xref: /freebsd/contrib/tnftp/src/fetch.c (revision 9a14aa017b21c292740c00ee098195cd46642730)
1 /*	$NetBSD: fetch.c,v 1.18 2009/11/15 10:12:37 lukem Exp $	*/
2 /*	from	NetBSD: fetch.c,v 1.191 2009/08/17 09:08:16 christos Exp	*/
3 
4 /*-
5  * Copyright (c) 1997-2009 The NetBSD Foundation, Inc.
6  * All rights reserved.
7  *
8  * This code is derived from software contributed to The NetBSD Foundation
9  * by Luke Mewburn.
10  *
11  * This code is derived from software contributed to The NetBSD Foundation
12  * by Scott Aaron Bamford.
13  *
14  * Redistribution and use in source and binary forms, with or without
15  * modification, are permitted provided that the following conditions
16  * are met:
17  * 1. Redistributions of source code must retain the above copyright
18  *    notice, this list of conditions and the following disclaimer.
19  * 2. Redistributions in binary form must reproduce the above copyright
20  *    notice, this list of conditions and the following disclaimer in the
21  *    documentation and/or other materials provided with the distribution.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
24  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
25  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
26  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
27  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
28  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
30  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
31  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33  * POSSIBILITY OF SUCH DAMAGE.
34  */
35 
36 #include "tnftp.h"
37 
38 #if 0	/* tnftp */
39 
40 #include <sys/cdefs.h>
41 #ifndef lint
42 __RCSID(" NetBSD: fetch.c,v 1.191 2009/08/17 09:08:16 christos Exp  ");
43 #endif /* not lint */
44 
45 /*
46  * FTP User Program -- Command line file retrieval
47  */
48 
49 #include <sys/types.h>
50 #include <sys/param.h>
51 #include <sys/socket.h>
52 #include <sys/stat.h>
53 #include <sys/time.h>
54 
55 #include <netinet/in.h>
56 
57 #include <arpa/ftp.h>
58 #include <arpa/inet.h>
59 
60 #include <ctype.h>
61 #include <err.h>
62 #include <errno.h>
63 #include <netdb.h>
64 #include <fcntl.h>
65 #include <stdio.h>
66 #include <stdlib.h>
67 #include <string.h>
68 #include <unistd.h>
69 #include <time.h>
70 
71 #endif	/* tnftp */
72 
73 #include "ftp_var.h"
74 #include "version.h"
75 
76 typedef enum {
77 	UNKNOWN_URL_T=-1,
78 	HTTP_URL_T,
79 	FTP_URL_T,
80 	FILE_URL_T,
81 	CLASSIC_URL_T
82 } url_t;
83 
84 void		aborthttp(int);
85 #ifndef NO_AUTH
86 static int	auth_url(const char *, char **, const char *, const char *);
87 static void	base64_encode(const unsigned char *, size_t, unsigned char *);
88 #endif
89 static int	go_fetch(const char *);
90 static int	fetch_ftp(const char *);
91 static int	fetch_url(const char *, const char *, char *, char *);
92 static const char *match_token(const char **, const char *);
93 static int	parse_url(const char *, const char *, url_t *, char **,
94 			    char **, char **, char **, in_port_t *, char **);
95 static void	url_decode(char *);
96 
97 static int	redirect_loop;
98 
99 
100 #define	STRNEQUAL(a,b)	(strncasecmp((a), (b), sizeof((b))-1) == 0)
101 #define	ISLWS(x)	((x)=='\r' || (x)=='\n' || (x)==' ' || (x)=='\t')
102 #define	SKIPLWS(x)	do { while (ISLWS((*x))) x++; } while (0)
103 
104 
105 #define	ABOUT_URL	"about:"	/* propaganda */
106 #define	FILE_URL	"file://"	/* file URL prefix */
107 #define	FTP_URL		"ftp://"	/* ftp URL prefix */
108 #define	HTTP_URL	"http://"	/* http URL prefix */
109 
110 
111 /*
112  * Determine if token is the next word in buf (case insensitive).
113  * If so, advance buf past the token and any trailing LWS, and
114  * return a pointer to the token (in buf).  Otherwise, return NULL.
115  * token may be preceded by LWS.
116  * token must be followed by LWS or NUL.  (I.e, don't partial match).
117  */
118 static const char *
119 match_token(const char **buf, const char *token)
120 {
121 	const char	*p, *orig;
122 	size_t		tlen;
123 
124 	tlen = strlen(token);
125 	p = *buf;
126 	SKIPLWS(p);
127 	orig = p;
128 	if (strncasecmp(p, token, tlen) != 0)
129 		return NULL;
130 	p += tlen;
131 	if (*p != '\0' && !ISLWS(*p))
132 		return NULL;
133 	SKIPLWS(p);
134 	orig = *buf;
135 	*buf = p;
136 	return orig;
137 }
138 
139 #ifndef NO_AUTH
140 /*
141  * Generate authorization response based on given authentication challenge.
142  * Returns -1 if an error occurred, otherwise 0.
143  * Sets response to a malloc(3)ed string; caller should free.
144  */
145 static int
146 auth_url(const char *challenge, char **response, const char *guser,
147 	const char *gpass)
148 {
149 	const char	*cp, *scheme, *errormsg;
150 	char		*ep, *clear, *realm;
151 	char		 uuser[BUFSIZ], *gotpass;
152 	const char	*upass;
153 	int		 rval;
154 	size_t		 len, clen, rlen;
155 
156 	*response = NULL;
157 	clear = realm = NULL;
158 	rval = -1;
159 	cp = challenge;
160 	scheme = "Basic";	/* only support Basic authentication */
161 	gotpass = NULL;
162 
163 	DPRINTF("auth_url: challenge `%s'\n", challenge);
164 
165 	if (! match_token(&cp, scheme)) {
166 		warnx("Unsupported authentication challenge `%s'",
167 		    challenge);
168 		goto cleanup_auth_url;
169 	}
170 
171 #define	REALM "realm=\""
172 	if (STRNEQUAL(cp, REALM))
173 		cp += sizeof(REALM) - 1;
174 	else {
175 		warnx("Unsupported authentication challenge `%s'",
176 		    challenge);
177 		goto cleanup_auth_url;
178 	}
179 /* XXX: need to improve quoted-string parsing to support \ quoting, etc. */
180 	if ((ep = strchr(cp, '\"')) != NULL) {
181 		len = ep - cp;
182 		realm = (char *)ftp_malloc(len + 1);
183 		(void)strlcpy(realm, cp, len + 1);
184 	} else {
185 		warnx("Unsupported authentication challenge `%s'",
186 		    challenge);
187 		goto cleanup_auth_url;
188 	}
189 
190 	fprintf(ttyout, "Username for `%s': ", realm);
191 	if (guser != NULL) {
192 		(void)strlcpy(uuser, guser, sizeof(uuser));
193 		fprintf(ttyout, "%s\n", uuser);
194 	} else {
195 		(void)fflush(ttyout);
196 		if (get_line(stdin, uuser, sizeof(uuser), &errormsg) < 0) {
197 			warnx("%s; can't authenticate", errormsg);
198 			goto cleanup_auth_url;
199 		}
200 	}
201 	if (gpass != NULL)
202 		upass = gpass;
203 	else {
204 		gotpass = getpass("Password: ");
205 		if (gotpass == NULL) {
206 			warnx("Can't read password");
207 			goto cleanup_auth_url;
208 		}
209 		upass = gotpass;
210 	}
211 
212 	clen = strlen(uuser) + strlen(upass) + 2;	/* user + ":" + pass + "\0" */
213 	clear = (char *)ftp_malloc(clen);
214 	(void)strlcpy(clear, uuser, clen);
215 	(void)strlcat(clear, ":", clen);
216 	(void)strlcat(clear, upass, clen);
217 	if (gotpass)
218 		memset(gotpass, 0, strlen(gotpass));
219 
220 						/* scheme + " " + enc + "\0" */
221 	rlen = strlen(scheme) + 1 + (clen + 2) * 4 / 3 + 1;
222 	*response = (char *)ftp_malloc(rlen);
223 	(void)strlcpy(*response, scheme, rlen);
224 	len = strlcat(*response, " ", rlen);
225 			/* use  `clen - 1'  to not encode the trailing NUL */
226 	base64_encode((unsigned char *)clear, clen - 1,
227 	    (unsigned char *)*response + len);
228 	memset(clear, 0, clen);
229 	rval = 0;
230 
231  cleanup_auth_url:
232 	FREEPTR(clear);
233 	FREEPTR(realm);
234 	return (rval);
235 }
236 
237 /*
238  * Encode len bytes starting at clear using base64 encoding into encoded,
239  * which should be at least ((len + 2) * 4 / 3 + 1) in size.
