/*	$NetBSD: fetch.c,v 1.158 2005/05/14 15:26:43 lukem Exp $	*/
 
/*-
 * Copyright (c) 1997-2004 The NetBSD Foundation, Inc.
 * All rights reserved.
 *
 * This code is derived from software contributed to The NetBSD Foundation
 * by Luke Mewburn.
 *
 * This code is derived from software contributed to The NetBSD Foundation
 * by Scott Aaron Bamford.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *	This product includes software developed by the NetBSD
 *	Foundation, Inc. and its contributors.
 * 4. Neither the name of The NetBSD Foundation nor the names of its
 *    contributors may be used to endorse or promote products derived
 *    from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */
 
#include <sys/cdefs.h>
 
/*
 * FTP User Program -- Command line file retrieval
 */
 
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/time.h>
 
#include <netinet/in.h>
 
#include <arpa/ftp.h>
#include <arpa/inet.h>
 
#include <ctype.h>
#include <err.h>
#include <errno.h>
#include <netdb.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <time.h>
#include <libutil.h>
 
#include "ftp_var.h"
#include "version.h"
 
typedef enum {
	UNKNOWN_URL_T=-1,
	HTTP_URL_T,
	FTP_URL_T,
	FILE_URL_T,
	CLASSIC_URL_T
} url_t;
 
void		aborthttp(int);
#ifndef NO_AUTH
static int	auth_url(const char *, char **, const char *, const char *);
static void	base64_encode(const unsigned char *, size_t, unsigned char *);
#endif
static int	go_fetch(const char *);
static int	fetch_ftp(const char *);
static int	fetch_url(const char *, const char *, char *, char *);
static const char *match_token(const char **, const char *);
static int	parse_url(const char *, const char *, url_t *, char **,
			    char **, char **, char **, in_port_t *, char **);
static void	url_decode(char *);
 
static int	redirect_loop;
 
 
#define	STRNEQUAL(a,b)	(strncasecmp((a), (b), sizeof((b))-1) == 0)
#define	ISLWS(x)	((x)=='\r' || (x)=='\n' || (x)==' ' || (x)=='\t')
#define	SKIPLWS(x)	do { while (ISLWS((*x))) x++; } while (0)
 
 
#define	ABOUT_URL	"about:"	/* propaganda */
#define	FILE_URL	"file://"	/* file URL prefix */
#define	FTP_URL		"ftp://"	/* ftp URL prefix */
#define	HTTP_URL	"http://"	/* http URL prefix */
 
 
/*
 * Determine if token is the next word in buf (case insensitive).
 * If so, advance buf past the token and any trailing LWS, and
 * return a pointer to the token (in buf).  Otherwise, return NULL.
 * token may be preceeded by LWS.
 * token must be followed by LWS or NUL.  (I.e, don't partial match).
 */
static const char *
match_token(const char **buf, const char *token)
{
	const char	*p, *orig;
	size_t		tlen;
 
	tlen = strlen(token);
	p = *buf;
	SKIPLWS(p);
	orig = p;
	if (strncasecmp(p, token, tlen) != 0)
		return NULL;
	p += tlen;
	if (*p != '\0' && !ISLWS(*p))
		return NULL;
	SKIPLWS(p);
	orig = *buf;
	*buf = p;
	return orig;
}
 
#ifndef NO_AUTH
/*
 * Generate authorization response based on given authentication challenge.
 * Returns -1 if an error occurred, otherwise 0.
 * Sets response to a malloc(3)ed string; caller should free.
 */
static int
auth_url(const char *challenge, char **response, const char *guser,
	const char *gpass)
{
	const char	*cp, *scheme;
	char		*ep, *clear, *realm;
	char		 user[BUFSIZ], *pass;
	int		 rval;
	size_t		 len, clen, rlen;
 
	*response = NULL;
	clear = realm = NULL;
	rval = -1;
	cp = challenge;
	scheme = "Basic";	/* only support Basic authentication */
 
	if (debug)
		fprintf(ttyout, "auth_url: challenge `%s'\n", challenge);
 
	if (! match_token(&cp, scheme)) {
		warnx("Unsupported authentication challenge - `%s'",
		    challenge);
		goto cleanup_auth_url;
	}
 
#define	REALM "realm=\""
	if (STRNEQUAL(cp, REALM))
		cp += sizeof(REALM) - 1;
	else {
		warnx("Unsupported authentication challenge - `%s'",
		    challenge);
		goto cleanup_auth_url;
	}
/* XXX: need to improve quoted-string parsing to support \ quoting, etc. */
	if ((ep = strchr(cp, '\"')) != NULL) {
		size_t len = ep - cp;
 
		realm = (char *)xmalloc(len + 1);
		(void)strlcpy(realm, cp, len + 1);
	} else {
		warnx("Unsupported authentication challenge - `%s'",
		    challenge);
		goto cleanup_auth_url;
	}
 
	fprintf(ttyout, "Username for `%s': ", realm);
	if (guser != NULL) {
		(void)strlcpy(user, guser, sizeof(user));
		fprintf(ttyout, "%s\n", user);
	} else {
		(void)fflush(ttyout);
		if (fgets(user, sizeof(user) - 1, stdin) == NULL) {
			clearerr(stdin);
			goto cleanup_auth_url;
		}
		user[strlen(user) - 1] = '\0';
	}
	if (gpass != NULL)
		pass = (char *)gpass;
	else
		pass = getpass("Password: ");
 
	clen = strlen(user) + strlen(pass) + 2;	/* user + ":" + pass + "\0" */
	clear = (char *)xmalloc(clen);
	(void)strlcpy(clear, user, clen);
	(void)strlcat(clear, ":", clen);
	(void)strlcat(clear, pass, clen);
	if (gpass == NULL)
		memset(pass, 0, strlen(pass));
 
						/* scheme + " " + enc + "\0" */
	rlen = strlen(scheme) + 1 + (clen + 2) * 4 / 3 + 1;
	*response = (char *)xmalloc(rlen);
	(void)strlcpy(*response, scheme, rlen);
	len = strlcat(*response, " ", rlen);
			/* use  `clen - 1'  to not encode the trailing NUL */
	base64_encode((unsigned char *)clear, clen - 1,
	    (unsigned char *)*response + len);
	memset(clear, 0, clen);
	rval = 0;
 
 cleanup_auth_url:
	FREEPTR(clear);
	FREEPTR(realm);
	return (rval);
}
 
/*
 * Encode len bytes starting at clear using base64 encoding into encoded,
 * which should be at least ((len + 2) * 4 / 3 + 1) in size.
 */
static void
base64_encode(const unsigned char *clear, size_t len, unsigned char *encoded)
{
	static const unsigned char enc[] =
	    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
	unsigned char	*cp;
	int	 i;
 
	cp = encoded;
	for (i = 0; i < len; i += 3) {
		*(cp++) = enc[((clear[i + 0] >> 2))];
		*(cp++) = enc[((clear[i + 0] << 4) & 0x30)
			    | ((clear[i + 1] >> 4) & 0x0f)];
		*(cp++) = enc[((clear[i + 1] << 2) & 0x3c)
			    | ((clear[i + 2] >> 6) & 0x03)];
		*(cp++) = enc[((clear[i + 2]     ) & 0x3f)];
	}
	*cp = '\0';
	while (i-- > len)
		*(--cp) = '=';
}
#endif
 
