NetBSD Problem Report #58581
From www@netbsd.org Sun Aug 11 14:03:06 2024
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits)
client-signature RSA-PSS (2048 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 684451A9244
for <gnats-bugs@gnats.NetBSD.org>; Sun, 11 Aug 2024 14:03:06 +0000 (UTC)
Message-Id: <20240811140305.3370A1A9243@mollari.NetBSD.org>
Date: Sun, 11 Aug 2024 14:03:05 +0000 (UTC)
From: campbell+netbsd@mumble.net
Reply-To: campbell+netbsd@mumble.net
To: gnats-bugs@NetBSD.org
Subject: ftp(1) should allow specifying header fields in http requests
X-Send-Pr-Version: www-1.0
>Number: 58581
>Category: bin
>Synopsis: ftp(1) should allow specifying header fields in http requests
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: closed
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Sun Aug 11 14:05:00 +0000 2024
>Closed-Date: Sun Oct 13 20:31:16 +0000 2024
>Last-Modified: Sun Oct 13 20:31:16 +0000 2024
>Originator: Taylor R Campbell
>Release: current, 10, 9, ...
>Organization:
The X-NetBSD: Fetchation
>Environment:
>Description:
It would be nice if you could add a custom header field to an http request.
For example, the Instance Metadata Service version 2 in Oracle Compute Infrastructure requires adding a header field `Authorization: Bearer Oracle' in order to prevent SSRF attacks which might expose secret keys.
Similarly, the IMDSv2 in Amazon EC2 requires an X-aws-ec2-metadata-token header field, populated with a token retrieved by another request made with an X-aws-ec2-metadata-token-ttl-seconds field.
Although you can do this with fancier http clients like curl(1), we might want to use these in rc scripts at first boot like /etc/rc.d/ec2_init, and it would be good if that worked only with what's available in the base system.
>How-To-Repeat:
try to use a service that requires a custom header field
>Fix:
Add a `-H <headerfield>' option to ftp(1) like curl(1) has.
>Release-Note:
>Audit-Trail:
From: Sunil Nimmagadda <sunil@nimmagadda.net>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: bin/58581: ftp(1) should allow specifying header fields in http
requests
Date: Sun, 11 Aug 2024 21:15:22 +0530
campbell+netbsd@mumble.net writes:
>>Number: 58581
>>Category: bin
>>Synopsis: ftp(1) should allow specifying header fields in http requests
>>Confidential: no
>>Severity: serious
>>Priority: medium
>>Responsible: bin-bug-people
>>State: open
>>Class: change-request
>>Submitter-Id: net
>>Arrival-Date: Sun Aug 11 14:05:00 +0000 2024
>>Originator: Taylor R Campbell
>>Release: current, 10, 9, ...
>>Organization:
> The X-NetBSD: Fetchation
>>Environment:
>>Description:
> It would be nice if you could add a custom header field to an http request.
>
> For example, the Instance Metadata Service version 2 in Oracle Compute
> Infrastructure requires adding a header field `Authorization: Bearer
> Oracle' in order to prevent SSRF attacks which might expose secret
> keys.
>
> Similarly, the IMDSv2 in Amazon EC2 requires an X-aws-ec2-metadata-token header field, populated with a token retrieved by another request made with an X-aws-ec2-metadata-token-ttl-seconds field.
>
> Although you can do this with fancier http clients like curl(1), we
> might want to use these in rc scripts at first boot like
> /etc/rc.d/ec2_init, and it would be good if that worked only with
> what's available in the base system.
>>How-To-Repeat:
> try to use a service that requires a custom header field
>>Fix:
> Add a `-H <headerfield>' option to ftp(1) like curl(1) has.
Initial attempt at adding a custom HTTP request header...
