I think I'm done tinkering. try these out in ftp folder. I left in some fprintf(ttyout,...) in main.c to show what is being unveiled. It resolves shortcuts in SSL_CAFILE and SSL_PATH variables. It leaves in place the functionality of the original functions, but adds the availability to perform a dry run pass to load an unveil list of potential files from which to read and create/write. The only potential bug is perhaps if in the followup unveiled pass if it has a problem with dns resolution or something, it may be unveiled and drop into a command line. I'm not sure.
The diff is of the three files below vs the originals since I last updated the source files. -Luke -- -Luke
diff
Description: Binary data
/* $OpenBSD: main.c,v 1.131 2020/02/11 18:41:39 deraadt Exp $ */
/* $NetBSD: main.c,v 1.24 1997/08/18 10:20:26 lukem Exp $ */
/*
* Copyright (C) 1997 and 1998 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* Copyright (c) 1985, 1989, 1993, 1994
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* FTP User Program -- Command Interface.
*/
#include <sys/types.h>
#include <sys/socket.h>
#include <ctype.h>
#include <err.h>
#include <fcntl.h>
#include <netdb.h>
#include <pwd.h>
#include <stdio.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <tls.h>
#include "cmds.h"
#include "ftp_var.h"
#ifndef SMALL
#include "pathnames.h"
#endif
int connect_timeout;
#ifndef NOSSL
char * const ssl_verify_opts[] = {
#define SSL_CAFILE 0
"cafile",
#define SSL_CAPATH 1
"capath",
#define SSL_CIPHERS 2
"ciphers",
#define SSL_DONTVERIFY 3
"dont",
#define SSL_DOVERIFY 4
"do",
#define SSL_VERIFYDEPTH 5
"depth",
#define SSL_MUSTSTAPLE 6
"muststaple",
#define SSL_NOVERIFYTIME 7
"noverifytime",
#define SSL_SESSION 8
"session",
NULL
};
struct tls_config *tls_config;
int tls_session_fd = -1;
static void
process_ssl_options(char *cp, char *ca_file, char *ca_path)
{
const char *errstr;
long long depth;
char *str;
while (*cp) {
switch (getsubopt(&cp, ssl_verify_opts, &str)) {
case SSL_CAFILE:
if (str == NULL)
errx(1, "missing CA file");
if (tls_config_set_ca_file(tls_config, str) != 0)
errx(1, "tls ca file failed: %s",
tls_config_error(tls_config));
strlcpy(ca_file, str, PATH_MAX + 1);
break;
case SSL_CAPATH:
if (str == NULL)
errx(1, "missing CA directory path");
if (tls_config_set_ca_path(tls_config, str) != 0)
errx(1, "tls ca path failed: %s",
tls_config_error(tls_config));
strlcpy(ca_path, str, PATH_MAX + 1);
break;
case SSL_CIPHERS:
if (str == NULL)
errx(1, "missing cipher list");
if (tls_config_set_ciphers(tls_config, str) != 0)
errx(1, "tls ciphers failed: %s",
tls_config_error(tls_config));
break;
case SSL_DONTVERIFY:
tls_config_insecure_noverifycert(tls_config);
tls_config_insecure_noverifyname(tls_config);
break;
case SSL_DOVERIFY:
tls_config_verify(tls_config);
break;
case SSL_VERIFYDEPTH:
if (str == NULL)
errx(1, "missing depth");
depth = strtonum(str, 0, INT_MAX, &errstr);
if (errstr)
errx(1, "certificate validation depth is %s",
errstr);
tls_config_set_verify_depth(tls_config, (int)depth);
break;
case SSL_MUSTSTAPLE:
tls_config_ocsp_require_stapling(tls_config);
break;
case SSL_NOVERIFYTIME:
tls_config_insecure_noverifytime(tls_config);
break;
case SSL_SESSION:
if (str == NULL)
errx(1, "missing session file");
if ((tls_session_fd = open(str, O_RDWR|O_CREAT,
0600)) == -1)
err(1, "failed to open or create session file "
"'%s'", str);
if (tls_config_set_session_fd(tls_config,
tls_session_fd) == -1)
errx(1, "failed to set session: %s",
tls_config_error(tls_config));
break;
default:
errx(1, "unknown -S suboption `%s'",
suboptarg ? suboptarg : "");
/* NOTREACHED */
}
}
}
#endif /* !NOSSL */
int family = PF_UNSPEC;
int pipeout;
int
main(volatile int argc, char *argv[])
{
int ch, rval, i, j;
#ifndef SMALL
int top;
#endif
struct passwd *pw = NULL;
char *cp, homedir[PATH_MAX];
char *outfile = NULL;
const char *errstr;
int dumb_terminal = 0;
char **unveil_list = NULL;
char *shellp;
int temp_stdout;
int temp_stderr;
#ifndef SMALL
char *ca_file;
char *ca_path;
char *ca_temp;
char *ca_temp2;
ca_file = malloc(PATH_MAX + 1);
if (ca_file == NULL)
err(1, "malloc");
*ca_file = '\0';
ca_path = malloc(PATH_MAX + 1);
if (ca_path == NULL)
err(1, "malloc");
*ca_path = '\0';
#endif
ftpport = "ftp";
httpport = "http";
#ifndef NOSSL
httpsport = "https";
#endif /* !NOSSL */
gateport = getenv("FTPSERVERPORT");
if (gateport == NULL || *gateport == '\0')
gateport = "ftpgate";
doglob = 1;
interactive = 1;
autologin = 1;
passivemode = 1;
activefallback = 1;
preserve = 1;
verbose = 0;
progress = 0;
gatemode = 0;
#ifndef NOSSL
cookiefile = NULL;
#endif /* NOSSL */
#ifndef SMALL
editing = 0;
el = NULL;
hist = NULL;
resume = 0;
srcaddr = NULL;
marg_sl = sl_init();
#endif /* !SMALL */
mark = HASHBYTES;
epsv4 = 1;
epsv4bad = 0;
/* Set default operation mode based on FTPMODE environment variable */
if ((cp = getenv("FTPMODE")) != NULL && *cp != '\0') {
if (strcmp(cp, "passive") == 0) {
passivemode = 1;
activefallback = 0;
} else if (strcmp(cp, "active") == 0) {
passivemode = 0;
activefallback = 0;
} else if (strcmp(cp, "gate") == 0) {
gatemode = 1;
} else if (strcmp(cp, "auto") == 0) {
passivemode = 1;
activefallback = 1;
} else
warnx("unknown FTPMODE: %s. Using defaults", cp);
}
if (strcmp(__progname, "gate-ftp") == 0)
gatemode = 1;
gateserver = getenv("FTPSERVER");
if (gateserver == NULL)
gateserver = "";
if (gatemode) {
if (*gateserver == '\0') {
warnx(
"Neither $FTPSERVER nor $GATE_SERVER is defined; disabling gate-ftp");
gatemode = 0;
}
}
cp = getenv("TERM");
dumb_terminal = (cp == NULL || *cp == '\0' || !strcmp(cp, "dumb") ||
!strcmp(cp, "emacs") || !strcmp(cp, "su"));
fromatty = isatty(fileno(stdin));
if (fromatty) {
verbose = 1; /* verbose if from a tty */
#ifndef SMALL
if (!dumb_terminal)
editing = 1; /* editing mode on if tty is usable */
#endif /* !SMALL */
}
ttyout = stdout;
if (isatty(fileno(ttyout)) && !dumb_terminal && foregroundproc())
progress = 1; /* progress bar on if tty is usable */
#ifndef NOSSL
cookiefile = getenv("http_cookies");
if (tls_init() != 0)
errx(1, "tls init failed");
if (tls_config == NULL) {
tls_config = tls_config_new();
if (tls_config == NULL)
errx(1, "tls config failed");
if (tls_config_set_protocols(tls_config,
TLS_PROTOCOLS_ALL) != 0)
errx(1, "tls set protocols failed: %s",
tls_config_error(tls_config));
if (tls_config_set_ciphers(tls_config, "legacy") != 0)
errx(1, "tls set ciphers failed: %s",
tls_config_error(tls_config));
}
#endif /* !NOSSL */
httpuseragent = NULL;
while ((ch = getopt(argc, argv,
"46AaCc:dD:EeN:gik:Mmno:pP:r:S:s:tU:vVw:")) != -1) {
switch (ch) {
case '4':
family = PF_INET;
break;
case '6':
family = PF_INET6;
break;
case 'A':
activefallback = 0;
passivemode = 0;
break;
case 'N':
setprogname(optarg);
break;
case 'a':
anonftp = 1;
break;
case 'C':
#ifndef SMALL
resume = 1;
#endif /* !SMALL */
break;
case 'c':
#ifndef SMALL
cookiefile = optarg;
#endif /* !SMALL */
break;
case 'D':
action = optarg;
break;
case 'd':
#ifndef SMALL
options |= SO_DEBUG;
debug++;
#endif /* !SMALL */
break;
case 'E':
epsv4 = 0;
break;
case 'e':
#ifndef SMALL
editing = 0;
#endif /* !SMALL */
break;
case 'g':
doglob = 0;
break;
case 'i':
interactive = 0;
break;
case 'k':
keep_alive_timeout = strtonum(optarg, 0, INT_MAX,
&errstr);
if (errstr != NULL) {
warnx("keep alive amount is %s: %s", errstr,
optarg);
usage();
}
break;
case 'M':
progress = 0;
break;
case 'm':
progress = -1;
break;
case 'n':
autologin = 0;
break;
case 'o':
outfile = optarg;
if (*outfile == '\0') {
pipeout = 0;
outfile = NULL;
ttyout = stdout;
} else {
pipeout = strcmp(outfile, "-") == 0;
ttyout = pipeout ? stderr : stdout;
}
break;
case 'p':
passivemode = 1;
activefallback = 0;
break;
case 'P':
ftpport = optarg;
break;
case 'r':
retry_connect = strtonum(optarg, 0, INT_MAX, &errstr);
if (errstr != NULL) {
warnx("retry amount is %s: %s", errstr,
optarg);
usage();
}
break;
case 'S':
#ifndef NOSSL
process_ssl_options(optarg, ca_file, ca_path);
#endif /* !NOSSL */
break;
case 's':
#ifndef SMALL
srcaddr = optarg;
#endif /* !SMALL */
break;
case 't':
trace = 1;
break;
#ifndef SMALL
case 'U':
free (httpuseragent);
if (strcspn(optarg, "\r\n") != strlen(optarg))
errx(1, "Invalid User-Agent: %s.", optarg);
if (asprintf(&httpuseragent, "User-Agent: %s",
optarg) == -1)
errx(1, "Can't allocate memory for HTTP(S) "
"User-Agent");
break;
#endif /* !SMALL */
case 'v':
verbose = 1;
break;
case 'V':
verbose = 0;
break;
case 'w':
connect_timeout = strtonum(optarg, 0, 200, &errstr);
if (errstr)
errx(1, "-w: %s", errstr);
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
#ifndef NOSSL
cookie_load();
#endif /* !NOSSL */
if (httpuseragent == NULL)
httpuseragent = HTTP_USER_AGENT;
cpend = 0; /* no pending replies */
proxy = 0; /* proxy not active */
crflag = 1; /* strip c.r. on ascii gets */
sendport = -1; /* not using ports */
/*
* Set up the home directory in case we're globbing.