/*
 * Decode %xx escapes in given string, `in-place'.
 */
static void
url_decode(char *url)
{
	unsigned char *p, *q;
 
	if (EMPTYSTRING(url))
		return;
	p = q = (unsigned char *)url;
 
#define	HEXTOINT(x) (x - (isdigit(x) ? '0' : (islower(x) ? 'a' : 'A') - 10))
	while (*p) {
		if (p[0] == '%'
		    && p[1] && isxdigit((unsigned char)p[1])
		    && p[2] && isxdigit((unsigned char)p[2])) {
			*q++ = HEXTOINT(p[1]) * 16 + HEXTOINT(p[2]);
			p+=3;
		} else
			*q++ = *p++;
	}
	*q = '\0';
}
 
 
/*
 * Parse URL of form:
 *	<type>://[<user>[:<password>]@]<host>[:<port>][/<path>]
 * Returns -1 if a parse error occurred, otherwise 0.
 * It's the caller's responsibility to url_decode() the returned
 * user, pass and path.
 *
 * Sets type to url_t, each of the given char ** pointers to a
 * malloc(3)ed strings of the relevant section, and port to
 * the number given, or ftpport if ftp://, or httpport if http://.
 *
 * If <host> is surrounded by `[' and ']', it's parsed as an
 * IPv6 address (as per RFC 2732).
 *
 * XXX: this is not totally RFC 1738 compliant; <path> will have the
 * leading `/' unless it's an ftp:// URL, as this makes things easier
 * for file:// and http:// URLs. ftp:// URLs have the `/' between the
 * host and the URL-path removed, but any additional leading slashes
 * in the URL-path are retained (because they imply that we should
 * later do "CWD" with a null argument).
 *
 * Examples:
 *	 input URL			 output path
 *	 ---------			 -----------
 *	"ftp://host"			NULL
 *	"http://host/"			NULL
 *	"file://host/dir/file"		"dir/file"
 *	"ftp://host/"			""
 *	"ftp://host//"			NULL
 *	"ftp://host//dir/file"		"/dir/file"
 */
static int
parse_url(const char *url, const char *desc, url_t *type,
		char **user, char **pass, char **host, char **port,
		in_port_t *portnum, char **path)
{
	const char	*origurl;
	char		*cp, *ep, *thost, *tport;
	size_t		 len;
 
	if (url == NULL || desc == NULL || type == NULL || user == NULL
	    || pass == NULL || host == NULL || port == NULL || portnum == NULL
	    || path == NULL)
		errx(1, "parse_url: invoked with NULL argument!");
 
	origurl = url;
	*type = UNKNOWN_URL_T;
	*user = *pass = *host = *port = *path = NULL;
	*portnum = 0;
	tport = NULL;
 
	if (STRNEQUAL(url, HTTP_URL)) {
		url += sizeof(HTTP_URL) - 1;
		*type = HTTP_URL_T;
		*portnum = HTTP_PORT;
		tport = httpport;
	} else if (STRNEQUAL(url, FTP_URL)) {
		url += sizeof(FTP_URL) - 1;
		*type = FTP_URL_T;
		*portnum = FTP_PORT;
		tport = ftpport;
	} else if (STRNEQUAL(url, FILE_URL)) {
		url += sizeof(FILE_URL) - 1;
		*type = FILE_URL_T;
	} else {
		warnx("Invalid %s `%s'", desc, url);
 cleanup_parse_url:
		FREEPTR(*user);
		FREEPTR(*pass);
		FREEPTR(*host);
		FREEPTR(*port);
		FREEPTR(*path);
		return (-1);
	}
 
	if (*url == '\0')
		return (0);
 
			/* find [user[:pass]@]host[:port] */
	ep = strchr(url, '/');
	if (ep == NULL)
		thost = xstrdup(url);
	else {
		len = ep - url;
		thost = (char *)xmalloc(len + 1);
		(void)strlcpy(thost, url, len + 1);
		if (*type == FTP_URL_T)	/* skip first / for ftp URLs */
			ep++;
		*path = xstrdup(ep);
	}
 
	cp = strchr(thost, '@');	/* look for user[:pass]@ in URLs */
	if (cp != NULL) {
		if (*type == FTP_URL_T)
			anonftp = 0;	/* disable anonftp */
		*user = thost;
		*cp = '\0';
		thost = xstrdup(cp + 1);
		cp = strchr(*user, ':');
		if (cp != NULL) {
			*cp = '\0';
			*pass = xstrdup(cp + 1);
		}
		url_decode(*user);
		if (*pass)
			url_decode(*pass);
	}
 
#ifdef INET6
			/*
			 * Check if thost is an encoded IPv6 address, as per
			 * RFC 2732:
			 *	`[' ipv6-address ']'
			 */
	if (*thost == '[') {
		cp = thost + 1;
		if ((ep = strchr(cp, ']')) == NULL ||
		    (ep[1] != '\0' && ep[1] != ':')) {
			warnx("Invalid address `%s' in %s `%s'",
			    thost, desc, origurl);
			goto cleanup_parse_url;
		}
		len = ep - cp;		/* change `[xyz]' -> `xyz' */
		memmove(thost, thost + 1, len);
		thost[len] = '\0';
		if (! isipv6addr(thost)) {
			warnx("Invalid IPv6 address `%s' in %s `%s'",
			    thost, desc, origurl);
			goto cleanup_parse_url;
		}
		cp = ep + 1;
		if (*cp == ':')
			cp++;
		else
			cp = NULL;
	} else
#endif /* INET6 */
	    if ((cp = strchr(thost, ':')) != NULL)
		*cp++ =  '\0';
	*host = thost;
 
			/* look for [:port] */
	if (cp != NULL) {
		long	nport;
 
		nport = parseport(cp, -1);
		if (nport == -1) {
			warnx("Unknown port `%s' in %s `%s'",
			    cp, desc, origurl);
			goto cleanup_parse_url;
		}
		*portnum = nport;
		tport = cp;
	}
 
	if (tport != NULL)
		*port = xstrdup(tport);
	if (*path == NULL)
		*path = xstrdup("/");
 
	if (debug)
		fprintf(ttyout,
		    "parse_url: user `%s' pass `%s' host %s port %s(%d) "
		    "path `%s'\n",
		    *user ? *user : "<null>", *pass ? *pass : "<null>",
		    *host ? *host : "<null>", *port ? *port : "<null>",
		    *portnum ? *portnum : -1, *path ? *path : "<null>");
 
	return (0);
}
 
sigjmp_buf	httpabort;
 
