2 * Copyright (C) 1996-2018 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 /* DEBUG: section 09 File Transfer Protocol (FTP) */
12 #include "acl/FilledChecklist.h"
13 #include "clients/forward.h"
14 #include "clients/FtpClient.h"
16 #include "comm/ConnOpener.h"
17 #include "comm/Read.h"
18 #include "comm/TcpAcceptor.h"
19 #include "CommCalls.h"
20 #include "compat/strtoll.h"
21 #include "errorpage.h"
25 #include "html_quote.h"
26 #include "HttpHdrContRange.h"
27 #include "HttpHeader.h"
28 #include "HttpHeaderRange.h"
29 #include "HttpReply.h"
34 #include "SquidConfig.h"
35 #include "SquidString.h"
36 #include "SquidTime.h"
37 #include "StatCounters.h"
44 #include "DelayPools.h"
45 #include "MemObject.h"
56 bool pasv_supported
; ///< PASV command is allowed
57 bool epsv_all_sent
; ///< EPSV ALL has been used. Must abort on failures.
59 bool pasv_failed
; // was FwdState::flags.ftp_pasv_failed
62 bool authenticated
; ///< authentication success
63 bool tried_auth_anonymous
; ///< auth has tried to use anonymous credentials already.
64 bool tried_auth_nopass
; ///< auth tried username with no password already.
70 bool http_header_sent
;
80 bool listformat_unknown
;
82 bool completed_forwarding
;
86 typedef void (StateMethod
)(Ftp::Gateway
*);
88 /// FTP Gateway: An FTP client that takes an HTTP request with an ftp:// URI,
89 /// converts it into one or more FTP commands, and then
90 /// converts one or more FTP responses into the final HTTP response.
91 class Gateway
: public Ftp::Client
93 CBDATA_CLASS(Gateway
);
99 char password
[MAX_URL
];
113 int64_t restart_offset
;
119 MemBuf listing
; ///< FTP directory listing in HTML format.
124 // these should all be private
125 virtual void start();
126 virtual Http::StatusCode
failedHttpStatus(err_type
&error
);
128 void appendSuccessHeader();
129 void hackShortcut(StateMethod
*nextState
);
133 MemBuf
*htmlifyListEntry(const char *line
);
134 void completedListing(void);
136 /// create a data channel acceptor and start listening.
137 void listenForDataChannel(const Comm::ConnectionPointer
&conn
);
139 int checkAuth(const HttpHeader
* req_hdr
);
141 void buildTitleUrl();
142 void writeReplyBody(const char *, size_t len
);
143 void printfReplyBody(const char *fmt
, ...);
144 virtual void completeForwarding();
145 void processHeadResponse();
146 void processReplyBody();
147 void setCurrentOffset(int64_t offset
) { currentOffset
= offset
; }
148 int64_t getCurrentOffset() const { return currentOffset
; }
150 virtual void dataChannelConnected(const CommConnectCbParams
&io
);
151 static PF ftpDataWrite
;
152 virtual void timeout(const CommTimeoutCbParams
&io
);
153 void ftpAcceptDataConnection(const CommAcceptCbParams
&io
);
155 static HttpReply
*ftpAuthRequired(HttpRequest
* request
, SBuf
&realm
);
157 void loginFailed(void);
159 virtual void haveParsedReplyHeaders();
161 virtual bool haveControlChannel(const char *caller_name
) const;
164 virtual void handleControlReply();
165 virtual void dataClosed(const CommCloseCbParams
&io
);
168 virtual bool mayReadVirginReplyBody() const;
169 // BodyConsumer for HTTP: consume request body.
170 virtual void handleRequestBodyProducerAborted();
172 void loginParser(const SBuf
&login
, bool escaped
);
177 typedef Ftp::StateMethod FTPSM
; // to avoid lots of non-changes
179 CBDATA_NAMESPACED_CLASS_INIT(Ftp
, Gateway
);
190 #define CTRL_BUFLEN 16*1024
191 static char cbuf
[CTRL_BUFLEN
];
194 * State machine functions
195 * send == state transition
196 * read == wait for response, and select next state transition
197 * other == Transition logic
199 static FTPSM ftpReadWelcome
;
200 static FTPSM ftpSendUser
;
201 static FTPSM ftpReadUser
;
202 static FTPSM ftpSendPass
;
203 static FTPSM ftpReadPass
;
204 static FTPSM ftpSendType
;
205 static FTPSM ftpReadType
;
206 static FTPSM ftpSendMdtm
;
207 static FTPSM ftpReadMdtm
;
208 static FTPSM ftpSendSize
;
209 static FTPSM ftpReadSize
;
211 static FTPSM ftpSendEPRT
;
213 static FTPSM ftpReadEPRT
;
214 static FTPSM ftpSendPORT
;
215 static FTPSM ftpReadPORT
;
216 static FTPSM ftpSendPassive
;
217 static FTPSM ftpReadEPSV
;
218 static FTPSM ftpReadPasv
;
219 static FTPSM ftpTraverseDirectory
;
220 static FTPSM ftpListDir
;
221 static FTPSM ftpGetFile
;
222 static FTPSM ftpSendCwd
;
223 static FTPSM ftpReadCwd
;
224 static FTPSM ftpRestOrList
;
225 static FTPSM ftpSendList
;
226 static FTPSM ftpSendNlst
;
227 static FTPSM ftpReadList
;
228 static FTPSM ftpSendRest
;
229 static FTPSM ftpReadRest
;
230 static FTPSM ftpSendRetr
;
231 static FTPSM ftpReadRetr
;
232 static FTPSM ftpReadTransferDone
;
233 static FTPSM ftpSendStor
;
234 static FTPSM ftpReadStor
;
235 static FTPSM ftpWriteTransferDone
;
236 static FTPSM ftpSendReply
;
237 static FTPSM ftpSendMkdir
;
238 static FTPSM ftpReadMkdir
;
239 static FTPSM ftpFail
;
240 static FTPSM ftpSendQuit
;
241 static FTPSM ftpReadQuit
;
243 /************************************************
244 ** Debugs Levels used here **
245 *************************************************
248 Protocol and Transmission failures.
249 2 FTP Protocol Chatter
254 ************************************************/
256 /************************************************
257 ** State Machine Description (excluding hacks) **
258 *************************************************
260 ---------------------------------------
264 Type TraverseDirectory / GetFile
265 TraverseDirectory Cwd / GetFile / ListDir
266 Cwd TraverseDirectory / Mkdir
272 FileOrList Rest / Retr / Nlst / List / Mkdir (PUT /xxx;type=d)
274 Retr / Nlst / List DataRead* (on datachannel)
275 DataRead* ReadTransferDone
276 ReadTransferDone DataTransferDone
277 Stor DataWrite* (on datachannel)
278 DataWrite* RequestPutBody** (from client)
279 RequestPutBody** DataWrite* / WriteTransferDone
280 WriteTransferDone DataTransferDone
281 DataTransferDone Quit
283 ************************************************/
285 FTPSM
*FTP_SM_FUNCS
[] = {
286 ftpReadWelcome
, /* BEGIN */
287 ftpReadUser
, /* SENT_USER */
288 ftpReadPass
, /* SENT_PASS */
289 ftpReadType
, /* SENT_TYPE */
290 ftpReadMdtm
, /* SENT_MDTM */
291 ftpReadSize
, /* SENT_SIZE */
292 ftpReadEPRT
, /* SENT_EPRT */
293 ftpReadPORT
, /* SENT_PORT */
294 ftpReadEPSV
, /* SENT_EPSV_ALL */
295 ftpReadEPSV
, /* SENT_EPSV_1 */
296 ftpReadEPSV
, /* SENT_EPSV_2 */
297 ftpReadPasv
, /* SENT_PASV */
298 ftpReadCwd
, /* SENT_CWD */
299 ftpReadList
, /* SENT_LIST */
300 ftpReadList
, /* SENT_NLST */
301 ftpReadRest
, /* SENT_REST */
302 ftpReadRetr
, /* SENT_RETR */
303 ftpReadStor
, /* SENT_STOR */
304 ftpReadQuit
, /* SENT_QUIT */
305 ftpReadTransferDone
, /* READING_DATA (RETR,LIST,NLST) */
306 ftpWriteTransferDone
, /* WRITING_DATA (STOR) */
307 ftpReadMkdir
, /* SENT_MKDIR */
308 NULL
, /* SENT_FEAT */
311 NULL
, /* SENT_DATA_REQUEST */
312 NULL
/* SENT_COMMAND */
315 /// handler called by Comm when FTP data channel is closed unexpectedly
317 Ftp::Gateway::dataClosed(const CommCloseCbParams
&io
)
319 Ftp::Client::dataClosed(io
);
320 failed(ERR_FTP_FAILURE
, 0);
321 /* failed closes ctrl.conn and frees ftpState */
323 /* NP: failure recovery may be possible when its only a data.conn failure.
324 * if the ctrl.conn is still fine, we can send ABOR down it and retry.
325 * Just need to watch out for wider Squid states like shutting down or reconfigure.
329 Ftp::Gateway::Gateway(FwdState
*fwdState
):
330 AsyncJob("FtpStateData"),
331 Ftp::Client(fwdState
),
348 debugs(9, 3, entry
->url());
352 memset(&flags
, 0, sizeof(flags
));
354 if (Config
.Ftp
.passive
&& !flags
.pasv_failed
)
355 flags
.pasv_supported
= 1;
357 flags
.rest_supported
= 1;
359 if (request
->method
== Http::METHOD_PUT
)
365 Ftp::Gateway::~Gateway()
367 debugs(9, 3, entry
->url());
369 if (Comm::IsConnOpen(ctrl
.conn
)) {
370 debugs(9, DBG_IMPORTANT
, "Internal bug: FTP Gateway left open " <<
371 "control channel " << ctrl
.conn
);
375 memFree(reply_hdr
, MEM_8K_BUF
);
380 wordlistDestroy(&pathcomps
);
391 * Parse a possible login username:password pair.
392 * Produces filled member variables user, password, password_url if anything found.