240  */
241 static void
242 base64_encode(const unsigned char *clear, size_t len, unsigned char *encoded)
243 {
244 	static const unsigned char enc[] =
245 	    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
246 	unsigned char	*cp;
247 	size_t	 i;
248 
249 	cp = encoded;
250 	for (i = 0; i < len; i += 3) {
251 		*(cp++) = enc[((clear[i + 0] >> 2))];
252 		*(cp++) = enc[((clear[i + 0] << 4) & 0x30)
253 			    | ((clear[i + 1] >> 4) & 0x0f)];
254 		*(cp++) = enc[((clear[i + 1] << 2) & 0x3c)
255 			    | ((clear[i + 2] >> 6) & 0x03)];
256 		*(cp++) = enc[((clear[i + 2]     ) & 0x3f)];
257 	}
258 	*cp = '\0';
259 	while (i-- > len)
260 		*(--cp) = '=';
261 }
262 #endif
263 
264 /*
265  * Decode %xx escapes in given string, `in-place'.
266  */
267 static void
268 url_decode(char *url)
269 {
270 	unsigned char *p, *q;
271 
272 	if (EMPTYSTRING(url))
273 		return;
274 	p = q = (unsigned char *)url;
275 
276 #define	HEXTOINT(x) (x - (isdigit(x) ? '0' : (islower(x) ? 'a' : 'A') - 10))
277 	while (*p) {
278 		if (p[0] == '%'
279 		    && p[1] && isxdigit((unsigned char)p[1])
280 		    && p[2] && isxdigit((unsigned char)p[2])) {
281 			*q++ = HEXTOINT(p[1]) * 16 + HEXTOINT(p[2]);
282 			p+=3;
283 		} else
284 			*q++ = *p++;
285 	}
286 	*q = '\0';
287 }
288 
289 
290 /*
291  * Parse URL of form (per RFC3986):
292  *	<type>://[<user>[:<password>]@]<host>[:<port>][/<path>]
293  * Returns -1 if a parse error occurred, otherwise 0.
294  * It's the caller's responsibility to url_decode() the returned
295  * user, pass and path.
296  *
297  * Sets type to url_t, each of the given char ** pointers to a
298  * malloc(3)ed strings of the relevant section, and port to
299  * the number given, or ftpport if ftp://, or httpport if http://.
300  *
301  * XXX: this is not totally RFC3986 compliant; <path> will have the
302  * leading `/' unless it's an ftp:// URL, as this makes things easier
303  * for file:// and http:// URLs.  ftp:// URLs have the `/' between the
304  * host and the URL-path removed, but any additional leading slashes
305  * in the URL-path are retained (because they imply that we should
306  * later do "CWD" with a null argument).
307  *
308  * Examples:
309  *	 input URL			 output path
310  *	 ---------			 -----------
311  *	"http://host"			"/"
312  *	"http://host/"			"/"
313  *	"http://host/path"		"/path"
314  *	"file://host/dir/file"		"dir/file"
315  *	"ftp://host"			""
316  *	"ftp://host/"			""
317  *	"ftp://host//"			"/"
318  *	"ftp://host/dir/file"		"dir/file"
319  *	"ftp://host//dir/file"		"/dir/file"
320  */
321 static int
322 parse_url(const char *url, const char *desc, url_t *utype,
323 		char **uuser, char **pass, char **host, char **port,
324 		in_port_t *portnum, char **path)
325 {
326 	const char	*origurl, *tport;
327 	char		*cp, *ep, *thost;
328 	size_t		 len;
329 
330 	if (url == NULL || desc == NULL || utype == NULL || uuser == NULL
331 	    || pass == NULL || host == NULL || port == NULL || portnum == NULL
332 	    || path == NULL)
333 		errx(1, "parse_url: invoked with NULL argument!");
334 	DPRINTF("parse_url: %s `%s'\n", desc, url);
335 
336 	origurl = url;
337 	*utype = UNKNOWN_URL_T;
338 	*uuser = *pass = *host = *port = *path = NULL;
339 	*portnum = 0;
340 	tport = NULL;
341 
342 	if (STRNEQUAL(url, HTTP_URL)) {
343 		url += sizeof(HTTP_URL) - 1;
344 		*utype = HTTP_URL_T;
345 		*portnum = HTTP_PORT;
346 		tport = httpport;
347 	} else if (STRNEQUAL(url, FTP_URL)) {
348 		url += sizeof(FTP_URL) - 1;
349 		*utype = FTP_URL_T;
350 		*portnum = FTP_PORT;
351 		tport = ftpport;
352 	} else if (STRNEQUAL(url, FILE_URL)) {
353 		url += sizeof(FILE_URL) - 1;
354 		*utype = FILE_URL_T;
355 	} else {
356 		warnx("Invalid %s `%s'", desc, url);
357  cleanup_parse_url:
358 		FREEPTR(*uuser);
359 		if (*pass != NULL)
360 			memset(*pass, 0, strlen(*pass));
361 		FREEPTR(*pass);
362 		FREEPTR(*host);
363 		FREEPTR(*port);
364 		FREEPTR(*path);
365 		return (-1);
366 	}
367 
368 	if (*url == '\0')
369 		return (0);
370 
371 			/* find [user[:pass]@]host[:port] */
372 	ep = strchr(url, '/');
373 	if (ep == NULL)
374 		thost = ftp_strdup(url);
375 	else {
376 		len = ep - url;
377 		thost = (char *)ftp_malloc(len + 1);
378 		(void)strlcpy(thost, url, len + 1);
379 		if (*utype == FTP_URL_T)	/* skip first / for ftp URLs */
380 			ep++;
381 		*path = ftp_strdup(ep);
382 	}
383 
384 	cp = strchr(thost, '@');	/* look for user[:pass]@ in URLs */
385 	if (cp != NULL) {
386 		if (*utype == FTP_URL_T)
387 			anonftp = 0;	/* disable anonftp */
388 		*uuser = thost;
389 		*cp = '\0';
390 		thost = ftp_strdup(cp + 1);
391 		cp = strchr(*uuser, ':');
392 		if (cp != NULL) {
393 			*cp = '\0';
394 			*pass = ftp_strdup(cp + 1);
395 		}
396 		url_decode(*uuser);
397 		if (*pass)
398 			url_decode(*pass);
399 	}
400 
401 #ifdef INET6
402 			/*
403 			 * Check if thost is an encoded IPv6 address, as per
404 			 * RFC3986:
405 			 *	`[' ipv6-address ']'
406 			 */
407 	if (*thost == '[') {
408 		cp = thost + 1;
409 		if ((ep = strchr(cp, ']')) == NULL ||
410 		    (ep[1] != '\0' && ep[1] != ':')) {
411 			warnx("Invalid address `%s' in %s `%s'",
412 			    thost, desc, origurl);
413 			goto cleanup_parse_url;
414 		}
415 		len = ep - cp;		/* change `[xyz]' -> `xyz' */
416 		memmove(thost, thost + 1, len);
417 		thost[len] = '\0';
418 		if (! isipv6addr(thost)) {
419 			warnx("Invalid IPv6 address `%s' in %s `%s'",
420 			    thost, desc, origurl);
421 			goto cleanup_parse_url;
422 		}
423 		cp = ep + 1;
424 		if (*cp == ':')
425 			cp++;
426 		else
427 			cp = NULL;
428 	} else
429 #endif /* INET6 */
430 		if ((cp = strchr(thost, ':')) != NULL)
431 			*cp++ = '\0';
432 	*host = thost;
433 
434 			/* look for [:port] */
435 	if (cp != NULL) {
436 		unsigned long	nport;
437 
438 		nport = strtoul(cp, &ep, 10);
439 		if (*cp == '\0' || *ep != '\0' ||
440 		    nport < 1 || nport > MAX_IN_PORT_T) {
441 			warnx("Unknown port `%s' in %s `%s'",
442 			    cp, desc, origurl);
443 			goto cleanup_parse_url;
444 		}
445 		*portnum = nport;
446 		tport = cp;
447 	}
448 
449 	if (tport != NULL)
450 		*port = ftp_strdup(tport);
451 	if (*path == NULL) {
452 		const char *emptypath = "/";
453 		if (*utype == FTP_URL_T)	/* skip first / for ftp URLs */
454 			emptypath++;
455 		*path = ftp_strdup(emptypath);
456 	}
457 
458 	DPRINTF("parse_url: user `%s' pass `%s' host %s port %s(%d) "
459 	    "path `%s'\n",
460 	    STRorNULL(*uuser), STRorNULL(*pass),
461 	    STRorNULL(*host), STRorNULL(*port),
462 	    *portnum ? *portnum : -1, STRorNULL(*path));
463 
464 	return (0);
465 }
466 
467 sigjmp_buf	httpabort;
468 
469 /*
470  * Retrieve URL, via a proxy if necessary, using HTTP.
471  * If proxyenv is set, use that for the proxy, otherwise try ftp_proxy or
472  * http_proxy as appropriate.
473  * Supports HTTP redirects.
