2 .\" Copyright (c) 1998-2013 Dag-Erling Smørgrav
3 .\" Copyright (c) 2013-2016 Michael Gmelin <freebsd@grem.de>
4 .\" All rights reserved.
6 .\" Redistribution and use in source and binary forms, with or without
7 .\" modification, are permitted provided that the following conditions
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\" notice, this list of conditions and the following disclaimer.
11 .\" 2. Redistributions in binary form must reproduce the above copyright
12 .\" notice, this list of conditions and the following disclaimer in the
13 .\" documentation and/or other materials provided with the distribution.
15 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
60 .Nd file transfer functions
68 .Fn fetchMakeURL "const char *scheme" "const char *host" "int port" "const char *doc" "const char *user" "const char *pwd"
70 .Fn fetchParseURL "const char *URL"
72 .Fn fetchFreeURL "struct url *u"
74 .Fn fetchXGetURL "const char *URL" "struct url_stat *us" "const char *flags"
76 .Fn fetchGetURL "const char *URL" "const char *flags"
78 .Fn fetchPutURL "const char *URL" "const char *flags"
80 .Fn fetchStatURL "const char *URL" "struct url_stat *us" "const char *flags"
82 .Fn fetchListURL "const char *URL" "const char *flags"
84 .Fn fetchXGet "struct url *u" "struct url_stat *us" "const char *flags"
86 .Fn fetchGet "struct url *u" "const char *flags"
88 .Fn fetchPut "struct url *u" "const char *flags"
90 .Fn fetchStat "struct url *u" "struct url_stat *us" "const char *flags"
92 .Fn fetchList "struct url *u" "const char *flags"
94 .Fn fetchXGetFile "struct url *u" "struct url_stat *us" "const char *flags"
96 .Fn fetchGetFile "struct url *u" "const char *flags"
98 .Fn fetchPutFile "struct url *u" "const char *flags"
100 .Fn fetchStatFile "struct url *u" "struct url_stat *us" "const char *flags"
102 .Fn fetchListFile "struct url *u" "const char *flags"
104 .Fn fetchXGetHTTP "struct url *u" "struct url_stat *us" "const char *flags"
106 .Fn fetchGetHTTP "struct url *u" "const char *flags"
108 .Fn fetchPutHTTP "struct url *u" "const char *flags"
110 .Fn fetchStatHTTP "struct url *u" "struct url_stat *us" "const char *flags"
112 .Fn fetchListHTTP "struct url *u" "const char *flags"
114 .Fn fetchReqHTTP "struct url *u" "const char *method" "const char *flags" "const char *content_type" "const char *body"
116 .Fn fetchXGetFTP "struct url *u" "struct url_stat *us" "const char *flags"
118 .Fn fetchGetFTP "struct url *u" "const char *flags"
120 .Fn fetchPutFTP "struct url *u" "const char *flags"
122 .Fn fetchStatFTP "struct url *u" "struct url_stat *us" "const char *flags"
124 .Fn fetchListFTP "struct url *u" "const char *flags"
126 These functions implement a high-level library for retrieving and
127 uploading files using Uniform Resource Locators (URLs).
130 takes a URL in the form of a null-terminated string and splits it into
131 its components function according to the Common Internet Scheme Syntax
133 A regular expression which produces this syntax is:
135 <scheme>:(//(<user>(:<pwd>)?@)?<host>(:<port>)?)?/(<document>)?
138 If the URL does not seem to begin with a scheme name, the following
141 ((<user>(:<pwd>)?@)?<host>(:<port>)?)?/(<document>)?
144 Note that some components of the URL are not necessarily relevant to
146 For instance, the file scheme only needs the <scheme> and <document>
152 return a pointer to a
154 structure, which is defined as follows in
157 #define URL_SCHEMELEN 16
158 #define URL_USERLEN 256
159 #define URL_PWDLEN 256
162 char scheme[URL_SCHEMELEN+1];
163 char user[URL_USERLEN+1];
164 char pwd[URL_PWDLEN+1];
165 char host[MAXHOSTNAMELEN+1];
176 field stores the time value for
177 .Li If-Modified-Since
180 The pointer returned by
184 should be freed using
191 constitute the recommended interface to the
194 They examine the URL passed to them to determine the transfer
195 method, and call the appropriate lower-level functions to perform the
198 also returns the remote document's metadata in the
200 structure pointed to by the
206 argument is a string of characters which specify transfer options.
