/* Licensed to the Apache Software Foundation (ASF) under one or more

 * contributor license agreements.  See the NOTICE file distributed with

 * this work for additional information regarding copyright ownership.

 * The ASF licenses this file to You under the Apache License, Version 2.0

 * (the "License"); you may not use this file except in compliance with

 * the License.  You may obtain a copy of the License at

 *

 *     http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

/* FTP routines for Apache proxy */

#define APR_WANT_BYTEFUNC

#include "mod_proxy.h"

#if APR_HAVE_TIME_H

#include <time.h>

#endif

#include "apr_version.h"

#if (APR_MAJOR_VERSION < 1)

#undef apr_socket_create

#define apr_socket_create apr_socket_create_ex

#endif

#define AUTODETECT_PWD

/* Automatic timestamping (Last-Modified header) based on MDTM is used if:

 * 1) the FTP server supports the MDTM command and

 * 2) HAVE_TIMEGM (preferred) or HAVE_GMTOFF is available at compile time

 */

#define USE_MDTM

module AP_MODULE_DECLARE_DATA proxy_ftp_module;

typedef struct {

    int ftp_list_on_wildcard;

    int ftp_list_on_wildcard_set;

    int ftp_escape_wildcards;

    int ftp_escape_wildcards_set;

    const char *ftp_directory_charset;

} proxy_ftp_dir_conf;

static void *create_proxy_ftp_dir_config(apr_pool_t *p, char *dummy)

{

    proxy_ftp_dir_conf *new =

        (proxy_ftp_dir_conf *) apr_pcalloc(p, sizeof(proxy_ftp_dir_conf));

    /* Put these in the dir config so they work inside <Location> */

    new->ftp_list_on_wildcard = 1;

    new->ftp_escape_wildcards = 1;

    return (void *) new;

}

static void *merge_proxy_ftp_dir_config(apr_pool_t *p, void *basev, void *addv)

{

    proxy_ftp_dir_conf *new = (proxy_ftp_dir_conf *) apr_pcalloc(p, sizeof(proxy_ftp_dir_conf));

    proxy_ftp_dir_conf *add = (proxy_ftp_dir_conf *) addv;

    proxy_ftp_dir_conf *base = (proxy_ftp_dir_conf *) basev;

    /* Put these in the dir config so they work inside <Location> */

    new->ftp_list_on_wildcard = add->ftp_list_on_wildcard_set ?

                                add->ftp_list_on_wildcard :

                                base->ftp_list_on_wildcard;

    new->ftp_list_on_wildcard_set = add->ftp_list_on_wildcard_set ?

                                1 :

                                base->ftp_list_on_wildcard_set;

    new->ftp_escape_wildcards = add->ftp_escape_wildcards_set ?

                                add->ftp_escape_wildcards :

                                base->ftp_escape_wildcards;

    new->ftp_escape_wildcards_set = add->ftp_escape_wildcards_set ?

                                1 :

                                base->ftp_escape_wildcards_set;

    new->ftp_directory_charset = add->ftp_directory_charset ?

                                 add->ftp_directory_charset :

                                 base->ftp_directory_charset;

    return new;

}

static const char *set_ftp_list_on_wildcard(cmd_parms *cmd, void *dconf,

                                            int flag)

{

    proxy_ftp_dir_conf *conf = dconf;

    conf->ftp_list_on_wildcard = flag;

    conf->ftp_list_on_wildcard_set = 1;

    return NULL;

}

static const char *set_ftp_escape_wildcards(cmd_parms *cmd, void *dconf,

                                            int flag)

{

    proxy_ftp_dir_conf *conf = dconf;

    conf->ftp_escape_wildcards = flag;

    conf->ftp_escape_wildcards_set = 1;

    return NULL;

}

static const char *set_ftp_directory_charset(cmd_parms *cmd, void *dconf,

                                             const char *arg)

{

    proxy_ftp_dir_conf *conf = dconf;

    conf->ftp_directory_charset = arg;

    return NULL;

}

/*

 * Decodes a '%' escaped string, and returns the number of characters

 */

static int decodeenc(char *x)

