenge);
166                 goto cleanup_auth_url;
167         }
168
169 #define REALM "realm=\""
170         if (STRNEQUAL(cp, REALM))
171                 cp += sizeof(REALM) - 1;
172         else {
173                 warnx("Unsupported authentication challenge `%s'",
174                     challenge);
175                 goto cleanup_auth_url;
176         }
177 /* XXX: need to improve quoted-string parsing to support \ quoting, etc. */
178         if ((ep = strchr(cp, '\"')) != NULL) {
179                 size_t len = ep - cp;
180
181                 realm = (char *)ftp_malloc(len + 1);
182                 (void)strlcpy(realm, cp, len + 1);
183         } else {
184                 warnx("Unsupported authentication challenge `%s'",
185                     challenge);
186                 goto cleanup_auth_url;
187         }
188
189         fprintf(ttyout, "Username for `%s': ", realm);
190         if (guser != NULL) {
191                 (void)strlcpy(user, guser, sizeof(user));
192                 fprintf(ttyout, "%s\n", user);
193         } else {
194                 (void)fflush(ttyout);
195                 if (getline(stdin, user, sizeof(user), &errormsg) < 0) {
196                         warnx("%s; can't authenticate", errormsg);
197                         goto cleanup_auth_url;
198                 }
199         }
200         if (gpass != NULL)
201                 pass = (char *)gpass;
202         else {
203                 pass = getpass("Password: ");
204                 if (pass == NULL) {
205                         warnx("Can't read password");
206                         goto cleanup_auth_url;
207                 }
208         }
209
210         clen = strlen(user) + strlen(pass) + 2; /* user + ":" + pass + "\0" */
211         clear = (char *)ftp_malloc(clen);
212         (void)strlcpy(clear, user, clen);
213         (void)strlcat(clear, ":", clen);
214         (void)strlcat(clear, pass, clen);
215         if (gpass == NULL)
216                 memset(pass, 0, strlen(pass));
217
218                                                 /* scheme + " " + enc + "\0" */
219         rlen = strlen(scheme) + 1 + (clen + 2) * 4 / 3 + 1;
220         *response = (char *)ftp_malloc(rlen);
221         (void)strlcpy(*response, scheme, rlen);
222         len = strlcat(*response, " ", rlen);
223                         /* use  `clen - 1'  to not encode the trailing NUL */
224         base64_encode((unsigned char *)clear, clen - 1,
225             (unsigned char *)*response + len);
226         memset(clear, 0, clen);
227         rval = 0;
228
229  cleanup_auth_url:
230         FREEPTR(clear);
231         FREEPTR(realm);
232         return (rval);
233 }
234
235 /*
236  * Encode len bytes starting at clear using base64 encoding into encoded,
237  * which should be at least ((len + 2) * 4 / 3 + 1) in size.
238  */
239 static void
240 base64_encode(const unsigned char *clear, size_t len, unsigned char *encoded)
241 {
242         static const unsigned char enc[] =
243             "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
244         unsigned char   *cp;
245         int      i;
246
247         cp = encoded;
248         for (i = 0; i < len; i += 3) {
249                 *(cp++) = enc[((clear[i + 0] >> 2))];
250                 *(cp++) = enc[((clear[i + 0] << 4) & 0x30)
251                             | ((clear[i + 1] >> 4) & 0x0f)];
252                 *(cp++) = enc[((clear[i + 1] << 2) & 0x3c)
253                             | ((clear[i + 2] >> 6) & 0x03)];
254                 *(cp++) = enc[((clear[i + 2]     ) & 0x3f)];
255         }
256         *cp = '\0';
257         while (i-- > len)
258                 *(--cp) = '=';
259 }
260 #endif
261
262 /*
263  * Decode %xx escapes in given string, `in-place'.
264  */
265 static void
266 url_decode(char *url)
267 {
268         unsigned char *p, *q;
269
270         if (EMPTYSTRING(url))
271                 return;
272         p = q = (unsigned char *)url;
273
274 #define HEXTOINT(x) (x - (isdigit(x) ? '0' : (islower(x) ? 'a' : 'A') - 10))
275         while (*p) {
276                 if (p[0] == '%'
277                     && p[1] && isxdigit((unsigned char)p[1])
278                     && p[2] && isxdigit((unsigned char)p[2])) {
279                         *q++ = HEXTOINT(p[1]) * 16 + HEXTOINT(p[2]);
280                         p+=3;
281                 } else
282                         *q++ = *p++;
283         }
284         *q = '\0';
285 }
286
287
288 /*
289  * Parse URL of form (per RFC3986):
290  *      <type>://[<user>[:<password>]@]<host>[:<port>][/<path>]
291  * Returns -1 if a parse error occurred, otherwise 0.
292  * It's the caller's responsibility to url_decode() the returned
293  * user, pass and path.
294  *
295  * Sets type to url_t, each of the given char ** pointers to a
296  * malloc(3)ed strings of the relevant section, and port to
297  * the number given, or ftpport if ftp://, or httpport if http://.
298  *
299  * XXX: this is not totally RFC3986 compliant; <path> will have the
300  * leading `/' unless it's an ftp:// URL, as this makes things easier
301  * for file:// and http:// URLs.  ftp:// URLs have the `/' between the
302  * host and the URL-path removed, but any additional leading slashes
303  * in the URL-path are retained (because they imply that we should
304  * later do "CWD" with a null argument).
305  *
306  * Examples:
307  *       input URL                       output path
308  *       ---------                       -----------
309  *      "http://host"                   "/"
310  *      "http://host/"                  "/"
311  *      "http://host/path"              "/path"
312  *      "file://host/dir/file"          "dir/file"
313  *      "ftp://host"                    ""
314  *      "ftp://host/"                   ""
315  *      "ftp://host//"                  "/"
316  *      "ftp://host/dir/file"           "dir/file"
317  *      "ftp://host//dir/file"          "/dir/file"
318  */
319 static int
320 parse_url(const char *url, const char *desc, url_t *type,
321                 char **user, char **pass, char **host, char **port,
322                 in_port_t *portnum, char **path)
323 {
324         const char      *origurl;
325         char            *cp, *ep, *thost, *tport;
326         size_t           len;
327
328         if (url == NULL || desc == NULL || type == NULL || user == NULL
329             || pass == NULL || host == NULL || port == NULL || portnum == NULL
330             || path == NULL)
331                 errx(1, "parse_url: invoked with NULL argument!");
332         DPRINTF("parse_url: %s `%s'\n", desc, url);
333
334         origurl = url;
335         *type = UNKNOWN_URL_T;
336         *user = *pass = *host = *port = *path = NULL;
337         *portnum = 0;
338         tport = NULL;
339
340         if (STRNEQUAL(url, HTTP_URL)) {
341                 url += sizeof(HTTP_URL) - 1;
342                 *type = HTTP_URL_T;
343                 *portnum = HTTP_PORT;
344                 tport = httpport;
345         } else if (STRNEQUAL(url, FTP_URL)) {
346                 url += sizeof(FTP_URL) - 1;
347                 *type = FTP_URL_T;
348                 *portnum = FTP_PORT;
349                 tport = ftpport;
350         } else if (STRNEQUAL(url, FILE_URL)) {
351                 url += sizeof(FILE_URL) - 1;
352                 *type = FILE_URL_T;
353         } else {
354                 warnx("Invalid %s `%s'", desc, url);
355  cleanup_parse_url:
356                 FREEPTR(*user);
357                 if (*pass != NULL)
358                         memset(*pass, 0, strlen(*pass));
359                 FREEPTR(*pass);
360                 FREEPTR(*host);
361                 FREEPTR(*port);
362                 FREEPTR(*path);
363                 return (-1);
364         }
365
366         if (*url == '\0')
367                 return (0);
368
369                         /* find [user[:pass]@]host[:port] */
370         ep = strchr(url, '/');
371         if (ep == NULL)
372                 thost = ftp_strdup(url);
373         else {
374                 len = ep - url;
375                 thost = (char *)ftp_malloc(len + 1);
376                 (void)strlcpy(thost, url, len + 1);
377                 if (*type == FTP_URL_T) /* skip first / for ftp URLs */
378                         ep++;
379                 *path = ftp_strdup(ep);
380         }
381
382         cp = strchr(thost, '@');        /* look for user[:pass]@ in URLs */
383         if (cp != NULL) {
384                 if (*type == FTP_URL_T)
385                         anonftp = 0;    /* disable anonftp */
386                 *user = thost;
387                 *cp = '\0';
388                 thost = ftp_strdup(cp + 1);
389                 cp = strchr(*user, ':');
390                 if (cp != NULL) {
391                         *cp = '\0';
392                         *pass = ftp_strdup(cp + 1);
393                 }
394                 url_decode(*user);
395                 if (*pass)
396                         url_decode(*pass);
397         }
398
399 #ifdef INET6
400                         /*
401                          * Check if thost is an encoded IPv6 address, as per
402                          * RFC3986:
403                          *      `[' ipv6-address ']'
404                          */
405         if (*thost == '[') {
406                 cp = thost + 1;
407                 if ((ep = strchr(cp, ']')) == NULL ||
408                     (ep[1] != '\0' && ep[1] != ':')) {
409                         warnx("Invalid address `%s' in %s `%s'",
410                             thost, desc, origurl);
411                         goto cleanup_parse_url;
412                 }
413                 len = ep - cp;          /* change `[xyz]' -> `xyz' */
414                 memmove(thost, thost + 1, len);
415                 thost[len] = '\0';
416                 if (! isipv6addr(thost)) {
417                         warnx("Invalid IPv6 address `%s' in %s `%s'",
418                             thost, desc, origurl);
419                         goto cleanup_parse_url;
420                 }
421                 cp = ep + 1;
422                 if (*cp == ':')
423                         cp++;
424                 else
425                         cp = NULL;