/*
 * Retrieve URL, via a proxy if necessary, using HTTP.
 * If proxyenv is set, use that for the proxy, otherwise try ftp_proxy or
 * http_proxy as appropriate.
 * Supports HTTP redirects.
 * Returns 1 on failure, 0 on completed xfer, -1 if ftp connection
 * is still open (e.g, ftp xfer with trailing /)
 */
static int
fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
{
	struct addrinfo		hints, *res, *res0 = NULL;
	int			error;
	char			hbuf[NI_MAXHOST];
	volatile sigfunc	oldintr, oldintp;
	volatile int		s;
	struct stat		sb;
	int			ischunked, isproxy, rval, hcode;
	size_t			len;
	static size_t		bufsize;
	static char		*xferbuf;
	const char		*cp, *token;
	char			*ep, *buf, *savefile;
	char			*auth, *location, *message;
	char			*user, *pass, *host, *port, *path, *decodedpath;
	char			*puser, *ppass, *useragent;
	off_t			hashbytes, rangestart, rangeend, entitylen;
	int			 (*closefunc)(FILE *);
	FILE			*fin, *fout;
	time_t			mtime;
	url_t			urltype;
	in_port_t		portnum;
 
	oldintr = oldintp = NULL;
	closefunc = NULL;
	fin = fout = NULL;
	s = -1;
	buf = savefile = NULL;
	auth = location = message = NULL;
	ischunked = isproxy = hcode = 0;
	rval = 1;
	user = pass = host = path = decodedpath = puser = ppass = NULL;
 
#ifdef __GNUC__			/* shut up gcc warnings */
	(void)&closefunc;
	(void)&fin;
	(void)&fout;
	(void)&buf;
	(void)&savefile;
	(void)&rval;
	(void)&isproxy;
	(void)&hcode;
	(void)&ischunked;
	(void)&message;
	(void)&location;
	(void)&auth;
	(void)&decodedpath;
#endif
 
	if (parse_url(url, "URL", &urltype, &user, &pass, &host, &port,
	    &portnum, &path) == -1)
		goto cleanup_fetch_url;
 
	if (urltype == FILE_URL_T && ! EMPTYSTRING(host)
	    && strcasecmp(host, "localhost") != 0) {
		warnx("No support for non local file URL `%s'", url);
		goto cleanup_fetch_url;
	}
 
	if (EMPTYSTRING(path)) {
		if (urltype == FTP_URL_T) {
			rval = fetch_ftp(url);
			goto cleanup_fetch_url;
		}
		if (urltype != HTTP_URL_T || outfile == NULL)  {
			warnx("Invalid URL (no file after host) `%s'", url);
			goto cleanup_fetch_url;
		}
	}
 
	decodedpath = xstrdup(path);
	url_decode(decodedpath);
 
	if (outfile)
		savefile = xstrdup(outfile);
	else {
		cp = strrchr(decodedpath, '/');		/* find savefile */
		if (cp != NULL)
			savefile = xstrdup(cp + 1);
		else
			savefile = xstrdup(decodedpath);
	}
	if (EMPTYSTRING(savefile)) {
		if (urltype == FTP_URL_T) {
			rval = fetch_ftp(url);
			goto cleanup_fetch_url;
		}
		warnx("no file after directory (you must specify an "
		    "output file) `%s'", url);
		goto cleanup_fetch_url;
	} else {
		if (debug)
			fprintf(ttyout, "savefile `%s'\n", savefile);
	}
 
	restart_point = 0;
	filesize = -1;
	rangestart = rangeend = entitylen = -1;
	mtime = -1;
	if (restartautofetch) {
		if (strcmp(savefile, "-") != 0 && *savefile != '|' &&
		    stat(savefile, &sb) == 0)
			restart_point = sb.st_size;
	}
	if (urltype == FILE_URL_T) {		/* file:// URLs */
		direction = "copied";
		fin = fopen(decodedpath, "r");
		if (fin == NULL) {
			warn("Cannot open file `%s'", decodedpath);
			goto cleanup_fetch_url;
		}
		if (fstat(fileno(fin), &sb) == 0) {
			mtime = sb.st_mtime;
			filesize = sb.st_size;
		}
		if (restart_point) {
			if (lseek(fileno(fin), restart_point, SEEK_SET) < 0) {
				warn("Can't lseek to restart `%s'",
				    decodedpath);
				goto cleanup_fetch_url;
			}
		}
		if (verbose) {
			fprintf(ttyout, "Copying %s", decodedpath);
			if (restart_point)
				fprintf(ttyout, " (restarting at " LLF ")",
				    (LLT)restart_point);
			fputs("\n", ttyout);
		}
	} else {				/* ftp:// or http:// URLs */
		char *leading;
		int hasleading;
 
		if (proxyenv == NULL) {
			if (urltype == HTTP_URL_T)
				proxyenv = getoptionvalue("http_proxy");
			else if (urltype == FTP_URL_T)
				proxyenv = getoptionvalue("ftp_proxy");
		}
		direction = "retrieved";
		if (! EMPTYSTRING(proxyenv)) {			/* use proxy */
			url_t purltype;
			char *phost, *ppath;
			char *pport, *no_proxy;
 
			isproxy = 1;
 
				/* check URL against list of no_proxied sites */
			no_proxy = getoptionvalue("no_proxy");
			if (! EMPTYSTRING(no_proxy)) {
				char *np, *np_copy;
				long np_port;
				size_t hlen, plen;
 
				np_copy = xstrdup(no_proxy);
				hlen = strlen(host);
				while ((cp = strsep(&np_copy, " ,")) != NULL) {
					if (*cp == '\0')
						continue;
					if ((np = strrchr(cp, ':')) != NULL) {
						*np = '\0';
						np_port =
						    strtol(np + 1, &ep, 10);
						if (*ep != '\0')
							continue;
						if (np_port != portnum)
							continue;
					}
					plen = strlen(cp);
					if (hlen < plen)
						continue;
					if (strncasecmp(host + hlen - plen,
					    cp, plen) == 0) {
						isproxy = 0;
						break;
					}
				}
				FREEPTR(np_copy);
				if (isproxy == 0 && urltype == FTP_URL_T) {
					rval = fetch_ftp(url);
					goto cleanup_fetch_url;
				}
			}
 
			if (isproxy) {
				if (parse_url(proxyenv, "proxy URL", &purltype,
				    &puser, &ppass, &phost, &pport, &portnum,
				    &ppath) == -1)
					goto cleanup_fetch_url;
 
				if ((purltype != HTTP_URL_T
				     && purltype != FTP_URL_T) ||
				    EMPTYSTRING(phost) ||
				    (! EMPTYSTRING(ppath)
				     && strcmp(ppath, "/") != 0)) {
					warnx("Malformed proxy URL `%s'",
					    proxyenv);
					FREEPTR(phost);
					FREEPTR(pport);
					FREEPTR(ppath);
					goto cleanup_fetch_url;
				}
				if (isipv6addr(host) &&
				    strchr(host, '%') != NULL) {
					warnx(
"Scoped address notation `%s' disallowed via web proxy",
					    host);
					FREEPTR(phost);
					FREEPTR(pport);
					FREEPTR(ppath);
					goto cleanup_fetch_url;
				}
 
				FREEPTR(host);
				host = phost;
				FREEPTR(port);
				port = pport;
				FREEPTR(path);
				path = xstrdup(url);
				FREEPTR(ppath);
			}
		} /* ! EMPTYSTRING(proxyenv) */
 
		memset(&hints, 0, sizeof(hints));
		hints.ai_flags = 0;
		hints.ai_family = family;
		hints.ai_socktype = SOCK_STREAM;
		hints.ai_protocol = 0;
		error = getaddrinfo(host, NULL, &hints, &res0);
		if (error) {
			warnx("%s", gai_strerror(error));
			goto cleanup_fetch_url;
		}
		if (res0->ai_canonname)
			host = res0->ai_canonname;
 
		s = -1;
		for (res = res0; res; res = res->ai_next) {
			/*
			 * see comment in hookup()
			 */
			ai_unmapped(res);
			if (getnameinfo(res->ai_addr, res->ai_addrlen,
			    hbuf, sizeof(hbuf), NULL, 0, NI_NUMERICHOST) != 0)
				strlcpy(hbuf, "invalid", sizeof(hbuf));
 
			if (verbose && res != res0)
				fprintf(ttyout, "Trying %s...\n", hbuf);
 
