Home | History | Annotate | Download | only in ftp
History log of /src/usr.bin/ftp/ftp.c
RevisionDateAuthorComments
 1.178  04-Oct-2024  christos remove const when string gets overwritten.
 1.177  25-Sep-2024  christos pass some lint.
 1.176  18-Feb-2024  christos branches: 1.176.2;
Add -b <buflen> to specify the buffer size.
 1.175  05-May-2023  lukem add timeout for ssl connect

Implement a timeout for SSL connection setup, using -q QUITTIME,
defaulting to 60 seconds.
SSL_connect(3) (unlike connect(2)) doesn't timeout by default.

Adapt ssl error messages destination: if unexpected error
from local API, use warn()/warnx() to stderr;
if expected error from a network operation (e.g., timeouts),
use fprintf to ttyout (which might be stdout).

Consistently use ftp_poll() instead of select();
ssl.c (using select()) was added 7 years after the
previous uses of select() were converted to poll().

Check EAGAIN as well as existing EINTR error from ftp_poll(),
for portability.
 1.174  26-Aug-2021  lukem branches: 1.174.2;
ftp: remove unnecessary variable assignments

Remove assignment to error in initconn(); it's not tested anywhere after the
initial use, so no need to set it before goto bad.

(Looks like copypasta from the initial addition of the code in rev 1.48.)
 1.173  26-Aug-2021  lukem ftp: validate address from PASV and LPSV response

Fail if the server's response to PASV or LPSV contains an IP address
that doesn't match that of the control connection.
(EPSV already only uses the port portion of the server's response,
per RFC 2428).

Previously a hostile server could cause ftp to open a data connection elsewhere.

Many other ftp implementations have had a similar change for many years,
including those in popular browsers (before they deprecated FTP ...)

Thanks to Simon Josefsson notifying me about
https://lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html
 1.172  03-Jun-2021  lukem set SO_KEEPALIVE on control connection

Attempt to prevent timeouts of the control connection by setting SO_KEEPALIVE.
This matches the equivalent behaviour in ftpd.

Note: This is a much simpler change than adding a background polling event
to invoke "STAT" (or "NOOP") on the control connection during a transfer.
(It's unclear from RFC 959 whether "NOOP" is even permitted during a transfer).

PR bin/56129
 1.171  06-Jan-2021  lukem branches: 1.171.4;
ftp: don't use restartable signals

Refactor to not rely upon restartable signals (SA_RESTART),
possibly fixing intermittent failures with -q QUITTIME.

ftp transfers: handle EINTR/EAGAIN in copy_bytes(),
instead of relying upon restartable signals.

http/https transfers: Explicitly print an error similar to
progressmeter() when timing-out for -Q QUITTIME in fetch_wait(),
and set errno to ETIMEDOUT so that the warn() in fetch_url()
prints a more accurate error message.

PR/55857
 1.170  11-Jul-2020  lukem ftp.c: improve signal handler restoration

Only invoke the old signal handler if it's a real signal handler
and not SIG_IGN, SIG_DFL, SIG_HOLD, or SIG_ERR, using new static
function issighandler().
Avoids an intermittent race condition with a null pointer
dereference via (*SIG_DFL)().
Bug class reported by Joyu Liao from Juniper Networks.

Use SIG_ERR instead of NULL as the indicator that a signal handler
hasn't been changed, so that SIG_DFL (equivalent to NULL)
will be restored.
 1.169  08-Jun-2020  lukem ftp: exit if lostpeer invoked by a signal

lostpeer() calls too many async-unsafe functions (both directly
and indirectly) to close and cleanup the remote connections,
so just exit after the cleanup if invoked by a signal.

Reported in private mail by Qi Hou.
May also resolve a crash reported by Thomas Klausner.
 1.168  04-Feb-2019  mrg branches: 1.168.2;
- add justquit() that always exits. use it to avoid unreachable code.
 1.167  04-Oct-2016  joerg branches: 1.167.6; 1.167.14;
When using data outside the signed char range, it is better to
consistently use an unsigned char buffer.
 1.166  13-Dec-2015  tron branches: 1.166.2;
(Hopefully) fix build without IPv6 support
 1.165  11-Dec-2015  tron Use the proper format "[IPv6 address]:port" when reporting connection
attempts to IPv6 endpoints.
 1.164  04-Jul-2012  is branches: 1.164.10;
As discussed on tech-net@: Don't display expected EHOSTUNREACH for all but
the last connect attempts in terse mode.
 1.163  10-Dec-2011  lukem branches: 1.163.2;
Move determination of socket buffer sizes from startup to the first
time a socket is used, as the previous logic assumed AF_INET sockets
were available (which they may not be in an IPv6-only system).
Per discussion with Maxim Konovalov and the FreeBSD problem 162661.
 1.162  16-Sep-2011  joerg branches: 1.162.2;
Use __dead
 1.161  14-Aug-2011  christos fix gcc-4.5 warnings
 1.160  05-Mar-2010  lukem Back to using 'RFC xxxx' instead of 'RFCxxxx'
 1.159  15-Apr-2009  jld Unbreak the build by adding curly braces to placate the empty-body warning.
 1.158  12-Apr-2009  lukem Fix numerous WARNS=4 issues (-Wcast-qual -Wsign-compare).
 1.157  12-Apr-2009  lukem fix -Wshadow issues
 1.156  10-May-2008  skd branches: 1.156.6;
Add epsv6 and epsv to disable extended passive mode for ipv6 or both ipv4 and ipv6 respectively. This hack is due to our friends a Juniper Networks who break
epsv in ipv6. Should be fixed in ScreenOS 6.2.X.
 1.155  28-Apr-2008  martin branches: 1.155.2;
Remove clause 3 and 4 from TNF licenses
 1.154  22-Apr-2008  lukem Use the service name to getaddrinfo() (along with the host name), so that
features such as DNS Service Discovery have a better chance of working.
Suggested by David Young <dyoung>.

Display the service name in various status & error messages.

Don't getservbyname() the :port component of a URL; RFC 3986 says it's
just an unsigned number, not a service name.
 1.153  05-Dec-2007  lukem branches: 1.153.6;
Rename HAVE_STRUCT_SOCKADDR_SA_LEN to HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
to accurately reflect the structure member being used.
 1.152  22-Jul-2007  lukem branches: 1.152.4; 1.152.6;
Replace HAVE_SOCKADDR_SA_LEN with defined(HAVE_STRUCT_SOCKADDR_SA_LEN)
 1.151  24-May-2007  lukem Display times in RFC2822 form rather than using ctime(3), since
the former is more explicit about the timezone offset.
 1.150  15-May-2007  lukem * Modify parse_url() to consistently strip the leading `/' off ftp URLs.
Fixes PR 17617.
* Use 'RFCnnnn' (with leading 0) instead of 'RFC nnnn', to be
consistent with the style in the RFC index.
* Refer to RFC3916 instead of 1738 or 2732.
* Expand the list of supported RFCs in ftp(1) to contain the document
name as well.
 1.149  10-May-2007  lukem Implement copy_bytes() to copy bytes from one fd to another via the
provided buffer, with optional rate-limiting and hash-mark printing,
using one loop and handle short writes.
Refactor sendrequest() and recvrequest() to use copy_data().
Addresses PR 15943.
 1.148  18-Apr-2007  lukem fix rev 1.144: initconn() may be called with verbose==-1 (e.g., during remote
completion), so only print out the successful EPSV response if verbose>0.
 1.147  17-Apr-2007  lukem * Implement -s srcaddr; uses srcaddr as the local IP address for all
connections.
Based on code in the version of ftp that FreeBSD had before they
replaced it with lukemftp.
* Move error message handling into ftp_connect() rather than in the
caller, so that more specific error reporting can occur.
* Improve consistency of various warning and error messages.
 1.146  16-Apr-2007  lukem Replace a "while" with an "if" since the code path only gets executed once.
 1.145  12-Apr-2007  lukem whitespace pedantry
 1.144  11-Apr-2007  lukem Suppress printing non-COMPLETE reply strings from EPSV and EPRT, as we're
going to fall back to PASV / PORT (respectively) if the former fail,
and this avoids printing a failure reply followed by a success reply.
Should fix a problem with the emacs ftp wrapper.
 1.143  13-Dec-2006  christos gcc4 does not care about &foo; use volatile instead. From Anon Ymous
 1.142  23-Oct-2006  christos simplify 421 printing code (jani at xeebioneurope dot de)
 1.141  07-Oct-2006  elad PR/32855: der Mouse: [dM] ftp -q is broken (or misdocumented)

Patch applied, thanks!
 1.140  10-May-2006  mrg quell GCC 4.1 uninitialised variable warnings.

