Attachment #19624 for bug #41676

View | Details | Raw Unified | Return to bug 41676
Collapse All | Expand All




 */
#define USE_MDTM

/* The state machine states.*/
enum ftp_states {
    ftp_connect = 0,    /* Init socket connection (wait for welcome)*/
    ftp_send_user,
    ftp_send_pass,
    ftp_choose_action,
    ftp_check_type,
    ftp_check_trans_mode,
    ftp_check_transfer,
    ftp_connect_data_port,
    ftp_send_retr,
    ftp_send_stor,
    ftp_send_list,
    ftp_start_response,
    ftp_transfer_stream,
    ftp_finish_response,
    ftp_cleanup,
    ftp_error
};

typedef struct {
    char *ip;
    int port;
    apr_socket_t *sock;
    apr_socket_t *local_sock;
} data_conn;
 

/* The local data is kept different from the normal ftp_conn_data
 * for the future where we will be able to reuse the connection to
 * an ftp server. The data here is relevant for a single request
 * while the data in ftp_conn_data is relevant for a full connection
 * period.(may span multiple requests).*/
typedef struct {
    proxy_server_conf *conf;
    apr_sockaddr_t *data_addr;
    data_conn data;
    int rc;
#if defined(USE_MDTM) && (defined(HAVE_TIMEGM) || defined(HAVE_GMTOFF))
    apr_time_t mtime;
#endif

} ftp_local_data;

/* modes of data connection (EPORT is not implemented right now) */
enum ftp_connection_modes {
    EPSV = 0,
    PASV,
    PORT,
    EPORT
};

/*The possible actions that the user can specify Currently STOR is not
 * implemented but is meant for the immediate future. We should perhaps
 * look at allowing arbitrary actions either in a header or in the url*/
enum ftp_action {
    LISTING = 0,
    RETR,
    STOR
};

typedef struct {
    enum ftp_connection_modes mode;
    char xfer_type;
    enum ftp_states state;
    proxy_conn_rec *p_conn;
    const char* user;
    const char* password;
    char* msg;
    char* size;
    char* path;
    char* url;
    apr_uri_t *uri;
    enum ftp_action action;
    ftp_local_data cur;             /* The data that change in each request*/ 
} ftp_conn_data;


module AP_MODULE_DECLARE_DATA proxy_ftp_module;

const char *proxy_function = "FTP";
/*
 * Decodes a '%' escaped string, and returns the number of characters
 */

    return rc;
}

/* Set ftp server to TYPE {A,I,E} before transfer of a directory or file */
static int ftp_set_TYPE(char xfer_type, request_rec *r, conn_rec *ftp_ctrl,
                  apr_bucket_brigade *bb, char **pmessage)
{
    char old_type[2] = { 'A', '\0' }; /* After logon, mode is ASCII */
    int ret = HTTP_OK;
    int rc;

    /* set desired type */
    old_type[0] = xfer_type;

    rc = proxy_ftp_command(apr_pstrcat(r->pool, "TYPE ", old_type, CRLF, NULL),
                           r, ftp_ctrl, bb, pmessage);
/* responses: 200, 421, 500, 501, 504, 530 */
    /* 200 Command okay. */
    /* 421 Service not available, closing control connection. */
    /* 500 Syntax error, command unrecognized. */
    /* 501 Syntax error in parameters or arguments. */
    /* 504 Command not implemented for that parameter. */
    /* 530 Not logged in. */
    if (rc == -1 || rc == 421) {
        ret = ap_proxyerror(r, HTTP_BAD_GATEWAY,
                             "Error reading from remote server");
    }
    else if (rc != 200 && rc != 504) {
        ret = ap_proxyerror(r, HTTP_BAD_GATEWAY,
                             "Unable to set transfer type");
    }
/* Allow not implemented */
    else if (rc == 504)
        /* ignore it silently */;

    return ret;
}


/* Return the current directory which we have selected on the FTP server, or NULL */
static char *ftp_get_PWD(request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    char *cwd = NULL;
    char *ftpmessage = NULL;

    /* responses: 257, 500, 501, 502, 421, 550 */
    /* 257 "<directory-name>" <commentary> */
    /* 421 Service not available, closing control connection. */
    /* 500 Syntax error, command unrecognized. */
    /* 501 Syntax error in parameters or arguments. */
    /* 502 Command not implemented. */
    /* 550 Requested action not taken. */
    switch (proxy_ftp_command("PWD" CRLF, r, ftp_ctrl, bb, &ftpmessage)) {
        case -1:
        case 421:
        case 550:
            ap_proxyerror(r, HTTP_BAD_GATEWAY,
                             "Failed to read PWD on ftp server");
            break;

        case 257: {
            const char *dirp = ftpmessage;
            cwd = ap_getword_conf(r->pool, &dirp);
        }
    }
    return cwd;
}


/* Common routine for failed authorization (i.e., missing or wrong password)
 * to an ftp service. This causes most browsers to retry the request
 * with username and password (which was presumably queried from the user)

     */
    if (log_it)
        ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
                "proxy: missing or failed auth to %s",
                apr_uri_unparse(r->pool,
                    &r->parsed_uri, APR_URI_UNP_OMITPATHINFO));

    apr_table_setn(r->err_headers_out, "WWW-Authenticate",
            apr_pstrcat(r->pool, "Basic realm=\"",
                apr_uri_unparse(r->pool, &r->parsed_uri,
                    APR_URI_UNP_OMITPASSWORD | APR_URI_UNP_OMITPATHINFO),
                "\"", NULL));

    return HTTP_UNAUTHORIZED;
}

static
int proxyerror(request_rec *r, proxy_conn_rec *conn, int statuscode, const char *message)
{
    conn->close = 1;
    backend->close = 1;
    ap_set_module_config(r->connection->conn_config, &proxy_ftp_module, NULL);
    ap_proxy_release_connection(proxy_function, conn, r->server);

    return ap_proxyerror(r, statuscode, message);
}

static
void parse_ftp_auth(ftp_conn_data *ftp_data, request_rec *r)
{
    /*    char *account = NULL; how to supply an account in a URL? */
    return ap_proxyerror(r, statuscode, message);
}
/*
 * Handles direct access of ftp:// URLs
 * Original (Non-PASV) version from
 * Troy Morrison <spiffnet@zoom.com>
 * PASV added by Chuck
 * Filters by [Graham Leggett <minfrin@sharp.fm>]
 */
static int proxy_ftp_handler(request_rec *r, proxy_worker *worker,
                             proxy_server_conf *conf, char *url,
                             const char *proxyhost, apr_port_t proxyport)
{
    apr_pool_t *p = r->pool;
    conn_rec *c = r->connection;
    proxy_conn_rec *backend;
    apr_socket_t *sock, *local_sock, *data_sock = NULL;
    apr_sockaddr_t *connect_addr = NULL;
    apr_status_t rv;
    conn_rec *origin, *data = NULL;
    apr_status_t err = APR_SUCCESS;
    apr_status_t uerr = APR_SUCCESS;
    apr_bucket_brigade *bb = apr_brigade_create(p, c->bucket_alloc);
    char *buf, *connectname;
    apr_port_t connectport;
    char buffer[MAX_STRING_LEN];
    char *ftpmessage = NULL;
    char *path, *strp, *type_suffix, *cwd = NULL;
    apr_uri_t uri;
    char *user = NULL;
/*    char *account = NULL; how to supply an account in a URL? */
    const char *password = NULL;
    
    /*
     * The "Authorization:" header must be checked first. We allow the user
     * to "override" the URL-coded user [ & password ] in the Browsers'
     * User&Password Dialog. NOTE that this is only marginally more secure
     * than having the password travel in plain as part of the URL, because
     * Basic Auth simply uuencodes the plain text password. But chances are
     * still smaller that the URL is logged regularly.
     */
    if ((password = apr_table_get(r->headers_in, "Authorization")) != NULL
            && strcasecmp(ap_getword(r->pool, &password, ' '), "Basic") == 0
            && (password = ap_pbase64decode(r->pool, password))[0] != ':') {
        /*
         * Note that this allocation has to be made from p_conn->pool
         * because it has the lifetime of the connection.  The other
         * allocations are temporary and can be tossed away any time.
         */
        user = ap_getword_nulls(ftp_data->p_conn->pool, &password, ':');
        r->ap_auth_type = "Basic";
        r->user = r->parsed_uri.user = user;
    }
    else if ((user = r->parsed_uri.user) != NULL) {
        user = apr_pstrdup(ftp_data->p_conn->pool, user);
        decodeenc(user);
        if ((password = r->parsed_uri.password) != NULL) {
            char *tmp = apr_pstrdup(ftp_data->p_conn->pool, password);
            decodeenc(tmp);
            password = tmp;
        }
    }
    else {
        user = "anonymous";
        password = "apache-proxy@";
    }
    ftp_data->user = user;
    ftp_data->password = password;
}

static
void ftp_debug(request_rec *r, char* fn, char* msg)
{
    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
            "proxy:<FTP: [%s] %s", fn, msg);
}

static
void set_ftp_error(ftp_conn_data* ftp_data, int rc, char* msg)
{
    ftp_data->cur.rc = rc;
    ftp_data->msg = msg;
    ftp_data->state = ftp_error;
}

static
int on_init(ftp_conn_data *ftp_data, request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    char *path = 0;
    char xfer_type = 'A'; /* after ftp login, the default is ASCII */
    int  dirlisting = 0;
    apr_pool_t *p = r->pool;
    char *type_suffix = 0;

    path = ftp_data->uri->path;
    if (r->method_number != M_GET)
        return HTTP_NOT_IMPLEMENTED;