			((struct sockaddr_in *)res->ai_addr)->sin_port =
			    htons(portnum);
			s = socket(res->ai_family, SOCK_STREAM,
			    res->ai_protocol);
			if (s < 0) {
				warn("Can't create socket");
				continue;
			}
 
			if (xconnect(s, res->ai_addr, res->ai_addrlen) < 0) {
				warn("Connect to address `%s'", hbuf);
				close(s);
				s = -1;
				continue;
			}
 
			/* success */
			break;
		}
 
		if (s < 0) {
			warn("Can't connect to %s", host);
			goto cleanup_fetch_url;
		}
 
		fin = fdopen(s, "r+");
		/*
		 * Construct and send the request.
		 */
		if (verbose)
			fprintf(ttyout, "Requesting %s\n", url);
		leading = "  (";
		hasleading = 0;
		if (isproxy) {
			if (verbose) {
				fprintf(ttyout, "%svia %s:%s", leading,
				    host, port);
				leading = ", ";
				hasleading++;
			}
			fprintf(fin, "GET %s HTTP/1.0\r\n", path);
			if (flushcache)
				fprintf(fin, "Pragma: no-cache\r\n");
		} else {
			fprintf(fin, "GET %s HTTP/1.1\r\n", path);
			if (strchr(host, ':')) {
				char *h, *p;
 
				/*
				 * strip off IPv6 scope identifier, since it is
				 * local to the node
				 */
				h = xstrdup(host);
				if (isipv6addr(h) &&
				    (p = strchr(h, '%')) != NULL) {
					*p = '\0';
				}
				fprintf(fin, "Host: [%s]", h);
				free(h);
			} else
				fprintf(fin, "Host: %s", host);
			if (portnum != HTTP_PORT)
				fprintf(fin, ":%u", portnum);
			fprintf(fin, "\r\n");
			fprintf(fin, "Accept: */*\r\n");
			fprintf(fin, "Connection: close\r\n");
			if (restart_point) {
				fputs(leading, ttyout);
				fprintf(fin, "Range: bytes=" LLF "-\r\n",
				    (LLT)restart_point);
				fprintf(ttyout, "restarting at " LLF,
				    (LLT)restart_point);
				leading = ", ";
				hasleading++;
			}
			if (flushcache)
				fprintf(fin, "Cache-Control: no-cache\r\n");
		}
		if ((useragent=getenv("FTPUSERAGENT")) != NULL) {
			fprintf(fin, "User-Agent: %s\r\n", useragent);
		} else {
			fprintf(fin, "User-Agent: %s/%s\r\n",
			    FTP_PRODUCT, FTP_VERSION);
		}
		if (wwwauth) {
			if (verbose) {
				fprintf(ttyout, "%swith authorization",
				    leading);
				leading = ", ";
				hasleading++;
			}
			fprintf(fin, "Authorization: %s\r\n", wwwauth);
		}
		if (proxyauth) {
			if (verbose) {
				fprintf(ttyout,
				    "%swith proxy authorization", leading);
				leading = ", ";
				hasleading++;
			}
			fprintf(fin, "Proxy-Authorization: %s\r\n", proxyauth);
		}
		if (verbose && hasleading)
			fputs(")\n", ttyout);
		fprintf(fin, "\r\n");
		if (fflush(fin) == EOF) {
			warn("Writing HTTP request");
			goto cleanup_fetch_url;
		}
 
				/* Read the response */
		if ((buf = fparseln(fin, &len, NULL, "\0\0\0", 0)) == NULL) {
			warn("Receiving HTTP reply");
			goto cleanup_fetch_url;
		}
		while (len > 0 && (ISLWS(buf[len-1])))
			buf[--len] = '\0';
		if (debug)
			fprintf(ttyout, "received `%s'\n", buf);
 
				/* Determine HTTP response code */
		cp = strchr(buf, ' ');
		if (cp == NULL)
			goto improper;
		else
			cp++;
		hcode = strtol(cp, &ep, 10);
		if (*ep != '\0' && !isspace((unsigned char)*ep))
			goto improper;
		message = xstrdup(cp);
 
				/* Read the rest of the header. */
		while (1) {
			FREEPTR(buf);
			if ((buf = fparseln(fin, &len, NULL, "\0\0\0", 0))
			    == NULL) {
				warn("Receiving HTTP reply");
				goto cleanup_fetch_url;
			}
			while (len > 0 && (ISLWS(buf[len-1])))
				buf[--len] = '\0';
			if (len == 0)
				break;
			if (debug)
				fprintf(ttyout, "received `%s'\n", buf);
 
		/*
		 * Look for some headers
		 */
 
			cp = buf;
 
			if (match_token(&cp, "Content-Length:")) {
				filesize = STRTOLL(cp, &ep, 10);
				if (filesize < 0 || *ep != '\0')
					goto improper;
				if (debug)
					fprintf(ttyout,
					    "parsed len as: " LLF "\n",
					    (LLT)filesize);
 
			} else if (match_token(&cp, "Content-Range:")) {
				if (! match_token(&cp, "bytes"))
					goto improper;
 
				if (*cp == '*')
					cp++;
				else {
					rangestart = STRTOLL(cp, &ep, 10);
					if (rangestart < 0 || *ep != '-')
						goto improper;
					cp = ep + 1;
					rangeend = STRTOLL(cp, &ep, 10);
					if (rangeend < 0 || rangeend < rangestart)
						goto improper;
					cp = ep;
				}
				if (*cp != '/')
					goto improper;
				cp++;
				if (*cp == '*')
					cp++;
				else {
					entitylen = STRTOLL(cp, &ep, 10);
					if (entitylen < 0)
						goto improper;
					cp = ep;
				}
				if (*cp != '\0')
					goto improper;
 
				if (debug) {
					fprintf(ttyout, "parsed range as: ");
					if (rangestart == -1)
						fprintf(ttyout, "*");
					else
						fprintf(ttyout, LLF "-" LLF,
						    (LLT)rangestart,
						    (LLT)rangeend);
					fprintf(ttyout, "/" LLF "\n", (LLT)entitylen);
				}
				if (! restart_point) {
					warnx(
				    "Received unexpected Content-Range header");
					goto cleanup_fetch_url;
				}
 
			} else if (match_token(&cp, "Last-Modified:")) {
				struct tm parsed;
				char *t;
 
							/* RFC 1123 */
				if ((t = strptime(cp,
						"%a, %d %b %Y %H:%M:%S GMT",
						&parsed))
							/* RFC 850 */
				    || (t = strptime(cp,
						"%a, %d-%b-%y %H:%M:%S GMT",
						&parsed))
							/* asctime */
				    || (t = strptime(cp,
						"%a, %b %d %H:%M:%S %Y",
						&parsed))) {
					parsed.tm_isdst = -1;
					if (*t == '\0')
						mtime = timegm(&parsed);
					if (debug && mtime != -1) {
						fprintf(ttyout,
						    "parsed date as: %s",
						    ctime(&mtime));
					}
				}
 