394 * \param login a decoded Basic authentication credential token or URI user-info token
395 * \param escaped whether to URL-decode the token after extracting user and password
398 Ftp::Gateway::loginParser(const SBuf
&login
, bool escaped
)
400 debugs(9, 4, "login=" << login
<< ", escaped=" << escaped
);
401 debugs(9, 9, "IN : login=" << login
<< ", escaped=" << escaped
<< ", user=" << user
<< ", password=" << password
);
406 const SBuf::size_type colonPos
= login
.find(':');
408 /* If there was a username part with at least one character use it.
409 * Ignore 0-length username portion, retain what we have already.
411 if (colonPos
== SBuf::npos
|| colonPos
> 0) {
412 const SBuf userName
= login
.substr(0, colonPos
);
413 SBuf::size_type upto
= userName
.copy(user
, sizeof(user
)-1);
415 debugs(9, 9, "found user=" << userName
<< ' ' <<
416 (upto
!= userName
.length() ? ", truncated-to=" : ", length=") << upto
<<
417 ", escaped=" << escaped
);
419 rfc1738_unescape(user
);
420 debugs(9, 9, "found user=" << user
<< " (" << strlen(user
) << ") unescaped.");
423 /* If there was a password part.
424 * For 0-length password clobber what we have already, this means explicitly none
426 if (colonPos
!= SBuf::npos
) {
427 const SBuf pass
= login
.substr(colonPos
+1, SBuf::npos
);
428 SBuf::size_type upto
= pass
.copy(password
, sizeof(password
)-1);
430 debugs(9, 9, "found password=" << pass
<< " " <<
431 (upto
!= pass
.length() ? ", truncated-to=" : ", length=") << upto
<<
432 ", escaped=" << escaped
);
434 rfc1738_unescape(password
);
437 debugs(9, 9, "found password=" << password
<< " (" << strlen(password
) << ") unescaped.");
440 debugs(9, 9, "OUT: login=" << login
<< ", escaped=" << escaped
<< ", user=" << user
<< ", password=" << password
);
444 Ftp::Gateway::listenForDataChannel(const Comm::ConnectionPointer
&conn
)
446 if (!Comm::IsConnOpen(ctrl
.conn
)) {
447 debugs(9, 5, "The control connection to the remote end is closed");
451 assert(!Comm::IsConnOpen(data
.conn
));
453 typedef CommCbMemFunT
<Gateway
, CommAcceptCbParams
> AcceptDialer
;
454 typedef AsyncCallT
<AcceptDialer
> AcceptCall
;
455 RefCount
<AcceptCall
> call
= static_cast<AcceptCall
*>(JobCallback(11, 5, AcceptDialer
, this, Ftp::Gateway::ftpAcceptDataConnection
));
456 Subscription::Pointer sub
= new CallSubscription
<AcceptCall
>(call
);
457 const char *note
= entry
->url();
459 /* open the conn if its not already open */
460 if (!Comm::IsConnOpen(conn
)) {
461 conn
->fd
= comm_open_listener(SOCK_STREAM
, IPPROTO_TCP
, conn
->local
, conn
->flags
, note
);
462 if (!Comm::IsConnOpen(conn
)) {
463 debugs(5, DBG_CRITICAL
, HERE
<< "comm_open_listener failed:" << conn
->local
<< " error: " << errno
);
466 debugs(9, 3, HERE
<< "Unconnected data socket created on " << conn
);
469 conn
->tos
= ctrl
.conn
->tos
;
470 conn
->nfmark
= ctrl
.conn
->nfmark
;
472 assert(Comm::IsConnOpen(conn
));
473 AsyncJob::Start(new Comm::TcpAcceptor(conn
, note
, sub
));
475 // Ensure we have a copy of the FD opened for listening and a close handler on it.
476 data
.opened(conn
, dataCloser());
477 switchTimeoutToDataChannel();
481 Ftp::Gateway::timeout(const CommTimeoutCbParams
&io
)
483 if (SENT_PASV
== state
) {
484 /* stupid ftp.netscape.com, of FTP server behind stupid firewall rules */
485 flags
.pasv_supported
= false;
486 debugs(9, DBG_IMPORTANT
, "FTP Gateway timeout in SENT_PASV state");
488 // cancel the data connection setup.
489 if (data
.opener
!= NULL
) {
490 data
.opener
->cancel("timeout");
496 Ftp::Client::timeout(io
);
499 static const char *Month
[] = {
500 "Jan", "Feb", "Mar", "Apr", "May", "Jun",
501 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
505 is_month(const char *buf
)
509 for (i
= 0; i
< 12; ++i
)
510 if (!strcasecmp(buf
, Month
[i
]))
517 ftpListPartsFree(ftpListParts
** parts
)
519 safe_free((*parts
)->date
);
520 safe_free((*parts
)->name
);
521 safe_free((*parts
)->showname
);
522 safe_free((*parts
)->link
);
526 #define MAX_TOKENS 64
528 static ftpListParts
*
529 ftpListParseParts(const char *buf
, struct Ftp::GatewayFlags flags
)
531 ftpListParts
*p
= NULL
;
533 const char *ct
= NULL
;
534 char *tokens
[MAX_TOKENS
];
537 static char tbuf
[128];
539 static int scan_ftp_initialized
= 0;
540 static regex_t scan_ftp_integer
;
541 static regex_t scan_ftp_time
;
542 static regex_t scan_ftp_dostime
;
543 static regex_t scan_ftp_dosdate
;
545 if (!scan_ftp_initialized
) {
546 scan_ftp_initialized
= 1;
547 regcomp(&scan_ftp_integer
, "^[0123456789]+$", REG_EXTENDED
| REG_NOSUB
);
548 regcomp(&scan_ftp_time
, "^[0123456789:]+$", REG_EXTENDED
| REG_NOSUB
);
549 regcomp(&scan_ftp_dosdate
, "^[0123456789]+-[0123456789]+-[0123456789]+$", REG_EXTENDED
| REG_NOSUB
);
550 regcomp(&scan_ftp_dostime
, "^[0123456789]+:[0123456789]+[AP]M$", REG_EXTENDED
| REG_NOSUB
| REG_ICASE
);
559 p
= (ftpListParts
*)xcalloc(1, sizeof(ftpListParts
));
563 memset(tokens
, 0, sizeof(tokens
));
567 if (flags
.tried_nlst
) {
568 /* Machine readable format, one name per line */
574 for (t
= strtok(xbuf
, w_space
); t
&& n_tokens
< MAX_TOKENS
; t
= strtok(NULL
, w_space
)) {
575 tokens
[n_tokens
] = xstrdup(t
);
581 /* locate the Month field */
582 for (i
= 3; i
< n_tokens
- 2; ++i
) {
583 char *size
= tokens
[i
- 1];
584 char *month
= tokens
[i
];
585 char *day
= tokens
[i
+ 1];
586 char *year
= tokens
[i
+ 2];
588 if (!is_month(month
))
591 if (regexec(&scan_ftp_integer
, size
, 0, NULL
, 0) != 0)
594 if (regexec(&scan_ftp_integer
, day
, 0, NULL
, 0) != 0)
597 if (regexec(&scan_ftp_time
, year
, 0, NULL
, 0) != 0) /* Yr | hh:mm */
600 snprintf(tbuf
, 128, "%s %2s %5s",
603 if (!strstr(buf
, tbuf
))
604 snprintf(tbuf
, 128, "%s %2s %-5s",
607 char const *copyFrom
= NULL
;
609 if ((copyFrom
= strstr(buf
, tbuf
))) {
610 p
->type
= *tokens
[0];
611 p
->size
= strtoll(size
, NULL
, 10);
612 p
->date
= xstrdup(tbuf
);
614 if (flags
.skip_whitespace
) {
615 copyFrom
+= strlen(tbuf
);
617 while (strchr(w_space
, *copyFrom
))
620 /* Handle the following four formats:
625 * Assuming a single space between date and filename
626 * suggested by: Nathan.Bailey@cc.monash.edu.au and
627 * Mike Battersby <mike@starbug.bofh.asn.au> */
628 copyFrom
+= strlen(tbuf
);
629 if (strchr(w_space
, *copyFrom
))
633 p
->name
= xstrdup(copyFrom
);
635 if (p
->type
== 'l' && (t
= strstr(p
->name
, " -> "))) {
637 p
->link
= xstrdup(t
+ 4);
646 /* try it as a DOS listing, 04-05-70 09:33PM ... */
648 regexec(&scan_ftp_dosdate
, tokens
[0], 0, NULL
, 0) == 0 &&
649 regexec(&scan_ftp_dostime
, tokens
[1], 0, NULL
, 0) == 0) {
650 if (!strcasecmp(tokens
[2], "<dir>")) {
654 p
->size
= strtoll(tokens
[2], NULL
, 10);
657 snprintf(tbuf
, 128, "%s %s", tokens
[0], tokens
[1]);
658 p
->date
= xstrdup(tbuf
);
660 if (p
->type
== 'd') {
661 /* Directory.. name begins with first printable after <dir> */
662 ct
= strstr(buf
, tokens
[2]);
663 ct
+= strlen(tokens
[2]);
665 while (xisspace(*ct
))
671 /* A file. Name begins after size, with a space in between */
672 snprintf(tbuf
, 128, " %s %s", tokens
[2], tokens
[3]);
673 ct
= strstr(buf
, tbuf
);
676 ct
+= strlen(tokens
[2]) + 2;
680 p
->name
= xstrdup(ct
? ct
: tokens
[3]);
684 /* Try EPLF format; carson@lehman.com */
691 int l
= strcspn(ct
, ",");
700 p
->name
= xstrndup(ct
+ 1, l
+ 1);
704 p
->size
= atoi(ct
+ 1);
708 tm
= (time_t) strtol(ct
+ 1, &tmp
, 0);
711 break; /* not a valid integer */
713 p
->date
= xstrdup(ctime(&tm
));
715 *(strstr(p
->date
, "\n")) = '\0';
737 ct
= strstr(ct
, ",");
756 for (i
= 0; i
< n_tokens
; ++i
)
760 ftpListPartsFree(&p
); /* cleanup */
766 Ftp::Gateway::htmlifyListEntry(const char *line
)
769 char href
[2048 + 40];
772 char chdir
[ 2048 + 40];
773 char view
[ 2048 + 40];
774 char download
[ 2048 + 40];
775 char link
[ 2048 + 40];
779 *icon
= *href
= *text
= *size
= *chdir
= *view
= *download
= *link
= '\0';
781 debugs(9, 7, HERE
<< " line ={" << line
<< "}");
783 if (strlen(line
) > 1024) {
786 html
->appendf("<tr><td colspan=\"5\">%s</td></tr>\n", line
);
790 if (flags
.dir_slash
&& dirpath
&& typecode
!= 'D')
791 snprintf(prefix
, 2048, "%s/", rfc1738_escape_part(dirpath
));
795 if ((parts
= ftpListParseParts(line
, flags
)) == NULL
) {
800 html
->appendf("<tr class=\"entry\"><td colspan=\"5\">%s</td></tr>\n", line
);
802 for (p
= line
; *p
&& xisspace(*p
); ++p
);
803 if (*p
&& !xisspace(*p
))
804 flags
.listformat_unknown
= 1;
809 if (!strcmp(parts
->name
, ".") || !strcmp(parts
->name
, "..")) {
810 ftpListPartsFree(&parts
);
816 parts
->showname
= xstrdup(parts
->name
);
818 /* {icon} {text} . . . {date}{size}{chdir}{view}{download}{link}\n */
819 xstrncpy(href
, rfc1738_escape_part(parts
->name
), 2048);
821 xstrncpy(text
, parts
->showname
, 2048);
823 switch (parts
->type
) {
826 snprintf(icon
, 2048, "<img border=\"0\" src=\"%s\" alt=\"%-6s\">",