426         } else
427 #endif /* INET6 */
428                 if ((cp = strchr(thost, ':')) != NULL)
429                         *cp++ =  '\0';
430         *host = thost;
431
432                         /* look for [:port] */
433         if (cp != NULL) {
434                 long    nport;
435
436                 nport = parseport(cp, -1);
437                 if (nport == -1) {
438                         warnx("Unknown port `%s' in %s `%s'",
439                             cp, desc, origurl);
440                         goto cleanup_parse_url;
441                 }
442                 *portnum = nport;
443                 tport = cp;
444         }
445
446         if (tport != NULL)
447                 *port = ftp_strdup(tport);
448         if (*path == NULL) {
449                 const char *emptypath = "/";
450                 if (*type == FTP_URL_T) /* skip first / for ftp URLs */
451                         emptypath++;
452                 *path = ftp_strdup(emptypath);
453         }
454
455         DPRINTF("parse_url: user `%s' pass `%s' host %s port %s(%d) "
456             "path `%s'\n",
457             STRorNULL(*user), STRorNULL(*pass),
458             STRorNULL(*host), STRorNULL(*port),
459             *portnum ? *portnum : -1, STRorNULL(*path));
460
461         return (0);
462 }
463
464 sigjmp_buf      httpabort;
465
466 /*
467  * Retrieve URL, via a proxy if necessary, using HTTP.
468  * If proxyenv is set, use that for the proxy, otherwise try ftp_proxy or
469  * http_proxy as appropriate.
470  * Supports HTTP redirects.
471  * Returns 1 on failure, 0 on completed xfer, -1 if ftp connection
472  * is still open (e.g, ftp xfer with trailing /)
473  */
474 static int
475 fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
476 {
477         struct addrinfo         hints, *res, *res0 = NULL;
478         int                     error;
479         char                    hbuf[NI_MAXHOST];
480         sigfunc volatile        oldintr;
481         sigfunc volatile        oldintp;
482         int volatile            s;
483         struct stat             sb;
484         int volatile            ischunked;
485         int volatile            isproxy;
486         int volatile            rval;
487         int volatile            hcode;
488         size_t                  len;
489         static size_t           bufsize;
490         static char             *xferbuf;
491         const char              *cp, *token;
492         char                    *ep;
493         char                    buf[FTPBUFLEN];
494         const char              *errormsg;
495         char                    *volatile savefile;
496         char                    *volatile auth;
497         char                    *volatile location;
498         char                    *volatile message;
499         char                    *user, *pass, *host, *port, *path;
500         char                    *volatile decodedpath;
501         char                    *puser, *ppass, *useragent;
502         off_t                   hashbytes, rangestart, rangeend, entitylen;
503         int                     (*volatile closefunc)(FILE *);
504         FILE                    *volatile fin;
505         FILE                    *volatile fout;
506         time_t                  mtime;
507         url_t                   urltype;
508         in_port_t               portnum;
509
510         DPRINTF("fetch_url: `%s' proxyenv `%s'\n", url, STRorNULL(proxyenv));
511
512         oldintr = oldintp = NULL;
513         closefunc = NULL;
514         fin = fout = NULL;
515         s = -1;
516         savefile = NULL;
517         auth = location = message = NULL;
518         ischunked = isproxy = hcode = 0;
519         rval = 1;
520         user = pass = host = path = decodedpath = puser = ppass = NULL;
521
522         if (parse_url(url, "URL", &urltype, &user, &pass, &host, &port,
523             &portnum, &path) == -1)
524                 goto cleanup_fetch_url;
525
526         if (urltype == FILE_URL_T && ! EMPTYSTRING(host)
527             && strcasecmp(host, "localhost") != 0) {
528                 warnx("No support for non local file URL `%s'", url);
529                 goto cleanup_fetch_url;
530         }
531
532         if (EMPTYSTRING(path)) {
533                 if (urltype == FTP_URL_T) {
534                         rval = fetch_ftp(url);
535                         goto cleanup_fetch_url;
536                 }
537                 if (urltype != HTTP_URL_T || outfile == NULL)  {
538                         warnx("Invalid URL (no file after host) `%s'", url);
539                         goto cleanup_fetch_url;
540                 }
541         }
542
543         decodedpath = ftp_strdup(path);
544         url_decode(decodedpath);
545
546         if (outfile)
547                 savefile = ftp_strdup(outfile);
548         else {
549                 cp = strrchr(decodedpath, '/');         /* find savefile */
550                 if (cp != NULL)
551                         savefile = ftp_strdup(cp + 1);
552                 else
553                         savefile = ftp_strdup(decodedpath);
554         }
555         DPRINTF("fetch_url: savefile `%s'\n", savefile);
556         if (EMPTYSTRING(savefile)) {
557                 if (urltype == FTP_URL_T) {
558                         rval = fetch_ftp(url);
559                         goto cleanup_fetch_url;
560                 }
561                 warnx("No file after directory (you must specify an "
562                     "output file) `%s'", url);
563                 goto cleanup_fetch_url;
564         }
565
566         restart_point = 0;
567         filesize = -1;
568         rangestart = rangeend = entitylen = -1;
569         mtime = -1;
570         if (restartautofetch) {
571                 if (strcmp(savefile, "-") != 0 && *savefile != '|' &&
572                     stat(savefile, &sb) == 0)
573                         restart_point = sb.st_size;
574         }
575         if (urltype == FILE_URL_T) {            /* file:// URLs */
576                 direction = "copied";
577                 fin = fopen(decodedpath, "r");
578                 if (fin == NULL) {
579                         warn("Can't open `%s'", decodedpath);
580                         goto cleanup_fetch_url;
581                 }
582                 if (fstat(fileno(fin), &sb) == 0) {
583                         mtime = sb.st_mtime;
584                         filesize = sb.st_size;
585                 }
586                 if (restart_point) {
587                         if (lseek(fileno(fin), restart_point, SEEK_SET) < 0) {
588                                 warn("Can't seek to restart `%s'",
589                                     decodedpath);
590                                 goto cleanup_fetch_url;
591                         }
592                 }
593                 if (verbose) {
594                         fprintf(ttyout, "Copying %s", decodedpath);
595                         if (restart_point)
596                                 fprintf(ttyout, " (restarting at " LLF ")",
597                                     (LLT)restart_point);
598                         fputs("\n", ttyout);
599                 }
600         } else {                                /* ftp:// or http:// URLs */
601                 char *leading;
602                 int hasleading;
603
604                 if (proxyenv == NULL) {
605                         if (urltype == HTTP_URL_T)
606                                 proxyenv = getoptionvalue("http_proxy");
607                         else if (urltype == FTP_URL_T)
608                                 proxyenv = getoptionvalue("ftp_proxy");
609                 }
610                 direction = "retrieved";
611                 if (! EMPTYSTRING(proxyenv)) {                  /* use proxy */
612                         url_t purltype;
613                         char *phost, *ppath;
614                         char *pport, *no_proxy;
615
616                         isproxy = 1;
617
618                                 /* check URL against list of no_proxied sites */
619                         no_proxy = getoptionvalue("no_proxy");
620                         if (! EMPTYSTRING(no_proxy)) {
621                                 char *np, *np_copy, *np_iter;
622                                 long np_port;
623                                 size_t hlen, plen;
624
625                                 np_iter = np_copy = ftp_strdup(no_proxy);
626                                 hlen = strlen(host);
627                                 while ((cp = strsep(&np_iter, " ,")) != NULL) {
628                                         if (*cp == '\0')
629                                                 continue;
630                                         if ((np = strrchr(cp, ':')) != NULL) {
631                                                 *np = '\0';
632                                                 np_port =
633                                                     strtol(np + 1, &ep, 10);
634                                                 if (*ep != '\0')
635                                                         continue;
636                                                 if (np_port != portnum)
637                                                         continue;
638                                         }
639                                         plen = strlen(cp);
640                                         if (hlen < plen)
641                                                 continue;
642                                         if (strncasecmp(host + hlen - plen,
643                                             cp, plen) == 0) {
644                                                 isproxy = 0;
645                                                 break;
646                                         }
647                                 }
648                                 FREEPTR(np_copy);
649                                 if (isproxy == 0 && urltype == FTP_URL_T) {
650                                         rval = fetch_ftp(url);
651                                         goto cleanup_fetch_url;
652                                 }
653                         }
654