474  * Returns 1 on failure, 0 on completed xfer, -1 if ftp connection
475  * is still open (e.g, ftp xfer with trailing /)
476  */
477 static int
478 fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
479 {
480 	struct addrinfo		hints, *res, *res0 = NULL;
481 	int			error;
482 	sigfunc volatile	oldintr;
483 	sigfunc volatile	oldintp;
484 	int volatile		s;
485 	struct stat		sb;
486 	int volatile		ischunked;
487 	int volatile		isproxy;
488 	int volatile		rval;
489 	int volatile		hcode;
490 	int			len;
491 	size_t			flen;
492 	static size_t		bufsize;
493 	static char		*xferbuf;
494 	const char		*cp, *token;
495 	char			*ep;
496 	char			buf[FTPBUFLEN];
497 	const char		*errormsg;
498 	char			*volatile savefile;
499 	char			*volatile auth;
500 	char			*volatile location;
501 	char			*volatile message;
502 	char			*uuser, *pass, *host, *port, *path;
503 	char			*volatile decodedpath;
504 	char			*puser, *ppass, *useragent;
505 	off_t			hashbytes, rangestart, rangeend, entitylen;
506 	int			(*volatile closefunc)(FILE *);
507 	FILE			*volatile fin;
508 	FILE			*volatile fout;
509 	time_t			mtime;
510 	url_t			urltype;
511 	in_port_t		portnum;
512 
513 	DPRINTF("fetch_url: `%s' proxyenv `%s'\n", url, STRorNULL(proxyenv));
514 
515 	oldintr = oldintp = NULL;
516 	closefunc = NULL;
517 	fin = fout = NULL;
518 	s = -1;
519 	savefile = NULL;
520 	auth = location = message = NULL;
521 	ischunked = isproxy = hcode = 0;
522 	rval = 1;
523 	uuser = pass = host = path = decodedpath = puser = ppass = NULL;
524 
525 	if (parse_url(url, "URL", &urltype, &uuser, &pass, &host, &port,
526 	    &portnum, &path) == -1)
527 		goto cleanup_fetch_url;
528 
529 	if (urltype == FILE_URL_T && ! EMPTYSTRING(host)
530 	    && strcasecmp(host, "localhost") != 0) {
531 		warnx("No support for non local file URL `%s'", url);
532 		goto cleanup_fetch_url;
533 	}
534 
535 	if (EMPTYSTRING(path)) {
536 		if (urltype == FTP_URL_T) {
537 			rval = fetch_ftp(url);
538 			goto cleanup_fetch_url;
539 		}
540 		if (urltype != HTTP_URL_T || outfile == NULL)  {
541 			warnx("Invalid URL (no file after host) `%s'", url);
542 			goto cleanup_fetch_url;
543 		}
544 	}
545 
546 	decodedpath = ftp_strdup(path);
547 	url_decode(decodedpath);
548 
549 	if (outfile)
550 		savefile = ftp_strdup(outfile);
551 	else {
552 		cp = strrchr(decodedpath, '/');		/* find savefile */
553 		if (cp != NULL)
554 			savefile = ftp_strdup(cp + 1);
555 		else
556 			savefile = ftp_strdup(decodedpath);
557 	}
558 	DPRINTF("fetch_url: savefile `%s'\n", savefile);
559 	if (EMPTYSTRING(savefile)) {
560 		if (urltype == FTP_URL_T) {
561 			rval = fetch_ftp(url);
562 			goto cleanup_fetch_url;
563 		}
564 		warnx("No file after directory (you must specify an "
565 		    "output file) `%s'", url);
566 		goto cleanup_fetch_url;
567 	}
568 
569 	restart_point = 0;
570 	filesize = -1;
571 	rangestart = rangeend = entitylen = -1;
572 	mtime = -1;
573 	if (restartautofetch) {
574 		if (strcmp(savefile, "-") != 0 && *savefile != '|' &&
575 		    stat(savefile, &sb) == 0)
576 			restart_point = sb.st_size;
577 	}
578 	if (urltype == FILE_URL_T) {		/* file:// URLs */
579 		direction = "copied";
580 		fin = fopen(decodedpath, "r");
581 		if (fin == NULL) {
582 			warn("Can't open `%s'", decodedpath);
583 			goto cleanup_fetch_url;
584 		}
585 		if (fstat(fileno(fin), &sb) == 0) {
586 			mtime = sb.st_mtime;
587 			filesize = sb.st_size;
588 		}
589 		if (restart_point) {
590 			if (lseek(fileno(fin), restart_point, SEEK_SET) < 0) {
591 				warn("Can't seek to restart `%s'",
592 				    decodedpath);
593 				goto cleanup_fetch_url;
594 			}
595 		}
596 		if (verbose) {
597 			fprintf(ttyout, "Copying %s", decodedpath);
598 			if (restart_point)
599 				fprintf(ttyout, " (restarting at " LLF ")",
600 				    (LLT)restart_point);
601 			fputs("\n", ttyout);
602 		}
603 	} else {				/* ftp:// or http:// URLs */
604 		const char *leading;
605 		int hasleading;
606 
607 		if (proxyenv == NULL) {
608 			if (urltype == HTTP_URL_T)
609 				proxyenv = getoptionvalue("http_proxy");
610 			else if (urltype == FTP_URL_T)
611 				proxyenv = getoptionvalue("ftp_proxy");
612 		}
613 		direction = "retrieved";
614 		if (! EMPTYSTRING(proxyenv)) {			/* use proxy */
615 			url_t purltype;
616 			char *phost, *ppath;
617 			char *pport, *no_proxy;
618 			in_port_t pportnum;
619 
620 			isproxy = 1;
621 
622 				/* check URL against list of no_proxied sites */
623 			no_proxy = getoptionvalue("no_proxy");
624 			if (! EMPTYSTRING(no_proxy)) {
625 				char *np, *np_copy, *np_iter;
626 				unsigned long np_port;
627 				size_t hlen, plen;
628 
629 				np_iter = np_copy = ftp_strdup(no_proxy);
630 				hlen = strlen(host);
631 				while ((cp = strsep(&np_iter, " ,")) != NULL) {
632 					if (*cp == '\0')
633 						continue;
634 					if ((np = strrchr(cp, ':')) != NULL) {
635 						*np++ =  '\0';
636 						np_port = strtoul(np, &ep, 10);
637 						if (*np == '\0' || *ep != '\0')
638 							continue;
639 						if (np_port != portnum)
640 							continue;
641 					}
642 					plen = strlen(cp);
643 					if (hlen < plen)
644 						continue;
645 					if (strncasecmp(host + hlen - plen,
646 					    cp, plen) == 0) {
647 						isproxy = 0;
648 						break;
649 					}
650 				}
651 				FREEPTR(np_copy);
652 				if (isproxy == 0 && urltype == FTP_URL_T) {
653 					rval = fetch_ftp(url);
654 					goto cleanup_fetch_url;
655 				}
656 			}
657 
658 			if (isproxy) {
659 				if (restart_point) {
660 					warnx("Can't restart via proxy URL `%s'",
661 					    proxyenv);
662 					goto cleanup_fetch_url;
663 				}
664 				if (parse_url(proxyenv, "proxy URL", &purltype,
665 				    &puser, &ppass, &phost, &pport, &pportnum,
666 				    &ppath) == -1)
667 					goto cleanup_fetch_url;
668 
669 				if ((purltype != HTTP_URL_T
670 				     && purltype != FTP_URL_T) ||
671 				    EMPTYSTRING(phost) ||
672 				    (! EMPTYSTRING(ppath)
673 				     && strcmp(ppath, "/") != 0)) {
674 					warnx("Malformed proxy URL `%s'",
675 					    proxyenv);
676 					FREEPTR(phost);
677 					FREEPTR(pport);
678 					FREEPTR(ppath);
679 					goto cleanup_fetch_url;
680 				}
681 				if (isipv6addr(host) &&
682 				    strchr(host, '%') != NULL) {
683 					warnx(
684 "Scoped address notation `%s' disallowed via web proxy",
685 					    host);
686 					FREEPTR(phost);
687 					FREEPTR(pport);
688 					FREEPTR(ppath);
689 					goto cleanup_fetch_url;
690 				}
691 
692 				FREEPTR(host);
693 				host = phost;
694 				FREEPTR(port);
695 				port = pport;
696 				FREEPTR(path);
697 				path = ftp_strdup(url);
698 				FREEPTR(ppath);
699 			}
700 		} /* ! EMPTYSTRING(proxyenv) */
701 
702 		memset(&hints, 0, sizeof(hints));
703 		hints.ai_flags = 0;
704 		hints.ai_family = family;
705 		hints.ai_socktype = SOCK_STREAM;
706 		hints.ai_protocol = 0;
707 		error = getaddrinfo(host, port, &hints, &res0);
708 		if (error) {
709 			warnx("Can't lookup `%s:%s': %s", host, port,
710 			    (error == EAI_SYSTEM) ? strerror(errno)
711 						  : gai_strerror(error));
712 			goto cleanup_fetch_url;
713 		}
714 		if (res0->ai_canonname)
715 			host = res0->ai_canonname;
716 
717 		s = -1;
718 		for (res = res0; res; res = res->ai_next) {
719 			char	hname[NI_MAXHOST], sname[NI_MAXSERV];
720 
721 			ai_unmapped(res);
722 			if (getnameinfo(res->ai_addr, res->ai_addrlen,
723 			    hname, sizeof(hname), sname, sizeof(sname),
724 			    NI_NUMERICHOST | NI_NUMERICSERV) != 0) {
725 				strlcpy(hname, "?", sizeof(hname));
726 				strlcpy(sname, "?", sizeof(sname));
727 			}
728 
729 			if (verbose && res0->ai_next) {
730 				fprintf(ttyout, "Trying %s:%s ...\n",
731 				    hname, sname);
732 			}
733 
734 			s = socket(res->ai_family, SOCK_STREAM,
735 			    res->ai_protocol);
736 			if (s < 0) {
737 				warn(
738 				    "Can't create socket for connection to "
739 				    "`%s:%s'", hname, sname);
740 				continue;
741 			}
742 
743 			if (ftp_connect(s, res->ai_addr, res->ai_addrlen) < 0) {
744 				close(s);
745 				s = -1;
746 				continue;
747 			}
748 
749 			/* success */
750 			break;
751 		}
752 
753 		if (s < 0) {
754 			warnx("Can't connect to `%s:%s'", host, port);
755 			goto cleanup_fetch_url;
756 		}
757 
758 		fin = fdopen(s, "r+");
759 		/*
760 		 * Construct and send the request.
