openssl: Stop dragging libpthread into every libcrypto user.

With the new _NETBSD_PTHREAD_CREATE_WEAK, libcrypto can have a call
to pthread_create without linking against libpthread, so it is not
necessary to link all libcrypto users against libpthread too.

Applications that link against libcrypto but not libpthread can't use
threaded OpenSSL functionality, of course -- OSSL_set_max_threads
will always fail in such applications.

This reverts all the makefile churn that I found for unnecessary
libpthread linkage since the openssl 3.5 import.

PR lib/59685: libcrypto should not depend on libpthread

m68* triggers a bad-maybe clobbered warning, avoid it.

ftp.c:779:23: error: variable 'rc' might be clobbered by 'longjmp' or 'vfork' [-Werror=clobbered]
779 | off_t rc;
| ^~

sun2 and GCC 14 gets a maybe clobbered wrong here, i think.

branches: 1.41.2;
crypto needs threads

branches: 1.40.2;
bsd.own.mk: rename GCC_NO_* to CC_WNO_*

Rename compiler-warning-disable variables from
GCC_NO_warning
to
CC_WNO_warning
where warning is the full warning name as used by the compiler.

GCC_NO_IMPLICIT_FALLTHRU is CC_WNO_IMPLICIT_FALLTHROUGH

Using the convention CC_compilerflag, where compilerflag
is based on the full compiler flag name.

use fetch_*() for I/O with SMALLPROG / !WITH_SSL builds

Adapt the SMALLPROG / -UWITH_SSL build to also use the fetch_*()
methods from ssl.c, instead of using stdio, as stdio isn't robust
when using interruptable signals.

Disable ssl-specific support in the fetch_*() methods if WITH_SSL
isn't defined, so SMALLPROG still doesn't have ssl support (as expected).

The resulting SMALLPROG binary is slightly larger than before
(e.g., 157KiB vs 153KiB on amd64).

Set version to 20210603 for this fix and the SO_KEEPALIVE fix for PR 56129.

PR install/56219

branches: 1.38.4;
add support for new GCC 9 warnings that may be too much to fix
right now. new address-of-packed-member and format-overflow
warnings have new GCC_NO_ADDR_OF_PACKED_MEMBER amd
GCC_NO_FORMAT_OVERFLOW variables to remove these warnings.

apply to a bunch of the tree. mostly, these are real bugs that
should be fixed, but in many cases, only by removing the 'packed'
attribute from some structure that doesn't really need it. (i
looked at many different ones, and while perhaps 60-80% were
already properly aligned, it wasn't clear to me that the uses
were always coming from sane data vs network alignment, so it
doesn't seem safe to remove packed without careful research for
each affect struct.) clang already warned (and was not erroring)
for many of these cases, but gcc picked up dozens more.

branches: 1.37.2; 1.37.12;
Remove MKCRYPTO option.

Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export. The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.

In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated. I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.

The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.

My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.

As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:

https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.html
https://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.html
https://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html

P.S. Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet... That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.

PR/47276: Add https support

branches: 1.35.2; 1.35.4; 1.35.8;
fix gcc-4.5 warnings

apply some -Wno-error and/or -fno-strict-aliasing.


all of this should be looked at closer, but some of them are not
very trivial.

Userland now builds and uses terminfo instead of termcap.

OK: core@, jdc@

Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry. RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros. Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default. Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.

Add NO_USAGE and NO_DEBUG so that we can fit in the floppies again.

branches: 1.30.2;
As dsl points out, sysinst uses the progress bar so put it back on SMALLPROG

Add NO_PROGRESS for -DSMALL

Only compile in IPv6 support if ${USE_INET6} != "no"

MKINET6 is for providing IPv6 infrastructure.
USE_INET6 is for compiling IPv6 support into the programs (needs MKINET6).

Save approximately 8K by not including http authentication, extended status
messages and help strings when the appropriate options are set.

Abstract out progress bar support into progressbar.[ch], for inclusion
in external programs (conditionalized on -DSTANDALONE_PROGRESS).

The following moved from util.c to progressbar.c:
alarmtimer(), progressmeter(), psummary(), ptransfer(),
xsignal(), xsignal_restart()

The following moved from extern.h and ftp_var.h to progressbar.h:
STALLTIME, verbose, fromatty, progress, quit_time, ttywidth

tweaks for fparseln(3) move from libutil to libc:
- remove #include <util.h> if nothing else needed it
- remove LDFLAGS+=-lutil if nothing else needed it

- if SMALLPROG is defined, add -DNO_EDITCOMPLETE -DNO_ABOUT,
and don't bother linking with -ledit -ltermcap
- if SMALLPROG is not defined or SMALLPROG_INET6 is defined, add -DINET6

branches: 1.23.6;
add dependency on version.h

simple dependancy so addition of global vars to ftp_var.h is detected for main.c

* replace ifdefs against __SVR4 and __linux__ with DIRENT_MISSING_D_NAMLEN;
it's more portable and more obvious
* remove the mkgmtime() && HAVE_TIMEGM stuff:
a) why should netbsd have to define HAVE_TIMEGM to compile cleanly?
b) foreign compiles of ftp should just be linked with working
timegm function

a more portable version of this ftp client will be released as a 3rdparty
product; no use polluting our code with half-baked attempts...

branches: 1.20.2;
add dual-stack (IPv4/v6) support. hope I broke no other part...

revert previous (creation of /usr/bin/pftp link);
* $FTPMODE is the documented way in ftp(1) to force passive, active,
gate-ftp, or autodetect.
* AFAIK, we haven't shipped any previous release with pftp in /usr/bin
* no link was made for gate-ftp (and i don't think that makes sense in
/usr/bin either)
* even though the link isn't made, the support for pftp, gate-ftp, and
the `-p' flag should remain since people may depend on having their
own link (e.g, ~/bin/pftp -> /usr/bin/ftp) or aliases which use
these things. it doesn't hurt to leave argv[0] checking in ftp's main().

added LINKS= to make /usr/bin/pftp

Temporary fix of UTC -> time_t conversion:
1. changed to use timegm(3) on NetBSD and
2. supply alternative code for other Unix-like OSs
(NetBSD ftp shall be portable for some reasons :-).

This fix closes PR #6448.

NOTE: This should be fixed again if a portable UTC to time_t
conversion method is specified in some standards.

* send 'Connection: close' in HTTP/1.1 headers, preventing the
remove server from using a persistent connection, which speeds
up such requests.
* support http 301 and 302 redirects
* rewrite guts of url_get() to use fparseln() et al instead of
read(s,&p,1)... enables each in the header to be parsed
as necessary
* rename login to ftp_login, to remove conflict with util.h::login
* cleanup verbose messages during http proxy requests

branches: 1.15.2;
don't define WARNS=1 here

Change CFLAGS to CPPFLAGS

bugs fixed:
* don't interpret '-' or '|' when a local filename is determined from
the remote name (i.e, in mget, and in get with only one argument).
This is implemented using an extra argument to recvrequest().
Fixes a major security hole.
* clean up memory leak when using globulize()
* clean up a couple of comments
* fix wording in TNF copyright

features added:
* support for TIS fwtk gate-ftp servers:
* read defaults from $FTPSERVER && $FTPSERVERPORT
* start in gate-ftp mode if invoked as 'gate-ftp'
* toggle or set with 'gate [host [port]]'

* use RCSID() && COPYRIGHT() macros
* cleanup for WARNS=1 (including some ugly '(void)&var' bits wrapped in
#ifdef __GNUC__ to shut up gcc warnings WRT setjmp/longjmp)
* use strtol() instead of atoi(), and more extensively check result of
conversion
* use u_int16_t instead of short or int for TCP port addresses

- Makefile cleanups

SMALLFTP->SMALL; remove SMALL from Makefile

Deal with SMALLFTP a bit differently [by compiling complete.c]

New features:
* Command line editing via editline(3) library.
* Context sensitive command and file completion, including remote files.

Enhancements to auto-fetch feature:
* Support for http:// URLs using the http protocol, including proxy HTTP
support via $htty_proxy if it's defined.
* The connection is kept open between successive files on the same host.
(obviously, this does not count for http requests.)
* Return value of ftp is 0 on no error, or the offset in argv[] of the file
which failed (i.e., argv[x] failed, ftp returns x).
* If the path in an ftp URL or classic format line has a trailing '/',
cd to the path and enter interactive mode. Fixes [bin/3011], albiet
requiring the user to help ftp in determining the operation.

Other changes:
* '-P port' works for normal ftp, and is the default for all classic style
auto-fetch transfers and for ftp URLs that don't specify the port.
(previously it would just work for the first xfer.)
* Some code moved into separated files along logical divisions.
* Editing and completion can be compiled out with -DSMALLFTP.

RCS ID police

add -Dunix to CFLAGS

Sync with 4.4lite2

branches: 1.4.2;
Add RCS ids.

clean up import, no local changes.

Add RCS indentifiers.

branches: 1.1.1; 1.1.2;
Initial revision

Check bounds when copying to destination.
Remove const where the const string ended up being overwritten.

pass some lint.

ftp: improve units used in comments and errors

Use "KiB" instead of "K" in errors.
Clarify related comments.

branches: 1.141.6; 1.141.8;
ftp(1): fix description of "debug"

"debug" command and documentation got accidentally renamed
to "ftp_debug" 13 years ago, and was only partially fixed.

branches: 1.140.2;
Try to avoid a (bogus) fatal warning from clang.

- add justquit() that always exits. use it to avoid unreachable code.

branches: 1.138.4;
Issue PWD commands to the server only when we actually
need the results, not speculatively, just in case we might.

Allows operation with some broken servers that get confused
by PWD commands in some situations, and saves server round
trips in the (modern) common case of
ftp ftp://path/name
where we never need to know the results from PWD.

branches: 1.137.8;
CID 1354295: Array overrun.

use sizeof() and array notation.

branches: 1.135.8;
document https support, mentioning certificates are not validated, and obey
https_proxy.

branches: 1.134.2; 1.134.6;
fix previous; use append instead of write.

make -R work the same in ftp:// like it does for http:// (i.e. work if
there is no local file).

branches: 1.132.2;
Use __dead

rename argument from "bool" to "val"

Rename internal getline() function to get_line() so it does
conflict with the soon to be added getline(3) libc function.

Fix numerous WARNS=4 issues (-Wcast-qual -Wsign-compare).

fix -Wshadow issues

branches: 1.127.2;
correct a comment

update copyrights

Add epsv6 and epsv to disable extended passive mode for ipv6 or both ipv4 and ipv6 respectively. This hack is due to our friends a Juniper Networks who break
epsv in ipv6. Should be fixed in ScreenOS 6.2.X.

branches: 1.124.2;
Remove clause 3 and 4 from TNF licenses

branches: 1.123.10;
Display times in RFC2822 form rather than using ctime(3), since
the former is more explicit about the timezone offset.

Use getline() instead of fparseln()

Clean up use of confirm() and mbort() so that the current operation
is always passed in (instead of depending upon the 'mname' global).
For confirm(), if the second argument is NULL print the "Continue with <cmd>"
prompt. This fixes up the the display of interrupted prompts.

* Implement -s srcaddr; uses srcaddr as the local IP address for all
connections.
Based on code in the version of ftp that FreeBSD had before they
replaced it with lukemftp.
* Move error message handling into ftp_connect() rather than in the
caller, so that more specific error reporting can occur.
* Improve consistency of various warning and error messages.

getpass() can return NULL upon error in some implementations
(as documented in older standards documents, before the API was obsoleted).
Problem observed in tnftp on Solaris by Emil Mikulic.

rename debug to ftp_debug. grr libssh.

Rename xfoo() to ftp_foo() to avoid collisions with libssh. Don't ask.

Add NO_USAGE and NO_DEBUG so that we can fit in the floppies again.

Implement:
int getline(FILE *stream, char *buf, size_t buflen, const char **errormsg)
Read a line from the FILE stream into buf/buflen using fgets(), so up
to buflen-1 chars will be read and the result will be NUL terminated.
If the line has a trailing newline it will be removed.
If the line is too long, excess characters will be read until
newline/EOF/error.
Various -ve return values indicate different errors, and errormsg
will be changed to an error description if it's not NULL.

Convert to use getline() instead of fgets() whenever reading user input
to ensure that an overly long input line doesn't leave excess characters
for the next input operation to accidentally use as input.

Zero out the password & account after we've finished with it.

Consistently use getpass(3) (i.e, character echo suppressed) when
reading the account data. For some reason, historically the "login"
code suppressed echo for Account: yet the "user" command did not!

Display the hostname in the "getaddrinfo failed" warning.

Appease some -Wcast-qual warnings. Fixing all of these requires
significant code refactoring. (mmm, legacy code).

Use size_t instead of int where appropriate.

Some const cleanups.

gratuitous whitespace cleanup (before someone else jumps the gun...)

branches: 1.111.2;
White space nit- don't put a space before/after increment/decrement
operators.

Factor out common string processing code eliminating static buffers,
making functions that should be static be static, and cleaning up
const usage. Added a guard against buffer overflow, but the domap function
is a bit too complicated for me to tackle right now. I will leave it
to the author; hi luke!

Forbid filenames returned from mget that aren't in (or below) the
current directory.
The previous behaviour (of trusting the remote server's response when
retrieving the list of files to mget with prompting disabled) has been
in ftp ~forever, and has been a "known issue" for a long time.
Recently an advisory was published by D.J. Bernstein on behalf of
Yosef Klein warning of the problems with the previous behaviour, so
to alleviate concern I've fixed this with a sledgehammer.

Remember the local cwd after any operation which may change it.
Use "remotecwd" instead of "remotepwd".

Add (unsigned char) cast to ctype functions

Ensure that "mname" is set in ls() and mls() so that an aborted confirm()
prints the correct name.
Problem highlighted & suggested fix from PR [bin/17766] by Steve McClellan.

If an ftp auto-fetch transfer is interrupted by SIGINT (usually ^C),
exit with 130 instead of 1 (or rarely, 0).
This allows an ftp auto-fetch in a shell loop to correctly terminate the loop.
Should fix PR [pkg/26351], and possibly others.

Fix an inversed test for NO_STATUS in rev. 1.103; fixes the real issue
behind PR bin/25842.

make this compile without NO_STATUS

fixes bin/25842 by Jukka Salmi

Save approximately 8K by not including http authentication, extended status
messages and help strings when the appropriate options are set.

Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22365, verified by myself.

Invalidate remote directory completion cache if any command which
may change the remote contents completes successfully, including:
del, mdel, ren, mkdir, rmdir, quote, and all upload commands
Patch from Yar Tikhiy <yar@comp.chem.msu.su>.

tweaks for fparseln(3) move from libutil to libc:
- remove #include <util.h> if nothing else needed it
- remove LDFLAGS+=-lutil if nothing else needed it

strdup -> xstrdup (handle malloc error right)

- when showing the final progress bar, replace "00:00 ETA" with the
elapsed time. (suggested by simonb)
- actually display transfer stats after a URL fetch. (bug introduced a
*long* time ago)
- update copyright & version

Use "r+" instead of "r+w", since the latter is not standard.
Noted by <Steve.McClellan@radisys.com> in private email.