655                         if (isproxy) {
656                                 if (restart_point) {
657                                         warnx("Can't restart via proxy URL `%s'",
658                                             proxyenv);
659                                         goto cleanup_fetch_url;
660                                 }
661                                 if (parse_url(proxyenv, "proxy URL", &purltype,
662                                     &puser, &ppass, &phost, &pport, &portnum,
663                                     &ppath) == -1)
664                                         goto cleanup_fetch_url;
665
666                                 if ((purltype != HTTP_URL_T
667                                      && purltype != FTP_URL_T) ||
668                                     EMPTYSTRING(phost) ||
669                                     (! EMPTYSTRING(ppath)
670                                      && strcmp(ppath, "/") != 0)) {
671                                         warnx("Malformed proxy URL `%s'",
672                                             proxyenv);
673                                         FREEPTR(phost);
674                                         FREEPTR(pport);
675                                         FREEPTR(ppath);
676                                         goto cleanup_fetch_url;
677                                 }
678                                 if (isipv6addr(host) &&
679                                     strchr(host, '%') != NULL) {
680                                         warnx(
681 "Scoped address notation `%s' disallowed via web proxy",
682                                             host);
683                                         FREEPTR(phost);
684                                         FREEPTR(pport);
685                                         FREEPTR(ppath);
686                                         goto cleanup_fetch_url;
687                                 }
688
689                                 FREEPTR(host);
690                                 host = phost;
691                                 FREEPTR(port);
692                                 port = pport;
693                                 FREEPTR(path);
694                                 path = ftp_strdup(url);
695                                 FREEPTR(ppath);
696                         }
697                 } /* ! EMPTYSTRING(proxyenv) */
698
699                 memset(&hints, 0, sizeof(hints));
700                 hints.ai_flags = 0;
701                 hints.ai_family = family;
702                 hints.ai_socktype = SOCK_STREAM;
703                 hints.ai_protocol = 0;
704                 error = getaddrinfo(host, NULL, &hints, &res0);
705                 if (error) {
706                         warnx("Can't lookup `%s': %s", host,
707                             (error == EAI_SYSTEM) ? strerror(errno)
708                                                   : gai_strerror(error));
709                         goto cleanup_fetch_url;
710                 }
711                 if (res0->ai_canonname)
712                         host = res0->ai_canonname;
713
714                 s = -1;
715                 for (res = res0; res; res = res->ai_next) {
716                         ai_unmapped(res);
717                         if (getnameinfo(res->ai_addr, res->ai_addrlen,
718                             hbuf, sizeof(hbuf), NULL, 0, NI_NUMERICHOST) != 0)
719                                 strlcpy(hbuf, "?", sizeof(hbuf));
720
721                         if (verbose && res0->ai_next) {
722                                 fprintf(ttyout, "Trying %s...\n", hbuf);
723                         }
724
725                         ((struct sockaddr_in *)res->ai_addr)->sin_port =
726                             htons(portnum);
727                         s = socket(res->ai_family, SOCK_STREAM,
728                             res->ai_protocol);
729                         if (s < 0) {
730                                 warn(
731                                   "Can't create socket for connection to `%s'",
732                                     hbuf);
733                                 continue;
734                         }
735
736                         if (ftp_connect(s, res->ai_addr, res->ai_addrlen) < 0) {
737                                 close(s);
738                                 s = -1;
739                                 continue;
740                         }
741
742                         /* success */
743                         break;
744                 }
745
746                 if (s < 0) {
747                         warnx("Can't connect to `%s'", host);
748                         goto cleanup_fetch_url;
749                 }
750
751                 fin = fdopen(s, "r+");
752                 /*
753                  * Construct and send the request.
754                  */
755                 if (verbose)
756                         fprintf(ttyout, "Requesting %s\n", url);
757                 leading = "  (";
758                 hasleading = 0;
759                 if (isproxy) {
760                         if (verbose) {
761                                 fprintf(ttyout, "%svia %s:%s", leading,
762                                     host, port);
763                                 leading = ", ";
764                                 hasleading++;
765                         }
766                         fprintf(fin, "GET %s HTTP/1.0\r\n", path);
767                         if (flushcache)
768                                 fprintf(fin, "Pragma: no-cache\r\n");
769                 } else {
770                         fprintf(fin, "GET %s HTTP/1.1\r\n", path);
771                         if (strchr(host, ':')) {
772                                 char *h, *p;
773
774                                 /*
775                                  * strip off IPv6 scope identifier, since it is
776                                  * local to the node
777                                  */
778                                 h = ftp_strdup(host);
779                                 if (isipv6addr(h) &&
780                                     (p = strchr(h, '%')) != NULL) {
781                                         *p = '\0';
782                                 }
783                                 fprintf(fin, "Host: [%s]", h);
784                                 free(h);
785                         } else
786                                 fprintf(fin, "Host: %s", host);
787                         if (portnum != HTTP_PORT)
788                                 fprintf(fin, ":%u", portnum);
789                         fprintf(fin, "\r\n");
790                         fprintf(fin, "Accept: */*\r\n");
791                         fprintf(fin, "Connection: close\r\n");
792                         if (restart_point) {
793                                 fputs(leading, ttyout);
794                                 fprintf(fin, "Range: bytes=" LLF "-\r\n",
795                                     (LLT)restart_point);
796                                 fprintf(ttyout, "restarting at " LLF,
797                                     (LLT)restart_point);
798                                 leading = ", ";
799                                 hasleading++;
800                         }
801                         if (flushcache)
802                                 fprintf(fin, "Cache-Control: no-cache\r\n");
803                 }
804                 if ((useragent=getenv("FTPUSERAGENT")) != NULL) {
805                         fprintf(fin, "User-Agent: %s\r\n", useragent);
806                 } else {
807                         fprintf(fin, "User-Agent: %s/%s\r\n",
808                             FTP_PRODUCT, FTP_VERSION);
809                 }
810                 if (wwwauth) {
811                         if (verbose) {
812                                 fprintf(ttyout, "%swith authorization",
813                                     leading);
814                                 leading = ", ";
815                                 hasleading++;
816                         }
817                         fprintf(fin, "Authorization: %s\r\n", wwwauth);
818                 }
819                 if (proxyauth) {
820                         if (verbose) {
821                                 fprintf(ttyout,
822                                     "%swith proxy authorization", leading);
823                                 leading = ", ";
824                                 hasleading++;
825                         }
826                         fprintf(fin, "Proxy-Authorization: %s\r\n", proxyauth);
827                 }
828                 if (verbose && hasleading)
829                         fputs(")\n", ttyout);
830                 fprintf(fin, "\r\n");
831                 if (fflush(fin) == EOF) {
832                         warn("Writing HTTP request");
833                         goto cleanup_fetch_url;
834                 }
835
836                                 /* Read the response */
837                 len = getline(fin, buf, sizeof(buf), &errormsg);
838                 if (len < 0) {
839                         if (*errormsg == '\n')
840                                 errormsg++;
841                         warnx("Receiving HTTP reply: %s", errormsg);
842                         goto cleanup_fetch_url;
843                 }
844                 while (len > 0 && (ISLWS(buf[len-1])))
845                         buf[--len] = '\0';
846                 DPRINTF("fetch_url: received `%s'\n", buf);
847
848                                 /* Determine HTTP response code */
849                 cp = strchr(buf, ' ');
850                 if (cp == NULL)
851                         goto improper;
852                 else
853                         cp++;
854                 hcode = strtol(cp, &ep, 10);
855                 if (*ep != '\0' && !isspace((unsigned char)*ep))
856                         goto improper;
857                 message = ftp_strdup(cp);
858
859                                 /* Read the rest of the header. */
860                 while (1) {
861                         len = getline(fin, buf, sizeof(buf), &errormsg);
862                         if (len < 0) {
