usr.sbin/faithd/ftp.c

*749ce5c9Sandvar/*	$NetBSD: ftp.c,v 1.20 2024/02/09 20:55:15 andvar Exp $	*/
ecf55737Sitojun/*	$KAME: ftp.c,v 1.23 2003/08/19 21:20:33 itojun Exp $	*/
e5db40b6Sitojun
e5db40b6Sitojun/*
e5db40b6Sitojun * Copyright (C) 1997 and 1998 WIDE Project.
e5db40b6Sitojun * All rights reserved.
e5db40b6Sitojun *
e5db40b6Sitojun * Redistribution and use in source and binary forms, with or without
e5db40b6Sitojun * modification, are permitted provided that the following conditions
e5db40b6Sitojun * are met:
e5db40b6Sitojun * 1. Redistributions of source code must retain the above copyright
e5db40b6Sitojun *    notice, this list of conditions and the following disclaimer.
e5db40b6Sitojun * 2. Redistributions in binary form must reproduce the above copyright
e5db40b6Sitojun *    notice, this list of conditions and the following disclaimer in the
e5db40b6Sitojun *    documentation and/or other materials provided with the distribution.
e5db40b6Sitojun * 3. Neither the name of the project nor the names of its contributors
e5db40b6Sitojun *    may be used to endorse or promote products derived from this software
e5db40b6Sitojun *    without specific prior written permission.
e5db40b6Sitojun *
e5db40b6Sitojun * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
e5db40b6Sitojun * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
e5db40b6Sitojun * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
e5db40b6Sitojun * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
e5db40b6Sitojun * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
e5db40b6Sitojun * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
e5db40b6Sitojun * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
e5db40b6Sitojun * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
e5db40b6Sitojun * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
e5db40b6Sitojun * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
e5db40b6Sitojun * SUCH DAMAGE.
e5db40b6Sitojun */
e5db40b6Sitojun
e5db40b6Sitojun#include <sys/param.h>
e5db40b6Sitojun#include <sys/types.h>
e5db40b6Sitojun#include <sys/socket.h>
e5db40b6Sitojun#include <sys/ioctl.h>
e5db40b6Sitojun#include <sys/time.h>
e5db40b6Sitojun
e5db40b6Sitojun#include <stdio.h>
e5db40b6Sitojun#include <stdlib.h>
e5db40b6Sitojun#include <string.h>
e5db40b6Sitojun#include <syslog.h>
e5db40b6Sitojun#include <unistd.h>
ecf55737Sitojun#include <poll.h>
e5db40b6Sitojun#include <errno.h>
e5db40b6Sitojun#include <ctype.h>
e5db40b6Sitojun
e5db40b6Sitojun#include <netinet/in.h>
e5db40b6Sitojun#include <arpa/inet.h>
e5db40b6Sitojun#include <netdb.h>
e5db40b6Sitojun
e5db40b6Sitojun#include "faithd.h"
e5db40b6Sitojun
e5db40b6Sitojunstatic char rbuf[MSS];
e5db40b6Sitojunstatic int passivemode = 0;
e5db40b6Sitojunstatic int wport4 = -1;			/* listen() to active */
e5db40b6Sitojunstatic int wport6 = -1;			/* listen() to passive */
e5db40b6Sitojunstatic int port4 = -1;			/* active: inbound  passive: outbound */
e5db40b6Sitojunstatic int port6 = -1;			/* active: outbound  passive: inbound */
e5db40b6Sitojunstatic struct sockaddr_storage data4;	/* server data address */
e5db40b6Sitojunstatic struct sockaddr_storage data6;	/* client data address */
e5db40b6Sitojunstatic int epsvall = 0;
e5db40b6Sitojun
e5db40b6Sitojunenum state { NONE, LPRT, EPRT, LPSV, EPSV };
e5db40b6Sitojun
2579358aSchristosstatic int ftp_activeconn(void);
2579358aSchristosstatic int ftp_passiveconn(void);
2579358aSchristosstatic ssize_t ftp_copy(int, int);
2579358aSchristosstatic ssize_t ftp_copyresult(int, int, enum state);
2579358aSchristosstatic ssize_t ftp_copycommand(int, int, enum state *);
e5db40b6Sitojun
e5db40b6Sitojunvoid
e5db40b6Sitojunftp_relay(int ctl6, int ctl4)
e5db40b6Sitojun{
ecf55737Sitojun	struct pollfd pfd[6];
2579358aSchristos	ssize_t error;
e5db40b6Sitojun	enum state state = NONE;
e5db40b6Sitojun
e5db40b6Sitojun	syslog(LOG_INFO, "starting ftp control connection");
e5db40b6Sitojun
e5db40b6Sitojun	for (;;) {
ecf55737Sitojun		pfd[0].fd = ctl4;
ecf55737Sitojun		pfd[0].events = POLLIN;
ecf55737Sitojun		pfd[1].fd = ctl6;
ecf55737Sitojun		pfd[1].events = POLLIN;
bc0d6cddSitojun		if (0 <= port4) {
ecf55737Sitojun			pfd[2].fd = port4;
ecf55737Sitojun			pfd[2].events = POLLIN;
ecf55737Sitojun		} else
ecf55737Sitojun			pfd[2].fd = -1;
bc0d6cddSitojun		if (0 <= port6) {
ecf55737Sitojun			pfd[3].fd = port6;
ecf55737Sitojun			pfd[3].events = POLLIN;
ecf55737Sitojun		} else
ecf55737Sitojun			pfd[3].fd = -1;
e5db40b6Sitojun#if 0
bc0d6cddSitojun		if (0 <= wport4) {
ecf55737Sitojun			pfd[4].fd = wport4;
ecf55737Sitojun			pfd[4].events = POLLIN;
ecf55737Sitojun		} else
ecf55737Sitojun			pfd[4].fd = -1;
bc0d6cddSitojun		if (0 <= wport6) {
ecf55737Sitojun			pfd[5].fd = wport4;
ecf55737Sitojun			pfd[5].events = POLLIN;
ecf55737Sitojun		} else
ecf55737Sitojun			pfd[5].fd = -1;
ecf55737Sitojun#else
ecf55737Sitojun		pfd[4].fd = pfd[5].fd = -1;
ecf55737Sitojun		pfd[4].events = pfd[5].events = 0;
e5db40b6Sitojun#endif
2579358aSchristos		error = poll(pfd, (unsigned int)(sizeof(pfd) / sizeof(pfd[0])),
2579358aSchristos		    FAITH_TIMEOUT * 1000);
ecf55737Sitojun		if (error == -1) {
ecf55737Sitojun			exit_failure("poll: %s", strerror(errno));
ecf55737Sitojun		}
e5db40b6Sitojun		else if (error == 0)
e5db40b6Sitojun			exit_failure("connection timeout");
e5db40b6Sitojun
e5db40b6Sitojun		/*
e5db40b6Sitojun		 * The order of the following checks does (slightly) matter.