827 mimeGetIconURL("internal-dir"),
829 strcat(href
, "/"); /* margin is allocated above */
833 snprintf(icon
, 2048, "<img border=\"0\" src=\"%s\" alt=\"%-6s\">",
834 mimeGetIconURL("internal-link"),
836 /* sometimes there is an 'l' flag, but no "->" link */
839 char *link2
= xstrdup(html_quote(rfc1738_escape(parts
->link
)));
840 snprintf(link
, 2048, " -> <a href=\"%s%s\">%s</a>",
841 *link2
!= '/' ? prefix
: "", link2
,
842 html_quote(parts
->link
));
849 snprintf(icon
, 2048, "<img border=\"0\" src=\"%s\" alt=\"%-6s\">",
850 mimeGetIconURL(parts
->name
),
852 snprintf(chdir
, 2048, "<a href=\"%s/;type=d\"><img border=\"0\" src=\"%s\" "
853 "alt=\"[DIR]\"></a>",
854 rfc1738_escape_part(parts
->name
),
855 mimeGetIconURL("internal-dir"));
861 snprintf(icon
, 2048, "<img border=\"0\" src=\"%s\" alt=\"%-6s\">",
862 mimeGetIconURL(parts
->name
),
864 snprintf(size
, 2048, " %6" PRId64
"k", parts
->size
);
868 if (parts
->type
!= 'd') {
869 if (mimeGetViewOption(parts
->name
)) {
870 snprintf(view
, 2048, "<a href=\"%s%s;type=a\"><img border=\"0\" src=\"%s\" "
871 "alt=\"[VIEW]\"></a>",
872 prefix
, href
, mimeGetIconURL("internal-view"));
875 if (mimeGetDownloadOption(parts
->name
)) {
876 snprintf(download
, 2048, "<a href=\"%s%s;type=i\"><img border=\"0\" src=\"%s\" "
877 "alt=\"[DOWNLOAD]\"></a>",
878 prefix
, href
, mimeGetIconURL("internal-download"));
882 /* construct the table row from parts. */
885 html
->appendf("<tr class=\"entry\">"
886 "<td class=\"icon\"><a href=\"%s%s\">%s</a></td>"
887 "<td class=\"filename\"><a href=\"%s%s\">%s</a></td>"
888 "<td class=\"date\">%s</td>"
889 "<td class=\"size\">%s</td>"
890 "<td class=\"actions\">%s%s%s%s</td>"
893 prefix
, href
, html_quote(text
),
896 chdir
, view
, download
, link
);
898 ftpListPartsFree(&parts
);
903 Ftp::Gateway::parseListing()
905 char *buf
= data
.readBuf
->content();
906 char *sbuf
; /* NULL-terminated copy of termedBuf */
913 size_t len
= data
.readBuf
->contentSize();
916 debugs(9, 3, HERE
<< "no content to parse for " << entry
->url() );
921 * We need a NULL-terminated buffer for scanning, ick
923 sbuf
= (char *)xmalloc(len
+ 1);
924 xstrncpy(sbuf
, buf
, len
+ 1);
925 end
= sbuf
+ len
- 1;
927 while (*end
!= '\r' && *end
!= '\n' && end
> sbuf
)
932 debugs(9, 3, HERE
<< "usable = " << usable
<< " of " << len
<< " bytes.");
935 if (buf
[0] == '\0' && len
== 1) {
936 debugs(9, 3, HERE
<< "NIL ends data from " << entry
->url() << " transfer problem?");
937 data
.readBuf
->consume(len
);
939 debugs(9, 3, HERE
<< "didn't find end for " << entry
->url());
940 debugs(9, 3, HERE
<< "buffer remains (" << len
<< " bytes) '" << rfc1738_do_escape(buf
,0) << "'");
946 debugs(9, 3, HERE
<< (unsigned long int)len
<< " bytes to play with");
948 line
= (char *)memAllocate(MEM_4K_BUF
);
951 s
+= strspn(s
, crlf
);
953 for (; s
< end
; s
+= strcspn(s
, crlf
), s
+= strspn(s
, crlf
)) {
954 debugs(9, 7, HERE
<< "s = {" << s
<< "}");
955 linelen
= strcspn(s
, crlf
) + 1;
963 xstrncpy(line
, s
, linelen
);
965 debugs(9, 7, HERE
<< "{" << line
<< "}");
967 if (!strncmp(line
, "total", 5))
970 t
= htmlifyListEntry(line
);
973 debugs(9, 7, HERE
<< "listing append: t = {" << t
->contentSize() << ", '" << t
->content() << "'}");
974 listing
.append(t
->content(), t
->contentSize());
979 debugs(9, 7, HERE
<< "Done.");
980 data
.readBuf
->consume(usable
);
981 memFree(line
, MEM_4K_BUF
);
986 Ftp::Gateway::processReplyBody()
988 debugs(9, 3, status());
990 if (request
->method
== Http::METHOD_HEAD
&& (flags
.isdir
|| theSize
!= -1)) {
995 /* Directory listings are special. They write ther own headers via the error objects */
996 if (!flags
.http_header_sent
&& data
.readBuf
->contentSize() >= 0 && !flags
.isdir
)
997 appendSuccessHeader();
999 if (EBIT_TEST(entry
->flags
, ENTRY_ABORTED
)) {
1001 * probably was aborted because content length exceeds one
1002 * of the maximum size limits.
1004 abortAll("entry aborted after calling appendSuccessHeader()");
1010 if (adaptationAccessCheckPending
) {
1011 debugs(9, 3, "returning from Ftp::Gateway::processReplyBody due to adaptationAccessCheckPending");
1018 if (!flags
.listing
) {
1023 maybeReadVirginBody();
1025 } else if (const int csize
= data
.readBuf
->contentSize()) {
1026 writeReplyBody(data
.readBuf
->content(), csize
);
1027 debugs(9, 5, HERE
<< "consuming " << csize
<< " bytes of readBuf");
1028 data
.readBuf
->consume(csize
);
1033 maybeReadVirginBody();
1037 * Locates the FTP user:password login.
1039 * Highest to lowest priority:
1040 * - Checks URL (ftp://user:pass@domain)
1041 * - Authorization: Basic header
1042 * - squid.conf anonymous-FTP settings (default: anonymous:Squid@).
1044 * Special Case: A username-only may be provided in the URL and password in the HTTP headers.
1046 * TODO: we might be able to do something about locating username from other sources:
1047 * ie, external ACL user=* tag or ident lookup
1049 \retval 1 if we have everything needed to complete this request.
1050 \retval 0 if something is missing.
1053 Ftp::Gateway::checkAuth(const HttpHeader
* req_hdr
)
1055 /* default username */
1056 xstrncpy(user
, "anonymous", MAX_URL
);
1058 #if HAVE_AUTH_MODULE_BASIC
1059 /* Check HTTP Authorization: headers (better than defaults, but less than URL) */
1060 const SBuf
auth(req_hdr
->getAuth(Http::HdrType::AUTHORIZATION
, "Basic"));
1061 if (!auth
.isEmpty()) {
1062 flags
.authenticated
= 1;
1063 loginParser(auth
, false);
1065 /* we fail with authorization-required error later IFF the FTP server requests it */
1068 /* Test URL login syntax. Overrides any headers received. */
1069 loginParser(request
->url
.userInfo(), true);
1071 /* name is missing. thats fatal. */
1073 fatal("FTP login parsing destroyed username info");
1075 /* name + password == success */
1079 /* Setup default FTP password settings */
1080 /* this has to be done last so that we can have a no-password case above. */
1082 if (strcmp(user
, "anonymous") == 0 && !flags
.tried_auth_anonymous
) {
1083 xstrncpy(password
, Config
.Ftp
.anon_user
, MAX_URL
);
1084 flags
.tried_auth_anonymous
=1;
1086 } else if (!flags
.tried_auth_nopass
) {
1087 xstrncpy(password
, null_string
, MAX_URL
);
1088 flags
.tried_auth_nopass
=1;
1093 return 0; /* different username */
1097 Ftp::Gateway::checkUrlpath()
1099 static SBuf
str_type_eq("type=");
1100 auto t
= request
->url
.path().rfind(';');
1102 if (t
!= SBuf::npos
) {
1103 auto filenameEnd
= t
-1;
1104 if (request
->url
.path().substr(++t
).cmp(str_type_eq
, str_type_eq
.length()) == 0) {
1105 t
+= str_type_eq
.length();
1106 typecode
= (char)xtoupper(request
->url
.path()[t
]);
1107 request
->url
.path(request
->url
.path().substr(0,filenameEnd
));
1111 int l
= request
->url
.path().length();
1112 /* check for null path */
1117 flags
.need_base_href
= 1; /* Work around broken browsers */
1118 } else if (!request
->url
.path().cmp("/%2f/")) {
1119 /* UNIX root directory */
1122 } else if ((l
>= 1) && (request
->url
.path()[l
-1] == '/')) {
1123 /* Directory URL, ending in / */
1129 flags
.dir_slash
= 1;
1134 Ftp::Gateway::buildTitleUrl()
1136 title_url
= "ftp://";
1138 if (strcmp(user
, "anonymous")) {
1139 title_url
.append(user
);
1140 title_url
.append("@");
1143 SBuf authority
= request
->url
.authority(request
->url
.getScheme() != AnyP::PROTO_FTP
);
1145 title_url
.append(authority
.rawContent(), authority
.length());
1146 title_url
.append(request
->url
.path().rawContent(), request
->url
.path().length());
1148 base_href
= "ftp://";
1150 if (strcmp(user
, "anonymous") != 0) {
1151 base_href
.append(rfc1738_escape_part(user
));
1154 base_href
.append(":");
1155 base_href
.append(rfc1738_escape_part(password
));
1158 base_href
.append("@");
1161 base_href
.append(authority
.rawContent(), authority
.length());
1162 base_href
.append(request
->url
.path().rawContent(), request
->url
.path().length());
1163 base_href
.append("/");
1167 Ftp::Gateway::start()
1169 if (!checkAuth(&request
->header
)) {
1170 /* create appropriate reply */
1171 SBuf
realm(ftpRealm()); // local copy so SBuf will not disappear too early
1172 HttpReply
*reply
= ftpAuthRequired(request
.getRaw(), realm
);
1173 entry
->replaceHttpReply(reply
);
1180 debugs(9, 5, "FD " << (ctrl
.conn
? ctrl
.conn
->fd
: -1) << " : host=" << request
->url
.host() <<
1181 ", path=" << request
->url
.path() << ", user=" << user
<< ", passwd=" << password
);
1183 Ftp::Client::start();
1186 /* ====================================================================== */
1189 Ftp::Gateway::handleControlReply()
1191 Ftp::Client::handleControlReply();
1192 if (ctrl
.message
== NULL
)
1193 return; // didn't get complete reply yet
1195 /* Copy the message except for the last line to cwd_message to be
1196 * printed in error messages.