863                                 if (*errormsg == '\n')
864                                         errormsg++;
865                                 warnx("Receiving HTTP reply: %s", errormsg);
866                                 goto cleanup_fetch_url;
867                         }
868                         while (len > 0 && (ISLWS(buf[len-1])))
869                                 buf[--len] = '\0';
870                         if (len == 0)
871                                 break;
872                         DPRINTF("fetch_url: received `%s'\n", buf);
873
874                 /*
875                  * Look for some headers
876                  */
877
878                         cp = buf;
879
880                         if (match_token(&cp, "Content-Length:")) {
881                                 filesize = STRTOLL(cp, &ep, 10);
882                                 if (filesize < 0 || *ep != '\0')
883                                         goto improper;
884                                 DPRINTF("fetch_url: parsed len as: " LLF "\n",
885                                     (LLT)filesize);
886
887                         } else if (match_token(&cp, "Content-Range:")) {
888                                 if (! match_token(&cp, "bytes"))
889                                         goto improper;
890
891                                 if (*cp == '*')
892                                         cp++;
893                                 else {
894                                         rangestart = STRTOLL(cp, &ep, 10);
895                                         if (rangestart < 0 || *ep != '-')
896                                                 goto improper;
897                                         cp = ep + 1;
898                                         rangeend = STRTOLL(cp, &ep, 10);
899                                         if (rangeend < 0 || rangeend < rangestart)
900                                                 goto improper;
901                                         cp = ep;
902                                 }
903                                 if (*cp != '/')
904                                         goto improper;
905                                 cp++;
906                                 if (*cp == '*')
907                                         cp++;
908                                 else {
909                                         entitylen = STRTOLL(cp, &ep, 10);
910                                         if (entitylen < 0)
911                                                 goto improper;
912                                         cp = ep;
913                                 }
914                                 if (*cp != '\0')
915                                         goto improper;
916
917 #ifndef NO_DEBUG
918                                 if (ftp_debug) {
919                                         fprintf(ttyout, "parsed range as: ");
920                                         if (rangestart == -1)
921                                                 fprintf(ttyout, "*");
922                                         else
923                                                 fprintf(ttyout, LLF "-" LLF,
924                                                     (LLT)rangestart,
925                                                     (LLT)rangeend);
926                                         fprintf(ttyout, "/" LLF "\n", (LLT)entitylen);
927                                 }
928 #endif
929                                 if (! restart_point) {
930                                         warnx(
931                                     "Received unexpected Content-Range header");
932                                         goto cleanup_fetch_url;
933                                 }
934
935                         } else if (match_token(&cp, "Last-Modified:")) {
936                                 struct tm parsed;
937                                 char *t;
938
939                                 memset(&parsed, 0, sizeof(parsed));
940                                                         /* RFC1123 */
941                                 if ((t = strptime(cp,
942                                                 "%a, %d %b %Y %H:%M:%S GMT",
943                                                 &parsed))
944                                                         /* RFC0850 */
945                                     || (t = strptime(cp,
946                                                 "%a, %d-%b-%y %H:%M:%S GMT",
947                                                 &parsed))
948                                                         /* asctime */
949                                     || (t = strptime(cp,
950                                                 "%a, %b %d %H:%M:%S %Y",
951                                                 &parsed))) {
952                                         parsed.tm_isdst = -1;
953                                         if (*t == '\0')
954                                                 mtime = timegm(&parsed);
955 #ifndef NO_DEBUG
956                                         if (ftp_debug && mtime != -1) {
957                                                 fprintf(ttyout,
958                                                     "parsed date as: %s",
959                                                 rfc2822time(localtime(&mtime)));
960                                         }
961 #endif
962                                 }
963
964                         } else if (match_token(&cp, "Location:")) {
965                                 location = ftp_strdup(cp);
966                                 DPRINTF("fetch_url: parsed location as `%s'\n",
967                                     cp);
968
969                         } else if (match_token(&cp, "Transfer-Encoding:")) {
970                                 if (match_token(&cp, "binary")) {
971                                         warnx(
972                         "Bogus transfer encoding `binary' (fetching anyway)");
973                                         continue;
974                                 }
975                                 if (! (token = match_token(&cp, "chunked"))) {
976                                         warnx(
977                                     "Unsupported transfer encoding `%s'",
978                                             token);
979                                         goto cleanup_fetch_url;
980                                 }
981                                 ischunked++;
982                                 DPRINTF("fetch_url: using chunked encoding\n");
983
984                         } else if (match_token(&cp, "Proxy-Authenticate:")
985                                 || match_token(&cp, "WWW-Authenticate:")) {
986                                 if (! (token = match_token(&cp, "Basic"))) {
987                                         DPRINTF(
988                         "fetch_url: skipping unknown auth scheme `%s'\n",
989                                                     token);
990                                         continue;
991                                 }
992                                 FREEPTR(auth);
993                                 auth = ftp_strdup(token);
994                                 DPRINTF("fetch_url: parsed auth as `%s'\n", cp);
995                         }
996
997                 }
998                                 /* finished parsing header */
999
1000                 switch (hcode) {
1001                 case 200:
1002                         break;
1003                 case 206:
1004                         if (! restart_point) {
1005                                 warnx("Not expecting partial content header");
1006                                 goto cleanup_fetch_url;
1007                         }
1008                         break;
1009                 case 300:
1010                 case 301:
1011                 case 302:
1012                 case 303:
1013                 case 305:
1014                 case 307:
1015                         if (EMPTYSTRING(location)) {
1016                                 warnx(
1017                                 "No redirection Location provided by server");
1018                                 goto cleanup_fetch_url;
1019                         }
1020                         if (redirect_loop++ > 5) {
1021                                 warnx("Too many redirections requested");
1022                                 goto cleanup_fetch_url;
1023                         }
1024                         if (hcode == 305) {
1025                                 if (verbose)
1026                                         fprintf(ttyout, "Redirected via %s\n",
1027                                             location);
1028                                 rval = fetch_url(url, location,
1029                                     proxyauth, wwwauth);
1030                         } else {
1031                                 if (verbose)
1032                                         fprintf(ttyout, "Redirected to %s\n",
1033                                             location);
1034                                 rval = go_fetch(location);
1035                         }
1036                         goto cleanup_fetch_url;
1037 #ifndef NO_AUTH
1038                 case 401:
1039                 case 407:
1040                     {
1041                         char **authp;
1042                         char *auser, *apass;
1043
1044                         if (hcode == 401) {
1045                                 authp = &wwwauth;
1046                                 auser = user;
1047                                 apass = pass;
1048                         } else {
1049                                 authp = &proxyauth;
1050                                 auser = puser;
1051                                 apass = ppass;
1052                         }
1053                         if (verbose || *authp == NULL ||
1054                             auser == NULL || apass == NULL)
1055                                 fprintf(ttyout, "%s\n", message);
1056                         if (EMPTYSTRING(auth)) {