e5db40b6Sitojun		 * It is important to visit all checks (do not use "continue"),
e5db40b6Sitojun		 * otherwise some of the pipe may become full and we cannot
e5db40b6Sitojun		 * relay correctly.
e5db40b6Sitojun		 */
ecf55737Sitojun		if (pfd[1].revents & POLLIN)
ecf55737Sitojun		{
e5db40b6Sitojun			/*
e5db40b6Sitojun			 * copy control connection from the client.
e5db40b6Sitojun			 * command translation is necessary.
e5db40b6Sitojun			 */
e5db40b6Sitojun			error = ftp_copycommand(ctl6, ctl4, &state);
e5db40b6Sitojun
18446509Sitojun			if (error < 0)
e5db40b6Sitojun				goto bad;
18446509Sitojun			else if (error == 0) {
4c1a6c87Schristos				(void)close(ctl4);
4c1a6c87Schristos				(void)close(ctl6);
e5db40b6Sitojun				exit_success("terminating ftp control connection");
e5db40b6Sitojun				/*NOTREACHED*/
e5db40b6Sitojun			}
e5db40b6Sitojun		}
ecf55737Sitojun		if (pfd[0].revents & POLLIN)
ecf55737Sitojun		{
e5db40b6Sitojun			/*
e5db40b6Sitojun			 * copy control connection from the server
e5db40b6Sitojun			 * translation of result code is necessary.
e5db40b6Sitojun			 */
e5db40b6Sitojun			error = ftp_copyresult(ctl4, ctl6, state);
e5db40b6Sitojun
18446509Sitojun			if (error < 0)
e5db40b6Sitojun				goto bad;
18446509Sitojun			else if (error == 0) {
4c1a6c87Schristos				(void)close(ctl4);
4c1a6c87Schristos				(void)close(ctl6);
e5db40b6Sitojun				exit_success("terminating ftp control connection");
e5db40b6Sitojun				/*NOTREACHED*/
e5db40b6Sitojun			}
e5db40b6Sitojun		}
ecf55737Sitojun		if (0 <= port4 && 0 <= port6 && (pfd[2].revents & POLLIN))
ecf55737Sitojun		{
e5db40b6Sitojun			/*
e5db40b6Sitojun			 * copy data connection.
e5db40b6Sitojun			 * no special treatment necessary.
e5db40b6Sitojun			 */
ecf55737Sitojun			if (pfd[2].revents & POLLIN)
e5db40b6Sitojun				error = ftp_copy(port4, port6);
e5db40b6Sitojun			switch (error) {
e5db40b6Sitojun			case -1:
e5db40b6Sitojun				goto bad;
e5db40b6Sitojun			case 0:
10dfada8Schristos				if (port4 >= 0) {
2579358aSchristos					(void)close(port4);
10dfada8Schristos					port4 = -1;
10dfada8Schristos				}
10dfada8Schristos				if (port6 >= 0) {
2579358aSchristos					(void)close(port6);
10dfada8Schristos					port6 = -1;
10dfada8Schristos				}
e5db40b6Sitojun				syslog(LOG_INFO, "terminating data connection");
e5db40b6Sitojun				break;
e5db40b6Sitojun			default:
e5db40b6Sitojun				break;
e5db40b6Sitojun			}
e5db40b6Sitojun		}
ecf55737Sitojun		if (0 <= port4 && 0 <= port6 && (pfd[3].revents & POLLIN))
ecf55737Sitojun		{
e5db40b6Sitojun			/*
e5db40b6Sitojun			 * copy data connection.
e5db40b6Sitojun			 * no special treatment necessary.
e5db40b6Sitojun			 */
ecf55737Sitojun			if (pfd[3].revents & POLLIN)
e5db40b6Sitojun				error = ftp_copy(port6, port4);
e5db40b6Sitojun			switch (error) {
e5db40b6Sitojun			case -1:
e5db40b6Sitojun				goto bad;
e5db40b6Sitojun			case 0:
10dfada8Schristos				if (port4 >= 0) {
2579358aSchristos					(void)close(port4);
10dfada8Schristos					port4 = -1;
10dfada8Schristos				}
10dfada8Schristos				if (port6 >= 0) {
2579358aSchristos					(void)close(port6);
10dfada8Schristos					port6 = -1;
10dfada8Schristos				}
e5db40b6Sitojun				syslog(LOG_INFO, "terminating data connection");
e5db40b6Sitojun				break;
e5db40b6Sitojun			default:
e5db40b6Sitojun				break;
e5db40b6Sitojun			}
e5db40b6Sitojun		}
e5db40b6Sitojun#if 0
ecf55737Sitojun		if (wport4 && (pfd[4].revents & POLLIN))
ecf55737Sitojun		{
e5db40b6Sitojun			/*
e5db40b6Sitojun			 * establish active data connection from the server.
e5db40b6Sitojun			 */
e5db40b6Sitojun			ftp_activeconn();
e5db40b6Sitojun		}
ecf55737Sitojun		if (wport4 && (pfd[5].revents & POLLIN))
ecf55737Sitojun		{
e5db40b6Sitojun			/*
e5db40b6Sitojun			 * establish passive data connection from the client.