$ ftp -H 'Authorization: Bearer Oracle' https://example.com/foo
diff --git a/usr.bin/ftp/fetch.c b/usr.bin/ftp/fetch.c
--- a/usr.bin/ftp/fetch.c
+++ b/usr.bin/ftp/fetch.c
@@ -882,6 +882,9 @@
print_host(fin, ui);
fetch_printf(fin, "Accept: */*\r\n");
fetch_printf(fin, "Connection: close\r\n");
+ if (http_header) {
+ fetch_printf(fin, "%s\r\n", http_header);
+ }
if (restart_point) {
fputs(leading, ttyout);
fetch_printf(fin, "Range: bytes=" LLF "-\r\n",
diff --git a/usr.bin/ftp/ftp_var.h b/usr.bin/ftp/ftp_var.h
--- a/usr.bin/ftp/ftp_var.h
+++ b/usr.bin/ftp/ftp_var.h
@@ -255,6 +255,7 @@
GLOBAL int epsv6bad; /* EPSV doesn't work on the current server */
GLOBAL int editing; /* command line editing enabled */
GLOBAL int features[FEAT_max]; /* remote FEATures supported */
+GLOBAL const char *http_header; /* Custom HTTP Request header */
#ifndef NO_EDITCOMPLETE
GLOBAL EditLine *el; /* editline(3) status structure */
diff --git a/usr.bin/ftp/main.c b/usr.bin/ftp/main.c
--- a/usr.bin/ftp/main.c
+++ b/usr.bin/ftp/main.c
@@ -267,7 +267,7 @@
}
}
- while ((ch = getopt(argc, argv, ":46Aab:defginN:o:pP:q:r:Rs:tT:u:vVx:")) != -1) {
+ while ((ch = getopt(argc, argv, ":46Aab:defgH:inN:o:pP:q:r:Rs:tT:u:vVx:")) != -1) {
switch (ch) {
case '4':
family = AF_INET;
@@ -315,6 +315,10 @@
doglob = 0;
break;
+ case 'H':
+ http_header = ftp_strdup(optarg);
+ break;
+
case 'i':
interactive = 0;
break;
From: Sunil Nimmagadda <sunil@nimmagadda.net>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: bin/58581: ftp(1) should allow specifying header fields in http
requests
Date: Wed, 25 Sep 2024 09:43:37 +0530
gnats-admin@netbsd.org writes:
> The following reply was made to PR bin/58581; it has been noted by GNATS.
>
> From: Sunil Nimmagadda <sunil@nimmagadda.net>
> To: gnats-bugs@netbsd.org
> Cc:
> Subject: Re: bin/58581: ftp(1) should allow specifying header fields in http
> requests
> Date: Sun, 11 Aug 2024 21:15:22 +0530
>
> campbell+netbsd@mumble.net writes:
>
> >>Number: 58581
> >>Category: bin
> >>Synopsis: ftp(1) should allow specifying header fields in http requests
> >>Confidential: no
> >>Severity: serious
> >>Priority: medium
> >>Responsible: bin-bug-people
> >>State: open
> >>Class: change-request
> >>Submitter-Id: net
> >>Arrival-Date: Sun Aug 11 14:05:00 +0000 2024
> >>Originator: Taylor R Campbell
> >>Release: current, 10, 9, ...
> >>Organization:
> > The X-NetBSD: Fetchation
> >>Environment:
> >>Description:
> > It would be nice if you could add a custom header field to an http request.
> >
> > For example, the Instance Metadata Service version 2 in Oracle Compute
> > Infrastructure requires adding a header field `Authorization: Bearer
> > Oracle' in order to prevent SSRF attacks which might expose secret
> > keys.
> >
> > Similarly, the IMDSv2 in Amazon EC2 requires an X-aws-ec2-metadata-token header field, populated with a token retrieved by another request made with an X-aws-ec2-metadata-token-ttl-seconds field.
> >
> > Although you can do this with fancier http clients like curl(1), we
> > might want to use these in rc scripts at first boot like
> > /etc/rc.d/ec2_init, and it would be good if that worked only with
> > what's available in the base system.
> >>How-To-Repeat:
> > try to use a service that requires a custom header field
> >>Fix:
> > Add a `-H <headerfield>' option to ftp(1) like curl(1) has.
Updated diff with two changes...
- Support specifiying multiple -H <hdr> option.
- Document new -H option in manpage.
diff --git a/usr.bin/ftp/fetch.c b/usr.bin/ftp/fetch.c
index a2ccd8c3897a..f714bb6b6f2b 100644
--- a/usr.bin/ftp/fetch.c
+++ b/usr.bin/ftp/fetch.c
@@ -865,6 +865,7 @@ print_get(FETCH *fin, int hasleading, int isproxy, const struct urlinfo *oui,
const struct urlinfo *ui)
{
const char *leading = hasleading ? ", " : " (";
+ struct entry *np;
if (isproxy) {
if (verbose) {
@@ -882,6 +883,9 @@ print_get(FETCH *fin, int hasleading, int isproxy, const struct urlinfo *oui,
print_host(fin, ui);
fetch_printf(fin, "Accept: */*\r\n");
fetch_printf(fin, "Connection: close\r\n");
+ SLIST_FOREACH(np, &custom_headers, entries)
+ fetch_printf(fin, "%s\r\n", np->header);
+
if (restart_point) {
fputs(leading, ttyout);
fetch_printf(fin, "Range: bytes=" LLF "-\r\n",
diff --git a/usr.bin/ftp/ftp.1 b/usr.bin/ftp/ftp.1
index 9d2319884706..c0663f800266 100644
--- a/usr.bin/ftp/ftp.1
+++ b/usr.bin/ftp/ftp.1
@@ -67,6 +67,7 @@
.Nm
.Op Fl 46AadefginpRtVv\&?
.Op Fl b Ar bufsize
+.Op Fl H Ar hdr
.Op Fl N Ar netrc
.Op Fl o Ar output
.Op Fl P Ar port
@@ -223,6 +224,10 @@ or
proxies.