1198 for (wordlist
*w
= ctrl
.message
; w
&& w
->next
; w
= w
->next
) {
1199 cwd_message
.append('\n');
1200 cwd_message
.append(w
->key
);
1203 FTP_SM_FUNCS
[state
] (this);
1206 /* ====================================================================== */
1209 ftpReadWelcome(Ftp::Gateway
* ftpState
)
1211 int code
= ftpState
->ctrl
.replycode
;
1214 if (ftpState
->flags
.pasv_only
)
1215 ++ ftpState
->login_att
;
1218 if (ftpState
->ctrl
.message
) {
1219 if (strstr(ftpState
->ctrl
.message
->key
, "NetWare"))
1220 ftpState
->flags
.skip_whitespace
= 1;
1223 ftpSendUser(ftpState
);
1224 } else if (code
== 120) {
1225 if (NULL
!= ftpState
->ctrl
.message
)
1226 debugs(9, DBG_IMPORTANT
, "FTP server is busy: " << ftpState
->ctrl
.message
->key
);
1235 * Translate FTP login failure into HTTP error
1236 * this is an attmpt to get the 407 message to show up outside Squid.
1237 * its NOT a general failure. But a correct FTP response type.
1240 Ftp::Gateway::loginFailed()
1242 ErrorState
*err
= NULL
;
1244 if ((state
== SENT_USER
|| state
== SENT_PASS
) && ctrl
.replycode
>= 400) {
1245 if (ctrl
.replycode
== 421 || ctrl
.replycode
== 426) {
1246 // 421/426 - Service Overload - retry permitted.
1247 err
= new ErrorState(ERR_FTP_UNAVAILABLE
, Http::scServiceUnavailable
, fwd
->request
);
1248 } else if (ctrl
.replycode
>= 430 && ctrl
.replycode
<= 439) {
1249 // 43x - Invalid or Credential Error - retry challenge required.
1250 err
= new ErrorState(ERR_FTP_FORBIDDEN
, Http::scUnauthorized
, fwd
->request
);
1251 } else if (ctrl
.replycode
>= 530 && ctrl
.replycode
<= 539) {
1252 // 53x - Credentials Missing - retry challenge required
1253 if (password_url
) // but they were in the URI! major fail.
1254 err
= new ErrorState(ERR_FTP_FORBIDDEN
, Http::scForbidden
, fwd
->request
);
1256 err
= new ErrorState(ERR_FTP_FORBIDDEN
, Http::scUnauthorized
, fwd
->request
);
1265 failed(ERR_NONE
, ctrl
.replycode
, err
);
1266 // any other problems are general falures.
1268 HttpReply
*newrep
= err
->BuildHttpReply();
1271 #if HAVE_AUTH_MODULE_BASIC
1272 /* add Authenticate header */
1273 // XXX: performance regression. c_str() may reallocate
1274 SBuf
realm(ftpRealm()); // local copy so SBuf will not disappear too early
1275 newrep
->header
.putAuth("Basic", realm
.c_str());
1278 // add it to the store entry for response....
1279 entry
->replaceHttpReply(newrep
);
1284 Ftp::Gateway::ftpRealm()
1288 /* This request is not fully authenticated */
1289 realm
.appendf("FTP %s ", user
);
1291 realm
.append("unknown", 7);
1293 realm
.append(request
->url
.host());
1294 if (request
->url
.port() != 21)
1295 realm
.appendf(" port %d", request
->url
.port());
1301 ftpSendUser(Ftp::Gateway
* ftpState
)
1303 /* check the server control channel is still available */
1304 if (!ftpState
|| !ftpState
->haveControlChannel("ftpSendUser"))
1307 if (ftpState
->proxy_host
!= NULL
)
1308 snprintf(cbuf
, CTRL_BUFLEN
, "USER %s@%s\r\n", ftpState
->user
, ftpState
->request
->url
.host());
1310 snprintf(cbuf
, CTRL_BUFLEN
, "USER %s\r\n", ftpState
->user
);
1312 ftpState
->writeCommand(cbuf
);
1314 ftpState
->state
= Ftp::Client::SENT_USER
;
1318 ftpReadUser(Ftp::Gateway
* ftpState
)
1320 int code
= ftpState
->ctrl
.replycode
;
1324 ftpReadPass(ftpState
);
1325 } else if (code
== 331) {
1326 ftpSendPass(ftpState
);
1328 ftpState
->loginFailed();
1333 ftpSendPass(Ftp::Gateway
* ftpState
)
1335 /* check the server control channel is still available */
1336 if (!ftpState
|| !ftpState
->haveControlChannel("ftpSendPass"))
1339 snprintf(cbuf
, CTRL_BUFLEN
, "PASS %s\r\n", ftpState
->password
);
1340 ftpState
->writeCommand(cbuf
);
1341 ftpState
->state
= Ftp::Client::SENT_PASS
;
1345 ftpReadPass(Ftp::Gateway
* ftpState
)
1347 int code
= ftpState
->ctrl
.replycode
;
1348 debugs(9, 3, HERE
<< "code=" << code
);
1351 ftpSendType(ftpState
);
1353 ftpState
->loginFailed();
1358 ftpSendType(Ftp::Gateway
* ftpState
)
1360 /* check the server control channel is still available */
1361 if (!ftpState
|| !ftpState
->haveControlChannel("ftpSendType"))
1365 * Ref section 3.2.2 of RFC 1738
1367 char mode
= ftpState
->typecode
;
1382 if (ftpState
->flags
.isdir
) {
1385 auto t
= ftpState
->request
->url
.path().rfind('/');
1386 // XXX: performance regression, c_str() may reallocate
1387 SBuf filename
= ftpState
->request
->url
.path().substr(t
!= SBuf::npos
? t
+ 1 : 0);
1388 mode
= mimeGetTransferMode(filename
.c_str());
1395 ftpState
->flags
.binary
= 1;
1397 ftpState
->flags
.binary
= 0;
1399 snprintf(cbuf
, CTRL_BUFLEN
, "TYPE %c\r\n", mode
);
1401 ftpState
->writeCommand(cbuf
);
1403 ftpState
->state
= Ftp::Client::SENT_TYPE
;
1407 ftpReadType(Ftp::Gateway
* ftpState
)
1409 int code
= ftpState
->ctrl
.replycode
;
1412 debugs(9, 3, HERE
<< "code=" << code
);
1415 p
= path
= SBufToCstring(ftpState
->request
->url
.path());
1422 p
+= strcspn(p
, "/");
1429 rfc1738_unescape(d
);
1432 wordlistAdd(&ftpState
->pathcomps
, d
);
1437 if (ftpState
->pathcomps
)
1438 ftpTraverseDirectory(ftpState
);
1440 ftpListDir(ftpState
);
1447 ftpTraverseDirectory(Ftp::Gateway
* ftpState
)
1449 debugs(9, 4, HERE
<< (ftpState
->filepath
? ftpState
->filepath
: "<NULL>"));
1451 safe_free(ftpState
->dirpath
);
1452 ftpState
->dirpath
= ftpState
->filepath
;
1453 ftpState
->filepath
= NULL
;
1457 if (ftpState
->pathcomps
== NULL
) {
1458 debugs(9, 3, HERE
<< "the final component was a directory");
1459 ftpListDir(ftpState
);
1463 /* Go to next path component */
1464 ftpState
->filepath
= wordlistChopHead(& ftpState
->pathcomps
);
1466 /* Check if we are to CWD or RETR */
1467 if (ftpState
->pathcomps
!= NULL
|| ftpState
->flags
.isdir
) {
1468 ftpSendCwd(ftpState
);
1470 debugs(9, 3, HERE
<< "final component is probably a file");
1471 ftpGetFile(ftpState
);
1477 ftpSendCwd(Ftp::Gateway
* ftpState
)
1481 /* check the server control channel is still available */
1482 if (!ftpState
|| !ftpState
->haveControlChannel("ftpSendCwd"))
1487 path
= ftpState
->filepath
;
1489 if (!strcmp(path
, "..") || !strcmp(path
, "/")) {
1490 ftpState
->flags
.no_dotdot
= 1;
1492 ftpState
->flags
.no_dotdot
= 0;
1495 snprintf(cbuf
, CTRL_BUFLEN
, "CWD %s\r\n", path
);
1497 ftpState
->writeCommand(cbuf
);
1499 ftpState
->state
= Ftp::Client::SENT_CWD
;
1503 ftpReadCwd(Ftp::Gateway
* ftpState
)
1505 int code
= ftpState
->ctrl
.replycode
;
1508 if (code
>= 200 && code
< 300) {
1512 /* Reset cwd_message to only include the last message */
1513 ftpState
->cwd_message
.reset("");
1514 for (wordlist
*w
= ftpState
->ctrl
.message
; w
; w
= w
->next
) {
1515 ftpState
->cwd_message
.append('\n');
1516 ftpState
->cwd_message
.append(w
->key
);
1518 ftpState
->ctrl
.message
= NULL
;
1520 /* Continue to traverse the path */
1521 ftpTraverseDirectory(ftpState
);
1525 if (!ftpState
->flags
.put
)
1528 ftpSendMkdir(ftpState
);
1533 ftpSendMkdir(Ftp::Gateway
* ftpState
)
1537 /* check the server control channel is still available */
1538 if (!ftpState
|| !ftpState
->haveControlChannel("ftpSendMkdir"))
1541 path
= ftpState
->filepath
;
1542 debugs(9, 3, HERE
<< "with path=" << path
);
1543 snprintf(cbuf
, CTRL_BUFLEN
, "MKD %s\r\n", path
);
1544 ftpState
->writeCommand(cbuf
);
1545 ftpState
->state
= Ftp::Client::SENT_MKDIR
;