e5db40b6Sitojun			 */
e5db40b6Sitojun			ftp_passiveconn();
e5db40b6Sitojun		}
e5db40b6Sitojun#endif
e5db40b6Sitojun	}
e5db40b6Sitojun
e5db40b6Sitojun bad:
bc0d6cddSitojun	exit_failure("%s", strerror(errno));
e5db40b6Sitojun}
e5db40b6Sitojun
e5db40b6Sitojunstatic int
e5db40b6Sitojunftp_activeconn()
e5db40b6Sitojun{
52c469ffSitojun	socklen_t n;
e5db40b6Sitojun	int error;
ecf55737Sitojun	struct pollfd pfd[1];
9e8f1055Sitojun	struct sockaddr *sa;
e5db40b6Sitojun
e5db40b6Sitojun	/* get active connection from server */
ecf55737Sitojun	pfd[0].fd = wport4;
ecf55737Sitojun	pfd[0].events = POLLIN;
e5db40b6Sitojun	n = sizeof(data4);
2579358aSchristos	if (poll(pfd, (unsigned int)(sizeof(pfd) / sizeof(pfd[0])),
2579358aSchristos	    120000) == 0 ||
2579358aSchristos	    (port4 = accept(wport4, (void *)&data4, &n)) < 0)
ecf55737Sitojun	{
4c1a6c87Schristos		(void)close(wport4);
e5db40b6Sitojun		wport4 = -1;
e5db40b6Sitojun		syslog(LOG_INFO, "active mode data connection failed");
e5db40b6Sitojun		return -1;
e5db40b6Sitojun	}
e5db40b6Sitojun
e5db40b6Sitojun	/* ask active connection to client */
2579358aSchristos	sa = (void *)&data6;
9e8f1055Sitojun	port6 = socket(sa->sa_family, SOCK_STREAM, 0);
e5db40b6Sitojun	if (port6 == -1) {
4c1a6c87Schristos		(void)close(port4);
4c1a6c87Schristos		(void)close(wport4);
e5db40b6Sitojun		port4 = wport4 = -1;
e5db40b6Sitojun		syslog(LOG_INFO, "active mode data connection failed");
e5db40b6Sitojun		return -1;
e5db40b6Sitojun	}
2579358aSchristos	error = connect(port6, sa, (socklen_t)sa->sa_len);
3f183427Sitojun	if (error < 0) {
4c1a6c87Schristos		(void)close(port6);
4c1a6c87Schristos		(void)close(port4);
4c1a6c87Schristos		(void)close(wport4);
e5db40b6Sitojun		port6 = port4 = wport4 = -1;
e5db40b6Sitojun		syslog(LOG_INFO, "active mode data connection failed");
e5db40b6Sitojun		return -1;
e5db40b6Sitojun	}
e5db40b6Sitojun
e5db40b6Sitojun	syslog(LOG_INFO, "active mode data connection established");
e5db40b6Sitojun	return 0;
e5db40b6Sitojun}
e5db40b6Sitojun
e5db40b6Sitojunstatic int
e5db40b6Sitojunftp_passiveconn()
e5db40b6Sitojun{
52c469ffSitojun	socklen_t len;
e5db40b6Sitojun	int error;
ecf55737Sitojun	struct pollfd pfd[1];
9e8f1055Sitojun	struct sockaddr *sa;
e5db40b6Sitojun
e5db40b6Sitojun	/* get passive connection from client */
ecf55737Sitojun	pfd[0].fd = wport6;
ecf55737Sitojun	pfd[0].events = POLLIN;
52c469ffSitojun	len = sizeof(data6);
2579358aSchristos	if (poll(pfd, (unsigned int)(sizeof(pfd) / sizeof(pfd[0])),
2579358aSchristos	    120000) == 0 ||
2579358aSchristos	    (port6 = accept(wport6, (void *)&data6, &len)) < 0)
ecf55737Sitojun	{
4c1a6c87Schristos		(void)close(wport6);
e5db40b6Sitojun		wport6 = -1;
e5db40b6Sitojun		syslog(LOG_INFO, "passive mode data connection failed");
e5db40b6Sitojun		return -1;
e5db40b6Sitojun	}
e5db40b6Sitojun
e5db40b6Sitojun	/* ask passive connection to server */
2579358aSchristos	sa = (void *)&data4;
9e8f1055Sitojun	port4 = socket(sa->sa_family, SOCK_STREAM, 0);
e5db40b6Sitojun	if (port4 == -1) {
4c1a6c87Schristos		(void)close(wport6);
4c1a6c87Schristos		(void)close(port6);
e5db40b6Sitojun		wport6 = port6 = -1;
e5db40b6Sitojun		syslog(LOG_INFO, "passive mode data connection failed");
e5db40b6Sitojun		return -1;
e5db40b6Sitojun	}
2579358aSchristos	error = connect(port4, sa, (socklen_t)sa->sa_len);
3f183427Sitojun	if (error < 0) {
4c1a6c87Schristos		(void)close(wport6);
4c1a6c87Schristos		(void)close(port4);
4c1a6c87Schristos		(void)close(port6);
e5db40b6Sitojun		wport6 = port4 = port6 = -1;
e5db40b6Sitojun		syslog(LOG_INFO, "passive mode data connection failed");
e5db40b6Sitojun		return -1;
e5db40b6Sitojun	}
e5db40b6Sitojun
e5db40b6Sitojun	syslog(LOG_INFO, "passive mode data connection established");
e5db40b6Sitojun	return 0;
e5db40b6Sitojun}
e5db40b6Sitojun
2579358aSchristosstatic ssize_t
e5db40b6Sitojunftp_copy(int src, int dst)
e5db40b6Sitojun{
2579358aSchristos	int error, atmark;
2579358aSchristos	ssize_t n;
e5db40b6Sitojun
e5db40b6Sitojun	/* OOB data handling */
e5db40b6Sitojun	error = ioctl(src, SIOCATMARK, &atmark);
e5db40b6Sitojun	if (error != -1 && atmark == 1) {
e5db40b6Sitojun		n = read(src, rbuf, 1);