.It Fl g
Disables file name globbing.
+.It Fl H Ar hdr
+Include
+.Ar hdr
+string as a custom HTTP header for an HTTP request.
.It Fl i
Turns off interactive prompting during
multiple file transfers.
diff --git a/usr.bin/ftp/ftp_var.h b/usr.bin/ftp/ftp_var.h
index 1c7448dc0a75..2c12ae82d9ed 100644
--- a/usr.bin/ftp/ftp_var.h
+++ b/usr.bin/ftp/ftp_var.h
@@ -101,6 +101,7 @@
#endif
#include <sys/param.h>
+#include <sys/queue.h>
#include <netinet/in.h>
#include <arpa/inet.h>
@@ -165,6 +166,14 @@ enum {
FEAT_max
};
+/*
+ * Custom HTTP headers
+ */
+struct entry {
+ SLIST_ENTRY(entry) entries;
+ const char *header;
+};
+SLIST_HEAD(http_headers, entry);
/*
* Global defines
@@ -320,8 +329,9 @@ GLOBAL FILE *cin;
GLOBAL FILE *cout;
GLOBAL int data;
-extern struct cmd cmdtab[];
-extern struct option optiontab[];
+extern struct cmd cmdtab[];
+extern struct option optiontab[];
+extern struct http_headers custom_headers;
extern size_t ftp_buflen;
diff --git a/usr.bin/ftp/main.c b/usr.bin/ftp/main.c
index 82e0b6656fd7..54fc1ca3cf64 100644
--- a/usr.bin/ftp/main.c
+++ b/usr.bin/ftp/main.c
@@ -134,6 +134,8 @@ static int usage(void);
static int usage_help(void);
static void setupoption(const char *, const char *, const char *);
+struct http_headers custom_headers;
+
int
main(int volatile argc, char **volatile argv)
{
@@ -267,7 +269,8 @@ main(int volatile argc, char **volatile argv)
}
}
- while ((ch = getopt(argc, argv, ":46Aab:defginN:o:pP:q:r:Rs:tT:u:vVx:")) != -1) {
+ SLIST_INIT(&custom_headers);
+ while ((ch = getopt(argc, argv, ":46Aab:defgH:inN:o:pP:q:r:Rs:tT:u:vVx:")) != -1) {
switch (ch) {
case '4':
family = AF_INET;
@@ -315,6 +318,13 @@ main(int volatile argc, char **volatile argv)
doglob = 0;
break;
+ case 'H':
+ struct entry *p;
+ p = ftp_malloc(sizeof *p);
+ p->header = ftp_strdup(optarg);
+ SLIST_INSERT_HEAD(&custom_headers, p, entries);
+ break;
+
case 'i':
interactive = 0;
break;
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/58581 CVS commit: src/usr.bin/ftp
Date: Wed, 25 Sep 2024 12:55:40 -0400
Module Name: src
Committed By: christos
Date: Wed Sep 25 16:55:40 UTC 2024
Modified Files:
src/usr.bin/ftp: fetch.c ftp.1 ftp_var.h main.c
Log Message:
PR/58581: Sunil Nimmagadda: Add flag to allow specifying extra http header
fields.
To generate a diff of this commit:
cvs rdiff -u -r1.240 -r1.241 src/usr.bin/ftp/fetch.c
cvs rdiff -u -r1.155 -r1.156 src/usr.bin/ftp/ftp.1
cvs rdiff -u -r1.88 -r1.89 src/usr.bin/ftp/ftp_var.h
cvs rdiff -u -r1.131 -r1.132 src/usr.bin/ftp/main.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->needs-pullups
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Fri, 27 Sep 2024 16:34:22 +0000
State-Changed-Why:
Cool, thanks, Sunil! Would also be nice if we had automatic tests for
this, maybe with bozohttpd and a simple cgi script run under atf.
Anyway, let's get this pulled up to 10.
From: "Taylor R Campbell" <riastradh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/58581 CVS commit: src/usr.bin/ftp
Date: Fri, 27 Sep 2024 16:31:36 +0000
Module Name: src
Committed By: riastradh
Date: Fri Sep 27 16:31:36 UTC 2024
Modified Files:
src/usr.bin/ftp: ftp.1
Log Message:
ftp(1): Nix trailing whitespace in man page.
No functional change intended.