- Only send port number in HTTP/1.1 Host: request if port != 80.
Fixes [bin/15415] from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>
- Fix bad mode passed by mls() to recvrequest().
Fixes [bin/16642] from <steve.mcclellan@radisys.com>

update copyrights

minor knf

invoke cmdtab.c_handler()s with argv[0] == c_name instead of the
supplied name. that way the full (unambiguous) name is displayed in
error messages and usage strings.

- implement "mreget"; as per "mget" but uses "reget" instead of "get"
- add -N netrc and $NETRC, as methods to select an alternative .netrc file
- cache local user name and home directory for further use
- in mget(), use docase() instead of a local version to do the case
conversion.

More format string cleanup by sommerfeld.

- rename NO_QUAD to NO_LONG_LONG, QUAD* -> LL* and add ULL* (unsigned)
equivalents. name change suggested by Klaus Klein <kjk@netbsd.org>
- change defined(BSD4_4) || HAVE_SIN_LEN tests into HAVE_SOCKADDR_SA_LEN,
and set the latter if BSD4_4 exists

clean up NO_QUAD support: create helper #defines and use as appropriate:
#define NOQUAD ! NOQUAD
------- ------ - ------
QUADF "%ld" "%lld"
QUADFP(x) "%" x "ld" "%" x "lld"
QUADT long long long
STRTOL(x,y,z) strtol(x,y,z) strtoll(x,y,z)

add support for FEAT and OPTS commands with `features' and `opts'.
(from RFC 2389).

add support for MLST & MLSD (machine parseble listings) with 'mlst', 'mlsd'
and 'pmlsd' (mlsd |$PAGER) commands. (from draft-ietf-ftpext-mlst-11)

rename remotesyst() to getremoteinfo(), and modify to parse the result from
FEAT (if supported), and take into account the support for the various
extensions such as MDTM, SIZE, REST (STREAM), MLSD, and FEAT/OPTS.
put each feature into one of the following categories:
- known to work (explicit FEAT)
- unknown but assume works until explicit failure, when it's
then tagged as `known not to work'.
- known not to work (FEAT succeeded but didn't return anything,
or was unknown and then explicit failure)
assign results into features[] matrix.

add support to getreply() so that an optional callback will be called
for each line received from the server except for the first and last.
this is used in FEAT (and MLST) parsing.

modify various commands to check if REST (STREAM), MDTM and SIZE are
explicitly or implicitly supported before using.

fix `syst' when verbose is off.

minor knf (indent goto labels by one space, etc).

simply various command usage handlers by assuming that argv != NULL except
for quit() and disconnect().

branches: 1.87.2;
* migrate the SYST parsing from setpeer() into a separate remotesyst().
call remotesyst() only when login has been successful
some servers don't let you run SYST until you've successfully logged in.
* in fetch_ftp(), always call setpeer() with autologin disabled, and use
the following ftp_login() to DTRT.
this prevents ftp from trying to login a second time if the first autologin
fails when connecting to a remote site anonymously using autofetch.
* reset unix_proxy and unix_server in cleanuppeer()
* missed a function conversion in the KNF sweep...

Change `ls' to use the `LIST' and not `NLST' FTP protocol command.
Now that after many years on not caring we find certain popular
ftp servers are starting to obey RFC959 to the letter of the law
and will only return a list of filenames (not directories or
other filetypes) in the output of `NLST', then `LIST' is more useful
in this case. (Note that the aforementioned pedanticness means that
filename completion isn't as useful as it could be...)
Fixes [bin/8937] by David A. Gatwood <dgatwood@deepspace.mklinux.org>

branches: 1.85.2;
convert to ANSI KNF

* Add support for `fget localfile', which reads a list of filenames to
retrieve from localfile. Based on work by Darren Reed.
* Crank version.
* Update copyright dates.

s/strtoq/strtoll/ (the latter is standardised)

define private type `sigfunc' as
typedef void (*sigfunc) __P((int));
and replace use of sig_t and void (*)(int).

certain other OSes define sig_t differently to that (they add extra arguments),
and it causes problems due to function mismatches, etc...

move version into separate file to reduce recompilation after version crank.

* complete_remote(): use remglob("", ...) instead of remglob(".", ...),
for listings of the current working directory; some ftp servers don't
like `NLST .'.
[noted by Giles Lean <giles@nemeton.com.au>]
* recvrequest(): treat remote=="" as remote==NULL when calling command().
(to support the above change)
* support `[user@]' in `[user@]host' and `[user@]host[:][path]'.
[based on idea (and initial code) from David Maxwell <david@fundy.ca>]
* `idle' may be invoked without any args
* reformat some comments
* reformat usage string in program and man page
* call updateremotepwd() after successful login, not after successful connect
* always call setsockopt(, IPPROTO_IP, IP_TOS, ) (et al); using #if
defined(IPPROTO_IP) doesn't work on certain foreign systems where
enums instead of #defines are used...
[noted by Matthias Pfaller <leo@dachau.marco.de>]

- implement updateremotepwd(); update the global variable `remotepwd'
to contain the remote working directory.
- add `set prompt', a user configurable prompt. (defaults to `ftp> ').
the following escape characters a la tcsh(1) are supported: %/, %m,
%M, and %n.
- add global var `username'; used by prompt code
- fix a couple of minor memory leaks
- bump version

- split the version string into product and version
- be consistent about reporting the version between:
+ status command
+ about:version URL fetch
+ User-agent sent in http requests

support `about:version'. also display the version in the output of `status'.

new features:
- add `usage'; displays the usage of a command.
implemented by calling the c_handler() with argc = 0, argv = "funcname".
- add `passive auto'; does the same as $FTPMODE=auto.
- add `set [option value]'; display all options, or set an option to a value.
- add `unset option'; unset an option.
- add getoptionvalue() to retrieve an option's value, and replace a few
global variables with calls to this.
- implement cleanuppeer(), which resets various bits of state back to
`disconnected'. call in disconnect() and lostpeer().
- support completing on `options'.
- improve recovery after a SIGINT may have closed the connection.
XXX: there's still a couple to fix

other stuff:
- various consistency fixes in the man page.
- ensure that the command usage strings in the code and man page match reality.
- mput/mget: check that the connection still exists before each xfer.
- minor cosmetic changes in confirm().
- set code correctly in sizecmd() and modtime()
- don't need \n in err() strings.
- change lostpeer to take an argument (rather than casting (sig_t)lostpeer
in signal handlers)
- knf and whitespace police.

* fix up confirm() (broke `a' and `p' in last commit)
* simplify main loop (don't need `top' variable any more)
* use a struct sockaddr_in6.sin6_addr for the result from inet_pton(),
rather than u_char buf[16]
* add a few more comments

a few user interface and cosmetic tweaks:
* confirm(): move from util.c to cmds.c. display mnemonic string in its prompt.
add support for `q' (terminate current xfer), `?' (show help list)
* in various signal handlers, output a linefeed only if fromatty.
* if fgets(stdin) returned NULL (i.e, EOF), clearerr(stdin) because you don't
want future fgets to fail. this is not done for the fgets() in the main
command loop, since ftp will quit at that point.
* unless ftp is invoked with -a, don't retain the anonftp setting between
hosts (`ftp somehost:' sets anonftp, but you don't want that to `stick'
if you close that connection and open a new one).

use sigjmp_buf for sigsetjmp(), instead of jmp_buf.
noted by Havard.Eidnes@runit.sintef.no.

* use sigsetjmp()/siglongjump() instead of setjmp()/longjmp(); the latter
don't save the signal mask on some foreign systems.
* ensure signal handlers don't use stdio and do reset errno if they
don't exit with siglongjmp()
* use a common SIGINT handler for {send,recv}request()

* factor out SIGINFO setting into a handler that is always active (but only
prints out info if bytes > 0). only set the handler if SIGINFO is defined
* hijack SIGQUIT to be the same as SIGINFO (foreign ports have this, and it's
annoying to have SIGQUIT dump core on netbsd when it prints info on other
systems)
* in {recv,send}request(), factor a lot of duplicated code out into a
`cleanup' section at the end
* rework shell() a bit

add TNFi copyright to all files i've done more than a minor amount of work to...

enhancments from Marc Horowitz <marc@mit.edu> to improve connection timeouts:
* implement xsignal_restart(), which only sets the SA_RESTART flag if
specifically requested
* xsignal() is now a wrapper to xsignal_restart(). INFO, USR1, USR2 and WINCH
are restartable, ALRM, INT, PIPE and QUIT are not.
* improve getreply()'s timeout code to take advantage of the above.

other changes:
* improve wording of how globbing works for `classic' URLs (host:path).
suggested by John Refling <johnr@imageworks.com> in relation to PRs
[bin/8519] and [bin/8520]
* always compile in the `edit' command even if NO_EDITCOMPLETE defined.
it's just a no-op in the latter case, which is more consistent to
the users.
* always compile in about: support (i.e, remove NO_ABOUT).
i'm entitled to some vanity in this program...
* clean up some whitespace

If EPSV or EPRT fails, disable epsv4 for the rest of the current connection.
the disabled state can be overridden by toggling epsv4.

(I got sick of the errors about EPSV not being supported on almost
every server I connect to. This way we retain support for epsv4, but
it's not so whiny after the first failure...)

* don't bother with "pathnames.h"; it contained just a single #define.
instead, include <paths.h> in the files that need it
* slightly reorg ftp_var.h

* newer takes an optional second arg, so document this
* be a bit more explicit that the arguments to rate are in bytes

* In the !NI_NUMERICHOST case (i.e, getaddrinfo() challenged systems), portnum
should be in host order. found/fixed by Matthias Pfaller <leo@dachau.marco.de>
* parse_url(): improve checking of portnum, and add an extra argument to pass
back the parsed portnum to the caller (reduces a bit of code duplication)
* Move the KAME/WIDE copyrights after the BSD/TNFi ones. Since there was
significantly less code added under the former, it's only fair on the latter.

* fix initialisation of home[]
* fetch_url(): if path would be NULL, return strdup("")

* add new commands:
lpage page local files
pdir as dir, but through your $PAGER
pls as ls, but through your $PAGER
* implement docase() (a la dotrans() et al) and use appropriately, rototilling
some duplicated code
* globulize(): modify to return a pointer to the strdup()ed result in all cases,
and hack the code that calls it to take this into account
* replace strcpy() and strncpy() with strlcpy()
* put(), getit(): use some aptly named local vars instead of argv[...]
* delint

* idle(): rename to idlecmd(). certain linux distributions have an incompatible
prototype for idle() in <unistd.h> (which i thought was against namespace
and sensibility guidelines, but...)
* consistently use xsignal() instead of signal(). we get known behaviour
in all cases (SA_RESTART), which is good for some borken foreign systems.
* remove signal.h from most files; it's unnecessary now
* fetch_url(): use `long chunksize' instead of ssize_t; it's more portable, and
we're setting chunksize with strtol() anyway
* xsignal(): only use SA_RESTART if it exists. SunOS 4.x doesn't have it
but has the inverse (SA_INTERRUPT). the original function i was inspired
from had this support (lib/signal.c, W. Richard Stevens' `UNP 2nd ed Vol 1').
* remove <termios.h> from util.c; it should be unnecessary now

* use %lld instead of %qd to print out (long long) vars.
(slightly more portable; e.g, solaris supports this)
* remove some fluff (lint)

use an off_t instead of quad_t (or long #ifndef NO_QUAD) to store the
temporary restart point. (yet another portability fix...)

* finish replacing snprintf() with sprintf(), for portability reasons.
add lots of comments about how to size up the buffers, and add extra
checks to hopefully ensure that there won't be an overflow (unless
someone modifies the length of the sprintf()s).
* as part of the above, slightly rework the way the `*' bar is calculated.
also fixes a display bug when > 160 stars were needed to be printed.
the maximum progress bar width at this time is 256.
* remove some code that checks the port that was #if 0-ed out as part of the
ipv6 migration; it's not going to be used again.

branches: 1.58.2;
* add support for `xferbuf', which sets both `sndbuf' and `rcvbuf'
* document the above three commands
* rototill the way the sndbuf and rcvbuf work. remove resetsockbufsize()
* use the appropriate socket buffer size as the size of the buffer that
the read()/write() loops use. speeds up things in some cases.

replace snprintf() with strlcpy(), strlcat(), or direct assignment
where appropriate. (strlc*() are easier to port to foriegn systems).

XXX; there's still a few snprintf's in the progress meter stuff to convert

reword EPSV status line

add epsv4 command, which enable/disable the use of EPSV/EPRT.

this is mainly for (hypothetical) ftp server which disconnect clients
that use EPSV/EPRT. I've never seen any ftp server like this, but
epsv4 command may be of use when such an ftp server is found.

add dual-stack (IPv4/v6) support. hope I broke no other part...

s/xfer/transfer/

[fear this; more ftp hacking from lukem :-]

features:

split the "SMALL" #ifdefs into ones for NO_ABOUT, NO_EDITCOMPLETE, and
NO_PROGRESS. -DSMALL still implies all of those. progress meter support
isn't necessary for the smallest possible ftp client, but it adds very
little space and makes users' lives much better. Therefore, it should
be enabled for installation media if at all possible.

use default pager if $PAGER=""

* fix gate mode to login as `user@realhost' rather than using PASSERVE;
the latter only seemed to work for TIS Gauntlet and not TIS fwtk.
thanks to simonb@netbsd.org for testing this. fixes [bin/5556].
* if EOF (e.g, ^D) is entered at a username/password/account prompt which
happens to use fgets(), exit the login rather than treating EOF as CR.
* don't use the comma operator where separate statements are valid
* always use snprintf to copy stuff into malloced buffers, just in case
typos creep in and mean that the buffer ends up being overflowed

update copyright

branches: 1.47.2;
whitespace & copyright fixes

* -v enables verbose & progress, -V disables both
* set setvbuf(ttyout, NULL, _IOLBF, 0) and remove a bunch of fflush(ttyout).
* use fwrite() instead of write() for progressmeter (don't intermix stdio
with non stdio ops)

flush ttyout in togglevar()

* hash & progress are mutually exclusive. [noted by mrg@netbsd.org]
* in autofetch mode, don't attempt to 'cd /' on first xfer (only on
subsequent xfers), as some ftp daemons don't permit that.
[noted by dbj@netbsd.org].
XXX: code could be smarter (but a lot more complicated to boot); this
works for now.

replace command(buf) with command("%s", buf) in quote1(), thus preventing
'quote' commands that contain % formats from being mis-intepreted.
noted by Lundman <lundman@argonaut.com> on current-users@netbsd.org

use <limits.h> for INT_MAX (more portable)

features:
* support $no_proxy, which is a comma or space separated list of
host[:port] elements for which proxying is to be disabled.
(asked for by cgd in [bin/5027])
* if $FTPANONPASS is defined, use that as the anon ftp password
(instead of "`whoami`@")
* allow http URL's without a filename as long as an output file
is specified.

other stuff:
* implement parse_url(), which breaks up a URL into its bits, and use.
* simplify url_get() and auto_fetch() to use parse_url() and to not
modify the supplied URL or a copy of it.
* implement xmalloc() and xstrdup(); error-checked malloc()/strdup()
* add more consistency to messages, quoting strings in output as `%s'

* spell `retrieved' correctly!
* parse Last-Modified: HTTP headers for date, and change time of
retrieved file if parsing succeeded
* support file:/// and file://localhost/ URLs
* in url_get(), re-write byte moving code to consistently use fread()
and fwrite(), and check errors at end with ferror()
* add about:* easter-egg (#ifndef SMALL :-)

Add "sndbuf" and "rcvbuf" commands for setting the socket buffer sizes,
which in turn can allow the use of larger TCP windows. This is a work in
progress; there is not yet support for specifying global defaults or
user prefrences on a host/network basis.