e5db40b6Sitojun		if (n == -1)
e5db40b6Sitojun			goto bad;
2579358aSchristos		(void)send(dst, rbuf, (size_t)n, MSG_OOB);
e5db40b6Sitojun#if 0
e5db40b6Sitojun		n = read(src, rbuf, sizeof(rbuf));
e5db40b6Sitojun		if (n == -1)
e5db40b6Sitojun			goto bad;
2579358aSchristos		(void)write(dst, rbuf, (size_t)n);
e5db40b6Sitojun		return n;
e5db40b6Sitojun#endif
e5db40b6Sitojun	}
e5db40b6Sitojun
e5db40b6Sitojun	n = read(src, rbuf, sizeof(rbuf));
e5db40b6Sitojun	switch (n) {
e5db40b6Sitojun	case -1:
e5db40b6Sitojun	case 0:
e5db40b6Sitojun		return n;
e5db40b6Sitojun	default:
2579358aSchristos		(void)write(dst, rbuf, (size_t)n);
e5db40b6Sitojun		return n;
e5db40b6Sitojun	}
e5db40b6Sitojun
e5db40b6Sitojun bad:
bc0d6cddSitojun	exit_failure("%s", strerror(errno));
e5db40b6Sitojun	/*NOTREACHED*/
e5db40b6Sitojun	return 0;	/* to make gcc happy */
e5db40b6Sitojun}
e5db40b6Sitojun
2579358aSchristosstatic ssize_t
e5db40b6Sitojunftp_copyresult(int src, int dst, enum state state)
e5db40b6Sitojun{
2579358aSchristos	int error, atmark;
2579358aSchristos	ssize_t n;
52c469ffSitojun	socklen_t len;
e5db40b6Sitojun	char *param;
e5db40b6Sitojun	int code;
bc0d6cddSitojun	char *a, *p;
bc0d6cddSitojun	int i;
e5db40b6Sitojun
e5db40b6Sitojun	/* OOB data handling */
e5db40b6Sitojun	error = ioctl(src, SIOCATMARK, &atmark);
e5db40b6Sitojun	if (error != -1 && atmark == 1) {
e5db40b6Sitojun		n = read(src, rbuf, 1);
e5db40b6Sitojun		if (n == -1)
e5db40b6Sitojun			goto bad;
2579358aSchristos		(void)send(dst, rbuf, (size_t)n, MSG_OOB);
e5db40b6Sitojun#if 0
e5db40b6Sitojun		n = read(src, rbuf, sizeof(rbuf));
e5db40b6Sitojun		if (n == -1)
e5db40b6Sitojun			goto bad;
2579358aSchristos		(void)write(dst, rbuf, (size_t)n);
e5db40b6Sitojun		return n;
e5db40b6Sitojun#endif
e5db40b6Sitojun	}
e5db40b6Sitojun
e5db40b6Sitojun	n = read(src, rbuf, sizeof(rbuf));
e5db40b6Sitojun	if (n <= 0)
e5db40b6Sitojun		return n;
e5db40b6Sitojun	rbuf[n] = '\0';
e5db40b6Sitojun
e5db40b6Sitojun	/*
e5db40b6Sitojun	 * parse argument
e5db40b6Sitojun	 */
e5db40b6Sitojun	p = rbuf;
e5db40b6Sitojun	for (i = 0; i < 3; i++) {
cfe7f80fSdsl		if (!isdigit((unsigned char)*p)) {
e5db40b6Sitojun			/* invalid reply */
2579358aSchristos			(void)write(dst, rbuf, (size_t)n);
e5db40b6Sitojun			return n;
e5db40b6Sitojun		}
e5db40b6Sitojun		p++;
e5db40b6Sitojun	}
cfe7f80fSdsl	if (!isspace((unsigned char)*p)) {
e5db40b6Sitojun		/* invalid reply */
2579358aSchristos		(void)write(dst, rbuf, (size_t)n);
e5db40b6Sitojun		return n;
e5db40b6Sitojun	}
e5db40b6Sitojun	code = atoi(rbuf);
e5db40b6Sitojun	param = p;
e5db40b6Sitojun	/* param points to first non-command token, if any */
cfe7f80fSdsl	while (*param && isspace((unsigned char)*param))
e5db40b6Sitojun		param++;
e5db40b6Sitojun	if (!*param)
e5db40b6Sitojun		param = NULL;
e5db40b6Sitojun
e5db40b6Sitojun	switch (state) {
e5db40b6Sitojun	case NONE:
e5db40b6Sitojun		if (!passivemode && rbuf[0] == '1') {
e5db40b6Sitojun			if (ftp_activeconn() < 0) {
2d9ec4daSitojun				n = snprintf(rbuf, sizeof(rbuf),
*749ce5c9Sandvar				    "425 Cannot open data connection\r\n");
6bc6e73bSlukem				if (n < 0 || n >= (int)sizeof(rbuf))
bc0d6cddSitojun					n = 0;
e5db40b6Sitojun			}
e5db40b6Sitojun		}
bc0d6cddSitojun		if (n)
2579358aSchristos			(void)write(dst, rbuf, (size_t)n);
e5db40b6Sitojun		return n;
e5db40b6Sitojun	case LPRT:
e5db40b6Sitojun	case EPRT:
e5db40b6Sitojun		/* expecting "200 PORT command successful." */
e5db40b6Sitojun		if (code == 200) {
e5db40b6Sitojun			p = strstr(rbuf, "PORT");
e5db40b6Sitojun			if (p) {
e5db40b6Sitojun				p[0] = (state == LPRT) ? 'L' : 'E';
e5db40b6Sitojun				p[1] = 'P';
e5db40b6Sitojun			}
e5db40b6Sitojun		} else {
4c1a6c87Schristos			(void)close(wport4);
e5db40b6Sitojun			wport4 = -1;
e5db40b6Sitojun		}
2579358aSchristos		(void)write(dst, rbuf, (size_t)n);
e5db40b6Sitojun		return n;
e5db40b6Sitojun	case LPSV:
e5db40b6Sitojun	case EPSV:
a5d0cbc5Sitojun		/*
a5d0cbc5Sitojun		 * expecting "227 Entering Passive Mode (x,x,x,x,x,x,x)"
a5d0cbc5Sitojun		 * (in some cases result comes without paren)
a5d0cbc5Sitojun		 */
e5db40b6Sitojun		if (code != 227) {
e5db40b6Sitojunpassivefail0:
4c1a6c87Schristos			(void)close(wport6);
e5db40b6Sitojun			wport6 = -1;
2579358aSchristos			(void)write(dst, rbuf, (size_t)n);
e5db40b6Sitojun			return n;
e5db40b6Sitojun		}
e5db40b6Sitojun
e5db40b6Sitojun	    {
e5db40b6Sitojun		unsigned int ho[4], po[2];
e5db40b6Sitojun		struct sockaddr_in *sin;
e5db40b6Sitojun		struct sockaddr_in6 *sin6;
e5db40b6Sitojun		u_short port;
e5db40b6Sitojun
e5db40b6Sitojun		/*
e5db40b6Sitojun		 * PASV result -> LPSV/EPSV result
e5db40b6Sitojun		 */
e5db40b6Sitojun		p = param;
cfe7f80fSdsl		while (*p && *p != '(' && !isdigit((unsigned char)*p))	/*)*/
e5db40b6Sitojun			p++;
e5db40b6Sitojun		if (!*p)
e5db40b6Sitojun			goto passivefail0;	/*XXX*/
a5d0cbc5Sitojun		if (*p == '(')	/*)*/
e5db40b6Sitojun			p++;
e5db40b6Sitojun		n = sscanf(p, "%u,%u,%u,%u,%u,%u",
e5db40b6Sitojun			&ho[0], &ho[1], &ho[2], &ho[3], &po[0], &po[1]);
e5db40b6Sitojun		if (n != 6)
e5db40b6Sitojun			goto passivefail0;	/*XXX*/
e5db40b6Sitojun
e5db40b6Sitojun		/* keep PORT parameter */
e5db40b6Sitojun		memset(&data4, 0, sizeof(data4));
2579358aSchristos		sin = (void *)&data4;
e5db40b6Sitojun		sin->sin_len = sizeof(*sin);
e5db40b6Sitojun		sin->sin_family = AF_INET;
e5db40b6Sitojun		sin->sin_addr.s_addr = 0;
e5db40b6Sitojun		for (n = 0; n < 4; n++) {
2579358aSchristos			sin->sin_addr.s_addr |= htonl(((uint32_t)(ho[n] & 0xff)
2579358aSchristos			    << (int)((3 - n) * 8)));
e5db40b6Sitojun		}
e5db40b6Sitojun		sin->sin_port = htons(((po[0] & 0xff) << 8) | (po[1] & 0xff));
e5db40b6Sitojun
e5db40b6Sitojun		/* get ready for passive data connection */
e5db40b6Sitojun		memset(&data6, 0, sizeof(data6));
2579358aSchristos		sin6 = (void *)&data6;
e5db40b6Sitojun		sin6->sin6_len = sizeof(*sin6);
e5db40b6Sitojun		sin6->sin6_family = AF_INET6;
e5db40b6Sitojun		wport6 = socket(sin6->sin6_family, SOCK_STREAM, 0);
e5db40b6Sitojun		if (wport6 == -1) {
e5db40b6Sitojunpassivefail:
2579358aSchristos			return dprintf(src,
e5db40b6Sitojun			    "500 could not translate from PASV\r\n");
e5db40b6Sitojun		}
e5db40b6Sitojun#ifdef IPV6_FAITH
e5db40b6Sitojun	    {
e5db40b6Sitojun		int on = 1;
e5db40b6Sitojun		error = setsockopt(wport6, IPPROTO_IPV6, IPV6_FAITH,
2579358aSchristos			&on, (socklen_t)sizeof(on));
e5db40b6Sitojun		if (error == -1)
bc0d6cddSitojun			exit_failure("setsockopt(IPV6_FAITH): %s", strerror(errno));
e5db40b6Sitojun	    }
e5db40b6Sitojun#endif
2579358aSchristos		error = bind(wport6, (void *)sin6, (socklen_t)sin6->sin6_len);
e5db40b6Sitojun		if (error == -1) {
4c1a6c87Schristos			(void)close(wport6);
e5db40b6Sitojun			wport6 = -1;
e5db40b6Sitojun			goto passivefail;
e5db40b6Sitojun		}
e5db40b6Sitojun		error = listen(wport6, 1);
e5db40b6Sitojun		if (error == -1) {
4c1a6c87Schristos			(void)close(wport6);
e5db40b6Sitojun			wport6 = -1;
e5db40b6Sitojun			goto passivefail;
e5db40b6Sitojun		}
e5db40b6Sitojun
e5db40b6Sitojun		/* transmit LPSV or EPSV */
e5db40b6Sitojun		/*
e5db40b6Sitojun		 * addr from dst, port from wport6
e5db40b6Sitojun		 */
52c469ffSitojun		len = sizeof(data6);
2579358aSchristos		error = getsockname(wport6, (void *)&data6, &len);
e5db40b6Sitojun		if (error == -1) {
4c1a6c87Schristos			(void)close(wport6);
e5db40b6Sitojun			wport6 = -1;
e5db40b6Sitojun			goto passivefail;
e5db40b6Sitojun		}
2579358aSchristos		sin6 = (void *)&data6;
e5db40b6Sitojun		port = sin6->sin6_port;
e5db40b6Sitojun
52c469ffSitojun		len = sizeof(data6);
2579358aSchristos		error = getsockname(dst, (void *)&data6, &len);
e5db40b6Sitojun		if (error == -1) {
4c1a6c87Schristos			(void)close(wport6);
e5db40b6Sitojun			wport6 = -1;
e5db40b6Sitojun			goto passivefail;
e5db40b6Sitojun		}
2579358aSchristos		sin6 = (void *)&data6;
e5db40b6Sitojun		sin6->sin6_port = port;
e5db40b6Sitojun
e5db40b6Sitojun		if (state == LPSV) {
2579358aSchristos			a = (void *)&sin6->sin6_addr;
2579358aSchristos			p = (void *)&sin6->sin6_port;
2579358aSchristos			passivemode = 1;
2579358aSchristos			return dprintf(dst,
2579358aSchristos			    "228 Entering Long Passive Mode (%d,%d,%d,%d,%d,%d,"
2579358aSchristos			    "%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d)\r\n",