    /* We break the URL into host, port, path-search */
    if (r->parsed_uri.hostname == NULL) {
        if (APR_SUCCESS != apr_uri_parse(p, url, &uri)) {
            return ap_proxyerror(r, HTTP_BAD_REQUEST,
                apr_psprintf(p, "URI cannot be parsed: %s", url));
        }
        connectname = uri.hostname;
        connectport = uri.port;
        path = apr_pstrdup(p, uri.path);
    }
    else {
        connectname = r->parsed_uri.hostname;
        connectport = r->parsed_uri.port;
        path = apr_pstrdup(p, r->parsed_uri.path);
    }
    if (connectport == 0) {
        connectport = apr_uri_port_of_scheme("ftp");
    }
    path = (path != NULL && path[0] != '\0') ? &path[1] : "";
    ftp_data->path = apr_pstrdup(p, path);

    type_suffix = strchr(path, ';');
    if (type_suffix != NULL)
        *(type_suffix++) = '\0';

    if (type_suffix != NULL && strncmp(type_suffix, "type=", 5) == 0
            && apr_isalpha(type_suffix[5])) {
        /* "type=d" forces a dir listing.
         * The other types (i|a|e) are directly used for the ftp TYPE command
         */

        /* Check valid types, rather than ignoring invalid types silently: */
        if (strchr("AEI", xfer_type) == NULL)
            return ap_proxyerror(r, HTTP_BAD_REQUEST, apr_pstrcat(r->pool,
                        "ftp proxy supports only types 'a', 'i', or 'e': \"",
                        type_suffix, "\" is invalid.", NULL));
    }
    else {
        /* make binary transfers the default */
        xfer_type = 'I';
    }
    ftp_data->xfer_type = xfer_type;
    return OK;
}

/* Possible results:
 * 120 Service ready in nnn minutes.
 * 220 server.com FTP server (Version vvv) ready.
 * 421 Service not available, closing control connection.
 * */
static
int on_connect(ftp_conn_data *ftp_data, request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    char *msg = NULL;
    int rc = proxy_ftp_command(0, r, ftp_ctrl, bb, &msg);
    ftp_debug(r, "on_connect", msg);
    switch (rc / 100) {
        case 1:
            /*
             * RFC2616 states: 14.37 Retry-After
             *
             * The Retry-After response-header field can be used with a 503 (Service
             * Unavailable) response to indicate how long the service is expected
             * to be unavailable to the requesting client. [...] The value of
             * this field can be either an HTTP-date or an integer number of
             * seconds (in decimal) after the time of the response. Retry-After
             * = "Retry-After" ":" ( HTTP-date | delta-seconds )
             */
            {
                char *secs_str = msg;
                time_t secs;

                /* Look for a number, preceded by whitespace */ 
                while (*secs_str)
                    if ((secs_str==msg || apr_isspace(secs_str[-1])) &&
                            apr_isdigit(secs_str[0]))
                        break;
                if (*secs_str != '\0') {
                    secs = atol(secs_str);
                    apr_table_add(r->headers_out, "Retry-After",
                            apr_psprintf(r->connection->pool, "%lu", (unsigned long)(60 * secs)));
                }
            }
            set_ftp_error(ftp_data, rc, msg);
            return HTTP_SERVICE_UNAVAILABLE;

        case 2:
            ftp_data->state = ftp_send_user;
            return OK;

        default:
            set_ftp_error(ftp_data, rc, msg);
            return HTTP_BAD_GATEWAY;
    }
}
        user = apr_pstrdup(p, user);
        decodeenc(user);
        if ((password = r->parsed_uri.password) != NULL) {
            char *tmp = apr_pstrdup(p, password);
            decodeenc(tmp);
            password = tmp;
        }
    }
    else {
        user = "anonymous";
        password = "apache-proxy@";
    }

/* possible results; 230, 331, 332, 421, 500, 501, 530
 * states: 1 - error, 2 - success; 3 - send password, 4,5 fail
 * 230 User logged in, proceed.
 * 331 User name okay, need password.
 * 332 Need account for login.
 * 421 Service not available, closing control connection.
 * 500 Syntax error, command unrecognized.
 * (This may include errors such as command line too long.)
 * 501 Syntax error in parameters or arguments.
 * 530 Not logged in. 
 **/
static
int send_user(ftp_conn_data *ftp_data, request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    int rc;
    char *msg = NULL;

    parse_ftp_auth(ftp_data, r);
    rc = proxy_ftp_command(apr_pstrcat(r->connection->pool, "USER ", ftp_data->user, CRLF, NULL),
            r, ftp_ctrl, bb, &msg);
    ftp_debug(r, "user", msg);
    switch (rc / 100) {
        case 2:
            apr_table_set(r->notes, "Directory-README", msg);
            ftp_data->state = ftp_choose_action;
            return OK;
        case 3:
            ftp_data->state = ftp_send_pass;
            return OK;
        case 5:
            if (rc  == 530 ) {
                ftp_unauthorized(r, 1);  /* log it: user name guessing attempt?*/
                return HTTP_UNAUTHORIZED;
            }
        default:
            set_ftp_error(ftp_data, rc, msg);
            return HTTP_BAD_GATEWAY;
    }
}
        address_pool = r->pool;

/* possible results 202, 230, 332, 421, 500, 501, 503, 530
 * 230 User logged in, proceed.
 * 332 Need account for login.
 * 421 Service not available, closing control connection.
 * 500 Syntax error, command unrecognized.
 * 501 Syntax error in parameters or arguments.
 * 503 Bad sequence of commands.
 * 530 Not logged in. */
static
int send_pass(ftp_conn_data *ftp_data, request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    int rc;
    char *msg = NULL;
    /*
     * get all the possible IP addresses for the destname and loop through
     * them until we get a successful connection
     */
    if (APR_SUCCESS != err) {
        return ap_proxyerror(r, HTTP_BAD_GATEWAY, apr_pstrcat(p,
                                                 "DNS lookup failure for: ",
                                                        connectname, NULL));
    }

    rc = proxy_ftp_command(apr_pstrcat(r->connection->pool, "PASS ", ftp_data->password, CRLF, NULL),
            r, ftp_ctrl, bb, &msg);
    ftp_debug(r, "pass", msg);
    switch (rc / 100) {
        case 2:
            apr_table_set(r->notes, "Directory-README", msg);
            ftp_data->state = ftp_choose_action;
            return OK;
        case 3:
            apr_pstrcat(r->connection->pool, "Need account for login: ", msg, NULL);
            return HTTP_UNAUTHORIZED;
        case 5:
            if (rc == 530) {
                ftp_unauthorized(r, 1);  /* log it: user name guessing attempt?*/
                return HTTP_UNAUTHORIZED;
            }
        default:
            set_ftp_error(ftp_data, rc, msg);
            return HTTP_BAD_GATEWAY;
        backend->addr = connect_addr;
        ap_set_module_config(c->conn_config, &proxy_ftp_module, backend);
    }
}

/* possible results: 250, 421, 500, 501, 502, 530, 550
 * 250 Requested file action okay, completed.
 * 421 Service not available, closing control connection.
 * 500 Syntax error, command unrecognized.
 * 501 Syntax error in parameters or arguments.
 * 502 Command not implemented.
 * 530 Not logged in.
 * 550 Requested action not taken. */