GLOB_QUOTE is dead; per POSIX, backslash quoting of special characters being
enabled is the default behaviour.

some fixes & enhancements from openbsd's ftp, with extra fixes by me:
* default to passive with active fallback. $FTPMODE modifies this behaviour.
-A forces active connection.
* support '-o outfile' for auto-fetched files. outfile can be a file,
`-' (for stdout), or '|command' (to output each file through command).
* support '-r waittime', which retries the connection after waittime seconds
if it fails.
* fix 'page file' when restart is non-zero.
* try all ip-addresses of a host in a http fetch (as the normal ftp fetch
does).

XXX: a ``broken pipe'' error sometimes occurs with -o '|command';
i haven't tracked this down yet.

- add <signal.h> since we are using signals.
- cast arg to is*() to unsigned char.
- don't require quad_t to exist to compile.

Need <time.h> for asctime() and localtime() prototypes.

define MAX_IN_PORT_T and use instead of USHRT_MAX. suggested by cgd@netbsd.org

* ensure buffer for username is initialised, so ^D on username prompt
doesn't use garbage for the username. from "Soren S. Jorvang" <soren@t.dk>
in [bin/4559]
* use in_port_t for ports, and USHRT_MAX instead of 0xffff
(from millert@openbsd.org)
* use `NULL' instead of `(.... *)0' where appropriate.

correctly detect good vs bad hash mark values. (found by <enami@netbsd.org>)

* in recvrequest(), ignore restart_point unless "RETR"ieving. fixes problems
where a remote completion or `mget' would confuse the client a `restart'
had been issued beforehand. now, `restart' is remembered until an operation
that can actually use it is invoked.
* in sendrequest(), don't reset restart_point upon entry. fixes `restart'
for `put' operations.
* if `restart' is invoked with no arguments, print current setting instead
of displaying a usage
* consistently use printf("%qd", (long long)restart_point) when displaying
restart_point
* use strto[lq]() instead of atol() when parsing `mark' and `restart' values
* remove unnecessary strlen()s when result of previous snprintf() will do
* replace a few malloc()/strcpy()s with strdup()s
* use SECSPERHOUR instead of '3600'

branches: 1.30.2;
add a space to restart message. from geoff wing in [bin/4161]

More cleanups from Todd Miller <Todd.Miller@courtesan.com>:
* Use an int, not "union wait".
* Move the "parsed_url" label so that the next statement is not an "else" --
some ansi C compilers don't like it the old way (SGI's for example).
* Deal with the possibility of getlogin(2) failing.
* Don't error out if the remote server doesn't support the "MDTM" command.

Fixes from Todd Miller <Todd.Miller@courtesan.com>:
* use size_t instead of int in places
* use symbolic constants when using access()

bugs fixed:
* don't interpret '-' or '|' when a local filename is determined from
the remote name (i.e, in mget, and in get with only one argument).
This is implemented using an extra argument to recvrequest().
Fixes a major security hole.
* clean up memory leak when using globulize()
* clean up a couple of comments
* fix wording in TNF copyright

features added:
* support for TIS fwtk gate-ftp servers:
* read defaults from $FTPSERVER && $FTPSERVERPORT
* start in gate-ftp mode if invoked as 'gate-ftp'
* toggle or set with 'gate [host [port]]'

fix compile on alpha:
* cast all %qd printfs to (long long) [inspired by billc@warped.net]
* replace sscanf %qd with strtoq() et al

* use RCSID() && COPYRIGHT() macros
* cleanup for WARNS=1 (including some ugly '(void)&var' bits wrapped in
#ifdef __GNUC__ to shut up gcc warnings WRT setjmp/longjmp)
* use strtol() instead of atoi(), and more extensively check result of
conversion
* use u_int16_t instead of short or int for TCP port addresses

NULL => 0 (Arne Juul; PR#3629)

More enhancements/bugfixes (when will it end?)
* differentiate between being connected, and being logged in
* cleanup some text messages
* support username & password ftp URLs (ftp://user:pass@host/) in non-proxy
situations; assume proxy supports it for proxy situations.
* cd to / before performing any autofetch transfers
* use strncasecmp in URL parsing. fix from <Todd.Miller@courtesan.com>

* support $ftp_proxy for ftp:// transfers [bin/3245]
* add "more" & "less" as synonyms for "page"
* move editline setup code into controlediting(), and call appropriately.
only setup setup terminal if going into interactive mode. inspired
by Todd Miller <todd.miller@courtesan.com>

Fixes from <Todd.Miller@cs.colorado.edu>, with some cleanup and reworks by me:
* only echo "Passive mode" in verbose mode; scripts that use ftp
may get unwanted output otherwise
* disable progress bar and modification time preservation when
retreiving to a non-regular files. fixes progress bar getting in
way of "get file /dev/tty"
* setup el_init() et al if editing is set, not if fromatty.
TODO: migrate this to a function, and call if editing is turned on later
in the session. also implement edit_cleanup if editing is turned off
* call el_set() after setting SIGWINCH handler. This fixes the problem
when suspending in a non-cbreak shell (e.g, csh) would trash your tty mode.
* reset interactive mode correctly in auto_fetch() mget mode

SMALLFTP->SMALL; remove SMALL from Makefile

Features:
* support remglobbing of auto_fetch arguments
* new flag - '-e'; disable editing
* "page file" == "get file |${PAGER-less}"

Bugfixes/cleanup:
* consistently use a trailing '.' on messages
* code cleanup, including buffer overrun fixes, use puts
and putchar in places, etc (inspired by OpenBSD mods)
* disable progress bar when local-file is a pipe or '-'
* skip \r in http headers
* fix remote ftpd slash bug more elegantly (so it works with ////)
* abort_remote(): check if cout==NULL before using it. should fix [bin/3273]
* fixed up cosmetic problems when complete_remote() generated errors from the
remote server (such as "no files found", "login with user and pass", ...)
done by adding extra argument to remglob(), which is a pointer to an error
buffer to put messages in rather than printing to stdout.

[Yet Another Huge Ftp Commit - hopefully the last for a while,
barring any more little things people want added ...]

New features:
* progressmeter is now asynchronous, so "stalled" transfers can be
detected. "- stalled -" is displayed instead of the ETA in this case.
When the xfer resumes, the time that the xfer was stalled for is
factored out of the ETA. It is debatable whether this is better than
not factoring it out, but I like it this way (I.e, if it stalls for 8
seconds and the ETA was 30 seconds, when it resumes the ETA will still
be 30 seconds).
* verbosity can be disabled on the command line (-V), so that in auto-fetch
mode the only lines displayed will be a description of the file, and
the progress bar (if possible)
* if the screen is resized (and detected via the SIGWINCH signal), the
progress bar will rescale automatically.

Bugs fixed:
* progress bar will not use the last character on the line, as this can
cause problems on some terminals
* screen dimensions (via ioctl(TIOCWINSZ)) should use stdout not stdin
* progressmeter() used some vars before initialising them
* ^D will quit now. [fixes bin/3162]
* use hstrerror() to generate error message for host name lookup failure.
* use getcwd instead of getwd (it should have been OK, but why tempt fate?)
* auto-fetch transfers will always return a positive exit value upon failure
or interruption, relative to the file's position in argv[].
* remote completion of / will work, without putting a leading "///".
This is actually a bug in ftpd(1), where "NLST /" prefixes all names
with "//", but fixing every ftpd(1) is not an option...

Add missing ;

New features:
* Command line editing via editline(3) library.
* Context sensitive command and file completion, including remote files.

Enhancements to auto-fetch feature:
* Support for http:// URLs using the http protocol, including proxy HTTP
support via $htty_proxy if it's defined.
* The connection is kept open between successive files on the same host.
(obviously, this does not count for http requests.)
* Return value of ftp is 0 on no error, or the offset in argv[] of the file
which failed (i.e., argv[x] failed, ftp returns x).
* If the path in an ftp URL or classic format line has a trailing '/',
cd to the path and enter interactive mode. Fixes [bin/3011], albiet
requiring the user to help ftp in determining the operation.

Other changes:
* '-P port' works for normal ftp, and is the default for all classic style
auto-fetch transfers and for ftp URLs that don't specify the port.
(previously it would just work for the first xfer.)
* Some code moved into separated files along logical divisions.
* Editing and completion can be compiled out with -DSMALLFTP.

RCS ID police

doproxy(): remove leading "proxy " from input buffer so if another() is called
and line[] is reparsed to build margc/margv, commands don't get confused.

* preserve modtime if size is 0 [bin/3040, Enami Tsugutomo]
* in autofetch mode, don't retry a file if the connection failed - skip it
and move to the next file. [bin/3051, Matt Green]
* only print error messages from SIZE or MDTM if the user used 'size' or
'modt' (respectively). prevents extraneous warnings during normal transfers
when connected to a site which doesn't support these (behaviour prior to
last commit), but still allows error feedback to specific user requests
for this info (which the last commit broke).
* 'account': only accept one optional argument
* if invoked as pftp, default to passive mode on (from FreeBSD)
* remove leading '0 ' in progress bar - looked ugly
* use warn instead of perror
* use strncpy when src isn't known to have safe length
* remglob(): use mkstemp() to prevent symlink games, and don't override
_PATH_TMP, use it as the prefix to the temp file

- Don't print the '500 command not understood' reply for the SIZE and
MDTM commands which are not supported by all ftp servers, unless we
are in debugging mode.

functionality mods:
* implement 'progress bar/meter' (inspired by ncftp). use 'progress' to
toggle on. it will display current file size to 5 digits, automatically
determining suffix (up to 16384 P (petabytes) == 2^64).
* 'ls' now uses NLST (unadorned listing), a la older ftp clients. 'dir'
still does LIST (long listing). idea from John Nemeth <jnemeth@cue.bc.ca>

bug fixes:
* return first line of reply in reply_string[] from getreply(), instead
of last line. This fixes [bin/741] (parsing of SYST), and also means
that SIZE and MDTM messages will be parsed correctly if they're longer
than 1 line.
* parse URL-style auto-ftps that have no filename correctly
(e.g, ftp://host, ftp://host/, ftp://host/dir/). pointed out by
Jaromir Dolecek <dolecek@saruman.ics.muni.cz>
* pass the correct size array in 2nd arg of utimes() when setting the
modification time

More features, some of which were inspired by changes that
friedman@gnu.ai.mit.edu (Noah Friedman) made to his modified ftp:
- implement "lpwd" - local pwd
- implement "preserve" - toggle preserving of file modification
times on retrieved files
- allow for explicit "on" or "off" arg to toggle commands
- "exit" synonym for "quit", "msend" synonym for "mput"
- in confirmation mode, allow 'a' (yes to rest of current command),
and 'p' (turn off prompt mode, as if 'prompt off' was done,
effective immediately)
- "modtime" returns time formatted as localtime, not GMT

Bug fixes:
- check for extraneous args on commands
- cleanup const usage, line formatting
- create 0 length temporary file in remglob() to prevent symlink games
(from OpenBSD)
- check length of filename of ~/.netrc (from OpenBSD)

cleanups/bugfixes:
- don't echo 'ACCT' parameter when debugging (a la 'PASS')
- Fix checking of directory access for "/foo", the parent
directory is "/", not "" (from FreeBSD)
- remove trailing whitespace on lines
- add any missing NetBSD tags
- cleanups to man page, includinging sorting options description

feature additions:
- variable sized hash marks (from [bin/683], but done in the hash command
as an optional arg)
- more user-friendly transfer time printing (from FreeBSD, with mods)
- '-p' command line option to jump into PASV mode (closes [bin/2857],
but with an option rather than checking argv[0])
- SIGINFO support for printing xfer stats when sending/receiving requests
- '-P port' for changing the port to connect to (from thorpej@netbsd.org)
- '-a': bypass normal login, and try anonymous login (from OpenBSD
via thorpej)
- autofetch files via url (ftp://...) or "classic" (host:/file)
(from OpenBSD via thorpej)
- 'ftp' synonymous with 'open' (from FreeBSD)

Sync with 4.4lite2

Null terminate case-mapped filenames (PR #640).

branches: 1.6.2;
Add RCS ids.

passive mode support, from David Carrel <carrel@cisco.com>, and cleaned
up for the new ftp sources by me.

clean up import, no local changes.

off_t foo

Add RCS identifiers.

branches: 1.1.1; 1.1.2;
Initial revision

ftp: connect is a synonym for open

As we have disconnect as a synonym for close,
add connect as a synonym for open.

Suggested by Colby Russell in email.

Add option sslnoverify to control validation of SSL certificates.
Add netrc processing to fetch-mode (URL on command line) to enable options and autologin
via netrc.
Fix SSL cleanup in some error paths.

Certificate validation is now enabled by default. Set FTPSSLNOVERIFY=1 in environment
or configure a corresponding init macro via netrc to not validate certs (required if
you haven't installed a required CA certificate for OpenSSL).

Discussed with lukem@ on icb.

branches: 1.52.40;
document https support, mentioning certificates are not validated, and obey
https_proxy.

branches: 1.51.6; 1.51.8; 1.51.12;
Fix numerous WARNS=4 issues (-Wcast-qual -Wsign-compare).

branches: 1.50.6;
update copyrights

Add epsv6 and epsv to disable extended passive mode for ipv6 or both ipv4 and ipv6 respectively. This hack is due to our friends a Juniper Networks who break
epsv in ipv6. Should be fixed in ScreenOS 6.2.X.

branches: 1.48.2;
Remove clause 3 and 4 from TNF licenses

branches: 1.47.10;
Revert rename of "debug" command from "ftp_debug" back to "debug".

rename debug to ftp_debug. grr libssh.

copyright maintenance

gratuitous whitespace cleanup (before someone else jumps the gun...)

branches: 1.43.2;
Fix bug in Christos' recent cleanup which broke the "help" and "rhelp" commands.

Save approximately 8K by not including http authentication, extended status
messages and help strings when the appropriate options are set.

Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22365, verified by myself.

Improve description of help text for "passive".
Noted by Yar Tikhiy <yar at FreeBSD.org> in private email.

- implement "mreget"; as per "mget" but uses "reget" instead of "get"
- add -N netrc and $NETRC, as methods to select an alternative .netrc file
- cache local user name and home directory for further use
- in mget(), use docase() instead of a local version to do the case
conversion.

since everything else here uses ANSI C, we might as well replace __STRING()
with the ANSI C stringization stuff...

rename "opts" to "remopts", so people used to "o host" don't get bitten...

add support for FEAT and OPTS commands with `features' and `opts'.
(from RFC 2389).

add support for MLST & MLSD (machine parseble listings) with 'mlst', 'mlsd'
and 'pmlsd' (mlsd |$PAGER) commands. (from draft-ietf-ftpext-mlst-11)

rename remotesyst() to getremoteinfo(), and modify to parse the result from
FEAT (if supported), and take into account the support for the various
extensions such as MDTM, SIZE, REST (STREAM), MLSD, and FEAT/OPTS.
put each feature into one of the following categories:
- known to work (explicit FEAT)
- unknown but assume works until explicit failure, when it's
then tagged as `known not to work'.
- known not to work (FEAT succeeded but didn't return anything,
or was unknown and then explicit failure)
assign results into features[] matrix.

add support to getreply() so that an optional callback will be called
for each line received from the server except for the first and last.
this is used in FEAT (and MLST) parsing.

modify various commands to check if REST (STREAM), MDTM and SIZE are
explicitly or implicitly supported before using.

fix `syst' when verbose is off.

minor knf (indent goto labels by one space, etc).

simply various command usage handlers by assuming that argv != NULL except
for quit() and disconnect().