1549 ftpReadMkdir(Ftp::Gateway
* ftpState
)
1551 char *path
= ftpState
->filepath
;
1552 int code
= ftpState
->ctrl
.replycode
;
1554 debugs(9, 3, HERE
<< "path " << path
<< ", code " << code
);
1556 if (code
== 257) { /* success */
1557 ftpSendCwd(ftpState
);
1558 } else if (code
== 550) { /* dir exists */
1560 if (ftpState
->flags
.put_mkdir
) {
1561 ftpState
->flags
.put_mkdir
= 1;
1562 ftpSendCwd(ftpState
);
1564 ftpSendReply(ftpState
);
1566 ftpSendReply(ftpState
);
1570 ftpGetFile(Ftp::Gateway
* ftpState
)
1572 assert(*ftpState
->filepath
!= '\0');
1573 ftpState
->flags
.isdir
= 0;
1574 ftpSendMdtm(ftpState
);
1578 ftpListDir(Ftp::Gateway
* ftpState
)
1580 if (ftpState
->flags
.dir_slash
) {
1581 debugs(9, 3, HERE
<< "Directory path did not end in /");
1582 ftpState
->title_url
.append("/");
1583 ftpState
->flags
.isdir
= 1;
1586 ftpSendPassive(ftpState
);
1590 ftpSendMdtm(Ftp::Gateway
* ftpState
)
1592 /* check the server control channel is still available */
1593 if (!ftpState
|| !ftpState
->haveControlChannel("ftpSendMdtm"))
1596 assert(*ftpState
->filepath
!= '\0');
1597 snprintf(cbuf
, CTRL_BUFLEN
, "MDTM %s\r\n", ftpState
->filepath
);
1598 ftpState
->writeCommand(cbuf
);
1599 ftpState
->state
= Ftp::Client::SENT_MDTM
;
1603 ftpReadMdtm(Ftp::Gateway
* ftpState
)
1605 int code
= ftpState
->ctrl
.replycode
;
1609 ftpState
->mdtm
= parse_iso3307_time(ftpState
->ctrl
.last_reply
);
1611 } else if (code
< 0) {
1616 ftpSendSize(ftpState
);
1620 ftpSendSize(Ftp::Gateway
* ftpState
)
1622 /* check the server control channel is still available */
1623 if (!ftpState
|| !ftpState
->haveControlChannel("ftpSendSize"))
1626 /* Only send SIZE for binary transfers. The returned size
1627 * is useless on ASCII transfers */
1629 if (ftpState
->flags
.binary
) {
1630 assert(ftpState
->filepath
!= NULL
);
1631 assert(*ftpState
->filepath
!= '\0');
1632 snprintf(cbuf
, CTRL_BUFLEN
, "SIZE %s\r\n", ftpState
->filepath
);
1633 ftpState
->writeCommand(cbuf
);
1634 ftpState
->state
= Ftp::Client::SENT_SIZE
;
1636 /* Skip to next state no non-binary transfers */
1637 ftpSendPassive(ftpState
);
1641 ftpReadSize(Ftp::Gateway
* ftpState
)
1643 int code
= ftpState
->ctrl
.replycode
;
1648 ftpState
->theSize
= strtoll(ftpState
->ctrl
.last_reply
, NULL
, 10);
1650 if (ftpState
->theSize
== 0) {
1651 debugs(9, 2, "SIZE reported " <<
1652 ftpState
->ctrl
.last_reply
<< " on " <<
1653 ftpState
->title_url
);
1654 ftpState
->theSize
= -1;
1656 } else if (code
< 0) {
1661 ftpSendPassive(ftpState
);
1665 ftpReadEPSV(Ftp::Gateway
* ftpState
)
1667 Ip::Address srvAddr
; // unused
1668 if (ftpState
->handleEpsvReply(srvAddr
)) {
1669 if (ftpState
->ctrl
.message
== NULL
)
1670 return; // didn't get complete reply yet
1672 ftpState
->connectDataChannel();
1676 /** Send Passive connection request.
1677 * Default method is to use modern EPSV request.
1678 * The failover mechanism should check for previous state and re-call with alternates on failure.
1681 ftpSendPassive(Ftp::Gateway
* ftpState
)
1683 /** Checks the server control channel is still available before running. */
1684 if (!ftpState
|| !ftpState
->haveControlChannel("ftpSendPassive"))
1690 * Checks for 'HEAD' method request and passes off for special handling by Ftp::Gateway::processHeadResponse(). */
1691 if (ftpState
->request
->method
== Http::METHOD_HEAD
&& (ftpState
->flags
.isdir
|| ftpState
->theSize
!= -1)) {
1692 ftpState
->processHeadResponse(); // may call serverComplete
1696 if (ftpState
->sendPassive()) {
1697 // SENT_EPSV_ALL blocks other non-EPSV connections being attempted
1698 if (ftpState
->state
== Ftp::Client::SENT_EPSV_ALL
)
1699 ftpState
->flags
.epsv_all_sent
= true;
1704 Ftp::Gateway::processHeadResponse()
1706 debugs(9, 5, HERE
<< "handling HEAD response");
1708 appendSuccessHeader();
1711 * On rare occasions I'm seeing the entry get aborted after
1712 * readControlReply() and before here, probably when
1713 * trying to write to the client.
1715 if (EBIT_TEST(entry
->flags
, ENTRY_ABORTED
)) {
1716 abortAll("entry aborted while processing HEAD");
1721 if (adaptationAccessCheckPending
) {
1722 debugs(9,3, HERE
<< "returning due to adaptationAccessCheckPending");
1727 // processReplyBody calls serverComplete() since there is no body
1732 ftpReadPasv(Ftp::Gateway
* ftpState
)
1734 Ip::Address srvAddr
; // unused
1735 if (ftpState
->handlePasvReply(srvAddr
))
1736 ftpState
->connectDataChannel();
1739 // Currently disabled, does not work correctly:
1740 // ftpSendEPRT(ftpState);
1746 Ftp::Gateway::dataChannelConnected(const CommConnectCbParams
&io
)
1751 if (io
.flag
!= Comm::OK
) {
1752 debugs(9, 2, HERE
<< "Failed to connect. Retrying via another method.");
1754 // ABORT on timeouts. server may be waiting on a broken TCP link.
1755 if (io
.xerrno
== Comm::TIMEOUT
)
1756 writeCommand("ABOR\r\n");
1758 // try another connection attempt with some other method
1759 ftpSendPassive(this);
1763 data
.opened(io
.conn
, dataCloser());
1764 ftpRestOrList(this);
1768 ftpOpenListenSocket(Ftp::Gateway
* ftpState
, int fallback
)
1770 /// Close old data channels, if any. We may open a new one below.
1771 if (ftpState
->data
.conn
!= NULL
) {
1772 if ((ftpState
->data
.conn
->flags
& COMM_REUSEADDR
))
1773 // NP: in fact it points to the control channel. just clear it.
1774 ftpState
->data
.clear();
1776 ftpState
->data
.close();
1778 safe_free(ftpState
->data
.host
);
1780 if (!Comm::IsConnOpen(ftpState
->ctrl
.conn
)) {
1781 debugs(9, 5, "The control connection to the remote end is closed");
1786 * Set up a listen socket on the same local address as the
1787 * control connection.
1789 Comm::ConnectionPointer temp
= new Comm::Connection
;
1790 temp
->local
= ftpState
->ctrl
.conn
->local
;
1793 * REUSEADDR is needed in fallback mode, since the same port is
1794 * used for both control and data.
1799 if (setsockopt(ftpState
->ctrl
.conn
->fd
, SOL_SOCKET
, SO_REUSEADDR
,
1800 (char *) &on
, sizeof(on
)) == -1) {
1802 // SO_REUSEADDR is only an optimization, no need to be verbose about error
1803 debugs(9, 4, "setsockopt failed: " << xstrerr(xerrno
));
1805 ftpState
->ctrl
.conn
->flags
|= COMM_REUSEADDR
;
1806 temp
->flags
|= COMM_REUSEADDR
;
1808 /* if not running in fallback mode a new port needs to be retrieved */
1809 temp
->local
.port(0);
1812 ftpState
->listenForDataChannel(temp
);
1816 ftpSendPORT(Ftp::Gateway
* ftpState
)
1818 /* check the server control channel is still available */
1819 if (!ftpState
|| !ftpState
->haveControlChannel("ftpSendPort"))
1822 if (Config
.Ftp
.epsv_all
&& ftpState
->flags
.epsv_all_sent
) {
1823 debugs(9, DBG_IMPORTANT
, "FTP does not allow PORT method after 'EPSV ALL' has been sent.");
1828 ftpState
->flags
.pasv_supported
= 0;
1829 ftpOpenListenSocket(ftpState
, 0);
1831 if (!Comm::IsConnOpen(ftpState
->data
.listenConn
)) {
1832 if ( ftpState
->data
.listenConn
!= NULL
&& !ftpState
->data
.listenConn
->local
.isIPv4() ) {
1833 /* non-IPv4 CANNOT send PORT command. */
1834 /* we got here by attempting and failing an EPRT */
1835 /* using the same reply code should simulate a PORT failure */
1836 ftpReadPORT(ftpState
);
1840 /* XXX Need to set error message */
1845 // pull out the internal IP address bytes to send in PORT command...