/* (from FreeBSD ftpd):
 * SIZE is not in RFC959, but Postel has blessed it and
 * it will be in the updated RFC.
 *
 * Return size of file in a format suitable for
 * using with RESTART (we just count bytes).
 */
/* from draft-ietf-ftpext-mlst-14.txt:
 * This value will
 * change depending on the current STRUcture, MODE and TYPE of the data
 * connection, or a data connection which would be created were one
 * created now.  Thus, the result of the SIZE command is dependent on
 * the currently established STRU, MODE and TYPE parameters.
 */

static
int send_size(ftp_conn_data *ftp_data, request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    int rc;
    char *msg = NULL;

    rc = proxy_ftp_command(apr_pstrcat(r->connection->pool, "SIZE ", ftp_data->path, CRLF, NULL),
            r, ftp_ctrl, bb, &msg);
    ftp_debug(r, "size", msg);
    switch (rc / 100) {
        case 2:
            {
                int j;
                for (j = 0; apr_isdigit(msg[j]); j++);
                msg[j] = '\0';
                if (msg[0] != '\0')
                    ftp_data->size = msg;
            }
            ftp_data->action = RETR;
            ftp_data->state = ftp_check_type;
            return OK;
        case 5:
            if (rc == 550) {
                ftp_data->action = LISTING;
                return OK;
            }
        default:
            set_ftp_error(ftp_data, rc, msg);
            return HTTP_BAD_GATEWAY;
    }
}

/* responses: 250, 421, 500, 501, 502, 530, 550
 * 250 Requested file action okay, completed.
 * 421 Service not available, closing control connection.
 * 500 Syntax error, command unrecognized.
 * 501 Syntax error in parameters or arguments.
 * 502 Command not implemented.
 * 530 Not logged in.
 * 550 Requested action not taken. */
static
int send_cwd(ftp_conn_data *ftp_data, request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    int rc;
    char *msg = NULL;

    rc = proxy_ftp_command(apr_pstrcat(r->connection->pool, "CWD ", ftp_data->path, CRLF, NULL),
            r, ftp_ctrl, bb, &msg);
    ftp_debug(r, "cwd", msg);
    switch (rc / 100) {
        case 2:
            ftp_data->state = ftp_check_type;
            ftp_data->action = LISTING;
            return OK;
        case 5:
            if (rc == 550) {
                ftp_data->action = RETR;
                return OK;
            }
        default:
            set_ftp_error(ftp_data, rc, msg);
            return HTTP_BAD_GATEWAY;
    }
}

static
int choose_action(ftp_conn_data *ftp_data, request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    char* path = ftp_data->path;
    enum ftp_action action = LISTING; /* May be*/
    int fail = 1;
    int len = 0;
    int rc = 0;
    /* Special handling for leading "%2f": this enforces a "cwd /"
     * out of the $HOME directory which was the starting point after login
     */
    if (strncasecmp(path, "%2f", 3) == 0) {
        path += 2;
        path[0] = '/';
    }

    decodeenc(path); /* Note! This decodes a %2f -> "/" */
                 "proxy: FTP: control connection complete");

    /* NOTE: FTP servers do globbing on the path.
     * So we need to escape the URI metacharacters.
     * We use a special glob-escaping routine to escape globbing chars.
     * We could also have extended gen_test_char.c with a special T_ESCAPE_FTP_PATH
     * Log into the ftp server, send the username & password, change to the
     * correct directory...
     */
    path = ftp_escape_globbingchars(r->connection->pool, path);
    ftp_data->path = path;
    ftp_data->state = ftp_check_type;

    if (r-> method_number == M_PUT) {
        ftp_data->action = STOR;
        set_ftp_error(ftp_data, rc, "Not implemented");
        return HTTP_BAD_REQUEST; /* Not implemented*/
    }


    len = strlen(ftp_data->path);
    
    /* If len == 0 then it must be a directory (you can't RETR nothing)*/
    if (!len) {
        ftp_data->action = LISTING;
        return OK;
    }
    if (rc == 120) {
        /*
         * RFC2616 states: 14.37 Retry-After
         *
         * The Retry-After response-header field can be used with a 503 (Service
         * Unavailable) response to indicate how long the service is expected
         * to be unavailable to the requesting client. [...] The value of
         * this field can be either an HTTP-date or an integer number of
         * seconds (in decimal) after the time of the response. Retry-After
         * = "Retry-After" ":" ( HTTP-date | delta-seconds )
         */
        char *secs_str = ftpmessage;
        time_t secs;

    /* Do we look like a file?*/
    if (path[len - 1] != '/')
        action = RETR; /*May be.*/
    else {
        /* No files with an '/' end possible*/
        ftp_data->action = LISTING;
        return send_cwd(ftp_data, r, ftp_ctrl, bb);
            apr_table_add(r->headers_out, "Retry-After",
                          apr_psprintf(p, "%lu", (unsigned long)(60 * secs)));
        }
        return ftp_proxyerror(r, backend, HTTP_SERVICE_UNAVAILABLE, ftpmessage);
    }

     /* Also, don't allow to RETR by wildcard. Instead, create a dirlisting */
    if (ftp_check_globbingchars(ftp_data->path)) {
        ftp_data->action = LISTING;
        return send_cwd(ftp_data, r, ftp_ctrl, bb);
    }


    /* verify our previous guesses */
    switch (action) {
        case LISTING:
            return send_cwd(ftp_data, r, ftp_ctrl, bb);
        case RETR:
            return send_size(ftp_data, r, ftp_ctrl, bb);
        default:
            set_ftp_error(ftp_data, rc, "Not implemented");
            return HTTP_BAD_REQUEST; /* Not implemented*/
    /* 501 Syntax error in parameters or arguments. */
    /* 530 Not logged in. */
    if (rc == -1 || rc == 421) {
        return ftp_proxyerror(r, backend, HTTP_BAD_GATEWAY, "Error reading from remote server");
    }
}

#if defined(USE_MDTM) && (defined(HAVE_TIMEGM) || defined(HAVE_GMTOFF))
/* from draft-ietf-ftpext-mlst-14.txt:
 *   The FTP command, MODIFICATION TIME (MDTM), can be used to determine
 *   when a file in the server NVFS was last modified.     <..>
 *   The syntax of a time value is:
 *           time-val       = 14DIGIT [ "." 1*DIGIT ]      <..>
 *     Symbolically, a time-val may be viewed as
 *           YYYYMMDDHHMMSS.sss
 *     The "." and subsequent digits ("sss") are optional. <..>
 *     Time values are always represented in UTC (GMT)
 */
static
int send_mdtm(ftp_conn_data *ftp_data, request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    int rc;
    char *msg = NULL;
    apr_time_t mtime = 0L;
    rc = proxy_ftp_command(apr_pstrcat(r->connection->pool, "MDTM ", ftp_data->path, CRLF, NULL),
            r, ftp_ctrl, bb, &msg);
    ftp_debug(r, "mdtm", msg);
    /* then extract the Last-Modified time from it (YYYYMMDDhhmmss or YYYYMMDDhhmmss.xxx GMT). */
    switch (rc / 100) {
        case 2:
            struct {
                char YYYY[4+1];
                char MM[2+1];
                char DD[2+1];
                char hh[2+1];
                char mm[2+1];
                char ss[2+1];
            } time_val;
            if (6 == sscanf(ftpmessage, "%4[0-9]%2[0-9]%2[0-9]%2[0-9]%2[0-9]%2[0-9]",
                        time_val.YYYY, time_val.MM, time_val.DD, time_val.hh, time_val.mm, time_val.ss)) {
                struct tm tms;
                memset (&tms, '\0', sizeof tms);
                tms.tm_year = atoi(time_val.YYYY) - 1900;
                tms.tm_mon  = atoi(time_val.MM)   - 1;
                tms.tm_mday = atoi(time_val.DD);
                tms.tm_hour = atoi(time_val.hh);
                tms.tm_min  = atoi(time_val.mm);
                tms.tm_sec  = atoi(time_val.ss);
#ifdef HAVE_TIMEGM /* Does system have timegm()? */
                mtime = timegm(&tms);
                mtime *= APR_USEC_PER_SEC;
#elif HAVE_GMTOFF /* does struct tm have a member tm_gmtoff? */
                /* mktime will subtract the local timezone, which is not what we want.
                 * Add it again because the MDTM string is GMT
                 */
                mtime = mktime(&tms);
                mtime += tms.tm_gmtoff;
                mtime *= APR_USEC_PER_SEC;
#else
                mtime = 0L;
#endif
            }
        default:
            mtime = 0L;
    }
    ftp_data->cur.mtime = mtime;
    return OK;
} 
#endif