{

    int i, j, ch;

    if (x[0] == '\0')

        return 0;               /* special case for no characters */

    for (i = 0, j = 0; x[i] != '\0'; i++, j++) {

        /* decode it if not already done */

        ch = x[i];

        if (ch == '%' && apr_isxdigit(x[i + 1]) && apr_isxdigit(x[i + 2])) {

            ch = ap_proxy_hex2c(&x[i + 1]);

            i += 2;

        }

        x[j] = ch;

    }

    x[j] = '\0';

    return j;

}

/*

 * Escape the globbing characters in a path used as argument to

 * the FTP commands (SIZE, CWD, RETR, MDTM, ...).

 * ftpd assumes '\\' as a quoting character to escape special characters.

 * Just returns the original string if ProxyFtpEscapeWildcards has been

 * configured "off".

 * Returns: escaped string

 */

#define FTP_GLOBBING_CHARS "*?[{~"

static const char *ftp_escape_globbingchars(apr_pool_t *p, const char *path, proxy_ftp_dir_conf *dconf)

{

    char *ret;

    char *d;

    if (!dconf->ftp_escape_wildcards) {

        return path;

    }

    ret = apr_palloc(p, 2*strlen(path)+sizeof(""));

    for (d = ret; *path; ++path) {

        if (strchr(FTP_GLOBBING_CHARS, *path) != NULL)

            *d++ = '\\';

        *d++ = *path;

    }

    *d = '\0';

    return ret;

}

/*

 * Check for globbing characters in a path used as argument to

 * the FTP commands (SIZE, CWD, RETR, MDTM, ...).

 * ftpd assumes '\\' as a quoting character to escape special characters.

 * Returns: 0 (no globbing chars, or all globbing chars escaped), 1 (globbing chars)

 */

static int ftp_check_globbingchars(const char *path)

{

    for ( ; *path; ++path) {

        if (*path == '\\')

            ++path;

        if (*path != '\0' && strchr(FTP_GLOBBING_CHARS, *path) != NULL)

            return TRUE;

    }

    return FALSE;

}

/*

 * checks an encoded ftp string for bad characters, namely, CR, LF or

 * non-ascii character

 */

static int ftp_check_string(const char *x)

{

    int i, ch = 0;

#if APR_CHARSET_EBCDIC

    char buf[1];

#endif

    for (i = 0; x[i] != '\0'; i++) {

        ch = x[i];

        if (ch == '%' && apr_isxdigit(x[i + 1]) && apr_isxdigit(x[i + 2])) {

            ch = ap_proxy_hex2c(&x[i + 1]);

            i += 2;

        }

#if !APR_CHARSET_EBCDIC

        if (ch == '\015' || ch == '\012' || (ch & 0x80))

#else                           /* APR_CHARSET_EBCDIC */

        if (ch == '\r' || ch == '\n')

            return 0;

        buf[0] = ch;

        ap_xlate_proto_to_ascii(buf, 1);

        if (buf[0] & 0x80)

#endif                          /* APR_CHARSET_EBCDIC */

            return 0;

    }

    return 1;

}

/*

 * converts a series of buckets into a string

 * XXX: BillS says this function performs essentially the same function as

 * ap_rgetline() in protocol.c. Deprecate this function and use ap_rgetline()

 * instead? I think ftp_string_read() will not work properly on non ASCII

 * (EBCDIC) machines either.

 */

static apr_status_t ftp_string_read(conn_rec *c, apr_bucket_brigade *bb,

        char *buff, apr_size_t bufflen, int *eos, apr_size_t *outlen)

{

    apr_bucket *e;

    apr_status_t rv;

    char *pos = buff;

    char *response;

    int found = 0;

    apr_size_t len;

    /* start with an empty string */

    buff[0] = 0;

    *eos = 0;

    *outlen = 0;

    /* loop through each brigade */

    while (!found) {

        /* get brigade from network one line at a time */

        if (APR_SUCCESS != (rv = ap_get_brigade(c->input_filters, bb,

                                                AP_MODE_GETLINE,

                                                APR_BLOCK_READ,

                                                0))) {

            return rv;