XXX: we should audit the tree for which old ones are no longer needed
after getting the older compilers out of the tree..
 1.139  28-Apr-2006  christos Coverity CID 874: Don't check local; it cannot be NULL.
 1.138  28-Apr-2006  christos Coverity CID 875: local is not allowed to be NULL; don't check for it.
 1.137  31-Jan-2006  christos rename debug to ftp_debug. grr libssh.
 1.136  31-Jan-2006  christos Rename xfoo() to ftp_foo() to avoid collisions with libssh. Don't ask.
 1.135  29-Jun-2005  christos Add NO_USAGE and NO_DEBUG so that we can fit in the floppies again.
 1.134  10-Jun-2005  lukem Implement:
int getline(FILE *stream, char *buf, size_t buflen, const char **errormsg)
Read a line from the FILE stream into buf/buflen using fgets(), so up
to buflen-1 chars will be read and the result will be NUL terminated.
If the line has a trailing newline it will be removed.
If the line is too long, excess characters will be read until
newline/EOF/error.
Various -ve return values indicate different errors, and errormsg
will be changed to an error description if it's not NULL.

Convert to use getline() instead of fgets() whenever reading user input
to ensure that an overly long input line doesn't leave excess characters
for the next input operation to accidentally use as input.

Zero out the password & account after we've finished with it.

Consistently use getpass(3) (i.e, character echo suppressed) when
reading the account data. For some reason, historically the "login"
code suppressed echo for Account: yet the "user" command did not!

Display the hostname in the "getaddrinfo failed" warning.

Appease some -Wcast-qual warnings. Fixing all of these requires
significant code refactoring. (mmm, legacy code).
 1.133  01-Jun-2005  lukem * Only print the "Trying <address>..." message if verbose and
there's more than one struct addrinfo in the getaddrinfo() result.
* Don't use non-standard "u_int".
 1.132  14-May-2005  lukem Fix some cast issues highlighted by Scott Reynolds using gcc 4 on OSX.4
 1.131  13-May-2005  lukem * Correct the "optlen" argument passed to getsockopt(3) and setsockopt(3)
in various places. Fixes a problem noted by Allen Briggs.
* Improve warning printed when connect(2) for the data channel fails.
 1.130  11-May-2005  lukem Use socklen_t instead of int as the 5th argument to getsockopt().
Improve invocation of setsockopt() and associated failure messages.
 1.129  11-Apr-2005  lukem typo in previous
 1.128  11-Apr-2005  lukem gratuitous whitespace cleanup (before someone else jumps the gun...)
 1.127  11-Apr-2005  lukem Implement a timeout on the accept(2) in dataconn() and the
connect(2) in xconnect() by temporarily setting O_NONBLOCK
on the socket and using xpoll() to wait for the operation
to succeed.
The timeout used is the '-q quittime' argument (defaults to
60s for accept(2), and the system default for connect(2)).
Idea inspired by discussion with Chuck Cranor.
This may (indirectly) fix various problems with timeouts
in active mode through broken firewalls.

Implement xpoll() as a wrapper around poll(2), to make it
easier to replace on systems without a functional poll(2).
Unconditionally use xpoll() instead of conditionally using
select(2) or poll(2).
 1.126  20-Jul-2004  lukem branches: 1.126.2;
If an ftp auto-fetch transfer is interrupted by SIGINT (usually ^C),
exit with 130 instead of 1 (or rarely, 0).
This allows an ftp auto-fetch in a shell loop to correctly terminate the loop.
Should fix PR [pkg/26351], and possibly others.
 1.125  10-Apr-2004  lukem If connect(2) in xconnect() fails with EINTR, call select(2) on the socket
until it's writable or it fails with something other than EINTR.
This matches the behaviour in SUSv3, and prevents the problem when
pressing ^T (SIGINFO, which is marked as restartable) during connection
setup would cause ftp to fail with EADDRINUSE or EALREADY when the
second connect(2) was attempted on the same socket.
Problem found and solution provided by Maxime Henrion <mux@freebsd.org>.
 1.124  10-Apr-2004  lukem whitespace consistency tweak
 1.123  10-Dec-2003  lukem Don't warn about "ignored setsockopt" failures unless debugging is
enabled. Suggested by Todd Vierling.

Allow empty passwords in ftp://user:@host/file auto-fetch URLs,
per RFC 1738. Requested by Simon Poole.

Update version.
 1.122  07-Aug-2003  agc Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22365, verified by myself.
 1.121  31-Jul-2003  lukem Invalidate remote directory completion cache if any command which
may change the remote contents completes successfully, including:
del, mdel, ren, mkdir, rmdir, quote, and all upload commands
Patch from Yar Tikhiy <yar@comp.chem.msu.su>.
 1.120  05-Jun-2002  lukem - when showing the final progress bar, replace "00:00 ETA" with the
elapsed time. (suggested by simonb)
- actually display transfer stats after a URL fetch. (bug introduced a
*long* time ago)
- update copyright & version
 1.119  07-May-2002  lukem Use "r+" instead of "r+w", since the latter is not standard.
Noted by <Steve.McClellan@radisys.com> in private email.
 1.118  25-Apr-2002  itojun avoid buffer overrun on PASV from malicious server.
http://online.securityfocus.com/archive/1/269356/2002-04-22/2002-04-28/0
 1.117  26-Dec-2001  lukem update copyrights
 1.116  23-Dec-2001  lukem Add -4 to force IPv4 and -6 to force IPv6 address usage.
From Hajimu UMEMOTO, via Mike Heffner of FreeBSD.

(FreeBSD has imported NetBSD's ftp as their ftp client;
Mike is sending back some of their local changes).
 1.115  20-Dec-2001  lukem Large file ASCII mode support by using fseeko() instead of fseek().
From Andrey A. Chernov of FreeBSD, via Mike Heffner.
 1.114  19-Feb-2001  lukem minor knf
 1.113  27-Nov-2000  itojun fix INET6-less build (like x_ftp). PR11578
 1.112  24-Nov-2000  itojun cope with 2553bis getnameinfo (always attach scope id)
getnameinfo error check.
 1.111  15-Nov-2000  itojun use NI_MAXHOST with getnameinfo. we can assume presense of getnameinfo.
 1.110  11-Oct-2000  is More format string cleanup by sommerfeld.
 1.109  28-Sep-2000  lukem explicitly use SOCK_STREAM with socket() instead of res->ai_socktype,
because it appears that linux with glibc doesn't set the latter
correctly after one of getaddrinfo() or getnameinfo().
 1.108  06-Aug-2000  lukem * implement parseport(), which takes a string and attempts to convert
it to a numeric port number
* use parseport() in parse_url() and hookup()
* don't try and lookup the port number using getaddrinfo(), as it's too hard
to separate a failed host name lookup from a failed service name lookup.
this was causing lossage on systems that don't have `http' in services(5)
(such as solaris), but only crept in when we started using getaddrinfo()
unconditionally.
 1.107  01-Aug-2000  lukem - rename NO_QUAD to NO_LONG_LONG, QUAD* -> LL* and add ULL* (unsigned)
equivalents. name change suggested by Klaus Klein <kjk@netbsd.org>
- change defined(BSD4_4) || HAVE_SIN_LEN tests into HAVE_SOCKADDR_SA_LEN,
and set the latter if BSD4_4 exists
 1.106  31-Jul-2000  lukem - we can't just rename BSD4_4 -> HAVE_SIN_LEN, since bsd systems define BSD4_4;
change tests to test for either defined(BSD4_4) or HAVE_SIN_LEN
- more KNF
 1.105  30-Jul-2000  lukem * always set (struct sockinet).su_len after getsockname() et al, so
that it's valid on systems which don't have sin_len and need the `compat'
version
* fix the accept() in dataconn() to use the correct struct elem
 1.104  30-Jul-2000  lukem * always use getaddrinfo() and getnameinfo() instead of maintaining two code
paths. (lukemftp will provide replacements for these on older systems)
* rename __USE_SELECT to USE_SELECT
* rename BSD4_4 to HAVE_SIN_LEN
* replace union sockunion {} with struct sockinet {}, and modify the code
accordingly. this is possibly more portable, as it doesn't rely upon the
structure alignment within the union for our own stuff.
(XXX: haven't tested the ipv6 stuff)
 1.103  30-Jul-2000  lukem clean up NO_QUAD support: create helper #defines and use as appropriate:
#define NOQUAD ! NOQUAD
------- ------ - ------
QUADF "%ld" "%lld"
QUADFP(x) "%" x "ld" "%" x "lld"
QUADT long long long
STRTOL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
 1.102  18-Jul-2000  lukem add support for FEAT and OPTS commands with `features' and `opts'.
(from RFC 2389).