/* responses: 221, 500
 * 221 Service closing control connection.
 * 500 Syntax error, command unrecognized. */
static
int send_quit(ftp_conn_data *ftp_data, request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    int rc;
    char *msg = NULL;

    rc = proxy_ftp_command("QUIT" CRLF,
            r, ftp_ctrl, bb, &msg);
    ftp_debug(r, "quit", msg);
    switch (rc / 100) {
        default:
            ftp_data->msg = msg;
            return rc;
    }
}

static
int send_stor(ftp_conn_data *ftp_data, request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    int rc;
    char *msg = NULL;

    rc = proxy_ftp_command(apr_pstrcat(r->connection->pool, "STOR ", ftp_data->path, CRLF, NULL),
            r, ftp_ctrl, bb, &msg);
    ftp_debug(r, "stor", msg);
    switch (rc / 100) {
        case 1:
            ftp_data->state = ftp_start_response;
            return OK;
        default:
            set_ftp_error(ftp_data, rc, msg);
            return HTTP_BAD_GATEWAY;
        if (rc == -1 || rc == 421) {
            return ftp_proxyerror(r, backend, HTTP_BAD_GATEWAY,
                                  "Error reading from remote server");
        }
        if (rc == 332) {
            return ftp_proxyerror(r, backend, HTTP_UNAUTHORIZED,
                  apr_pstrcat(p, "Need account for login: ", ftpmessage, NULL));
        }
        /* @@@ questionable -- we might as well return a 403 Forbidden here */
        if (rc == 530) {
            proxy_ftp_cleanup(r, backend);
            return ftp_unauthorized(r, 1);      /* log it: passwd guessing
                                                 * attempt? */
        }
        if (rc != 230 && rc != 202) {
            return ftp_proxyerror(r, backend, HTTP_BAD_GATEWAY, ftpmessage);
        }
    }
}
/* intermediate response for the LIST or RETR commands

 * RETR: 110, 125, 150, 226, 250, 421, 425, 426, 450, 451, 500, 501, 530,
 * 550 NLST: 125, 150, 226, 250, 421, 425, 426, 450, 451, 500, 501, 502,
 * 530

 * 110 Restart marker reply.
 * 125 Data connection already open; transfer starting.
 * 150 File status okay; about to open data connection.
 * 226 Closing data connection.
 * 250 Requested file action okay, completed.
 * 421 Service not available, closing control connection.
 * 425 Can't open data connection.
 * 426 Connection closed; transfer aborted.
 * 450 Requested file action not taken.
 * 451 Requested action aborted. Local error in processing.
 * 500 Syntax error, command unrecognized.
 * 501 Syntax error in parameters or arguments.
 * 530 Not logged in.
 * 550 Requested action not taken. */
static
int send_retr(ftp_conn_data *ftp_data, request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    int rc;
    char *msg = NULL;

    rc = proxy_ftp_command(apr_pstrcat(r->connection->pool, "RETR ", ftp_data->path, CRLF, NULL),
            r, ftp_ctrl, bb, &msg);
    ftp_debug(r, "retr", msg);
    switch (rc / 100) {
        case 1:
            ftp_data->state = ftp_start_response;
#if defined(USE_MDTM) && (defined(HAVE_TIMEGM) || defined(HAVE_GMTOFF))
            send_mdtm(ftp_data, r, ftp_ctrl, bb);
#endif
            return OK;
        default:
            set_ftp_error(ftp_data, rc, msg);
            return HTTP_BAD_GATEWAY;
    }
}

    /*
     * set the directory (walk directory component by component): this is
     * what we must do if we don't know the OS type of the remote machine
     */
    for (;;) {
        strp = strchr(path, '/');
        if (strp == NULL)
            break;
        *strp = '\0';

/* intermediate response for the LIST command 
 * 125 transfer starting, 
 * 150 opening data connection */
static
int send_list(ftp_conn_data *ftp_data, request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    int rc;
    char *msg = NULL;

    rc = proxy_ftp_command("LIST" CRLF,
            r, ftp_ctrl, bb, &msg);
    ftp_debug(r, "list", msg);
    switch (rc / 100) {
        case 1:
            ftp_data->state = ftp_start_response;
            return OK;
        default:
            set_ftp_error(ftp_data, rc, msg);
            return HTTP_BAD_GATEWAY;
    }
}

static
int send_type(ftp_conn_data *ftp_data, request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    int rc;
    char *msg = NULL;
    char xtype[2] = {'A', 0};
    xtype[0] = ftp_data->xfer_type;
                           r, origin, bb, &ftpmessage);
        *strp = '/';
        /* responses: 250, 421, 500, 501, 502, 530, 550 */
        /* 250 Requested file action okay, completed. */
        /* 421 Service not available, closing control connection. */
        /* 500 Syntax error, command unrecognized. */
        /* 501 Syntax error in parameters or arguments. */
        /* 502 Command not implemented. */
        /* 530 Not logged in. */
        /* 550 Requested action not taken. */
        if (rc == -1 || rc == 421) {
            return ftp_proxyerror(r, backend, HTTP_BAD_GATEWAY,
                                  "Error reading from remote server");
        }
        if (rc == 550) {
            return ftp_proxyerror(r, backend, HTTP_NOT_FOUND, ftpmessage);
        }
        if (rc != 250) {
            return ftp_proxyerror(r, backend, HTTP_BAD_GATEWAY, ftpmessage);
        }

    rc = proxy_ftp_command(apr_pstrcat(r->connection->pool, "TYPE ", xtype, CRLF, NULL),
            r, ftp_ctrl, bb, &msg);
    ftp_debug(r, "type", msg);
    switch (rc / 100) {
        case 2:
            ftp_data->state = ftp_check_trans_mode;
            return OK;
        default:
            set_ftp_error(ftp_data, rc, msg);
            return HTTP_BAD_GATEWAY;
    }
}

static
int check_type(ftp_conn_data *ftp_data, request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    /*There are no binary list retrivals. Force xfer_type to ASCII if it is a list*/
    if (ftp_data->action == LISTING)
        ftp_data->xfer_type = 'A';
    /* Check if the type in ftp_data is same as that of the cur,
     * if it is we do not have to send a type*/
    if (ftp_data->xfer_type ==  'A') {
        ftp_data->state = ftp_check_trans_mode;
        return OK;
    }

    return send_type(ftp_data, r, ftp_ctrl, bb);
}
        apr_sockaddr_t *data_addr;
        char *data_ip;
        apr_port_t data_port;

        /*
         * The EPSV command replaces PASV where both IPV4 and IPV6 is
         * supported. Only the port is returned, the IP address is always the
         * same as that on the control connection. Example: Entering Extended
         * Passive Mode (|||6446|)
         */
        rc = proxy_ftp_command("EPSV" CRLF,
                           r, origin, bb, &ftpmessage);
        /* possible results: 227, 421, 500, 501, 502, 530 */
        /* 227 Entering Passive Mode (h1,h2,h3,h4,p1,p2). */
        /* 421 Service not available, closing control connection. */
        /* 500 Syntax error, command unrecognized. */
        /* 501 Syntax error in parameters or arguments. */
        /* 502 Command not implemented. */
        /* 530 Not logged in. */
        if (rc == -1 || rc == 421) {
            return ftp_proxyerror(r, backend, HTTP_BAD_GATEWAY,
                                  "Error reading from remote server");
        }
        if (rc != 229 && rc != 500 && rc != 501 && rc != 502) {
            return ftp_proxyerror(r, backend, HTTP_BAD_GATEWAY, ftpmessage);
        }
        else if (rc == 229) {
            char *pstr;
            char *tok_cntx;

/*
 * The EPSV command replaces PASV where both IPV4 and IPV6 is
 * supported. Only the port is returned, the IP address is always the
 * same as that on the control connection. Example: Entering Extended
 * Passive Mode (|||6446|)
 *
 * possible results: 227, 421, 500, 501, 502, 530
 * 229 Entering Extended Passive Mode (port).
 * 421 Service not available, closing control connection.
 * 500 Syntax error, command unrecognized.
 * 501 Syntax error in parameters or arguments.
 * 502 Command not implemented.
 * 530 Not logged in. */

static
int send_epsv(ftp_conn_data *ftp_data, request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    int rc;
    char *msg = NULL;
    
    rc = proxy_ftp_command("EPSV" CRLF,
            r, ftp_ctrl, bb, &msg);
    ftp_debug(r, "epsv", msg);
    switch (rc / 100) {
        case 2:
            {
                char *pstr;
                char *tok_cntx;
                pstr = msg;
                pstr = apr_strtok(pstr, " ", &tok_cntx);    /* separate result code */
                if (pstr != NULL) {
                    if (*(pstr + strlen(pstr) + 1) == '=')
                        pstr += strlen(pstr) + 2;
                    else {
                        pstr = apr_strtok(NULL, "(", &tok_cntx);    /* separate address &
                                                                     * port params */
                        if (pstr != NULL)
                            pstr = apr_strtok(NULL, ")", &tok_cntx);
                    }
                    if (pstr != 0 && strlen(pstr) > 3 ) {
                        ftp_data->cur.data.port = atoi(pstr + 3);