e5db40b6Sitojun			    6, 16, UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]),
e5db40b6Sitojun			    UC(a[4]), UC(a[5]), UC(a[6]), UC(a[7]),
e5db40b6Sitojun			    UC(a[8]), UC(a[9]), UC(a[10]), UC(a[11]),
e5db40b6Sitojun			    UC(a[12]), UC(a[13]), UC(a[14]), UC(a[15]),
e5db40b6Sitojun			    2, UC(p[0]), UC(p[1]));
e5db40b6Sitojun		} else {
2579358aSchristos			passivemode = 1;
2579358aSchristos			return dprintf(dst,
e5db40b6Sitojun			    "229 Entering Extended Passive Mode (|||%d|)\r\n",
e5db40b6Sitojun			    ntohs(sin6->sin6_port));
e5db40b6Sitojun		}
e5db40b6Sitojun	    }
e5db40b6Sitojun	}
e5db40b6Sitojun
e5db40b6Sitojun bad:
bc0d6cddSitojun	exit_failure("%s", strerror(errno));
e5db40b6Sitojun	/*NOTREACHED*/
e5db40b6Sitojun	return 0;	/* to make gcc happy */
e5db40b6Sitojun}
e5db40b6Sitojun
2579358aSchristosstatic ssize_t
e5db40b6Sitojunftp_copycommand(int src, int dst, enum state *state)
e5db40b6Sitojun{
2579358aSchristos	int error, atmark;
2579358aSchristos	ssize_t n;
52c469ffSitojun	socklen_t len;
e5db40b6Sitojun	unsigned int af, hal, ho[16], pal, po[2];
bc0d6cddSitojun	char *a, *p, *q;
e5db40b6Sitojun	char cmd[5], *param;
e5db40b6Sitojun	struct sockaddr_in *sin;
e5db40b6Sitojun	struct sockaddr_in6 *sin6;
e5db40b6Sitojun	enum state nstate;
e5db40b6Sitojun	char ch;
bc0d6cddSitojun	int i;
e5db40b6Sitojun
e5db40b6Sitojun	/* OOB data handling */
e5db40b6Sitojun	error = ioctl(src, SIOCATMARK, &atmark);
e5db40b6Sitojun	if (error != -1 && atmark == 1) {
e5db40b6Sitojun		n = read(src, rbuf, 1);
e5db40b6Sitojun		if (n == -1)
e5db40b6Sitojun			goto bad;
2579358aSchristos		(void)send(dst, rbuf, (size_t)n, MSG_OOB);
e5db40b6Sitojun#if 0
e5db40b6Sitojun		n = read(src, rbuf, sizeof(rbuf));
e5db40b6Sitojun		if (n == -1)
e5db40b6Sitojun			goto bad;
2579358aSchristos		(void)write(dst, rbuf, (size_t)n);
e5db40b6Sitojun		return n;
e5db40b6Sitojun#endif
e5db40b6Sitojun	}
e5db40b6Sitojun
e5db40b6Sitojun	n = read(src, rbuf, sizeof(rbuf));
e5db40b6Sitojun	if (n <= 0)
e5db40b6Sitojun		return n;
e5db40b6Sitojun	rbuf[n] = '\0';
e5db40b6Sitojun
e5db40b6Sitojun	if (n < 4) {
2579358aSchristos		(void)write(dst, rbuf, (size_t)n);
e5db40b6Sitojun		return n;
e5db40b6Sitojun	}
e5db40b6Sitojun
e5db40b6Sitojun	/*
e5db40b6Sitojun	 * parse argument
e5db40b6Sitojun	 */
e5db40b6Sitojun	p = rbuf;
e5db40b6Sitojun	q = cmd;
e5db40b6Sitojun	for (i = 0; i < 4; i++) {
cfe7f80fSdsl		if (!isalpha((unsigned char)*p)) {
e5db40b6Sitojun			/* invalid command */
2579358aSchristos			(void)write(dst, rbuf, (size_t)n);
e5db40b6Sitojun			return n;
e5db40b6Sitojun		}
cfe7f80fSdsl		*q++ = islower((unsigned char)*p) ? toupper((unsigned char)*p) : *p;
e5db40b6Sitojun		p++;
e5db40b6Sitojun	}
cfe7f80fSdsl	if (!isspace((unsigned char)*p)) {
e5db40b6Sitojun		/* invalid command */
2579358aSchristos		(void)write(dst, rbuf, (size_t)n);
e5db40b6Sitojun		return n;
e5db40b6Sitojun	}
e5db40b6Sitojun	*q = '\0';
e5db40b6Sitojun	param = p;
e5db40b6Sitojun	/* param points to first non-command token, if any */
cfe7f80fSdsl	while (*param && isspace((unsigned char)*param))
e5db40b6Sitojun		param++;
e5db40b6Sitojun	if (!*param)
e5db40b6Sitojun		param = NULL;
e5db40b6Sitojun
e5db40b6Sitojun	*state = NONE;
e5db40b6Sitojun
e5db40b6Sitojun	if (strcmp(cmd, "LPRT") == 0 && param) {
e5db40b6Sitojun		/*
e5db40b6Sitojun		 * LPRT -> PORT
e5db40b6Sitojun		 */
e5db40b6Sitojun		nstate = LPRT;
e5db40b6Sitojun
4c1a6c87Schristos		(void)close(wport4);
4c1a6c87Schristos		(void)close(wport6);
4c1a6c87Schristos		(void)close(port4);
4c1a6c87Schristos		(void)close(port6);
e5db40b6Sitojun		wport4 = wport6 = port4 = port6 = -1;
e5db40b6Sitojun
e5db40b6Sitojun		if (epsvall) {
2579358aSchristos			return dprintf(src, "501 %s disallowed in EPSV ALL\r\n",
e5db40b6Sitojun			    cmd);
e5db40b6Sitojun		}
e5db40b6Sitojun
e5db40b6Sitojun		n = sscanf(param,
2579358aSchristos		    "%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,"
2579358aSchristos		    "%u,%u,%u", &af, &hal, &ho[0], &ho[1], &ho[2], &ho[3],
e5db40b6Sitojun		    &ho[4], &ho[5], &ho[6], &ho[7],
e5db40b6Sitojun		    &ho[8], &ho[9], &ho[10], &ho[11],
e5db40b6Sitojun		    &ho[12], &ho[13], &ho[14], &ho[15],