761 		 */
762 		if (verbose)
763 			fprintf(ttyout, "Requesting %s\n", url);
764 		leading = "  (";
765 		hasleading = 0;
766 		if (isproxy) {
767 			if (verbose) {
768 				fprintf(ttyout, "%svia %s:%s", leading,
769 				    host, port);
770 				leading = ", ";
771 				hasleading++;
772 			}
773 			fprintf(fin, "GET %s HTTP/1.0\r\n", path);
774 			if (flushcache)
775 				fprintf(fin, "Pragma: no-cache\r\n");
776 		} else {
777 			fprintf(fin, "GET %s HTTP/1.1\r\n", path);
778 			if (strchr(host, ':')) {
779 				char *h, *p;
780 
781 				/*
782 				 * strip off IPv6 scope identifier, since it is
783 				 * local to the node
784 				 */
785 				h = ftp_strdup(host);
786 				if (isipv6addr(h) &&
787 				    (p = strchr(h, '%')) != NULL) {
788 					*p = '\0';
789 				}
790 				fprintf(fin, "Host: [%s]", h);
791 				free(h);
792 			} else
793 				fprintf(fin, "Host: %s", host);
794 			if (portnum != HTTP_PORT)
795 				fprintf(fin, ":%u", portnum);
796 			fprintf(fin, "\r\n");
797 			fprintf(fin, "Accept: */*\r\n");
798 			fprintf(fin, "Connection: close\r\n");
799 			if (restart_point) {
800 				fputs(leading, ttyout);
801 				fprintf(fin, "Range: bytes=" LLF "-\r\n",
802 				    (LLT)restart_point);
803 				fprintf(ttyout, "restarting at " LLF,
804 				    (LLT)restart_point);
805 				leading = ", ";
806 				hasleading++;
807 			}
808 			if (flushcache)
809 				fprintf(fin, "Cache-Control: no-cache\r\n");
810 		}
811 		if ((useragent=getenv("FTPUSERAGENT")) != NULL) {
812 			fprintf(fin, "User-Agent: %s\r\n", useragent);
813 		} else {
814 			fprintf(fin, "User-Agent: %s/%s\r\n",
815 			    FTP_PRODUCT, FTP_VERSION);
816 		}
817 		if (wwwauth) {
818 			if (verbose) {
819 				fprintf(ttyout, "%swith authorization",
820 				    leading);
821 				leading = ", ";
822 				hasleading++;
823 			}
824 			fprintf(fin, "Authorization: %s\r\n", wwwauth);
825 		}
826 		if (proxyauth) {
827 			if (verbose) {
828 				fprintf(ttyout,
829 				    "%swith proxy authorization", leading);
830 				leading = ", ";
831 				hasleading++;
832 			}
833 			fprintf(fin, "Proxy-Authorization: %s\r\n", proxyauth);
834 		}
835 		if (verbose && hasleading)
836 			fputs(")\n", ttyout);
837 		fprintf(fin, "\r\n");
838 		if (fflush(fin) == EOF) {
839 			warn("Writing HTTP request");
840 			goto cleanup_fetch_url;
841 		}
842 
843 				/* Read the response */
844 		len = get_line(fin, buf, sizeof(buf), &errormsg);
845 		if (len < 0) {
846 			if (*errormsg == '\n')
847 				errormsg++;
848 			warnx("Receiving HTTP reply: %s", errormsg);
849 			goto cleanup_fetch_url;
850 		}
851 		while (len > 0 && (ISLWS(buf[len-1])))
852 			buf[--len] = '\0';
853 		DPRINTF("fetch_url: received `%s'\n", buf);
854 
855 				/* Determine HTTP response code */
856 		cp = strchr(buf, ' ');
857 		if (cp == NULL)
858 			goto improper;
859 		else
860 			cp++;
861 		hcode = strtol(cp, &ep, 10);
862 		if (*ep != '\0' && !isspace((unsigned char)*ep))
863 			goto improper;
864 		message = ftp_strdup(cp);
865 
866 				/* Read the rest of the header. */
867 		while (1) {
868 			len = get_line(fin, buf, sizeof(buf), &errormsg);
869 			if (len < 0) {
870 				if (*errormsg == '\n')
871 					errormsg++;
872 				warnx("Receiving HTTP reply: %s", errormsg);
873 				goto cleanup_fetch_url;
874 			}
875 			while (len > 0 && (ISLWS(buf[len-1])))
876 				buf[--len] = '\0';
877 			if (len == 0)
878 				break;
879 			DPRINTF("fetch_url: received `%s'\n", buf);
880 
881 		/*
882 		 * Look for some headers
883 		 */
884 
885 			cp = buf;
886 
887 			if (match_token(&cp, "Content-Length:")) {
888 				filesize = STRTOLL(cp, &ep, 10);
889 				if (filesize < 0 || *ep != '\0')
890 					goto improper;
891 				DPRINTF("fetch_url: parsed len as: " LLF "\n",
892 				    (LLT)filesize);
893 
894 			} else if (match_token(&cp, "Content-Range:")) {
895 				if (! match_token(&cp, "bytes"))
896 					goto improper;
897 
898 				if (*cp == '*')
899 					cp++;
900 				else {
901 					rangestart = STRTOLL(cp, &ep, 10);
902 					if (rangestart < 0 || *ep != '-')
903 						goto improper;
904 					cp = ep + 1;
905 					rangeend = STRTOLL(cp, &ep, 10);
906 					if (rangeend < 0 || rangeend < rangestart)
907 						goto improper;
908 					cp = ep;
909 				}
910 				if (*cp != '/')
911 					goto improper;
912 				cp++;
913 				if (*cp == '*')
914 					cp++;
915 				else {
916 					entitylen = STRTOLL(cp, &ep, 10);
917 					if (entitylen < 0)
918 						goto improper;
919 					cp = ep;
920 				}
921 				if (*cp != '\0')
922 					goto improper;
923 
924 #ifndef NO_DEBUG
925 				if (ftp_debug) {
926 					fprintf(ttyout, "parsed range as: ");
927 					if (rangestart == -1)
928 						fprintf(ttyout, "*");
929 					else
930 						fprintf(ttyout, LLF "-" LLF,
931 						    (LLT)rangestart,
932 						    (LLT)rangeend);
933 					fprintf(ttyout, "/" LLF "\n", (LLT)entitylen);
934 				}
935 #endif
936 				if (! restart_point) {
937 					warnx(
938 				    "Received unexpected Content-Range header");
939 					goto cleanup_fetch_url;
940 				}
941 
942 			} else if (match_token(&cp, "Last-Modified:")) {
943 				struct tm parsed;
944 				char *t;
945 
946 				memset(&parsed, 0, sizeof(parsed));
947 							/* RFC1123 */
948 				if ((t = strptime(cp,
949 						"%a, %d %b %Y %H:%M:%S GMT",
950 						&parsed))
951 							/* RFC0850 */
952 				    || (t = strptime(cp,
953 						"%a, %d-%b-%y %H:%M:%S GMT",
954 						&parsed))
955 							/* asctime */
956 				    || (t = strptime(cp,
957 						"%a, %b %d %H:%M:%S %Y",
958 						&parsed))) {
959 					parsed.tm_isdst = -1;
960 					if (*t == '\0')
961 						mtime = timegm(&parsed);
962 #ifndef NO_DEBUG
963 					if (ftp_debug && mtime != -1) {
964 						fprintf(ttyout,
965 						    "parsed date as: %s",
966 						rfc2822time(localtime(&mtime)));
967 					}
968 #endif
969 				}
970 
971 			} else if (match_token(&cp, "Location:")) {
972 				location = ftp_strdup(cp);
973 				DPRINTF("fetch_url: parsed location as `%s'\n",
974 				    cp);
975 