                        apr_sockaddr_t *data_addr;
                        char *data_ip;
                        apr_socket_addr_get(&data_addr, APR_REMOTE, ftp_data->p_conn->sock);
                        apr_sockaddr_ip_get(&data_ip, data_addr);
                        ftp_data->cur.data.ip = data_ip;

                        ftp_data->mode = EPSV;
                        ftp_data->state = ftp_connect_data_port;
                        return OK;
                    }
                    return HTTP_INTERNAL_SERVER_ERROR;
                }
            }

            msg = "Invalid epassive response.";
                if (conf->recv_buffer_size > 0
                        && (rv = apr_socket_opt_set(data_sock, APR_SO_RCVBUF,
                                                    conf->recv_buffer_size))) {
                    ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
                                  "proxy: FTP: apr_socket_opt_set(SO_RCVBUF): Failed to set ProxyReceiveBufferSize, using default");
                }
#endif

        default:
            set_ftp_error(ftp_data, rc, msg);
            return HTTP_BAD_GATEWAY;
                apr_sockaddr_info_get(&epsv_addr, data_ip, connect_addr->family, data_port, 0, p);
                rv = apr_socket_connect(data_sock, epsv_addr);
                if (rv != APR_SUCCESS) {
                    ap_log_error(APLOG_MARK, APLOG_ERR, rv, r->server,
                                 "proxy: FTP: EPSV attempt to connect to %pI failed - Firewall/NAT?", epsv_addr);
                    return ftp_proxyerror(r, backend, HTTP_BAD_GATEWAY, apr_psprintf(r->pool,
                                                                           "EPSV attempt to connect to %pI failed - firewall/NAT?", epsv_addr));
                }
                else {
                    connect = 1;
                }
            }
            else {
                /* and try the regular way */
                apr_socket_close(data_sock);
            }
        }
    }
}

static
int send_pasv(ftp_conn_data *ftp_data, request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    int rc;
    char *msg = NULL;
    
    rc = proxy_ftp_command("PASV" CRLF,
            r, ftp_ctrl, bb, &msg);
    ftp_debug(r, "pasv", msg);
    switch (rc / 100) {
        case 2:
            {
                unsigned int h0, h1, h2, h3, p0, p1;
                char *pstr;
                char *tok_cntx;
        if (rc != 227 && rc != 502) {
            return ftp_proxyerror(r, backend, HTTP_BAD_GATEWAY, ftpmessage);
        }
        else if (rc == 227) {
            unsigned int h0, h1, h2, h3, p0, p1;
            char *pstr;
            char *tok_cntx;

                /*TODO: Check PASV against RFC1123 */

                pstr = msg;
                pstr = apr_strtok(pstr, " ", &tok_cntx);    /* separate result code */
                if (pstr != NULL) {
                    if (*(pstr + strlen(pstr) + 1) == '=') {
                        pstr += strlen(pstr) + 2;
                    }
                    else {
                        pstr = apr_strtok(NULL, "(", &tok_cntx);    /* separate address &
                                                                     * port params */
                        if (pstr != NULL)
                            pstr = apr_strtok(NULL, ")", &tok_cntx);
                    }

                    if (pstr != NULL && (sscanf(pstr, "%d,%d,%d,%d,%d,%d", &h3, &h2, &h1, &h0, &p1, &p0) == 6)) {
                        ftp_data->cur.data.port = (p1 << 8) + p0;
                        char* data_ip = apr_psprintf(r->connection->pool, "%d.%d.%d.%d", h3, h2, h1, h0);
                        ftp_data->cur.data.ip = data_ip;

                        ftp_data->mode = PASV;
                        ftp_data->state = ftp_connect_data_port;
                        return OK;
                    }
                }
                else {
                    pstr = apr_strtok(NULL, "(", &tok_cntx);    /* separate address &
                                                                 * port params */
                    if (pstr != NULL)
                        pstr = apr_strtok(NULL, ")", &tok_cntx);
                }
            }

            msg = "Invalid passive response.";

        default:
            set_ftp_error(ftp_data, rc, msg);
            return HTTP_BAD_GATEWAY;
    }
}

                apr_sockaddr_t *pasv_addr;
                apr_port_t pasvport = (p1 << 8) + p0;
                ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
                          "proxy: FTP: PASV contacting host %d.%d.%d.%d:%d",
                             h3, h2, h1, h0, pasvport);

static
int setup_local_port(ftp_conn_data *ftp_data, request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    int rv = 0;
    apr_sockaddr_t *local_addr;
    char *local_ip;
    apr_port_t local_port;
    apr_socket_t *local_sock, *sock;
    apr_sockaddr_t *connect_addr = ftp_data->p_conn->addr;

    if ((rv = apr_socket_create(&local_sock, connect_addr->family, SOCK_STREAM, 0, r->pool)) != APR_SUCCESS) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
                "proxy: FTP: error creating local socket");
        return HTTP_INTERNAL_SERVER_ERROR;
    }
    apr_socket_addr_get(&local_addr, APR_LOCAL, sock);
    local_port = local_addr->port;
    apr_sockaddr_ip_get(&local_ip, local_addr);

    if ((rv = apr_socket_opt_set(local_sock, APR_SO_REUSEADDR, 1))
            != APR_SUCCESS) {
#ifndef _OSD_POSIX              /* BS2000 has this option "always on" */
        ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
                "proxy: FTP: error setting reuseaddr option");
        return HTTP_INTERNAL_SERVER_ERROR;
#endif                          /* _OSD_POSIX */
                                                                           "PASV attempt to connect to %pI failed - firewall/NAT?", pasv_addr));
                }
                else {
                    connect = 1;
                }
            }
            else {
                /* and try the regular way */
                apr_socket_close(data_sock);
            }
        }
    }
/*bypass:*/

    apr_sockaddr_info_get(&local_addr, local_ip, APR_UNSPEC, local_port, 0, r->pool);
    if (!connect) {
        apr_sockaddr_t *local_addr;
        char *local_ip;
        apr_port_t local_port;
        unsigned int h0, h1, h2, h3, p0, p1;

    if ((rv = apr_socket_bind(local_sock, local_addr)) != APR_SUCCESS) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
                "proxy: FTP: error binding to ftp data socket %pI", local_addr);
        return HTTP_INTERNAL_SERVER_ERROR;
    }
        }
        apr_socket_addr_get(&local_addr, APR_LOCAL, sock);
        local_port = local_addr->port;
        apr_sockaddr_ip_get(&local_ip, local_addr);

    /* only need a short queue */
    if ((rv = apr_socket_listen(local_sock, 2)) != APR_SUCCESS) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
                "proxy: FTP: error listening to ftp data socket %pI", local_addr);
        return HTTP_INTERNAL_SERVER_ERROR;
    }
            return HTTP_INTERNAL_SERVER_ERROR;
#endif                          /* _OSD_POSIX */
        }

    ftp_data->cur.data.ip = local_ip;
    ftp_data->cur.data.port = local_port;
    ftp_data->cur.data.local_sock = local_sock;
    return 0;
}

/* possible results: 200, 421, 500, 501, 502, 530
 * 200 Command okay.
 * 421 Service not available, closing control connection.
 * 500 Syntax error, command unrecognized.
 * 501 Syntax error in parameters or arguments.
 * 502 Command not implemented.
 * 530 Not logged in. */
static
int send_port(ftp_conn_data *ftp_data, request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    unsigned int h0, h1, h2, h3, p0, p1;
    char* msg;

    int rc = setup_local_port(ftp_data, r, ftp_ctrl, bb);
    if (rc) {
        ftp_data->msg = "Unable to establish server connection.";
        return rc;
    }
    char* local_ip = ftp_data->cur.data.ip;
    int local_port = ftp_data->cur.data.port;
    if (local_ip && (sscanf(local_ip, "%d.%d.%d.%d", &h3, &h2, &h1, &h0) == 4)) {
        p1 = (local_port >> 8);
        p0 = (local_port & 0xFF);
    } else {
        /* IPV6 FIXME:
         * The EPRT command replaces PORT where both IPV4 and IPV6 is supported. The first
         * number (1,2) indicates the protocol type. Examples:
         *   EPRT |1|132.235.1.2|6275|
         *   EPRT |2|1080::8:800:200C:417A|5282|
         */
        ftp_data->msg = "Connect to IPV6 ftp server using EPRT not supported. Enable EPSV.";
        return HTTP_NOT_IMPLEMENTED;
    }