			} else if (match_token(&cp, "Location:")) {
				location = xstrdup(cp);
				if (debug)
					fprintf(ttyout,
					    "parsed location as `%s'\n", cp);
 
			} else if (match_token(&cp, "Transfer-Encoding:")) {
				if (match_token(&cp, "binary")) {
					warnx(
			"Bogus transfer encoding - `binary' (fetching anyway)");
					continue;
				}
				if (! (token = match_token(&cp, "chunked"))) {
					warnx(
				    "Unsupported transfer encoding - `%s'",
					    token);
					goto cleanup_fetch_url;
				}
				ischunked++;
				if (debug)
					fprintf(ttyout,
					    "using chunked encoding\n");
 
			} else if (match_token(&cp, "Proxy-Authenticate:")
				|| match_token(&cp, "WWW-Authenticate:")) {
				if (! (token = match_token(&cp, "Basic"))) {
					if (debug)
						fprintf(ttyout,
				"skipping unknown auth scheme `%s'\n",
						    token);
					continue;
				}
				FREEPTR(auth);
				auth = xstrdup(token);
				if (debug)
					fprintf(ttyout,
					    "parsed auth as `%s'\n", cp);
			}
 
		}
				/* finished parsing header */
		FREEPTR(buf);
 
		switch (hcode) {
		case 200:
			break;
		case 206:
			if (! restart_point) {
				warnx("Not expecting partial content header");
				goto cleanup_fetch_url;
			}
			break;
		case 300:
		case 301:
		case 302:
		case 303:
		case 305:
			if (EMPTYSTRING(location)) {
				warnx(
				"No redirection Location provided by server");
				goto cleanup_fetch_url;
			}
			if (redirect_loop++ > 5) {
				warnx("Too many redirections requested");
				goto cleanup_fetch_url;
			}
			if (hcode == 305) {
				if (verbose)
					fprintf(ttyout, "Redirected via %s\n",
					    location);
				rval = fetch_url(url, location,
				    proxyauth, wwwauth);
			} else {
				if (verbose)
					fprintf(ttyout, "Redirected to %s\n",
					    location);
				rval = go_fetch(location);
			}
			goto cleanup_fetch_url;
#ifndef NO_AUTH
		case 401:
		case 407:
		    {
			char **authp;
			char *auser, *apass;
 
			if (hcode == 401) {
				authp = &wwwauth;
				auser = user;
				apass = pass;
			} else {
				authp = &proxyauth;
				auser = puser;
				apass = ppass;
			}
			if (verbose || *authp == NULL ||
			    auser == NULL || apass == NULL)
				fprintf(ttyout, "%s\n", message);
			if (EMPTYSTRING(auth)) {
				warnx(
			    "No authentication challenge provided by server");
				goto cleanup_fetch_url;
			}
			if (*authp != NULL) {
				char reply[10];
 
				fprintf(ttyout,
				    "Authorization failed. Retry (y/n)? ");
				if (fgets(reply, sizeof(reply), stdin)
				    == NULL) {
					clearerr(stdin);
					goto cleanup_fetch_url;
				}
				if (tolower((unsigned char)reply[0]) != 'y')
					goto cleanup_fetch_url;
				auser = NULL;
				apass = NULL;
			}
			if (auth_url(auth, authp, auser, apass) == 0) {
				rval = fetch_url(url, proxyenv,
				    proxyauth, wwwauth);
				memset(*authp, 0, strlen(*authp));
				FREEPTR(*authp);
			}
			goto cleanup_fetch_url;
		    }
#endif
		default:
			if (message)
				warnx("Error retrieving file - `%s'", message);
			else
				warnx("Unknown error retrieving file");
			goto cleanup_fetch_url;
		}
	}		/* end of ftp:// or http:// specific setup */
 
			/* Open the output file. */
	if (strcmp(savefile, "-") == 0) {
		fout = stdout;
	} else if (*savefile == '|') {
		oldintp = xsignal(SIGPIPE, SIG_IGN);
		fout = popen(savefile + 1, "w");
		if (fout == NULL) {
			warn("Can't run `%s'", savefile + 1);
			goto cleanup_fetch_url;
		}
		closefunc = pclose;
	} else {
		if ((rangeend != -1 && rangeend <= restart_point) ||
		    (rangestart == -1 && filesize != -1 && filesize <= restart_point)) {
			/* already done */
			if (verbose)
				fprintf(ttyout, "already done\n");
			rval = 0;
			goto cleanup_fetch_url;
		}
		if (restart_point && rangestart != -1) {
			if (entitylen != -1)
				filesize = entitylen;
			if (rangestart != restart_point) {
				warnx(
				    "Size of `%s' differs from save file `%s'",
				    url, savefile);
				goto cleanup_fetch_url;
			}
			fout = fopen(savefile, "a");
		} else
			fout = fopen(savefile, "w");
		if (fout == NULL) {
			warn("Can't open `%s'", savefile);
			goto cleanup_fetch_url;
		}
		closefunc = fclose;
	}
 
			/* Trap signals */
	if (sigsetjmp(httpabort, 1))
		goto cleanup_fetch_url;
	(void)xsignal(SIGQUIT, psummary);
	oldintr = xsignal(SIGINT, aborthttp);
 
	if (rcvbuf_size > bufsize) {
		if (xferbuf)
			(void)free(xferbuf);
		bufsize = rcvbuf_size;
		xferbuf = xmalloc(bufsize);
	}
 
	bytes = 0;
	hashbytes = mark;
	progressmeter(-1);
 
			/* Finally, suck down the file. */
	do {
		long chunksize;
 
		chunksize = 0;
					/* read chunksize */
		if (ischunked) {
			if (fgets(xferbuf, bufsize, fin) == NULL) {
				warnx("Unexpected EOF reading chunksize");
				goto cleanup_fetch_url;
			}
			chunksize = strtol(xferbuf, &ep, 16);
 
				/*
				 * XXX:	Work around bug in Apache 1.3.9 and
				 *	1.3.11, which incorrectly put trailing
				 *	space after the chunksize.
				 */
			while (*ep == ' ')
				ep++;
 
			if (strcmp(ep, "\r\n") != 0) {
				warnx("Unexpected data following chunksize");
				goto cleanup_fetch_url;
			}
			if (debug)
				fprintf(ttyout, "got chunksize of " LLF "\n",
				    (LLT)chunksize);
			if (chunksize == 0)
				break;
		}
					/* transfer file or chunk */
		while (1) {
			struct timeval then, now, td;
			off_t bufrem;
 