PR bin/58581: ftp(1) should allow specifying header fields in http requests
To generate a diff of this commit:
cvs rdiff -u -r1.156 -r1.157 src/usr.bin/ftp/ftp.1
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Sunil Nimmagadda <sunil@nimmagadda.net>
To: riastradh@NetBSD.org
Cc: gnats-admin@netbsd.org, netbsd-bugs@netbsd.org,
campbell+netbsd@mumble.net, gnats-bugs@netbsd.org
Subject: Re: bin/58581 (ftp(1) should allow specifying header fields in http
requests)
Date: Mon, 30 Sep 2024 13:10:23 +0530
--=-=-=
Content-Type: text/plain
riastradh@NetBSD.org writes:
> Synopsis: ftp(1) should allow specifying header fields in http requests
>
> State-Changed-From-To: open->needs-pullups
> State-Changed-By: riastradh@NetBSD.org
> State-Changed-When: Fri, 27 Sep 2024 16:34:22 +0000
> State-Changed-Why:
> Cool, thanks, Sunil! Would also be nice if we had automatic tests for
> this, maybe with bozohttpd and a simple cgi script run under atf.
>
> Anyway, let's get this pulled up to 10.
Sure, the attached diff has a testcase for the custom headers feature
using atf...
--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment; filename=custom_headers_tests.diff
diff --git a/tests/usr.bin/Makefile b/tests/usr.bin/Makefile
index d0456d50235b..3d30e6157de5 100644
--- a/tests/usr.bin/Makefile
+++ b/tests/usr.bin/Makefile
@@ -6,7 +6,7 @@
TESTSDIR= ${TESTSBASE}/usr.bin
TESTS_SUBDIRS= awk basename bzip2 cc cmp compress config cpio col cut \
- diff dirname error find fstat gdb grep gzip id indent \
+ diff dirname error find fstat ftp gdb grep gzip id indent \
infocmp jot ld locale m4 make mixerctl mkdep mtree nbperf \
netpgpverify patch pkill pr printf pwhash realpath rump_server \
shmif_dumpbus shmif_pcapin sdiff sed sort stat tar tmux tr \
diff --git a/tests/usr.bin/ftp/Makefile b/tests/usr.bin/ftp/Makefile
new file mode 100644
index 000000000000..b66e9fdeefde
--- /dev/null
+++ b/tests/usr.bin/ftp/Makefile
@@ -0,0 +1,8 @@
+# $NetBSD: Makefile,v 1.1 2020/06/24 10:05:07 jruoho Exp $
+
+.include <bsd.own.mk>
+
+TESTSDIR= ${TESTSBASE}/usr.bin/ftp
+TESTS_SH= t_custom_headers
+
+.include <bsd.test.mk>
diff --git a/tests/usr.bin/ftp/t_custom_headers.sh b/tests/usr.bin/ftp/t_custom_headers.sh
new file mode 100644
index 000000000000..03eddee22e54
--- /dev/null
+++ b/tests/usr.bin/ftp/t_custom_headers.sh
@@ -0,0 +1,34 @@
+atf_test_case custom_headers cleanup
+custom_headers_head()
+{
+ atf_require_prog ftp
+ atf_set "descr" "Check for custom HTTP headers"
+}
+
+HTTPD_PID=./.__httpd.pid
+custom_headers_body()
+{
+ # start httpd in daemon mode
+ atf_check -s exit:0 \
+ /usr/libexec/httpd -P $HTTPD_PID -I 8080 -b -C .sh /bin/sh \
+ -c $(atf_get_srcdir)/www/cgi-bin $(atf_get_srcdir)/www
+
+ atf_check -o inline:"example.com\n1000\n" \
+ -x "ftp -Vo- -H X-Origin:example.com \
+ -H X-Rate-Limit:1000 \
+ http://127.0.0.1:8080/cgi-bin/custom_headers.sh"
+}
+
+custom_headers_cleanup()
+{
+ if [ -f $HTTPD_PID ]; then
+ kill -9 $(cat $HTTPD_PID)
+ rm -f $HTTPD_PID
+ sleep 1
+ fi
+}
+
+atf_init_test_cases()
+{
+ atf_add_test_case custom_headers
+}
diff --git a/tests/usr.bin/ftp/www/cgi-bin/custom_headers.sh b/tests/usr.bin/ftp/www/cgi-bin/custom_headers.sh
new file mode 100755
index 000000000000..65428b79c352
--- /dev/null
+++ b/tests/usr.bin/ftp/www/cgi-bin/custom_headers.sh
@@ -0,0 +1,11 @@
+#! /bin/sh
+
+echo "Content-type: text/html; charset=utf-8"
+echo ""
+if [ "$HTTP_X_ORIGIN" ]; then
+ echo "$HTTP_X_ORIGIN"
+fi
+
+if [ "$HTTP_X_RATE_LIMIT" ]; then
+ echo "$HTTP_X_RATE_LIMIT"
+fi
--=-=-=--
From: RVP <rvp@SDF.ORG>
To: gnats-bugs@netbsd.org
Cc: Sunil Nimmagadda <sunil@nimmagadda.net>
Subject: Re: bin/58581 (ftp(1) should allow specifying header fields in http
requests)
Date: Mon, 30 Sep 2024 08:30:26 +0000 (UTC)
Some very minor nits, Sunil/Christos:
1. In ftp.1, the SYNOPSIS says `-h header' instead of `-H header'.
Also, there's a `.' missing before `It Fl' in the DESCRIPTION of that
option, so it's now taken to be part of the prev. option, `-g'.