* Add support for `fget localfile', which reads a list of filenames to
retrieve from localfile. Based on work by Darren Reed.
* Crank version.
* Update copyright dates.

- implement `set rprompt'; right side version of `set prompt'. depends on
EL_RPROMPT support i added to editline(3).
- allow $FTPPROMPT and $FTPRPROMPT to override defaults for the relevant
prompts
- move `%' formatting code from prompt() to expandbuf().
- implement `%.' and `%c', similar to the same % codes in tcsh(1)
(functionality I added to tcsh nearly 6 years ago), except that `%.'
always does `...trailing' and `%c' always does `/<x>trailing'.
- unknown `%foo' codes get printed as `%foo'

- implement updateremotepwd(); update the global variable `remotepwd'
to contain the remote working directory.
- add `set prompt', a user configurable prompt. (defaults to `ftp> ').
the following escape characters a la tcsh(1) are supported: %/, %m,
%M, and %n.
- add global var `username'; used by prompt code
- fix a couple of minor memory leaks
- bump version

new features:
- add `usage'; displays the usage of a command.
implemented by calling the c_handler() with argc = 0, argv = "funcname".
- add `passive auto'; does the same as $FTPMODE=auto.
- add `set [option value]'; display all options, or set an option to a value.
- add `unset option'; unset an option.
- add getoptionvalue() to retrieve an option's value, and replace a few
global variables with calls to this.
- implement cleanuppeer(), which resets various bits of state back to
`disconnected'. call in disconnect() and lostpeer().
- support completing on `options'.
- improve recovery after a SIGINT may have closed the connection.
XXX: there's still a couple to fix

other stuff:
- various consistency fixes in the man page.
- ensure that the command usage strings in the code and man page match reality.
- mput/mget: check that the connection still exists before each xfer.
- minor cosmetic changes in confirm().
- set code correctly in sizecmd() and modtime()
- don't need \n in err() strings.
- change lostpeer to take an argument (rather than casting (sig_t)lostpeer
in signal handlers)
- knf and whitespace police.

add TNFi copyright to all files i've done more than a minor amount of work to...

enhancments from Marc Horowitz <marc@mit.edu> to improve connection timeouts:
* implement xsignal_restart(), which only sets the SA_RESTART flag if
specifically requested
* xsignal() is now a wrapper to xsignal_restart(). INFO, USR1, USR2 and WINCH
are restartable, ALRM, INT, PIPE and QUIT are not.
* improve getreply()'s timeout code to take advantage of the above.

other changes:
* improve wording of how globbing works for `classic' URLs (host:path).
suggested by John Refling <johnr@imageworks.com> in relation to PRs
[bin/8519] and [bin/8520]
* always compile in the `edit' command even if NO_EDITCOMPLETE defined.
it's just a no-op in the latter case, which is more consistent to
the users.
* always compile in about: support (i.e, remove NO_ABOUT).
i'm entitled to some vanity in this program...
* clean up some whitespace

* newer takes an optional second arg, so document this
* be a bit more explicit that the arguments to rate are in bytes

* add new commands:
lpage page local files
pdir as dir, but through your $PAGER
pls as ls, but through your $PAGER
* implement docase() (a la dotrans() et al) and use appropriately, rototilling
some duplicated code
* globulize(): modify to return a pointer to the strdup()ed result in all cases,
and hack the code that calls it to take this into account
* replace strcpy() and strncpy() with strlcpy()
* put(), getit(): use some aptly named local vars instead of argv[...]
* delint

* idle(): rename to idlecmd(). certain linux distributions have an incompatible
prototype for idle() in <unistd.h> (which i thought was against namespace
and sensibility guidelines, but...)
* consistently use xsignal() instead of signal(). we get known behaviour
in all cases (SA_RESTART), which is good for some borken foreign systems.
* remove signal.h from most files; it's unnecessary now
* fetch_url(): use `long chunksize' instead of ssize_t; it's more portable, and
we're setting chunksize with strtol() anyway
* xsignal(): only use SA_RESTART if it exists. SunOS 4.x doesn't have it
but has the inverse (SA_INTERRUPT). the original function i was inspired
from had this support (lib/signal.c, W. Richard Stevens' `UNP 2nd ed Vol 1').
* remove <termios.h> from util.c; it should be unnecessary now

branches: 1.26.2;
* add support for `xferbuf', which sets both `sndbuf' and `rcvbuf'
* document the above three commands
* rototill the way the sndbuf and rcvbuf work. remove resetsockbufsize()
* use the appropriate socket buffer size as the size of the buffer that
the read()/write() loops use. speeds up things in some cases.

add epsv4 command, which enable/disable the use of EPSV/EPRT.

this is mainly for (hypothetical) ftp server which disconnect clients
that use EPSV/EPRT. I've never seen any ftp server like this, but
epsv4 command may be of use when such an ftp server is found.

add dual-stack (IPv4/v6) support. hope I broke no other part...

[fear this; more ftp hacking from lukem :-]

features:

include <signal.h> explicitly! we use sig_t extern.h, and we cannot
depend on other headers fetching it on other OS's.

split the "SMALL" #ifdefs into ones for NO_ABOUT, NO_EDITCOMPLETE, and
NO_PROGRESS. -DSMALL still implies all of those. progress meter support
isn't necessary for the smallest possible ftp client, but it adds very
little space and makes users' lives much better. Therefore, it should
be enabled for installation media if at all possible.

branches: 1.20.2;
whitespace & copyright fixes

* spell `retrieved' correctly!
* parse Last-Modified: HTTP headers for date, and change time of
retrieved file if parsing succeeded
* support file:/// and file://localhost/ URLs
* in url_get(), re-write byte moving code to consistently use fread()
and fwrite(), and check errors at end with ferror()
* add about:* easter-egg (#ifndef SMALL :-)

Add "sndbuf" and "rcvbuf" commands for setting the socket buffer sizes,
which in turn can allow the use of larger TCP windows. This is a work in
progress; there is not yet support for specifying global defaults or
user prefrences on a host/network basis.

branches: 1.17.2;
bugs fixed:
* don't interpret '-' or '|' when a local filename is determined from
the remote name (i.e, in mget, and in get with only one argument).
This is implemented using an extra argument to recvrequest().
Fixes a major security hole.
* clean up memory leak when using globulize()
* clean up a couple of comments
* fix wording in TNF copyright

features added:
* support for TIS fwtk gate-ftp servers:
* read defaults from $FTPSERVER && $FTPSERVERPORT
* start in gate-ftp mode if invoked as 'gate-ftp'
* toggle or set with 'gate [host [port]]'

* use RCSID() && COPYRIGHT() macros
* cleanup for WARNS=1 (including some ugly '(void)&var' bits wrapped in
#ifdef __GNUC__ to shut up gcc warnings WRT setjmp/longjmp)
* use strtol() instead of atoi(), and more extensively check result of
conversion
* use u_int16_t instead of short or int for TCP port addresses

* support $ftp_proxy for ftp:// transfers [bin/3245]
* add "more" & "less" as synonyms for "page"
* move editline setup code into controlediting(), and call appropriately.
only setup setup terminal if going into interactive mode. inspired
by Todd Miller <todd.miller@courtesan.com>

SMALLFTP->SMALL; remove SMALL from Makefile

Features:
* support remglobbing of auto_fetch arguments
* new flag - '-e'; disable editing
* "page file" == "get file |${PAGER-less}"

Bugfixes/cleanup:
* consistently use a trailing '.' on messages
* code cleanup, including buffer overrun fixes, use puts
and putchar in places, etc (inspired by OpenBSD mods)
* disable progress bar when local-file is a pipe or '-'
* skip \r in http headers
* fix remote ftpd slash bug more elegantly (so it works with ////)
* abort_remote(): check if cout==NULL before using it. should fix [bin/3273]
* fixed up cosmetic problems when complete_remote() generated errors from the
remote server (such as "no files found", "login with user and pass", ...)
done by adding extra argument to remglob(), which is a pointer to an error
buffer to put messages in rather than printing to stdout.

New features:
* Command line editing via editline(3) library.
* Context sensitive command and file completion, including remote files.

Enhancements to auto-fetch feature:
* Support for http:// URLs using the http protocol, including proxy HTTP
support via $htty_proxy if it's defined.
* The connection is kept open between successive files on the same host.
(obviously, this does not count for http requests.)
* Return value of ftp is 0 on no error, or the offset in argv[] of the file
which failed (i.e., argv[x] failed, ftp returns x).
* If the path in an ftp URL or classic format line has a trailing '/',
cd to the path and enter interactive mode. Fixes [bin/3011], albiet
requiring the user to help ftp in determining the operation.

Other changes:
* '-P port' works for normal ftp, and is the default for all classic style
auto-fetch transfers and for ftp URLs that don't specify the port.
(previously it would just work for the first xfer.)
* Some code moved into separated files along logical divisions.
* Editing and completion can be compiled out with -DSMALLFTP.

RCS ID police

functionality mods:
* implement 'progress bar/meter' (inspired by ncftp). use 'progress' to
toggle on. it will display current file size to 5 digits, automatically
determining suffix (up to 16384 P (petabytes) == 2^64).
* 'ls' now uses NLST (unadorned listing), a la older ftp clients. 'dir'
still does LIST (long listing). idea from John Nemeth <jnemeth@cue.bc.ca>

bug fixes:
* return first line of reply in reply_string[] from getreply(), instead
of last line. This fixes [bin/741] (parsing of SYST), and also means
that SIZE and MDTM messages will be parsed correctly if they're longer
than 1 line.
* parse URL-style auto-ftps that have no filename correctly
(e.g, ftp://host, ftp://host/, ftp://host/dir/). pointed out by
Jaromir Dolecek <dolecek@saruman.ics.muni.cz>
* pass the correct size array in 2nd arg of utimes() when setting the
modification time

More features, some of which were inspired by changes that
friedman@gnu.ai.mit.edu (Noah Friedman) made to his modified ftp:
- implement "lpwd" - local pwd
- implement "preserve" - toggle preserving of file modification
times on retrieved files
- allow for explicit "on" or "off" arg to toggle commands
- "exit" synonym for "quit", "msend" synonym for "mput"
- in confirmation mode, allow 'a' (yes to rest of current command),
and 'p' (turn off prompt mode, as if 'prompt off' was done,
effective immediately)
- "modtime" returns time formatted as localtime, not GMT

Bug fixes:
- check for extraneous args on commands
- cleanup const usage, line formatting
- create 0 length temporary file in remglob() to prevent symlink games
(from OpenBSD)
- check length of filename of ~/.netrc (from OpenBSD)

Correct the connecthelp info. This is really ftp, not tftp.

cleanups/bugfixes:
- don't echo 'ACCT' parameter when debugging (a la 'PASS')
- Fix checking of directory access for "/foo", the parent
directory is "/", not "" (from FreeBSD)
- remove trailing whitespace on lines
- add any missing NetBSD tags
- cleanups to man page, includinging sorting options description

feature additions:
- variable sized hash marks (from [bin/683], but done in the hash command
as an optional arg)
- more user-friendly transfer time printing (from FreeBSD, with mods)
- '-p' command line option to jump into PASV mode (closes [bin/2857],
but with an option rather than checking argv[0])
- SIGINFO support for printing xfer stats when sending/receiving requests
- '-P port' for changing the port to connect to (from thorpej@netbsd.org)
- '-a': bypass normal login, and try anonymous login (from OpenBSD
via thorpej)
- autofetch files via url (ftp://...) or "classic" (host:/file)
(from OpenBSD via thorpej)
- 'ftp' synonymous with 'open' (from FreeBSD)

Sync with 4.4lite2

branches: 1.5.2;
Add RCS ids.

passive mode support, from David Carrel <carrel@cisco.com>, and cleaned
up for the new ftp sources by me.

clean up import, no local changes.

Add RCS identifiers.

branches: 1.1.1; 1.1.2;
Initial revision

pass some lint.

branches: 1.47.10; 1.47.12;
PR/53916: Rob Gill: remove redundant assignment to matchlen.

branches: 1.46.38; 1.46.46;
Fix numerous WARNS=4 issues (-Wcast-qual -Wsign-compare).

fix -Wshadow issues

branches: 1.44.6;
update copyrights

Remove clause 3 and 4 from TNF licenses

branches: 1.42.10;
* Implement -s srcaddr; uses srcaddr as the local IP address for all
connections.
Based on code in the version of ftp that FreeBSD had before they
replaced it with lukemftp.
* Move error message handling into ftp_connect() rather than in the
caller, so that more specific error reporting can occur.
* Improve consistency of various warning and error messages.

Rename xfoo() to ftp_foo() to avoid collisions with libssh. Don't ask.

copyright maintenance

Some const cleanups.

branches: 1.38.12;
convert to ANSI KNF

complete_ambiguous(): be consistent about completing unambiguous matches; if
the word is already complete then return CC_REFRESH so that the higher layer
may append a suffix if necessary. Fix from Launey Thomas <ljt@alum.mit.edu>.

* implement xsl_init() and xsl_add(); error checking forms of sl_{init,add}()
* fix bug where the second press of <TAB> on an empty word (i.e, list
all options) may have resulted in an strncmp() against NULL. (detected
by _DIAGASSERT())

* complete_remote(): use remglob("", ...) instead of remglob(".", ...),
for listings of the current working directory; some ftp servers don't
like `NLST .'.
[noted by Giles Lean <giles@nemeton.com.au>]
* recvrequest(): treat remote=="" as remote==NULL when calling command().
(to support the above change)
* support `[user@]' in `[user@]host' and `[user@]host[:][path]'.
[based on idea (and initial code) from David Maxwell <david@fundy.ca>]
* `idle' may be invoked without any args
* reformat some comments
* reformat usage string in program and man page
* call updateremotepwd() after successful login, not after successful connect
* always call setsockopt(, IPPROTO_IP, IP_TOS, ) (et al); using #if
defined(IPPROTO_IP) doesn't work on certain foreign systems where
enums instead of #defines are used...
[noted by Matthias Pfaller <leo@dachau.marco.de>]

new features:
- add `usage'; displays the usage of a command.
implemented by calling the c_handler() with argc = 0, argv = "funcname".
- add `passive auto'; does the same as $FTPMODE=auto.
- add `set [option value]'; display all options, or set an option to a value.
- add `unset option'; unset an option.
- add getoptionvalue() to retrieve an option's value, and replace a few
global variables with calls to this.
- implement cleanuppeer(), which resets various bits of state back to
`disconnected'. call in disconnect() and lostpeer().
- support completing on `options'.
- improve recovery after a SIGINT may have closed the connection.
XXX: there's still a couple to fix

other stuff:
- various consistency fixes in the man page.
- ensure that the command usage strings in the code and man page match reality.
- mput/mget: check that the connection still exists before each xfer.
- minor cosmetic changes in confirm().
- set code correctly in sizecmd() and modtime()
- don't need \n in err() strings.
- change lostpeer to take an argument (rather than casting (sig_t)lostpeer
in signal handlers)
- knf and whitespace police.

add TNFi copyright to all files i've done more than a minor amount of work to...