        }

        /* loop through each bucket */

        while (!found) {

            if (*eos || APR_BRIGADE_EMPTY(bb)) {

                /* The connection aborted or timed out */

                return APR_ECONNABORTED;

            }

            e = APR_BRIGADE_FIRST(bb);

            if (APR_BUCKET_IS_EOS(e)) {

                *eos = 1;

            }

            else {

                if (APR_SUCCESS != (rv = apr_bucket_read(e,

                                                         (const char **)&response,

                                                         &len,

                                                         APR_BLOCK_READ))) {

                    return rv;

                }

                /*

                 * is string LF terminated?

                 * XXX: This check can be made more efficient by simply checking

                 * if the last character in the 'response' buffer is an ASCII_LF.

                 * See ap_rgetline() for an example.

                 */

                if (memchr(response, APR_ASCII_LF, len)) {

                    found = 1;

                }

                /* concat strings until buff is full - then throw the data away */

                if (len > ((bufflen-1)-(pos-buff))) {

                    len = (bufflen-1)-(pos-buff);

                }

                if (len > 0) {

                    memcpy(pos, response, len);

                    pos += len;

                    *outlen += len;

                }

            }

            apr_bucket_delete(e);

        }

        *pos = '\0';

    }

    return APR_SUCCESS;

}

/*

 * Canonicalise ftp URLs.

 */

static int proxy_ftp_canon(request_rec *r, char *url)

{

    char *user, *password, *host, *path, *parms, *strp, sport[7];

    apr_pool_t *p = r->pool;

    const char *err;

    apr_port_t port, def_port;

    /* */

    if (strncasecmp(url, "ftp:", 4) == 0) {

        url += 4;

    }

    else {

        return DECLINED;

    }

    def_port = apr_uri_port_of_scheme("ftp");

    ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "canonicalising URL %s", url);

    port = def_port;

    err = ap_proxy_canon_netloc(p, &url, &user, &password, &host, &port);

    if (err)

        return HTTP_BAD_REQUEST;

    if (user != NULL && !ftp_check_string(user))

        return HTTP_BAD_REQUEST;

    if (password != NULL && !ftp_check_string(password))

        return HTTP_BAD_REQUEST;

    /* now parse path/parameters args, according to rfc1738 */

    /*

     * N.B. if this isn't a true proxy request, then the URL path (but not

     * query args) has already been decoded. This gives rise to the problem

     * of a ; being decoded into the path.

     */

    strp = strchr(url, ';');

    if (strp != NULL) {

        *(strp++) = '\0';

        parms = ap_proxy_canonenc(p, strp, strlen(strp), enc_parm, 0,

                                  r->proxyreq);

        if (parms == NULL)

            return HTTP_BAD_REQUEST;

    }

    else

        parms = "";

    path = ap_proxy_canonenc(p, url, strlen(url), enc_path, 0, r->proxyreq);

    if (path == NULL)

        return HTTP_BAD_REQUEST;

    if (!ftp_check_string(path))

        return HTTP_BAD_REQUEST;

    if (r->proxyreq && r->args != NULL) {

        if (strp != NULL) {

            strp = ap_proxy_canonenc(p, r->args, strlen(r->args), enc_parm, 1, r->proxyreq);

            if (strp == NULL)

                return HTTP_BAD_REQUEST;

            parms = apr_pstrcat(p, parms, "?", strp, NULL);

        }

        else {

            strp = ap_proxy_canonenc(p, r->args, strlen(r->args), enc_fpath, 1, r->proxyreq);

            if (strp == NULL)

                return HTTP_BAD_REQUEST;

            path = apr_pstrcat(p, path, "?", strp, NULL);

        }

        r->args = NULL;

    }

/* now, rebuild URL */

    if (port != def_port)

        apr_snprintf(sport, sizeof(sport), ":%d", port);

    else

        sport[0] = '\0';

    if (ap_strchr_c(host, ':')) { /* if literal IPv6 address */

        host = apr_pstrcat(p, "[", host, "]", NULL);