			if (rate_get)
				(void)gettimeofday(&then, NULL);
			bufrem = rate_get ? rate_get : bufsize;
			if (ischunked)
				bufrem = MIN(chunksize, bufrem);
			while (bufrem > 0) {
				len = fread(xferbuf, sizeof(char),
				    MIN(bufsize, bufrem), fin);
				if (len <= 0)
					goto chunkdone;
				bytes += len;
				bufrem -= len;
				if (fwrite(xferbuf, sizeof(char), len, fout)
				    != len) {
					warn("Writing `%s'", savefile);
					goto cleanup_fetch_url;
				}
				if (hash && !progress) {
					while (bytes >= hashbytes) {
						(void)putc('#', ttyout);
						hashbytes += mark;
					}
					(void)fflush(ttyout);
				}
				if (ischunked) {
					chunksize -= len;
					if (chunksize <= 0)
						break;
				}
			}
			if (rate_get) {
				while (1) {
					(void)gettimeofday(&now, NULL);
					timersub(&now, &then, &td);
					if (td.tv_sec > 0)
						break;
					usleep(1000000 - td.tv_usec);
				}
			}
			if (ischunked && chunksize <= 0)
				break;
		}
					/* read CRLF after chunk*/
 chunkdone:
		if (ischunked) {
			if (fgets(xferbuf, bufsize, fin) == NULL)
				break;
			if (strcmp(xferbuf, "\r\n") != 0) {
				warnx("Unexpected data following chunk");
				goto cleanup_fetch_url;
			}
		}
	} while (ischunked);
	if (hash && !progress && bytes > 0) {
		if (bytes < mark)
			(void)putc('#', ttyout);
		(void)putc('\n', ttyout);
	}
	if (ferror(fin)) {
		warn("Reading file");
		goto cleanup_fetch_url;
	}
	progressmeter(1);
	(void)fflush(fout);
	if (closefunc == fclose && mtime != -1) {
		struct timeval tval[2];
 
		(void)gettimeofday(&tval[0], NULL);
		tval[1].tv_sec = mtime;
		tval[1].tv_usec = 0;
		(*closefunc)(fout);
		fout = NULL;
 
		if (utimes(savefile, tval) == -1) {
			fprintf(ttyout,
			    "Can't change modification time to %s",
			    asctime(localtime(&mtime)));
		}
	}
	if (bytes > 0)
		ptransfer(0);
	bytes = 0;
 
	rval = 0;
	goto cleanup_fetch_url;
 
 improper:
	warnx("Improper response from `%s'", host);
 
 cleanup_fetch_url:
	if (oldintr)
		(void)xsignal(SIGINT, oldintr);
	if (oldintp)
		(void)xsignal(SIGPIPE, oldintp);
	if (fin != NULL)
		fclose(fin);
	else if (s != -1)
		close(s);
	if (closefunc != NULL && fout != NULL)
		(*closefunc)(fout);
	if (res0)
		freeaddrinfo(res0);
	FREEPTR(savefile);
	FREEPTR(user);
	FREEPTR(pass);
	FREEPTR(host);
	FREEPTR(port);
	FREEPTR(path);
	FREEPTR(decodedpath);
	FREEPTR(puser);
	FREEPTR(ppass);
	FREEPTR(buf);
	FREEPTR(auth);
	FREEPTR(location);
	FREEPTR(message);
	return (rval);
}
 
/*
 * Abort a HTTP retrieval
 */
void
aborthttp(int notused)
{
	char msgbuf[100];
	int len;
 
	sigint_raised = 1;
	alarmtimer(0);
	len = strlcpy(msgbuf, "\nHTTP fetch aborted.\n", sizeof(msgbuf));
	write(fileno(ttyout), msgbuf, len);
	siglongjmp(httpabort, 1);
}
 
/*
 * Retrieve ftp URL or classic ftp argument using FTP.
 * Returns 1 on failure, 0 on completed xfer, -1 if ftp connection
 * is still open (e.g, ftp xfer with trailing /)
 */
static int
fetch_ftp(const char *url)
{
	char		*cp, *xargv[5], rempath[MAXPATHLEN];
	char		*host, *path, *dir, *file, *user, *pass;
	char		*port;
	int		 dirhasglob, filehasglob, oautologin, rval, type, xargc;
	in_port_t	 portnum;
	url_t		 urltype;
 
	host = path = dir = file = user = pass = NULL;
	port = NULL;
	rval = 1;
	type = TYPE_I;
 
	if (STRNEQUAL(url, FTP_URL)) {
		if ((parse_url(url, "URL", &urltype, &user, &pass,
		    &host, &port, &portnum, &path) == -1) ||
		    (user != NULL && *user == '\0') ||
		    EMPTYSTRING(host)) {
			warnx("Invalid URL `%s'", url);
			goto cleanup_fetch_ftp;
		}
		/*
		 * Note: Don't url_decode(path) here.  We need to keep the
		 * distinction between "/" and "%2F" until later.
		 */
 
					/* check for trailing ';type=[aid]' */
		if (! EMPTYSTRING(path) && (cp = strrchr(path, ';')) != NULL) {
			if (strcasecmp(cp, ";type=a") == 0)
				type = TYPE_A;
			else if (strcasecmp(cp, ";type=i") == 0)
				type = TYPE_I;
			else if (strcasecmp(cp, ";type=d") == 0) {
				warnx(
			    "Directory listing via a URL is not supported");
				goto cleanup_fetch_ftp;
			} else {
				warnx("Invalid suffix `%s' in URL `%s'", cp,
				    url);
				goto cleanup_fetch_ftp;
			}
			*cp = 0;
		}
	} else {			/* classic style `[user@]host:[file]' */
		urltype = CLASSIC_URL_T;
		host = xstrdup(url);
		cp = strchr(host, '@');
		if (cp != NULL) {
			*cp = '\0';
			user = host;
			anonftp = 0;	/* disable anonftp */
			host = xstrdup(cp + 1);
		}
		cp = strchr(host, ':');
		if (cp != NULL) {
			*cp = '\0';
			path = xstrdup(cp + 1);
		}
	}
	if (EMPTYSTRING(host))
		goto cleanup_fetch_ftp;
 
			/* Extract the file and (if present) directory name. */
	dir = path;
	if (! EMPTYSTRING(dir)) {
		/*
		 * If we are dealing with classic `[user@]host:[path]' syntax,
		 * then a path of the form `/file' (resulting from input of the
		 * form `host:/file') means that we should do "CWD /" before
		 * retrieving the file.  So we set dir="/" and file="file".
		 *
		 * But if we are dealing with URLs like `ftp://host/path' then
		 * a path of the form `/file' (resulting from a URL of the form
		 * `ftp://host//file') means that we should do `CWD ' (with an
		 * empty argument) before retrieving the file.  So we set
		 * dir="" and file="file".
		 *
		 * If the path does not contain / at all, we set dir=NULL.
		 * (We get a path without any slashes if we are dealing with
		 * classic `[user@]host:[file]' or URL `ftp://host/file'.)
		 *
		 * In all other cases, we set dir to a string that does not
		 * include the final '/' that separates the dir part from the
		 * file part of the path.  (This will be the empty string if
		 * and only if we are dealing with a path of the form `/file'
		 * resulting from an URL of the form `ftp://host//file'.)
		 */
		cp = strrchr(dir, '/');
		if (cp == dir && urltype == CLASSIC_URL_T) {
			file = cp + 1;
			dir = "/";
		} else if (cp != NULL) {
			*cp++ = '\0';
			file = cp;
		} else {
			file = dir;
			dir = NULL;
		}
	} else
		dir = NULL;
	if (urltype == FTP_URL_T && file != NULL) {
		url_decode(file);
		/* but still don't url_decode(dir) */
	}
	if (debug)
		fprintf(ttyout,
		    "fetch_ftp: user `%s' pass `%s' host %s port %s "
		    "path `%s' dir `%s' file `%s'\n",
		    user ? user : "<null>", pass ? pass : "<null>",
		    host ? host : "<null>", port ? port : "<null>",
		    path ? path : "<null>",
		    dir ? dir : "<null>", file ? file : "<null>");
 
	dirhasglob = filehasglob = 0;
	if (doglob && urltype == CLASSIC_URL_T) {
		if (! EMPTYSTRING(dir) && strpbrk(dir, "*?[]{}") != NULL)
			dirhasglob = 1;
		if (! EMPTYSTRING(file) && strpbrk(file, "*?[]{}") != NULL)
			filehasglob = 1;
	}
 