* add new commands:
lpage page local files
pdir as dir, but through your $PAGER
pls as ls, but through your $PAGER
* implement docase() (a la dotrans() et al) and use appropriately, rototilling
some duplicated code
* globulize(): modify to return a pointer to the strdup()ed result in all cases,
and hack the code that calls it to take this into account
* replace strcpy() and strncpy() with strlcpy()
* put(), getit(): use some aptly named local vars instead of argv[...]
* delint

* idle(): rename to idlecmd(). certain linux distributions have an incompatible
prototype for idle() in <unistd.h> (which i thought was against namespace
and sensibility guidelines, but...)
* consistently use xsignal() instead of signal(). we get known behaviour
in all cases (SA_RESTART), which is good for some borken foreign systems.
* remove signal.h from most files; it's unnecessary now
* fetch_url(): use `long chunksize' instead of ssize_t; it's more portable, and
we're setting chunksize with strtol() anyway
* xsignal(): only use SA_RESTART if it exists. SunOS 4.x doesn't have it
but has the inverse (SA_INTERRUPT). the original function i was inspired
from had this support (lib/signal.c, W. Richard Stevens' `UNP 2nd ed Vol 1').
* remove <termios.h> from util.c; it should be unnecessary now

* replace ifdefs against __SVR4 and __linux__ with DIRENT_MISSING_D_NAMLEN;
it's more portable and more obvious
* remove the mkgmtime() && HAVE_TIMEGM stuff:
a) why should netbsd have to define HAVE_TIMEGM to compile cleanly?
b) foreign compiles of ftp should just be linked with working
timegm function

a more portable version of this ftp client will be released as a 3rdparty
product; no use polluting our code with half-baked attempts...

* use %lld instead of %qd to print out (long long) vars.
(slightly more portable; e.g, solaris supports this)
* remove some fluff (lint)

in complete(), only copy the word if there is one.
`cd <TAB>' was triggering _DIAGASSERT(src != NULL)).

branches: 1.27.2;
replace snprintf() with strlcpy(), strlcat(), or direct assignment
where appropriate. (strlc*() are easier to port to foriegn systems).

XXX; there's still a few snprintf's in the progress meter stuff to convert

don't do unnecessary const castaways

include <signal.h> explicitly! we use sig_t extern.h, and we cannot
depend on other headers fetching it on other OS's.

split the "SMALL" #ifdefs into ones for NO_ABOUT, NO_EDITCOMPLETE, and
NO_PROGRESS. -DSMALL still implies all of those. progress meter support
isn't necessary for the smallest possible ftp client, but it adds very
little space and makes users' lives much better. Therefore, it should
be enabled for installation media if at all possible.

oops reversed the test.

Make this compile on linux [zoularis on linux works]

branches: 1.21.2;
whitespace & copyright fixes

during an ambiguous complete, take into account the length of the
string already input before inserting the non-ambiguous component.
bug noted by Thorsten Frueauf <frueauf@ira.uka.de> in [bin/7014]

whitespace

changes to fix [bin/6951] by Peter Simons <simons@cys.de>:
* implement ftpvis(), which \ quotes the following in the given string:
SP, TAB, \, CR, "
* use ftpvis() in complete_ambiguous(), to escape characters in a word
which would confuse makeargv()/slurpstring().

complete ~ in local paths (noted by perry@netbsd.org)

minor workaround for borken compilers

features:
* support $no_proxy, which is a comma or space separated list of
host[:port] elements for which proxying is to be disabled.
(asked for by cgd in [bin/5027])
* if $FTPANONPASS is defined, use that as the anon ftp password
(instead of "`whoami`@")
* allow http URL's without a filename as long as an output file
is specified.

other stuff:
* implement parse_url(), which breaks up a URL into its bits, and use.
* simplify url_get() and auto_fetch() to use parse_url() and to not
modify the supplied URL or a copy of it.
* implement xmalloc() and xstrdup(); error-checked malloc()/strdup()
* add more consistency to messages, quoting strings in output as `%s'

some fixes & enhancements from openbsd's ftp, with extra fixes by me:
* default to passive with active fallback. $FTPMODE modifies this behaviour.
-A forces active connection.
* support '-o outfile' for auto-fetched files. outfile can be a file,
`-' (for stdout), or '|command' (to output each file through command).
* support '-r waittime', which retries the connection after waittime seconds
if it fails.
* fix 'page file' when restart is non-zero.
* try all ip-addresses of a host in a http fetch (as the normal ftp fetch
does).

XXX: a ``broken pipe'' error sometimes occurs with -o '|command';
i haven't tracked this down yet.

* use CC_REFRESH_BEEP in an ambiguous complete (recently added to -ledit)
* in command completion, append a space to a definite match
* in local path completion, append a space or / to a definite match,
depending if the path is a non-directory or directory respectively
(nothing added to remote path completion yet, until a simple sane method
of determining if the path is a directory or not is available).

- cast arg to is*() to unsigned char.
- don't require d_namlen to exist
- don't recompute the length of the file everytime around the loop.

branches: 1.11.2;
Fixes from Todd Miller <Todd.Miller@courtesan.com>:
* use size_t instead of int in places
* use symbolic constants when using access()

bugs fixed:
* don't interpret '-' or '|' when a local filename is determined from
the remote name (i.e, in mget, and in get with only one argument).
This is implemented using an extra argument to recvrequest().
Fixes a major security hole.
* clean up memory leak when using globulize()
* clean up a couple of comments
* fix wording in TNF copyright

features added:
* support for TIS fwtk gate-ftp servers:
* read defaults from $FTPSERVER && $FTPSERVERPORT
* start in gate-ftp mode if invoked as 'gate-ftp'
* toggle or set with 'gate [host [port]]'

* use RCSID() && COPYRIGHT() macros
* cleanup for WARNS=1 (including some ugly '(void)&var' bits wrapped in
#ifdef __GNUC__ to shut up gcc warnings WRT setjmp/longjmp)
* use strtol() instead of atoi(), and more extensively check result of
conversion
* use u_int16_t instead of short or int for TCP port addresses

Simplify NLST parsing code in complete_remote(); just basename each of
the returned names! Fixes parsing problems caused by the differences
between NLST output on BSD, Solaris, and Windows NT.

More enhancements/bugfixes (when will it end?)
* differentiate between being connected, and being logged in
* cleanup some text messages
* support username & password ftp URLs (ftp://user:pass@host/) in non-proxy
situations; assume proxy supports it for proxy situations.
* cd to / before performing any autofetch transfers
* use strncasecmp in URL parsing. fix from <Todd.Miller@courtesan.com>

Fixes from <Todd.Miller@cs.colorado.edu>, with some cleanup and reworks by me:
* only echo "Passive mode" in verbose mode; scripts that use ftp
may get unwanted output otherwise
* disable progress bar and modification time preservation when
retreiving to a non-regular files. fixes progress bar getting in
way of "get file /dev/tty"
* setup el_init() et al if editing is set, not if fromatty.
TODO: migrate this to a function, and call if editing is turned on later
in the session. also implement edit_cleanup if editing is turned off
* call el_set() after setting SIGWINCH handler. This fixes the problem
when suspending in a non-cbreak shell (e.g, csh) would trash your tty mode.
* reset interactive mode correctly in auto_fetch() mget mode

SMALLFTP->SMALL; remove SMALL from Makefile

Deal with SMALLFTP a bit differently [by compiling complete.c]

Features:
* support remglobbing of auto_fetch arguments
* new flag - '-e'; disable editing
* "page file" == "get file |${PAGER-less}"

Bugfixes/cleanup:
* consistently use a trailing '.' on messages
* code cleanup, including buffer overrun fixes, use puts
and putchar in places, etc (inspired by OpenBSD mods)
* disable progress bar when local-file is a pipe or '-'
* skip \r in http headers
* fix remote ftpd slash bug more elegantly (so it works with ////)
* abort_remote(): check if cout==NULL before using it. should fix [bin/3273]
* fixed up cosmetic problems when complete_remote() generated errors from the
remote server (such as "no files found", "login with user and pass", ...)
done by adding extra argument to remglob(), which is a pointer to an error
buffer to put messages in rather than printing to stdout.

[Yet Another Huge Ftp Commit - hopefully the last for a while,
barring any more little things people want added ...]

New features:
* progressmeter is now asynchronous, so "stalled" transfers can be
detected. "- stalled -" is displayed instead of the ETA in this case.
When the xfer resumes, the time that the xfer was stalled for is
factored out of the ETA. It is debatable whether this is better than
not factoring it out, but I like it this way (I.e, if it stalls for 8
seconds and the ETA was 30 seconds, when it resumes the ETA will still
be 30 seconds).
* verbosity can be disabled on the command line (-V), so that in auto-fetch
mode the only lines displayed will be a description of the file, and
the progress bar (if possible)
* if the screen is resized (and detected via the SIGWINCH signal), the
progress bar will rescale automatically.

Bugs fixed:
* progress bar will not use the last character on the line, as this can
cause problems on some terminals
* screen dimensions (via ioctl(TIOCWINSZ)) should use stdout not stdin
* progressmeter() used some vars before initialising them
* ^D will quit now. [fixes bin/3162]
* use hstrerror() to generate error message for host name lookup failure.
* use getcwd instead of getwd (it should have been OK, but why tempt fate?)
* auto-fetch transfers will always return a positive exit value upon failure
or interruption, relative to the file's position in argv[].
* remote completion of / will work, without putting a leading "///".
This is actually a bug in ftpd(1), where "NLST /" prefixes all names
with "//", but fixing every ftpd(1) is not an option...

New features:
* Command line editing via editline(3) library.
* Context sensitive command and file completion, including remote files.

Enhancements to auto-fetch feature:
* Support for http:// URLs using the http protocol, including proxy HTTP
support via $htty_proxy if it's defined.
* The connection is kept open between successive files on the same host.
(obviously, this does not count for http requests.)
* Return value of ftp is 0 on no error, or the offset in argv[] of the file
which failed (i.e., argv[x] failed, ftp returns x).
* If the path in an ftp URL or classic format line has a trailing '/',
cd to the path and enter interactive mode. Fixes [bin/3011], albiet
requiring the user to help ftp in determining the operation.

Other changes:
* '-P port' works for normal ftp, and is the default for all classic style
auto-fetch transfers and for ftp URLs that don't specify the port.
(previously it would just work for the first xfer.)
* Some code moved into separated files along logical divisions.
* Editing and completion can be compiled out with -DSMALLFTP.

- add or adjust /* FALLTHROUGH */ where appropriate
- add __unreachable() after functions that can return but won't in
this case, and thus can't be marked __dead easily

branches: 1.22.38; 1.22.46;
Fix numerous WARNS=4 issues (-Wcast-qual -Wsign-compare).

branches: 1.21.30;
Add NO_USAGE and NO_DEBUG so that we can fit in the floppies again.

branches: 1.20.6;
Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22365, verified by myself.

line2 may overrun if line is too long (> 200). be more careful on strcpy.
XXX strlen(argv[x]) should be checked before copies.

invoke cmdtab.c_handler()s with argv[0] == c_name instead of the
supplied name. that way the full (unambiguous) name is displayed in
error messages and usage strings.

convert to new knf

convert to ANSI KNF

whitespace nits

new features:
- add `usage'; displays the usage of a command.
implemented by calling the c_handler() with argc = 0, argv = "funcname".
- add `passive auto'; does the same as $FTPMODE=auto.
- add `set [option value]'; display all options, or set an option to a value.
- add `unset option'; unset an option.
- add getoptionvalue() to retrieve an option's value, and replace a few
global variables with calls to this.
- implement cleanuppeer(), which resets various bits of state back to
`disconnected'. call in disconnect() and lostpeer().
- support completing on `options'.
- improve recovery after a SIGINT may have closed the connection.
XXX: there's still a couple to fix

other stuff:
- various consistency fixes in the man page.
- ensure that the command usage strings in the code and man page match reality.
- mput/mget: check that the connection still exists before each xfer.
- minor cosmetic changes in confirm().
- set code correctly in sizecmd() and modtime()
- don't need \n in err() strings.
- change lostpeer to take an argument (rather than casting (sig_t)lostpeer
in signal handlers)
- knf and whitespace police.

* idle(): rename to idlecmd(). certain linux distributions have an incompatible
prototype for idle() in <unistd.h> (which i thought was against namespace
and sensibility guidelines, but...)
* consistently use xsignal() instead of signal(). we get known behaviour
in all cases (SA_RESTART), which is good for some borken foreign systems.
* remove signal.h from most files; it's unnecessary now
* fetch_url(): use `long chunksize' instead of ssize_t; it's more portable, and
we're setting chunksize with strtol() anyway
* xsignal(): only use SA_RESTART if it exists. SunOS 4.x doesn't have it
but has the inverse (SA_INTERRUPT). the original function i was inspired
from had this support (lib/signal.c, W. Richard Stevens' `UNP 2nd ed Vol 1').
* remove <termios.h> from util.c; it should be unnecessary now

branches: 1.12.4;
some fixes & enhancements from openbsd's ftp, with extra fixes by me:
* default to passive with active fallback. $FTPMODE modifies this behaviour.
-A forces active connection.
* support '-o outfile' for auto-fetched files. outfile can be a file,
`-' (for stdout), or '|command' (to output each file through command).
* support '-r waittime', which retries the connection after waittime seconds
if it fails.
* fix 'page file' when restart is non-zero.
* try all ip-addresses of a host in a http fetch (as the normal ftp fetch
does).

XXX: a ``broken pipe'' error sometimes occurs with -o '|command';
i haven't tracked this down yet.

- cast arg to is*() to unsigned char.

branches: 1.10.2;
* use RCSID() && COPYRIGHT() macros
* cleanup for WARNS=1 (including some ugly '(void)&var' bits wrapped in
#ifdef __GNUC__ to shut up gcc warnings WRT setjmp/longjmp)
* use strtol() instead of atoi(), and more extensively check result of
conversion
* use u_int16_t instead of short or int for TCP port addresses

Features:
* support remglobbing of auto_fetch arguments
* new flag - '-e'; disable editing
* "page file" == "get file |${PAGER-less}"

Bugfixes/cleanup:
* consistently use a trailing '.' on messages
* code cleanup, including buffer overrun fixes, use puts
and putchar in places, etc (inspired by OpenBSD mods)
* disable progress bar when local-file is a pipe or '-'
* skip \r in http headers
* fix remote ftpd slash bug more elegantly (so it works with ////)
* abort_remote(): check if cout==NULL before using it. should fix [bin/3273]
* fixed up cosmetic problems when complete_remote() generated errors from the
remote server (such as "no files found", "login with user and pass", ...)
done by adding extra argument to remglob(), which is a pointer to an error
buffer to put messages in rather than printing to stdout.

New features:
* Command line editing via editline(3) library.
* Context sensitive command and file completion, including remote files.