And, it should be mentioned that multiple `-H's are allowed.
2. In ftp/main.c synopsis() should be updated for `-H'.
Thx,
-RVP
From: Sunil Nimmagadda <sunil@nimmagadda.net>
To: "RVP via gnats" <gnats-admin@NetBSD.org>
Cc: netbsd-bugs@netbsd.org, campbell+netbsd@mumble.net, gnats-bugs@netbsd.org
Subject: Re: bin/58581 (ftp(1) should allow specifying header fields in http
requests)
Date: Mon, 30 Sep 2024 15:07:01 +0530
--=-=-=
Content-Type: text/plain
"RVP via gnats" <gnats-admin@NetBSD.org> writes:
> The following reply was made to PR bin/58581; it has been noted by GNATS.
>
> From: RVP <rvp@SDF.ORG>
> To: gnats-bugs@netbsd.org
> Cc: Sunil Nimmagadda <sunil@nimmagadda.net>
> Subject: Re: bin/58581 (ftp(1) should allow specifying header fields in http
> requests)
> Date: Mon, 30 Sep 2024 08:30:26 +0000 (UTC)
>
> Some very minor nits, Sunil/Christos:
>
> 1. In ftp.1, the SYNOPSIS says `-h header' instead of `-H header'.
>
> Also, there's a `.' missing before `It Fl' in the DESCRIPTION of that
> option, so it's now taken to be part of the prev. option, `-g'.
>
> And, it should be mentioned that multiple `-H's are allowed.
>
> 2. In ftp/main.c synopsis() should be updated for `-H'.
>
> Thx,
>
> -RVP
>
Thanks, the markup fixes are attached...
--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment; filename=markup.diff
diff --git a/usr.bin/ftp/ftp.1 b/usr.bin/ftp/ftp.1
index e703e2e58cd8..4215d22e114f 100644
--- a/usr.bin/ftp/ftp.1
+++ b/usr.bin/ftp/ftp.1
@@ -67,7 +67,7 @@
.Nm
.Op Fl 46AadefginpRtVv\&?
.Op Fl b Ar bufsize
-.Op Fl h Ar header
+.Op Fl H Ar header
.Op Fl N Ar netrc
.Op Fl o Ar output
.Op Fl P Ar port
@@ -224,7 +224,7 @@ or
proxies.
.It Fl g
Disables file name globbing.
-It Fl H Ar header
+.It Fl H Ar header
Include the provided
.Ar header
string as a custom
@@ -232,6 +232,9 @@ string as a custom
header for an
.Th HTTP
request.
+Multiple headers may be specified via
+.Fl H
+option.
.It Fl i
Turns off interactive prompting during
multiple file transfers.
diff --git a/usr.bin/ftp/main.c b/usr.bin/ftp/main.c
index cc862615c50f..3095fe772a10 100644
--- a/usr.bin/ftp/main.c
+++ b/usr.bin/ftp/main.c
@@ -1080,7 +1080,7 @@ synopsis(FILE * stream)
const char * progname = getprogname();
fprintf(stream,
-"usage: %s [-46AadefginpRtVv] [-N NETRC] [-o OUTPUT] [-P PORT] [-q QUITTIME]\n"
+"usage: %s [-46AadefginpRtVv] [-H header] [-N NETRC] [-o OUTPUT] [-P PORT] [-q QUITTIME]\n"
" [-r RETRY] [-s SRCADDR] [-T DIR,MAX[,INC]] [-x XFERSIZE]\n"
" [[USER@]HOST [PORT]]\n"
" [[USER@]HOST:[PATH][/]]\n"
--=-=-=--
From: Taylor R Campbell <riastradh@NetBSD.org>
To: Sunil Nimmagadda <sunil@nimmagadda.net>
Cc: gnats-admin@NetBSD.org, netbsd-bugs@NetBSD.org,
gnats-bugs@NetBSD.org
Subject: Re: bin/58581 (ftp(1) should allow specifying header fields in http
requests)
Date: Tue, 1 Oct 2024 14:46:36 +0000
> Date: Mon, 30 Sep 2024 13:10:23 +0530
> From: Sunil Nimmagadda <sunil@nimmagadda.net>
>
> Sure, the attached diff has a testcase for the custom headers feature
> using atf...
That looks great! Since it's not a trivial change, can you please
provide a 2-clause BSD licence statement on the new files?
(There are lots of other examples you can derive from, like
tests/usr.bin/stat/t_stat.sh -- feel free to keep the copyright for
yourself or contribute it to TNF, as you see fit, as long as it's
permissively licensed.)