*/
cp = getlogin();
if (cp != NULL) {
pw = getpwnam(cp);
}
if (pw == NULL)
pw = getpwuid(getuid());
if (pw != NULL) {
(void)strlcpy(homedir, pw->pw_dir, sizeof homedir);
home = homedir;
}
setttywidth(0);
(void)signal(SIGWINCH, setttywidth);
if (argc > 0) {
if (isurl(argv[0])) {
if (pipeout) {
#ifndef SMALL
if (pledge("stdio rpath dns tty inet proc exec fattr unveil",
NULL) == -1)
err(1, "pledge");
#else
if (pledge("stdio rpath dns tty inet fattr unveil",
NULL) == -1)
err(1, "pledge");
#endif
} else {
#ifndef SMALL
if (pledge("stdio rpath wpath cpath dns tty inet proc exec fattr unveil",
NULL) == -1)
err(1, "pledge");
#else
if (pledge("stdio rpath wpath cpath dns tty inet fattr unveil",
NULL) == -1)
err(1, "pledge");
#endif
}
unveil_list = calloc(2 * argc, sizeof(char*));
if (unveil_list == NULL)
err(1, "calloc");
/* suppress autofetch() error statements */
i = open("/dev/null", O_WRONLY);
if (i == -1)
err(1, "can't open /dev/null");
temp_stdout = dup(STDOUT_FILENO);
temp_stderr = dup(STDERR_FILENO);
if(dup2(i, STDOUT_FILENO) < 0)
err(1, "dup2(i, STDOUT_FILENO)");
if(dup2(i, STDERR_FILENO) < 0)
err(1, "dup2(i, STDERR_FILENO)");
/* autofetch() dry run to populate unveil_list*/
rval = auto_fetch_u(argc, argv, outfile,
0, unveil_list);
/* resume autofetch() error statements */
if(dup2(temp_stderr, STDERR_FILENO) < 0) {
dprintf(temp_stderr,
"dup2(temp_stderr, STDERR_FILENO)\n");
exit(1);
}
if(dup2(temp_stdout, STDOUT_FILENO) < 0)
err(1, "dup2(temp_stdout, STDOUT_FILENO)");
close(i);
/* skip unveil */
if (rval == -2)
goto unveil_cleanup;
#ifndef SMALL
/* exerpt from cmds.c; needs pathnames.h */
shellp = getenv("SHELL");
if (shellp == NULL || *shellp == '\0')
shellp = _PATH_BSHELL;
if (unveil(shellp, "x") == -1)
err(1, "unveil");
fprintf(ttyout, "unveil(%s, \"x\")\n", shellp);
if (*ca_file || *ca_path) {
ca_temp2 = malloc(PATH_MAX + 1);
if (ca_temp2 == NULL)
err(1, "calloc");
i = 1;
do {
if (i)
ca_temp = ca_file;
else
ca_temp = ca_path;
if (*ca_temp == '\0')
continue;
if (unveil(ca_temp, "r") == -1)
err(1, "unveil");
fprintf(ttyout,
"unveil(%s, \"r\")\n", ca_temp);
if (realpath(ca_temp, ca_temp2) == NULL)
err(1, "realpath");
if (strcmp(ca_temp, ca_temp2)) {
if (unveil(ca_temp2, "r") == -1)
err(1, "unveil");
fprintf(ttyout,
"unveil(%s, \"r\")\n", ca_temp2);
}
} while (i--);
free(ca_temp2);
} else {
if (unveil("/etc/ssl/cert.pem", "r") == -1)
err(1, "unveil");
fprintf(ttyout,
"unveil(/etc/ssl/cert.pem, \"r\")\n");
}
free(ca_file);
free(ca_path);
ca_file = NULL;
ca_path = NULL;
#endif
/* remove duplicate r unveils */
for (i = 2 * argc - 2; i >= 0; i -= 2) {
if (unveil_list[i] == NULL)
continue;
for (j = i - 2; j >= 0; j -= 2) {
if (unveil_list[j] == NULL)
continue;
if (!strcmp(unveil_list[i], unveil_list[j])) {
free(unveil_list[j]);
unveil_list[j] = NULL;
}
}
}
/* remove duplicate cw unveils */
for (i = 2 * argc - 1; i >= 0; i -= 2) {
if (unveil_list[i] == NULL)
continue;
for (j = i - 2; j >= 0; j -= 2) {
if (unveil_list[j] == NULL)
continue;
if (!strcmp(unveil_list[i], unveil_list[j])) {
free(unveil_list[j]);
unveil_list[j] = NULL;
}
}
}
/*
* combine cw unveils which are also r unveils
* probably not needed.
*/
for (i = 2 * argc - 2; i >= 0; i -= 2) {
if (unveil_list[i] == NULL)
continue;
for (j = 2 * argc - 1; j >= 0; j -= 2) {
if (unveil_list[j] == NULL)
continue;
if (!strcmp(unveil_list[i], unveil_list[j])) {
if (unveil(unveil_list[i], "crw") == -1)
err(1, "unveil");
fprintf(ttyout,
"unveil(%s, \"crw\")\n",
unveil_list[i]);
free(unveil_list[i]);
unveil_list[i] = NULL;
free(unveil_list[j]);
unveil_list[j] = NULL;
break;
}
}
}
for (i = 2 * argc - 2; i >= 0; i -= 2) {
if (unveil_list[i]) {
if (unveil(unveil_list[i], "r") == -1)
err(1, "unveil");
fprintf(ttyout, "unveil(%s, \"r\")\n",
unveil_list[i]);
}
if (unveil_list[i | 1]) {
if (unveil(unveil_list[i | 1], "cw") == -1)
err(1, "unveil");
fprintf(ttyout, "unveil(%s, \"cw\")\n",
unveil_list[i | 1]);
}
}
if (unveil(NULL, NULL) == -1)
err(1, "unveil");
unveil_cleanup:
for (i = 2 * argc - 1; i >= 0; i--)
free(unveil_list[i]);
free(unveil_list);
rval = auto_fetch(argc, argv, outfile);
if (rval >= 0) /* -1 == connected and cd-ed */
exit(rval);
} else {
#ifndef SMALL
free(ca_file);
free(ca_path);
ca_file = NULL;
ca_path = NULL;
char *xargv[5];
if (setjmp(toplevel))
exit(0);
(void)signal(SIGINT, (sig_t)intr);
(void)signal(SIGPIPE, (sig_t)lostpeer);
xargv[0] = __progname;
xargv[1] = argv[0];
xargv[2] = argv[1];
xargv[3] = argv[2];
xargv[4] = NULL;
do {
setpeer(argc+1, xargv);
if (!retry_connect)
break;
if (!connected) {
macnum = 0;
fputs("Retrying...\n", ttyout);
sleep(retry_connect);
}
} while (!connected);
retry_connect = 0; /* connected, stop hiding msgs */
#endif /* !SMALL */
}
}
#ifndef SMALL
free(ca_file);
free(ca_path);
ca_file = NULL;
ca_path = NULL;
controlediting();
top = setjmp(toplevel) == 0;
if (top) {
(void)signal(SIGINT, (sig_t)intr);
(void)signal(SIGPIPE, (sig_t)lostpeer);
}
for (;;) {
cmdscanner(top);
top = 1;
}
#else /* !SMALL */
usage();
#endif /* !SMALL */
}
void
intr(void)
{
int save_errno = errno;
write(fileno(ttyout), "\n\r", 2);
alarmtimer(0);
errno = save_errno;
longjmp(toplevel, 1);
}
void
lostpeer(void)
{
int save_errno = errno;
alarmtimer(0);
if (connected) {
if (cout != NULL) {
(void)shutdown(fileno(cout), SHUT_RDWR);
(void)fclose(cout);
cout = NULL;
}
if (data >= 0) {
(void)shutdown(data, SHUT_RDWR);
(void)close(data);
data = -1;
}
connected = 0;
}
pswitch(1);
if (connected) {
if (cout != NULL) {
(void)shutdown(fileno(cout), SHUT_RDWR);
(void)fclose(cout);
cout = NULL;
}
connected = 0;
}
proxflag = 0;
pswitch(0);
errno = save_errno;
}
#ifndef SMALL
/*
* Generate a prompt
*/
char *
prompt(void)
{
return ("ftp> ");
}
/*
* Command parser.