Enhancements to auto-fetch feature:
* Support for http:// URLs using the http protocol, including proxy HTTP
support via $htty_proxy if it's defined.
* The connection is kept open between successive files on the same host.
(obviously, this does not count for http requests.)
* Return value of ftp is 0 on no error, or the offset in argv[] of the file
which failed (i.e., argv[x] failed, ftp returns x).
* If the path in an ftp URL or classic format line has a trailing '/',
cd to the path and enter interactive mode. Fixes [bin/3011], albiet
requiring the user to help ftp in determining the operation.

Other changes:
* '-P port' works for normal ftp, and is the default for all classic style
auto-fetch transfers and for ftp URLs that don't specify the port.
(previously it would just work for the first xfer.)
* Some code moved into separated files along logical divisions.
* Editing and completion can be compiled out with -DSMALLFTP.

RCS ID police

More features, some of which were inspired by changes that
friedman@gnu.ai.mit.edu (Noah Friedman) made to his modified ftp:
- implement "lpwd" - local pwd
- implement "preserve" - toggle preserving of file modification
times on retrieved files
- allow for explicit "on" or "off" arg to toggle commands
- "exit" synonym for "quit", "msend" synonym for "mput"
- in confirmation mode, allow 'a' (yes to rest of current command),
and 'p' (turn off prompt mode, as if 'prompt off' was done,
effective immediately)
- "modtime" returns time formatted as localtime, not GMT

Bug fixes:
- check for extraneous args on commands
- cleanup const usage, line formatting
- create 0 length temporary file in remglob() to prevent symlink games
(from OpenBSD)
- check length of filename of ~/.netrc (from OpenBSD)

Sync with 4.4lite2

branches: 1.4.2;
Add RCS ids.

clean up import, no local changes.

Add RCS identifiers.

branches: 1.1.1; 1.1.2;
Initial revision

ftp: fix ascii transfers with progress bar

Handle stdio interruption by signals and improve error handling
in getc() and putc() on the control and data channels.
Provide ftp_getc() and ftp_putc() wrappers that:
- Retry the operation on EINTR or EAGAIN instead of failing.
- Store other error codes in a return variable separate to errno,
and use that variable in ferror() handling, for more correct
error messages.

Fixes the progress bar display in ascii mode transfers.

(Note that I haven't fixed interrupted reads from stdin or
writes to ttyout; that's a much larger refactor that's out of scope).

Fix PR bin/59587 from Johnny Billquist, with the fix
inspired by the patch in that PR.

remove const when string gets overwritten.

branches: 1.83.2;
Add option sslnoverify to control validation of SSL certificates.
Add netrc processing to fetch-mode (URL on command line) to enable options and autologin
via netrc.
Fix SSL cleanup in some error paths.

Certificate validation is now enabled by default. Set FTPSSLNOVERIFY=1 in environment
or configure a corresponding init macro via netrc to not validate certs (required if
you haven't installed a required CA certificate for OpenSSL).

Discussed with lukem@ on icb.

branches: 1.82.10;
trim down error checking if we are small.

- add justquit() that always exits. use it to avoid unreachable code.

branches: 1.80.24; 1.80.32;
As discussed on tech-net@: Don't display expected EHOSTUNREACH for all but
the last connect attempts in terse mode.

branches: 1.79.2; 1.79.4;
Use __dead

Parse HTTP 'Date' entries in the `C' locale rather than the user's.
Fix from [bin/42917] (with minor changes), from KAMADA Ken'ichi.

Rename internal getline() function to get_line() so it does
conflict with the soon to be added getline(3) libc function.

Fix numerous WARNS=4 issues (-Wcast-qual -Wsign-compare).

branches: 1.75.4; 1.75.6;
Add epsv6 and epsv to disable extended passive mode for ipv6 or both ipv4 and ipv6 respectively. This hack is due to our friends a Juniper Networks who break
epsv in ipv6. Should be fixed in ScreenOS 6.2.X.

branches: 1.74.2;
Remove clause 3 and 4 from TNF licenses

Use the service name to getaddrinfo() (along with the host name), so that
features such as DNS Service Discovery have a better chance of working.
Suggested by David Young <dyoung>.

Display the service name in various status & error messages.

Don't getservbyname() the :port component of a URL; RFC 3986 says it's
just an unsigned number, not a service name.

branches: 1.72.10;
Display times in RFC2822 form rather than using ctime(3), since
the former is more explicit about the timezone offset.

Clean up use of confirm() and mbort() so that the current operation
is always passed in (instead of depending upon the 'mname' global).
For confirm(), if the second argument is NULL print the "Continue with <cmd>"
prompt. This fixes up the the display of interrupted prompts.

Rename xfoo() to ftp_foo() to avoid collisions with libssh. Don't ask.

Implement:
int getline(FILE *stream, char *buf, size_t buflen, const char **errormsg)
Read a line from the FILE stream into buf/buflen using fgets(), so up
to buflen-1 chars will be read and the result will be NUL terminated.
If the line has a trailing newline it will be removed.
If the line is too long, excess characters will be read until
newline/EOF/error.
Various -ve return values indicate different errors, and errormsg
will be changed to an error description if it's not NULL.

Convert to use getline() instead of fgets() whenever reading user input
to ensure that an overly long input line doesn't leave excess characters
for the next input operation to accidentally use as input.

Zero out the password & account after we've finished with it.

Consistently use getpass(3) (i.e, character echo suppressed) when
reading the account data. For some reason, historically the "login"
code suppressed echo for Account: yet the "user" command did not!

Display the hostname in the "getaddrinfo failed" warning.

Appease some -Wcast-qual warnings. Fixing all of these requires
significant code refactoring. (mmm, legacy code).

Some const cleanups.

Fix some cast issues highlighted by Scott Reynolds using gcc 4 on OSX.4

gratuitous whitespace cleanup (before someone else jumps the gun...)

Implement a timeout on the accept(2) in dataconn() and the
connect(2) in xconnect() by temporarily setting O_NONBLOCK
on the socket and using xpoll() to wait for the operation
to succeed.
The timeout used is the '-q quittime' argument (defaults to
60s for accept(2), and the system default for connect(2)).
Idea inspired by discussion with Chuck Cranor.
This may (indirectly) fix various problems with timeouts
in active mode through broken firewalls.

Implement xpoll() as a wrapper around poll(2), to make it
easier to replace on systems without a functional poll(2).
Unconditionally use xpoll() instead of conditionally using
select(2) or poll(2).

branches: 1.64.2;
Factor out common string processing code eliminating static buffers,
making functions that should be static be static, and cleaning up
const usage. Added a guard against buffer overflow, but the domap function
is a bit too complicated for me to tackle right now. I will leave it
to the author; hi luke!

Forbid filenames returned from mget that aren't in (or below) the
current directory.
The previous behaviour (of trusting the remote server's response when
retrieving the list of files to mget with prompting disabled) has been
in ftp ~forever, and has been a "known issue" for a long time.
Recently an advisory was published by D.J. Bernstein on behalf of
Yosef Klein warning of the problems with the previous behaviour, so
to alleviate concern I've fixed this with a sledgehammer.

Remember the local cwd after any operation which may change it.
Use "remotecwd" instead of "remotepwd".

Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22365, verified by myself.

Abstract out progress bar support into progressbar.[ch], for inclusion
in external programs (conditionalized on -DSTANDALONE_PROGRESS).

The following moved from util.c to progressbar.c:
alarmtimer(), progressmeter(), psummary(), ptransfer(),
xsignal(), xsignal_restart()

The following moved from extern.h and ftp_var.h to progressbar.h:
STALLTIME, verbose, fromatty, progress, quit_time, ttywidth

branches: 1.60.2;
More format string cleanup by sommerfeld.

* implement parseport(), which takes a string and attempts to convert
it to a numeric port number
* use parseport() in parse_url() and hookup()
* don't try and lookup the port number using getaddrinfo(), as it's too hard
to separate a failed host name lookup from a failed service name lookup.
this was causing lossage on systems that don't have `http' in services(5)
(such as solaris), but only crept in when we started using getaddrinfo()
unconditionally.

add support for FEAT and OPTS commands with `features' and `opts'.
(from RFC 2389).

add support for MLST & MLSD (machine parseble listings) with 'mlst', 'mlsd'
and 'pmlsd' (mlsd |$PAGER) commands. (from draft-ietf-ftpext-mlst-11)

rename remotesyst() to getremoteinfo(), and modify to parse the result from
FEAT (if supported), and take into account the support for the various
extensions such as MDTM, SIZE, REST (STREAM), MLSD, and FEAT/OPTS.
put each feature into one of the following categories:
- known to work (explicit FEAT)
- unknown but assume works until explicit failure, when it's
then tagged as `known not to work'.
- known not to work (FEAT succeeded but didn't return anything,
or was unknown and then explicit failure)
assign results into features[] matrix.

add support to getreply() so that an optional callback will be called
for each line received from the server except for the first and last.
this is used in FEAT (and MLST) parsing.

modify various commands to check if REST (STREAM), MDTM and SIZE are
explicitly or implicitly supported before using.

fix `syst' when verbose is off.

minor knf (indent goto labels by one space, etc).

simply various command usage handlers by assuming that argv != NULL except
for quit() and disconnect().

branches: 1.57.2;
* migrate the SYST parsing from setpeer() into a separate remotesyst().
call remotesyst() only when login has been successful
some servers don't let you run SYST until you've successfully logged in.
* in fetch_ftp(), always call setpeer() with autologin disabled, and use
the following ftp_login() to DTRT.
this prevents ftp from trying to login a second time if the first autologin
fails when connecting to a remote site anonymously using autofetch.
* reset unix_proxy and unix_server in cleanuppeer()
* missed a function conversion in the KNF sweep...

Add support for 'ftp -u url file ...', to upload a list of files to given url.
Mostly based on [bin/10019] by Scott Aaron Bamford <sab@ansic.net>

convert IPv4 mapped address (::ffff:10.1.1.1) into real IPv4 address
before touching it. IPv4 mapped address complicates too many things
in FTP protocol handling.

branches: 1.54.2;
convert to ANSI KNF

* Add support for `fget localfile', which reads a list of filenames to
retrieve from localfile. Based on work by Darren Reed.
* Crank version.
* Update copyright dates.

define private type `sigfunc' as
typedef void (*sigfunc) __P((int));
and replace use of sig_t and void (*)(int).

certain other OSes define sig_t differently to that (they add extra arguments),
and it causes problems due to function mismatches, etc...

* implement xsl_init() and xsl_add(); error checking forms of sl_{init,add}()
* fix bug where the second press of <TAB> on an empty word (i.e, list
all options) may have resulted in an strncmp() against NULL. (detected
by _DIAGASSERT())

- implement `set rprompt'; right side version of `set prompt'. depends on
EL_RPROMPT support i added to editline(3).
- allow $FTPPROMPT and $FTPRPROMPT to override defaults for the relevant
prompts
- move `%' formatting code from prompt() to expandbuf().
- implement `%.' and `%c', similar to the same % codes in tcsh(1)
(functionality I added to tcsh nearly 6 years ago), except that `%.'
always does `...trailing' and `%c' always does `/<x>trailing'.
- unknown `%foo' codes get printed as `%foo'

- implement updateremotepwd(); update the global variable `remotepwd'
to contain the remote working directory.
- add `set prompt', a user configurable prompt. (defaults to `ftp> ').
the following escape characters a la tcsh(1) are supported: %/, %m,
%M, and %n.
- add global var `username'; used by prompt code
- fix a couple of minor memory leaks
- bump version

new features:
- add `usage'; displays the usage of a command.
implemented by calling the c_handler() with argc = 0, argv = "funcname".
- add `passive auto'; does the same as $FTPMODE=auto.
- add `set [option value]'; display all options, or set an option to a value.
- add `unset option'; unset an option.
- add getoptionvalue() to retrieve an option's value, and replace a few
global variables with calls to this.
- implement cleanuppeer(), which resets various bits of state back to
`disconnected'. call in disconnect() and lostpeer().
- support completing on `options'.
- improve recovery after a SIGINT may have closed the connection.
XXX: there's still a couple to fix

other stuff:
- various consistency fixes in the man page.
- ensure that the command usage strings in the code and man page match reality.
- mput/mget: check that the connection still exists before each xfer.
- minor cosmetic changes in confirm().
- set code correctly in sizecmd() and modtime()
- don't need \n in err() strings.
- change lostpeer to take an argument (rather than casting (sig_t)lostpeer
in signal handlers)
- knf and whitespace police.

* fix up confirm() (broke `a' and `p' in last commit)
* simplify main loop (don't need `top' variable any more)
* use a struct sockaddr_in6.sin6_addr for the result from inet_pton(),
rather than u_char buf[16]
* add a few more comments

a few user interface and cosmetic tweaks:
* confirm(): move from util.c to cmds.c. display mnemonic string in its prompt.
add support for `q' (terminate current xfer), `?' (show help list)
* in various signal handlers, output a linefeed only if fromatty.
* if fgets(stdin) returned NULL (i.e, EOF), clearerr(stdin) because you don't
want future fgets to fail. this is not done for the fgets() in the main
command loop, since ftp will quit at that point.
* unless ftp is invoked with -a, don't retain the anonftp setting between
hosts (`ftp somehost:' sets anonftp, but you don't want that to `stick'
if you close that connection and open a new one).

allow a second SIGINT during the "xfer aborted. waiting for remote to finish abort."
stage. if this occurs, just call lostpeer() to close the connection. whilst this
might be considered brutal, it's also extremely handy if you're impatient or there's
lossage at the remote end.

* use sigsetjmp()/siglongjump() instead of setjmp()/longjmp(); the latter
don't save the signal mask on some foreign systems.
* ensure signal handlers don't use stdio and do reset errno if they
don't exit with siglongjmp()
* use a common SIGINT handler for {send,recv}request()

add TNFi copyright to all files i've done more than a minor amount of work to...

enhancments from Marc Horowitz <marc@mit.edu> to improve connection timeouts:
* implement xsignal_restart(), which only sets the SA_RESTART flag if
specifically requested
* xsignal() is now a wrapper to xsignal_restart(). INFO, USR1, USR2 and WINCH
are restartable, ALRM, INT, PIPE and QUIT are not.
* improve getreply()'s timeout code to take advantage of the above.

other changes:
* improve wording of how globbing works for `classic' URLs (host:path).
suggested by John Refling <johnr@imageworks.com> in relation to PRs
[bin/8519] and [bin/8520]
* always compile in the `edit' command even if NO_EDITCOMPLETE defined.
it's just a no-op in the latter case, which is more consistent to
the users.
* always compile in about: support (i.e, remove NO_ABOUT).
i'm entitled to some vanity in this program...
* clean up some whitespace

prefix the global variables in ftp_var.h with GLOBAL, which defaults
to "extern" if it's not set. define GLOBAL to (empty) in main.c.
this effectively moves all the globals into main.c whilst retaining
namespace access to them in other source files.
(global vars in header files confuse foreign linkers)

* In the !NI_NUMERICHOST case (i.e, getaddrinfo() challenged systems), portnum
should be in host order. found/fixed by Matthias Pfaller <leo@dachau.marco.de>
* parse_url(): improve checking of portnum, and add an extra argument to pass
back the parsed portnum to the caller (reduces a bit of code duplication)
* Move the KAME/WIDE copyrights after the BSD/TNFi ones. Since there was
significantly less code added under the former, it's only fair on the latter.