1846 // source them from the listen_conn->local
1848 struct addrinfo
*AI
= NULL
;
1849 ftpState
->data
.listenConn
->local
.getAddrInfo(AI
, AF_INET
);
1850 unsigned char *addrptr
= (unsigned char *) &((struct sockaddr_in
*)AI
->ai_addr
)->sin_addr
;
1851 unsigned char *portptr
= (unsigned char *) &((struct sockaddr_in
*)AI
->ai_addr
)->sin_port
;
1852 snprintf(cbuf
, CTRL_BUFLEN
, "PORT %d,%d,%d,%d,%d,%d\r\n",
1853 addrptr
[0], addrptr
[1], addrptr
[2], addrptr
[3],
1854 portptr
[0], portptr
[1]);
1855 ftpState
->writeCommand(cbuf
);
1856 ftpState
->state
= Ftp::Client::SENT_PORT
;
1858 Ip::Address::FreeAddr(AI
);
1862 ftpReadPORT(Ftp::Gateway
* ftpState
)
1864 int code
= ftpState
->ctrl
.replycode
;
1868 /* Fall back on using the same port as the control connection */
1869 debugs(9, 3, "PORT not supported by remote end");
1870 ftpOpenListenSocket(ftpState
, 1);
1873 ftpRestOrList(ftpState
);
1878 ftpSendEPRT(Ftp::Gateway
* ftpState
)
1880 /* check the server control channel is still available */
1881 if (!ftpState
|| !ftpState
->haveControlChannel("ftpSendEPRT"))
1884 if (Config
.Ftp
.epsv_all
&& ftpState
->flags
.epsv_all_sent
) {
1885 debugs(9, DBG_IMPORTANT
, "FTP does not allow EPRT method after 'EPSV ALL' has been sent.");
1889 if (!Config
.Ftp
.eprt
) {
1890 /* Disabled. Switch immediately to attempting old PORT command. */
1891 debugs(9, 3, "EPRT disabled by local administrator");
1892 ftpSendPORT(ftpState
);
1897 ftpState
->flags
.pasv_supported
= 0;
1899 ftpOpenListenSocket(ftpState
, 0);
1900 debugs(9, 3, "Listening for FTP data connection with FD " << ftpState
->data
.conn
);
1901 if (!Comm::IsConnOpen(ftpState
->data
.conn
)) {
1902 /* XXX Need to set error message */
1907 char buf
[MAX_IPSTRLEN
];
1909 /* RFC 2428 defines EPRT as IPv6 equivalent to IPv4 PORT command. */
1910 /* Which can be used by EITHER protocol. */
1911 snprintf(cbuf
, CTRL_BUFLEN
, "EPRT |%d|%s|%d|\r\n",
1912 ( ftpState
->data
.listenConn
->local
.isIPv6() ? 2 : 1 ),
1913 ftpState
->data
.listenConn
->local
.toStr(buf
,MAX_IPSTRLEN
),
1914 ftpState
->data
.listenConn
->local
.port() );
1916 ftpState
->writeCommand(cbuf
);
1917 ftpState
->state
= Ftp::Client::SENT_EPRT
;
1922 ftpReadEPRT(Ftp::Gateway
* ftpState
)
1924 int code
= ftpState
->ctrl
.replycode
;
1928 /* Failover to attempting old PORT command. */
1929 debugs(9, 3, "EPRT not supported by remote end");
1930 ftpSendPORT(ftpState
);
1934 ftpRestOrList(ftpState
);
1937 /** "read" handler to accept FTP data connections.
1939 \param io comm accept(2) callback parameters
1942 Ftp::Gateway::ftpAcceptDataConnection(const CommAcceptCbParams
&io
)
1946 if (!Comm::IsConnOpen(ctrl
.conn
)) { /*Close handlers will cleanup*/
1947 debugs(9, 5, "The control connection to the remote end is closed");
1951 if (io
.flag
!= Comm::OK
) {
1952 data
.listenConn
->close();
1953 data
.listenConn
= NULL
;
1954 debugs(9, DBG_IMPORTANT
, "FTP AcceptDataConnection: " << io
.conn
<< ": " << xstrerr(io
.xerrno
));
1955 /** \todo Need to send error message on control channel*/
1960 if (EBIT_TEST(entry
->flags
, ENTRY_ABORTED
)) {
1961 abortAll("entry aborted when accepting data conn");
1962 data
.listenConn
->close();
1963 data
.listenConn
= NULL
;
1968 /* data listening conn is no longer even open. abort. */
1969 if (!Comm::IsConnOpen(data
.listenConn
)) {
1970 data
.listenConn
= NULL
; // ensure that it's cleared and not just closed.
1974 /* data listening conn is no longer even open. abort. */
1975 if (!Comm::IsConnOpen(data
.conn
)) {
1976 data
.clear(); // ensure that it's cleared and not just closed.
1981 * When squid.conf ftp_sanitycheck is enabled, check the new connection is actually being
1982 * made by the remote client which is connected to the FTP control socket.
1983 * Or the one which we were told to listen for by control channel messages (may differ under NAT).
1984 * This prevents third-party hacks, but also third-party load balancing handshakes.
1986 if (Config
.Ftp
.sanitycheck
) {
1987 // accept if either our data or ctrl connection is talking to this remote peer.
1988 if (data
.conn
->remote
!= io
.conn
->remote
&& ctrl
.conn
->remote
!= io
.conn
->remote
) {
1989 debugs(9, DBG_IMPORTANT
,
1990 "FTP data connection from unexpected server (" <<
1991 io
.conn
->remote
<< "), expecting " <<
1992 data
.conn
->remote
<< " or " << ctrl
.conn
->remote
);
1994 /* close the bad sources connection down ASAP. */
1997 /* drop the bad connection (io) by ignoring the attempt. */
2002 /** On Comm::OK start using the accepted data socket and discard the temporary listen socket. */
2004 data
.opened(io
.conn
, dataCloser());
2005 data
.addr(io
.conn
->remote
);
2007 debugs(9, 3, HERE
<< "Connected data socket on " <<
2008 io
.conn
<< ". FD table says: " <<
2009 "ctrl-peer= " << fd_table
[ctrl
.conn
->fd
].ipaddr
<< ", " <<
2010 "data-peer= " << fd_table
[data
.conn
->fd
].ipaddr
);
2012 assert(haveControlChannel("ftpAcceptDataConnection"));
2013 assert(ctrl
.message
== NULL
);
2015 // Ctrl channel operations will determine what happens to this data connection
2019 ftpRestOrList(Ftp::Gateway
* ftpState
)
2023 if (ftpState
->typecode
== 'D') {
2024 ftpState
->flags
.isdir
= 1;
2026 if (ftpState
->flags
.put
) {
2027 ftpSendMkdir(ftpState
); /* PUT name;type=d */
2029 ftpSendNlst(ftpState
); /* GET name;type=d sec 3.2.2 of RFC 1738 */
2031 } else if (ftpState
->flags
.put
) {
2032 ftpSendStor(ftpState
);
2033 } else if (ftpState
->flags
.isdir
)
2034 ftpSendList(ftpState
);
2035 else if (ftpState
->restartable())
2036 ftpSendRest(ftpState
);
2038 ftpSendRetr(ftpState
);
2042 ftpSendStor(Ftp::Gateway
* ftpState
)
2044 /* check the server control channel is still available */
2045 if (!ftpState
|| !ftpState
->haveControlChannel("ftpSendStor"))
2050 if (ftpState
->filepath
!= NULL
) {
2051 /* Plain file upload */
2052 snprintf(cbuf
, CTRL_BUFLEN
, "STOR %s\r\n", ftpState
->filepath
);
2053 ftpState
->writeCommand(cbuf
);
2054 ftpState
->state
= Ftp::Client::SENT_STOR
;
2055 } else if (ftpState
->request
->header
.getInt64(Http::HdrType::CONTENT_LENGTH
) > 0) {
2056 /* File upload without a filename. use STOU to generate one */
2057 snprintf(cbuf
, CTRL_BUFLEN
, "STOU\r\n");
2058 ftpState
->writeCommand(cbuf
);
2059 ftpState
->state
= Ftp::Client::SENT_STOR
;
2061 /* No file to transfer. Only create directories if needed */
2062 ftpSendReply(ftpState
);
2066 /// \deprecated use ftpState->readStor() instead.
2068 ftpReadStor(Ftp::Gateway
* ftpState
)
2070 ftpState
->readStor();
2073 void Ftp::Gateway::readStor()
2075 int code
= ctrl
.replycode
;
2078 if (code
== 125 || (code
== 150 && Comm::IsConnOpen(data
.conn
))) {
2079 if (!originalRequest()->body_pipe
) {
2080 debugs(9, 3, "zero-size STOR?");
2081 state
= WRITING_DATA
; // make ftpWriteTransferDone() responsible
2082 dataComplete(); // XXX: keep in sync with doneSendingRequestBody()
2086 if (!startRequestBodyFlow()) { // register to receive body data
2091 /* When client status is 125, or 150 and the data connection is open, Begin data transfer. */
2092 debugs(9, 3, HERE
<< "starting data transfer");
2093 switchTimeoutToDataChannel();
2094 sendMoreRequestBody();
2095 fwd
->dontRetry(true); // do not permit re-trying if the body was sent.