1057                                 warnx(
1058                             "No authentication challenge provided by server");
1059                                 goto cleanup_fetch_url;
1060                         }
1061                         if (*authp != NULL) {
1062                                 char reply[10];
1063
1064                                 fprintf(ttyout,
1065                                     "Authorization failed. Retry (y/n)? ");
1066                                 if (getline(stdin, reply, sizeof(reply), NULL)
1067                                     < 0) {
1068                                         goto cleanup_fetch_url;
1069                                 }
1070                                 if (tolower((unsigned char)reply[0]) != 'y')
1071                                         goto cleanup_fetch_url;
1072                                 auser = NULL;
1073                                 apass = NULL;
1074                         }
1075                         if (auth_url(auth, authp, auser, apass) == 0) {
1076                                 rval = fetch_url(url, proxyenv,
1077                                     proxyauth, wwwauth);
1078                                 memset(*authp, 0, strlen(*authp));
1079                                 FREEPTR(*authp);
1080                         }
1081                         goto cleanup_fetch_url;
1082                     }
1083 #endif
1084                 default:
1085                         if (message)
1086                                 warnx("Error retrieving file `%s'", message);
1087                         else
1088                                 warnx("Unknown error retrieving file");
1089                         goto cleanup_fetch_url;
1090                 }
1091         }               /* end of ftp:// or http:// specific setup */
1092
1093                         /* Open the output file. */
1094         if (strcmp(savefile, "-") == 0) {
1095                 fout = stdout;
1096         } else if (*savefile == '|') {
1097                 oldintp = xsignal(SIGPIPE, SIG_IGN);
1098                 fout = popen(savefile + 1, "w");
1099                 if (fout == NULL) {
1100                         warn("Can't execute `%s'", savefile + 1);
1101                         goto cleanup_fetch_url;
1102                 }
1103                 closefunc = pclose;
1104         } else {
1105                 if ((rangeend != -1 && rangeend <= restart_point) ||
1106                     (rangestart == -1 && filesize != -1 && filesize <= restart_point)) {
1107                         /* already done */
1108                         if (verbose)
1109                                 fprintf(ttyout, "already done\n");
1110                         rval = 0;
1111                         goto cleanup_fetch_url;
1112                 }
1113                 if (restart_point && rangestart != -1) {
1114                         if (entitylen != -1)
1115                                 filesize = entitylen;
1116                         if (rangestart != restart_point) {
1117                                 warnx(
1118                                     "Size of `%s' differs from save file `%s'",
1119                                     url, savefile);
1120                                 goto cleanup_fetch_url;
1121                         }
1122                         fout = fopen(savefile, "a");
1123                 } else
1124                         fout = fopen(savefile, "w");
1125                 if (fout == NULL) {
1126                         warn("Can't open `%s'", savefile);
1127                         goto cleanup_fetch_url;
1128                 }
1129                 closefunc = fclose;
1130         }
1131
1132                         /* Trap signals */
1133         if (sigsetjmp(httpabort, 1))
1134                 goto cleanup_fetch_url;
1135         (void)xsignal(SIGQUIT, psummary);
1136         oldintr = xsignal(SIGINT, aborthttp);
1137
1138         if (rcvbuf_size > bufsize) {
1139                 if (xferbuf)
1140                         (void)free(xferbuf);
1141                 bufsize = rcvbuf_size;
1142                 xferbuf = ftp_malloc(bufsize);
1143         }
1144
1145         bytes = 0;
1146         hashbytes = mark;
1147         progressmeter(-1);
1148
1149                         /* Finally, suck down the file. */
1150         do {
1151                 long chunksize;
1152                 short lastchunk;
1153
1154                 chunksize = 0;
1155                 lastchunk = 0;
1156                                         /* read chunk-size */
1157                 if (ischunked) {
1158                         if (fgets(xferbuf, bufsize, fin) == NULL) {
1159                                 warnx("Unexpected EOF reading chunk-size");
1160                                 goto cleanup_fetch_url;
1161                         }
1162                         errno = 0;
1163                         chunksize = strtol(xferbuf, &ep, 16);
1164                         if (ep == xferbuf) {
1165                                 warnx("Invalid chunk-size");
1166                                 goto cleanup_fetch_url;
1167                         }
1168                         if (errno == ERANGE || chunksize < 0) {
1169                                 errno = ERANGE;
1170                                 warn("Chunk-size `%.*s'",
1171                                     (int)(ep-xferbuf), xferbuf);
1172                                 goto cleanup_fetch_url;
1173                         }
1174
1175                                 /*
1176                                  * XXX: Work around bug in Apache 1.3.9 and
1177                                  *      1.3.11, which incorrectly put trailing
1178                                  *      space after the chunk-size.
1179                                  */
1180                         while (*ep == ' ')
1181                                 ep++;
1182
1183                                         /* skip [ chunk-ext ] */
1184                         if (*ep == ';') {
1185                                 while (*ep && *ep != '\r')
1186                                         ep++;
1187                         }
1188
1189                         if (strcmp(ep, "\r\n") != 0) {
1190                                 warnx("Unexpected data following chunk-size");
1191                                 goto cleanup_fetch_url;
1192                         }
1193                         DPRINTF("fetch_url: got chunk-size of " LLF "\n",
1194                             (LLT)chunksize);
1195                         if (chunksize == 0) {
1196                                 lastchunk = 1;
1197                                 goto chunkdone;
1198                         }
1199                 }
1200                                         /* transfer file or chunk */
1201                 while (1) {
1202                         struct timeval then, now, td;
1203                         off_t bufrem;
1204
1205                         if (rate_get)
1206                                 (void)gettimeofday(&then, NULL);
1207                         bufrem = rate_get ? rate_get : bufsize;
1208                         if (ischunked)
1209                                 bufrem = MIN(chunksize, bufrem);
1210                         while (bufrem > 0) {
1211                                 len = fread(xferbuf, sizeof(char),
1212                                     MIN(bufsize, bufrem), fin);
1213                                 if (len <= 0)
1214                                         goto chunkdone;
1215                                 bytes += len;
1216                                 bufrem -= len;
1217                                 if (fwrite(xferbuf, sizeof(char), len, fout)
1218                                     != len) {
1219                                         warn("Writing `%s'", savefile);
1220                                         goto cleanup_fetch_url;
1221                                 }
1222                                 if (hash && !progress) {
1223                                         while (bytes >= hashbytes) {
1224                                                 (void)putc('#', ttyout);
1225                                                 hashbytes += mark;
1226                                         }
1227                                         (void)fflush(ttyout);
1228                                 }
1229                                 if (ischunked) {
1230                                         chunksize -= len;
1231                                         if (chunksize <= 0)
1232                                                 break;
1233                                 }
1234                         }
1235                         if (rate_get) {
1236                                 while (1) {
1237                                         (void)gettimeofday(&now, NULL);
1238                                         timersub(&now, &then, &td);
1239                                         if (td.tv_sec > 0)
1240                                                 break;
1241                                         usleep(1000000 - td.tv_usec);
1242                                 }
1243                         }
1244                         if (ischunked && chunksize <= 0)
1245                                 break;
1246                 }
1247                                         /* read CRLF after chunk*/
1248  chunkdone:
1249                 if (ischunked) {
1250                         if (fgets(xferbuf, bufsize, fin) == NULL) {
1251                                 warnx("Unexpected EOF reading chunk CRLF");
1252                                 goto cleanup_fetch_url;
1253                         }
1254                         if (strcmp(xferbuf, "\r\n") != 0) {
1255                                 warnx("Unexpected data following chunk");
1256                                 goto cleanup_fetch_url;
1257                         }
1258                         if (lastchunk)
1259                                 break;
1260                 }
1261         } while (ischunked);
1262
1263 /* XXX: deal with optional trailer & CRLF here? */