			/* Set up the connection */
	if (connected)
		disconnect(0, NULL);
	xargv[0] = (char *)getprogname();	/* XXX discards const */
	xargv[1] = host;
	xargv[2] = NULL;
	xargc = 2;
	if (port) {
		xargv[2] = port;
		xargv[3] = NULL;
		xargc = 3;
	}
	oautologin = autologin;
		/* don't autologin in setpeer(), use ftp_login() below */
	autologin = 0;
	setpeer(xargc, xargv);
	autologin = oautologin;
	if ((connected == 0) ||
	    (connected == 1 && !ftp_login(host, user, pass))) {
		warnx("Can't connect or login to host `%s'", host);
		goto cleanup_fetch_ftp;
	}
 
	switch (type) {
	case TYPE_A:
		setascii(1, xargv);
		break;
	case TYPE_I:
		setbinary(1, xargv);
		break;
	default:
		errx(1, "fetch_ftp: unknown transfer type %d", type);
	}
 
		/*
		 * Change directories, if necessary.
		 *
		 * Note: don't use EMPTYSTRING(dir) below, because
		 * dir=="" means something different from dir==NULL.
		 */
	if (dir != NULL && !dirhasglob) {
		char *nextpart;
 
		/*
		 * If we are dealing with a classic `[user@]host:[path]'
		 * (urltype is CLASSIC_URL_T) then we have a raw directory
		 * name (not encoded in any way) and we can change
		 * directories in one step.
		 *
		 * If we are dealing with an `ftp://host/path' URL
		 * (urltype is FTP_URL_T), then RFC 1738 says we need to
		 * send a separate CWD command for each unescaped "/"
		 * in the path, and we have to interpret %hex escaping
		 * *after* we find the slashes.  It's possible to get
		 * empty components here, (from multiple adjacent
		 * slashes in the path) and RFC 1738 says that we should
		 * still do `CWD ' (with a null argument) in such cases.
		 *
		 * Many ftp servers don't support `CWD ', so if there's an
		 * error performing that command, bail out with a descriptive
		 * message.
		 *
		 * Examples:
		 *
		 * host:			dir="", urltype=CLASSIC_URL_T
		 *		logged in (to default directory)
		 * host:file			dir=NULL, urltype=CLASSIC_URL_T
		 *		"RETR file"
		 * host:dir/			dir="dir", urltype=CLASSIC_URL_T
		 *		"CWD dir", logged in
		 * ftp://host/			dir="", urltype=FTP_URL_T
		 *		logged in (to default directory)
		 * ftp://host/dir/		dir="dir", urltype=FTP_URL_T
		 *		"CWD dir", logged in
		 * ftp://host/file		dir=NULL, urltype=FTP_URL_T
		 *		"RETR file"
		 * ftp://host//file		dir="", urltype=FTP_URL_T
		 *		"CWD ", "RETR file"
		 * host:/file			dir="/", urltype=CLASSIC_URL_T
		 *		"CWD /", "RETR file"
		 * ftp://host///file		dir="/", urltype=FTP_URL_T
		 *		"CWD ", "CWD ", "RETR file"
		 * ftp://host/%2F/file		dir="%2F", urltype=FTP_URL_T
		 *		"CWD /", "RETR file"
		 * ftp://host/foo/file		dir="foo", urltype=FTP_URL_T
		 *		"CWD foo", "RETR file"
		 * ftp://host/foo/bar/file	dir="foo/bar"
		 *		"CWD foo", "CWD bar", "RETR file"
		 * ftp://host//foo/bar/file	dir="/foo/bar"
		 *		"CWD ", "CWD foo", "CWD bar", "RETR file"
		 * ftp://host/foo//bar/file	dir="foo//bar"
		 *		"CWD foo", "CWD ", "CWD bar", "RETR file"
		 * ftp://host/%2F/foo/bar/file	dir="%2F/foo/bar"
		 *		"CWD /", "CWD foo", "CWD bar", "RETR file"
		 * ftp://host/%2Ffoo/bar/file	dir="%2Ffoo/bar"
		 *		"CWD /foo", "CWD bar", "RETR file"
		 * ftp://host/%2Ffoo%2Fbar/file	dir="%2Ffoo%2Fbar"
		 *		"CWD /foo/bar", "RETR file"
		 * ftp://host/%2Ffoo%2Fbar%2Ffile	dir=NULL
		 *		"RETR /foo/bar/file"
		 *
		 * Note that we don't need `dir' after this point.
		 */
		do {
			if (urltype == FTP_URL_T) {
				nextpart = strchr(dir, '/');
				if (nextpart) {
					*nextpart = '\0';
					nextpart++;
				}
				url_decode(dir);
			} else
				nextpart = NULL;
			if (debug)
				fprintf(ttyout, "dir `%s', nextpart `%s'\n",
				    dir ? dir : "<null>",
				    nextpart ? nextpart : "<null>");
			if (urltype == FTP_URL_T || *dir != '\0') {
				xargv[0] = "cd";
				xargv[1] = dir;
				xargv[2] = NULL;
				dirchange = 0;
				cd(2, xargv);
				if (! dirchange) {
					if (*dir == '\0' && code == 500)
						fprintf(stderr,
"\n"
"ftp: The `CWD ' command (without a directory), which is required by\n"
"     RFC 1738 to support the empty directory in the URL pathname (`//'),\n"
"     conflicts with the server's conformance to RFC 959.\n"
"     Try the same URL without the `//' in the URL pathname.\n"
"\n");
					goto cleanup_fetch_ftp;
				}
			}
			dir = nextpart;
		} while (dir != NULL);
	}
 
	if (EMPTYSTRING(file)) {
		rval = -1;
		goto cleanup_fetch_ftp;
	}
 
	if (dirhasglob) {
		(void)strlcpy(rempath, dir,	sizeof(rempath));
		(void)strlcat(rempath, "/",	sizeof(rempath));
		(void)strlcat(rempath, file,	sizeof(rempath));
		file = rempath;
	}
 
			/* Fetch the file(s). */
	xargc = 2;
	xargv[0] = "get";
	xargv[1] = file;
	xargv[2] = NULL;
	if (dirhasglob || filehasglob) {
		int ointeractive;
 
		ointeractive = interactive;
		interactive = 0;
		if (restartautofetch)
			xargv[0] = "mreget";
		else
			xargv[0] = "mget";
		mget(xargc, xargv);
		interactive = ointeractive;
	} else {
		if (outfile == NULL) {
			cp = strrchr(file, '/');	/* find savefile */
			if (cp != NULL)
				outfile = cp + 1;
			else
				outfile = file;
		}
		xargv[2] = (char *)outfile;
		xargv[3] = NULL;
		xargc++;
		if (restartautofetch)
			reget(xargc, xargv);
		else
			get(xargc, xargv);
	}
 
	if ((code / 100) == COMPLETE)
		rval = 0;
 
 cleanup_fetch_ftp:
	FREEPTR(host);
	FREEPTR(path);
	FREEPTR(user);
	FREEPTR(pass);
	return (rval);
}
 