208 meaning of the individual flags is scheme-dependent, and is detailed
209 in the appropriate section below.
212 attempts to obtain the requested document's metadata and fill in the
213 structure pointed to by its second argument.
216 structure is defined as follows in
226 If the size could not be obtained from the server, the
229 If the modification time could not be obtained from the server, the
231 field is set to the epoch.
232 If the access time could not be obtained from the server, the
234 field is set to the modification time.
237 attempts to list the contents of the directory pointed to by the URL
239 If successful, it returns a malloced array of
244 structure is defined as follows in
249 struct url_stat stat;
253 The list is terminated by an entry with an empty name.
255 The pointer returned by
257 should be freed using
271 except that they expect a pre-parsed URL in the form of a pointer to
274 rather than a string.
281 functions return a pointer to a stream which can be used to read or
282 write data from or to the requested document, respectively.
284 although the implementation details of the individual access methods
285 vary, it can generally be assumed that a stream returned by one of the
289 functions is read-only, and that a stream returned by one of the
291 functions is write-only.
297 provide access to documents which are files in a locally mounted file
299 Only the <document> component of the URL is used.
304 do not accept any flags.
309 (append to file) flag.
310 If that flag is specified, the data written to
311 the stream returned by
313 will be appended to the previous contents of the file, instead of
320 implement the FTP protocol as described in RFC959.
324 (not passive) flag is specified, an active (rather than passive)
325 connection will be attempted.
329 flag is supported for compatibility with earlier versions where active
330 connections were the default.
331 It has precedence over the
333 flag, so if both are specified,
335 will use a passive connection.
339 (low) flag is specified, data sockets will be allocated in the low (or
340 default) port range instead of the high port range (see
345 (direct) flag is specified,
350 will use a direct connection even if a proxy server is defined.
352 If no user name or password is given, the
354 library will attempt an anonymous login, with user name "anonymous"
355 and password "anonymous@<hostname>".
363 functions implement the HTTP/1.1 protocol.
364 With a little luck, there is
365 even a chance that they comply with RFC2616 and RFC2617.
369 (direct) flag is specified,
374 will use a direct connection even if a proxy server is defined.
378 (if-modified-since) flag is specified, and
387 will send a conditional
388 .Li If-Modified-Since
389 HTTP header to only fetch the content if it is newer than
394 can be used to make requests with an arbitrary HTTP verb,
395 including POST, DELETE, CONNECT, OPTIONS, TRACE or PATCH.
396 This can be done by setting the argument
398 to the intended verb, such as
404 Since there seems to be no good way of implementing the HTTP PUT
405 method in a manner consistent with the rest of the
409 is currently unimplemented.
411 Based on HTTP SCHEME.
412 The CA bundle used for peer verification can be changed by setting the
413 environment variables
415 to point to a concatenated bundle of trusted certificates and
417 to point to a directory containing hashes of trusted CAs (see
420 A certificate revocation list (CRL) can be used by setting the
426 Peer verification can be disabled by setting the environment variable
427 .Ev SSL_NO_VERIFY_PEER .
428 Note that this also disables CRL checking.
430 By default the service identity is verified according to the rules
431 detailed in RFC6125 (also known as hostname verification).
432 This feature can be disabled by setting the environment variable
433 .Ev SSL_NO_VERIFY_HOSTNAME .
435 Client certificate based authentication is supported.
436 The environment variable
437 .Ev SSL_CLIENT_CERT_FILE
438 should be set to point to a file containing key and client certificate
439 to be used in PEM format.
440 When a PEM-format key is in a separate file from the client certificate,
441 the environment variable
442 .Ev SSL_CLIENT_KEY_FILE
443 can be set to point to the key file.
444 In case the key uses a password, the user will be prompted on standard
449 allows TLSv1 and newer when negotiating the connecting with the remote
451 You can change this behavior by setting the
453 .Ev SSL_NO_TLS1_1 and
455 environment variables to disable TLS 1.0, 1.1 and 1.2 respectively.
457 Apart from setting the appropriate environment variables and
458 specifying the user name and password in the URL or the
460 the calling program has the option of defining an authentication
461 function with the following prototype:
464 .Fn myAuthMethod "struct url *u"
466 The callback function should fill in the
470 fields in the provided
472 and return 0 on success, or any other value to indicate failure.
474 To register the authentication callback, simply set
477 The callback will be used whenever a site requires authentication and
478 the appropriate environment variables are not set.