From: Taylor R Campbell <riastradh@NetBSD.org>
To: netbsd-bugs@NetBSD.org, gnats-bugs@NetBSD.org
Cc:
Subject: Re: bin/58581 (ftp(1) should allow specifying header fields in http
requests)
Date: Tue, 1 Oct 2024 17:57:21 +0000
Followups for pullup:
https://mail-index.netbsd.org/source-changes/2024/09/30/msg153623.html
https://mail-index.netbsd.org/source-changes/2024/09/30/msg153627.html
Module Name: src
Committed By: christos
Date: Mon Sep 30 13:03:37 UTC 2024
Modified Files:
src/usr.bin/ftp: ftp.1 main.c
Log Message:
fix markup (h -> H), explain about multiple headers, fix usage (from RVP)
To generate a diff of this commit:
cvs rdiff -u -r1.157 -r1.158 src/usr.bin/ftp/ftp.1
cvs rdiff -u -r1.132 -r1.133 src/usr.bin/ftp/main.c
Module Name: src
Committed By: kre
Date: Mon Sep 30 19:23:31 UTC 2024
Modified Files:
src/usr.bin/ftp: ftp.1
Log Message:
Don't forget the dot, use the intended macro name (I think),
and improve the wording a little. (All related to the -H option.)
To generate a diff of this commit:
cvs rdiff -u -r1.158 -r1.159 src/usr.bin/ftp/ftp.1
From: Sunil Nimmagadda <sunil@nimmagadda.net>
To: Taylor R Campbell <riastradh@NetBSD.org>
Cc: gnats-admin@NetBSD.org, netbsd-bugs@NetBSD.org, gnats-bugs@NetBSD.org
Subject: Re: bin/58581 (ftp(1) should allow specifying header fields in http
requests)
Date: Wed, 02 Oct 2024 19:24:53 +0530
--=-=-=
Content-Type: text/plain
Taylor R Campbell <riastradh@NetBSD.org> writes:
>> Date: Mon, 30 Sep 2024 13:10:23 +0530
>> From: Sunil Nimmagadda <sunil@nimmagadda.net>
>>
>> Sure, the attached diff has a testcase for the custom headers feature
>> using atf...
>
> That looks great! Since it's not a trivial change, can you please
> provide a 2-clause BSD licence statement on the new files?
>
> (There are lots of other examples you can derive from, like
> tests/usr.bin/stat/t_stat.sh -- feel free to keep the copyright for
> yourself or contribute it to TNF, as you see fit, as long as it's
> permissively licensed.)
Sure, updated diff with licence for the new files...
--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment; filename=testcase.diff
Content-Description: ftp(1): Test for custom HTTP headers in a request
diff --git a/tests/usr.bin/Makefile b/tests/usr.bin/Makefile
index d0456d50235b..3d30e6157de5 100644
--- a/tests/usr.bin/Makefile
+++ b/tests/usr.bin/Makefile
@@ -6,7 +6,7 @@
TESTSDIR= ${TESTSBASE}/usr.bin
TESTS_SUBDIRS= awk basename bzip2 cc cmp compress config cpio col cut \
- diff dirname error find fstat gdb grep gzip id indent \
+ diff dirname error find fstat ftp gdb grep gzip id indent \
infocmp jot ld locale m4 make mixerctl mkdep mtree nbperf \
netpgpverify patch pkill pr printf pwhash realpath rump_server \
shmif_dumpbus shmif_pcapin sdiff sed sort stat tar tmux tr \
diff --git a/tests/usr.bin/ftp/Makefile b/tests/usr.bin/ftp/Makefile
new file mode 100644
index 000000000000..b66e9fdeefde
--- /dev/null
+++ b/tests/usr.bin/ftp/Makefile
@@ -0,0 +1,8 @@
+# $NetBSD: Makefile,v 1.1 2020/06/24 10:05:07 jruoho Exp $
+
+.include <bsd.own.mk>
+
+TESTSDIR= ${TESTSBASE}/usr.bin/ftp
+TESTS_SH= t_custom_headers
+
+.include <bsd.test.mk>
diff --git a/tests/usr.bin/ftp/t_custom_headers.sh b/tests/usr.bin/ftp/t_custom_headers.sh
new file mode 100644
index 000000000000..3609fb6ec6a8
--- /dev/null
+++ b/tests/usr.bin/ftp/t_custom_headers.sh
@@ -0,0 +1,62 @@
+# Copyright (c) 2024 The NetBSD Foundation, Inc.
+# All rights reserved.