1264
1265         if (hash && !progress && bytes > 0) {
1266                 if (bytes < mark)
1267                         (void)putc('#', ttyout);
1268                 (void)putc('\n', ttyout);
1269         }
1270         if (ferror(fin)) {
1271                 warn("Reading file");
1272                 goto cleanup_fetch_url;
1273         }
1274         progressmeter(1);
1275         (void)fflush(fout);
1276         if (closefunc == fclose && mtime != -1) {
1277                 struct timeval tval[2];
1278
1279                 (void)gettimeofday(&tval[0], NULL);
1280                 tval[1].tv_sec = mtime;
1281                 tval[1].tv_usec = 0;
1282                 (*closefunc)(fout);
1283                 fout = NULL;
1284
1285                 if (utimes(savefile, tval) == -1) {
1286                         fprintf(ttyout,
1287                             "Can't change modification time to %s",
1288                             rfc2822time(localtime(&mtime)));
1289                 }
1290         }
1291         if (bytes > 0)
1292                 ptransfer(0);
1293         bytes = 0;
1294
1295         rval = 0;
1296         goto cleanup_fetch_url;
1297
1298  improper:
1299         warnx("Improper response from `%s'", host);
1300
1301  cleanup_fetch_url:
1302         if (oldintr)
1303                 (void)xsignal(SIGINT, oldintr);
1304         if (oldintp)
1305                 (void)xsignal(SIGPIPE, oldintp);
1306         if (fin != NULL)
1307                 fclose(fin);
1308         else if (s != -1)
1309                 close(s);
1310         if (closefunc != NULL && fout != NULL)
1311                 (*closefunc)(fout);
1312         if (res0)
1313                 freeaddrinfo(res0);
1314         FREEPTR(savefile);
1315         FREEPTR(user);
1316         if (pass != NULL)
1317                 memset(pass, 0, strlen(pass));
1318         FREEPTR(pass);
1319         FREEPTR(host);
1320         FREEPTR(port);
1321         FREEPTR(path);
1322         FREEPTR(decodedpath);
1323         FREEPTR(puser);
1324         if (ppass != NULL)
1325                 memset(ppass, 0, strlen(ppass));
1326         FREEPTR(ppass);
1327         FREEPTR(auth);
1328         FREEPTR(location);
1329         FREEPTR(message);
1330         return (rval);
1331 }
1332
1333 /*
1334  * Abort a HTTP retrieval
1335  */
1336 void
1337 aborthttp(int notused)
1338 {
1339         char msgbuf[100];
1340         size_t len;
1341
1342         sigint_raised = 1;
1343         alarmtimer(0);
1344         len = strlcpy(msgbuf, "\nHTTP fetch aborted.\n", sizeof(msgbuf));
1345         write(fileno(ttyout), msgbuf, len);
1346         siglongjmp(httpabort, 1);
1347 }
1348
1349 /*
1350  * Retrieve ftp URL or classic ftp argument using FTP.
1351  * Returns 1 on failure, 0 on completed xfer, -1 if ftp connection
1352  * is still open (e.g, ftp xfer with trailing /)
1353  */
1354 static int
1355 fetch_ftp(const char *url)
1356 {
1357         char            *cp, *xargv[5], rempath[MAXPATHLEN];
1358         char            *host, *path, *dir, *file, *user, *pass;
1359         char            *port;
1360         int              dirhasglob, filehasglob, rval, type, xargc;
1361         int              oanonftp, oautologin;
1362         in_port_t        portnum;
1363         url_t            urltype;
1364
1365         DPRINTF("fetch_ftp: `%s'\n", url);
1366         host = path = dir = file = user = pass = NULL;
1367         port = NULL;
1368         rval = 1;
1369         type = TYPE_I;
1370
1371         if (STRNEQUAL(url, FTP_URL)) {
1372                 if ((parse_url(url, "URL", &urltype, &user, &pass,
1373                     &host, &port, &portnum, &path) == -1) ||
1374                     (user != NULL && *user == '\0') ||
1375                     EMPTYSTRING(host)) {
1376                         warnx("Invalid URL `%s'", url);
1377                         goto cleanup_fetch_ftp;
1378                 }
1379                 /*
1380                  * Note: Don't url_decode(path) here.  We need to keep the
1381                  * distinction between "/" and "%2F" until later.
1382                  */
1383
1384                                         /* check for trailing ';type=[aid]' */
1385                 if (! EMPTYSTRING(path) && (cp = strrchr(path, ';')) != NULL) {
1386                         if (strcasecmp(cp, ";type=a") == 0)
1387                                 type = TYPE_A;
1388                         else if (strcasecmp(cp, ";type=i") == 0)
1389                                 type = TYPE_I;
1390                         else if (strcasecmp(cp, ";type=d") == 0) {
1391                                 warnx(
1392                             "Directory listing via a URL is not supported");
1393                                 goto cleanup_fetch_ftp;
1394                         } else {
1395                                 warnx("Invalid suffix `%s' in URL `%s'", cp,
1396                                     url);
1397                                 goto cleanup_fetch_ftp;
1398                         }
1399                         *cp = 0;
1400                 }
1401         } else {                        /* classic style `[user@]host:[file]' */
1402                 urltype = CLASSIC_URL_T;
1403                 host = ftp_strdup(url);
1404                 cp = strchr(host, '@');
1405                 if (cp != NULL) {
1406                         *cp = '\0';
1407                         user = host;
1408                         anonftp = 0;    /* disable anonftp */
1409                         host = ftp_strdup(cp + 1);
1410                 }
1411                 cp = strchr(host, ':');
1412                 if (cp != NULL) {
1413                         *cp = '\0';
1414                         path = ftp_strdup(cp + 1);
1415                 }
1416         }
1417         if (EMPTYSTRING(host))
1418                 goto cleanup_fetch_ftp;
1419
1420                         /* Extract the file and (if present) directory name. */
1421         dir = path;
1422         if (! EMPTYSTRING(dir)) {
1423                 /*
1424                  * If we are dealing with classic `[user@]host:[path]' syntax,
1425                  * then a path of the form `/file' (resulting from input of the
1426                  * form `host:/file') means that we should do "CWD /" before
1427                  * retrieving the file.  So we set dir="/" and file="file".
1428                  *
1429                  * But if we are dealing with URLs like `ftp://host/path' then
1430                  * a path of the form `/file' (resulting from a URL of the form
1431                  * `ftp://host//file') means that we should do `CWD ' (with an
1432                  * empty argument) before retrieving the file.  So we set
1433                  * dir="" and file="file".
1434                  *
1435                  * If the path does not contain / at all, we set dir=NULL.
1436                  * (We get a path without any slashes if we are dealing with
1437                  * classic `[user@]host:[file]' or URL `ftp://host/file'.)
1438                  *
1439                  * In all other cases, we set dir to a string that does not
1440                  * include the final '/' that separates the dir part from the
1441                  * file part of the path.  (This will be the empty string if
1442                  * and only if we are dealing with a path of the form `/file'
1443                  * resulting from an URL of the form `ftp://host//file'.)
1444                  */
1445                 cp = strrchr(dir, '/');
1446                 if (cp == dir && urltype == CLASSIC_URL_T) {
1447                         file = cp + 1;
1448                         dir = "/";
1449                 } else if (cp != NULL) {
1450                         *cp++ = '\0';
1451                         file = cp;
1452                 } else {
1453                         file = dir;
1454                         dir = NULL;
1455                 }
1456         } else
1457                 dir = NULL;
1458         if (urltype == FTP_URL_T && file != NULL) {
1459                 url_decode(file);
1460                 /* but still don't url_decode(dir) */
1461         }
1462         DPRINTF("fetch_ftp: user `%s' pass `%s' host %s port %s "
1463             "path `%s' dir `%s' file `%s'\n",
1464             STRorNULL(user), STRorNULL(pass),
1465             STRorNULL(host), STRorNULL(port),
1466             STRorNULL(path), STRorNULL(dir), STRorNULL(file));
1467
1468         dirhasglob = filehasglob = 0;
1469         if (doglob && urltype == CLASSIC_URL_T) {
1470                 if (! EMPTYSTRING(dir) && strpbrk(dir, "*?[]{}") != NULL)
1471                         dirhasglob = 1;
1472                 if (! EMPTYSTRING(file) && strpbrk(file, "*?[]{}") != NULL)
1473                         filehasglob = 1;
1474         }
1475
1476                         /* Set up the connection */
1477         oanonftp = anonftp;
1478         if (connected)
1479                 disconnect(0, NULL);
1480         anonftp = oanonftp;
1481         xargv[0] = (char *)getprogname();       /* XXX discards const */
1482         xargv[1] = host;
1483         xargv[2] = NULL;
1484         xargc = 2;
1485         if (port) {
1486                 xargv[2] = port;
1487                 xargv[3] = NULL;
1488                 xargc = 3;
1489         }
1490         oautologin = autologin;
1491                 /* don't autologin in setpeer(), use ftp_login() below */
1492         autologin = 0;
1493         setpeer(xargc, xargv);
1494         autologin = oautologin;
1495         if ((connected == 0) ||
1496             (connected == 1 && !ftp_login(host, user, pass))) {
1497                 warnx("Can't connect or login to host `%s'", host);
1498                 goto cleanup_fetch_ftp;
1499         }
1500
1501         switch (type) {
1502         case TYPE_A:
1503                 setascii(1, xargv);
1504                 break;
1505         case TYPE_I:
1506                 setbinary(1, xargv);
1507                 break;
1508         default:
1509                 errx(1, "fetch_ftp: unknown transfer type %d", type);
1510         }
1511
1512                 /*
1513                  * Change directories, if necessary.
