// rechercher cookie à partir de la position s (par exemple s=cookie.data) // renvoie pointeur sur ligne, ou NULL si introuvable // path est aligné à droite et cook_name peut être vide (chercher alors tout cookie) // .doubleclick.net TRUE / FALSE 1999999999 id A char *cookie_find(char *s, char *cook_name, char *domain, char *path) { char buffer[8192]; char *a = s; while(*a) { int t; if (strnotempty(cook_name) == 0) t = 1; // accepter par défaut else t = (strcmp(cookie_get(buffer, a, 5), cook_name) == 0); // tester si même nom if (t) { // même nom ou nom qualconque // char *chk_dom = cookie_get(buffer, a, 0); // domaine concerné par le cookie if (((int) strlen(chk_dom) <= (int) strlen(domain) && strcmp(chk_dom, domain + strlen(domain) - strlen(chk_dom)) == 0) || !cookie_cmp_wildcard_domain(chk_dom, domain)) { // même domaine // char *chk_path = cookie_get(buffer, a, 2); // chemin concerné par le cookie if ((int) strlen(chk_path) <= (int) strlen(path)) { if (strncmp(path, chk_path, strlen(chk_path)) == 0) { // même chemin return a; } } } } a = cookie_nextfield(a); } return NULL; }
static void exec_asp( connection* conn ) { char key[20]; key[16] = '\0'; cookie_get( conn, "SESSIONKEY", key, 16 ); conn->session = session_get( conn->client, key ); if( !conn->session ){ conn->code = 500; }else{ if( !(*key) || strcmp( conn->session->key, key ) != 0 ) cookie_set( conn, "SESSIONKEY", "/", -1, conn->session->key ); NEW( conn->data_send, MAX_DATASEND+4 ); conn->data_size = 0; if( vdir_exec( conn->server, conn->current_dir, conn ) < 0 ){ conn->code = 404; } if( !conn->data_size ) conn->data_size = strlen( conn->data_send ); } }
// gestion des cookie // ajoute, dans l'ordre // !=0 : erreur int cookie_add(t_cookie * cookie, char *cook_name, char *cook_value, char *domain, char *path) { char buffer[8192]; char *a = cookie->data; char *insert; char cook[16384]; // effacer éventuel cookie en double cookie_del(cookie, cook_name, domain, path); if ((int) strlen(cook_value) > 1024) return -1; // trop long if ((int) strlen(cook_name) > 256) return -1; // trop long if ((int) strlen(domain) > 256) return -1; // trop long if ((int) strlen(path) > 256) return -1; // trop long if ((int) (strlen(cookie->data) + strlen(cook_value) + strlen(cook_name) + strlen(domain) + strlen(path) + 256) > cookie->max_len) return -1; // impossible d'ajouter insert = a; // insérer ici while(*a) { if (strlen(cookie_get(buffer, a, 2)) < strlen(path)) // long. path (le + long est prioritaire) a = cookie->data + strlen(cookie->data); // fin else { a = strchr(a, '\n'); // prochain champ if (a == NULL) a = cookie->data + strlen(cookie->data); // fin else a++; while(*a == '\n') a++; insert = a; // insérer ici } } // construction du cookie strcpybuff(cook, domain); strcatbuff(cook, "\t"); strcatbuff(cook, "TRUE"); strcatbuff(cook, "\t"); strcatbuff(cook, path); strcatbuff(cook, "\t"); strcatbuff(cook, "FALSE"); strcatbuff(cook, "\t"); strcatbuff(cook, "1999999999"); strcatbuff(cook, "\t"); strcatbuff(cook, cook_name); strcatbuff(cook, "\t"); strcatbuff(cook, cook_value); strcatbuff(cook, "\n"); if (!(((int) strlen(cookie->data) + (int) strlen(cook)) < cookie->max_len)) return -1; // impossible d'ajouter cookie_insert(insert, cook); #if DEBUG_COOK printf("add_new cookie: name=\"%s\" value=\"%s\" domain=\"%s\" path=\"%s\"\n", cook_name, cook_value, domain, path); //printf(">>>cook: %s<<<\n",cookie->data); #endif return 0; }
// lire cookies.txt // lire également (Windows seulement) les *@*.txt (cookies IE copiés) // !=0 : erreur int cookie_load(t_cookie * cookie, const char *fpath, const char *name) { char catbuff[CATBUFF_SIZE]; char buffer[8192]; // cookie->data[0]='\0'; // Fusionner d'abord les éventuels cookies IE #ifdef _WIN32 { WIN32_FIND_DATAA find; HANDLE h; char pth[MAX_PATH + 32]; strcpybuff(pth, fpath); strcatbuff(pth, "*@*.txt"); h = FindFirstFileA((char *) pth, &find); if (h != INVALID_HANDLE_VALUE) { do { if (!(find.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)) if (!(find.dwFileAttributes & FILE_ATTRIBUTE_SYSTEM)) { FILE *fp = fopen(fconcat(catbuff, fpath, find.cFileName), "rb"); if (fp) { char cook_name[256]; char cook_value[1000]; char domainpathpath[512]; char dummy[512]; // char domain[256]; // domaine cookie (.netscape.com) char path[256]; // chemin (/) int cookie_merged = 0; // // Read all cookies while(!feof(fp)) { cook_name[0] = cook_value[0] = domainpathpath[0] = dummy[0] = domain[0] = path[0] = '\0'; linput(fp, cook_name, 250); if (!feof(fp)) { linput(fp, cook_value, 250); if (!feof(fp)) { int i; linput(fp, domainpathpath, 500); /* Read 6 other useless values */ for(i = 0; !feof(fp) && i < 6; i++) { linput(fp, dummy, 500); } if (strnotempty(cook_name) && strnotempty(cook_value) && strnotempty(domainpathpath)) { if (ident_url_absolute(domainpathpath, domain, path) >= 0) { cookie_add(cookie, cook_name, cook_value, domain, path); cookie_merged = 1; } } } } } fclose(fp); if (cookie_merged) remove(fconcat(catbuff, fpath, find.cFileName)); } // if fp } } while(FindNextFileA(h, &find)); FindClose(h); } } #endif // Ensuite, cookies.txt { FILE *fp = fopen(fconcat(catbuff, fpath, name), "rb"); if (fp) { char BIGSTK line[8192]; while((!feof(fp)) && (((int) strlen(cookie->data)) < cookie->max_len)) { rawlinput(fp, line, 8100); if (strnotempty(line)) { if (strlen(line) < 8000) { if (line[0] != '#') { char domain[256]; // domaine cookie (.netscape.com) char path[256]; // chemin (/) char cook_name[1024]; // nom cookie (MYCOOK) char BIGSTK cook_value[8192]; // valeur (ID=toto,S=1234) strcpybuff(domain, cookie_get(buffer, line, 0)); // host strcpybuff(path, cookie_get(buffer, line, 2)); // path strcpybuff(cook_name, cookie_get(buffer, line, 5)); // name strcpybuff(cook_value, cookie_get(buffer, line, 6)); // value #if DEBUG_COOK printf("%s\n", line); #endif cookie_add(cookie, cook_name, cook_value, domain, path); } } } } fclose(fp); return 0; } } return -1; }
/* * Retrieve URL, via the proxy in $proxyvar if necessary. * Modifies the string argument given. * Returns -1 on failure, 0 on success */ static int url_get(const char *origline, const char *proxyenv, const char *outfile) { char pbuf[NI_MAXSERV], hbuf[NI_MAXHOST], *cp, *portnum, *path, ststr[4]; char *hosttail, *cause = "unknown", *newline, *host, *port, *buf = NULL; int error, i, isftpurl = 0, isfileurl = 0, isredirect = 0, rval = -1; struct addrinfo hints, *res0, *res; const char * volatile savefile; char * volatile proxyurl = NULL; char *cookie = NULL; volatile int s = -1, out; volatile sig_t oldintr; FILE *fin = NULL; off_t hashbytes; const char *errstr; size_t len, wlen; #ifndef SMALL char *sslpath = NULL, *sslhost = NULL; int ishttpsurl = 0; SSL_CTX *ssl_ctx = NULL; #endif /* !SMALL */ SSL *ssl = NULL; int status; newline = strdup(origline); if (newline == NULL) errx(1, "Can't allocate memory to parse URL"); if (strncasecmp(newline, HTTP_URL, sizeof(HTTP_URL) - 1) == 0) host = newline + sizeof(HTTP_URL) - 1; else if (strncasecmp(newline, FTP_URL, sizeof(FTP_URL) - 1) == 0) { host = newline + sizeof(FTP_URL) - 1; isftpurl = 1; } else if (strncasecmp(newline, FILE_URL, sizeof(FILE_URL) - 1) == 0) { host = newline + sizeof(FILE_URL) - 1; isfileurl = 1; #ifndef SMALL } else if (strncasecmp(newline, HTTPS_URL, sizeof(HTTPS_URL) - 1) == 0) { host = newline + sizeof(HTTPS_URL) - 1; ishttpsurl = 1; #endif /* !SMALL */ } else errx(1, "url_get: Invalid URL '%s'", newline); if (isfileurl) { path = host; } else { path = strchr(host, '/'); /* find path */ if (EMPTYSTRING(path)) { if (isftpurl) goto noftpautologin; warnx("Invalid URL (no `/' after host): %s", origline); goto cleanup_url_get; } *path++ = '\0'; if (EMPTYSTRING(path)) { if (isftpurl) goto noftpautologin; warnx("Invalid URL (no file after host): %s", origline); goto cleanup_url_get; } } if (outfile) savefile = outfile; else savefile = basename(path); #ifndef SMALL if (resume && (strcmp(savefile, "-") == 0)) { warnx("can't append to stdout"); goto cleanup_url_get; } #endif /* !SMALL */ if (EMPTYSTRING(savefile)) { if (isftpurl) goto noftpautologin; warnx("Invalid URL (no file after directory): %s", origline); goto cleanup_url_get; } if (!isfileurl && proxyenv != NULL) { /* use proxy */ #ifndef SMALL if (ishttpsurl) { sslpath = strdup(path); sslhost = strdup(host); if (! sslpath || ! sslhost) errx(1, "Can't allocate memory for https path/host."); } #endif /* !SMALL */ proxyurl = strdup(proxyenv); if (proxyurl == NULL) errx(1, "Can't allocate memory for proxy URL."); if (strncasecmp(proxyurl, HTTP_URL, sizeof(HTTP_URL) - 1) == 0) host = proxyurl + sizeof(HTTP_URL) - 1; else if (strncasecmp(proxyurl, FTP_URL, sizeof(FTP_URL) - 1) == 0) host = proxyurl + sizeof(FTP_URL) - 1; else { warnx("Malformed proxy URL: %s", proxyenv); goto cleanup_url_get; } if (EMPTYSTRING(host)) { warnx("Malformed proxy URL: %s", proxyenv); goto cleanup_url_get; } *--path = '/'; /* add / back to real path */ path = strchr(host, '/'); /* remove trailing / on host */ if (!EMPTYSTRING(path)) *path++ = '\0'; /* i guess this ++ is useless */ path = strchr(host, '@'); /* look for credentials in proxy */ if (!EMPTYSTRING(path)) { *path++ = '\0'; cookie = strchr(host, ':'); if (EMPTYSTRING(cookie)) { warnx("Malformed proxy URL: %s", proxyenv); goto cleanup_url_get; } cookie = malloc(COOKIE_MAX_LEN); b64_ntop(host, strlen(host), cookie, COOKIE_MAX_LEN); /* * This removes the password from proxyenv, * filling with stars */ for (host = strchr(proxyenv + 5, ':'); *host != '@'; host++) *host = '*'; host = path; } path = newline; } if (isfileurl) { struct stat st; s = open(path, O_RDONLY); if (s == -1) { warn("Can't open file %s", path); goto cleanup_url_get; } if (fstat(s, &st) == -1) filesize = -1; else filesize = st.st_size; /* Open the output file. */ if (strcmp(savefile, "-") != 0) { #ifndef SMALL if (resume) out = open(savefile, O_APPEND | O_WRONLY); else #endif /* !SMALL */ out = open(savefile, O_CREAT | O_WRONLY | O_TRUNC, 0666); if (out < 0) { warn("Can't open %s", savefile); goto cleanup_url_get; } } else out = fileno(stdout); #ifndef SMALL if (resume) { if (fstat(out, &st) == -1) { warn("Can't fstat %s", savefile); goto cleanup_url_get; } if (lseek(s, st.st_size, SEEK_SET) == -1) { warn("Can't lseek %s", path); goto cleanup_url_get; } restart_point = st.st_size; } #endif /* !SMALL */ /* Trap signals */ oldintr = NULL; if (setjmp(httpabort)) { if (oldintr) (void)signal(SIGINT, oldintr); goto cleanup_url_get; } oldintr = signal(SIGINT, abortfile); bytes = 0; hashbytes = mark; progressmeter(-1); if ((buf = malloc(4096)) == NULL) errx(1, "Can't allocate memory for transfer buffer"); /* Finally, suck down the file. */ i = 0; while ((len = read(s, buf, 4096)) > 0) { bytes += len; for (cp = buf; len > 0; len -= i, cp += i) { if ((i = write(out, cp, len)) == -1) { warn("Writing %s", savefile); goto cleanup_url_get; } else if (i == 0) break; } if (hash && !progress) { while (bytes >= hashbytes) { (void)putc('#', ttyout); hashbytes += mark; } (void)fflush(ttyout); } } if (hash && !progress && bytes > 0) { if (bytes < mark) (void)putc('#', ttyout); (void)putc('\n', ttyout); (void)fflush(ttyout); } if (len != 0) { warn("Reading from file"); goto cleanup_url_get; } progressmeter(1); if (verbose) fputs("Successfully retrieved file.\n", ttyout); (void)signal(SIGINT, oldintr); rval = 0; goto cleanup_url_get; } if (*host == '[' && (hosttail = strrchr(host, ']')) != NULL && (hosttail[1] == '\0' || hosttail[1] == ':')) { host++; *hosttail++ = '\0'; } else hosttail = host; portnum = strrchr(hosttail, ':'); /* find portnum */ if (portnum != NULL) *portnum++ = '\0'; #ifndef SMALL if (debug) fprintf(ttyout, "host %s, port %s, path %s, save as %s.\n", host, portnum, path, savefile); #endif /* !SMALL */ memset(&hints, 0, sizeof(hints)); hints.ai_family = family; hints.ai_socktype = SOCK_STREAM; #ifndef SMALL port = portnum ? portnum : (ishttpsurl ? httpsport : httpport); #else /* !SMALL */ port = portnum ? portnum : httpport; #endif /* !SMALL */ error = getaddrinfo(host, port, &hints, &res0); /* * If the services file is corrupt/missing, fall back * on our hard-coded defines. */ if (error == EAI_SERVICE && port == httpport) { snprintf(pbuf, sizeof(pbuf), "%d", HTTP_PORT); error = getaddrinfo(host, pbuf, &hints, &res0); #ifndef SMALL } else if (error == EAI_SERVICE && port == httpsport) { snprintf(pbuf, sizeof(pbuf), "%d", HTTPS_PORT); error = getaddrinfo(host, pbuf, &hints, &res0); #endif /* !SMALL */ } if (error) { warnx("%s: %s", gai_strerror(error), host); goto cleanup_url_get; } s = -1; for (res = res0; res; res = res->ai_next) { if (getnameinfo(res->ai_addr, res->ai_addrlen, hbuf, sizeof(hbuf), NULL, 0, NI_NUMERICHOST) != 0) strlcpy(hbuf, "(unknown)", sizeof(hbuf)); if (verbose) fprintf(ttyout, "Trying %s...\n", hbuf); s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); if (s == -1) { cause = "socket"; continue; } again: if (connect(s, res->ai_addr, res->ai_addrlen) < 0) { int save_errno; if (errno == EINTR) goto again; save_errno = errno; close(s); errno = save_errno; s = -1; cause = "connect"; continue; } /* get port in numeric */ if (getnameinfo(res->ai_addr, res->ai_addrlen, NULL, 0, pbuf, sizeof(pbuf), NI_NUMERICSERV) == 0) port = pbuf; else port = NULL; #ifndef SMALL if (proxyenv && sslhost) proxy_connect(s, sslhost); #endif /* !SMALL */ break; } freeaddrinfo(res0); if (s < 0) { warn("%s", cause); goto cleanup_url_get; } #ifndef SMALL if (ishttpsurl) { if (proxyenv && sslpath) { ishttpsurl = 0; proxyurl = NULL; path = sslpath; } SSL_library_init(); SSL_load_error_strings(); SSLeay_add_ssl_algorithms(); ssl_ctx = SSL_CTX_new(SSLv23_client_method()); ssl = SSL_new(ssl_ctx); if (ssl == NULL || ssl_ctx == NULL) { ERR_print_errors_fp(ttyout); goto cleanup_url_get; } if (SSL_set_fd(ssl, s) == 0) { ERR_print_errors_fp(ttyout); goto cleanup_url_get; } if (SSL_connect(ssl) <= 0) { ERR_print_errors_fp(ttyout); goto cleanup_url_get; } } else { fin = fdopen(s, "r+"); } #else /* !SMALL */ fin = fdopen(s, "r+"); #endif /* !SMALL */ if (verbose) fprintf(ttyout, "Requesting %s", origline); /* * Construct and send the request. Proxy requests don't want leading /. */ #ifndef SMALL cookie_get(host, path, ishttpsurl, &buf); #endif /* !SMALL */ if (proxyurl) { if (verbose) fprintf(ttyout, " (via %s)\n", proxyenv); /* * Host: directive must use the destination host address for * the original URI (path). We do not attach it at this moment. */ if (cookie) ftp_printf(fin, ssl, "GET %s HTTP/1.0\r\n" "Proxy-Authorization: Basic %s%s\r\n%s\r\n\r\n", path, cookie, buf ? buf : "", HTTP_USER_AGENT); else ftp_printf(fin, ssl, "GET %s HTTP/1.0\r\n%s%s\r\n\r\n", path, buf ? buf : "", HTTP_USER_AGENT); } else { ftp_printf(fin, ssl, "GET /%s %s\r\nHost: ", path, #ifndef SMALL resume ? "HTTP/1.1" : #endif /* !SMALL */ "HTTP/1.0"); if (strchr(host, ':')) { char *h, *p; /* * strip off scoped address portion, since it's * local to node */ h = strdup(host); if (h == NULL) errx(1, "Can't allocate memory."); if ((p = strchr(h, '%')) != NULL) *p = '\0'; ftp_printf(fin, ssl, "[%s]", h); free(h); } else ftp_printf(fin, ssl, "%s", host); /* * Send port number only if it's specified and does not equal * 80. Some broken HTTP servers get confused if you explicitly * send them the port number. */ #ifndef SMALL if (port && strcmp(port, (ishttpsurl ? "443" : "80")) != 0) ftp_printf(fin, ssl, ":%s", port); if (resume) { int ret; struct stat stbuf; ret = stat(savefile, &stbuf); if (ret < 0) { if (verbose) fprintf(ttyout, "\n"); warn("Can't open %s", savefile); goto cleanup_url_get; } restart_point = stbuf.st_size; ftp_printf(fin, ssl, "\r\nRange: bytes=%lld-", (long long)restart_point); } #else /* !SMALL */ if (port && strcmp(port, "80") != 0) ftp_printf(fin, ssl, ":%s", port); #endif /* !SMALL */ ftp_printf(fin, ssl, "\r\n%s%s\r\n\r\n", buf ? buf : "", HTTP_USER_AGENT); if (verbose) fprintf(ttyout, "\n"); } #ifndef SMALL free(buf); #endif /* !SMALL */ buf = NULL; if (fin != NULL && fflush(fin) == EOF) { warn("Writing HTTP request"); goto cleanup_url_get; } if ((buf = ftp_readline(fin, ssl, &len)) == NULL) { warn("Receiving HTTP reply"); goto cleanup_url_get; } while (len > 0 && (buf[len-1] == '\r' || buf[len-1] == '\n')) buf[--len] = '\0'; #ifndef SMALL if (debug) fprintf(ttyout, "received '%s'\n", buf); #endif /* !SMALL */ cp = strchr(buf, ' '); if (cp == NULL) goto improper; else cp++; strlcpy(ststr, cp, sizeof(ststr)); status = strtonum(ststr, 200, 416, &errstr); if (errstr) { warnx("Error retrieving file: %s", cp); goto cleanup_url_get; } switch (status) { case 200: /* OK */ #ifndef SMALL case 206: /* Partial Content */ break; #endif /* !SMALL */ case 301: /* Moved Permanently */ case 302: /* Found */ case 303: /* See Other */ case 307: /* Temporary Redirect */ isredirect++; if (redirect_loop++ > 10) { warnx("Too many redirections requested"); goto cleanup_url_get; } break; #ifndef SMALL case 416: /* Requested Range Not Satisfiable */ warnx("File is already fully retrieved."); goto cleanup_url_get; #endif /* !SMALL */ default: warnx("Error retrieving file: %s", cp); goto cleanup_url_get; } /* * Read the rest of the header. */ free(buf); filesize = -1; for (;;) { if ((buf = ftp_readline(fin, ssl, &len)) == NULL) { warn("Receiving HTTP reply"); goto cleanup_url_get; } while (len > 0 && (buf[len-1] == '\r' || buf[len-1] == '\n')) buf[--len] = '\0'; if (len == 0) break; #ifndef SMALL if (debug) fprintf(ttyout, "received '%s'\n", buf); #endif /* !SMALL */ /* Look for some headers */ cp = buf; #define CONTENTLEN "Content-Length: " if (strncasecmp(cp, CONTENTLEN, sizeof(CONTENTLEN) - 1) == 0) { cp += sizeof(CONTENTLEN) - 1; filesize = strtonum(cp, 0, LLONG_MAX, &errstr); if (errstr != NULL) goto improper; #ifndef SMALL if (resume) filesize += restart_point; #endif /* !SMALL */ #define LOCATION "Location: " } else if (isredirect && strncasecmp(cp, LOCATION, sizeof(LOCATION) - 1) == 0) { cp += sizeof(LOCATION) - 1; if (verbose) fprintf(ttyout, "Redirected to %s\n", cp); if (fin != NULL) fclose(fin); else if (s != -1) close(s); free(proxyurl); free(newline); rval = url_get(cp, proxyenv, outfile); free(buf); return (rval); } } /* Open the output file. */ if (strcmp(savefile, "-") != 0) { #ifndef SMALL if (resume) out = open(savefile, O_APPEND | O_WRONLY); else #endif /* !SMALL */ out = open(savefile, O_CREAT | O_WRONLY | O_TRUNC, 0666); if (out < 0) { warn("Can't open %s", savefile); goto cleanup_url_get; } } else out = fileno(stdout); /* Trap signals */ oldintr = NULL; if (setjmp(httpabort)) { if (oldintr) (void)signal(SIGINT, oldintr); goto cleanup_url_get; } oldintr = signal(SIGINT, aborthttp); bytes = 0; hashbytes = mark; progressmeter(-1); free(buf); /* Finally, suck down the file. */ if ((buf = malloc(4096)) == NULL) errx(1, "Can't allocate memory for transfer buffer"); i = 0; len = 1; while (len > 0) { len = ftp_read(fin, ssl, buf, 4096); bytes += len; for (cp = buf, wlen = len; wlen > 0; wlen -= i, cp += i) { if ((i = write(out, cp, wlen)) == -1) { warn("Writing %s", savefile); goto cleanup_url_get; } else if (i == 0) break; } if (hash && !progress) { while (bytes >= hashbytes) { (void)putc('#', ttyout); hashbytes += mark; } (void)fflush(ttyout); } } if (hash && !progress && bytes > 0) { if (bytes < mark) (void)putc('#', ttyout); (void)putc('\n', ttyout); (void)fflush(ttyout); } if (len != 0) { warn("Reading from socket"); goto cleanup_url_get; } progressmeter(1); if ( #ifndef SMALL !resume && #endif /* !SMALL */ filesize != -1 && len == 0 && bytes != filesize) { if (verbose) fputs("Read short file.\n", ttyout); goto cleanup_url_get; } if (verbose) fputs("Successfully retrieved file.\n", ttyout); (void)signal(SIGINT, oldintr); rval = 0; goto cleanup_url_get; noftpautologin: warnx( "Auto-login using ftp URLs isn't supported when using $ftp_proxy"); goto cleanup_url_get; improper: warnx("Improper response from %s", host); cleanup_url_get: #ifndef SMALL if (ssl) { SSL_shutdown(ssl); SSL_free(ssl); } #endif /* !SMALL */ if (fin != NULL) fclose(fin); else if (s != -1) close(s); free(buf); free(proxyurl); free(newline); return (rval); }