976 			} else if (match_token(&cp, "Transfer-Encoding:")) {
977 				if (match_token(&cp, "binary")) {
978 					warnx(
979 			"Bogus transfer encoding `binary' (fetching anyway)");
980 					continue;
981 				}
982 				if (! (token = match_token(&cp, "chunked"))) {
983 					warnx(
984 				    "Unsupported transfer encoding `%s'",
985 					    token);
986 					goto cleanup_fetch_url;
987 				}
988 				ischunked++;
989 				DPRINTF("fetch_url: using chunked encoding\n");
990 
991 			} else if (match_token(&cp, "Proxy-Authenticate:")
992 				|| match_token(&cp, "WWW-Authenticate:")) {
993 				if (! (token = match_token(&cp, "Basic"))) {
994 					DPRINTF(
995 			"fetch_url: skipping unknown auth scheme `%s'\n",
996 						    token);
997 					continue;
998 				}
999 				FREEPTR(auth);
1000 				auth = ftp_strdup(token);
1001 				DPRINTF("fetch_url: parsed auth as `%s'\n", cp);
1002 			}
1003 
1004 		}
1005 				/* finished parsing header */
1006 
1007 		switch (hcode) {
1008 		case 200:
1009 			break;
1010 		case 206:
1011 			if (! restart_point) {
1012 				warnx("Not expecting partial content header");
1013 				goto cleanup_fetch_url;
1014 			}
1015 			break;
1016 		case 300:
1017 		case 301:
1018 		case 302:
1019 		case 303:
1020 		case 305:
1021 		case 307:
1022 			if (EMPTYSTRING(location)) {
1023 				warnx(
1024 				"No redirection Location provided by server");
1025 				goto cleanup_fetch_url;
1026 			}
1027 			if (redirect_loop++ > 5) {
1028 				warnx("Too many redirections requested");
1029 				goto cleanup_fetch_url;
1030 			}
1031 			if (hcode == 305) {
1032 				if (verbose)
1033 					fprintf(ttyout, "Redirected via %s\n",
1034 					    location);
1035 				rval = fetch_url(url, location,
1036 				    proxyauth, wwwauth);
1037 			} else {
1038 				if (verbose)
1039 					fprintf(ttyout, "Redirected to %s\n",
1040 					    location);
1041 				rval = go_fetch(location);
1042 			}
1043 			goto cleanup_fetch_url;
1044 #ifndef NO_AUTH
1045 		case 401:
1046 		case 407:
1047 		    {
1048 			char **authp;
1049 			char *auser, *apass;
1050 
1051 			if (hcode == 401) {
1052 				authp = &wwwauth;
1053 				auser = uuser;
1054 				apass = pass;
1055 			} else {
1056 				authp = &proxyauth;
1057 				auser = puser;
1058 				apass = ppass;
1059 			}
1060 			if (verbose || *authp == NULL ||
1061 			    auser == NULL || apass == NULL)
1062 				fprintf(ttyout, "%s\n", message);
1063 			if (EMPTYSTRING(auth)) {
1064 				warnx(
1065 			    "No authentication challenge provided by server");
1066 				goto cleanup_fetch_url;
1067 			}
1068 			if (*authp != NULL) {
1069 				char reply[10];
1070 
1071 				fprintf(ttyout,
1072 				    "Authorization failed. Retry (y/n)? ");
1073 				if (get_line(stdin, reply, sizeof(reply), NULL)
1074 				    < 0) {
1075 					goto cleanup_fetch_url;
1076 				}
1077 				if (tolower((unsigned char)reply[0]) != 'y')
1078 					goto cleanup_fetch_url;
1079 				auser = NULL;
1080 				apass = NULL;
1081 			}
1082 			if (auth_url(auth, authp, auser, apass) == 0) {
1083 				rval = fetch_url(url, proxyenv,
1084 				    proxyauth, wwwauth);
1085 				memset(*authp, 0, strlen(*authp));
1086 				FREEPTR(*authp);
1087 			}
1088 			goto cleanup_fetch_url;
1089 		    }
1090 #endif
1091 		default:
1092 			if (message)
1093 				warnx("Error retrieving file `%s'", message);
1094 			else
1095 				warnx("Unknown error retrieving file");
1096 			goto cleanup_fetch_url;
1097 		}
1098 	}		/* end of ftp:// or http:// specific setup */
1099 
1100 			/* Open the output file. */
1101 	if (strcmp(savefile, "-") == 0) {
1102 		fout = stdout;
1103 	} else if (*savefile == '|') {
1104 		oldintp = xsignal(SIGPIPE, SIG_IGN);
1105 		fout = popen(savefile + 1, "w");
1106 		if (fout == NULL) {
1107 			warn("Can't execute `%s'", savefile + 1);
1108 			goto cleanup_fetch_url;
1109 		}
1110 		closefunc = pclose;
1111 	} else {
1112 		if ((rangeend != -1 && rangeend <= restart_point) ||
1113 		    (rangestart == -1 && filesize != -1 && filesize <= restart_point)) {
1114 			/* already done */
1115 			if (verbose)
1116 				fprintf(ttyout, "already done\n");
1117 			rval = 0;
1118 			goto cleanup_fetch_url;
1119 		}
1120 		if (restart_point && rangestart != -1) {
1121 			if (entitylen != -1)
1122 				filesize = entitylen;
1123 			if (rangestart != restart_point) {
1124 				warnx(
1125 				    "Size of `%s' differs from save file `%s'",
1126 				    url, savefile);
1127 				goto cleanup_fetch_url;
1128 			}
1129 			fout = fopen(savefile, "a");
1130 		} else
1131 			fout = fopen(savefile, "w");
1132 		if (fout == NULL) {
1133 			warn("Can't open `%s'", savefile);
1134 			goto cleanup_fetch_url;
1135 		}
1136 		closefunc = fclose;
1137 	}
1138 
1139 			/* Trap signals */
1140 	if (sigsetjmp(httpabort, 1))
1141 		goto cleanup_fetch_url;
1142 	(void)xsignal(SIGQUIT, psummary);
1143 	oldintr = xsignal(SIGINT, aborthttp);
1144 
1145 	if ((size_t)rcvbuf_size > bufsize) {
1146 		if (xferbuf)
1147 			(void)free(xferbuf);
1148 		bufsize = rcvbuf_size;
1149 		xferbuf = ftp_malloc(bufsize);
1150 	}
1151 
1152 	bytes = 0;
1153 	hashbytes = mark;
1154 	progressmeter(-1);
1155 
1156 			/* Finally, suck down the file. */
1157 	do {
1158 		long chunksize;
1159 		short lastchunk;
1160 
1161 		chunksize = 0;
1162 		lastchunk = 0;
1163 					/* read chunk-size */
1164 		if (ischunked) {
1165 			if (fgets(xferbuf, bufsize, fin) == NULL) {
1166 				warnx("Unexpected EOF reading chunk-size");
1167 				goto cleanup_fetch_url;
1168 			}
1169 			errno = 0;
1170 			chunksize = strtol(xferbuf, &ep, 16);
1171 			if (ep == xferbuf) {
1172 				warnx("Invalid chunk-size");
1173 				goto cleanup_fetch_url;
1174 			}
1175 			if (errno == ERANGE || chunksize < 0) {
1176 				errno = ERANGE;
1177 				warn("Chunk-size `%.*s'",
1178 				    (int)(ep-xferbuf), xferbuf);
1179 				goto cleanup_fetch_url;
1180 			}
1181 
1182 				/*
1183 				 * XXX:	Work around bug in Apache 1.3.9 and
1184 				 *	1.3.11, which incorrectly put trailing
1185 				 *	space after the chunk-size.