add support for MLST & MLSD (machine parseble listings) with 'mlst', 'mlsd'
and 'pmlsd' (mlsd |$PAGER) commands. (from draft-ietf-ftpext-mlst-11)

rename remotesyst() to getremoteinfo(), and modify to parse the result from
FEAT (if supported), and take into account the support for the various
extensions such as MDTM, SIZE, REST (STREAM), MLSD, and FEAT/OPTS.
put each feature into one of the following categories:
- known to work (explicit FEAT)
- unknown but assume works until explicit failure, when it's
then tagged as `known not to work'.
- known not to work (FEAT succeeded but didn't return anything,
or was unknown and then explicit failure)
assign results into features[] matrix.

add support to getreply() so that an optional callback will be called
for each line received from the server except for the first and last.
this is used in FEAT (and MLST) parsing.

modify various commands to check if REST (STREAM), MDTM and SIZE are
explicitly or implicitly supported before using.

fix `syst' when verbose is off.

minor knf (indent goto labels by one space, etc).

simply various command usage handlers by assuming that argv != NULL except
for quit() and disconnect().
 1.101  07-Jul-2000  itojun errx?/warnx? audit. do not pass variable alone, use %s. idea from openbsd
 1.100  11-Jun-2000  lukem branches: 1.100.2;
from itojun: better fix for previous (doesn't need in_addr_t or u_int32_t)
 1.99  11-Jun-2000  lukem portability fixes for lukemftp:
* initconn(): use in_addr_t instead of u_int32_t when manipulating IPv6
addresses (and assume anything with ipv6 has in_addr_t; if not, i'll
add an autoconf test for it)
* ai_unmapped(): not all systems have sin_len; so only set #ifdef BSD4_4
* fix some lint
 1.98  05-Jun-2000  lukem - fix ai_unmapped() to be a no-op in the !def INET6 case
- display `(-INET6)' at the end of the version string if !def INET6
- clarify in the man page that IPv6 support may not be present (for lukemftp :)
 1.97  30-May-2000  itojun more comment on IPv4 mapped address handling.
 1.96  29-May-2000  itojun convert IPv4 mapped address (::ffff:10.1.1.1) into real IPv4 address
before touching it. IPv4 mapped address complicates too many things
in FTP protocol handling.
 1.95  01-May-2000  lukem branches: 1.95.2;
convert to ANSI KNF
 1.94  01-May-2000  lukem * Add support for `fget localfile', which reads a list of filenames to
retrieve from localfile. Based on work by Darren Reed.
* Crank version.
* Update copyright dates.
 1.93  14-Mar-2000  itojun inhibit too-noisy message for scoped address data transfer
(will be enabled in "debug" mode).
 1.92  28-Feb-2000  lukem only use IPTOS_ setsockopt()s if they're defined (e.g, SunOS doesn't).
from Havard.Eidnes@runit.sintef.no
 1.91  14-Feb-2000  lukem only use getaddrinfo() et al if both NI_NUMERICHOST *and* INET6 are defined...
(allows --disable-ipv6 in lukemftp's configure script to disable this as
well, which is good for testing when it appears getaddrinfo() is borken)
 1.90  31-Jan-2000  lukem define private type `sigfunc' as
typedef void (*sigfunc) __P((int));
and replace use of sig_t and void (*)(int).

certain other OSes define sig_t differently to that (they add extra arguments),
and it causes problems due to function mismatches, etc...
 1.89  11-Dec-1999  lukem separate out the main `data pump' loop into two: one that supports
rate limiting and one that doesn't. simplifies the code, and speeds
up the latter case a bit, at the expense of duplicating a few lines...
 1.88  26-Nov-1999  lukem * complete_remote(): use remglob("", ...) instead of remglob(".", ...),
for listings of the current working directory; some ftp servers don't
like `NLST .'.
[noted by Giles Lean <giles@nemeton.com.au>]
* recvrequest(): treat remote=="" as remote==NULL when calling command().
(to support the above change)
* support `[user@]' in `[user@]host' and `[user@]host[:][path]'.
[based on idea (and initial code) from David Maxwell <david@fundy.ca>]
* `idle' may be invoked without any args
* reformat some comments
* reformat usage string in program and man page
* call updateremotepwd() after successful login, not after successful connect
* always call setsockopt(, IPPROTO_IP, IP_TOS, ) (et al); using #if
defined(IPPROTO_IP) doesn't work on certain foreign systems where
enums instead of #defines are used...
[noted by Matthias Pfaller <leo@dachau.marco.de>]
 1.87  11-Nov-1999  lukem whitespace nits
 1.86  03-Nov-1999  lukem hookup(): when using getservbyname() (when getaddrinfo() isn't available), if
the provided port is a valid number use that rather than trying to do
getservbyname() against it.
fixes a problem on foreign systems noted by Chuck Silvers <chuq@chuq.com>
 1.85  24-Oct-1999  lukem new features:
- add `usage'; displays the usage of a command.
implemented by calling the c_handler() with argc = 0, argv = "funcname".
- add `passive auto'; does the same as $FTPMODE=auto.
- add `set [option value]'; display all options, or set an option to a value.
- add `unset option'; unset an option.
- add getoptionvalue() to retrieve an option's value, and replace a few
global variables with calls to this.
- implement cleanuppeer(), which resets various bits of state back to
`disconnected'. call in disconnect() and lostpeer().
- support completing on `options'.
- improve recovery after a SIGINT may have closed the connection.
XXX: there's still a couple to fix

other stuff:
- various consistency fixes in the man page.
- ensure that the command usage strings in the code and man page match reality.
- mput/mget: check that the connection still exists before each xfer.
- minor cosmetic changes in confirm().
- set code correctly in sizecmd() and modtime()
- don't need \n in err() strings.
- change lostpeer to take an argument (rather than casting (sig_t)lostpeer
in signal handlers)
- knf and whitespace police.
 1.84  12-Oct-1999  lukem a few user interface and cosmetic tweaks:
* confirm(): move from util.c to cmds.c. display mnemonic string in its prompt.
add support for `q' (terminate current xfer), `?' (show help list)
* in various signal handlers, output a linefeed only if fromatty.
* if fgets(stdin) returned NULL (i.e, EOF), clearerr(stdin) because you don't
want future fgets to fail. this is not done for the fgets() in the main
command loop, since ftp will quit at that point.
* unless ftp is invoked with -a, don't retain the anonftp setting between
hosts (`ftp somehost:' sets anonftp, but you don't want that to `stick'
if you close that connection and open a new one).
 1.83  10-Oct-1999  lukem use sigjmp_buf for sigsetjmp(), instead of jmp_buf.
noted by Havard.Eidnes@runit.sintef.no.
 1.82  09-Oct-1999  lukem allow a second SIGINT during the "xfer aborted. waiting for remote to finish abort."
stage. if this occurs, just call lostpeer() to close the connection. whilst this
might be considered brutal, it's also extremely handy if you're impatient or there's
lossage at the remote end.
 1.81  09-Oct-1999  lukem * use sigsetjmp()/siglongjump() instead of setjmp()/longjmp(); the latter
don't save the signal mask on some foreign systems.
* ensure signal handlers don't use stdio and do reset errno if they
don't exit with siglongjmp()
* use a common SIGINT handler for {send,recv}request()
 1.80  05-Oct-1999  lukem * set SIGQUIT to psummary in each of the xfer routines. (editline seems to
override SIGQUIT when EL_SIGNAL = 1 (but we want the latter for all the
other signal support it has).
* more fixes after previous rototill
 1.79  05-Oct-1999  lukem the prior change was a bit too aggressive in factoring out common code in
{send,recv}request(). completion and uploading now works again...
 1.78  05-Oct-1999  lukem * factor out SIGINFO setting into a handler that is always active (but only
prints out info if bytes > 0). only set the handler if SIGINFO is defined
* hijack SIGQUIT to be the same as SIGINFO (foreign ports have this, and it's
annoying to have SIGQUIT dump core on netbsd when it prints info on other
systems)
* in {recv,send}request(), factor a lot of duplicated code out into a
`cleanup' section at the end
* rework shell() a bit
 1.77  05-Oct-1999  lukem add TNFi copyright to all files i've done more than a minor amount of work to...
 1.76  05-Oct-1999  lukem enhancments from Marc Horowitz <marc@mit.edu> to improve connection timeouts:
* implement xsignal_restart(), which only sets the SA_RESTART flag if
specifically requested
* xsignal() is now a wrapper to xsignal_restart(). INFO, USR1, USR2 and WINCH
are restartable, ALRM, INT, PIPE and QUIT are not.
* improve getreply()'s timeout code to take advantage of the above.

other changes:
* improve wording of how globbing works for `classic' URLs (host:path).
suggested by John Refling <johnr@imageworks.com> in relation to PRs
[bin/8519] and [bin/8520]
* always compile in the `edit' command even if NO_EDITCOMPLETE defined.
it's just a no-op in the latter case, which is more consistent to
the users.
* always compile in about: support (i.e, remove NO_ABOUT).
i'm entitled to some vanity in this program...
* clean up some whitespace
 1.75  01-Oct-1999  lukem restart_point is a global; no need for it here
 1.74  01-Oct-1999  lukem If EPSV or EPRT fails, disable epsv4 for the rest of the current connection.
the disabled state can be overridden by toggling epsv4.