1514                  *
1515                  * Note: don't use EMPTYSTRING(dir) below, because
1516                  * dir=="" means something different from dir==NULL.
1517                  */
1518         if (dir != NULL && !dirhasglob) {
1519                 char *nextpart;
1520
1521                 /*
1522                  * If we are dealing with a classic `[user@]host:[path]'
1523                  * (urltype is CLASSIC_URL_T) then we have a raw directory
1524                  * name (not encoded in any way) and we can change
1525                  * directories in one step.
1526                  *
1527                  * If we are dealing with an `ftp://host/path' URL
1528                  * (urltype is FTP_URL_T), then RFC3986 says we need to
1529                  * send a separate CWD command for each unescaped "/"
1530                  * in the path, and we have to interpret %hex escaping
1531                  * *after* we find the slashes.  It's possible to get
1532                  * empty components here, (from multiple adjacent
1533                  * slashes in the path) and RFC3986 says that we should
1534                  * still do `CWD ' (with a null argument) in such cases.
1535                  *
1536                  * Many ftp servers don't support `CWD ', so if there's an
1537                  * error performing that command, bail out with a descriptive
1538                  * message.
1539                  *
1540                  * Examples:
1541                  *
1542                  * host:                        dir="", urltype=CLASSIC_URL_T
1543                  *              logged in (to default directory)
1544                  * host:file                    dir=NULL, urltype=CLASSIC_URL_T
1545                  *              "RETR file"
1546                  * host:dir/                    dir="dir", urltype=CLASSIC_URL_T
1547                  *              "CWD dir", logged in
1548                  * ftp://host/                  dir="", urltype=FTP_URL_T
1549                  *              logged in (to default directory)
1550                  * ftp://host/dir/              dir="dir", urltype=FTP_URL_T
1551                  *              "CWD dir", logged in
1552                  * ftp://host/file              dir=NULL, urltype=FTP_URL_T
1553                  *              "RETR file"
1554                  * ftp://host//file             dir="", urltype=FTP_URL_T
1555                  *              "CWD ", "RETR file"
1556                  * host:/file                   dir="/", urltype=CLASSIC_URL_T
1557                  *              "CWD /", "RETR file"
1558                  * ftp://host///file            dir="/", urltype=FTP_URL_T
1559                  *              "CWD ", "CWD ", "RETR file"
1560                  * ftp://host/%2F/file          dir="%2F", urltype=FTP_URL_T
1561                  *              "CWD /", "RETR file"
1562                  * ftp://host/foo/file          dir="foo", urltype=FTP_URL_T
1563                  *              "CWD foo", "RETR file"
1564                  * ftp://host/foo/bar/file      dir="foo/bar"
1565                  *              "CWD foo", "CWD bar", "RETR file"
1566                  * ftp://host//foo/bar/file     dir="/foo/bar"
1567                  *              "CWD ", "CWD foo", "CWD bar", "RETR file"
1568                  * ftp://host/foo//bar/file     dir="foo//bar"
1569                  *              "CWD foo", "CWD ", "CWD bar", "RETR file"
1570                  * ftp://host/%2F/foo/bar/file  dir="%2F/foo/bar"
1571                  *              "CWD /", "CWD foo", "CWD bar", "RETR file"
1572                  * ftp://host/%2Ffoo/bar/file   dir="%2Ffoo/bar"
1573                  *              "CWD /foo", "CWD bar", "RETR file"
1574                  * ftp://host/%2Ffoo%2Fbar/file dir="%2Ffoo%2Fbar"
1575                  *              "CWD /foo/bar", "RETR file"
1576                  * ftp://host/%2Ffoo%2Fbar%2Ffile       dir=NULL
1577                  *              "RETR /foo/bar/file"
1578                  *
1579                  * Note that we don't need `dir' after this point.
1580                  */
1581                 do {
1582                         if (urltype == FTP_URL_T) {
1583                                 nextpart = strchr(dir, '/');
1584                                 if (nextpart) {
1585                                         *nextpart = '\0';
1586                                         nextpart++;
1587                                 }
1588                                 url_decode(dir);
1589                         } else
1590                                 nextpart = NULL;
1591                         DPRINTF("fetch_ftp: dir `%s', nextpart `%s'\n",
1592                             STRorNULL(dir), STRorNULL(nextpart));
1593                         if (urltype == FTP_URL_T || *dir != '\0') {
1594                                 xargv[0] = "cd";
1595                                 xargv[1] = dir;
1596                                 xargv[2] = NULL;
1597                                 dirchange = 0;
1598                                 cd(2, xargv);
1599                                 if (! dirchange) {
1600                                         if (*dir == '\0' && code == 500)
1601                                                 fprintf(stderr,
1602 "\n"
1603 "ftp: The `CWD ' command (without a directory), which is required by\n"
1604 "     RFC3986 to support the empty directory in the URL pathname (`//'),\n"
1605 "     conflicts with the server's conformance to RFC0959.\n"
1606 "     Try the same URL without the `//' in the URL pathname.\n"
1607 "\n");
1608                                         goto cleanup_fetch_ftp;
1609                                 }
1610                         }
1611                         dir = nextpart;
1612                 } while (dir != NULL);
1613         }
1614
1615         if (EMPTYSTRING(file)) {
1616                 rval = -1;
1617                 goto cleanup_fetch_ftp;
1618         }
1619
1620         if (dirhasglob) {
1621                 (void)strlcpy(rempath, dir,     sizeof(rempath));
1622                 (void)strlcat(rempath, "/",     sizeof(rempath));
1623                 (void)strlcat(rempath, file,    sizeof(rempath));
1624                 file = rempath;
1625         }
1626
1627                         /* Fetch the file(s). */
1628         xargc = 2;
1629         xargv[0] = "get";
1630         xargv[1] = file;
1631         xargv[2] = NULL;
1632         if (dirhasglob || filehasglob) {
1633                 int ointeractive;
1634
1635                 ointeractive = interactive;
1636                 interactive = 0;
1637                 if (restartautofetch)
1638                         xargv[0] = "mreget";
1639                 else
1640                         xargv[0] = "mget";
1641                 mget(xargc, xargv);
1642                 interactive = ointeractive;
1643         } else {
1644                 if (outfile == NULL) {
1645                         cp = strrchr(file, '/');        /* find savefile */
1646                         if (cp != NULL)
1647                                 outfile = cp + 1;
1648                         else
1649                                 outfile = file;
1650                 }
1651                 xargv[2] = (char *)outfile;
1652                 xargv[3] = NULL;
1653                 xargc++;
1654                 if (restartautofetch)
1655                         reget(xargc, xargv);
1656                 else
1657                         get(xargc, xargv);
1658         }
1659
1660         if ((code / 100) == COMPLETE)
1661                 rval = 0;
1662
1663  cleanup_fetch_ftp:
1664         FREEPTR(port);
1665         FREEPTR(host);
1666         FREEPTR(path);
1667         FREEPTR(user);
1668         if (pass)
1669                 memset(pass, 0, strlen(pass));
1670         FREEPTR(pass);
1671         return (rval);
1672 }
1673
1674 /*
1675  * Retrieve the given file to outfile.