    }

    r->filename = apr_pstrcat(p, "proxy:ftp://", (user != NULL) ? user : "",

                              (password != NULL) ? ":" : "",

                              (password != NULL) ? password : "",

                          (user != NULL) ? "@" : "", host, sport, "/", path,

                              (parms[0] != '\0') ? ";" : "", parms, NULL);

    return OK;

}

/* we chop lines longer than 80 characters */

#define MAX_LINE_LEN 80

/*

 * Reads response lines, returns both the ftp status code and

 * remembers the response message in the supplied buffer

 */

static int ftp_getrc_msg(conn_rec *ftp_ctrl, apr_bucket_brigade *bb, char *msgbuf, int msglen)

{

    int status;

    char response[MAX_LINE_LEN];

    char buff[5];

    char *mb = msgbuf, *me = &msgbuf[msglen];

    apr_status_t rv;

    apr_size_t nread;

    int eos;

    if (APR_SUCCESS != (rv = ftp_string_read(ftp_ctrl, bb, response, sizeof(response), &eos, &nread))) {

        return -1;

    }

/*

    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL, APLOGNO(03233)

                 "<%s", response);

*/

    if (nread < 4) { 

        ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, APLOGNO(10229) "Malformed FTP response '%s'", response);

        *mb = '\0';

        return -1;

    }

    if (!apr_isdigit(response[0]) || !apr_isdigit(response[1]) ||

        !apr_isdigit(response[2]) || (response[3] != ' ' && response[3] != '-'))

        status = 0;

    else

        status = 100 * response[0] + 10 * response[1] + response[2] - 111 * '0';

    mb = apr_cpystrn(mb, response + 4, me - mb);

    if (response[3] == '-') { /* multi-line reply "123-foo\nbar\n123 baz" */

        memcpy(buff, response, 3);

        buff[3] = ' ';

        do {

            if (APR_SUCCESS != (rv = ftp_string_read(ftp_ctrl, bb, response, sizeof(response), &eos, &nread))) {

                return -1;

            }

            mb = apr_cpystrn(mb, response + (' ' == response[0] ? 1 : 4), me - mb);

        } while (memcmp(response, buff, 4) != 0);

    }

    return status;

}

/* this is a filter that turns a raw ASCII directory listing into pretty HTML */

/* ideally, mod_proxy should simply send the raw directory list up the filter

 * stack to mod_autoindex, which in theory should turn the raw ascii into

 * pretty html along with all the bells and whistles it provides...

 *

 * all in good time...! :)

 */

typedef struct {

    apr_bucket_brigade *in;

    char buffer[MAX_STRING_LEN];

    enum {

        HEADER, BODY, FOOTER

    }    state;

}      proxy_dir_ctx_t;

/* fallback regex for ls -s1;  ($0..$2) == 3 */

#define LS_REG_PATTERN "^ *([0-9]+) +([^ ]+)$"

#define LS_REG_MATCH   3

static ap_regex_t *ls_regex;

static apr_status_t proxy_send_dir_filter(ap_filter_t *f,

                                          apr_bucket_brigade *in)

{

    request_rec *r = f->r;

    conn_rec *c = r->connection;

    apr_pool_t *p = r->pool;

    apr_bucket_brigade *out = apr_brigade_create(p, c->bucket_alloc);

    apr_status_t rv;

    int n;

    char *dir, *path, *reldir, *site, *str, *type;

    const char *pwd = apr_table_get(r->notes, "Directory-PWD");

    const char *readme = apr_table_get(r->notes, "Directory-README");

    proxy_dir_ctx_t *ctx = f->ctx;

    if (!ctx) {

        f->ctx = ctx = apr_pcalloc(p, sizeof(*ctx));

        ctx->in = apr_brigade_create(p, c->bucket_alloc);

        ctx->buffer[0] = 0;

        ctx->state = HEADER;

    }

    /* combine the stored and the new */

    APR_BRIGADE_CONCAT(ctx->in, in);

    if (HEADER == ctx->state) {

        /* basedir is either "", or "/%2f" for the "squid %2f hack" */

        const char *basedir = "";  /* By default, path is relative to the $HOME dir */

        char *wildcard = NULL;

        const char *escpath;

        /*

         * In the reverse proxy case we need to construct our site string

         * via ap_construct_url. For non anonymous sites apr_uri_unparse would

         * only supply us with 'username@' which leads to the construction of

         * an invalid base href later on. Losing the username part of the URL

         * is no problem in the reverse proxy case as the browser sents the

         * credentials anyway once entered.