*/
void
cmdscanner(int top)
{
struct cmd *c;
int num;
HistEvent hev;
if (!top && !editing)
(void)putc('\n', ttyout);
for (;;) {
if (!editing) {
if (fromatty) {
fputs(prompt(), ttyout);
(void)fflush(ttyout);
}
if (fgets(line, sizeof(line), stdin) == NULL)
quit(0, 0);
num = strlen(line);
if (num == 0)
break;
if (line[--num] == '\n') {
if (num == 0)
break;
line[num] = '\0';
} else if (num == sizeof(line) - 2) {
fputs("sorry, input line too long.\n", ttyout);
while ((num = getchar()) != '\n' && num != EOF)
/* void */;
break;
} /* else it was a line without a newline */
} else {
const char *buf;
cursor_pos = NULL;
if ((buf = el_gets(el, &num)) == NULL || num == 0) {
putc('\n', ttyout);
fflush(ttyout);
quit(0, 0);
}
if (buf[--num] == '\n') {
if (num == 0)
break;
}
if (num >= sizeof(line)) {
fputs("sorry, input line too long.\n", ttyout);
break;
}
memcpy(line, buf, (size_t)num);
line[num] = '\0';
history(hist, &hev, H_ENTER, buf);
}
makeargv();
if (margc == 0)
continue;
c = getcmd(margv[0]);
if (c == (struct cmd *)-1) {
fputs("?Ambiguous command.\n", ttyout);
continue;
}
if (c == 0) {
/*
* Give editline(3) a shot at unknown commands.
* XXX - bogus commands with a colon in
* them will not elicit an error.
*/
if (editing &&
el_parse(el, margc, (const char **)margv) != 0)
fputs("?Invalid command.\n", ttyout);
continue;
}
if (c->c_conn && !connected) {
fputs("Not connected.\n", ttyout);
continue;
}
confirmrest = 0;
(*c->c_handler)(margc, margv);
if (bell && c->c_bell)
(void)putc('\007', ttyout);
if (c->c_handler != help)
break;
}
(void)signal(SIGINT, (sig_t)intr);
(void)signal(SIGPIPE, (sig_t)lostpeer);
}
struct cmd *
getcmd(const char *name)
{
const char *p, *q;
struct cmd *c, *found;
int nmatches, longest;
if (name == NULL)
return (0);
longest = 0;
nmatches = 0;
found = 0;
for (c = cmdtab; (p = c->c_name) != NULL; c++) {
for (q = name; *q == *p++; q++)
if (*q == 0) /* exact match? */
return (c);
if (!*q) { /* the name was a prefix */
if (q - name > longest) {
longest = q - name;
nmatches = 1;
found = c;
} else if (q - name == longest)
nmatches++;
}
}
if (nmatches > 1)
return ((struct cmd *)-1);
return (found);
}
/*
* Slice a string up into argc/argv.
*/
int slrflag;
void
makeargv(void)
{
char *argp;
stringbase = line; /* scan from first of buffer */
argbase = argbuf; /* store from first of buffer */
slrflag = 0;
marg_sl->sl_cur = 0; /* reset to start of marg_sl */
for (margc = 0; ; margc++) {
argp = slurpstring();
sl_add(marg_sl, argp);
if (argp == NULL)
break;
}
if (cursor_pos == line) {
cursor_argc = 0;
cursor_argo = 0;
} else if (cursor_pos != NULL) {
cursor_argc = margc;
cursor_argo = strlen(margv[margc-1]);
}
}
#define INC_CHKCURSOR(x) { (x)++ ; \
if (x == cursor_pos) { \
cursor_argc = margc; \
cursor_argo = ap-argbase; \
cursor_pos = NULL; \
} }
/*
* Parse string into argbuf;
* implemented with FSM to
* handle quoting and strings
*/
char *
slurpstring(void)
{
int got_one = 0;
char *sb = stringbase;
char *ap = argbase;
char *tmp = argbase; /* will return this if token found */
if (*sb == '!' || *sb == '$') { /* recognize ! as a token for shell */
switch (slrflag) { /* and $ as token for macro invoke */
case 0:
slrflag++;
INC_CHKCURSOR(stringbase);
return ((*sb == '!') ? "!" : "$");
/* NOTREACHED */
case 1:
slrflag++;
altarg = stringbase;
break;
default:
break;
}
}
S0:
switch (*sb) {
case '\0':
goto OUT;
case ' ':
case '\t':
INC_CHKCURSOR(sb);
goto S0;
default:
switch (slrflag) {
case 0:
slrflag++;
break;
case 1:
slrflag++;
altarg = sb;
break;
default:
break;
}
goto S1;
}
S1:
switch (*sb) {
case ' ':
case '\t':
case '\0':
goto OUT; /* end of token */
case '\\':
INC_CHKCURSOR(sb);
goto S2; /* slurp next character */
case '"':
INC_CHKCURSOR(sb);
goto S3; /* slurp quoted string */
default:
*ap = *sb; /* add character to token */
ap++;
INC_CHKCURSOR(sb);
got_one = 1;
goto S1;
}
S2:
switch (*sb) {
case '\0':
goto OUT;
default:
*ap = *sb;
ap++;
INC_CHKCURSOR(sb);
got_one = 1;
goto S1;
}
S3:
switch (*sb) {
case '\0':
goto OUT;
case '"':
INC_CHKCURSOR(sb);
goto S1;
default:
*ap = *sb;
ap++;
INC_CHKCURSOR(sb);
got_one = 1;
goto S3;
}
OUT:
if (got_one)
*ap++ = '\0';
argbase = ap; /* update storage pointer */
stringbase = sb; /* update scan pointer */
if (got_one) {
return (tmp);
}
switch (slrflag) {
case 0:
slrflag++;
break;
case 1:
slrflag++;
altarg = (char *) 0;
break;
default:
break;
}
return (NULL);
}
/*
* Help command.
* Call each command handler with argc == 0 and argv[0] == name.
*/
void
help(int argc, char *argv[])
{
struct cmd *c;
if (argc == 1) {
StringList *buf;
buf = sl_init();
fprintf(ttyout, "%sommands may be abbreviated. Commands are:\n\n",
proxy ? "Proxy c" : "C");
for (c = cmdtab; c < &cmdtab[NCMDS]; c++)
if (c->c_name && (!proxy || c->c_proxy))
sl_add(buf, c->c_name);
list_vertical(buf);
sl_free(buf, 0);
return;
}
#define HELPINDENT ((int) sizeof("disconnect"))
while (--argc > 0) {
char *arg;
arg = *++argv;
c = getcmd(arg);
if (c == (struct cmd *)-1)
fprintf(ttyout, "?Ambiguous help command %s\n", arg);
else if (c == NULL)
fprintf(ttyout, "?Invalid help command %s\n", arg);
else
fprintf(ttyout, "%-*s\t%s\n", HELPINDENT,
c->c_name, c->c_help);
}
}
#endif /* !SMALL */
__dead void
usage(void)
{
fprintf(stderr, "usage: "
#ifndef SMALL
"ftp [-46AadEegiMmnptVv] [-D title] [-k seconds] [-P port] "
"[-r seconds]\n"
" [-s sourceaddr] [host [port]]\n"
" ftp [-C] [-N name] [-o output] [-s sourceaddr]\n"
" ftp://[user:password@]host[:port]/file[/] ...\n"
" ftp [-C] [-c cookie] [-N name] [-o output] [-S ssl_options] "
"[-s sourceaddr]\n"
" [-U useragent] [-w seconds] "
"http[s]://[user:password@]host[:port]/file ...\n"
" ftp [-C] [-N name] [-o output] [-s sourceaddr] file:file ...\n"
" ftp [-C] [-N name] [-o output] [-s sourceaddr] host:/file[/] ...\n"
#else /* !SMALL */
"ftp [-N name] [-o output] "
"ftp://[user:password@]host[:port]/file[/] ...\n"
#ifndef NOSSL
" ftp [-N name] [-o output] [-S ssl_options] [-w seconds] "
"http[s]://[user:password@]host[:port]/file ...\n"
#else
" ftp [-N name] [-o output] [-w seconds] http://host[:port]/file ...\n"
#endif /* NOSSL */
" ftp [-N name] [-o output] file:file ...\n"
" ftp [-N name] [-o output] host:/file[/] ...\n"
#endif /* !SMALL */
);
exit(1);
}
/* $OpenBSD: extern.h,v 1.51 2019/05/16 12:44:17 florian Exp $ */ /* $NetBSD: extern.h,v 1.17 1997/08/18 10:20:19 lukem Exp $ */ /* * Copyright (C) 1997 and 1998 WIDE Project. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /*- * Copyright (c) 1994 The Regents of the University of California. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)extern.h 8.3 (Berkeley) 10/9/94 */ #include <sys/types.h> void abort_remote(FILE *); void abortpt(int); void abortrecv(int); void alarmtimer(int); int another(int *, char ***, const char *); int auto_fetch(int, char **, char *); int auto_fetch_u(int, char **, char *, int, char**); void blkfree(char **); void cdup(int, char **); void cmdabort(int); void cmdscanner(int); int command(const char *, ...); int confirm(const char *, const char *); int connect_wait(int); FILE *dataconn(const char *); int foregroundproc(void); int fileindir(const char *, const char *); struct cmd *getcmd(const char *); int getreply(int); int globulize(char **); char *gunique(const char *); void help(int, char **); char *hookup(char *, char *); int initconn(void); void intr(void); int isurl(const char *); int ftp_login(const char *, char *, char *); void lostpeer(void); void makeargv(void); void progressmeter(int, const char *); char *prompt(void); void proxtrans(const char *, const char *, const char *); void psabort(int); void psummary(int); void pswitch(int); void ptransfer(int); void recvrequest(const char *, const char *, const char *, const char *, int, int); char *remglob(char **, int, char **); off_t remotesize(const char *, int); time_t remotemodtime(const char *, int); void reset(int, char **); void rmthelp(int, char **); void sethash(int, char **); void setpeer(int, char **); void setttywidth(int); char *slurpstring(void); __dead void usage(void); void cookie_get(const char *, const char *, int, char **); void cookie_load(void); #ifndef SMALL void abortsend(int); unsigned char complete(EditLine *, int); void controlediting(void); void domacro(int, char **); void list_vertical(StringList *); void parse_list(char **, char *); char *remglob2(char **, int, char **, FILE **ftemp, char *type); int ruserpass(const char *, char **, char **, char **); void sendrequest(const char *, const char *, const char *, int); #endif /* !SMALL */ extern jmp_buf abortprox; extern int abrtflag; extern FILE *cout; extern int data; extern char *home; extern jmp_buf jabort; extern int family; extern int proxy; extern char reply_string[]; extern off_t restart_point; extern int keep_alive_timeout; extern int connect_timeout; extern int pipeout; extern char *action; #ifndef SMALL extern int NCMDS; #endif /* !SMALL */ extern char *__progname; /* from crt0.o */