480 This interface is experimental and may be subject to change.
483 returns a pointer to a
485 containing the individual components of the URL.
487 unable to allocate memory, or the URL is syntactically incorrect,
489 returns a NULL pointer.
493 functions return 0 on success and -1 on failure.
495 All other functions return a stream pointer which may be used to
496 access the requested document, or NULL if an error occurred.
498 The following error codes are defined in
501 .It Bq Er FETCH_ABORT
504 Authentication failed
507 .It Bq Er FETCH_EXISTS
512 Informational response
513 .It Bq Er FETCH_MEMORY
515 .It Bq Er FETCH_MOVED
517 .It Bq Er FETCH_NETWORK
521 .It Bq Er FETCH_PROTO
523 .It Bq Er FETCH_RESOLV
525 .It Bq Er FETCH_SERVER
529 .It Bq Er FETCH_TIMEOUT
531 .It Bq Er FETCH_UNAVAIL
532 File is not available
533 .It Bq Er FETCH_UNKNOWN
539 The accompanying error message includes a protocol-specific error code
540 and message, like "File is not available (404 Not Found)"
542 .Bl -tag -width ".Ev FETCH_BIND_ADDRESS"
543 .It Ev FETCH_BIND_ADDRESS
544 Specifies a hostname or IP address to which sockets used for outgoing
545 connections will be bound.
547 Default FTP login if none was provided in the URL.
548 .It Ev FTP_PASSIVE_MODE
551 forces the FTP code to use active mode.
552 If set to any other value, forces passive mode even if the application
553 requested active mode.
555 Default FTP password if the remote server requests one and none was
558 URL of the proxy to use for FTP requests.
559 The document part is ignored.
560 FTP and HTTP proxies are supported; if no scheme is specified, FTP is
562 If the proxy is an FTP proxy,
566 as user name to the proxy, where
568 is the real user name, and
570 is the name of the FTP server.
572 If this variable is set to an empty string, no proxy will be used for
573 FTP requests, even if the
581 Specifies the value of the
583 header for HTTP requests.
590 Specifies HTTP authorization parameters as a colon-separated list of
592 The first and second item are the authorization scheme and realm
593 respectively; further items are scheme-dependent.
598 authorization methods are supported.
600 Both methods require two parameters: the user name and
601 password, in that order.
603 This variable is only used if the server requires authorization and
604 no user name or password was specified in the URL.
606 URL of the proxy to use for HTTP requests.
607 The document part is ignored.
608 Only HTTP proxies are supported for HTTP requests.
609 If no port number is specified, the default is 3128.
611 Note that this proxy will also be used for FTP documents, unless the
618 .It Ev HTTP_PROXY_AUTH
619 Specifies authorization parameters for the HTTP proxy in the same
624 This variable is used if and only if connected to an HTTP proxy, and
625 is ignored if a user and/or a password were specified in the proxy
628 Specifies the referrer URL to use for HTTP requests.
631 the document URL will be used as referrer URL.
632 .It Ev HTTP_USER_AGENT
633 Specifies the User-Agent string to use for HTTP requests.
634 This can be useful when working with HTTP origin or proxy servers that
635 differentiate between user agents.
636 If defined but empty, no User-Agent header is sent.
638 Specifies a file to use instead of
640 to look up login names and passwords for FTP and HTTP sites as well as
644 for a description of the file format.
646 Either a single asterisk, which disables the use of proxies
647 altogether, or a comma- or whitespace-separated list of hosts for
648 which proxies should not be used.
654 Uses SOCKS version 5 to make connection.
655 The format must be the IP or hostname followed by a colon for the port.
656 IPv6 addresses must enclose the address in brackets.
657 If no port is specified, the default is 1080.
658 This setting will supercede a connection to an
660 .It Ev SSL_CA_CERT_FILE
661 CA certificate bundle containing trusted CA certificates.
662 Default value: See HTTPS SCHEME above.
663 .It Ev SSL_CA_CERT_PATH
664 Path containing trusted CA hashes.
665 .It Ev SSL_CLIENT_CERT_FILE
666 PEM encoded client certificate/key which will be used in
667 client certificate authentication.
668 .It Ev SSL_CLIENT_KEY_FILE
669 PEM encoded client key in case key and client certificate
670 are stored separately.