e5db40b6Sitojun		    &pal, &po[0], &po[1]);
e5db40b6Sitojun		if (n != 21 || af != 6 || hal != 16|| pal != 2) {
2579358aSchristos			return dprintf(src,
e5db40b6Sitojun			    "501 illegal parameter to LPRT\r\n");
e5db40b6Sitojun		}
e5db40b6Sitojun
e5db40b6Sitojun		/* keep LPRT parameter */
e5db40b6Sitojun		memset(&data6, 0, sizeof(data6));
2579358aSchristos		sin6 = (void *)&data6;
e5db40b6Sitojun		sin6->sin6_len = sizeof(*sin6);
e5db40b6Sitojun		sin6->sin6_family = AF_INET6;
e5db40b6Sitojun		for (n = 0; n < 16; n++)
9e8f1055Sitojun			sin6->sin6_addr.s6_addr[n] = ho[n];
e5db40b6Sitojun		sin6->sin6_port = htons(((po[0] & 0xff) << 8) | (po[1] & 0xff));
e5db40b6Sitojun
e5db40b6Sitojunsendport:
e5db40b6Sitojun		/* get ready for active data connection */
52c469ffSitojun		len = sizeof(data4);
2579358aSchristos		error = getsockname(dst, (void *)&data4, &len);
e5db40b6Sitojun		if (error == -1) {
e5db40b6Sitojunlprtfail:
2579358aSchristos			return dprintf(src,
e5db40b6Sitojun			    "500 could not translate to PORT\r\n");
e5db40b6Sitojun		}
2579358aSchristos		if (((struct sockaddr *)(void *)&data4)->sa_family != AF_INET)
e5db40b6Sitojun			goto lprtfail;
2579358aSchristos		sin = (void *)&data4;
e5db40b6Sitojun		sin->sin_port = 0;
e5db40b6Sitojun		wport4 = socket(sin->sin_family, SOCK_STREAM, 0);
e5db40b6Sitojun		if (wport4 == -1)
e5db40b6Sitojun			goto lprtfail;
2579358aSchristos		error = bind(wport4, (void *)sin, (socklen_t)sin->sin_len);
e5db40b6Sitojun		if (error == -1) {
4c1a6c87Schristos			(void)close(wport4);
e5db40b6Sitojun			wport4 = -1;
e5db40b6Sitojun			goto lprtfail;
e5db40b6Sitojun		}
e5db40b6Sitojun		error = listen(wport4, 1);
e5db40b6Sitojun		if (error == -1) {
4c1a6c87Schristos			(void)close(wport4);
e5db40b6Sitojun			wport4 = -1;
e5db40b6Sitojun			goto lprtfail;
e5db40b6Sitojun		}
e5db40b6Sitojun
e5db40b6Sitojun		/* transmit PORT */
52c469ffSitojun		len = sizeof(data4);
2579358aSchristos		error = getsockname(wport4, (void *)&data4, &len);
e5db40b6Sitojun		if (error == -1) {
4c1a6c87Schristos			(void)close(wport4);
e5db40b6Sitojun			wport4 = -1;
e5db40b6Sitojun			goto lprtfail;
e5db40b6Sitojun		}
2579358aSchristos		if (((struct sockaddr *)(void *)&data4)->sa_family != AF_INET) {
4c1a6c87Schristos			(void)close(wport4);
e5db40b6Sitojun			wport4 = -1;
e5db40b6Sitojun			goto lprtfail;
e5db40b6Sitojun		}
2579358aSchristos		sin = (void *)&data4;
2579358aSchristos		a = (void *)&sin->sin_addr;
2579358aSchristos		p = (void *)&sin->sin_port;
e5db40b6Sitojun		*state = nstate;
e5db40b6Sitojun		passivemode = 0;
2579358aSchristos		return dprintf(dst, "PORT %d,%d,%d,%d,%d,%d\r\n",
2579358aSchristos		    UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1]));
e5db40b6Sitojun	} else if (strcmp(cmd, "EPRT") == 0 && param) {
e5db40b6Sitojun		/*
e5db40b6Sitojun		 * EPRT -> PORT
e5db40b6Sitojun		 */
e5db40b6Sitojun		char *afp, *hostp, *portp;
e5db40b6Sitojun		struct addrinfo hints, *res;
e5db40b6Sitojun
e5db40b6Sitojun		nstate = EPRT;
e5db40b6Sitojun
4c1a6c87Schristos		(void)close(wport4);
4c1a6c87Schristos		(void)close(wport6);
4c1a6c87Schristos		(void)close(port4);
4c1a6c87Schristos		(void)close(port6);
e5db40b6Sitojun		wport4 = wport6 = port4 = port6 = -1;
e5db40b6Sitojun
e5db40b6Sitojun		if (epsvall) {
2579358aSchristos			return dprintf(src, "501 %s disallowed in EPSV ALL\r\n",
e5db40b6Sitojun			    cmd);
e5db40b6Sitojun		}
e5db40b6Sitojun
e5db40b6Sitojun		p = param;
e5db40b6Sitojun		ch = *p++;	/* boundary character */
e5db40b6Sitojun		afp = p;
e5db40b6Sitojun		while (*p && *p != ch)
e5db40b6Sitojun			p++;
e5db40b6Sitojun		if (!*p) {
e5db40b6Sitojuneprtparamfail:
2579358aSchristos			return dprintf(src,
e5db40b6Sitojun			    "501 illegal parameter to EPRT\r\n");
e5db40b6Sitojun		}
e5db40b6Sitojun		*p++ = '\0';
e5db40b6Sitojun		hostp = p;
e5db40b6Sitojun		while (*p && *p != ch)
e5db40b6Sitojun			p++;
e5db40b6Sitojun		if (!*p)
e5db40b6Sitojun			goto eprtparamfail;
e5db40b6Sitojun		*p++ = '\0';
e5db40b6Sitojun		portp = p;
e5db40b6Sitojun		while (*p && *p != ch)
e5db40b6Sitojun			p++;
e5db40b6Sitojun		if (!*p)
e5db40b6Sitojun			goto eprtparamfail;
e5db40b6Sitojun		*p++ = '\0';