         */

        if (r->proxyreq == PROXYREQ_REVERSE) {

            site = ap_construct_url(p, "", r);

        }

        else {

            /* Save "scheme://site" prefix without password */

            site = apr_uri_unparse(p, &f->r->parsed_uri,

                                   APR_URI_UNP_OMITPASSWORD |

                                   APR_URI_UNP_OMITPATHINFO);

        }

        /* ... and path without query args */

        path = apr_uri_unparse(p, &f->r->parsed_uri, APR_URI_UNP_OMITSITEPART | APR_URI_UNP_OMITQUERY);

        /* If path began with /%2f, change the basedir */

        if (strncasecmp(path, "/%2f", 4) == 0) {

            basedir = "/%2f";

        }

        /* Strip off a type qualifier. It is ignored for dir listings */

        if ((type = strstr(path, ";type=")) != NULL)

            *type++ = '\0';

        (void)decodeenc(path);

        while (path[1] == '/') /* collapse multiple leading slashes to one */

            ++path;

        reldir = strrchr(path, '/');

        if (reldir != NULL && ftp_check_globbingchars(reldir)) {

            wildcard = &reldir[1];

            reldir[0] = '\0'; /* strip off the wildcard suffix */

        }

        /* Copy path, strip (all except the last) trailing slashes */

        /* (the trailing slash is needed for the dir component loop below) */

        path = dir = apr_pstrcat(p, path, "/", NULL);

        for (n = strlen(path); n > 1 && path[n - 1] == '/' && path[n - 2] == '/'; --n)

            path[n - 1] = '\0';

        /* Add a link to the root directory (if %2f hack was used) */

        str = (basedir[0] != '\0') ? "%2f/" : "";

        /* print "ftp://host/" */

        escpath = ap_escape_html(p, path);

        str = apr_psprintf(p, DOCTYPE_HTML_3_2

                "<html>\n <head>\n  <title>%s%s%s</title>\n"

                "<base href=\"%s%s%s\">\n"

                " </head>\n"

                " <body>\n  
Directory of "

                "%s/%s",

                ap_escape_html(p, site), basedir, escpath,

                ap_escape_uri(p, site), basedir, escpath,

                ap_escape_uri(p, site), str);

        APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(str, strlen(str),

                                                          p, c->bucket_alloc));

        for (dir = path+1; (dir = strchr(dir, '/')) != NULL; )

        {

            *dir = '\0';

            if ((reldir = strrchr(path+1, '/'))==NULL) {

                reldir = path+1;

            }

            else

                ++reldir;

            /* print "path/" component */

            str = apr_psprintf(p, "%s/", basedir,

                        ap_escape_uri(p, path),

                        ap_escape_html(p, reldir));

            *dir = '/';

            while (*dir == '/')

              ++dir;

            APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(str,

                                                           strlen(str), p,

                                                           c->bucket_alloc));

        }

        if (wildcard != NULL) {

            wildcard = ap_escape_html(p, wildcard);

            APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(wildcard,

                                                           strlen(wildcard), p,

                                                           c->bucket_alloc));

        }

        /* If the caller has determined the current directory, and it differs */

        /* from what the client requested, then show the real name */

        if (pwd == NULL || strncmp(pwd, path, strlen(pwd)) == 0) {

            str = apr_psprintf(p, "\n\n  
\n\n
");

        }

        else {

            str = apr_psprintf(p, "\n\n(%s)\n\n  
\n\n
",

                               ap_escape_html(p, pwd));