/* $OpenBSD: fetch.c,v 1.194 2020/02/22 01:00:07 jca Exp $ */ /* $NetBSD: fetch.c,v 1.14 1997/08/18 10:20:20 lukem Exp $ */ /*- * Copyright (c) 1997 The NetBSD Foundation, Inc. * All rights reserved. * * This code is derived from software contributed to The NetBSD Foundation * by Jason Thorpe and Luke Mewburn. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ /* * FTP User Program -- Command line file retrieval */ #include <sys/types.h> #include <sys/socket.h> #include <sys/stat.h> #include <netinet/in.h> #include <arpa/ftp.h> #include <arpa/inet.h> #include <ctype.h> #include <err.h> #include <libgen.h> #include <netdb.h> #include <fcntl.h> #include <signal.h> #include <vis.h> #include <stdio.h> #include <stdarg.h> #include <errno.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <util.h> #include <resolv.h> #ifndef NOSSL #include <tls.h> #else /* !NOSSL */ struct tls; #endif /* !NOSSL */ #include "ftp_var.h" #include "cmds.h" static int file_get(const char *, const char *); static int file_get_u(const char *, const char *, int, char **, volatile int); static int url_get(const char *, const char *, const char *, int); static int url_get_u(const char *, const char *, const char *, int, int, char**, volatile int); static int save_chunked(FILE *, struct tls *, int , char *, size_t); static void aborthttp(int); static void abortfile(int); static char hextochar(const char *); static char *urldecode(const char *); static char *recode_credentials(const char *_userinfo); static char *ftp_readline(FILE *, size_t *); static void ftp_close(FILE **, struct tls **, int *); static const char *sockerror(struct tls *); #ifdef SMALL #define ftp_printf(fp, ...) fprintf(fp, __VA_ARGS__) #else static int ftp_printf(FILE *, const char *, ...); #endif /* SMALL */ #ifndef NOSSL static int proxy_connect(int, char *, char *); static int stdio_tls_write_wrapper(void *, const char *, int); static int stdio_tls_read_wrapper(void *, char *, int); #endif /* !NOSSL */ #define FTP_URL "ftp://"; /* ftp URL prefix */ #define HTTP_URL "http://"; /* http URL prefix */ #define HTTPS_URL "https://"; /* https URL prefix */ #define FILE_URL "file:" /* file URL prefix */ #define FTP_PROXY "ftp_proxy" /* env var with ftp proxy location */ #define HTTP_PROXY "http_proxy" /* env var with http proxy location */ #define EMPTYSTRING(x) ((x) == NULL || (*(x) == '\0')) static const char at_encoding_warning[] = "Extra `@' characters in usernames and passwords should be encoded as %%40"; static jmp_buf httpabort; static int redirect_loop; static int retried; /* * Determine whether the character needs encoding, per RFC1738: * - No corresponding graphic US-ASCII. * - Unsafe characters. */ static int unsafe_char(const char *c0) { const char *unsafe_chars = " <>\"#{}|\\^~[]`"; const unsigned char *c = (const unsigned char *)c0; /* * No corresponding graphic US-ASCII. * Control characters and octets not used in US-ASCII. */ return (iscntrl(*c) || !isascii(*c) || /* * Unsafe characters. * '%' is also unsafe, if is not followed by two * hexadecimal digits. */ strchr(unsafe_chars, *c) != NULL || (*c == '%' && (!isxdigit(*++c) || !isxdigit(*++c)))); } /* * Encode given URL, per RFC1738. * Allocate and return string to the caller. */ static char * url_encode(const char *path) { size_t i, length, new_length; char *epath, *epathp; length = new_length = strlen(path); /* * First pass: * Count unsafe characters, and determine length of the * final URL. */ for (i = 0; i < length; i++) if (unsafe_char(path + i)) new_length += 2; epath = epathp = malloc(new_length + 1); /* One more for '\0'. */ if (epath == NULL) err(1, "Can't allocate memory for URL encoding"); /* * Second pass: * Encode, and copy final URL. */ for (i = 0; i < length; i++) if (unsafe_char(path + i)) { snprintf(epathp, 4, "%%" "%02x", (unsigned char)path[i]); epathp += 3; } else *(epathp++) = path[i]; *epathp = '\0'; return (epath); } /* ARGSUSED */ static void tooslow(int signo) { dprintf(STDERR_FILENO, "%s: connect taking too long\n", __progname); _exit(2); } /* * Copy a local file (used by the OpenBSD installer). * Returns -1 on failure, 0 on success */ static int file_get(const char *path, const char *outfile) { return file_get_u(path, outfile, 1, NULL, 0); } static int file_get_u(const char *path, const char *outfile, int ready, char **unveil_list, volatile int argpos) { struct stat st; int fd, out, rval = -1, save_errno; volatile sig_t oldintr, oldinti; const char *savefile; char *buf = NULL, *cp; const size_t buflen = 128 * 1024; off_t hashbytes; ssize_t len, wlen; direction = "received"; if (ready) { fd = open(path, O_RDONLY); if (fd == -1) { warn("Can't open file %s", path); return -1; } if (fstat(fd, &st) == -1) filesize = -1; else filesize = st.st_size; } else { unveil_list[2 * argpos] = strdup(path); if (pipeout) return 0; } if (outfile != NULL) savefile = outfile; else { if (path[strlen(path) - 1] == '/') /* Consider no file */ savefile = NULL; /* after dir invalid. */ else savefile = basename(path); } if (!ready) { unveil_list[(2 * argpos) | 1] = strdup(savefile); return 0; } if (EMPTYSTRING(savefile)) { warnx("No filename after directory (use -o): %s", path); goto cleanup_copy; } /* Open the output file. */ if (!pipeout) { out = open(savefile, O_CREAT | O_WRONLY | O_TRUNC, 0666); if (out == -1) { warn("Can't open %s", savefile); goto cleanup_copy; } } else out = fileno(stdout); if ((buf = malloc(buflen)) == NULL) errx(1, "Can't allocate memory for transfer buffer"); /* Trap signals */ oldintr = NULL; oldinti = NULL; if (setjmp(httpabort)) { if (oldintr) (void)signal(SIGINT, oldintr); if (oldinti) (void)signal(SIGINFO, oldinti); goto cleanup_copy; } oldintr = signal(SIGINT, abortfile); bytes = 0; hashbytes = mark; progressmeter(-1, path); /* Finally, suck down the file. */ oldinti = signal(SIGINFO, psummary); while ((len = read(fd, buf, buflen)) > 0) { bytes += len; for (cp = buf; len > 0; len -= wlen, cp += wlen) { if ((wlen = write(out, cp, len)) == -1) { warn("Writing %s", savefile); signal(SIGINFO, oldinti); goto cleanup_copy; } } if (hash && !progress) { while (bytes >= hashbytes) { (void)putc('#', ttyout); hashbytes += mark; } (void)fflush(ttyout); } } save_errno = errno; signal(SIGINFO, oldinti); if (hash && !progress && bytes > 0) { if (bytes < mark) (void)putc('#', ttyout); (void)putc('\n', ttyout); (void)fflush(ttyout); } if (len == -1) { warnc(save_errno, "Reading from file"); goto cleanup_copy; } progressmeter(1, NULL); if (verbose) ptransfer(0); (void)signal(SIGINT, oldintr); rval = 0; cleanup_copy: free(buf); if (out >= 0 && out != fileno(stdout)) close(out); close(fd); return rval; } /* * Retrieve URL, via the proxy in $proxyvar