/*
 * Retrieve the given file to outfile.
 * Supports arguments of the form:
 *	"host:path", "ftp://host/path"	if $ftpproxy, call fetch_url() else
 *					call fetch_ftp()
 *	"http://host/path"		call fetch_url() to use HTTP
 *	"file:///path"			call fetch_url() to copy
 *	"about:..."			print a message
 *
 * Returns 1 on failure, 0 on completed xfer, -1 if ftp connection
 * is still open (e.g, ftp xfer with trailing /)
 */
static int
go_fetch(const char *url)
{
	char *proxy;
 
#ifndef NO_ABOUT
	/*
	 * Check for about:*
	 */
	if (STRNEQUAL(url, ABOUT_URL)) {
		url += sizeof(ABOUT_URL) -1;
		if (strcasecmp(url, "ftp") == 0 ||
		    strcasecmp(url, "tnftp") == 0) {
			fputs(
"This version of ftp has been enhanced by Luke Mewburn <lukem@NetBSD.org>\n"
"for the NetBSD project.  Execute `man ftp' for more details.\n", ttyout);
		} else if (strcasecmp(url, "lukem") == 0) {
			fputs(
"Luke Mewburn is the author of most of the enhancements in this ftp client.\n"
"Please email feedback to <lukem@NetBSD.org>.\n", ttyout);
		} else if (strcasecmp(url, "netbsd") == 0) {
			fputs(
"NetBSD is a freely available and redistributable UNIX-like operating system.\n"
"For more information, see http://www.NetBSD.org/\n", ttyout);
		} else if (strcasecmp(url, "version") == 0) {
			fprintf(ttyout, "Version: %s %s%s\n",
			    FTP_PRODUCT, FTP_VERSION,
#ifdef INET6
			    ""
#else
			    " (-IPv6)"
#endif
			);
		} else {
			fprintf(ttyout, "`%s' is an interesting topic.\n", url);
		}
		fputs("\n", ttyout);
		return (0);
	}
#endif
 
	/*
	 * Check for file:// and http:// URLs.
	 */
	if (STRNEQUAL(url, HTTP_URL) || STRNEQUAL(url, FILE_URL))
		return (fetch_url(url, NULL, NULL, NULL));
 
	/*
	 * Try FTP URL-style and host:file arguments next.
	 * If ftpproxy is set with an FTP URL, use fetch_url()
	 * Othewise, use fetch_ftp().
	 */
	proxy = getoptionvalue("ftp_proxy");
	if (!EMPTYSTRING(proxy) && STRNEQUAL(url, FTP_URL))
		return (fetch_url(url, NULL, NULL, NULL));
 
	return (fetch_ftp(url));
}
 
/*
 * Retrieve multiple files from the command line,
 * calling go_fetch() for each file.
 *
 * If an ftp path has a trailing "/", the path will be cd-ed into and
 * the connection remains open, and the function will return -1
 * (to indicate the connection is alive).
 * If an error occurs the return value will be the offset+1 in
 * argv[] of the file that caused a problem (i.e, argv[x]
 * returns x+1)
 * Otherwise, 0 is returned if all files retrieved successfully.
 */
int
auto_fetch(int argc, char *argv[])
{
	volatile int	argpos;
	int		rval;
 
	argpos = 0;
 
	if (sigsetjmp(toplevel, 1)) {
		if (connected)
			disconnect(0, NULL);
		if (rval > 0)
			rval = argpos + 1;
		return (rval);
	}
	(void)xsignal(SIGINT, intr);
	(void)xsignal(SIGPIPE, lostpeer);
 
	/*
	 * Loop through as long as there's files to fetch.
	 */
	for (rval = 0; (rval == 0) && (argpos < argc); argpos++) {
		if (strchr(argv[argpos], ':') == NULL)
			break;
		redirect_loop = 0;
		if (!anonftp)
			anonftp = 2;	/* Handle "automatic" transfers. */
		rval = go_fetch(argv[argpos]);
		if (outfile != NULL && strcmp(outfile, "-") != 0
		    && outfile[0] != '|')
			outfile = NULL;
		if (rval > 0)
			rval = argpos + 1;
	}
 
	if (connected && rval != -1)
		disconnect(0, NULL);
	return (rval);
}
 
 
int
auto_put(int argc, char **argv, const char *uploadserver)
{
	char	*uargv[4], *path, *pathsep;
	int	 uargc, rval, len;
 
	uargc = 0;
	uargv[uargc++] = "mput";
	uargv[uargc++] = argv[0];
	uargv[2] = uargv[3] = NULL;
	pathsep = NULL;
	rval = 1;
 
	if (debug)
		fprintf(ttyout, "auto_put: target `%s'\n", uploadserver);
 
	path = xstrdup(uploadserver);
	len = strlen(path);
	if (path[len - 1] != '/' && path[len - 1] != ':') {
			/*
			 * make sure we always pass a directory to auto_fetch
			 */
		if (argc > 1) {		/* more than one file to upload */
			int len;
 
			len = strlen(uploadserver) + 2;	/* path + "/" + "\0" */
			free(path);
			path = (char *)xmalloc(len);
			(void)strlcpy(path, uploadserver, len);
			(void)strlcat(path, "/", len);
		} else {		/* single file to upload */
			uargv[0] = "put";
			pathsep = strrchr(path, '/');
			if (pathsep == NULL) {
				pathsep = strrchr(path, ':');
				if (pathsep == NULL) {
					warnx("Invalid URL `%s'", path);
					goto cleanup_auto_put;
				}
				pathsep++;
				uargv[2] = xstrdup(pathsep);
				pathsep[0] = '/';
			} else
				uargv[2] = xstrdup(pathsep + 1);
			pathsep[1] = '\0';
			uargc++;
		}
	}
	if (debug)
		fprintf(ttyout, "auto_put: URL `%s' argv[2] `%s'\n",
		    path, uargv[2] ? uargv[2] : "<null>");
 
			/* connect and cwd */
	rval = auto_fetch(1, &path);
	free(path);
	if(rval >= 0)
		goto cleanup_auto_put;
 
			/* XXX : is this the best way? */
	if (uargc == 3) {
		uargv[1] = argv[0];
		put(uargc, uargv);
		goto cleanup_auto_put;
	}
 
	for(; argv[0] != NULL; argv++) {
		uargv[1] = argv[0];
		mput(uargc, uargv);
	}
	rval = 0;
 
 cleanup_auto_put:
	FREEPTR(uargv[2]);
	return (rval);
}

V1010 Unchecked tainted data is used in index: 'strlen(user)'.

V1010 Unchecked tainted data is used in the third argument: 'rlen'. Check lines: 216, 214.

V1010 Unchecked tainted data is used in index: 'reply[0]'.

V576 Incorrect format. Consider checking the second actual argument of the 'warnx' function. A null pointer is used.

V614 Uninitialized variable 'rval' used.

V1010 Unchecked tainted data is used in the third argument: 'clen'. Check lines: 207, 205.