(I got sick of the errors about EPSV not being supported on almost
every server I connect to. This way we retain support for epsv4, but
it's not so whiny after the first failure...)
 1.73  01-Oct-1999  lukem prefix the global variables in ftp_var.h with GLOBAL, which defaults
to "extern" if it's not set. define GLOBAL to (empty) in main.c.
this effectively moves all the globals into main.c whilst retaining
namespace access to them in other source files.
(global vars in header files confuse foreign linkers)
 1.72  30-Sep-1999  lukem * In the !NI_NUMERICHOST case (i.e, getaddrinfo() challenged systems), portnum
should be in host order. found/fixed by Matthias Pfaller <leo@dachau.marco.de>
* parse_url(): improve checking of portnum, and add an extra argument to pass
back the parsed portnum to the caller (reduces a bit of code duplication)
* Move the KAME/WIDE copyrights after the BSD/TNFi ones. Since there was
significantly less code added under the former, it's only fair on the latter.
 1.71  30-Sep-1999  lukem in empty(), FD_ZERO(&rmask) not (&cin). (hi christos! :)
fixes abort_remote() when __USE_SELECT is defined.
thanks to simonb@netbsd.org for reporting this bug
 1.70  29-Sep-1999  lukem * consistentnly use memset(a,0,c); there were some cases of memset(a,'\0',c)
* remove explicit extern int h_errno; it's in <netdb.h>
* add <termios.h> back to util.c; it contains struct winsize on some systems
 1.69  28-Sep-1999  lukem remove debugging cruft
 1.68  28-Sep-1999  lukem * add new commands:
lpage page local files
pdir as dir, but through your $PAGER
pls as ls, but through your $PAGER
* implement docase() (a la dotrans() et al) and use appropriately, rototilling
some duplicated code
* globulize(): modify to return a pointer to the strdup()ed result in all cases,
and hack the code that calls it to take this into account
* replace strcpy() and strncpy() with strlcpy()
* put(), getit(): use some aptly named local vars instead of argv[...]
* delint
 1.67  27-Sep-1999  lukem * idle(): rename to idlecmd(). certain linux distributions have an incompatible
prototype for idle() in <unistd.h> (which i thought was against namespace
and sensibility guidelines, but...)
* consistently use xsignal() instead of signal(). we get known behaviour
in all cases (SA_RESTART), which is good for some borken foreign systems.
* remove signal.h from most files; it's unnecessary now
* fetch_url(): use `long chunksize' instead of ssize_t; it's more portable, and
we're setting chunksize with strtol() anyway
* xsignal(): only use SA_RESTART if it exists. SunOS 4.x doesn't have it
but has the inverse (SA_INTERRUPT). the original function i was inspired
from had this support (lib/signal.c, W. Richard Stevens' `UNP 2nd ed Vol 1').
* remove <termios.h> from util.c; it should be unnecessary now
 1.66  24-Sep-1999  lukem * use %lld instead of %qd to print out (long long) vars.
(slightly more portable; e.g, solaris supports this)
* remove some fluff (lint)
 1.65  24-Sep-1999  lukem fix a couple of thinkos in my recent work:
* abort_remote(): replace borken MIN(4,BUFSIZ) with just BUFSIZ; it
should have been MAX(4,BUFSIZ), but it's probably safe to assume that
BUFSIZ is at least 3... (fix from simonb)
* auth_url(): use the correct variable when calculating a buffer size.
 1.64  22-Sep-1999  lukem branches: 1.64.2;
* add support for `xferbuf', which sets both `sndbuf' and `rcvbuf'
* document the above three commands
* rototill the way the sndbuf and rcvbuf work. remove resetsockbufsize()
* use the appropriate socket buffer size as the size of the buffer that
the read()/write() loops use. speeds up things in some cases.
 1.63  22-Sep-1999  lukem replace snprintf() with strlcpy(), strlcat(), or direct assignment
where appropriate. (strlc*() are easier to port to foriegn systems).

XXX; there's still a few snprintf's in the progress meter stuff to convert
 1.62  21-Sep-1999  lukem * protect more of the AF_INET6 stuff with #ifdef INET6 (for portability)
* in the main data moving loops only call the initial gettimeofday() if
rate throttling is enabled (saves a system call per loop when not
throttling).
 1.61  14-Sep-1999  mycroft warn()->warnx() in a couple of places.
 1.60  03-Sep-1999  itojun sync with recent kAME.
- avoid s6_addr{8,16,32} which are nonstanard.
 1.59  01-Sep-1999  itojun ftpd(8): Copy sin6_scope_id from control connection to active data
connection destination, hoping this to help ftpd's behavior with
scoped IPv6 addresses.
I'm not sure if it is the right way, but it is the best way available to us.
LPRT or EPRT command gives no information about which interface (or scope)
to be used for new data connection.

ftp(1): On data connection establishment, warn if scoped address is used.
If peer (ftp daemon) does not handle scoped address, data connection
may not work right.

This seems to be sort of protocol spec hole, not implementation issue.
 1.58  29-Aug-1999  christos make ftp work again with the traditional gethostbyname/getservbyname
interfaces.
 1.57  20-Jul-1999  itojun cleanup EPSV return code checking part.
remove debug fputs() left by mistake.
 1.56  17-Jul-1999  itojun avoid false warnings on 22x reply code checks. previous code was too picky.

From: Wolfgang Rupprecht <wolfgang@wsrcc.com>
 1.55  13-Jul-1999  itojun implement more fallback case for EPSV. BSDI ftpd is very broken
that it returns status 228 against EPSV, where it must return status
of 229.

separate PASV and LPSV processing.

PR: 7976
 1.54  11-Jul-1999  itojun add epsv4 command, which enable/disable the use of EPSV/EPRT.

this is mainly for (hypothetical) ftp server which disconnect clients
that use EPSV/EPRT. I've never seen any ftp server like this, but
epsv4 command may be of use when such an ftp server is found.
 1.53  11-Jul-1999  christos oops, need to declare tos.
 1.52  10-Jul-1999  christos Kludge around non 4.4BSD systems that don't have a length field in struct
sockaddr*.
 1.51  10-Jul-1999  christos remove unused variable
 1.50  03-Jul-1999  itojun free dynamically allocated storage on error.
 1.49  03-Jul-1999  itojun clearify socket/connect loop.
 1.48  02-Jul-1999  itojun add dual-stack (IPv4/v6) support. hope I broke no other part...
 1.47  02-Jul-1999  lukem make a pointers static again (that were made automatic as part of the
xfer rate stuff, but i never completed the changes that didn't need it
set).
fixes a coredump noticed on current-users@ by Chan Yiu Wah <c5666305@hkstar.com>
 1.46  29-Jun-1999  lukem [fear this; more ftp hacking from lukem :-]

features:
 1.45  24-Jun-1999  christos rework empty() to work with both select and poll and abstract it better.
 1.44  02-Jun-1999  lukem * fix gate mode to login as `user@realhost' rather than using PASSERVE;
the latter only seemed to work for TIS Gauntlet and not TIS fwtk.
thanks to simonb@netbsd.org for testing this. fixes [bin/5556].
* if EOF (e.g, ^D) is entered at a username/password/account prompt which
happens to use fgets(), exit the login rather than treating EOF as CR.
* don't use the comma operator where separate statements are valid
* always use snprintf to copy stuff into malloced buffers, just in case
typos creep in and mean that the buffer ends up being overflowed
 1.43  04-May-1999  lukem print the "xxx bare linefeeds" message after the progressmeter. noted by dan@
 1.42  28-Apr-1999  lukem * make parsing of ftp:// urls more RFC 1738 compliant;
- the path is split on `/', and each directory is CWD-ed into separately.
(from [standards/7484] by Alan Barrett <apb@iafrica.com>)
- support a trailing `;type=X' suffix, where X is a,i, or d. (d isn't
implemented, but it is recognised)
- the only non-compliant behaviour is that empty directories sections
(e.g `//') aren't run as `CWD ' - as a lot of ftpds don't like that.
Instead, treat this as a no-op.
* don't support globbing for ftp urls, since that's technically not
RFC compliant.
* fix a couple of man-page nits
 1.41  19-Feb-1999  lukem branches: 1.41.2;
support restart during proxy transfers (the traditional ftp command, not the
http proxy). seems to work with my limited testing (i'm not a big user of
proxy). bug noted by Jorgen Lundman <lundman@argonaut.com> in [bin/5948]
 1.40  24-Jan-1999  lukem * -v enables verbose & progress, -V disables both
* set setvbuf(ttyout, NULL, _IOLBF, 0) and remove a bunch of fflush(ttyout).
* use fwrite() instead of write() for progressmeter (don't intermix stdio
with non stdio ops)
 1.39  05-Jan-1999  lukem Fall back from passive to active if connect() fails. (from openbsd)
 1.38  08-Aug-1998  lukem * implement xsignal(); same semantics as signal() but uses sigaction
with an explicit SA_RESTART. (needed for portability)
* use xsignal() for SIGALRM and SIGINFO handlers
 1.37  03-Aug-1998  lukem features:
* support $no_proxy, which is a comma or space separated list of
host[:port] elements for which proxying is to be disabled.
(asked for by cgd in [bin/5027])
* if $FTPANONPASS is defined, use that as the anon ftp password
(instead of "`whoami`@")
* allow http URL's without a filename as long as an output file
is specified.