1676  * Supports arguments of the form:
1677  *      "host:path", "ftp://host/path"  if $ftpproxy, call fetch_url() else
1678  *                                      call fetch_ftp()
1679  *      "http://host/path"              call fetch_url() to use HTTP
1680  *      "file:///path"                  call fetch_url() to copy
1681  *      "about:..."                     print a message
1682  *
1683  * Returns 1 on failure, 0 on completed xfer, -1 if ftp connection
1684  * is still open (e.g, ftp xfer with trailing /)
1685  */
1686 static int
1687 go_fetch(const char *url)
1688 {
1689         char *proxy;
1690
1691 #ifndef NO_ABOUT
1692         /*
1693          * Check for about:*
1694          */
1695         if (STRNEQUAL(url, ABOUT_URL)) {
1696                 url += sizeof(ABOUT_URL) -1;
1697                 if (strcasecmp(url, "ftp") == 0 ||
1698                     strcasecmp(url, "tnftp") == 0) {
1699                         fputs(
1700 "This version of ftp has been enhanced by Luke Mewburn <lukem@NetBSD.org>\n"
1701 "for the NetBSD project.  Execute `man ftp' for more details.\n", ttyout);
1702                 } else if (strcasecmp(url, "lukem") == 0) {
1703                         fputs(
1704 "Luke Mewburn is the author of most of the enhancements in this ftp client.\n"
1705 "Please email feedback to <lukem@NetBSD.org>.\n", ttyout);
1706                 } else if (strcasecmp(url, "netbsd") == 0) {
1707                         fputs(
1708 "NetBSD is a freely available and redistributable UNIX-like operating system.\n"
1709 "For more information, see http://www.NetBSD.org/\n", ttyout);
1710                 } else if (strcasecmp(url, "version") == 0) {
1711                         fprintf(ttyout, "Version: %s %s%s\n",
1712                             FTP_PRODUCT, FTP_VERSION,
1713 #ifdef INET6
1714                             ""
1715 #else
1716                             " (-IPv6)"
1717 #endif
1718                         );
1719                 } else {
1720                         fprintf(ttyout, "`%s' is an interesting topic.\n", url);
1721                 }
1722                 fputs("\n", ttyout);
1723                 return (0);
1724         }
1725 #endif
1726
1727         /*
1728          * Check for file:// and http:// URLs.
1729          */
1730         if (STRNEQUAL(url, HTTP_URL) || STRNEQUAL(url, FILE_URL))
1731                 return (fetch_url(url, NULL, NULL, NULL));
1732
1733         /*
1734          * Try FTP URL-style and host:file arguments next.
1735          * If ftpproxy is set with an FTP URL, use fetch_url()
1736          * Othewise, use fetch_ftp().
1737          */
1738         proxy = getoptionvalue("ftp_proxy");
1739         if (!EMPTYSTRING(proxy) && STRNEQUAL(url, FTP_URL))
1740                 return (fetch_url(url, NULL, NULL, NULL));
1741
1742         return (fetch_ftp(url));
1743 }
1744
1745 /*
1746  * Retrieve multiple files from the command line,
1747  * calling go_fetch() for each file.
1748  *
1749  * If an ftp path has a trailing "/", the path will be cd-ed into and
1750  * the connection remains open, and the function will return -1
1751  * (to indicate the connection is alive).
1752  * If an error occurs the return value will be the offset+1 in
1753  * argv[] of the file that caused a problem (i.e, argv[x]
1754  * returns x+1)
1755  * Otherwise, 0 is returned if all files retrieved successfully.
1756  */
1757 int
1758 auto_fetch(int argc, char *argv[])
1759 {
1760         volatile int    argpos, rval;
1761
1762         argpos = rval = 0;
1763
1764         if (sigsetjmp(toplevel, 1)) {
1765                 if (connected)
1766                         disconnect(0, NULL);
1767                 if (rval > 0)
1768                         rval = argpos + 1;
1769                 return (rval);
1770         }
1771         (void)xsignal(SIGINT, intr);
1772         (void)xsignal(SIGPIPE, lostpeer);
1773
1774         /*
1775          * Loop through as long as there's files to fetch.
1776          */
1777         for (; (rval == 0) && (argpos < argc); argpos++) {
1778                 if (strchr(argv[argpos], ':') == NULL)
1779                         break;
1780                 redirect_loop = 0;
1781                 if (!anonftp)
1782                         anonftp = 2;    /* Handle "automatic" transfers. */
1783                 rval = go_fetch(argv[argpos]);
1784                 if (outfile != NULL && strcmp(outfile, "-") != 0
1785                     && outfile[0] != '|')
1786                         outfile = NULL;
1787                 if (rval > 0)
1788                         rval = argpos + 1;
1789         }
1790
1791         if (connected && rval != -1)
1792                 disconnect(0, NULL);
1793         return (rval);
1794 }
1795
1796
1797 /*
1798  * Upload multiple files from the command line.
1799  *
1800  * If an error occurs the return value will be the offset+1 in
1801  * argv[] of the file that caused a problem (i.e, argv[x]
1802  * returns x+1)
1803  * Otherwise, 0 is returned if all files uploaded successfully.
1804  */
1805 int
1806 auto_put(int argc, char **argv, const char *uploadserver)
1807 {
1808         char    *uargv[4], *path, *pathsep;
1809         int      uargc, rval, argpos;
1810         size_t   len;
1811
1812         uargc = 0;
1813         uargv[uargc++] = "mput";
1814         uargv[uargc++] = argv[0];
1815         uargv[2] = uargv[3] = NULL;
1816         pathsep = NULL;
1817         rval = 1;
1818
1819         DPRINTF("auto_put: target `%s'\n", uploadserver);
1820
1821         path = ftp_strdup(uploadserver);
1822         len = strlen(path);
1823         if (path[len - 1] != '/' && path[len - 1] != ':') {
1824                         /*
1825                          * make sure we always pass a directory to auto_fetch
1826                          */
1827                 if (argc > 1) {         /* more than one file to upload */
1828                         len = strlen(uploadserver) + 2; /* path + "/" + "\0" */
1829                         free(path);
1830                         path = (char *)ftp_malloc(len);
1831                         (void)strlcpy(path, uploadserver, len);
1832                         (void)strlcat(path, "/", len);
1833                 } else {                /* single file to upload */
1834                         uargv[0] = "put";
1835                         pathsep = strrchr(path, '/');
1836                         if (pathsep == NULL) {
1837                                 pathsep = strrchr(path, ':');
1838                                 if (pathsep == NULL) {
1839                                         warnx("Invalid URL `%s'", path);
1840                                         goto cleanup_auto_put;
1841                                 }
1842                                 pathsep++;
1843                                 uargv[2] = ftp_strdup(pathsep);
1844                                 pathsep[0] = '/';
1845                         } else
1846                                 uargv[2] = ftp_strdup(pathsep + 1);
1847                         pathsep[1] = '\0';
1848                         uargc++;
1849                 }
1850         }
1851         DPRINTF("auto_put: URL `%s' argv[2] `%s'\n",
1852             path, STRorNULL(uargv[2]));
1853
1854                         /* connect and cwd */
1855         rval = auto_fetch(1, &path);
1856         if(rval >= 0)
1857                 goto cleanup_auto_put;
1858
1859         rval = 0;
1860
1861                         /* target filename provided; upload 1 file */
1862                         /* XXX : is this the best way? */
1863         if (uargc == 3) {
1864                 uargv[1] = argv[0];
1865                 put(uargc, uargv);
1866                 if ((code / 100) != COMPLETE)
1867                         rval = 1;
1868         } else {        /* otherwise a target dir: upload all files to it */
1869                 for(argpos = 0; argv[argpos] != NULL; argpos++) {
1870                         uargv[1] = argv[argpos];
1871                         mput(uargc, uargv);
1872                         if ((code / 100) != COMPLETE) {
1873                                 rval = argpos + 1;
1874                                 break;
1875                         }
1876                 }
1877         }
1878
1879  cleanup_auto_put:
1880         free(path);
1881         FREEPTR(uargv[2]);
1882         return (rval);
1883 }