* fix initialisation of home[]
* fetch_url(): if path would be NULL, return strdup("")

* add new commands:
lpage page local files
pdir as dir, but through your $PAGER
pls as ls, but through your $PAGER
* implement docase() (a la dotrans() et al) and use appropriately, rototilling
some duplicated code
* globulize(): modify to return a pointer to the strdup()ed result in all cases,
and hack the code that calls it to take this into account
* replace strcpy() and strncpy() with strlcpy()
* put(), getit(): use some aptly named local vars instead of argv[...]
* delint

* idle(): rename to idlecmd(). certain linux distributions have an incompatible
prototype for idle() in <unistd.h> (which i thought was against namespace
and sensibility guidelines, but...)
* consistently use xsignal() instead of signal(). we get known behaviour
in all cases (SA_RESTART), which is good for some borken foreign systems.
* remove signal.h from most files; it's unnecessary now
* fetch_url(): use `long chunksize' instead of ssize_t; it's more portable, and
we're setting chunksize with strtol() anyway
* xsignal(): only use SA_RESTART if it exists. SunOS 4.x doesn't have it
but has the inverse (SA_INTERRUPT). the original function i was inspired
from had this support (lib/signal.c, W. Richard Stevens' `UNP 2nd ed Vol 1').
* remove <termios.h> from util.c; it should be unnecessary now

* replace ifdefs against __SVR4 and __linux__ with DIRENT_MISSING_D_NAMLEN;
it's more portable and more obvious
* remove the mkgmtime() && HAVE_TIMEGM stuff:
a) why should netbsd have to define HAVE_TIMEGM to compile cleanly?
b) foreign compiles of ftp should just be linked with working
timegm function

a more portable version of this ftp client will be released as a 3rdparty
product; no use polluting our code with half-baked attempts...

branches: 1.35.2;
* add support for `xferbuf', which sets both `sndbuf' and `rcvbuf'
* document the above three commands
* rototill the way the sndbuf and rcvbuf work. remove resetsockbufsize()
* use the appropriate socket buffer size as the size of the buffer that
the read()/write() loops use. speeds up things in some cases.

* change fetch_ftp() to be fully rfc 1738 compliant; if the URL contains
the an empty directory (e.g, between `some' and `path' in
`ftp://host/some//path'), then execute `CWD ' (without a path).
This command will probably fail on rfc 959 compliant servers, so
issue a warning in this case and bail. [noted by cgd].
(i wonder if the people who wrote rfc 1738 actually realised that this
requirement appears to contravene the spec for `cwd' in rfc 959 ?)
* replace isurl() with isipv6addr(), and use appropriately. fixes
auto-login with `classic ftp URLs' (e.g, `ftp somehost:')
* cleanup and rework some of the ipv6 stuff in parse_url()
* prevent potential coredump in fetch_ftp() when parsing `;type=X'
* KNF a few lines
* fix a couple of comments
* cleanup the man page a bit

add epsv4 command, which enable/disable the use of EPSV/EPRT.

this is mainly for (hypothetical) ftp server which disconnect clients
that use EPSV/EPRT. I've never seen any ftp server like this, but
epsv4 command may be of use when such an ftp server is found.

add dual-stack (IPv4/v6) support. hope I broke no other part...

[fear this; more ftp hacking from lukem :-]

features:

remove declaration for empty; it is only used in one file and hide
it's implementation.

split the "SMALL" #ifdefs into ones for NO_ABOUT, NO_EDITCOMPLETE, and
NO_PROGRESS. -DSMALL still implies all of those. progress meter support
isn't necessary for the smallest possible ftp client, but it adds very
little space and makes users' lives much better. Therefore, it should
be enabled for installation media if at all possible.

branches: 1.28.2;
* implement -R; restart non-proxied command-line FTP xfers
* fix fetch_ftp() so that hcode parsing is not done for file:// urls
(a } in the wrong place, and code at the wrong indent level...)
* change outfile to being a global (so it gets correctly reset)
* change parse_url to not remove leading '/' for non ftp urls.
whilst this is not totally rfc1738 compliant, other code kinda
assumes this is the case, and it doesn't hurt

changes to fix [bin/6951] by Peter Simons <simons@cys.de>:
* implement ftpvis(), which \ quotes the following in the given string:
SP, TAB, \, CR, "
* use ftpvis() in complete_ambiguous(), to escape characters in a word
which would confuse makeargv()/slurpstring().

Temporary fix of UTC -> time_t conversion:
1. changed to use timegm(3) on NetBSD and
2. supply alternative code for other Unix-like OSs
(NetBSD ftp shall be portable for some reasons :-).

This fix closes PR #6448.

NOTE: This should be fixed again if a portable UTC to time_t
conversion method is specified in some standards.

* implement xsignal(); same semantics as signal() but uses sigaction
with an explicit SA_RESTART. (needed for portability)
* use xsignal() for SIGALRM and SIGINFO handlers

features:
* support $no_proxy, which is a comma or space separated list of
host[:port] elements for which proxying is to be disabled.
(asked for by cgd in [bin/5027])
* if $FTPANONPASS is defined, use that as the anon ftp password
(instead of "`whoami`@")
* allow http URL's without a filename as long as an output file
is specified.

other stuff:
* implement parse_url(), which breaks up a URL into its bits, and use.
* simplify url_get() and auto_fetch() to use parse_url() and to not
modify the supplied URL or a copy of it.
* implement xmalloc() and xstrdup(); error-checked malloc()/strdup()
* add more consistency to messages, quoting strings in output as `%s'

const poisoning.

* send 'Connection: close' in HTTP/1.1 headers, preventing the
remove server from using a persistent connection, which speeds
up such requests.
* support http 301 and 302 redirects
* rewrite guts of url_get() to use fparseln() et al instead of
read(s,&p,1)... enables each in the header to be parsed
as necessary
* rename login to ftp_login, to remove conflict with util.h::login
* cleanup verbose messages during http proxy requests

Add "sndbuf" and "rcvbuf" commands for setting the socket buffer sizes,
which in turn can allow the use of larger TCP windows. This is a work in
progress; there is not yet support for specifying global defaults or
user prefrences on a host/network basis.

some fixes & enhancements from openbsd's ftp, with extra fixes by me:
* default to passive with active fallback. $FTPMODE modifies this behaviour.
-A forces active connection.
* support '-o outfile' for auto-fetched files. outfile can be a file,
`-' (for stdout), or '|command' (to output each file through command).
* support '-r waittime', which retries the connection after waittime seconds
if it fails.
* fix 'page file' when restart is non-zero.
* try all ip-addresses of a host in a http fetch (as the normal ftp fetch
does).

XXX: a ``broken pipe'' error sometimes occurs with -o '|command';
i haven't tracked this down yet.

* ensure buffer for username is initialised, so ^D on username prompt
doesn't use garbage for the username. from "Soren S. Jorvang" <soren@t.dk>
in [bin/4559]
* use in_port_t for ports, and USHRT_MAX instead of 0xffff
(from millert@openbsd.org)
* use `NULL' instead of `(.... *)0' where appropriate.

* in recvrequest(), ignore restart_point unless "RETR"ieving. fixes problems
where a remote completion or `mget' would confuse the client a `restart'
had been issued beforehand. now, `restart' is remembered until an operation
that can actually use it is invoked.
* in sendrequest(), don't reset restart_point upon entry. fixes `restart'
for `put' operations.
* if `restart' is invoked with no arguments, print current setting instead
of displaying a usage
* consistently use printf("%qd", (long long)restart_point) when displaying
restart_point
* use strto[lq]() instead of atol() when parsing `mark' and `restart' values
* remove unnecessary strlen()s when result of previous snprintf() will do
* replace a few malloc()/strcpy()s with strdup()s
* use SECSPERHOUR instead of '3600'

branches: 1.17.2;
bugs fixed:
* don't interpret '-' or '|' when a local filename is determined from
the remote name (i.e, in mget, and in get with only one argument).
This is implemented using an extra argument to recvrequest().
Fixes a major security hole.
* clean up memory leak when using globulize()
* clean up a couple of comments
* fix wording in TNF copyright

features added:
* support for TIS fwtk gate-ftp servers:
* read defaults from $FTPSERVER && $FTPSERVERPORT
* start in gate-ftp mode if invoked as 'gate-ftp'
* toggle or set with 'gate [host [port]]'

* use RCSID() && COPYRIGHT() macros
* cleanup for WARNS=1 (including some ugly '(void)&var' bits wrapped in
#ifdef __GNUC__ to shut up gcc warnings WRT setjmp/longjmp)
* use strtol() instead of atoi(), and more extensively check result of
conversion
* use u_int16_t instead of short or int for TCP port addresses

More enhancements/bugfixes (when will it end?)
* differentiate between being connected, and being logged in
* cleanup some text messages
* support username & password ftp URLs (ftp://user:pass@host/) in non-proxy
situations; assume proxy supports it for proxy situations.
* cd to / before performing any autofetch transfers
* use strncasecmp in URL parsing. fix from <Todd.Miller@courtesan.com>

* support $ftp_proxy for ftp:// transfers [bin/3245]
* add "more" & "less" as synonyms for "page"
* move editline setup code into controlediting(), and call appropriately.
only setup setup terminal if going into interactive mode. inspired
by Todd Miller <todd.miller@courtesan.com>

SMALLFTP->SMALL; remove SMALL from Makefile

Features:
* support remglobbing of auto_fetch arguments
* new flag - '-e'; disable editing
* "page file" == "get file |${PAGER-less}"

Bugfixes/cleanup:
* consistently use a trailing '.' on messages
* code cleanup, including buffer overrun fixes, use puts
and putchar in places, etc (inspired by OpenBSD mods)
* disable progress bar when local-file is a pipe or '-'
* skip \r in http headers
* fix remote ftpd slash bug more elegantly (so it works with ////)
* abort_remote(): check if cout==NULL before using it. should fix [bin/3273]
* fixed up cosmetic problems when complete_remote() generated errors from the
remote server (such as "no files found", "login with user and pass", ...)
done by adding extra argument to remglob(), which is a pointer to an error
buffer to put messages in rather than printing to stdout.

[Yet Another Huge Ftp Commit - hopefully the last for a while,
barring any more little things people want added ...]

New features:
* progressmeter is now asynchronous, so "stalled" transfers can be
detected. "- stalled -" is displayed instead of the ETA in this case.
When the xfer resumes, the time that the xfer was stalled for is
factored out of the ETA. It is debatable whether this is better than
not factoring it out, but I like it this way (I.e, if it stalls for 8
seconds and the ETA was 30 seconds, when it resumes the ETA will still
be 30 seconds).
* verbosity can be disabled on the command line (-V), so that in auto-fetch
mode the only lines displayed will be a description of the file, and
the progress bar (if possible)
* if the screen is resized (and detected via the SIGWINCH signal), the
progress bar will rescale automatically.

Bugs fixed:
* progress bar will not use the last character on the line, as this can
cause problems on some terminals
* screen dimensions (via ioctl(TIOCWINSZ)) should use stdout not stdin
* progressmeter() used some vars before initialising them
* ^D will quit now. [fixes bin/3162]
* use hstrerror() to generate error message for host name lookup failure.
* use getcwd instead of getwd (it should have been OK, but why tempt fate?)
* auto-fetch transfers will always return a positive exit value upon failure
or interruption, relative to the file's position in argv[].
* remote completion of / will work, without putting a leading "///".
This is actually a bug in ftpd(1), where "NLST /" prefixes all names
with "//", but fixing every ftpd(1) is not an option...

New features:
* Command line editing via editline(3) library.
* Context sensitive command and file completion, including remote files.

Enhancements to auto-fetch feature:
* Support for http:// URLs using the http protocol, including proxy HTTP
support via $htty_proxy if it's defined.
* The connection is kept open between successive files on the same host.
(obviously, this does not count for http requests.)
* Return value of ftp is 0 on no error, or the offset in argv[] of the file
which failed (i.e., argv[x] failed, ftp returns x).
* If the path in an ftp URL or classic format line has a trailing '/',
cd to the path and enter interactive mode. Fixes [bin/3011], albiet
requiring the user to help ftp in determining the operation.

Other changes:
* '-P port' works for normal ftp, and is the default for all classic style
auto-fetch transfers and for ftp URLs that don't specify the port.
(previously it would just work for the first xfer.)
* Some code moved into separated files along logical divisions.
* Editing and completion can be compiled out with -DSMALLFTP.

RCS ID police

* preserve modtime if size is 0 [bin/3040, Enami Tsugutomo]
* in autofetch mode, don't retry a file if the connection failed - skip it
and move to the next file. [bin/3051, Matt Green]
* only print error messages from SIZE or MDTM if the user used 'size' or
'modt' (respectively). prevents extraneous warnings during normal transfers
when connected to a site which doesn't support these (behaviour prior to
last commit), but still allows error feedback to specific user requests
for this info (which the last commit broke).
* 'account': only accept one optional argument
* if invoked as pftp, default to passive mode on (from FreeBSD)
* remove leading '0 ' in progress bar - looked ugly
* use warn instead of perror
* use strncpy when src isn't known to have safe length
* remglob(): use mkstemp() to prevent symlink games, and don't override
_PATH_TMP, use it as the prefix to the temp file

functionality mods:
* implement 'progress bar/meter' (inspired by ncftp). use 'progress' to
toggle on. it will display current file size to 5 digits, automatically
determining suffix (up to 16384 P (petabytes) == 2^64).
* 'ls' now uses NLST (unadorned listing), a la older ftp clients. 'dir'
still does LIST (long listing). idea from John Nemeth <jnemeth@cue.bc.ca>

bug fixes:
* return first line of reply in reply_string[] from getreply(), instead
of last line. This fixes [bin/741] (parsing of SYST), and also means
that SIZE and MDTM messages will be parsed correctly if they're longer
than 1 line.
* parse URL-style auto-ftps that have no filename correctly
(e.g, ftp://host, ftp://host/, ftp://host/dir/). pointed out by
Jaromir Dolecek <dolecek@saruman.ics.muni.cz>
* pass the correct size array in 2nd arg of utimes() when setting the
modification time

More features, some of which were inspired by changes that
friedman@gnu.ai.mit.edu (Noah Friedman) made to his modified ftp:
- implement "lpwd" - local pwd
- implement "preserve" - toggle preserving of file modification
times on retrieved files
- allow for explicit "on" or "off" arg to toggle commands
- "exit" synonym for "quit", "msend" synonym for "mput"
- in confirmation mode, allow 'a' (yes to rest of current command),
and 'p' (turn off prompt mode, as if 'prompt off' was done,
effective immediately)
- "modtime" returns time formatted as localtime, not GMT

Bug fixes:
- check for extraneous args on commands
- cleanup const usage, line formatting
- create 0 length temporary file in remglob() to prevent symlink games
(from OpenBSD)
- check length of filename of ~/.netrc (from OpenBSD)

cleanups/bugfixes:
- don't echo 'ACCT' parameter when debugging (a la 'PASS')
- Fix checking of directory access for "/foo", the parent
directory is "/", not "" (from FreeBSD)
- remove trailing whitespace on lines
- add any missing NetBSD tags
- cleanups to man page, includinging sorting options description

feature additions:
- variable sized hash marks (from [bin/683], but done in the hash command
as an optional arg)
- more user-friendly transfer time printing (from FreeBSD, with mods)
- '-p' command line option to jump into PASV mode (closes [bin/2857],
but with an option rather than checking argv[0])
- SIGINFO support for printing xfer stats when sending/receiving requests
- '-P port' for changing the port to connect to (from thorpej@netbsd.org)
- '-a': bypass normal login, and try anonymous login (from OpenBSD
via thorpej)
- autofetch files via url (ftp://...) or "classic" (host:/file)
(from OpenBSD via thorpej)
- 'ftp' synonymous with 'open' (from FreeBSD)

Sync with 4.4lite2

branches: 1.3.2;
Add RCS ids.

passive mode support, from David Carrel <carrel@cisco.com>, and cleaned
up for the new ftp sources by me.

branches: 1.1.1; 1.1.2;
Initial revision

ftp: exit non-zero if short http transfer when filesize is known

If a http file size is known and the fetch finishes with less bytes
transferred, exit non-zero.