other stuff:
* implement parse_url(), which breaks up a URL into its bits, and use.
* simplify url_get() and auto_fetch() to use parse_url() and to not
modify the supplied URL or a copy of it.
* implement xmalloc() and xstrdup(); error-checked malloc()/strdup()
* add more consistency to messages, quoting strings in output as `%s'
 1.36  10-Jul-1998  thorpej Add "sndbuf" and "rcvbuf" commands for setting the socket buffer sizes,
which in turn can allow the use of larger TCP windows. This is a work in
progress; there is not yet support for specifying global defaults or
user prefrences on a host/network basis.
 1.35  04-Jun-1998  lukem some fixes & enhancements from openbsd's ftp, with extra fixes by me:
* default to passive with active fallback. $FTPMODE modifies this behaviour.
-A forces active connection.
* support '-o outfile' for auto-fetched files. outfile can be a file,
`-' (for stdout), or '|command' (to output each file through command).
* support '-r waittime', which retries the connection after waittime seconds
if it fails.
* fix 'page file' when restart is non-zero.
* try all ip-addresses of a host in a http fetch (as the normal ftp fetch
does).

XXX: a ``broken pipe'' error sometimes occurs with -o '|command';
i haven't tracked this down yet.
 1.34  20-May-1998  pk Restore `preserve' value when we no longer need the modified version.
 1.33  20-May-1998  christos - add <signal.h> since we are using signals.
- add <sys/time.h> since we are using utimes
- don't require quad_t to exist to compile.
 1.32  01-Apr-1998  kleink Need <time.h> for asctime() and localtime() prototypes.
 1.31  18-Jan-1998  lukem * ensure buffer for username is initialised, so ^D on username prompt
doesn't use garbage for the username. from "Soren S. Jorvang" <soren@t.dk>
in [bin/4559]
* use in_port_t for ports, and USHRT_MAX instead of 0xffff
(from millert@openbsd.org)
* use `NULL' instead of `(.... *)0' where appropriate.
 1.30  01-Nov-1997  lukem * in recvrequest(), ignore restart_point unless "RETR"ieving. fixes problems
where a remote completion or `mget' would confuse the client a `restart'
had been issued beforehand. now, `restart' is remembered until an operation
that can actually use it is invoked.
* in sendrequest(), don't reset restart_point upon entry. fixes `restart'
for `put' operations.
* if `restart' is invoked with no arguments, print current setting instead
of displaying a usage
* consistently use printf("%qd", (long long)restart_point) when displaying
restart_point
* use strto[lq]() instead of atol() when parsing `mark' and `restart' values
* remove unnecessary strlen()s when result of previous snprintf() will do
* replace a few malloc()/strcpy()s with strdup()s
* use SECSPERHOUR instead of '3600'
 1.29  19-Oct-1997  mycroft branches: 1.29.2;
Use S_IS*(), not S_IF*.
 1.28  13-Sep-1997  lukem Fixes from Todd Miller <Todd.Miller@courtesan.com>:
* use size_t instead of int in places
* use symbolic constants when using access()
 1.27  18-Aug-1997  lukem bugs fixed:
* don't interpret '-' or '|' when a local filename is determined from
the remote name (i.e, in mget, and in get with only one argument).
This is implemented using an extra argument to recvrequest().
Fixes a major security hole.
* clean up memory leak when using globulize()
* clean up a couple of comments
* fix wording in TNF copyright

features added:
* support for TIS fwtk gate-ftp servers:
* read defaults from $FTPSERVER && $FTPSERVERPORT
* start in gate-ftp mode if invoked as 'gate-ftp'
* toggle or set with 'gate [host [port]]'
 1.26  20-Jul-1997  lukem * use RCSID() && COPYRIGHT() macros
* cleanup for WARNS=1 (including some ugly '(void)&var' bits wrapped in
#ifdef __GNUC__ to shut up gcc warnings WRT setjmp/longjmp)
* use strtol() instead of atoi(), and more extensively check result of
conversion
* use u_int16_t instead of short or int for TCP port addresses
 1.25  14-Apr-1997  lukem More enhancements/bugfixes (when will it end?)
* differentiate between being connected, and being logged in
* cleanup some text messages
* support username & password ftp URLs (ftp://user:pass@host/) in non-proxy
situations; assume proxy supports it for proxy situations.
* cd to / before performing any autofetch transfers
* use strncasecmp in URL parsing. fix from <Todd.Miller@courtesan.com>
 1.24  16-Mar-1997  lukem Fixes from <Todd.Miller@cs.colorado.edu>, with some cleanup and reworks by me:
* only echo "Passive mode" in verbose mode; scripts that use ftp
may get unwanted output otherwise
* disable progress bar and modification time preservation when
retreiving to a non-regular files. fixes progress bar getting in
way of "get file /dev/tty"
* setup el_init() et al if editing is set, not if fromatty.
TODO: migrate this to a function, and call if editing is turned on later
in the session. also implement edit_cleanup if editing is turned off
* call el_set() after setting SIGWINCH handler. This fixes the problem
when suspending in a non-cbreak shell (e.g, csh) would trash your tty mode.
* reset interactive mode correctly in auto_fetch() mget mode
 1.23  13-Mar-1997  lukem Features:
* support remglobbing of auto_fetch arguments
* new flag - '-e'; disable editing
* "page file" == "get file |${PAGER-less}"

Bugfixes/cleanup:
* consistently use a trailing '.' on messages
* code cleanup, including buffer overrun fixes, use puts
and putchar in places, etc (inspired by OpenBSD mods)
* disable progress bar when local-file is a pipe or '-'
* skip \r in http headers
* fix remote ftpd slash bug more elegantly (so it works with ////)
* abort_remote(): check if cout==NULL before using it. should fix [bin/3273]
* fixed up cosmetic problems when complete_remote() generated errors from the
remote server (such as "no files found", "login with user and pass", ...)
done by adding extra argument to remglob(), which is a pointer to an error
buffer to put messages in rather than printing to stdout.
 1.22  01-Feb-1997  lukem [Yet Another Huge Ftp Commit - hopefully the last for a while,
barring any more little things people want added ...]

New features:
* progressmeter is now asynchronous, so "stalled" transfers can be
detected. "- stalled -" is displayed instead of the ETA in this case.
When the xfer resumes, the time that the xfer was stalled for is
factored out of the ETA. It is debatable whether this is better than
not factoring it out, but I like it this way (I.e, if it stalls for 8
seconds and the ETA was 30 seconds, when it resumes the ETA will still
be 30 seconds).
* verbosity can be disabled on the command line (-V), so that in auto-fetch
mode the only lines displayed will be a description of the file, and
the progress bar (if possible)
* if the screen is resized (and detected via the SIGWINCH signal), the
progress bar will rescale automatically.

Bugs fixed:
* progress bar will not use the last character on the line, as this can
cause problems on some terminals
* screen dimensions (via ioctl(TIOCWINSZ)) should use stdout not stdin
* progressmeter() used some vars before initialising them
* ^D will quit now. [fixes bin/3162]
* use hstrerror() to generate error message for host name lookup failure.
* use getcwd instead of getwd (it should have been OK, but why tempt fate?)
* auto-fetch transfers will always return a positive exit value upon failure
or interruption, relative to the file's position in argv[].
* remote completion of / will work, without putting a leading "///".
This is actually a bug in ftpd(1), where "NLST /" prefixes all names
with "//", but fixing every ftpd(1) is not an option...
 1.21  19-Jan-1997  lukem New features:
* Command line editing via editline(3) library.
* Context sensitive command and file completion, including remote files.

Enhancements to auto-fetch feature:
* Support for http:// URLs using the http protocol, including proxy HTTP
support via $htty_proxy if it's defined.
* The connection is kept open between successive files on the same host.
(obviously, this does not count for http requests.)
* Return value of ftp is 0 on no error, or the offset in argv[] of the file
which failed (i.e., argv[x] failed, ftp returns x).
* If the path in an ftp URL or classic format line has a trailing '/',
cd to the path and enter interactive mode. Fixes [bin/3011], albiet
requiring the user to help ftp in determining the operation.