1186 				 */
1187 			while (*ep == ' ')
1188 				ep++;
1189 
1190 					/* skip [ chunk-ext ] */
1191 			if (*ep == ';') {
1192 				while (*ep && *ep != '\r')
1193 					ep++;
1194 			}
1195 
1196 			if (strcmp(ep, "\r\n") != 0) {
1197 				warnx("Unexpected data following chunk-size");
1198 				goto cleanup_fetch_url;
1199 			}
1200 			DPRINTF("fetch_url: got chunk-size of " LLF "\n",
1201 			    (LLT)chunksize);
1202 			if (chunksize == 0) {
1203 				lastchunk = 1;
1204 				goto chunkdone;
1205 			}
1206 		}
1207 					/* transfer file or chunk */
1208 		while (1) {
1209 			struct timeval then, now, td;
1210 			off_t bufrem;
1211 
1212 			if (rate_get)
1213 				(void)gettimeofday(&then, NULL);
1214 			bufrem = rate_get ? rate_get : (off_t)bufsize;
1215 			if (ischunked)
1216 				bufrem = MIN(chunksize, bufrem);
1217 			while (bufrem > 0) {
1218 				flen = fread(xferbuf, sizeof(char),
1219 				    MIN((off_t)bufsize, bufrem), fin);
1220 				if (flen <= 0)
1221 					goto chunkdone;
1222 				bytes += flen;
1223 				bufrem -= flen;
1224 				if (fwrite(xferbuf, sizeof(char), flen, fout)
1225 				    != flen) {
1226 					warn("Writing `%s'", savefile);
1227 					goto cleanup_fetch_url;
1228 				}
1229 				if (hash && !progress) {
1230 					while (bytes >= hashbytes) {
1231 						(void)putc('#', ttyout);
1232 						hashbytes += mark;
1233 					}
1234 					(void)fflush(ttyout);
1235 				}
1236 				if (ischunked) {
1237 					chunksize -= flen;
1238 					if (chunksize <= 0)
1239 						break;
1240 				}
1241 			}
1242 			if (rate_get) {
1243 				while (1) {
1244 					(void)gettimeofday(&now, NULL);
1245 					timersub(&now, &then, &td);
1246 					if (td.tv_sec > 0)
1247 						break;
1248 					usleep(1000000 - td.tv_usec);
1249 				}
1250 			}
1251 			if (ischunked && chunksize <= 0)
1252 				break;
1253 		}
1254 					/* read CRLF after chunk*/
1255  chunkdone:
1256 		if (ischunked) {
1257 			if (fgets(xferbuf, bufsize, fin) == NULL) {
1258 				warnx("Unexpected EOF reading chunk CRLF");
1259 				goto cleanup_fetch_url;
1260 			}
1261 			if (strcmp(xferbuf, "\r\n") != 0) {
1262 				warnx("Unexpected data following chunk");
1263 				goto cleanup_fetch_url;
1264 			}
1265 			if (lastchunk)
1266 				break;
1267 		}
1268 	} while (ischunked);
1269 
1270 /* XXX: deal with optional trailer & CRLF here? */
1271 
1272 	if (hash && !progress && bytes > 0) {
1273 		if (bytes < mark)
1274 			(void)putc('#', ttyout);
1275 		(void)putc('\n', ttyout);
1276 	}
1277 	if (ferror(fin)) {
1278 		warn("Reading file");
1279 		goto cleanup_fetch_url;
1280 	}
1281 	progressmeter(1);
1282 	(void)fflush(fout);
1283 	if (closefunc == fclose && mtime != -1) {
1284 		struct timeval tval[2];
1285 
1286 		(void)gettimeofday(&tval[0], NULL);
1287 		tval[1].tv_sec = mtime;
1288 		tval[1].tv_usec = 0;
1289 		(*closefunc)(fout);
1290 		fout = NULL;
1291 
1292 		if (utimes(savefile, tval) == -1) {
1293 			fprintf(ttyout,
1294 			    "Can't change modification time to %s",
1295 			    rfc2822time(localtime(&mtime)));
1296 		}
1297 	}
1298 	if (bytes > 0)
1299 		ptransfer(0);
1300 	bytes = 0;
1301 
1302 	rval = 0;
1303 	goto cleanup_fetch_url;
1304 
1305  improper:
1306 	warnx("Improper response from `%s:%s'", host, port);
1307 
1308  cleanup_fetch_url:
1309 	if (oldintr)
1310 		(void)xsignal(SIGINT, oldintr);
1311 	if (oldintp)
1312 		(void)xsignal(SIGPIPE, oldintp);
1313 	if (fin != NULL)
1314 		fclose(fin);
1315 	else if (s != -1)
1316 		close(s);
1317 	if (closefunc != NULL && fout != NULL)
1318 		(*closefunc)(fout);
1319 	if (res0)
1320 		freeaddrinfo(res0);
1321 	FREEPTR(savefile);
1322 	FREEPTR(uuser);
1323 	if (pass != NULL)
1324 		memset(pass, 0, strlen(pass));
1325 	FREEPTR(pass);
1326 	FREEPTR(host);
1327 	FREEPTR(port);
1328 	FREEPTR(path);
1329 	FREEPTR(decodedpath);
1330 	FREEPTR(puser);
1331 	if (ppass != NULL)
1332 		memset(ppass, 0, strlen(ppass));
1333 	FREEPTR(ppass);
1334 	FREEPTR(auth);
1335 	FREEPTR(location);
1336 	FREEPTR(message);
1337 	return (rval);
1338 }
1339 
1340 /*
1341  * Abort a HTTP retrieval
1342  */
1343 void
1344 aborthttp(int notused)
1345 {
1346 	char msgbuf[100];
1347 	size_t len;
1348 
1349 	sigint_raised = 1;
1350 	alarmtimer(0);
1351 	len = strlcpy(msgbuf, "\nHTTP fetch aborted.\n", sizeof(msgbuf));
1352 	write(fileno(ttyout), msgbuf, len);
1353 	siglongjmp(httpabort, 1);
1354 }
1355 
1356 /*
1357  * Retrieve ftp URL or classic ftp argument using FTP.
1358  * Returns 1 on failure, 0 on completed xfer, -1 if ftp connection
1359  * is still open (e.g, ftp xfer with trailing /)
1360  */
1361 static int
1362 fetch_ftp(const char *url)
1363 {
1364 	char		*cp, *xargv[5], rempath[MAXPATHLEN];
1365 	char		*host, *path, *dir, *file, *uuser, *pass;
1366 	char		*port;
1367 	char		 cmdbuf[MAXPATHLEN];
1368 	char		 dirbuf[4];
1369 	int		 dirhasglob, filehasglob, rval, transtype, xargc;
1370 	int		 oanonftp, oautologin;
1371 	in_port_t	 portnum;
1372 	url_t		 urltype;
1373 
1374 	DPRINTF("fetch_ftp: `%s'\n", url);
1375 	host = path = dir = file = uuser = pass = NULL;
1376 	port = NULL;
1377 	rval = 1;
1378 	transtype = TYPE_I;
1379 
1380 	if (STRNEQUAL(url, FTP_URL)) {
1381 		if ((parse_url(url, "URL", &urltype, &uuser, &pass,
1382 		    &host, &port, &portnum, &path) == -1) ||
1383 		    (uuser != NULL && *uuser == '\0') ||
1384 		    EMPTYSTRING(host)) {
1385 			warnx("Invalid URL `%s'", url);
1386 			goto cleanup_fetch_ftp;
1387 		}
1388 		/*
1389 		 * Note: Don't url_decode(path) here.  We need to keep the
1390 		 * distinction between "/" and "%2F" until later.
1391 		 */
1392 
1393 					/* check for trailing ';type=[aid]' */
1394 		if (! EMPTYSTRING(path) && (cp = strrchr(path, ';')) != NULL) {
1395 			if (strcasecmp(cp, ";type=a") == 0)
1396 				transtype = TYPE_A;
1397 			else if (strcasecmp(cp, ";type=i") == 0)
1398 				transtype = TYPE_I;
1399 			else if (strcasecmp(cp, ";type=d") == 0) {
1400 				warnx(
1401 			    "Directory listing via a URL is not supported");
1402 				goto cleanup_fetch_ftp;
1403 			} else {
1404 				warnx("Invalid suffix `%s' in URL `%s'", cp,
1405 				    url);
1406 				goto cleanup_fetch_ftp;
1407 			}
1408 			*cp = 0;
1409 		}
1410 	} else {			/* classic style `[user@]host:[file]' */
1411 		urltype = CLASSIC_URL_T;
1412 		host = ftp_strdup(url);
1413 		cp = strchr(host, '@');
1414 		if (cp != NULL) {
1415 			*cp = '\0';
1416 			uuser = host;
1417 			anonftp = 0;	/* disable anonftp */
1418 			host = ftp_strdup(cp + 1);
1419 		}
1420 		cp = strchr(host, ':');
1421 		if (cp != NULL) {
1422 			*cp = '\0';
1423 			path = ftp_strdup(cp + 1);
1424 		}
1425 	}
1426 	if (EMPTYSTRING(host))
1427 		goto cleanup_fetch_ftp;
1428 
1429 			/* Extract the file and (if present) directory name. */
1430 	dir = path;
1431 	if (! EMPTYSTRING(dir)) {
1432 		/*
1433 		 * If we are dealing with classic `[user@]host:[path]' syntax,
1434 		 * then a path of the form `/file' (resulting from input of the
1435 		 * form `host:/file') means that we should do "CWD /" before
1436 		 * retrieving the file.  So we set dir="/" and file="file".
1437 		 *
1438 		 * But if we are dealing with URLs like `ftp://host/path' then
1439 		 * a path of the form `/file' (resulting from a URL of the form
1440 		 * `ftp://host//file') means that we should do `CWD ' (with an
1441 		 * empty argument) before retrieving the file.  So we set
1442 		 * dir="" and file="file".
1443 		 *
1444 		 * If the path does not contain / at all, we set dir=NULL.
1445 		 * (We get a path without any slashes if we are dealing with
1446 		 * classic `[user@]host:[file]' or URL `ftp://host/file'.)
1447 		 *
1448 		 * In all other cases, we set dir to a string that does not
1449 		 * include the final '/' that separates the dir part from the
1450 		 * file part of the path.  (This will be the empty string if
1451 		 * and only if we are dealing with a path of the form `/file'
1452 		 * resulting from an URL of the form `ftp://host//file'.)