/* * Retrieve URL, via the proxy in $proxyvar if necessary. * Modifies the string argument given. * Returns -1 on failure, 0 on success */ static int url_get(const char *origline, const char *proxyenv, const char *outfile) { char pbuf[NI_MAXSERV], hbuf[NI_MAXHOST], *cp, *portnum, *path, ststr[4]; char *hosttail, *cause = "unknown", *newline, *host, *port, *buf = NULL; char *epath, *redirurl, *loctail, *h, *p; int error, i, isftpurl = 0, isfileurl = 0, isredirect = 0, rval = -1; struct addrinfo hints, *res0, *res, *ares = NULL; const char * volatile savefile; char * volatile proxyurl = NULL; char *cookie = NULL; volatile int s = -1, out; volatile sig_t oldintr, oldinti; FILE *fin = NULL; off_t hashbytes; const char *errstr; ssize_t len, wlen; #ifndef SMALL char *sslpath = NULL, *sslhost = NULL; char *locbase, *full_host = NULL, *auth = NULL; const char *scheme; int ishttpsurl = 0; SSL_CTX *ssl_ctx = NULL; #endif /* !SMALL */ SSL *ssl = NULL; int status; int save_errno; const size_t buflen = 128 * 1024; direction = "received"; newline = strdup(origline); if (newline == NULL) errx(1, "Can't allocate memory to parse URL"); if (strncasecmp(newline, HTTP_URL, sizeof(HTTP_URL) - 1) == 0) { host = newline + sizeof(HTTP_URL) - 1; #ifndef SMALL scheme = HTTP_URL; #endif /* !SMALL */ } else if (strncasecmp(newline, FTP_URL, sizeof(FTP_URL) - 1) == 0) { host = newline + sizeof(FTP_URL) - 1; isftpurl = 1; #ifndef SMALL scheme = FTP_URL; #endif /* !SMALL */ } else if (strncasecmp(newline, FILE_URL, sizeof(FILE_URL) - 1) == 0) { host = newline + sizeof(FILE_URL) - 1; isfileurl = 1; #ifndef SMALL scheme = FILE_URL; } else if (strncasecmp(newline, HTTPS_URL, sizeof(HTTPS_URL) - 1) == 0) { host = newline + sizeof(HTTPS_URL) - 1; ishttpsurl = 1; scheme = HTTPS_URL; #endif /* !SMALL */ } else errx(1, "url_get: Invalid URL '%s'", newline); if (isfileurl) { path = host; } else { path = strchr(host, '/'); /* Find path */ if (EMPTYSTRING(path)) { if (outfile) { /* No slash, but */ path=strchr(host,'\0'); /* we have outfile. */ goto noslash; } if (isftpurl) goto noftpautologin; warnx("No `/' after host (use -o): %s", origline); goto cleanup_url_get; } *path++ = '\0'; if (EMPTYSTRING(path) && !outfile) { if (isftpurl) goto noftpautologin; warnx("No filename after host (use -o): %s", origline); goto cleanup_url_get; } } noslash: #ifndef SMALL /* * Look for auth header in host, since now host does not * contain the path. Basic auth from RFC 2617, valid * characters for path are in RFC 3986 section 3.3. */ if (proxyenv == NULL && (!strcmp(scheme, HTTP_URL) || !strcmp(scheme, HTTPS_URL))) { if ((p = strchr(host, '@')) != NULL) { size_t authlen = (strlen(host) + 5) * 4 / 3; *p = 0; /* Kill @ */ if ((auth = malloc(authlen)) == NULL) err(1, "Can't allocate memory for " "authorization"); if (b64_ntop(host, strlen(host), auth, authlen) == -1) errx(1, "error in base64 encoding"); host = p + 1; } } #endif /* SMALL */ if (outfile) savefile = outfile; else { if (path[strlen(path) - 1] == '/') /* Consider no file */ savefile = NULL; /* after dir invalid. */ else savefile = basename(path); } if (EMPTYSTRING(savefile)) { if (isftpurl) goto noftpautologin; warnx("No filename after directory (use -o): %s", origline); goto cleanup_url_get; } #ifndef SMALL if (resume && pipeout) { warnx("can't append to stdout"); goto cleanup_url_get; } #endif /* !SMALL */ if (!isfileurl && proxyenv != NULL) { /* use proxy */ #ifndef SMALL if (ishttpsurl) { sslpath = strdup(path); sslhost = strdup(host); if (! sslpath || ! sslhost) errx(1, "Can't allocate memory for https path/host."); } #endif /* !SMALL */ proxyurl = strdup(proxyenv); if (proxyurl == NULL) errx(1, "Can't allocate memory for proxy URL."); if (strncasecmp(proxyurl, HTTP_URL, sizeof(HTTP_URL) - 1) == 0) host = proxyurl + sizeof(HTTP_URL) - 1; else if (strncasecmp(proxyurl, FTP_URL, sizeof(FTP_URL) - 1) == 0) host = proxyurl + sizeof(FTP_URL) - 1; else { warnx("Malformed proxy URL: %s", proxyenv); goto cleanup_url_get; } if (EMPTYSTRING(host)) { warnx("Malformed proxy URL: %s", proxyenv); goto cleanup_url_get; } if (*--path == '\0') *path = '/'; /* add / back to real path */ path = strchr(host, '/'); /* remove trailing / on host */ if (!EMPTYSTRING(path)) *path++ = '\0'; /* i guess this ++ is useless */ path = strchr(host, '@'); /* look for credentials in proxy */ if (!EMPTYSTRING(path)) { *path = '\0'; cookie = strchr(host, ':'); if (EMPTYSTRING(cookie)) { warnx("Malformed proxy URL: %s", proxyenv); goto cleanup_url_get; } cookie = malloc(COOKIE_MAX_LEN); if (cookie == NULL) errx(1, "out of memory"); if (b64_ntop(host, strlen(host), cookie, COOKIE_MAX_LEN) == -1) errx(1, "error in base64 encoding"); *path = '@'; /* restore @ in proxyurl */ /* * This removes the password from proxyurl, * filling with stars */ for (host = 1 + strchr(proxyurl + 5, ':'); *host != '@'; host++) *host = '*'; host = path + 1; } path = newline; } if (isfileurl) { struct stat st; s = open(path, O_RDONLY); if (s == -1) { warn("Can't open file %s", path); goto cleanup_url_get; } if (fstat(s, &st) == -1) filesize = -1; else filesize = st.st_size; /* Open the output file. */ if (!pipeout) { #ifndef SMALL if (resume) out = open(savefile, O_CREAT | O_WRONLY | O_APPEND, 0666); else #endif /* !SMALL */ out = open(savefile, O_CREAT | O_WRONLY | O_TRUNC, 0666); if (out < 0) { warn("Can't open %s", savefile); goto cleanup_url_get; } } else out = fileno(stdout); #ifndef SMALL if (resume) { if (fstat(out, &st) == -1) { warn("Can't fstat %s", savefile); goto cleanup_url_get; } if (lseek(s, st.st_size, SEEK_SET) == -1) { warn("Can't lseek %s", path); goto cleanup_url_get; } restart_point = st.st_size; } #endif /* !SMALL */ /* Trap signals */ oldintr = NULL; oldinti = NULL; if (setjmp(httpabort)) { if (oldintr) (void)signal(SIGINT, oldintr); if (oldinti) (void)signal(SIGINFO, oldinti); goto cleanup_url_get; } oldintr = signal(SIGINT, abortfile); bytes = 0; hashbytes = mark; progressmeter(-1, path); if ((buf = malloc(buflen)) == NULL) errx(1, "Can't allocate memory for transfer buffer"); /* Finally, suck down the file. */ i = 0; oldinti = signal(SIGINFO, psummary); while ((len = read(s, buf, buflen)) > 0) { bytes += len; for (cp = buf; len > 0; len -= i, cp += i) { if ((i = write(out, cp, len)) == -1) { warn("Writing %s", savefile); signal(SIGINFO, oldinti); goto cleanup_url_get; } else if (i == 0) break; } if (hash && !progress) { while (bytes >= hashbytes) { (void)putc('#', ttyout); hashbytes += mark; } (void)fflush(ttyout); } } signal(SIGINFO, oldinti); if (hash && !progress && bytes > 0) { if (bytes < mark) (void)putc('#', ttyout); (void)putc('\n', ttyout); (void)fflush(ttyout); } if (len != 0) { warn("Reading from file"); goto cleanup_url_get; } progressmeter(1, NULL); if (verbose) ptransfer(0); (void)signal(SIGINT, oldintr); rval = 0; goto cleanup_url_get; } if (*host == '[' && (hosttail = strrchr(host, ']')) != NULL && (hosttail[1] == '\0' || hosttail[1] == ':')) { host++; *hosttail++ = '\0'; #ifndef SMALL if (asprintf(&full_host, "[%s]", host) == -1) errx(1, "Cannot allocate memory for hostname"); #endif /* !SMALL */ } else hosttail = host; portnum = strrchr(hosttail, ':'); /* find portnum */ if (portnum != NULL) *portnum++ = '\0'; #ifndef SMALL if (full_host == NULL) if ((full_host = strdup(host)) == NULL) errx(1, "Cannot allocate memory for hostname"); if (debug) fprintf(ttyout, "host %s, port %s, path %s, " "save as %s, auth %s.\n", host, portnum, path, savefile, auth); #endif /* !SMALL */ memset(&hints, 0, sizeof(hints)); hints.ai_family = family; hints.ai_socktype = SOCK_STREAM; #ifndef SMALL port = portnum ? portnum : (ishttpsurl ? httpsport : httpport); #else /* !SMALL */ port = portnum ? portnum : httpport; #endif /* !SMALL */ error = getaddrinfo(host, port, &hints, &res0); /* * If the services file is corrupt/missing, fall back * on our hard-coded defines. */ if (error == EAI_SERVICE && port == httpport) { snprintf(pbuf, sizeof(pbuf), "%d", HTTP_PORT); error = getaddrinfo(host, pbuf, &hints, &res0); #ifndef SMALL } else if (error == EAI_SERVICE && port == httpsport) { snprintf(pbuf, sizeof(pbuf), "%d", HTTPS_PORT); error = getaddrinfo(host, pbuf, &hints, &res0); #endif /* !SMALL */ } if (error) { warnx("%s: %s", gai_strerror(error), host); goto cleanup_url_get; } #ifndef SMALL if (srcaddr) { hints.ai_flags |= AI_NUMERICHOST; error = getaddrinfo(srcaddr, NULL, &hints, &ares); if (error) { warnx("%s: %s", gai_strerror(error), srcaddr); goto cleanup_url_get; } } #endif /* !SMALL */ s = -1; for (res = res0; res; res = res->ai_next) { if (getnameinfo(res->ai_addr, res->ai_addrlen, hbuf, sizeof(hbuf), NULL, 0, NI_NUMERICHOST) != 0) strlcpy(hbuf, "(unknown)", sizeof(hbuf)); if (verbose) fprintf(ttyout, "Trying %s...\n", hbuf); s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); if (s == -1) { cause = "socket"; continue; } #ifndef SMALL if (srcaddr) { if (ares->ai_family != res->ai_family) { close(s); s = -1; errno = EINVAL; cause = "bind"; continue; } if (bind(s, ares->ai_addr, ares->ai_addrlen) < 0) { save_errno = errno; close(s); errno = save_errno; s = -1; cause = "bind"; continue; } } #endif /* !SMALL */ again: if (connect(s, res->ai_addr, res->ai_addrlen) < 0) { if (errno == EINTR) goto again; save_errno = errno; close(s); errno = save_errno; s = -1; cause = "connect"; continue; } /* get port in numeric */ if (getnameinfo(res->ai_addr, res->ai_addrlen, NULL, 0, pbuf, sizeof(pbuf), NI_NUMERICSERV) == 0) port = pbuf; else port = NULL; #ifndef SMALL if (proxyenv && sslhost) proxy_connect(s, sslhost, cookie); #endif /* !SMALL */ break; } freeaddrinfo(res0); #ifndef SMALL if (srcaddr) freeaddrinfo(ares); #endif /* !SMALL */ if (s < 0) { warn("%s", cause); goto cleanup_url_get; } #ifndef SMALL if (ishttpsurl) { union { struct in_addr ip4; struct in6_addr ip6; } addrbuf; if (proxyenv && sslpath) { ishttpsurl = 0; proxyurl = NULL; path = sslpath; } SSL_library_init(); SSL_load_error_strings(); ssl_ctx = SSL_CTX_new(SSLv23_client_method()); if (ssl_ctx == NULL) { ERR_print_errors_fp(ttyout); goto cleanup_url_get; } if (ssl_verify) { if (ssl_ca_file == NULL && ssl_ca_path == NULL) ssl_ca_file = _PATH_SSL_CAFILE; if (SSL_CTX_load_verify_locations(ssl_ctx, ssl_ca_file, ssl_ca_path) != 1) { ERR_print_errors_fp(ttyout); goto cleanup_url_get; } SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); if (ssl_verify_depth != -1) SSL_CTX_set_verify_depth(ssl_ctx, ssl_verify_depth); } if (ssl_ciphers != NULL && SSL_CTX_set_cipher_list(ssl_ctx, ssl_ciphers) == -1) { ERR_print_errors_fp(ttyout); goto cleanup_url_get; } ssl = SSL_new(ssl_ctx); if (ssl == NULL) { ERR_print_errors_fp(ttyout); goto cleanup_url_get; } if (SSL_set_fd(ssl, s) == 0) { ERR_print_errors_fp(ttyout); goto cleanup_url_get; } /* * RFC4366 (SNI): Literal IPv4 and IPv6 addresses are not * permitted in "HostName". */ if (inet_pton(AF_INET, host, &addrbuf) != 1 && inet_pton(AF_INET6, host, &addrbuf) != 1) { if (SSL_set_tlsext_host_name(ssl, host) == 0) { ERR_print_errors_fp(ttyout); goto cleanup_url_get; } } if (SSL_connect(ssl) <= 0) { ERR_print_errors_fp(ttyout); goto cleanup_url_get; } if (ssl_verify) { X509 *cert; cert = SSL_get_peer_certificate(ssl); if (cert == NULL) { fprintf(ttyout, "%s: no server certificate\n", getprogname()); goto cleanup_url_get; } if (ssl_check_hostname(cert, host) != 0) { fprintf(ttyout, "%s: host `%s' not present in" " server certificate\n", getprogname(), host); goto cleanup_url_get; } X509_free(cert); } } else { fin = fdopen(s, "r+"); } #else /* !SMALL */ fin = fdopen(s, "r+"); #endif /* !SMALL */ if (verbose) fprintf(ttyout, "Requesting %s", origline); /* * Construct and send the request. Proxy requests don't want leading /. */ #ifndef SMALL cookie_get(host, path, ishttpsurl, &buf); #endif /* !SMALL */ epath = url_encode(path); if (proxyurl) { if (verbose) fprintf(ttyout, " (via %s)\n", proxyurl); /* * Host: directive must use the destination host address for * the original URI (path). We do not attach it at this moment. */ if (cookie) ftp_printf(fin, ssl, "GET %s HTTP/1.0\r\n" "Proxy-Authorization: Basic %s%s\r\n%s\r\n\r\n", epath, cookie, buf ? buf : "", HTTP_USER_AGENT); else ftp_printf(fin, ssl, "GET %s HTTP/1.0\r\n%s%s\r\n\r\n", epath, buf ? buf : "", HTTP_USER_AGENT); } else { #ifndef SMALL if (resume) { struct stat stbuf; if (stat(savefile, &stbuf) == 0) restart_point = stbuf.st_size; else restart_point = 0; } if (auth) { ftp_printf(fin, ssl, "GET /%s %s\r\nAuthorization: Basic %s\r\nHost: ", epath, restart_point ? "HTTP/1.1\r\nConnection: close" : "HTTP/1.0", auth); free(auth); auth = NULL; } else #endif /* SMALL */ ftp_printf(fin, ssl, "GET /%s %s\r\nHost: ", epath, #ifndef SMALL restart_point ? "HTTP/1.1\r\nConnection: close" : #endif /* !SMALL */ "HTTP/1.0"); if (strchr(host, ':')) { /* * strip off scoped address portion, since it's * local to node */ h = strdup(host); if (h == NULL) errx(1, "Can't allocate memory."); if ((p = strchr(h, '%')) != NULL) *p = '\0'; ftp_printf(fin, ssl, "[%s]", h); free(h); } else ftp_printf(fin, ssl, "%s", host); /* * Send port number only if it's specified and does not equal * 80. Some broken HTTP servers get confused if you explicitly * send them the port number. */ #ifndef SMALL if (port && strcmp(port, (ishttpsurl ? "443" : "80")) != 0) ftp_printf(fin, ssl, ":%s", port); if (restart_point) ftp_printf(fin, ssl, "\r\nRange: bytes=%lld-", (long long)restart_point); #else /* !SMALL */ if (port && strcmp(port, "80") != 0) ftp_printf(fin, ssl, ":%s", port); #endif /* !SMALL */ ftp_printf(fin, ssl, "\r\n%s%s\r\n\r\n", buf ? buf : "", HTTP_USER_AGENT); if (verbose) fprintf(ttyout, "\n"); } free(epath); #ifndef SMALL free(buf); #endif /* !SMALL */ buf = NULL; if (fin != NULL && fflush(fin) == EOF) { warn("Writing HTTP request"); goto cleanup_url_get; } if ((buf = ftp_readline(fin, ssl, &len)) == NULL) { warn("Receiving HTTP reply"); goto cleanup_url_get; } while (len > 0 && (buf[len-1] == '\r' || buf[len-1] == '\n')) buf[--len] = '\0'; #ifndef SMALL if (debug) fprintf(ttyout, "received '%s'\n", buf); #endif /* !SMALL */ cp = strchr(buf, ' '); if (cp == NULL) goto improper; else cp++; strlcpy(ststr, cp, sizeof(ststr)); status = strtonum(ststr, 200, 416, &errstr); if (errstr) { warnx("Error retrieving file: %s", cp); goto cleanup_url_get; } switch (status) { case 200: /* OK */ #ifndef SMALL /* * When we request a partial file, and we receive an HTTP 200 * it is a good indication that the server doesn't support * range requests, and is about