Other changes:
* '-P port' works for normal ftp, and is the default for all classic style
auto-fetch transfers and for ftp URLs that don't specify the port.
(previously it would just work for the first xfer.)
* Some code moved into separated files along logical divisions.
* Editing and completion can be compiled out with -DSMALLFTP.
 1.20  09-Jan-1997  tls RCS ID police
 1.19  29-Dec-1996  lukem * preserve modtime if size is 0 [bin/3040, Enami Tsugutomo]
* in autofetch mode, don't retry a file if the connection failed - skip it
and move to the next file. [bin/3051, Matt Green]
* only print error messages from SIZE or MDTM if the user used 'size' or
'modt' (respectively). prevents extraneous warnings during normal transfers
when connected to a site which doesn't support these (behaviour prior to
last commit), but still allows error feedback to specific user requests
for this info (which the last commit broke).
* 'account': only accept one optional argument
* if invoked as pftp, default to passive mode on (from FreeBSD)
* remove leading '0 ' in progress bar - looked ugly
* use warn instead of perror
* use strncpy when src isn't known to have safe length
* remglob(): use mkstemp() to prevent symlink games, and don't override
_PATH_TMP, use it as the prefix to the temp file
 1.18  25-Dec-1996  christos - make sure that the reply string is null-terminated, and copy only up to
the initialized copy of the source string, since the source string is not
null terminated at this point.
 1.17  06-Dec-1996  lukem 'b' == bits not bytes. for all prefixes >= 'K', explicitly specify 'B'
afterwards. don't print anything for a pure byte count. rework ETA display
as well.
 1.16  06-Dec-1996  lukem functionality mods:
* implement 'progress bar/meter' (inspired by ncftp). use 'progress' to
toggle on. it will display current file size to 5 digits, automatically
determining suffix (up to 16384 P (petabytes) == 2^64).
* 'ls' now uses NLST (unadorned listing), a la older ftp clients. 'dir'
still does LIST (long listing). idea from John Nemeth <jnemeth@cue.bc.ca>

bug fixes:
* return first line of reply in reply_string[] from getreply(), instead
of last line. This fixes [bin/741] (parsing of SYST), and also means
that SIZE and MDTM messages will be parsed correctly if they're longer
than 1 line.
* parse URL-style auto-ftps that have no filename correctly
(e.g, ftp://host, ftp://host/, ftp://host/dir/). pointed out by
Jaromir Dolecek <dolecek@saruman.ics.muni.cz>
* pass the correct size array in 2nd arg of utimes() when setting the
modification time
 1.15  28-Nov-1996  lukem More features, some of which were inspired by changes that
friedman@gnu.ai.mit.edu (Noah Friedman) made to his modified ftp:
- implement "lpwd" - local pwd
- implement "preserve" - toggle preserving of file modification
times on retrieved files
- allow for explicit "on" or "off" arg to toggle commands
- "exit" synonym for "quit", "msend" synonym for "mput"
- in confirmation mode, allow 'a' (yes to rest of current command),
and 'p' (turn off prompt mode, as if 'prompt off' was done,
effective immediately)
- "modtime" returns time formatted as localtime, not GMT

Bug fixes:
- check for extraneous args on commands
- cleanup const usage, line formatting
- create 0 length temporary file in remglob() to prevent symlink games
(from OpenBSD)
- check length of filename of ~/.netrc (from OpenBSD)
 1.14  25-Nov-1996  lukem cleanups/bugfixes:
- don't echo 'ACCT' parameter when debugging (a la 'PASS')
- Fix checking of directory access for "/foo", the parent
directory is "/", not "" (from FreeBSD)
- remove trailing whitespace on lines
- add any missing NetBSD tags
- cleanups to man page, includinging sorting options description

feature additions:
- variable sized hash marks (from [bin/683], but done in the hash command
as an optional arg)
- more user-friendly transfer time printing (from FreeBSD, with mods)
- '-p' command line option to jump into PASV mode (closes [bin/2857],
but with an option rather than checking argv[0])
- SIGINFO support for printing xfer stats when sending/receiving requests
- '-P port' for changing the port to connect to (from thorpej@netbsd.org)
- '-a': bypass normal login, and try anonymous login (from OpenBSD
via thorpej)
- autofetch files via url (ftp://...) or "classic" (host:/file)
(from OpenBSD via thorpej)
- 'ftp' synonymous with 'open' (from FreeBSD)
 1.13  16-Sep-1995  pk Correct timersub() argument order (from Thomas Eberhardt; PR#1470).
 1.12  08-Sep-1995  tls Sync with 4.4lite2
 1.11  21-May-1995  mycroft Use inet_aton(), not inet_addr().
 1.10  21-Mar-1995  mycroft Update to use timer{add,sub}().
 1.9  29-Aug-1994  mycroft branches: 1.9.2;
Add RCS ids.
 1.8  25-Aug-1994  cgd passive mode support, from David Carrel <carrel@cisco.com>, and cleaned
up for the new ftp sources by me.
 1.7  25-Aug-1994  cgd the previous local changes
 1.6  25-Aug-1994  cgd clean up import, no local changes.
 1.5  28-Mar-1994  cgd kill typo
 1.4  27-Mar-1994  cgd off_t foo
 1.3  23-Sep-1993  mycroft Display bytes/second rather than kbytes/sec, and use 3 digits of
precision for transfer time.
 1.2  01-Aug-1993  mycroft Add RCS identifiers.
 1.1  21-Mar-1993  cgd branches: 1.1.1; 1.1.2;
Initial revision
 1.1.2.1  25-Aug-1994  cgd import from 4.4-Lite
 1.1.1.2  05-Sep-1995  tls imported from 44lite2
 1.1.1.1  21-Mar-1993  cgd initial import of 386bsd-0.1 sources
 1.9.2.2  29-Aug-1994  mycroft Add RCS ids.
 1.9.2.1  29-Aug-1994  mycroft file ftp.c was added on branch netbsd-1-0 on 1994-08-29 03:09:16 +0000
 1.29.2.2  10-Nov-1998  cgd pull up rev(s) 1.31-1.38 from trunk. (feyrer)
 1.29.2.1  18-Nov-1997  mellon Pull rev 1.30 up from trunk (lukem)
 1.41.2.1  22-Jun-1999  perry pullup 1.41->1.44 (lukem)
 1.64.2.1  27-Dec-1999  wrstuden Pull up to last week's -current.
 1.95.2.1  23-Jun-2000  minoura Sync w/ netbsd-1-5-base.
 1.100.2.2  26-Apr-2002  he Pull up revision 1.118 (requested by itojun):
Avoid buffer overrun on PASV response from a malicious server.
 1.100.2.1  18-Oct-2000  tv Pullup usr.bin string format fixes [is].
See "cvs log" for explicit revision numbers per file, from sommerfeld.
 1.126.2.9  24-Jul-2005  tron Pull up revision 1.135 (requested by lukem in ticket #606):
Add NO_USAGE and NO_DEBUG so that we can fit in the floppies again.
 1.126.2.8  24-Jul-2005  tron Pull up revision 1.134 (requested by lukem in ticket #606):
Implement:
int getline(FILE *stream, char *buf, size_t buflen, const char **errormsg)
Read a line from the FILE stream into buf/buflen using fgets(), so up
to buflen-1 chars will be read and the result will be NUL terminated.
If the line has a trailing newline it will be removed.
If the line is too long, excess characters will be read until
newline/EOF/error.
Various -ve return values indicate different errors, and errormsg
will be changed to an error description if it's not NULL.
Convert to use getline() instead of fgets() whenever reading user input
to ensure that an overly long input line doesn't leave excess characters
for the next input operation to accidentally use as input.
Zero out the password & account after we've finished with it.
Consistently use getpass(3) (i.e, character echo suppressed) when
reading the account data. For some reason, historically the "login"
code suppressed echo for Account: yet the "user" command did not!
Display the hostname in the "getaddrinfo failed" warning.
Appease some -Wcast-qual warnings. Fixing all of these requires
significant code refactoring. (mmm, legacy code).
 1.126.2.7  24-Jul-2005  tron Pull up revision 1.133 (requested by lukem in ticket #606):
* Only print the "Trying <address>..." message if verbose and
there's more than one struct addrinfo in the getaddrinfo() result.
* Don't use non-standard "u_int".
 1.126.2.6  24-Jul-2005  tron Pull up revision 1.132 (requested by lukem in ticket #606):
Fix some cast issues highlighted by Scott Reynolds using gcc 4 on OSX.4
 1.126.2.5  18-May-2005  snj Pull up revision 1.131 (requested by lukem in ticket #301):
* Correct the "optlen" argument passed to getsockopt(3) and setsockopt(3)
in various places. Fixes a problem noted by Allen Briggs.
* Improve warning printed when connect(2) for the data channel fails.
 1.126.2.4  18-May-2005  snj Pull up revision 1.130 (requested by lukem in ticket #318):
Use socklen_t instead of int as the 5th argument to getsockopt().
Improve invocation of setsockopt() and associated failure messages.
 1.126.2.3  09-May-2005  tron Pull up revision 1.129 (requested by lukem in ticket #266):
typo in previous
 1.126.2.2  09-May-2005  tron Pull up revision 1.128 (requested by lukem in ticket #266):
gratuitous whitespace cleanup (before someone else jumps the gun...)
 1.126.2.1  09-May-2005  tron Pull up revision 1.127 (requested by lukem in ticket #265):
Implement a timeout on the accept(2) in dataconn() and the
connect(2) in xconnect() by temporarily setting O_NONBLOCK
on the socket and using xpoll() to wait for the operation
to succeed.
The timeout used is the '-q quittime' argument (defaults to
60s for accept(2), and the system default for connect(2)).
Idea inspired by discussion with Chuck Cranor.
This may (indirectly) fix various problems with timeouts
in active mode through broken firewalls.
Implement xpoll() as a wrapper around poll(2), to make it
easier to replace on systems without a functional poll(2).
Unconditionally use xpoll() instead of conditionally using
select(2) or poll(2).
 1.152.6.2  22-Jul-2007  lukem Replace HAVE_SOCKADDR_SA_LEN with defined(HAVE_STRUCT_SOCKADDR_SA_LEN)
 1.152.6.1  22-Jul-2007  lukem file ftp.c was added on branch matt-mips64 on 2007-07-22 05:02:51 +0000
 1.152.4.1  09-Jan-2008  matt sync with HEAD
 1.153.6.1  18-May-2008  yamt sync with head.
 1.155.2.1  23-Jun-2008  wrstuden Sync w/ -current. 34 merge conflicts to follow.
 1.156.6.1  13-May-2009  jym Sync with HEAD.

Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
 1.162.2.2  30-Oct-2012  yamt sync with head
 1.162.2.1  17-Apr-2012  yamt sync with head
 1.163.2.2  27-Aug-2016  bouyer Apply patch, requested by nonaka in ticket #1375:
src/usr.bin/ftp/cmds.c: patch
src/usr.bin/ftp/fetch.c: patch
src/usr.bin/ftp/ftp.1: patch
src/usr.bin/ftp/ftp.c: patch
src/usr.bin/ftp/ftp_var.h: patch
src/usr.bin/ftp/main.c: patch
src/usr.bin/ftp/ssl.c: patch
src/usr.bin/ftp/ssl.h: patch
src/usr.bin/ftp/version.h: patch
Update ftp(1) to version 20150912, adding https via proxy support.
 1.163.2.1  17-Dec-2013  bouyer Apply patch, requested by tron in ticket #997:
usr.bin/ftp/Makefile patch
usr.bin/ftp/cmds.c patch
usr.bin/ftp/cmdtab.c patch
usr.bin/ftp/extern.h patch
usr.bin/ftp/fetch.c patch
usr.bin/ftp/ftp.1 patch
usr.bin/ftp/ftp.c patch
usr.bin/ftp/ftp_var.h patch
usr.bin/ftp/main.c patch
usr.bin/ftp/progressbar.c patch
usr.bin/ftp/ssl.c patch
usr.bin/ftp/ssl.h patch
usr.bin/ftp/util.c patch
usr.bin/ftp/version.h patch

Add HTTPS support to ftp(1).
 1.164.10.1  13-Mar-2016  martin Pull up following revision(s) (requested by nonakap in ticket #1133):
usr.bin/ftp/fetch.c: revision 1.208-1.221
usr.bin/ftp/cmds.c: revision 1.136-1.137
usr.bin/ftp/ssl.c: revision 1.5
usr.bin/ftp/ftp.c: revision 1.165-1.166
usr.bin/ftp/ftp_var.h: revision 1.84

Workaround const issues of SSL_set_tlsext_host_name.

Use the proper format "[IPv6 address]:port" when reporting connection
attempts to IPv6 endpoints.

(Hopefully) fix build without IPv6 support

Try to factor out some code, this is completely out of control.

Separate no_proxy handling.

Factor the proxy handling code out.

Fix compile failure without WITH_SSL.

PR/50438: NONAKA Kimihiro: ftp(1): CONNECT method support

make DPRINTF/DWARN always statements.

Fix to connect https via proxy.

Fix ttyout message.

Simplify and factor out connect message

Split the position/size parsing into a separate function.

Mark function as only needed with ssl.

Fix downloads of local files using file:// URLs

Initialize the token match pointer.

use sizeof() and array notation.
CID 1354295: Array overrun.
 1.166.2.1  04-Nov-2016  pgoyette Sync with HEAD
 1.167.14.1  10-Jun-2019  christos Sync with HEAD
 1.167.6.3  12-Sep-2022  martin Catch up to current, requested by christos in ticket #1763:

usr.bin/ftp/Makefile up to 1.39
usr.bin/ftp/cmds.c up to 1.141
usr.bin/ftp/complete.c up to 1.47
usr.bin/ftp/domacro.c up to 1.23
usr.bin/ftp/extern.h up to 1.82
usr.bin/ftp/fetch.c up to 1.235
usr.bin/ftp/ftp.1 up to 1.147
usr.bin/ftp/ftp.c up to 1.174
usr.bin/ftp/ftp_var.h up to 1.86
usr.bin/ftp/main.c up to 1.128
usr.bin/ftp/progressbar.c up to 1.24
usr.bin/ftp/progressbar.h up to 1.9
usr.bin/ftp/ssl.c up to 1.12
usr.bin/ftp/ssl.h up to 1.5
usr.bin/ftp/util.c up to 1.164
usr.bin/ftp/version.h up to 1.94

ftp(1): validate address from PASV and LPSV response.
ftp(1): use raw write(2) instead of fwrite(3) to avoid stream
corruption because of the progress bar interrupts.
Fixes for PR 56219 and PR 55857.
PR 57003: Support relative redirects.
 1.167.6.2  12-Sep-2022  martin Backout ticket #1763 for now - trust anchors are not solved.
 1.167.6.1  12-Sep-2022  martin Catch up to current, requested by christos in ticket #1763:

usr.bin/ftp/Makefile up to 1.39
usr.bin/ftp/cmds.c up to 1.141
usr.bin/ftp/complete.c up to 1.47
usr.bin/ftp/domacro.c up to 1.23
usr.bin/ftp/extern.h up to 1.82
usr.bin/ftp/fetch.c up to 1.235
usr.bin/ftp/ftp.1 up to 1.147
usr.bin/ftp/ftp.c up to 1.174
usr.bin/ftp/ftp_var.h up to 1.86
usr.bin/ftp/main.c up to 1.128
usr.bin/ftp/progressbar.c up to 1.24
usr.bin/ftp/progressbar.h up to 1.9
usr.bin/ftp/ssl.c up to 1.11
usr.bin/ftp/ssl.h up to 1.5
usr.bin/ftp/util.c up to 1.164
usr.bin/ftp/version.h up to 1.94

ftp(1): validate address from PASV and LPSV response.
ftp(1): use raw write(2) instead of fwrite(3) to avoid stream
corruption because of the progress bar interrupts.
Fixes for PR 56219 and PR 55857.
PR 57003: Support relative redirects.
 1.168.2.7  12-Sep-2022  martin Catch up to current, requested by christos in ticket #1523

usr.bin/ftp/Makefile up to 1.39
usr.bin/ftp/fetch.c up to 1.235
usr.bin/ftp/ftp.1 up to 1.147
usr.bin/ftp/ftp_var.h up to 1.86
usr.bin/ftp/main.c up to 1.128
usr.bin/ftp/ssl.c up to 1.12
usr.bin/ftp/util.c up to 1.164
usr.bin/ftp/version.h up to 1.94

PR 57003: Support relative redirects.
 1.168.2.6  24-Oct-2021  martin Pull up following revision(s) (requested by lukem in ticket #1367):

usr.bin/ftp/ftp.c: revision 1.174

ftp: remove unnecessary variable assignments

Remove assignment to error in initconn(); it's not tested anywhere after the
initial use, so no need to set it before goto bad.
(Looks like copypasta from the initial addition of the code in rev 1.48.)
 1.168.2.5  24-Oct-2021  martin Pull up following revision(s) (requested by lukem in ticket #1366):

usr.bin/ftp/ftp.c: revision 1.173

ftp: validate address from PASV and LPSV response

Fail if the server's response to PASV or LPSV contains an IP address
that doesn't match that of the control connection.
(EPSV already only uses the port portion of the server's response,
per RFC 2428).

Previously a hostile server could cause ftp to open a data connection elsewhere.
Many other ftp implementations have had a similar change for many years,
including those in popular browsers (before they deprecated FTP ...)