/* FIXME: Sent PORT here */

    rc = proxy_ftp_command(apr_psprintf(r->connection->pool, "PORT %d,%d,%d,%d,%d,%d" CRLF, h3, h2, h1, h0, p1, p0),
            r, ftp_ctrl, bb, &msg);
    switch ( rc / 100) {
        case 2:
            ftp_data->mode = PORT;
            ftp_data->state = ftp_check_transfer;
            return OK;

        default:
            set_ftp_error(ftp_data, rc, msg);
            return HTTP_BAD_GATEWAY;
    }
}
            /* 500 Syntax error, command unrecognized. */
            /* 501 Syntax error in parameters or arguments. */
            /* 502 Command not implemented. */
            /* 530 Not logged in. */
            if (rc == -1 || rc == 421) {
                return ftp_proxyerror(r, backend, HTTP_BAD_GATEWAY,
                                      "Error reading from remote server");
            }
            if (rc != 200) {
                return ftp_proxyerror(r, backend, HTTP_BAD_GATEWAY, buffer);
            }

static
int check_trans_mode(ftp_conn_data *ftp_data, request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    int rc;
    switch (ftp_data->mode) {
        case EPSV:
            rc = send_epsv(ftp_data, r, ftp_ctrl, bb);
            if (rc == OK)
                break;
        case PASV:
            rc = send_pasv(ftp_data, r, ftp_ctrl, bb);
            if (rc == OK)
                break;
        case PORT:
            rc = send_port(ftp_data, r, ftp_ctrl, bb);
            if (rc == OK)
                break;
        default:
            return rc;
    }
    return OK; 
}


static
int connect_data_port(ftp_conn_data *ftp_data, request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    apr_socket_t *data_sock = NULL;
    apr_sockaddr_t *connect_addr = ftp_data->p_conn->addr;

    int data_port = ftp_data->cur.data.port;
    int rv;

    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
            "proxy: FTP: EPSV contacting remote host on port %d",
            data_port);

    if ((rv = apr_socket_create(&data_sock, connect_addr->family, SOCK_STREAM, 0, r->pool)) != APR_SUCCESS) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
                "proxy: FTP: error creating EPSV socket");
        return HTTP_INTERNAL_SERVER_ERROR;
    }

#if !defined (TPF) && !defined(BEOS)
    if (ftp_data->cur.conf->recv_buffer_size > 0
            && (rv = apr_socket_opt_set(data_sock, APR_SO_RCVBUF,
                    ftp_data->cur.conf->recv_buffer_size))) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
                "proxy: FTP: apr_socket_opt_set(SO_RCVBUF): Failed to set ProxyReceiveBufferSize, using default");
    }
#endif
    {
        /* make the connection */
        apr_sockaddr_t *d_addr;
        apr_sockaddr_info_get(&d_addr, ftp_data->cur.data.ip, connect_addr->family, data_port, 0, ftp_data->p_conn->pool);
        rv = apr_socket_connect(data_sock, d_addr);
        if (rv != APR_SUCCESS) {
            ftp_data->msg = apr_psprintf(r->pool,
                    "EPSV attempt to connect to %pI failed - firewall/NAT?", d_addr);
            ap_log_error(APLOG_MARK, APLOG_ERR, rv, r->server, ftp_data->msg);
            return HTTP_BAD_GATEWAY;
         * connection, or a data connection which would be created were one
         * created now.  Thus, the result of the SIZE command is dependent on
         * the currently established STRU, MODE and TYPE parameters.
         */
        /* Therefore: switch to binary if the user did not specify ";type=a" */
        ftp_set_TYPE(xfer_type, r, origin, bb, &ftpmessage);
        rc = proxy_ftp_command(apr_pstrcat(p, "SIZE ",
                           ftp_escape_globbingchars(p, path), CRLF, NULL),
                           r, origin, bb, &ftpmessage);
        if (rc == -1 || rc == 421) {
            return ftp_proxyerror(r, backend, HTTP_BAD_GATEWAY,
                                  "Error reading from remote server");
        }
        else if (rc == 213) {/* Size command ok */
            int j;
            for (j = 0; apr_isdigit(ftpmessage[j]); j++)
                ;
            ftpmessage[j] = '\0';
            if (ftpmessage[0] != '\0')
                 size = ftpmessage; /* already pstrdup'ed: no copy necessary */
        }
        else if (rc == 550) {    /* Not a regular file */
            ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
                             "proxy: FTP: SIZE shows this is a directory");
            dirlisting = 1;
            rc = proxy_ftp_command(apr_pstrcat(p, "CWD ",
                           ftp_escape_globbingchars(p, path), CRLF, NULL),
                           r, origin, bb, &ftpmessage);
            /* possible results: 250, 421, 500, 501, 502, 530, 550 */
            /* 250 Requested file action okay, completed. */
            /* 421 Service not available, closing control connection. */
            /* 500 Syntax error, command unrecognized. */
            /* 501 Syntax error in parameters or arguments. */
            /* 502 Command not implemented. */
            /* 530 Not logged in. */
            /* 550 Requested action not taken. */
            if (rc == -1 || rc == 421) {
                return ftp_proxyerror(r, backend, HTTP_BAD_GATEWAY,
                                      "Error reading from remote server");
            }
            if (rc == 550) {
                return ftp_proxyerror(r, backend, HTTP_NOT_FOUND, ftpmessage);
            }
            if (rc != 250) {
                return ftp_proxyerror(r, backend, HTTP_BAD_GATEWAY, ftpmessage);
            }
            path = "";
            len = 0;
        }
    }
    ftp_data->cur.data.sock = data_sock;
    ftp_data->state = ftp_check_transfer;
    return OK;
}

    cwd = ftp_get_PWD(r, origin, bb);
    if (cwd != NULL) {
        apr_table_set(r->notes, "Directory-PWD", cwd);
    }

    if (dirlisting) {
        ftp_set_TYPE('A', r, origin, bb, NULL);
        /* If the current directory contains no slash, we are talking to
         * a non-unix ftp system. Try LIST instead of "LIST -lag", it
         * should return a long listing anyway (unlike NLST).
         * Some exotic FTP servers might choke on the "-lag" switch.
         */
        /* Note that we do not escape the path here, to allow for
         * queries like: ftp://user@host/apache/src/server/http_*.c
         */
        if (len != 0)
            buf = apr_pstrcat(p, "LIST ", path, CRLF, NULL);
        else if (cwd == NULL || strchr(cwd, '/') != NULL)
            buf = apr_pstrcat(p, "LIST -lag", CRLF, NULL);
        else
            buf = "LIST" CRLF;
    }
    else {
        /* switch to binary if the user did not specify ";type=a" */
        ftp_set_TYPE(xfer_type, r, origin, bb, &ftpmessage);
#if defined(USE_MDTM) && (defined(HAVE_TIMEGM) || defined(HAVE_GMTOFF))
        /* from draft-ietf-ftpext-mlst-14.txt:
         *   The FTP command, MODIFICATION TIME (MDTM), can be used to determine
         *   when a file in the server NVFS was last modified.     <..>
         *   The syntax of a time value is:
         *           time-val       = 14DIGIT [ "." 1*DIGIT ]      <..>
         *     Symbolically, a time-val may be viewed as
         *           YYYYMMDDHHMMSS.sss
         *     The "." and subsequent digits ("sss") are optional. <..>
         *     Time values are always represented in UTC (GMT)
         */
        rc = proxy_ftp_command(apr_pstrcat(p, "MDTM ", ftp_escape_globbingchars(p, path), CRLF, NULL),
                               r, origin, bb, &ftpmessage);
        /* then extract the Last-Modified time from it (YYYYMMDDhhmmss or YYYYMMDDhhmmss.xxx GMT). */
        if (rc == 213) {
        struct {
            char YYYY[4+1];
        char MM[2+1];
        char DD[2+1];
        char hh[2+1];
        char mm[2+1];
        char ss[2+1];
        } time_val;
        if (6 == sscanf(ftpmessage, "%4[0-9]%2[0-9]%2[0-9]%2[0-9]%2[0-9]%2[0-9]",
            time_val.YYYY, time_val.MM, time_val.DD, time_val.hh, time_val.mm, time_val.ss)) {
                struct tm tms;
        memset (&tms, '\0', sizeof tms);
        tms.tm_year = atoi(time_val.YYYY) - 1900;
        tms.tm_mon  = atoi(time_val.MM)   - 1;
        tms.tm_mday = atoi(time_val.DD);
        tms.tm_hour = atoi(time_val.hh);
        tms.tm_min  = atoi(time_val.mm);
        tms.tm_sec  = atoi(time_val.ss);
#ifdef HAVE_TIMEGM /* Does system have timegm()? */
        mtime = timegm(&tms);
        mtime *= APR_USEC_PER_SEC;
#elif HAVE_GMTOFF /* does struct tm have a member tm_gmtoff? */
                /* mktime will subtract the local timezone, which is not what we want.
         * Add it again because the MDTM string is GMT
         */
        mtime = mktime(&tms);
        mtime += tms.tm_gmtoff;
        mtime *= APR_USEC_PER_SEC;
#else
        mtime = 0L;
#endif
            }
    }
#endif /* USE_MDTM */
/* FIXME: Handle range requests - send REST */
        buf = apr_pstrcat(p, "RETR ", ftp_escape_globbingchars(p, path), CRLF, NULL);
    }
    rc = proxy_ftp_command(buf, r, origin, bb, &ftpmessage);
    /* rc is an intermediate response for the LIST or RETR commands */