if necessary. * Returns -1 on failure, 0 on success */ static int url_get(const char *origline, const char *proxyenv, const char *outfile, int lastfile) { return url_get_u(origline, proxyenv, outfile, lastfile, 1, NULL, 0); } static int url_get_u(const char *origline, const char *proxyenv, const char *outfile, int lastfile, int ready, char** unveil_list, volatile int argpos) { char pbuf[NI_MAXSERV], hbuf[NI_MAXHOST], *cp, *portnum, *path, ststr[4]; char *hosttail, *cause = "unknown", *newline, *host, *port, *buf = NULL; char *epath, *redirurl, *loctail, *h, *p, gerror[200]; int error, isftpurl = 0, isredirect = 0, rval = -1; int isunavail = 0, retryafter = -1; struct addrinfo hints, *res0, *res; const char *savefile; char *proxyurl = NULL; char *credentials = NULL, *proxy_credentials = NULL; int fd = -1, out = -1; volatile sig_t oldintr, oldinti; FILE *fin = NULL; off_t hashbytes; const char *errstr; ssize_t len, wlen; char *proxyhost = NULL; #ifndef NOSSL char *sslpath = NULL, *sslhost = NULL; int ishttpsurl = 0; #endif /* !NOSSL */ #ifndef SMALL char *full_host = NULL; const char *scheme; char *locbase; struct addrinfo *ares = NULL; #endif /* !SMALL */ struct tls *tls = NULL; int status; int save_errno; const size_t buflen = 128 * 1024; int chunked = 0; direction = "received"; newline = strdup(origline); if (newline == NULL) errx(1, "Can't allocate memory to parse URL"); if (strncasecmp(newline, HTTP_URL, sizeof(HTTP_URL) - 1) == 0) { host = newline + sizeof(HTTP_URL) - 1; #ifndef SMALL scheme = HTTP_URL; #endif /* !SMALL */ } else if (strncasecmp(newline, FTP_URL, sizeof(FTP_URL) - 1) == 0) { host = newline + sizeof(FTP_URL) - 1; isftpurl = 1; #ifndef SMALL scheme = FTP_URL; #endif /* !SMALL */ } else if (strncasecmp(newline, HTTPS_URL, sizeof(HTTPS_URL) - 1) == 0) { #ifndef NOSSL host = newline + sizeof(HTTPS_URL) - 1; ishttpsurl = 1; #else errx(1, "%s: No HTTPS support", newline); #endif /* !NOSSL */ #ifndef SMALL scheme = HTTPS_URL; #endif /* !SMALL */ } else errx(1, "%s: URL not permitted", newline); path = strchr(host, '/'); /* Find path */ /* * Look for auth header in host. * Basic auth from RFC 2617, valid characters for path are in * RFC 3986 section 3.3. */ if (!isftpurl) { p = strchr(host, '@'); if (p != NULL && (path == NULL || p < path)) { *p++ = '\0'; credentials = recode_credentials(host); /* Overwrite userinfo */ memmove(host, p, strlen(p) + 1); path = strchr(host, '/'); } } if (EMPTYSTRING(path)) { if (outfile) { /* No slash, but */ path = strchr(host,'\0'); /* we have outfile. */ goto noslash; } if (isftpurl) goto noftpautologin; warnx("No `/' after host (use -o): %s", origline); goto cleanup_url_get; } *path++ = '\0'; if (EMPTYSTRING(path) && !outfile) { if (isftpurl) goto noftpautologin; warnx("No filename after host (use -o): %s", origline); goto cleanup_url_get; } noslash: if (outfile) savefile = outfile; else { if (path[strlen(path) - 1] == '/') /* Consider no file */ savefile = NULL; /* after dir invalid. */ else savefile = basename(path); } if (!ready) { unveil_list[(2 * argpos) | 1] = strdup(savefile); free(newline); free(credentials); return (0); } if (EMPTYSTRING(savefile)) { if (isftpurl) goto noftpautologin; warnx("No filename after directory (use -o): %s", origline); goto cleanup_url_get; } #ifndef SMALL if (resume && pipeout) { warnx("can't append to stdout"); goto cleanup_url_get; } #endif /* !SMALL */ if (proxyenv != NULL) { /* use proxy */ #ifndef NOSSL if (ishttpsurl) { sslpath = strdup(path); sslhost = strdup(host); if (! sslpath || ! sslhost) errx(1, "Can't allocate memory for https path/host."); } #endif /* !NOSSL */ proxyhost = strdup(host); if (proxyhost == NULL) errx(1, "Can't allocate memory for proxy host."); proxyurl = strdup(proxyenv); if (proxyurl == NULL) errx(1, "Can't allocate memory for proxy URL."); if (strncasecmp(proxyurl, HTTP_URL, sizeof(HTTP_URL) - 1) == 0) host = proxyurl + sizeof(HTTP_URL) - 1; else if (strncasecmp(proxyurl, FTP_URL, sizeof(FTP_URL) - 1) == 0) host = proxyurl + sizeof(FTP_URL) - 1; else { warnx("Malformed proxy URL: %s", proxyenv); goto cleanup_url_get; } if (EMPTYSTRING(host)) { warnx("Malformed proxy URL: %s", proxyenv); goto cleanup_url_get; } if (*--path == '\0') *path = '/'; /* add / back to real path */ path = strchr(host, '/'); /* remove trailing / on host */ if (!EMPTYSTRING(path)) *path++ = '\0'; /* i guess this ++ is useless */ path = strchr(host, '@'); /* look for credentials in proxy */ if (!EMPTYSTRING(path)) { *path = '\0'; if (strchr(host, ':') == NULL) { warnx("Malformed proxy URL: %s", proxyenv); goto cleanup_url_get; } proxy_credentials = recode_credentials(host); *path = '@'; /* restore @ in proxyurl */ /* * This removes the password from proxyurl, * filling with stars */ for (host = 1 + strchr(proxyurl + 5, ':'); *host != '@'; host++) *host = '*'; host = path + 1; } path = newline; } if (*host == '[' && (hosttail = strrchr(host, ']')) != NULL && (hosttail[1] == '\0' || hosttail[1] == ':')) { host++; *hosttail++ = '\0'; #ifndef SMALL if (asprintf(&full_host, "[%s]", host) == -1) errx(1, "Cannot allocate memory for hostname"); #endif /* !SMALL */ } else hosttail = host; portnum = strrchr(hosttail, ':'); /* find portnum */ if (portnum != NULL) *portnum++ = '\0'; #ifndef NOSSL port = portnum ? portnum : (ishttpsurl ? httpsport : httpport); #else /* !NOSSL */ port = portnum ? portnum : httpport; #endif /* !NOSSL */ #ifndef SMALL if (full_host == NULL) if ((full_host = strdup(host)) == NULL) errx(1, "Cannot allocate memory for hostname"); if (debug) fprintf(ttyout, "host %s, port %s, path %s, " "save as %s, auth %s.\n", host, port, path, savefile, credentials ? credentials : "none"); #endif /* !SMALL */ memset(&hints, 0, sizeof(hints)); hints.ai_family = family; hints.ai_socktype = SOCK_STREAM; error = getaddrinfo(host, port, &hints, &res0); /* * If the services file is corrupt/missing, fall back * on our hard-coded defines. */ if (error == EAI_SERVICE && port == httpport) { snprintf(pbuf, sizeof(pbuf), "%d", HTTP_PORT); error = getaddrinfo(host, pbuf, &hints, &res0); #ifndef NOSSL } else if (error == EAI_SERVICE && port == httpsport) { snprintf(pbuf, sizeof(pbuf), "%d", HTTPS_PORT); error = getaddrinfo(host, pbuf, &hints, &res0); #endif /* !NOSSL */ } if (error) { warnx("%s: %s", host, gai_strerror(error)); goto cleanup_url_get; } #ifndef SMALL if (srcaddr) { hints.ai_flags |= AI_NUMERICHOST; error = getaddrinfo(srcaddr, NULL, &hints, &ares); if (error) { warnx("%s: %s", srcaddr, gai_strerror(error)); goto cleanup_url_get; } } #endif /* !SMALL */ /* ensure consistent order of the output */ if (verbose) setvbuf(ttyout, NULL, _IOLBF, 0); fd = -1; for (res = res0; res; res = res->ai_next) { if (getnameinfo(res->ai_addr, res->ai_addrlen, hbuf, sizeof(hbuf), NULL, 0, NI_NUMERICHOST) != 0) strlcpy(hbuf, "(unknown)", sizeof(hbuf)); if (verbose) fprintf(ttyout, "Trying %s...