Thanks to Simon Josefsson notifying me about
https://lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html
 1.168.2.4  14-Jun-2021  martin Pull up following revision(s) (requested by lukem in ticket #1293):

usr.bin/ftp/ftp.c: revision 1.172

set SO_KEEPALIVE on control connection

Attempt to prevent timeouts of the control connection by setting SO_KEEPALIVE.
This matches the equivalent behaviour in ftpd.

Note: This is a much simpler change than adding a background polling event
to invoke "STAT" (or "NOOP") on the control connection during a transfer.
(It's unclear from RFC 959 whether "NOOP" is even permitted during a transfer).

PR bin/56129
 1.168.2.3  14-Jun-2021  martin Pull up following revision(s) (requested by lukem in ticket #1291):

usr.bin/ftp/ftp.c: revision 1.169
usr.bin/ftp/util.c: revision 1.161

ftp: exit if lostpeer invoked by a signal

lostpeer() calls too many async-unsafe functions (both directly
and indirectly) to close and cleanup the remote connections,
so just exit after the cleanup if invoked by a signal.

Reported in private mail by Qi Hou.

May also resolve a crash reported by Thomas Klausner.
 1.168.2.2  14-Jun-2021  martin Pull up following revision(s) (requested by lukem in ticket #1290):

usr.bin/ftp/version.h: revision 1.90
usr.bin/ftp/ftp.c: revision 1.170

ftp.c: improve signal handler restoration

Only invoke the old signal handler if it's a real signal handler
and not SIG_IGN, SIG_DFL, SIG_HOLD, or SIG_ERR, using new static
function issighandler().

Avoids an intermittent race condition with a null pointer
dereference via (*SIG_DFL)().

Bug class reported by Joyu Liao from Juniper Networks.

Use SIG_ERR instead of NULL as the indicator that a signal handler
hasn't been changed, so that SIG_DFL (equivalent to NULL)
will be restored.
 1.168.2.1  29-Jan-2021  martin Pull up following revision(s) (requested by lukem in ticket #1190):

usr.bin/ftp/progressbar.c: revision 1.24
usr.bin/ftp/ssl.c: revision 1.9
usr.bin/ftp/progressbar.h: revision 1.9
usr.bin/ftp/ftp.c: revision 1.171
usr.bin/ftp/version.h: revision 1.92

ftp: don't use restartable signals

Refactor to not rely upon restartable signals (SA_RESTART),
possibly fixing intermittent failures with -q QUITTIME.
ftp transfers: handle EINTR/EAGAIN in copy_bytes(),
instead of relying upon restartable signals.

http/https transfers: Explicitly print an error similar to
progressmeter() when timing-out for -Q QUITTIME in fetch_wait(),
and set errno to ETIMEDOUT so that the warn() in fetch_url()
prints a more accurate error message.

PR/55857
 1.171.4.1  06-Jun-2021  cjep sync with head
 1.174.2.3  02-Dec-2024  martin Pull up following revision(s) (requested by lukem in ticket #1021):

usr.bin/ftp/ftp.c: revision 1.178
usr.bin/ftp/version.h: revision 1.99
usr.bin/ftp/ruserpass.c: revision 1.35
usr.bin/ftp/main.c: revision 1.134
usr.bin/ftp/main.c: revision 1.135
usr.bin/ftp/progressbar.c: revision 1.27
usr.bin/ftp/util.c: revision 1.165
usr.bin/ftp/cmds.c: revision 1.144
usr.bin/ftp/extern.h: revision 1.84
usr.bin/ftp/fetch.c: revision 1.242
usr.bin/ftp/ftp.1: revision 1.160

s/bninary/binary/ in comment.

extract duplicate code into a function.

Check bounds when copying to destination.

Remove const where the const string ended up being overwritten.

use unsigned when doing shifts.

remove const when string gets overwritten.

ftp: exit non-zero if short http transfer when filesize is known
If a http file size is known and the fetch finishes with less bytes
transferred, exit non-zero.
Bump version to 20241129.
PR bin/54713
PR bin/58281

ftp: help improvements
Document -? as a separate mode.
Document -H HEADER in the usage.
Clarify units for -b and -x.
Consistent argument names between ftp -? and ftp(1).

ftp: order getopt Upper before lower
Consistently order options in getopt and the switch
with the upper case option before the lower case option.
This makes it easier to cross-reference with -? and ftp(1).
No functional change.
 1.174.2.2  13-Oct-2024  martin Pull up following revision(s) (requested by riastradh in ticket #970):

tests/usr.bin/Makefile: revision 1.42
usr.bin/ftp/ruserpass.c: revision 1.34
usr.bin/ftp/main.c: revision 1.130
usr.bin/ftp/ssl.c: revision 1.17
usr.bin/ftp/main.c: revision 1.131
usr.bin/ftp/ssl.c: revision 1.18
usr.bin/ftp/main.c: revision 1.132
usr.bin/ftp/ssl.c: revision 1.19
usr.bin/ftp/main.c: revision 1.133
distrib/sets/lists/tests/mi: revision 1.1342
usr.bin/ftp/ftp.1: revision 1.151
usr.bin/ftp/ftp.1: revision 1.152
usr.bin/ftp/progressbar.c: revision 1.25
usr.bin/ftp/ftp.1: revision 1.153
usr.bin/ftp/progressbar.c: revision 1.26
usr.bin/ftp/ftp.1: revision 1.155
usr.bin/ftp/ftp.1: revision 1.156
usr.bin/ftp/fetch.c: revision 1.239
usr.bin/ftp/ftp.1: revision 1.157
usr.bin/ftp/ftp.1: revision 1.158
usr.bin/ftp/ftp.1: revision 1.159
usr.bin/ftp/ftp_var.h: revision 1.87
etc/mtree/NetBSD.dist.tests: revision 1.208
usr.bin/ftp/ftp_var.h: revision 1.88
usr.bin/ftp/ftp_var.h: revision 1.89
usr.bin/ftp/cmds.c: revision 1.142
usr.bin/ftp/util.c: revision 1.168
usr.bin/ftp/cmds.c: revision 1.143
tests/usr.bin/ftp/custom_headers.sh: revision 1.1
usr.bin/ftp/ssl.c: revision 1.20
usr.bin/ftp/complete.c: revision 1.48
tests/usr.bin/ftp/Makefile: revision 1.1
tests/usr.bin/ftp/t_custom_headers.sh: revision 1.1
usr.bin/ftp/fetch.c: revision 1.240
usr.bin/ftp/fetch.c: revision 1.241
usr.bin/ftp/ftp.c: revision 1.176
usr.bin/ftp/ftp.c: revision 1.177
(all via patch)

ftp(1): wording and formatting improvements

Fix grammar issue with "Support values" reported in private mail.
Document all file transfer types in "type" and cross-reference that.
Consistency fixes in describing file transfer parameters and types.

Fix some mandoc -Tlint issues (except "useless macro: Tn").

Add -b <buflen> to specify the buffer size.

ftp: bump FTPBUFLEN from 4kB to 16kB
sourceforge.net returns a 5kB content-security-policy.
Analyzed by mlelstv@ who reports usual limits are between 4kB and 48kB.
default is now 16K

ftp: improve -b documentation

Order -b bufsize in the synopsis.

Document the actual default value.

ftp: improve units used in comments and errors
Use "KiB" instead of "K" in errors.
Clarify related comments.

pass some lint.

PR/58581: Sunil Nimmagadda: Add flag to allow specifying extra http header
fields.

ftp(1): Nix trailing whitespace in man page.
No functional change intended.

PR bin/58581: ftp(1) should allow specifying header fields in http requests
fix markup (h -> H), explain about multiple headers, fix usage (from RVP)

Don't forget the dot, use the intended macro name (I think),
and improve the wording a little. (All related to the -H option.)
ftp(1): Add test for custom HTTP header fields.

Based on a patch from Sunil Nimmagadda.

PR bin/58581: ftp(1) should allow specifying header fields in http
requests
 1.174.2.1  16-May-2023  martin Pull up following revision(s) (requested by lukem in ticket #171):

usr.bin/ftp/ssl.c: revision 1.15
usr.bin/ftp/util.c: revision 1.167
usr.bin/ftp/ftp.c: revision 1.175
usr.bin/ftp/version.h: revision 1.97

add timeout for ssl connect

Implement a timeout for SSL connection setup, using -q QUITTIME,
defaulting to 60 seconds.

SSL_connect(3) (unlike connect(2)) doesn't timeout by default.
Adapt ssl error messages destination: if unexpected error
from local API, use warn()/warnx() to stderr;
if expected error from a network operation (e.g., timeouts),
use fprintf to ttyout (which might be stdout).

Consistently use ftp_poll() instead of select();
ssl.c (using select()) was added 7 years after the
previous uses of select() were converted to poll().

Check EAGAIN as well as existing EINTR error from ftp_poll(),
for portability.
 1.176.2.1  02-Aug-2025  perseant Sync with HEAD

RSS XML Feed