static
int check_transfer(ftp_conn_data *ftp_data, request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    switch (ftp_data->action) {
        case STOR:
            ftp_data->state = ftp_send_stor;
            break;
        case LISTING:
            ftp_data->state = ftp_send_list;
            break;
        default:
        case RETR:
            ftp_data->state = ftp_send_retr;
            break;
    /* 451 Requested action aborted. Local error in processing. */
    /* 500 Syntax error, command unrecognized. */
    /* 501 Syntax error in parameters or arguments. */
    /* 530 Not logged in. */
    /* 550 Requested action not taken. */
    if (rc == -1 || rc == 421) {
        return ftp_proxyerror(r, backend, HTTP_BAD_GATEWAY,
                              "Error reading from remote server");
    }
    return OK;
}
                     "proxy: FTP: RETR failed, trying LIST instead");

static
int start_response(ftp_conn_data *ftp_data, request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    char *msg = NULL;
    char dates[APR_RFC822_DATE_LEN];

#if defined(USE_MDTM) && (defined(HAVE_TIMEGM) || defined(HAVE_GMTOFF))
    apr_time_t mtime = ftp_data->mtime;
#endif
        /* possible results: 250, 421, 500, 501, 502, 530, 550 */
        /* 250 Requested file action okay, completed. */
        /* 421 Service not available, closing control connection. */
        /* 500 Syntax error, command unrecognized. */
        /* 501 Syntax error in parameters or arguments. */
        /* 502 Command not implemented. */
        /* 530 Not logged in. */
        /* 550 Requested action not taken. */
        if (rc == -1 || rc == 421) {
            return ftp_proxyerror(r, backend, HTTP_BAD_GATEWAY,
                                  "Error reading from remote server");
        }
        if (rc == 550) {
            return ftp_proxyerror(r, backend, HTTP_NOT_FOUND, ftpmessage);
        }
        if (rc != 250) {
            return ftp_proxyerror(r, backend, HTTP_BAD_GATEWAY, ftpmessage);
        }

        /* Update current directory after CWD */
        cwd = ftp_get_PWD(r, origin, bb);
        if (cwd != NULL) {
            apr_table_set(r->notes, "Directory-PWD", cwd);
        }

        /* See above for the "LIST" vs. "LIST -lag" discussion. */
        rc = proxy_ftp_command((cwd == NULL || strchr(cwd, '/') != NULL)
                               ? "LIST -lag" CRLF : "LIST" CRLF,
                               r, origin, bb, &ftpmessage);

        /* rc is an intermediate response for the LIST command (125 transfer starting, 150 opening data connection) */
        if (rc == -1 || rc == 421)
            return ftp_proxyerror(r, backend, HTTP_BAD_GATEWAY,
                                  "Error reading from remote server");
    }
    if (rc != 125 && rc != 150 && rc != 226 && rc != 250) {
        return ftp_proxyerror(r, backend, HTTP_BAD_GATEWAY, ftpmessage);
    }

    r->status = HTTP_OK;
    r->status_line = "200 OK";


    apr_table_setn(r->headers_out, "Server", ap_get_server_banner());

    /* set content-type */
    if (ftp_data->action == LISTING) {
        ap_set_content_type(r, "text/html");
    }
    else {
        if (r->content_type) {
            ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
                    "proxy: FTP: Content-Type set to %s", r->content_type);
        }
        else {
            ap_set_content_type(r, ap_default_type(r));
        }
        if (ftp_data->xfer_type != 'A' ) {
            apr_table_setn(r->headers_out, "Content-Length", ftp_data->size);
            apr_table_setn(r->headers_out, "Content-Length", size);
            ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
                    "proxy: FTP: Content-Length set to %s", ftp_data->size);
        }
    }
    apr_table_setn(r->headers_out, "Content-Type", r->content_type);
    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
            "proxy: FTP: Content-Type set to %s", r->content_type);

#if defined(USE_MDTM) && (defined(HAVE_TIMEGM) || defined(HAVE_GMTOFF))
    if (mtime != 0L) {

        apr_rfc822_date(datestr, mtime);
        apr_table_set(r->headers_out, "Last-Modified", datestr);
        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
                "proxy: FTP: Last-Modified set to %s", datestr);
    }
#endif /* USE_MDTM */


     * @@@ FIXME (e.g., for ftp://user@host/file*.tar.gz,
     * @@@        the encoding is currently set to x-gzip)
     */
    if ((ftp_data->action == LISTING) && r->content_encoding != NULL)
        r->content_encoding = NULL;

    /* set content-encoding (not for dir listings, they are uncompressed)*/
    if (r->content_encoding != NULL && r->content_encoding[0] != '\0') {
        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
                "proxy: FTP: Content-Encoding set to %s", r->content_encoding);
        apr_table_setn(r->headers_out, "Content-Encoding", r->content_encoding);
    }

    ftp_data->state = ftp_transfer_stream;
    return OK;
}

static
int transfer_stream(ftp_conn_data *ftp_data, request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    int rc;
    char *msg = NULL;

    apr_status_t rv;
    apr_socket_t *local_sock = ftp_data->cur.data.local_sock;
    apr_socket_t *data_sock = ftp_data->cur.data.sock;
    conn_rec *c = r->connection;
    char dates[APR_RFC822_DATE_LEN];
    conn_rec *data = NULL;

    /* wait for connection */
    if (ftp_data->mode == PORT) {
        for (;;) {
            rv = apr_socket_accept(&data_sock, local_sock, r->pool);
            if (rv == APR_EINTR) {

            }
            else {
                ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
                        "proxy: FTP: failed to accept data connection");
                proxy_ftp_cleanup(r, backend);
                return HTTP_BAD_GATEWAY;
            }
        }
    }

    /* the transfer socket is now open, create a new connection */
    data = ap_run_create_connection(r->pool, r->server, data_sock, r->connection->id,
            r->connection->sbh, c->bucket_alloc);
    if (!data) {
        /*
         * the peer reset the connection already; ap_run_create_connection() closed
         * the socket
         */
        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
                "proxy: FTP: an error occurred creating the transfer connection");
        proxy_ftp_cleanup(r, backend);
        return HTTP_INTERNAL_SERVER_ERROR;
    }


    rc = ap_run_pre_connection(data, data_sock);
    if (rc != OK && rc != DONE) {
        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
                "proxy: FTP: pre_connection setup failed (%d)",
                rc);
        data->aborted = 1;
        proxy_ftp_cleanup(r, backend);
        return rc;
    }


    /* send response */
    r->sent_bodyct = 1;

    if (ftp_data->action == LISTING) {
        /* insert directory filter */
        ap_add_output_filter("PROXY_SEND_DIR", NULL, r, r->connection);
    }

        int finish = FALSE;

        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
                "proxy: FTP: start body send");

        /* read the body, pass it to the output filters */
        while (ap_get_brigade(data->input_filters,
                    bb,
                    AP_MODE_READBYTES,
                    APR_BLOCK_READ,
                    ftp_data->cur.conf->io_buffer_size) == APR_SUCCESS) {
#if DEBUGGING
            {
                apr_off_t readbytes;
                apr_brigade_length(bb, 0, &readbytes);
                ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
                        r->server, "proxy (PID %d): readbytes: %#x",
                        getpid(), readbytes);
            }
#endif
            /* sanity check */

                apr_socket_close(data_sock);
                data_sock = NULL;
                ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
                        "proxy: FTP: data connection closed");
                /* signal that we must leave */
                finish = TRUE;
            }


            /* try send what we read */
            if (ap_pass_brigade(r->output_filters, bb) != APR_SUCCESS
                    || c->aborted) {
                /* Ack! Phbtt! Die! User aborted! */
                finish = TRUE;
            }