2096 state
= WRITING_DATA
;
2097 debugs(9, 3, HERE
<< "writing data channel");
2098 } else if (code
== 150) {
2099 /* When client code is 150 with no data channel, Accept data channel. */
2100 debugs(9, 3, "ftpReadStor: accepting data channel");
2101 listenForDataChannel(data
.conn
);
2103 debugs(9, DBG_IMPORTANT
, HERE
<< "Unexpected reply code "<< std::setfill('0') << std::setw(3) << code
);
2109 ftpSendRest(Ftp::Gateway
* ftpState
)
2111 /* check the server control channel is still available */
2112 if (!ftpState
|| !ftpState
->haveControlChannel("ftpSendRest"))
2117 snprintf(cbuf
, CTRL_BUFLEN
, "REST %" PRId64
"\r\n", ftpState
->restart_offset
);
2118 ftpState
->writeCommand(cbuf
);
2119 ftpState
->state
= Ftp::Client::SENT_REST
;
2123 Ftp::Gateway::restartable()
2125 if (restart_offset
> 0)
2128 if (!request
->range
)
2137 int64_t desired_offset
= request
->range
->lowestOffset(theSize
);
2139 if (desired_offset
<= 0)
2142 if (desired_offset
>= theSize
)
2145 restart_offset
= desired_offset
;
2150 ftpReadRest(Ftp::Gateway
* ftpState
)
2152 int code
= ftpState
->ctrl
.replycode
;
2154 assert(ftpState
->restart_offset
> 0);
2157 ftpState
->setCurrentOffset(ftpState
->restart_offset
);
2158 ftpSendRetr(ftpState
);
2159 } else if (code
> 0) {
2160 debugs(9, 3, HERE
<< "REST not supported");
2161 ftpState
->flags
.rest_supported
= 0;
2162 ftpSendRetr(ftpState
);
2169 ftpSendList(Ftp::Gateway
* ftpState
)
2171 /* check the server control channel is still available */
2172 if (!ftpState
|| !ftpState
->haveControlChannel("ftpSendList"))
2177 if (ftpState
->filepath
) {
2178 snprintf(cbuf
, CTRL_BUFLEN
, "LIST %s\r\n", ftpState
->filepath
);
2180 snprintf(cbuf
, CTRL_BUFLEN
, "LIST\r\n");
2183 ftpState
->writeCommand(cbuf
);
2184 ftpState
->state
= Ftp::Client::SENT_LIST
;
2188 ftpSendNlst(Ftp::Gateway
* ftpState
)
2190 /* check the server control channel is still available */
2191 if (!ftpState
|| !ftpState
->haveControlChannel("ftpSendNlst"))
2196 ftpState
->flags
.tried_nlst
= 1;
2198 if (ftpState
->filepath
) {
2199 snprintf(cbuf
, CTRL_BUFLEN
, "NLST %s\r\n", ftpState
->filepath
);
2201 snprintf(cbuf
, CTRL_BUFLEN
, "NLST\r\n");
2204 ftpState
->writeCommand(cbuf
);
2205 ftpState
->state
= Ftp::Client::SENT_NLST
;
2209 ftpReadList(Ftp::Gateway
* ftpState
)
2211 int code
= ftpState
->ctrl
.replycode
;
2214 if (code
== 125 || (code
== 150 && Comm::IsConnOpen(ftpState
->data
.conn
))) {
2215 /* Begin data transfer */
2216 debugs(9, 3, HERE
<< "begin data transfer from " << ftpState
->data
.conn
->remote
<< " (" << ftpState
->data
.conn
->local
<< ")");
2217 ftpState
->switchTimeoutToDataChannel();
2218 ftpState
->maybeReadVirginBody();
2219 ftpState
->state
= Ftp::Client::READING_DATA
;
2221 } else if (code
== 150) {
2222 /* Accept data channel */
2223 debugs(9, 3, HERE
<< "accept data channel from " << ftpState
->data
.conn
->remote
<< " (" << ftpState
->data
.conn
->local
<< ")");
2224 ftpState
->listenForDataChannel(ftpState
->data
.conn
);
2226 } else if (!ftpState
->flags
.tried_nlst
&& code
> 300) {
2227 ftpSendNlst(ftpState
);
2235 ftpSendRetr(Ftp::Gateway
* ftpState
)
2237 /* check the server control channel is still available */
2238 if (!ftpState
|| !ftpState
->haveControlChannel("ftpSendRetr"))
2243 assert(ftpState
->filepath
!= NULL
);
2244 snprintf(cbuf
, CTRL_BUFLEN
, "RETR %s\r\n", ftpState
->filepath
);
2245 ftpState
->writeCommand(cbuf
);
2246 ftpState
->state
= Ftp::Client::SENT_RETR
;
2250 ftpReadRetr(Ftp::Gateway
* ftpState
)
2252 int code
= ftpState
->ctrl
.replycode
;
2255 if (code
== 125 || (code
== 150 && Comm::IsConnOpen(ftpState
->data
.conn
))) {
2256 /* Begin data transfer */
2257 debugs(9, 3, HERE
<< "begin data transfer from " << ftpState
->data
.conn
->remote
<< " (" << ftpState
->data
.conn
->local
<< ")");
2258 ftpState
->switchTimeoutToDataChannel();
2259 ftpState
->maybeReadVirginBody();
2260 ftpState
->state
= Ftp::Client::READING_DATA
;
2261 } else if (code
== 150) {
2262 /* Accept data channel */
2263 ftpState
->listenForDataChannel(ftpState
->data
.conn
);
2264 } else if (code
>= 300) {
2265 if (!ftpState
->flags
.try_slash_hack
) {
2266 /* Try this as a directory missing trailing slash... */
2267 ftpState
->hackShortcut(ftpSendCwd
);
2277 * Generate the HTTP headers and template fluff around an FTP
2278 * directory listing display.
2281 Ftp::Gateway::completedListing()
2284 entry
->lock("Ftp::Gateway");
2285 ErrorState
ferr(ERR_DIR_LISTING
, Http::scOkay
, request
.getRaw());
2286 ferr
.ftp
.listing
= &listing
;
2287 ferr
.ftp
.cwd_msg
= xstrdup(cwd_message
.size()? cwd_message
.termedBuf() : "");
2288 ferr
.ftp
.server_msg
= ctrl
.message
;
2289 ctrl
.message
= NULL
;
2290 entry
->replaceHttpReply(ferr
.BuildHttpReply());
2292 entry
->unlock("Ftp::Gateway");
2296 ftpReadTransferDone(Ftp::Gateway
* ftpState
)
2298 int code
= ftpState
->ctrl
.replycode
;
2301 if (code
== 226 || code
== 250) {
2302 /* Connection closed; retrieval done. */
2303 if (ftpState
->flags
.listing
) {
2304 ftpState
->completedListing();
2305 /* QUIT operation handles sending the reply to client */
2307 ftpSendQuit(ftpState
);
2308 } else { /* != 226 */
2309 debugs(9, DBG_IMPORTANT
, HERE
<< "Got code " << code
<< " after reading data");
2310 ftpState
->failed(ERR_FTP_FAILURE
, 0);
2311 /* failed closes ctrl.conn and frees ftpState */
2316 // premature end of the request body
2318 Ftp::Gateway::handleRequestBodyProducerAborted()
2320 Client::handleRequestBodyProducerAborted();
2321 debugs(9, 3, HERE
<< "ftpState=" << this);
2322 failed(ERR_READ_ERROR
, 0);
2326 ftpWriteTransferDone(Ftp::Gateway
* ftpState
)
2328 int code
= ftpState
->ctrl
.replycode
;
2331 if (!(code
== 226 || code
== 250)) {
2332 debugs(9, DBG_IMPORTANT
, HERE
<< "Got code " << code
<< " after sending data");
2333 ftpState
->failed(ERR_FTP_PUT_ERROR
, 0);
2337 ftpState
->entry
->timestampsSet(); /* XXX Is this needed? */
2338 ftpSendReply(ftpState
);
2342 ftpSendQuit(Ftp::Gateway
* ftpState
)
2344 /* check the server control channel is still available */
2345 if (!ftpState
|| !ftpState
->haveControlChannel("ftpSendQuit"))
2348 snprintf(cbuf
, CTRL_BUFLEN
, "QUIT\r\n");
2349 ftpState
->writeCommand(cbuf
);
2350 ftpState
->state
= Ftp::Client::SENT_QUIT
;
2353 /** Completes a client FTP operation with success or other page
2354 * generated and stored in the entry field by the code issuing QUIT.