Bump version to 20241129.

PR bin/54713
PR bin/58281

PR/58581: Sunil Nimmagadda: Add flag to allow specifying extra http header
fields.

pass some lint.

branches: 1.239.2;
Add -b <buflen> to specify the buffer size.

Don't finish downloading an empty file with 'already done' before it is
created locally.

Fix HTTPS through Proxy.

While a regular HTTP Proxy, requires the absolute URL with protocol
and host part, yyou must only send the relative URL through a
CONNECT tunnel (you are talking to the target server).

Add option sslnoverify to control validation of SSL certificates.
Add netrc processing to fetch-mode (URL on command line) to enable options and autologin
via netrc.
Fix SSL cleanup in some error paths.

Certificate validation is now enabled by default. Set FTPSSLNOVERIFY=1 in environment
or configure a corresponding init macro via netrc to not validate certs (required if
you haven't installed a required CA certificate for OpenSSL).

Discussed with lukem@ on icb.

branches: 1.235.2;
PR/57003: Handle relative URLs (patch by kim@)

fix typos in word "otherwise".

Use raw write(2) instead of fwrite(3) to avoid stream corruption because
of the progress bar interrupts. From RVP.

fetch_url: improve signal handler restoration

Use SIG_ERR not NULL as the indicator that a signal handler
hasn't been changed, so that SIG_DFL (equivalent to NULL)
will be restored.

Fix restoration of SIGQUIT; use the old handler not SIGPIPE's.

branches: 1.231.2;
Make fetch_read() return size_t like fread() does. It is bogus to
have one backing implementation that returns different values and
types than the other. Handle error setting properly; i.e. bail
out if the internal read returned an error. Now we get a proper
error message when the the server resets our connection instead of
a warning that the right failed with an invalid argument.

The server used for testing was:
http://capeweather.dyndns.org:8080/graphs/3474.png
Which seems to be unreliable :-)

branches: 1.230.4;
more volatile to appease gcc.

Make outfile always allocated, free it to set it to NULL, and don't move it
around.

branches: 1.228.4;
ftp(1): split the auth processing function.

Use the first name we requested the http/https URL for, not any name we ended
up with after random redirects.

branches: 1.226.2;
handle proxy authentication correctly.

PR/51558: ast@: ftp dumps core after usage message when IPv6 URL lacks a slash.
Initialize variable so that we don't get random behavior on cleanup.

Do globbing for FTP URLs of the form ftp://... too

ok christos

branches: 1.223.2;
PR/51043: Yorick Hardy: ftp(1) should use the port number for CONNECT

sprinkle more volatile (distribution build with gcc-5.3)

Initialize the token match pointer.

Fix downloads of local files using file:// URLs

Previously it would error out in copyurlinfo() when copying a NULL port.

mark function as only needed with ssl.

Split the position/size parsing into a separate function.

Simplify and factor out connect message

- Fix to connect https via proxy.
- Fix ttyout message.

PR/50438: NONAKA Kimihiro: ftp(1): CONNECT method support
Please test!

more refactoring:
- introduce authinfo and urlinfo structures
- split negotiation code out.

Fix compile failure without WITH_SSL.

> /tmp/bracket/build/2015.12.15.21.01.27-i386/src/usr.bin/ftp/fetch.c: In function 'fetch_url':
> /tmp/bracket/build/2015.12.15.21.01.27-i386/src/usr.bin/ftp/fetch.c:823:18: error: 'HTTPS_URL_T' undeclared (first use in this function)
> urltype == HTTPS_URL_T ? &ssl : NULL);

Factor the proxy handling code out.

Separate no_proxy handling.

Try to factor out some code, this is completely out of control.

(Hopefully) fix build without IPv6 support

Use the proper format "[IPv6 address]:port" when reporting connection
attempts to IPv6 endpoints.

Add Server Name Indication (SNI) support for https.

Needed for e.g. some github URLs.

don't pay attention to special characters if they don't come from the command
line (from jmcneill)

branches: 1.205.4;
more volatile for m68k

let progressmeter deal with the timeout once we've started transferring.

PR/34796: Hauke Fath: ftp does not timeout on http fetches.

fix restart from anon ymous

compile without SSL

document https support, mentioning certificates are not validated, and obey
https_proxy.

PR/47276: Add https support

branches: 1.198.2;
As discussed on tech-net@: Don't display expected EHOSTUNREACH for all but
the last connect attempts in terse mode.

subtracting two pointers yields ptrdiff_t, so cast it to int.

When given an URL that contains "://" but is not recognised,
print an error message. Now "ftp https://foo/bar" prints

ftp: Unsupported URL scheme `https'

instead of

ftp: Can't lookup `https:ftp': No address associated with hostname
ftp: Can't connect or login to host `https:?'

branches: 1.195.2; 1.195.6; 1.195.8;
Move determination of socket buffer sizes from startup to the first
time a socket is used, as the previous logic assumed AF_INET sockets
were available (which they may not be in an IPv6-only system).
Per discussion with Maxim Konovalov and the FreeBSD problem 162661.

branches: 1.194.2;
Use __dead

Back to using 'RFC xxxx' instead of 'RFCxxxx'

Parse HTTP 'Date' entries in the `C' locale rather than the user's.
Fix from [bin/42917] (with minor changes), from KAMADA Ken'ichi.

back out previous; luke says:
'@' is a reserved URI char per RFC 3986, use %40

use strrchr to find the last @ because we might want the username to contain
user@domain.

avoid NULL dereference in log output if the command line parser
failed to extract a port number from the URL

Rename internal getline() function to get_line() so it does
conflict with the soon to be added getline(3) libc function.

Fix numerous WARNS=4 issues (-Wcast-qual -Wsign-compare).

fix -Wshadow issues

branches: 1.185.6; 1.185.8; 1.185.14;
Remove clause 3 and 4 from TNF licenses

Use the service name to getaddrinfo() (along with the host name), so that
features such as DNS Service Discovery have a better chance of working.
Suggested by David Young <dyoung>.

Display the service name in various status & error messages.

Don't getservbyname() the :port component of a URL; RFC 3986 says it's
just an unsigned number, not a service name.

branches: 1.183.6;
DPRINTF() consistency tweaks

branches: 1.182.2;
Cast the field precision calculation to int.
Should fix the amd64 build problem noticed by Paul Goyette.

Improve parsing of chunked transfer chunks per RFC2616:
* more stringent chunk-size parsing
* ignore optional trailing ';chunk-ext' stuff, instead of barfing
* detect EOF before final \r\n.

Enforce restriction that (http) proxied URL fetchs don't support
being restarted at this time.
PR #28697.

Display times in RFC2822 form rather than using ctime(3), since
the former is more explicit about the timezone offset.

* main: call tzset() to ensure TZ is setup for other <time.h> functions.
* remotemodtime(): use strptime() to parse the reply.
* fetch_url(): ensure struct tm is zeroed before calling strptime().

* Modify parse_url() to consistently strip the leading `/' off ftp URLs.
Fixes PR 17617.
* Use 'RFCnnnn' (with leading 0) instead of 'RFC nnnn', to be
consistent with the style in the RFC index.
* Refer to RFC3916 instead of 1738 or 2732.
* Expand the list of supported RFCs in ftp(1) to contain the document
name as well.

Switch from fparseln() to the internal getline() when parsing HTTP headers.
Makes ftp a bit more portable (not needing fparseln()) at the expense of not
supporting arbitrary long header lines, which I'm not concerned about
because we don't support header line continuation either...

* Implement -s srcaddr; uses srcaddr as the local IP address for all
connections.
Based on code in the version of ftp that FreeBSD had before they
replaced it with lukemftp.
* Move error message handling into ftp_connect() rather than in the
caller, so that more specific error reporting can occur.
* Improve consistency of various warning and error messages.

getpass() can return NULL upon error in some implementations
(as documented in older standards documents, before the API was obsoleted).
Problem observed in tnftp on Solaris by Emil Mikulic.

gcc4 does not care about &foo; use volatile instead. From Anon Ymous

spell precede; from Zafer

PR/34540: b1ff at fr33 dot b33r dot net: bogus free() in ftp(1)
Applied patch, thanks!

If a file upload (via -u) fails, return an non-zero exit value based on the
index of the file that caused the problem (a la auto-fetch retrieval).
Problem noted by A P Garcia in private email.

Coverity CID 2194: Don't forget to free port.

Coverity CID 2195: Free path in all code paths, not some.

rename debug to ftp_debug. grr libssh.

Rename xfoo() to ftp_foo() to avoid collisions with libssh. Don't ask.

recognize 307 redirect code.

Don't clear the trailing character on the auth_url() username;
we now use getline() and that newline strips for us.
Problem found & fixed by Mark Davies.

Add NO_USAGE and NO_DEBUG so that we can fit in the floppies again.

Implement:
int getline(FILE *stream, char *buf, size_t buflen, const char **errormsg)
Read a line from the FILE stream into buf/buflen using fgets(), so up
to buflen-1 chars will be read and the result will be NUL terminated.
If the line has a trailing newline it will be removed.
If the line is too long, excess characters will be read until
newline/EOF/error.
Various -ve return values indicate different errors, and errormsg
will be changed to an error description if it's not NULL.

Convert to use getline() instead of fgets() whenever reading user input
to ensure that an overly long input line doesn't leave excess characters
for the next input operation to accidentally use as input.

Zero out the password & account after we've finished with it.

Consistently use getpass(3) (i.e, character echo suppressed) when
reading the account data. For some reason, historically the "login"
code suppressed echo for Account: yet the "user" command did not!

Display the hostname in the "getaddrinfo failed" warning.

Appease some -Wcast-qual warnings. Fixing all of these requires
significant code refactoring. (mmm, legacy code).

* Only print the "Trying <address>..." message if verbose and
there's more than one struct addrinfo in the getaddrinfo() result.
* Don't use non-standard "u_int".

* fetch_ftp(): preserve 'anonftp' across a disconnect() so that multiple
ftp auto-fetches on the same command line login automatically.
* auto_fetch(): use an initialized volatile int to appease IRIX cc.

Use size_t instead of int where appropriate.

Fix some cast issues highlighted by Scott Reynolds using gcc 4 on OSX.4

gratuitous whitespace cleanup (before someone else jumps the gun...)

In fetch_url(), don't call freeaddrinfo(res0) too early, as we use pointers
to its contents later in the function.
Problem found by Onno van der Linden.

branches: 1.155.2;
Fix ftp url reget when globs are being used.
Provided by Mathieu Arnold <mat@FreeBSD.org>.

* Always decode %xx in a url's user & pass components.
* Only remember {WWW,Proxy}-Authenticate "Basic" challenges; no point
in tracking any others since ftp doesn't support them.
* Improve the parsing of HTTP responses.

Add (unsigned char) cast to ctype functions

Don't base64 encode the trailing NUL in the HTTP basic auth response.
Problem noted by Eric Haszlakiewicz.

Slightly rework SIGINT handling; if we're exiting the auto-fetch stuff
and sigint_raised is non-zero, reset the handler for SIGINT to SIG_DFL
and raise(SIGINT) so that the appropriate wait(3) status is setup.
Based on solution proposed by Ognyan Kulev.
This should really fix PR [pkg/26351].

Improve parsing of HTTP response headers to be more RFC2616 compliant, and
skip LWS (linear white space; CR, LF, space, tab) and the end of lines and
between the field name and the field value. This still isn't 100% compliant,
since we don't support "multi line" responses at this time.
This should fix PR [bin/22611] from TAMURA Kent (although I can't easily
find a http server to reproduce the problem against.)

Fix a minor memory leak when parsing HTTP response headers.

Don't unnecessarily display a 401/407 error when running with -V.
Fix from PR [bin/18535] by Jeremy Reed.

If an ftp auto-fetch transfer is interrupted by SIGINT (usually ^C),
exit with 130 instead of 1 (or rarely, 0).
This allows an ftp auto-fetch in a shell loop to correctly terminate the loop.
Should fix PR [pkg/26351], and possibly others.

Save approximately 8K by not including http authentication, extended status
messages and help strings when the appropriate options are set.

Don't warn about "ignored setsockopt" failures unless debugging is
enabled. Suggested by Todd Vierling.

Allow empty passwords in ftp://user:@host/file auto-fetch URLs,
per RFC 1738. Requested by Simon Poole.

Update version.

correct URL syntax in comment

* $FTPUSERAGENT overrides the HTTP User-Agent header.
Based on patch from Douwe Kiela.
* Add about:tnftp
* Fix URL in about:netbsd
* Crank version

netbsd.org->NetBSD.org

strlcpy

Uppercase URL.

fix a bogus error message when given a HTTP URL with a trailing
slash.

crank dates

add a cast to appease SUNWspro cc. noted by grant@

tweaks for fparseln(3) move from libutil to libc:
- remove #include <util.h> if nothing else needed it
- remove LDFLAGS+=-lutil if nothing else needed it

- when showing the final progress bar, replace "00:00 ETA" with the
elapsed time. (suggested by simonb)
- actually display transfer stats after a URL fetch. (bug introduced a
*long* time ago)
- update copyright & version

Handle URLs without files correctly (e.g, when using '-o -').
Fix from Anders Dinsen <anders@dinsen.net> in [bin/13768]

- Only send port number in HTTP/1.1 Host: request if port != 80.
Fixes [bin/15415] from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>
- Fix bad mode passed by mls() to recvrequest().
Fixes [bin/16642] from <steve.mcclellan@radisys.com>

portnum is unsigned, use %u instead of %d

update copyrights

Add -4 to force IPv4 and -6 to force IPv6 address usage.
From Hajimu UMEMOTO, via Mike Heffner of FreeBSD.

(FreeBSD has imported NetBSD's ftp as their ftp client;
Mike is sending back some of their local changes).

use u_char instead of char in base64_encode().
problem noticed by Jorgen Lundman in private mail.

don't make broken file with -R option.

handle "*" in Content-Range properly.

If no_proxy condition is true && urltype == FTP_URL_T, use fetch_ftp to retrieve.

convert to use getprogname()

explicitly use SOCK_STREAM with socket() instead of res->ai_socktype,
because it appears that linux with glibc doesn't set the latter
correctly after one of getaddrinfo() or getnameinfo().