        }

        APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(str, strlen(str),

                                                           p, c->bucket_alloc));

        /* print README */

        if (readme) {

            str = apr_psprintf(p, "%s\n\n\n
\n\n
\n",

                               ap_escape_html(p, readme));

            APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(str,

                                                           strlen(str), p,

                                                           c->bucket_alloc));

        }

        /* make sure page intro gets sent out */

        APR_BRIGADE_INSERT_TAIL(out, apr_bucket_flush_create(c->bucket_alloc));

        if (APR_SUCCESS != (rv = ap_pass_brigade(f->next, out))) {

            return rv;

        }

        apr_brigade_cleanup(out);

        ctx->state = BODY;

    }

    /* loop through each line of directory */

    while (BODY == ctx->state) {

        char *filename;

        int found = 0;

        int eos = 0;

        ap_regmatch_t re_result[LS_REG_MATCH];

        /* get a complete line */

        /* if the buffer overruns - throw data away */

        while (!found && !APR_BRIGADE_EMPTY(ctx->in)) {

            char *pos, *response;

            apr_size_t len, max;

            apr_bucket *e;

            e = APR_BRIGADE_FIRST(ctx->in);

            if (APR_BUCKET_IS_EOS(e)) {

                eos = 1;

                break;

            }

            if (APR_SUCCESS != (rv = apr_bucket_read(e, (const char **)&response, &len, APR_BLOCK_READ))) {

                return rv;

            }

            pos = memchr(response, APR_ASCII_LF, len);

            if (pos != NULL) {

                if ((response + len) != (pos + 1)) {

                    len = pos - response + 1;

                    apr_bucket_split(e, pos - response + 1);

                }

                found = 1;

            }

            max = sizeof(ctx->buffer) - strlen(ctx->buffer) - 1;

            if (len > max) {

                len = max;

            }

            /* len+1 to leave space for the trailing nil char */

            apr_cpystrn(ctx->buffer+strlen(ctx->buffer), response, len+1);

            apr_bucket_delete(e);

        }

        /* EOS? jump to footer */

        if (eos) {

            ctx->state = FOOTER;

            break;

        }

        /* not complete? leave and try get some more */

        if (!found) {

            return APR_SUCCESS;

        }

        {

            apr_size_t n = strlen(ctx->buffer);

            if (ctx->buffer[n-1] == CRLF[1])  /* strip trailing '\n' */

                ctx->buffer[--n] = '\0';

            if (ctx->buffer[n-1] == CRLF[0])  /* strip trailing '\r' if present */

                ctx->buffer[--n] = '\0';

        }

        /* a symlink? */

        if (ctx->buffer[0] == 'l' && (filename = strstr(ctx->buffer, " -> ")) != NULL) {

            char *link_ptr = filename;

            do {

                filename--;

            } while (filename[0] != ' ' && filename > ctx->buffer);

            if (filename > ctx->buffer)

                *(filename++) = '\0';

            *(link_ptr++) = '\0';

            str = apr_psprintf(p, "%s %s %s\n",

                               ap_escape_html(p, ctx->buffer),

                               ap_escape_uri(p, filename),

                               ap_escape_html(p, filename),

                               ap_escape_html(p, link_ptr));

        }

        /* a directory/file? */

        else if (ctx->buffer[0] == 'd' || ctx->buffer[0] == '-' || ctx->buffer[0] == 'l' || apr_isdigit(ctx->buffer[0])) {

            int searchidx = 0;

            char *searchptr = NULL;

            int firstfile = 1;

            if (apr_isdigit(ctx->buffer[0])) {  /* handle DOS dir */

                searchptr = strchr(ctx->buffer, '<');

                if (searchptr != NULL)

                    *searchptr = '[';

                searchptr = strchr(ctx->buffer, '>');

                if (searchptr != NULL)

                    *searchptr = ']';

            }

            filename = strrchr(ctx->buffer, ' ');

            if (filename == NULL) {

                /* Line is broken.  Ignore it. */

                ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(01034)

                              "proxy_ftp: could not parse line %s",

                              ctx->buffer);