2357 ftpReadQuit(Ftp::Gateway
* ftpState
)
2359 ftpState
->serverComplete();
2363 ftpTrySlashHack(Ftp::Gateway
* ftpState
)
2366 ftpState
->flags
.try_slash_hack
= 1;
2367 /* Free old paths */
2371 if (ftpState
->pathcomps
)
2372 wordlistDestroy(&ftpState
->pathcomps
);
2374 safe_free(ftpState
->filepath
);
2376 /* Build the new path (urlpath begins with /) */
2377 path
= SBufToCstring(ftpState
->request
->url
.path());
2379 rfc1738_unescape(path
);
2381 ftpState
->filepath
= path
;
2384 ftpGetFile(ftpState
);
2388 * Forget hack status. Next error is shown to the user
2391 Ftp::Gateway::unhack()
2395 if (old_request
!= NULL
) {
2396 safe_free(old_request
);
2397 safe_free(old_reply
);
2402 Ftp::Gateway::hackShortcut(FTPSM
* nextState
)
2404 /* Clear some unwanted state */
2405 setCurrentOffset(0);
2407 /* Save old error message & some state info */
2411 if (old_request
== NULL
) {
2412 old_request
= ctrl
.last_command
;
2413 ctrl
.last_command
= NULL
;
2414 old_reply
= ctrl
.last_reply
;
2415 ctrl
.last_reply
= NULL
;
2417 if (pathcomps
== NULL
&& filepath
!= NULL
)
2418 old_filepath
= xstrdup(filepath
);
2421 /* Jump to the "hack" state */
2426 ftpFail(Ftp::Gateway
*ftpState
)
2428 const bool slashHack
= ftpState
->request
->url
.path().caseCmp("/%2f", 4)==0;
2429 int code
= ftpState
->ctrl
.replycode
;
2430 err_type error_code
= ERR_NONE
;
2432 debugs(9, 6, "state " << ftpState
->state
<<
2433 " reply code " << code
<< "flags(" <<
2434 (ftpState
->flags
.isdir
?"IS_DIR,":"") <<
2435 (ftpState
->flags
.try_slash_hack
?"TRY_SLASH_HACK":"") << "), " <<
2436 "mdtm=" << ftpState
->mdtm
<< ", size=" << ftpState
->theSize
<<
2437 "slashhack=" << (slashHack
? "T":"F"));
2439 /* Try the / hack to support "Netscape" FTP URL's for retreiving files */
2440 if (!ftpState
->flags
.isdir
&& /* Not a directory */
2441 !ftpState
->flags
.try_slash_hack
&& !slashHack
&& /* Not doing slash hack */
2442 ftpState
->mdtm
<= 0 && ftpState
->theSize
< 0) { /* Not known as a file */
2444 switch (ftpState
->state
) {
2446 case Ftp::Client::SENT_CWD
:
2448 case Ftp::Client::SENT_RETR
:
2449 /* Try the / hack */
2450 ftpState
->hackShortcut(ftpTrySlashHack
);
2458 Http::StatusCode sc
= ftpState
->failedHttpStatus(error_code
);
2459 ErrorState
*ftperr
= new ErrorState(error_code
, sc
, ftpState
->fwd
->request
);
2460 ftpState
->failed(error_code
, code
, ftperr
);
2461 ftperr
->detailError(code
);
2462 HttpReply
*newrep
= ftperr
->BuildHttpReply();
2465 ftpState
->entry
->replaceHttpReply(newrep
);
2466 ftpSendQuit(ftpState
);
2470 Ftp::Gateway::failedHttpStatus(err_type
&error
)
2472 if (error
== ERR_NONE
) {
2479 if (ctrl
.replycode
> 500) {
2480 error
= ERR_FTP_FORBIDDEN
;
2481 return password_url
? Http::scForbidden
: Http::scUnauthorized
;
2482 } else if (ctrl
.replycode
== 421) {
2483 error
= ERR_FTP_UNAVAILABLE
;
2484 return Http::scServiceUnavailable
;
2491 if (ctrl
.replycode
== 550) {
2492 error
= ERR_FTP_NOT_FOUND
;
2493 return Http::scNotFound
;
2501 return Ftp::Client::failedHttpStatus(error
);
2505 ftpSendReply(Ftp::Gateway
* ftpState
)
2507 int code
= ftpState
->ctrl
.replycode
;
2508 Http::StatusCode http_code
;
2509 err_type err_code
= ERR_NONE
;
2511 debugs(9, 3, HERE
<< ftpState
->entry
->url() << ", code " << code
);
2513 if (cbdataReferenceValid(ftpState
))
2514 debugs(9, 5, HERE
<< "ftpState (" << ftpState
<< ") is valid!");
2516 if (code
== 226 || code
== 250) {
2517 err_code
= (ftpState
->mdtm
> 0) ? ERR_FTP_PUT_MODIFIED
: ERR_FTP_PUT_CREATED
;
2518 http_code
= (ftpState
->mdtm
> 0) ? Http::scAccepted
: Http::scCreated
;
2519 } else if (code
== 227) {
2520 err_code
= ERR_FTP_PUT_CREATED
;
2521 http_code
= Http::scCreated
;
2523 err_code
= ERR_FTP_PUT_ERROR
;
2524 http_code
= Http::scInternalServerError
;
2527 ErrorState
err(err_code
, http_code
, ftpState
->request
.getRaw());
2529 if (ftpState
->old_request
)
2530 err
.ftp
.request
= xstrdup(ftpState
->old_request
);
2532 err
.ftp
.request
= xstrdup(ftpState
->ctrl
.last_command
);
2534 if (ftpState
->old_reply
)
2535 err
.ftp
.reply
= xstrdup(ftpState
->old_reply
);
2536 else if (ftpState
->ctrl
.last_reply
)
2537 err
.ftp
.reply
= xstrdup(ftpState
->ctrl
.last_reply
);
2539 err
.ftp
.reply
= xstrdup("");
2541 // TODO: interpret as FTP-specific error code
2542 err
.detailError(code
);
2544 ftpState
->entry
->replaceHttpReply(err
.BuildHttpReply());
2546 ftpSendQuit(ftpState
);
2550 Ftp::Gateway::appendSuccessHeader()
2554 if (flags
.http_header_sent
)
2557 HttpReply
*reply
= new HttpReply
;
2559 flags
.http_header_sent
= 1;
2561 assert(entry
->isEmpty());
2563 entry
->buffer(); /* released when done processing current data payload */
2565 SBuf urlPath
= request
->url
.path();
2566 auto t
= urlPath
.rfind('/');
2567 SBuf filename
= urlPath
.substr(t
!= SBuf::npos
? t
: 0);
2569 const char *mime_type
= NULL
;
2570 const char *mime_enc
= NULL
;
2573 mime_type
= "text/html";
2578 mime_type
= "application/octet-stream";
2579 // XXX: performance regression, c_str() may reallocate
2580 mime_enc
= mimeGetContentEncoding(filename
.c_str());
2584 mime_type
= "text/plain";
2588 // XXX: performance regression, c_str() may reallocate
2589 mime_type
= mimeGetContentType(filename
.c_str());
2590 mime_enc
= mimeGetContentEncoding(filename
.c_str());
2595 /* set standard stuff */
2597 if (0 == getCurrentOffset()) {
2599 reply
->setHeaders(Http::scOkay
, "Gatewaying", mime_type
, theSize
, mdtm
, -2);
2600 } else if (theSize
< getCurrentOffset()) {
2603 * offset should not be larger than theSize. We should
2604 * not be seeing this condition any more because we'll only
2605 * send REST if we know the theSize and if it is less than theSize.
2607 debugs(0,DBG_CRITICAL
,HERE
<< "Whoops! " <<
2608 " current offset=" << getCurrentOffset() <<
2609 ", but theSize=" << theSize
<<
2610 ". assuming full content response");
2611 reply
->setHeaders(Http::scOkay
, "Gatewaying", mime_type
, theSize
, mdtm
, -2);
2614 HttpHdrRangeSpec range_spec
;
2615 range_spec
.offset
= getCurrentOffset();
2616 range_spec
.length
= theSize
- getCurrentOffset();
2617 reply
->setHeaders(Http::scPartialContent
, "Gatewaying", mime_type
, theSize
- getCurrentOffset(), mdtm
, -2);
2618 httpHeaderAddContRange(&reply
->header
, range_spec
, theSize
);
2621 /* additional info */
2623 reply
->header
.putStr(Http::HdrType::CONTENT_ENCODING
, mime_enc
);
2625 reply
->sources
|= Http::Message::srcFtp
;
2626 setVirginReply(reply
);
2627 adaptOrFinalizeReply();
2631 Ftp::Gateway::haveParsedReplyHeaders()
2633 Client::haveParsedReplyHeaders();
2635 StoreEntry
*e
= entry
;
2639 // makePublic() if allowed/possible or release() otherwise
2640 if (flags
.authenticated
|| // authenticated requests can't be cached
2641 getCurrentOffset() ||
2648 Ftp::Gateway::ftpAuthRequired(HttpRequest
* request
, SBuf
&realm
)
2650 ErrorState
err(ERR_CACHE_ACCESS_DENIED
, Http::scUnauthorized
, request
);
2651 HttpReply
*newrep
= err
.BuildHttpReply();
2652 #if HAVE_AUTH_MODULE_BASIC
2653 /* add Authenticate header */
2654 // XXX: performance regression. c_str() may reallocate
2655 newrep
->header
.putAuth("Basic", realm
.c_str());
2661 Ftp::UrlWith2f(HttpRequest
* request
)
2665 if (request
->url
.getScheme() != AnyP::PROTO_FTP
) {
2666 static const SBuf nil
;
2670 if (request
->url
.path()[0] == '/') {
2671 newbuf
.append(request
->url
.path());
2672 request
->url
.path(newbuf
);
2673 } else if (!request
->url
.path().startsWith(newbuf
)) {
2674 newbuf
.append(request
->url
.path().substr(1));
2675 request
->url
.path(newbuf
);
2678 return request
->effectiveRequestUri();
2682 Ftp::Gateway::printfReplyBody(const char *fmt
, ...)
2685 va_start (args
, fmt
);
2686 static char buf
[4096];
2688 vsnprintf(buf
, 4096, fmt
, args
);
2689 writeReplyBody(buf
, strlen(buf
));
2694 * Call this when there is data from the origin server
2695 * which should be sent to either StoreEntry, or to ICAP...
2698 Ftp::Gateway::writeReplyBody(const char *dataToWrite
, size_t dataLength
)
2700 debugs(9, 5, HERE
<< "writing " << dataLength
<< " bytes to the reply");
2701 addVirginReplyBody(dataToWrite
, dataLength
);
2705 * A hack to ensure we do not double-complete on the forward entry.
2707 \todo Ftp::Gateway logic should probably be rewritten to avoid
2708 * double-completion or FwdState should be rewritten to allow it.
2711 Ftp::Gateway::completeForwarding()
2713 if (fwd
== NULL
|| flags
.completed_forwarding
) {
2714 debugs(9, 3, "avoid double-complete on FD " <<
2715 (ctrl
.conn
? ctrl
.conn
->fd
: -1) << ", Data FD " << data
.conn
->fd
<<
2716 ", this " << this << ", fwd " << fwd
);
2720 flags
.completed_forwarding
= true;
2721 Client::completeForwarding();
2725 * Have we lost the FTP server control channel?
2727 \retval true The server control channel is available.
2728 \retval false The server control channel is not available.
2731 Ftp::Gateway::haveControlChannel(const char *caller_name
) const
2733 if (doneWithServer())
2736 /* doneWithServer() only checks BOTH channels are closed. */
2737 if (!Comm::IsConnOpen(ctrl
.conn
)) {
2738 debugs(9, DBG_IMPORTANT
, "WARNING! FTP Server Control channel is closed, but Data channel still active.");
2739 debugs(9, 2, caller_name
<< ": attempted on a closed FTP channel.");
2747 Ftp::Gateway::mayReadVirginReplyBody() const
2749 // TODO: Can we do what Ftp::Relay::mayReadVirginReplyBody() does instead?
2750 return !doneWithServer();
2754 Ftp::StartGateway(FwdState
*const fwdState
)
2756 return AsyncJob::Start(new Ftp::Gateway(fwdState
));