672 File containing certificate revocation list.
674 Do not allow TLS version 1.0 when negotiating the connection.
676 Do not allow TLS version 1.1 when negotiating the connection.
678 Do not allow TLS version 1.2 when negotiating the connection.
679 .It Ev SSL_NO_VERIFY_HOSTNAME
680 If set, do not verify that the hostname matches the subject of the
681 certificate presented by the server.
682 .It Ev SSL_NO_VERIFY_PEER
683 If set, do not verify the peer certificate against trusted CAs.
686 To access a proxy server on
687 .Pa proxy.example.com
690 environment variable in a manner similar to this:
692 .Dl HTTP_PROXY=http://proxy.example.com:8080
694 If the proxy server requires authentication, there are
695 two options available for passing the authentication data.
696 The first method is by using the proxy URL:
698 .Dl HTTP_PROXY=http://<user>:<pwd>@proxy.example.com:8080
700 The second method is by using the
702 environment variable:
703 .Bd -literal -offset indent
704 HTTP_PROXY=http://proxy.example.com:8080
705 HTTP_PROXY_AUTH=basic:*:<user>:<pwd>
708 To disable the use of a proxy for an HTTP server running on the local
712 .Bd -literal -offset indent
713 NO_PROXY=localhost,127.0.0.1
716 To use a SOCKS5 proxy, set the
718 environment variable to a
719 valid host or IP followed by an optional colon and the port.
720 IPv6 addresses must be enclosed in brackets.
721 The following are examples of valid settings:
722 .Bd -literal -offset indent
723 SOCKS5_PROXY=proxy.example.com
724 SOCKS5_PROXY=proxy.example.com:1080
725 SOCKS5_PROXY=192.0.2.0
726 SOCKS5_PROXY=198.51.100.0:1080
727 SOCKS5_PROXY=[2001:db8::1]
728 SOCKS5_PROXY=[2001:db8::2]:1080
731 Access HTTPS website without any certificate verification whatsoever:
732 .Bd -literal -offset indent
734 SSL_NO_VERIFY_HOSTNAME=1
737 Access HTTPS website using client certificate based authentication
739 .Bd -literal -offset indent
740 SSL_CLIENT_CERT_FILE=/path/to/client.pem
741 SSL_CA_CERT_FILE=/path/to/myca.pem
750 .%B File Transfer Protocol
758 .%T How to Use Anonymous FTP
766 .%T Uniform Resource Locators (URL)
778 .%B Hypertext Transfer Protocol -- HTTP/1.1
790 .%B HTTP Authentication: Basic and Digest Access Authentication
796 library first appeared in
802 library was mostly written by
803 .An Dag-Erling Sm\(/orgrav Aq Mt des@FreeBSD.org
804 with numerous suggestions and contributions from
805 .An Jordan K. Hubbard Aq Mt jkh@FreeBSD.org ,
806 .An Eugene Skepner Aq Mt eu@qub.com ,
807 .An Hajimu Umemoto Aq Mt ume@FreeBSD.org ,
808 .An Henry Whincup Aq Mt henry@techiebod.com ,
809 .An Jukka A. Ukkonen Aq Mt jau@iki.fi ,
810 .An Jean-Fran\(,cois Dockes Aq Mt jf@dockes.org ,
811 .An Michael Gmelin Aq Mt freebsd@grem.de
813 It replaces the older
816 .An Poul-Henning Kamp Aq Mt phk@FreeBSD.org
818 .An Jordan K. Hubbard Aq Mt jkh@FreeBSD.org .
820 This manual page was written by
821 .An Dag-Erling Sm\(/orgrav Aq Mt des@FreeBSD.org
823 .An Michael Gmelin Aq Mt freebsd@grem.de .
825 Some parts of the library are not yet implemented.
831 and FTP proxy support.
833 There is no way to select a proxy at run-time other than setting the
837 environment variables as appropriate.
840 does not understand or obey 305 (Use Proxy) replies.
842 Error numbers are unique only within a certain context; the error
843 codes used for FTP and HTTP overlap, as do those used for resolver and
845 For instance, error code 202 means "Command not
846 implemented, superfluous at this site" in an FTP context and
847 "Accepted" in an HTTP context.
850 does not check that the result of an MDTM command is a valid date.
852 In case password protected keys are used for client certificate based
853 authentication the user is prompted for the password on each and every
856 The man page is incomplete, poorly written and produces badly
859 The error reporting mechanism is unsatisfactory.
861 Some parts of the code are not fully reentrant.