to send us the entire file. * If the restart_point == 0, then we are not actually * requesting a partial file, and an HTTP 200 is appropriate. */ if (resume && restart_point != 0) { warnx("Server does not support resume."); restart_point = resume = 0; } /* FALLTHROUGH */ case 206: /* Partial Content */ #endif /* !SMALL */ break; case 301: /* Moved Permanently */ case 302: /* Found */ case 303: /* See Other */ case 307: /* Temporary Redirect */ isredirect++; if (redirect_loop++ > 10) { warnx("Too many redirections requested"); goto cleanup_url_get; } break; #ifndef SMALL case 416: /* Requested Range Not Satisfiable */ warnx("File is already fully retrieved."); goto cleanup_url_get; #endif /* !SMALL */ default: warnx("Error retrieving file: %s", cp); goto cleanup_url_get; } /* * Read the rest of the header. */ free(buf); filesize = -1; for (;;) { if ((buf = ftp_readline(fin, ssl, &len)) == NULL) { warn("Receiving HTTP reply"); goto cleanup_url_get; } while (len > 0 && (buf[len-1] == '\r' || buf[len-1] == '\n')) buf[--len] = '\0'; if (len == 0) break; #ifndef SMALL if (debug) fprintf(ttyout, "received '%s'\n", buf); #endif /* !SMALL */ /* Look for some headers */ cp = buf; #define CONTENTLEN "Content-Length: " if (strncasecmp(cp, CONTENTLEN, sizeof(CONTENTLEN) - 1) == 0) { size_t s; cp += sizeof(CONTENTLEN) - 1; if ((s = strcspn(cp, " \t"))) *(cp+s) = 0; filesize = strtonum(cp, 0, LLONG_MAX, &errstr); if (errstr != NULL) goto improper; #ifndef SMALL if (restart_point) filesize += restart_point; #endif /* !SMALL */ #define LOCATION "Location: " } else if (isredirect && strncasecmp(cp, LOCATION, sizeof(LOCATION) - 1) == 0) { cp += sizeof(LOCATION) - 1; if (strstr(cp, "://") == NULL) { #ifdef SMALL errx(1, "Relative redirect not supported"); #else /* SMALL */ if (*cp == '/') { locbase = NULL; cp++; } else { locbase = strdup(path); if (locbase == NULL) errx(1, "Can't allocate memory" " for location base"); loctail = strchr(locbase, '#'); if (loctail != NULL) *loctail = '\0'; loctail = strchr(locbase, '?'); if (loctail != NULL) *loctail = '\0'; loctail = strrchr(locbase, '/'); if (loctail == NULL) { free(locbase); locbase = NULL; } else loctail[1] = '\0'; } /* Contruct URL from relative redirect */ if (asprintf(&redirurl, "%s%s%s%s/%s%s", scheme, full_host, portnum ? ":" : "", portnum ? portnum : "", locbase ? locbase : "", cp) == -1) errx(1, "Cannot build " "redirect URL"); free(locbase); #endif /* SMALL */ } else if ((redirurl = strdup(cp)) == NULL) errx(1, "Cannot allocate memory for URL"); loctail = strchr(redirurl, '#'); if (loctail != NULL) *loctail = '\0'; if (verbose) fprintf(ttyout, "Redirected to %s\n", redirurl); if (fin != NULL) fclose(fin); else if (s != -1) close(s); rval = url_get(redirurl, proxyenv, savefile); free(redirurl); goto cleanup_url_get; } free(buf); } /* Open the output file. */ if (!pipeout) { #ifndef SMALL if (resume) out = open(savefile, O_CREAT | O_WRONLY | O_APPEND, 0666); else #endif /* !SMALL */ out = open(savefile, O_CREAT | O_WRONLY | O_TRUNC, 0666); if (out < 0) { warn("Can't open %s", savefile); goto cleanup_url_get; } } else out = fileno(stdout); /* Trap signals */ oldintr = NULL; oldinti = NULL; if (setjmp(httpabort)) { if (oldintr) (void)signal(SIGINT, oldintr); if (oldinti) (void)signal(SIGINFO, oldinti); goto cleanup_url_get; } oldintr = signal(SIGINT, aborthttp); bytes = 0; hashbytes = mark; progressmeter(-1, path); free(buf); /* Finally, suck down the file. */ if ((buf = malloc(buflen)) == NULL) errx(1, "Can't allocate memory for transfer buffer"); i = 0; len = 1; oldinti = signal(SIGINFO, psummary); while (len > 0) { len = ftp_read(fin, ssl, buf, buflen); bytes += len; for (cp = buf, wlen = len; wlen > 0; wlen -= i, cp += i) { if ((i = write(out, cp, wlen)) == -1) { warn("Writing %s", savefile); signal(SIGINFO, oldinti); goto cleanup_url_get; } else if (i == 0) break; } if (hash && !progress) { while (bytes >= hashbytes) { (void)putc('#', ttyout); hashbytes += mark; } (void)fflush(ttyout); } } signal(SIGINFO, oldinti); if (hash && !progress && bytes > 0) { if (bytes < mark) (void)putc('#', ttyout); (void)putc('\n', ttyout); (void)fflush(ttyout); } if (len != 0) { warn("Reading from socket"); goto cleanup_url_get; } progressmeter(1, NULL); if ( #ifndef SMALL !resume && #endif /* !SMALL */ filesize != -1 && len == 0 && bytes != filesize) { if (verbose) fputs("Read short file.\n", ttyout); goto cleanup_url_get; } if (verbose) ptransfer(0); (void)signal(SIGINT, oldintr); rval = 0; goto cleanup_url_get; noftpautologin: warnx( "Auto-login using ftp URLs isn't supported when using $ftp_proxy"); goto cleanup_url_get; improper: warnx("Improper response from %s", host); cleanup_url_get: #ifndef SMALL if (ssl) { SSL_shutdown(ssl); SSL_free(ssl); } free(full_host); free(auth); #endif /* !SMALL */ if (fin != NULL) fclose(fin); else if (s != -1) close(s); free(buf); free(proxyurl); free(newline); free(cookie); return (rval); }