            }
        }
        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
                "proxy: FTP: end body send");

    }
    if (data_sock) {
        ap_flush_conn(data);
        apr_socket_close(data_sock);
        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
                     "proxy: FTP: data connection closed");
    }

    ap_flush_conn(data);
    ftp_data->state = ftp_finish_response;
    return OK;
}

static
int finish_response(ftp_conn_data *ftp_data, request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    int rc;
    char* msg;
    apr_socket_close(ftp_data->cur.data.sock);
    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
            "proxy: FTP: data connection closed");

    /* Retrieve the final response for the RETR or LIST commands */
    rc = proxy_ftp_command(NULL, r, ftp_ctrl, bb, &msg);
    ftp_data->state = ftp_cleanup;
    return OK;
}


static
int cleanup(ftp_conn_data *ftp_data, request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
    int rc;
    apr_brigade_cleanup(bb);

    /*

     * If there are no KeepAlives, or if the connection has been signalled to
     * close, close the socket and clean up
     */
    rc = send_quit(ftp_data, r, ftp_ctrl, bb);
    ftp_data->p_conn->close = 1;

    ap_flush_conn(ftp_ctrl);
    rc = proxy_ftp_command("QUIT" CRLF,
                           r, origin, bb, &ftpmessage);
    /* responses: 221, 500 */
    /* 221 Service closing control connection. */
    /* 500 Syntax error, command unrecognized. */
    ap_flush_conn(origin);
    proxy_ftp_cleanup(r, backend);

    apr_brigade_destroy(bb);
    ap_set_module_config(r->connection->conn_config, &proxy_ftp_module, NULL);
    return OK;
}

static
ftp_conn_data* init_ftp_data(proxy_conn_rec* p_conn)
{
    ftp_conn_data *ftp_data = apr_pcalloc(p_conn->pool, sizeof(ftp_conn_data));
    ftp_data->xfer_type = 'A';
    ftp_data->path = "";
    ftp_data->user = "anonymous";
    ftp_data->password = "apache-proxy@";
    ftp_data->p_conn = p_conn;
    return ftp_data;
}

static
apr_status_t ap_proxy_ftp_request(apr_pool_t *p, request_rec *r,
                                   proxy_conn_rec *p_conn, conn_rec *origin,
                                   proxy_server_conf *conf,
                                   apr_uri_t *uri,
                                   char *url, char *server_portstr)
{
    int rc = 0;
    apr_bucket_brigade *bb = apr_brigade_create(p, r->connection->bucket_alloc);

    /* see if we have any ftp state info (ie if this conn was initialized before)
     * if not, alloc data that needs to be alive for the entire length of persistant
     * connection.
     */

    ftp_conn_data *ftp_data;
    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
            "proxy: FTP: create new connection %s", url);
    ftp_data = init_ftp_data(p_conn);
    ftp_data->cur.conf = conf;

    ftp_data->url = url;
    ftp_data->uri = uri;

    /* parse the path first*/
    rc = on_init(ftp_data, r, origin, bb);

    /* State machine. */
    for(;;) {
        switch (ftp_data->state) {
            case ftp_connect:
                /* The socket will already be connected, just fetch the welcome message*/
                rc = on_connect(ftp_data, r, origin, bb);
                break;
            case ftp_send_user:
                rc = send_user(ftp_data, r, origin, bb);
                break;
            case ftp_send_pass:
                rc = send_pass(ftp_data, r, origin, bb);
                break;
            case ftp_choose_action:
                rc = choose_action(ftp_data, r, origin, bb);
                break;
            case ftp_check_type:
                rc = check_type(ftp_data, r, origin, bb);
                break;
            case ftp_check_trans_mode:
                rc = check_trans_mode(ftp_data, r, origin, bb);
                break;
            case ftp_connect_data_port:
                rc = connect_data_port(ftp_data, r, origin, bb);
                break;
            case ftp_check_transfer:
                rc = check_transfer(ftp_data, r, origin, bb);
                break;
            case ftp_send_retr:
                rc = send_retr(ftp_data, r, origin, bb);
                break;
            case ftp_send_stor:
                rc = send_stor(ftp_data, r, origin, bb);
                break;
            case ftp_send_list:
                rc = send_list(ftp_data, r, origin, bb);
                break;
            case ftp_start_response:
                rc = start_response(ftp_data, r, origin, bb);
                break;
            case ftp_transfer_stream:
                rc = transfer_stream(ftp_data, r, origin, bb);
                break;
            case ftp_finish_response:
                rc = finish_response(ftp_data, r, origin, bb);
                break;
            case ftp_cleanup:
                cleanup(ftp_data, r, origin, bb);
                return OK;

            default:
                ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
                        "proxy: FTP: Unknown switch [%d] last rc:[%d]", ftp_data->state, ftp_data->cur.rc);
            case ftp_error:
                proxyerror(r, p_conn, rc, ftp_data->msg);
        }

        /* break if there was an error*/
        if (rc != OK)
            break;
    }

    return rc;
}

static
apr_status_t ap_proxy_ftp_cleanup(request_rec *r,
                                   proxy_conn_rec *backend)
{
    ap_proxy_release_connection(proxy_function, backend, r->server);
    return OK;
}

/*
 * Handles direct access of ftp:// URLs
 * Original (Non-PASV) version from
 * Troy Morrison <spiffnet@zoom.com>
 * PASV added by Chuck
 * Filters by [Graham Leggett <minfrin@sharp.fm>]
 */
static int proxy_ftp_handler(request_rec *r, proxy_worker *worker,
                             proxy_server_conf *conf,
                             char *url, const char *proxyname,
                             apr_port_t proxyport)
{
    int status;
    char server_portstr[32];
    char *scheme;
    const char *u;
    proxy_conn_rec *backend = NULL;

    /* Note: Memory pool allocation.
     * A downstream keepalive connection is always connected to the existence
     * (or not) of an upstream keepalive connection. If this is not done then
     * load balancing against multiple backend servers breaks (one backend
     * server ends up taking 100% of the load), and the risk is run of
     * downstream keepalive connections being kept open unnecessarily. This
     * keeps webservers busy and ties up resources.
     *
     * As a result, we allocate all sockets out of the upstream connection
     * pool, and when we want to reuse a socket, we check first whether the
     * connection ID of the current upstream connection is the same as that
     * of the connection when the socket was opened.
     */
    apr_pool_t *p = r->connection->pool;
    conn_rec *c = r->connection;
    apr_uri_t *uri = apr_palloc(r->connection->pool, sizeof(*uri));

    /* find the scheme */
    u = strchr(url, ':');
    if (u == NULL || u[1] != '/' || u[2] != '/' || u[3] == '\0')
        return DECLINED;
    scheme = apr_pstrndup(c->pool, url, u - url);
    /* scheme is lowercase */
    ap_str_tolower(scheme);
    /* is it for us? */
    if (strcmp(scheme, "ftp") || proxyname) {
        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
                "proxy: FTP: declining URL %s", url);
        return DECLINED; /* only interested in direct FTP */
    }
    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
            "proxy: FTP: serving URL %s", url);


    /* create space for state information */
    if ((status = ap_proxy_acquire_connection(proxy_function, &backend,
                    worker, r->server)) != OK)
        goto cleanup;


    /* Step One: Determine Who To Connect To */
    if ((status = ap_proxy_determine_connection(p, r, conf, worker, backend,
                    uri, &url, 0,
                    0, server_portstr,
                    sizeof(server_portstr))) != OK)
        goto cleanup;

    /* Step Two: Make the Connection */
    if (ap_proxy_connect_backend(proxy_function, backend, worker, r->server)) {
        status = HTTP_SERVICE_UNAVAILABLE;
        goto cleanup;
    }

    /* Step Three: Create conn_rec */
    if (!backend->connection) {
        if ((status = ap_proxy_connection_create(proxy_function, backend,
                        c, r->server)) != OK)
            goto cleanup;
    }

    /* Step Four: Send the Request */
    if ((status = ap_proxy_ftp_request(p, r, backend, backend->connection,
                    conf, uri, url, server_portstr)) != OK)
        goto cleanup;

    /* Step Five: Receive the Response -- is included in previous step */

    /* Step Six: Clean Up */

cleanup:
    if (backend) {
        if (status != OK)
            backend->close = 1;
        ap_proxy_ftp_cleanup(r, backend);
    }
    return status;

}

static void ap_proxy_ftp_register_hook(apr_pool_t *p)
{
    /* hooks */

    NULL,                       /* command apr_table_t */
    ap_proxy_ftp_register_hook  /* register hooks */
};


Return to bug 41676