+#
+# This code is derived from software contributed to The NetBSD Foundation
+# by Sunil Nimmagadda.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+
+atf_test_case custom_headers cleanup
+custom_headers_head()
+{
+ atf_require_prog ftp
+ atf_set "descr" "Check for custom HTTP headers"
+}
+
+HTTPD_PID=./.__httpd.pid
+custom_headers_body()
+{
+ # start httpd in daemon mode
+ atf_check -s exit:0 \
+ /usr/libexec/httpd -P $HTTPD_PID -I 8080 -b -C .sh /bin/sh \
+ -c $(atf_get_srcdir)/www/cgi-bin $(atf_get_srcdir)/www
+
+ atf_check -o inline:"example.com\n1000\n" \
+ -x "ftp -Vo- -H X-Origin:example.com \
+ -H X-Rate-Limit:1000 \
+ http://127.0.0.1:8080/cgi-bin/custom_headers.sh"
+}
+
+custom_headers_cleanup()
+{
+ if [ -f $HTTPD_PID ]; then
+ kill -9 $(cat $HTTPD_PID)
+ rm -f $HTTPD_PID
+ sleep 1
+ fi
+}
+
+atf_init_test_cases()
+{
+ atf_add_test_case custom_headers
+}
diff --git a/tests/usr.bin/ftp/www/cgi-bin/custom_headers.sh b/tests/usr.bin/ftp/www/cgi-bin/custom_headers.sh
new file mode 100755
index 000000000000..f448c4b49a0f
--- /dev/null
+++ b/tests/usr.bin/ftp/www/cgi-bin/custom_headers.sh
@@ -0,0 +1,39 @@
+#! /bin/sh
+
+# Copyright (c) 2024 The NetBSD Foundation, Inc.
+# All rights reserved.
+#
+# This code is derived from software contributed to The NetBSD Foundation
+# by Sunil Nimmagadda.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+
+echo "Content-type: text/html; charset=utf-8"
+echo ""
+if [ "$HTTP_X_ORIGIN" ]; then
+ echo "$HTTP_X_ORIGIN"
+fi
+
+if [ "$HTTP_X_RATE_LIMIT" ]; then
+ echo "$HTTP_X_RATE_LIMIT"
+fi
--=-=-=--
From: "Taylor R Campbell" <riastradh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/58581 CVS commit: src
Date: Sat, 12 Oct 2024 22:19:37 +0000
Module Name: src
Committed By: riastradh
Date: Sat Oct 12 22:19:37 UTC 2024
Modified Files:
src/distrib/sets/lists/tests: mi
src/etc/mtree: NetBSD.dist.tests
src/tests/usr.bin: Makefile
Added Files:
src/tests/usr.bin/ftp: Makefile custom_headers.sh t_custom_headers.sh
Log Message:
ftp(1): Add test for custom HTTP header fields.
Based on a patch from Sunil Nimmagadda <sunil@nimmagadda.net>.
PR bin/58581: ftp(1) should allow specifying header fields in http
requests
To generate a diff of this commit:
cvs rdiff -u -r1.1341 -r1.1342 src/distrib/sets/lists/tests/mi
cvs rdiff -u -r1.207 -r1.208 src/etc/mtree/NetBSD.dist.tests
cvs rdiff -u -r1.41 -r1.42 src/tests/usr.bin/Makefile
cvs rdiff -u -r0 -r1.1 src/tests/usr.bin/ftp/Makefile \
src/tests/usr.bin/ftp/custom_headers.sh \
src/tests/usr.bin/ftp/t_custom_headers.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: needs-pullups->pending-pullups
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Sun, 13 Oct 2024 13:24:28 +0000
State-Changed-Why:
pullup-10 #970 https://releng.netbsd.org/cgi-bin/req-10.cgi?show=970
not gonna bring this up to 9
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/58581 CVS commit: [netbsd-10] src
Date: Sun, 13 Oct 2024 16:06:37 +0000
Module Name: src
Committed By: martin
Date: Sun Oct 13 16:06:37 UTC 2024
Modified Files:
src/distrib/sets/lists/tests [netbsd-10]: mi
src/etc/mtree [netbsd-10]: NetBSD.dist.tests
src/tests/usr.bin [netbsd-10]: Makefile
src/usr.bin/ftp [netbsd-10]: cmds.c complete.c fetch.c ftp.1 ftp.c
ftp_var.h main.c progressbar.c ruserpass.c ssl.c util.c
Added Files:
src/tests/usr.bin/ftp [netbsd-10]: Makefile custom_headers.sh
t_custom_headers.sh
Log Message:
Pull up following revision(s) (requested by riastradh in ticket #970):
tests/usr.bin/Makefile: revision 1.42
usr.bin/ftp/ruserpass.c: revision 1.34
usr.bin/ftp/main.c: revision 1.130
usr.bin/ftp/ssl.c: revision 1.17
usr.bin/ftp/main.c: revision 1.131
usr.bin/ftp/ssl.c: revision 1.18
usr.bin/ftp/main.c: revision 1.132
usr.bin/ftp/ssl.c: revision 1.19
usr.bin/ftp/main.c: revision 1.133