1453 		 */
1454 		cp = strrchr(dir, '/');
1455 		if (cp == dir && urltype == CLASSIC_URL_T) {
1456 			file = cp + 1;
1457 			(void)strlcpy(dirbuf, "/", sizeof(dirbuf));
1458 			dir = dirbuf;
1459 		} else if (cp != NULL) {
1460 			*cp++ = '\0';
1461 			file = cp;
1462 		} else {
1463 			file = dir;
1464 			dir = NULL;
1465 		}
1466 	} else
1467 		dir = NULL;
1468 	if (urltype == FTP_URL_T && file != NULL) {
1469 		url_decode(file);
1470 		/* but still don't url_decode(dir) */
1471 	}
1472 	DPRINTF("fetch_ftp: user `%s' pass `%s' host %s port %s "
1473 	    "path `%s' dir `%s' file `%s'\n",
1474 	    STRorNULL(uuser), STRorNULL(pass),
1475 	    STRorNULL(host), STRorNULL(port),
1476 	    STRorNULL(path), STRorNULL(dir), STRorNULL(file));
1477 
1478 	dirhasglob = filehasglob = 0;
1479 	if (doglob && urltype == CLASSIC_URL_T) {
1480 		if (! EMPTYSTRING(dir) && strpbrk(dir, "*?[]{}") != NULL)
1481 			dirhasglob = 1;
1482 		if (! EMPTYSTRING(file) && strpbrk(file, "*?[]{}") != NULL)
1483 			filehasglob = 1;
1484 	}
1485 
1486 			/* Set up the connection */
1487 	oanonftp = anonftp;
1488 	if (connected)
1489 		disconnect(0, NULL);
1490 	anonftp = oanonftp;
1491 	(void)strlcpy(cmdbuf, getprogname(), sizeof(cmdbuf));
1492 	xargv[0] = cmdbuf;
1493 	xargv[1] = host;
1494 	xargv[2] = NULL;
1495 	xargc = 2;
1496 	if (port) {
1497 		xargv[2] = port;
1498 		xargv[3] = NULL;
1499 		xargc = 3;
1500 	}
1501 	oautologin = autologin;
1502 		/* don't autologin in setpeer(), use ftp_login() below */
1503 	autologin = 0;
1504 	setpeer(xargc, xargv);
1505 	autologin = oautologin;
1506 	if ((connected == 0) ||
1507 	    (connected == 1 && !ftp_login(host, uuser, pass))) {
1508 		warnx("Can't connect or login to host `%s:%s'",
1509 			host, port ? port : "?");
1510 		goto cleanup_fetch_ftp;
1511 	}
1512 
1513 	switch (transtype) {
1514 	case TYPE_A:
1515 		setascii(1, xargv);
1516 		break;
1517 	case TYPE_I:
1518 		setbinary(1, xargv);
1519 		break;
1520 	default:
1521 		errx(1, "fetch_ftp: unknown transfer type %d", transtype);
1522 	}
1523 
1524 		/*
1525 		 * Change directories, if necessary.
1526 		 *
1527 		 * Note: don't use EMPTYSTRING(dir) below, because
1528 		 * dir=="" means something different from dir==NULL.
1529 		 */
1530 	if (dir != NULL && !dirhasglob) {
1531 		char *nextpart;
1532 
1533 		/*
1534 		 * If we are dealing with a classic `[user@]host:[path]'
1535 		 * (urltype is CLASSIC_URL_T) then we have a raw directory
1536 		 * name (not encoded in any way) and we can change
1537 		 * directories in one step.
1538 		 *
1539 		 * If we are dealing with an `ftp://host/path' URL
1540 		 * (urltype is FTP_URL_T), then RFC3986 says we need to
1541 		 * send a separate CWD command for each unescaped "/"
1542 		 * in the path, and we have to interpret %hex escaping
1543 		 * *after* we find the slashes.  It's possible to get
1544 		 * empty components here, (from multiple adjacent
1545 		 * slashes in the path) and RFC3986 says that we should
1546 		 * still do `CWD ' (with a null argument) in such cases.
1547 		 *
1548 		 * Many ftp servers don't support `CWD ', so if there's an
1549 		 * error performing that command, bail out with a descriptive
1550 		 * message.
1551 		 *
1552 		 * Examples:
1553 		 *
1554 		 * host:			dir="", urltype=CLASSIC_URL_T
1555 		 *		logged in (to default directory)
1556 		 * host:file			dir=NULL, urltype=CLASSIC_URL_T
1557 		 *		"RETR file"
1558 		 * host:dir/			dir="dir", urltype=CLASSIC_URL_T
1559 		 *		"CWD dir", logged in
1560 		 * ftp://host/			dir="", urltype=FTP_URL_T
1561 		 *		logged in (to default directory)
1562 		 * ftp://host/dir/		dir="dir", urltype=FTP_URL_T
1563 		 *		"CWD dir", logged in
1564 		 * ftp://host/file		dir=NULL, urltype=FTP_URL_T
1565 		 *		"RETR file"
1566 		 * ftp://host//file		dir="", urltype=FTP_URL_T
1567 		 *		"CWD ", "RETR file"
1568 		 * host:/file			dir="/", urltype=CLASSIC_URL_T
1569 		 *		"CWD /", "RETR file"
1570 		 * ftp://host///file		dir="/", urltype=FTP_URL_T
1571 		 *		"CWD ", "CWD ", "RETR file"
1572 		 * ftp://host/%2F/file		dir="%2F", urltype=FTP_URL_T
1573 		 *		"CWD /", "RETR file"
1574 		 * ftp://host/foo/file		dir="foo", urltype=FTP_URL_T
1575 		 *		"CWD foo", "RETR file"
1576 		 * ftp://host/foo/bar/file	dir="foo/bar"
1577 		 *		"CWD foo", "CWD bar", "RETR file"
1578 		 * ftp://host//foo/bar/file	dir="/foo/bar"
1579 		 *		"CWD ", "CWD foo", "CWD bar", "RETR file"
1580 		 * ftp://host/foo//bar/file	dir="foo//bar"
1581 		 *		"CWD foo", "CWD ", "CWD bar", "RETR file"
1582 		 * ftp://host/%2F/foo/bar/file	dir="%2F/foo/bar"
1583 		 *		"CWD /", "CWD foo", "CWD bar", "RETR file"
1584 		 * ftp://host/%2Ffoo/bar/file	dir="%2Ffoo/bar"
1585 		 *		"CWD /foo", "CWD bar", "RETR file"
1586 		 * ftp://host/%2Ffoo%2Fbar/file	dir="%2Ffoo%2Fbar"
1587 		 *		"CWD /foo/bar", "RETR file"
1588 		 * ftp://host/%2Ffoo%2Fbar%2Ffile	dir=NULL
1589 		 *		"RETR /foo/bar/file"
1590 		 *
1591 		 * Note that we don't need `dir' after this point.
1592 		 */
1593 		do {
1594 			if (urltype == FTP_URL_T) {
1595 				nextpart = strchr(dir, '/');
1596 				if (nextpart) {
1597 					*nextpart = '\0';
1598 					nextpart++;
1599 				}
1600 				url_decode(dir);
1601 			} else
1602 				nextpart = NULL;
1603 			DPRINTF("fetch_ftp: dir `%s', nextpart `%s'\n",
1604 			    STRorNULL(dir), STRorNULL(nextpart));
1605 			if (urltype == FTP_URL_T || *dir != '\0') {
1606 				(void)strlcpy(cmdbuf, "cd", sizeof(cmdbuf));
1607 				xargv[0] = cmdbuf;
1608 				xargv[1] = dir;
1609 				xargv[2] = NULL;
1610 				dirchange = 0;
1611 				cd(2, xargv);
1612 				if (! dirchange) {
1613 					if (*dir == '\0' && code == 500)
1614 						fprintf(stderr,
1615 "\n"
1616 "ftp: The `CWD ' command (without a directory), which is required by\n"
1617 "     RFC3986 to support the empty directory in the URL pathname (`//'),\n"
1618 "     conflicts with the server's conformance to RFC0959.\n"
1619 "     Try the same URL without the `//' in the URL pathname.\n"
1620 "\n");
1621 					goto cleanup_fetch_ftp;
1622 				}
1623 			}
1624 			dir = nextpart;
1625 		} while (dir != NULL);
1626 	}
1627 
1628 	if (EMPTYSTRING(file)) {
1629 		rval = -1;
1630 		goto cleanup_fetch_ftp;
1631 	}
1632 
1633 	if (dirhasglob) {
1634 		(void)strlcpy(rempath, dir,	sizeof(rempath));
1635 		(void)strlcat(rempath, "/",	sizeof(rempath));
1636 		(void)strlcat(rempath, file,	sizeof(rempath));
1637 		file = rempath;
1638 	}
1639 
1640 			/* Fetch the file(s). */
1641 	xargc = 2;
1642 	(void)strlcpy(cmdbuf, "get", sizeof(cmdbuf));
1643 	xargv[0] = cmdbuf;
1644 	xargv[1] = file;
1645 	xargv[2] = NULL;
1646 	if (dirhasglob || filehasglob) {
1647 		int ointeractive;
1648 
1649 		ointeractive = interactive;
1650 		interactive = 0;
1651 		if (restartautofetch)
1652 			(void)strlcpy(cmdbuf, "mreget", sizeof(cmdbuf));
1653 		else
1654 			(void)strlcpy(cmdbuf, "mget", sizeof(cmdbuf));
1655 		xargv[0] = cmdbuf;
1656 		mget(xargc, xargv);
1657 		interactive = ointeractive;
1658 	} else {
1659 		if (outfile == NULL) {
1660 			cp = strrchr(file, '/');	/* find savefile */
1661 			if (cp != NULL)
1662 				outfile = cp + 1;
1663 			else
1664 				outfile = file;
1665 		}
1666 		xargv[2] = (char *)outfile;
1667 		xargv[3] = NULL;
1668 		xargc++;
1669 		if (restartautofetch)
1670 			reget(xargc, xargv);
1671 		else
1672 			get(xargc, xargv);
1673 	}
1674 
1675 	if ((code / 100) == COMPLETE)
1676 		rval = 0;
1677 
1678  cleanup_fetch_ftp:
1679 	FREEPTR(port);
1680 	FREEPTR(host);
1681 	FREEPTR(path);
1682 	FREEPTR(uuser);
1683 	if (pass)
1684 		memset(pass, 0, strlen(pass));
1685 	FREEPTR(pass);
1686 	return (rval);
1687 }
1688 
1689 /*
1690  * Retrieve the given file to outfile.