e5db40b6Sitojun
e5db40b6Sitojun		n = sscanf(afp, "%d", &af);
e5db40b6Sitojun		if (n != 1 || af != 2) {
2579358aSchristos			return dprintf(src,
e5db40b6Sitojun			    "501 unsupported address family to EPRT\r\n");
e5db40b6Sitojun		}
e5db40b6Sitojun		memset(&hints, 0, sizeof(hints));
e5db40b6Sitojun		hints.ai_family = AF_UNSPEC;
a5d0cbc5Sitojun		hints.ai_socktype = SOCK_STREAM;
ecf55737Sitojun		hints.ai_protocol = IPPROTO_TCP;
e5db40b6Sitojun		error = getaddrinfo(hostp, portp, &hints, &res);
e5db40b6Sitojun		if (error) {
2579358aSchristos			return dprintf(src,
e5db40b6Sitojun			    "501 EPRT: %s\r\n", gai_strerror(error));
e5db40b6Sitojun		}
e5db40b6Sitojun		if (res->ai_next) {
522016beSitojun			freeaddrinfo(res);
2579358aSchristos			return dprintf(src,
2579358aSchristos			    "501 EPRT: %s resolved to multiple addresses\r\n",
2579358aSchristos			    hostp);
e5db40b6Sitojun		}
e5db40b6Sitojun
e5db40b6Sitojun		memcpy(&data6, res->ai_addr, res->ai_addrlen);
e5db40b6Sitojun
522016beSitojun		freeaddrinfo(res);
e5db40b6Sitojun		goto sendport;
e5db40b6Sitojun	} else if (strcmp(cmd, "LPSV") == 0 && !param) {
e5db40b6Sitojun		/*
e5db40b6Sitojun		 * LPSV -> PASV
e5db40b6Sitojun		 */
e5db40b6Sitojun		nstate = LPSV;
e5db40b6Sitojun
4c1a6c87Schristos		(void)close(wport4);
4c1a6c87Schristos		(void)close(wport6);
4c1a6c87Schristos		(void)close(port4);
4c1a6c87Schristos		(void)close(port6);
e5db40b6Sitojun		wport4 = wport6 = port4 = port6 = -1;
e5db40b6Sitojun
e5db40b6Sitojun		if (epsvall) {
2579358aSchristos			return dprintf(src, "501 %s disallowed in EPSV ALL\r\n",
e5db40b6Sitojun			    cmd);
e5db40b6Sitojun		}
e5db40b6Sitojun
e5db40b6Sitojun		*state = LPSV;
e5db40b6Sitojun		passivemode = 0;	/* to be set to 1 later */
2579358aSchristos		/* transmit PASV */
2579358aSchristos		return dprintf(dst, "PASV\r\n");
e5db40b6Sitojun	} else if (strcmp(cmd, "EPSV") == 0 && !param) {
e5db40b6Sitojun		/*
e5db40b6Sitojun		 * EPSV -> PASV
e5db40b6Sitojun		 */
4c1a6c87Schristos		(void)close(wport4);
4c1a6c87Schristos		(void)close(wport6);
4c1a6c87Schristos		(void)close(port4);
4c1a6c87Schristos		(void)close(port6);
e5db40b6Sitojun		wport4 = wport6 = port4 = port6 = -1;
e5db40b6Sitojun
e5db40b6Sitojun		*state = EPSV;
e5db40b6Sitojun		passivemode = 0;	/* to be set to 1 later */
2579358aSchristos		return dprintf(dst, "PASV\r\n");
2579358aSchristos	} else if (strcmp(cmd, "EPSV") == 0 && param &&
2579358aSchristos	    strncasecmp(param, "ALL", 3) == 0 &&
2579358aSchristos	    isspace((unsigned char)param[3])) {
e5db40b6Sitojun		/*
e5db40b6Sitojun		 * EPSV ALL
e5db40b6Sitojun		 */
e5db40b6Sitojun		epsvall = 1;
2579358aSchristos		return dprintf(src, "200 EPSV ALL command successful.\r\n");
e5db40b6Sitojun	} else if (strcmp(cmd, "PORT") == 0 || strcmp(cmd, "PASV") == 0) {
e5db40b6Sitojun		/*
e5db40b6Sitojun		 * reject PORT/PASV
e5db40b6Sitojun		 */
2579358aSchristos		return dprintf(src, "502 %s not implemented.\r\n", cmd);
e5db40b6Sitojun	} else if (passivemode
e5db40b6Sitojun		&& (strcmp(cmd, "STOR") == 0
e5db40b6Sitojun		 || strcmp(cmd, "STOU") == 0
e5db40b6Sitojun		 || strcmp(cmd, "RETR") == 0
e5db40b6Sitojun		 || strcmp(cmd, "LIST") == 0
e5db40b6Sitojun		 || strcmp(cmd, "NLST") == 0
e5db40b6Sitojun		 || strcmp(cmd, "APPE") == 0)) {
e5db40b6Sitojun		/*
e5db40b6Sitojun		 * commands with data transfer.  need to care about passive
e5db40b6Sitojun		 * mode data connection.
e5db40b6Sitojun		 */
e5db40b6Sitojun
2579358aSchristos		*state = NONE;
e5db40b6Sitojun		if (ftp_passiveconn() < 0) {
2579358aSchristos			return dprintf(src,
*749ce5c9Sandvar			    "425 Cannot open data connection\r\n");
e5db40b6Sitojun		} else {
e5db40b6Sitojun			/* simply relay the command */
2579358aSchristos			return write(dst, rbuf, (size_t)n);
e5db40b6Sitojun		}
e5db40b6Sitojun	} else {
e5db40b6Sitojun		/* simply relay it */
e5db40b6Sitojun		*state = NONE;
2579358aSchristos		return write(dst, rbuf, (size_t)n);
e5db40b6Sitojun	}
e5db40b6Sitojun
e5db40b6Sitojun bad:
bc0d6cddSitojun	exit_failure("%s", strerror(errno));
e5db40b6Sitojun	/*NOTREACHED*/
e5db40b6Sitojun	return 0;	/* to make gcc happy */
e5db40b6Sitojun}