distrib/sets/lists/tests/mi: revision 1.1342
usr.bin/ftp/ftp.1: revision 1.151
usr.bin/ftp/ftp.1: revision 1.152
usr.bin/ftp/progressbar.c: revision 1.25
usr.bin/ftp/ftp.1: revision 1.153
usr.bin/ftp/progressbar.c: revision 1.26
usr.bin/ftp/ftp.1: revision 1.155
usr.bin/ftp/ftp.1: revision 1.156
usr.bin/ftp/fetch.c: revision 1.239
usr.bin/ftp/ftp.1: revision 1.157
usr.bin/ftp/ftp.1: revision 1.158
usr.bin/ftp/ftp.1: revision 1.159
usr.bin/ftp/ftp_var.h: revision 1.87
etc/mtree/NetBSD.dist.tests: revision 1.208
usr.bin/ftp/ftp_var.h: revision 1.88
usr.bin/ftp/ftp_var.h: revision 1.89
usr.bin/ftp/cmds.c: revision 1.142
usr.bin/ftp/util.c: revision 1.168
usr.bin/ftp/cmds.c: revision 1.143
tests/usr.bin/ftp/custom_headers.sh: revision 1.1
usr.bin/ftp/ssl.c: revision 1.20
usr.bin/ftp/complete.c: revision 1.48
tests/usr.bin/ftp/Makefile: revision 1.1
tests/usr.bin/ftp/t_custom_headers.sh: revision 1.1
usr.bin/ftp/fetch.c: revision 1.240
usr.bin/ftp/fetch.c: revision 1.241
usr.bin/ftp/ftp.c: revision 1.176
usr.bin/ftp/ftp.c: revision 1.177
(all via patch)
ftp(1): wording and formatting improvements
Fix grammar issue with "Support values" reported in private mail.
Document all file transfer types in "type" and cross-reference that.
Consistency fixes in describing file transfer parameters and types.
Fix some mandoc -Tlint issues (except "useless macro: Tn").
Add -b <buflen> to specify the buffer size.
ftp: bump FTPBUFLEN from 4kB to 16kB
sourceforge.net returns a 5kB content-security-policy.
Analyzed by mlelstv@ who reports usual limits are between 4kB and 48kB.
default is now 16K
ftp: improve -b documentation
Order -b bufsize in the synopsis.
Document the actual default value.
ftp: improve units used in comments and errors
Use "KiB" instead of "K" in errors.
Clarify related comments.
pass some lint.
PR/58581: Sunil Nimmagadda: Add flag to allow specifying extra http header
fields.
ftp(1): Nix trailing whitespace in man page.
No functional change intended.
PR bin/58581: ftp(1) should allow specifying header fields in http requests
fix markup (h -> H), explain about multiple headers, fix usage (from RVP)
Don't forget the dot, use the intended macro name (I think),
and improve the wording a little. (All related to the -H option.)
ftp(1): Add test for custom HTTP header fields.
Based on a patch from Sunil Nimmagadda.
PR bin/58581: ftp(1) should allow specifying header fields in http
requests
To generate a diff of this commit:
cvs rdiff -u -r1.1238.2.15 -r1.1238.2.16 src/distrib/sets/lists/tests/mi
cvs rdiff -u -r1.197.2.4 -r1.197.2.5 src/etc/mtree/NetBSD.dist.tests
cvs rdiff -u -r1.37.2.1 -r1.37.2.2 src/tests/usr.bin/Makefile
cvs rdiff -u -r0 -r1.1.2.2 src/tests/usr.bin/ftp/Makefile \
src/tests/usr.bin/ftp/custom_headers.sh \
src/tests/usr.bin/ftp/t_custom_headers.sh
cvs rdiff -u -r1.141 -r1.141.6.1 src/usr.bin/ftp/cmds.c
cvs rdiff -u -r1.47 -r1.47.10.1 src/usr.bin/ftp/complete.c
cvs rdiff -u -r1.235.2.2 -r1.235.2.3 src/usr.bin/ftp/fetch.c
cvs rdiff -u -r1.147.2.4 -r1.147.2.5 src/usr.bin/ftp/ftp.1
cvs rdiff -u -r1.174.2.1 -r1.174.2.2 src/usr.bin/ftp/ftp.c
cvs rdiff -u -r1.86 -r1.86.2.1 src/usr.bin/ftp/ftp_var.h
cvs rdiff -u -r1.128.2.1 -r1.128.2.2 src/usr.bin/ftp/main.c
cvs rdiff -u -r1.24 -r1.24.6.1 src/usr.bin/ftp/progressbar.c
cvs rdiff -u -r1.33 -r1.33.86.1 src/usr.bin/ftp/ruserpass.c
cvs rdiff -u -r1.12.2.4 -r1.12.2.5 src/usr.bin/ftp/ssl.c
cvs rdiff -u -r1.164.2.2 -r1.164.2.3 src/usr.bin/ftp/util.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: pending-pullups->closed
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Sun, 13 Oct 2024 20:31:16 +0000
State-Changed-Why:
fixed in HEAD, pulled up to 10, not worth it for 9
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2024
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.