\n", hbuf); fd = socket(res->ai_family, res->ai_socktype, res->ai_protocol); if (fd == -1) { cause = "socket"; continue; } #ifndef SMALL if (srcaddr) { if (ares->ai_family != res->ai_family) { close(fd); fd = -1; errno = EINVAL; cause = "bind"; continue; } if (bind(fd, ares->ai_addr, ares->ai_addrlen) == -1) { save_errno = errno; close(fd); errno = save_errno; fd = -1; cause = "bind"; continue; } } #endif /* !SMALL */ if (connect_timeout) { (void)signal(SIGALRM, tooslow); alarmtimer(connect_timeout); } for (error = connect(fd, res->ai_addr, res->ai_addrlen); error != 0 && errno == EINTR; error = connect_wait(fd)) continue; if (error != 0) { save_errno = errno; close(fd); errno = save_errno; fd = -1; cause = "connect"; continue; } /* get port in numeric */ if (getnameinfo(res->ai_addr, res->ai_addrlen, NULL, 0, pbuf, sizeof(pbuf), NI_NUMERICSERV) == 0) port = pbuf; else port = NULL; #ifndef NOSSL if (proxyenv && sslhost) proxy_connect(fd, sslhost, proxy_credentials); #endif /* !NOSSL */ break; } freeaddrinfo(res0); #ifndef SMALL if (srcaddr) freeaddrinfo(ares); #endif /* !SMALL */ if (fd < 0) { warn("%s", cause); goto cleanup_url_get; } #ifndef NOSSL if (ishttpsurl) { ssize_t ret; if (proxyenv && sslpath) { ishttpsurl = 0; proxyurl = NULL; path = sslpath; } if (sslhost == NULL) { sslhost = strdup(host); if (sslhost == NULL) errx(1, "Can't allocate memory for https host."); } if ((tls = tls_client()) == NULL) { fprintf(ttyout, "failed to create SSL client\n"); goto cleanup_url_get; } if (tls_configure(tls, tls_config) != 0) { fprintf(ttyout, "TLS configuration failure: %s\n", tls_error(tls)); goto cleanup_url_get; } if (tls_connect_socket(tls, fd, sslhost) != 0) { fprintf(ttyout, "TLS connect failure: %s\n", tls_error(tls)); goto cleanup_url_get; } do { ret = tls_handshake(tls); } while (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT); if (ret != 0) { fprintf(ttyout, "TLS handshake failure: %s\n", tls_error(tls)); goto cleanup_url_get; } fin = funopen(tls, stdio_tls_read_wrapper, stdio_tls_write_wrapper, NULL, NULL); } else { fin = fdopen(fd, "r+"); fd = -1; } #else /* !NOSSL */ fin = fdopen(fd, "r+"); fd = -1; #endif /* !NOSSL */ #ifdef SMALL if (lastfile) { if (pipeout) { if (pledge("stdio rpath inet dns tty", NULL) == -1) err(1, "pledge"); } else { if (pledge("stdio rpath wpath cpath inet dns tty", NULL) == -1) err(1, "pledge"); } } #endif if (connect_timeout) { signal(SIGALRM, SIG_DFL); alarmtimer(0); } /* * Construct and send the request. Proxy requests don't want leading /. */ #ifndef NOSSL cookie_get(host, path, ishttpsurl, &buf); #endif /* !NOSSL */ epath = url_encode(path); if (proxyurl) { if (verbose) { fprintf(ttyout, "Requesting %s (via %s)\n", origline, proxyurl); } /* * Host: directive must use the destination host address for * the original URI (path). */ ftp_printf(fin, "GET %s HTTP/1.1\r\n" "Connection: close\r\n" "Host: %s\r\n%s%s\r\n", epath, proxyhost, buf ? buf : "", httpuseragent); if (credentials) ftp_printf(fin, "Authorization: Basic %s\r\n", credentials); if (proxy_credentials) ftp_printf(fin, "Proxy-Authorization: Basic %s\r\n", proxy_credentials); ftp_printf(fin, "\r\n"); } else { if (verbose) fprintf(ttyout, "Requesting %s\n", origline); #ifndef SMALL if (resume) { struct stat stbuf; if (stat(savefile, &stbuf) == 0) restart_point = stbuf.st_size; else restart_point = 0; } #endif /* SMALL */ ftp_printf(fin, "GET /%s HTTP/1.1\r\n" "Connection: close\r\n" "Host: ", epath); if (proxyhost) { ftp_printf(fin, "%s", proxyhost); port = NULL; } else if (strchr(host, ':')) { /* * strip off scoped address portion, since it's * local to node */ h = strdup(host); if (h == NULL) errx(1, "Can't allocate memory."); if ((p = strchr(h, '%')) != NULL) *p = '\0'; ftp_printf(fin, "[%s]", h); free(h); } else ftp_printf(fin, "%s", host); /* * Send port number only if it's specified and does not equal * 80. Some broken HTTP servers get confused if you explicitly * send them the port number. */ #ifndef NOSSL if (port && strcmp(port, (ishttpsurl ? "443" : "80")) != 0) ftp_printf(fin, ":%s", port); if (restart_point) ftp_printf(fin, "\r\nRange: bytes=%lld-", (long long)restart_point); #else /* !NOSSL */ if (port && strcmp(port, "80") != 0) ftp_printf(fin, ":%s", port); #endif /* !NOSSL */ ftp_printf(fin, "\r\n%s%s\r\n", buf ? buf : "", httpuseragent); if (credentials) ftp_printf(fin, "Authorization: Basic %s\r\n", credentials); ftp_printf(fin, "\r\n"); } free(epath); #ifndef NOSSL free(buf); #endif /* !NOSSL */ buf = NULL; if (fflush(fin) == EOF) { warnx("Writing HTTP request: %s", sockerror(tls)); goto cleanup_url_get; } if ((buf = ftp_readline(fin, &len)) == NULL) { warnx("Receiving HTTP reply: %s", sockerror(tls)); goto cleanup_url_get; } while (len > 0 && (buf[len-1] == '\r' || buf[len-1] == '\n')) buf[--len] = '\0'; #ifndef SMALL if (debug) fprintf(ttyout, "received '%s'\n", buf); #endif /* !SMALL */ cp = strchr(buf, ' '); if (cp == NULL) goto improper; else cp++; strlcpy(ststr, cp, sizeof(ststr)); status = strtonum(ststr, 200, 503, &errstr); if (errstr) { strnvis(gerror, cp, sizeof gerror, VIS_SAFE); warnx("Error retrieving %s: %s", origline, gerror); goto cleanup_url_get; } switch (status) { case 200: /* OK */ #ifndef SMALL /* * When we request a partial file, and we receive an HTTP 200 * it is a good indication that the server doesn't support * range requests, and is about to send us the entire file. * If the restart_point == 0, then we are not actually * requesting a partial file, and an HTTP 200 is appropriate. */ if (resume && restart_point != 0) { warnx("Server does not support resume."); restart_point = resume = 0; } /* FALLTHROUGH */ case 206: /* Partial Content */ #endif /* !SMALL */ break; case 301: /* Moved Permanently */ case 302: /* Found */ case 303: /* See Other */ case 307: /* Temporary Redirect */ isredirect++; if (redirect_loop++ > 10) { warnx("Too many redirections requested"); goto cleanup_url_get; } break; #ifndef SMALL case 416: /* Requested Range Not Satisfiable */ warnx("File is already fully retrieved."); goto cleanup_url_get; #endif /* !SMALL */ case 503: isunavail = 1; break; default: strnvis(gerror, cp, sizeof gerror, VIS_SAFE); warnx("Error retrieving %s: %s", origline, gerror); goto cleanup_url_get; } /* * Read the rest of the header. */ free(buf); filesize = -1; for (;;) { if ((buf = ftp_readline(fin, &len)) == NULL) { warnx("Receiving HTTP reply: %s", sockerror(tls)); goto cleanup_url_get; } while (len > 0 && (buf[len-1] == '\r' || buf[len-1] == '\n')) buf[--len] = '\0'; if (len == 0) break; #ifndef SMALL if (debug) fprintf(ttyout, "received '%s'\n", buf); #endif /* !SMALL */ /* Look for some headers */ cp = buf; #define CONTENTLEN "Content-Length: " if (strncasecmp(cp, CONTENTLEN, sizeof(CONTENTLEN) - 1) == 0) { size_t s; cp += sizeof(CONTENTLEN) - 1; if ((s = strcspn(cp, " \t"))) *(cp+s) = 0; filesize = strtonum(cp, 0, LLONG_MAX, &errstr); if (errstr != NULL) goto improper; #ifndef SMALL if (restart_point) filesize += restart_point; #endif /* !SMALL */ #define LOCATION "Location: " } else if (isredirect && strncasecmp(cp, LOCATION, sizeof(LOCATION) - 1) == 0) { cp += sizeof(LOCATION) - 1; /* * If there is a colon before the first slash, this URI * is not relative. RFC 3986 4.2 */ if (cp[strcspn(cp, ":/")] != ':') { #ifdef SMALL errx(1, "Relative redirect not supported"); #else /* SMALL */ /* XXX doesn't handle protocol-relative URIs */ if (*cp == '/') { locbase = NULL; cp++; } else { locbase = strdup(path); if (locbase == NULL) errx(1, "Can't allocate memory" " for location base"); loctail = strchr(locbase, '#'); if (loctail != NULL) *loctail = '\0'; loctail = strchr(locbase, '?'); if (loctail != NULL) *loctail = '\0'; loctail = strrchr(locbase, '/'); if (loctail == NULL) { free(locbase); locbase = NULL; } else loctail[1] = '\0'; } /* Contruct URL from relative redirect */ if (asprintf(&redirurl, "%s%s%s%s/%s%s", scheme, full_host, portnum ? ":" : "", portnum ? portnum : "", locbase ? locbase : "", cp) == -1) errx(1, "Cannot build " "redirect URL"); free(locbase); #endif /* SMALL */ } else if ((redirurl = strdup(cp)) == NULL) errx(1, "Cannot allocate memory for URL"); loctail = strchr(redirurl, '#'); if (loctail != NULL) *loctail = '\0'; if (verbose) fprintf(ttyout, "Redirected to %s\n", redirurl); ftp_close(&fin, &tls, &fd); rval = url_get(redirurl, proxyenv, savefile, lastfile); free(redirurl); goto cleanup_url_get; #define RETRYAFTER "Retry-After: " } else if (isunavail && strncasecmp(cp, RETRYAFTER, sizeof(RETRYAFTER) - 1) == 0) { size_t s; cp += sizeof(RETRYAFTER) - 1; if ((s = strcspn(cp, " \t"))) cp[s] = '\0'; retryafter = strtonum(cp, 0, 0, &errstr); if (errstr != NULL) retryafter = -1; #define TRANSFER_ENCODING "Transfer-Encoding: " } else if (strncasecmp(cp, TRANSFER_ENCODING, sizeof(TRANSFER_ENCODING) - 1) == 0) { cp += sizeof(TRANSFER_ENCODING) - 1; cp[strcspn(cp, " \t")] = '\0'; if (strcasecmp(cp, "chunked") == 0) chunked = 1; } free(buf); } /* Content-Length should be ignored for Transfer-Encoding: chunked */ if (chunked) filesize = -1; if (isunavail) { if (retried || retryafter != 0) warnx("Error retrieving %s: 503 Service Unavailable", origline); else { if (verbose) fprintf(ttyout, "Retrying %s\n", origline); retried = 1; ftp_close(&fin, &tls, &fd); rval = url_get(origline, proxyenv, savefile, lastfile); } goto cleanup_url_get; } /* Open the output file. */ if (!pipeout) { #ifndef SMALL if (resume) out = open(savefile, O_CREAT | O_WRONLY | O_APPEND, 0666); else #endif /* !SMALL */ out = open(savefile, O_CREAT | O_WRONLY | O_TRUNC, 0666); if (out == -1) { warn("Can't open %s", savefile); goto cleanup_url_get; } } else { out = fileno(stdout); #ifdef SMALL if (lastfile) { if (pledge("stdio tty", NULL) == -1) err(1, "pledge"); } #endif } free(buf); if ((buf = malloc(buflen)) == NULL) errx(1, "Can't allocate memory for transfer buffer"); /* Trap signals */ oldintr = NULL; oldinti = NULL; if (setjmp(httpabort)) { if (oldintr) (void)signal(SIGINT, oldintr); if (oldinti) (void)signal(SIGINFO, oldinti); goto cleanup_url_get; } oldintr = signal(SIGINT, aborthttp); bytes = 0; hashbytes = mark; progressmeter(-1, path); /* Finally, suck down the file. */ oldinti = signal(SIGINFO, psummary); if (chunked) { error = save_chunked(fin, tls, out, buf, buflen); signal(SIGINFO, oldinti); if (error == -1) goto cleanup_url_get; } else { while ((len = fread(buf, 1, buflen, fin)) > 0) { bytes += len; for (cp = buf; len > 0; len -= wlen, cp += wlen) { if ((wlen = write(out, cp, len)) == -1) { warn("Writing %s", savefile); signal(SIGINFO, oldinti); goto cleanup_url_get; } } if (hash && !progress) { while (bytes >= hashbytes) { (void)putc('#', ttyout); hashbytes += mark; } (void)fflush(ttyout); } } save_errno = errno; signal(SIGINFO, oldinti); if (hash && !progress && bytes > 0) { if (bytes < mark) (void)putc('#', ttyout); (void)putc('\n', ttyout); (void)fflush(ttyout); } if (len == 0 && ferror(fin)) { errno = save_errno; warnx("Reading from socket: %s", sockerror(tls)); goto cleanup_url_get; } } progressmeter(1, NULL); if ( #ifndef SMALL !resume && #endif /* !SMALL */ filesize != -1 && len == 0 && bytes != filesize) { if (verbose) fputs("Read short file.\n", ttyout); goto cleanup_url_get; } if (verbose) ptransfer(0); (void)signal(SIGINT, oldintr); rval = 0; goto cleanup_url_get; noftpautologin: warnx( "Auto-login using ftp URLs isn't supported when using $ftp_proxy"); goto cleanup_url_get; improper: warnx("Improper response from %s", host); cleanup_url_get: #ifndef SMALL free(full_host); #endif /* !SMALL */ #ifndef NOSSL free(sslhost); #endif /* !NOSSL */ ftp_close(&fin, &tls, &fd); if (out >= 0 && out != fileno(stdout)) close(out); free(buf); free(proxyhost); free(proxyurl); free(newline); free(credentials); free(proxy_credentials); return (rval); } static int save_chunked(FILE *fin, struct tls *tls, int out, char *buf, size_t buflen) { char *header, *end, *cp; unsigned long chunksize; size_t hlen, rlen, wlen; ssize_t written; char cr, lf; for (;;) { header = ftp_readline(fin, &hlen); if (header == NULL) break; /* strip CRLF and any optional chunk extension */ header[strcspn(header, ";\r\n")] = '\0'; errno = 0; chunksize = strtoul(header, &end, 16); if (errno || header[0] == '\0' || *end != '\0' || chunksize > INT_MAX) { warnx("Invalid chunk size '%s'", header); free(header); return -1; } free(header); if (chunksize == 0) { /* We're done. Ignore optional trailer. */ return 0; } for (written = 0; chunksize != 0; chunksize -= rlen) { rlen = (chunksize < buflen) ? chunksize : buflen; rlen = fread(buf, 1, rlen, fin); if (rlen == 0) break; bytes += rlen; for (cp = buf, wlen = rlen; wlen > 0; wlen -= written, cp += written) { if ((written = write(out, cp, wlen)) == -1) { warn("Writing output file"); return -1; } } } if (rlen == 0 || fread(&cr, 1, 1, fin) != 1 || fread(&lf, 1, 1, fin) != 1) break; if (cr != '\r' || lf != '\n') { warnx("Invalid chunked encoding"); return -1; } } if (ferror(fin)) warnx("Error while reading from socket: %s", sockerror(tls)); else warnx("Invalid chunked encoding: short read"); return -1; } /* * Abort a http retrieval */ /* ARGSUSED */ static void aborthttp(int signo) { alarmtimer(0); fputs("\nhttp fetch aborted.\n", ttyout); (void)fflush(ttyout); longjmp(httpabort, 1); } /* * Abort a http retrieval */ /* ARGSUSED */ static void abortfile(int signo) { alarmtimer(0); fputs("\nfile fetch aborted.\n", ttyout); (void)fflush(ttyout); longjmp(httpabort, 1); } /* * Retrieve multiple files from the command line, transferring * files of the form "host:path", "ftp://host/path"; using the * ftp protocol, and files of the form "http://host/path"; using * the http protocol. * If path has a trailing "/", then return (-1); * the path will be cd-ed into and the connection remains open, * and the function will return -1 (to indicate the connection * is alive). * If an error occurs the return value will be the offset+1 in * argv[] of the file that caused a problem (i.e, argv[x] * returns x+1) * Otherwise, 0 is returned if all files retrieved successfully. */ int auto_fetch(int argc, char *argv[], char *outfile) { return auto_fetch_u(argc, argv, outfile, 1, NULL); } int auto_fetch_u(int argc, char *argv[], char *outfile, int ready, char **unveil_list) { char *xargv[5]; char *cp, *url, *host, *dir, *file, *portnum; char *username, *pass, *pathstart; char *ftpproxy, *httpproxy; int rval, xargc, lastfile; volatile int argpos; int dirhasglob, filehasglob, oautologin; char rempath[PATH_MAX]; argpos = 0; if (setjmp(toplevel)) { if (connected) disconnect(0, NULL); return (argpos + 1); } (void)signal(SIGINT, (sig_t)intr); (void)signal(SIGPIPE, (sig_t)lostpeer); if ((ftpproxy = getenv(FTP_PROXY)) != NULL && *ftpproxy == '\0') ftpproxy = NULL; if ((httpproxy = getenv(HTTP_PROXY)) != NULL && *httpproxy == '\0') httpproxy = NULL; /* * Loop through as long as there's files to fetch. */ username = pass = NULL; for (rval = 0; (rval == 0) && (argpos < argc); free(url), argpos++) { if (strchr(argv[argpos], ':') == NULL) break; free(username); free(pass); host = dir = file = portnum = username = pass = NULL; lastfile = (argv[argpos+1] == NULL); /* * We muck with the string, so we make a copy. */ url = strdup(argv[argpos]); if (url == NULL) errx(1, "Can't allocate memory for auto-fetch."); if (strncasecmp(url, FILE_URL, sizeof(FILE_URL) - 1) == 0) { if (file_get_u(url + sizeof(FILE_URL) - 1, outfile, ready, unveil_list, argpos) == -1) rval = argpos + 1; continue; if (!ready) continue; } if (!ready && pipeout) continue; /* * Try HTTP URL-style arguments next. */ if (strncasecmp(url, HTTP_URL, sizeof(HTTP_URL) - 1) == 0 || strncasecmp(url, HTTPS_URL, sizeof(HTTPS_URL) -1) == 0) { redirect_loop = 0; retried = 0; if (url_get_u(url, httpproxy, outfile, lastfile, ready, unveil_list, argpos) == -1) rval = argpos + 1; continue; if (!ready) continue; } /* * Try FTP URL-style arguments next. If ftpproxy is * set, use url_get() instead of standard ftp. * Finally, try host:file. */ host = url; if (strncasecmp(url, FTP_URL, sizeof(FTP_URL) - 1) == 0) { char *passend, *passagain, *userend; if (ftpproxy) { if (url_get_u(url, ftpproxy, outfile, lastfile, ready, unveil_list, argpos) == -1) rval = argpos + 1; continue; } if (!ready) continue; host += sizeof(FTP_URL) - 1; dir = strchr(host, '/'); /* Look for [user:pass@]host[:port] */ /* check if we have "user:pass@" */ userend = strchr(host, ':'); passend = strchr(host, '@'); if (passend && userend && userend < passend && (!dir || passend < dir)) { username = host; pass = userend + 1; host = passend + 1; *userend = *passend = '\0'; passagain = strchr(host, '@'); if (strchr(pass, '@') != NULL || (passagain != NULL && passagain < dir)) { warnx(at_encoding_warning); username = pass = NULL; goto bad_ftp_url; } if (EMPTYSTRING(username)) { bad_ftp_url: warnx("Invalid URL: %s", argv[argpos]); rval = argpos + 1; username = pass = NULL; continue; } username = urldecode(username); pass = urldecode(pass); } /* check [host]:port, or [host] */ if (host[0] == '[') { cp = strchr(host, ']'); if (cp && (!dir || cp < dir)) { if (cp + 1 == dir || cp[1] == ':') { host++; *cp++ = '\0'; } else cp = NULL; } else cp = host; } else cp = host; /* split off host[:port] if there is */ if (cp) { portnum = strchr(cp, ':'); pathstart = strchr(cp, '/'); /* : in path is not a port # indicator */ if (portnum && pathstart && pathstart < portnum) portnum = NULL; if (!portnum) ; else { if (!dir) ; else if (portnum + 1 < dir) { *portnum++ = '\0'; /* * XXX should check if portnum * is decimal number */ } else { /* empty portnum */ goto bad_ftp_url; } } } else portnum = NULL; } else { /* classic style `host:file' */ dir = strchr(host, ':'); } if (!ready) { rval = -2; continue; } if (EMPTYSTRING(host)) { rval = argpos + 1; continue; } /* * If dir is NULL, the file wasn't specified * (URL looked something like ftp://host) */ if (dir != NULL) *dir++ = '\0'; /* * Extract the file and (if present) directory name. */ if (!EMPTYSTRING(dir)) { cp = strrchr(dir, '/'); if (cp != NULL) { *cp++ = '\0'; file = cp; } else { file = dir; dir = NULL; } } #ifndef SMALL if (debug) fprintf(ttyout, "user %s:%s host %s port %s dir %s file %s\n", username, pass ? "XXXX" : NULL, host, portnum, dir, file); #endif /* !SMALL */ /* * Set up the connection. */ if (connected) disconnect(0, NULL); xargv[0] = __progname; xargv[1] = host; xargv[2] = NULL; xargc = 2; if (!EMPTYSTRING(portnum)) { xargv[2] = portnum; xargv[3] = NULL; xargc = 3; } oautologin = autologin; if (username == NULL) anonftp = 1; else { anonftp = 0; autologin = 0; } setpeer(xargc, xargv); autologin = oautologin; if (connected == 0 || (connected == 1 && autologin && (username == NULL || !ftp_login(host, username, pass)))) { warnx("Can't connect or login to host `%s'", host); rval = argpos + 1; continue; } /* Always use binary transfers. */ setbinary(0, NULL); dirhasglob = filehasglob = 0; if (doglob) { if (!EMPTYSTRING(dir) && strpbrk(dir, "*?[]{}") != NULL) dirhasglob = 1; if (!EMPTYSTRING(file) && strpbrk(file, "*?[]{}") != NULL) filehasglob = 1; } /* Change directories, if necessary. */ if (!EMPTYSTRING(dir) && !dirhasglob) { xargv[0] = "cd"; xargv[1] = dir; xargv[2] = NULL; cd(2, xargv); if (!dirchange) { rval = argpos + 1; continue; } } if (EMPTYSTRING(file)) { #ifndef SMALL rval = -1; #else /* !SMALL */ recvrequest("NLST", "-", NULL, "w", 0, 0); rval = 0; #endif /* !SMALL */ continue; } if (verbose) fprintf(ttyout, "Retrieving %s/%s\n", dir ? dir : "", file); if (dirhasglob) { snprintf(rempath, sizeof(rempath), "%s/%s", dir, file); file = rempath; } /* Fetch the file(s). */ xargc = 2; xargv[0] = "get"; xargv[1] = file; xargv[2] = NULL; if (dirhasglob || filehasglob) { int ointeractive; ointeractive = interactive; interactive = 0; xargv[0] = "mget"; #ifndef SMALL if (resume) { xargc = 3; xargv[1] = "-c"; xargv[2] = file; xargv[3] = NULL; } #endif /* !SMALL */ mget(xargc, xargv); interactive = ointeractive; } else { if (outfile != NULL) { xargv[2] = outfile; xargv[3] = NULL; xargc++; } #ifndef SMALL if (resume) reget(xargc, xargv); else #endif /* !SMALL */ get(xargc, xargv); } if ((code / 100) != COMPLETE) rval = argpos + 1; } if (connected && rval != -1) disconnect(0, NULL); return (rval); } char * urldecode(const char *str) { char *ret, c; int i, reallen; if (str == NULL) return NULL; if ((ret = malloc(strlen(str)+1)) == NULL) err(1, "Can't allocate memory for URL decoding"); for (i = 0, reallen = 0; str[i] != '\0'; i++, reallen++, ret++) { c = str[i]; if (c == '+') { *ret = ' '; continue; } /* Cannot use strtol here because next char * after %xx may be a digit. */ if (c == '%' && isxdigit((unsigned char)str[i+1]) && isxdigit((unsigned char)str[i+2])) { *ret = hextochar(&str[i+1]); i+=2; continue; } *ret = c; } *ret = '\0'; return ret-reallen; } static char * recode_credentials(const char *userinfo) { char *ui, *creds; size_t ulen, credsize; /* url-decode the user and pass */ ui = urldecode(userinfo); ulen = strlen(ui); credsize = (ulen + 2) / 3 * 4 + 1; creds = malloc(credsize); if (creds == NULL) errx(1, "out of memory"); if (b64_ntop(ui, ulen, creds, credsize) == -1) errx(1, "error in base64 encoding"); free(ui); return (creds); } static char hextochar(const char *str) { unsigned char c, ret; c = str[0]; ret = c; if (isalpha(c)) ret -= isupper(c) ? 'A' - 10 : 'a' - 10; else ret -= '0'; ret *= 16; c = str[1]; ret += c; if (isalpha(c)) ret -= isupper(c) ? 'A' - 10 : 'a' - 10; else ret -= '0'; return ret; } int isurl(const char *p) { if (strncasecmp(p, FTP_URL, sizeof(FTP_URL) - 1) == 0 || strncasecmp(p, HTTP_URL, sizeof(HTTP_URL) - 1) == 0 || #ifndef NOSSL strncasecmp(p, HTTPS_URL, sizeof(HTTPS_URL) - 1) == 0 || #endif /* !NOSSL */ strncasecmp(p, FILE_URL, sizeof(FILE_URL) - 1) == 0 || strstr(p, ":/")) return (1); return (0); } static char * ftp_readline(FILE *fp, size_t *lenp) { return fparseln(fp, lenp, NULL, "\0\0\0", 0); } #ifndef SMALL static int ftp_printf(FILE *fp, const char *fmt, ...) { va_list ap; int ret; va_start(ap, fmt); ret = vfprintf(fp, fmt, ap); va_end(ap); if (debug) { va_start(ap, fmt); vfprintf(ttyout, fmt, ap); va_end(ap); } return ret; } #endif /* !SMALL */ static void ftp_close(FILE **fin, struct tls **tls, int *fd) { #ifndef NOSSL int ret; if (*tls != NULL) { if (tls_session_fd != -1) dprintf(STDERR_FILENO, "tls session resumed: %s\n", tls_conn_session_resumed(*tls) ? "yes" : "no"); do { ret = tls_close(*tls); } while (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT); tls_free(*tls); *tls = NULL; } if (*fd != -1) { close(*fd); *fd = -1; } #endif if (*fin != NULL) { fclose(*fin); *fin = NULL; } } static const char * sockerror(struct tls *tls) { int save_errno = errno; #ifndef NOSSL if (tls != NULL) { const char *tlserr = tls_error(tls); if (tlserr != NULL) return tlserr; } #endif return strerror(save_errno); } #ifndef NOSSL static int proxy_connect(int socket, char *host, char *cookie) { int l; char buf[1024]; char *connstr, *hosttail, *port; if (*host == '[' && (hosttail = strrchr(host, ']')) != NULL && (hosttail[1] == '\0' || hosttail[1] == ':')) { host++; *hosttail++ = '\0'; } else hosttail = host; port = strrchr(hosttail, ':'); /* find portnum */ if (port != NULL) *port++ = '\0'; if (!port) port = "443"; if (cookie) { l = asprintf(&connstr, "CONNECT %s:%s HTTP/1.1\r\n" "Proxy-Authorization: Basic %s\r\n%s\r\n\r\n", host, port, cookie, HTTP_USER_AGENT); } else { l = asprintf(&connstr, "CONNECT %s:%s HTTP/1.1\r\n%s\r\n\r\n", host, port, HTTP_USER_AGENT); } if (l == -1) errx(1, "Could not allocate memory to assemble connect string!"); #ifndef SMALL if (debug) printf("%s", connstr); #endif /* !SMALL */ if (write(socket, connstr, l) != l) err(1, "Could not send connect string"); read(socket, &buf, sizeof(buf)); /* only proxy header XXX: error handling? */ free(connstr); return(200); } static int stdio_tls_write_wrapper(void *arg, const char *buf, int len) { struct tls *tls = arg; ssize_t ret; do { ret = tls_write(tls, buf, len); } while (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT); return ret; } static int stdio_tls_read_wrapper(void *arg, char *buf, int len) { struct tls *tls = arg; ssize_t ret; do { ret = tls_read(tls, buf, len); } while (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT); return ret; } #endif /* !NOSSL */