1691  * Supports arguments of the form:
1692  *	"host:path", "ftp://host/path"	if $ftpproxy, call fetch_url() else
1693  *					call fetch_ftp()
1694  *	"http://host/path"		call fetch_url() to use HTTP
1695  *	"file:///path"			call fetch_url() to copy
1696  *	"about:..."			print a message
1697  *
1698  * Returns 1 on failure, 0 on completed xfer, -1 if ftp connection
1699  * is still open (e.g, ftp xfer with trailing /)
1700  */
1701 static int
1702 go_fetch(const char *url)
1703 {
1704 	char *proxyenv;
1705 
1706 #ifndef NO_ABOUT
1707 	/*
1708 	 * Check for about:*
1709 	 */
1710 	if (STRNEQUAL(url, ABOUT_URL)) {
1711 		url += sizeof(ABOUT_URL) -1;
1712 		if (strcasecmp(url, "ftp") == 0 ||
1713 		    strcasecmp(url, "tnftp") == 0) {
1714 			fputs(
1715 "This version of ftp has been enhanced by Luke Mewburn <lukem@NetBSD.org>\n"
1716 "for the NetBSD project.  Execute `man ftp' for more details.\n", ttyout);
1717 		} else if (strcasecmp(url, "lukem") == 0) {
1718 			fputs(
1719 "Luke Mewburn is the author of most of the enhancements in this ftp client.\n"
1720 "Please email feedback to <lukem@NetBSD.org>.\n", ttyout);
1721 		} else if (strcasecmp(url, "netbsd") == 0) {
1722 			fputs(
1723 "NetBSD is a freely available and redistributable UNIX-like operating system.\n"
1724 "For more information, see http://www.NetBSD.org/\n", ttyout);
1725 		} else if (strcasecmp(url, "version") == 0) {
1726 			fprintf(ttyout, "Version: %s %s%s\n",
1727 			    FTP_PRODUCT, FTP_VERSION,
1728 #ifdef INET6
1729 			    ""
1730 #else
1731 			    " (-IPv6)"
1732 #endif
1733 			);
1734 		} else {
1735 			fprintf(ttyout, "`%s' is an interesting topic.\n", url);
1736 		}
1737 		fputs("\n", ttyout);
1738 		return (0);
1739 	}
1740 #endif
1741 
1742 	/*
1743 	 * Check for file:// and http:// URLs.
1744 	 */
1745 	if (STRNEQUAL(url, HTTP_URL) || STRNEQUAL(url, FILE_URL))
1746 		return (fetch_url(url, NULL, NULL, NULL));
1747 
1748 	/*
1749 	 * Try FTP URL-style and host:file arguments next.
1750 	 * If ftpproxy is set with an FTP URL, use fetch_url()
1751 	 * Othewise, use fetch_ftp().
1752 	 */
1753 	proxyenv = getoptionvalue("ftp_proxy");
1754 	if (!EMPTYSTRING(proxyenv) && STRNEQUAL(url, FTP_URL))
1755 		return (fetch_url(url, NULL, NULL, NULL));
1756 
1757 	return (fetch_ftp(url));
1758 }
1759 
1760 /*
1761  * Retrieve multiple files from the command line,
1762  * calling go_fetch() for each file.
1763  *
1764  * If an ftp path has a trailing "/", the path will be cd-ed into and
1765  * the connection remains open, and the function will return -1
1766  * (to indicate the connection is alive).
1767  * If an error occurs the return value will be the offset+1 in
1768  * argv[] of the file that caused a problem (i.e, argv[x]
1769  * returns x+1)
1770  * Otherwise, 0 is returned if all files retrieved successfully.
1771  */
1772 int
1773 auto_fetch(int argc, char *argv[])
1774 {
1775 	volatile int	argpos, rval;
1776 
1777 	argpos = rval = 0;
1778 
1779 	if (sigsetjmp(toplevel, 1)) {
1780 		if (connected)
1781 			disconnect(0, NULL);
1782 		if (rval > 0)
1783 			rval = argpos + 1;
1784 		return (rval);
1785 	}
1786 	(void)xsignal(SIGINT, intr);
1787 	(void)xsignal(SIGPIPE, lostpeer);
1788 
1789 	/*
1790 	 * Loop through as long as there's files to fetch.
1791 	 */
1792 	for (; (rval == 0) && (argpos < argc); argpos++) {
1793 		if (strchr(argv[argpos], ':') == NULL)
1794 			break;
1795 		redirect_loop = 0;
1796 		if (!anonftp)
1797 			anonftp = 2;	/* Handle "automatic" transfers. */
1798 		rval = go_fetch(argv[argpos]);
1799 		if (outfile != NULL && strcmp(outfile, "-") != 0
1800 		    && outfile[0] != '|')
1801 			outfile = NULL;
1802 		if (rval > 0)
1803 			rval = argpos + 1;
1804 	}
1805 
1806 	if (connected && rval != -1)
1807 		disconnect(0, NULL);
1808 	return (rval);
1809 }
1810 
1811 
1812 /*
1813  * Upload multiple files from the command line.
1814  *
1815  * If an error occurs the return value will be the offset+1 in
1816  * argv[] of the file that caused a problem (i.e, argv[x]
1817  * returns x+1)
1818  * Otherwise, 0 is returned if all files uploaded successfully.
1819  */
1820 int
1821 auto_put(int argc, char **argv, const char *uploadserver)
1822 {
1823 	char	*uargv[4], *path, *pathsep;
1824 	int	 uargc, rval, argpos;
1825 	size_t	 len;
1826 	char	 cmdbuf[MAX_C_NAME];
1827 
1828 	(void)strlcpy(cmdbuf, "mput", sizeof(cmdbuf));
1829 	uargv[0] = cmdbuf;
1830 	uargv[1] = argv[0];
1831 	uargc = 2;
1832 	uargv[2] = uargv[3] = NULL;
1833 	pathsep = NULL;
1834 	rval = 1;
1835 
1836 	DPRINTF("auto_put: target `%s'\n", uploadserver);
1837 
1838 	path = ftp_strdup(uploadserver);
1839 	len = strlen(path);
1840 	if (path[len - 1] != '/' && path[len - 1] != ':') {
1841 			/*
1842 			 * make sure we always pass a directory to auto_fetch
1843 			 */
1844 		if (argc > 1) {		/* more than one file to upload */
1845 			len = strlen(uploadserver) + 2;	/* path + "/" + "\0" */
1846 			free(path);
1847 			path = (char *)ftp_malloc(len);
1848 			(void)strlcpy(path, uploadserver, len);
1849 			(void)strlcat(path, "/", len);
1850 		} else {		/* single file to upload */
1851 			(void)strlcpy(cmdbuf, "put", sizeof(cmdbuf));
1852 			uargv[0] = cmdbuf;
1853 			pathsep = strrchr(path, '/');
1854 			if (pathsep == NULL) {
1855 				pathsep = strrchr(path, ':');
1856 				if (pathsep == NULL) {
1857 					warnx("Invalid URL `%s'", path);
1858 					goto cleanup_auto_put;
1859 				}
1860 				pathsep++;
1861 				uargv[2] = ftp_strdup(pathsep);
1862 				pathsep[0] = '/';
1863 			} else
1864 				uargv[2] = ftp_strdup(pathsep + 1);
1865 			pathsep[1] = '\0';
1866 			uargc++;
1867 		}
1868 	}
1869 	DPRINTF("auto_put: URL `%s' argv[2] `%s'\n",
1870 	    path, STRorNULL(uargv[2]));
1871 
1872 			/* connect and cwd */
1873 	rval = auto_fetch(1, &path);
1874 	if(rval >= 0)
1875 		goto cleanup_auto_put;
1876 
1877 	rval = 0;
1878 
1879 			/* target filename provided; upload 1 file */
1880 			/* XXX : is this the best way? */
1881 	if (uargc == 3) {
1882 		uargv[1] = argv[0];
1883 		put(uargc, uargv);
1884 		if ((code / 100) != COMPLETE)
1885 			rval = 1;
1886 	} else {	/* otherwise a target dir: upload all files to it */
1887 		for(argpos = 0; argv[argpos] != NULL; argpos++) {
1888 			uargv[1] = argv[argpos];
1889 			mput(uargc, uargv);
1890 			if ((code / 100) != COMPLETE) {
1891 				rval = argpos + 1;
1892 				break;
1893 			}
1894 		}
1895 	}
1896 
1897  cleanup_auto_put:
1898 	free(path);
1899 	FREEPTR(uargv[2]);
1900 	return (rval);
1901 }
1902