                /* erase buffer for next time around */

                ctx->buffer[0] = 0;

                continue;  /* while state is BODY */

            }

            *(filename++) = '\0';

            /* handle filenames with spaces in 'em */

            if (!strcmp(filename, ".") || !strcmp(filename, "..") || firstfile) {

                firstfile = 0;

                searchidx = filename - ctx->buffer;

            }

            else if (searchidx != 0 && ctx->buffer[searchidx] != 0) {

                *(--filename) = ' ';

                ctx->buffer[searchidx - 1] = '\0';

                filename = &ctx->buffer[searchidx];

            }

            /* Append a slash to the HREF link for directories */

            if (!strcmp(filename, ".") || !strcmp(filename, "..") || ctx->buffer[0] == 'd') {

                str = apr_psprintf(p, "%s %s\n",

                                   ap_escape_html(p, ctx->buffer),

                                   ap_escape_uri(p, filename),

                                   ap_escape_html(p, filename));

            }

            else {

                str = apr_psprintf(p, "%s %s\n",

                                   ap_escape_html(p, ctx->buffer),

                                   ap_escape_uri(p, filename),

                                   ap_escape_html(p, filename));

            }

        }

        /* Try a fallback for listings in the format of "ls -s1" */

        else if (0 == ap_regexec(ls_regex, ctx->buffer, LS_REG_MATCH, re_result, 0)) {

            /*

             * We don't need to check for rm_eo == rm_so == -1 here since ls_regex

             * is such that $2 cannot be unset if we have a match.

             */

            filename = apr_pstrndup(p, &ctx->buffer[re_result[2].rm_so], re_result[2].rm_eo - re_result[2].rm_so);

            str = apr_pstrcat(p, ap_escape_html(p, apr_pstrndup(p, ctx->buffer, re_result[2].rm_so)),

                              "",

                              ap_escape_html(p, filename), "\n", NULL);

        }

        else {

            strcat(ctx->buffer, "\n"); /* re-append the newline */

            str = ap_escape_html(p, ctx->buffer);

        }

        /* erase buffer for next time around */

        ctx->buffer[0] = 0;

        APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(str, strlen(str), p,

                                                            c->bucket_alloc));

        APR_BRIGADE_INSERT_TAIL(out, apr_bucket_flush_create(c->bucket_alloc));

        if (APR_SUCCESS != (rv = ap_pass_brigade(f->next, out))) {

            return rv;

        }

        apr_brigade_cleanup(out);

    }

    if (FOOTER == ctx->state) {

        str = apr_psprintf(p, "\n\n  
\n\n  %s\n\n </body>\n</html>\n", ap_psignature("", r));

        APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(str, strlen(str), p,

                                                            c->bucket_alloc));

        APR_BRIGADE_INSERT_TAIL(out, apr_bucket_flush_create(c->bucket_alloc));

        APR_BRIGADE_INSERT_TAIL(out, apr_bucket_eos_create(c->bucket_alloc));

        if (APR_SUCCESS != (rv = ap_pass_brigade(f->next, out))) {

            return rv;

        }

        apr_brigade_destroy(out);

    }

    return APR_SUCCESS;

}

/* Parse EPSV reply and return port, or zero on error. */

static apr_port_t parse_epsv_reply(const char *reply)

{

    const char *p;

    char *ep;

    long port;

    /* Reply syntax per RFC 2428: "229 blah blah (|||port|)" where '|'

     * can be any character in ASCII from 33-126, obscurely.  Verify

     * the syntax. */

    p = ap_strchr_c(reply, '(');

    if (p == NULL || !p[1] || p[1] != p[2] || p[1] != p[3]

        || p[4] == p[1]) {

        return 0;

    }

    errno = 0;

    port = strtol(p + 4, &ep, 10);

    if (errno || port < 1 || port > 65535 || ep[0] != p[1] || ep[1] != ')') {

        return 0;

    }

    return (apr_port_t)port;

}

/*

 * Generic "send FTP command to server" routine, using the control socket.

 * Returns the FTP returncode (3 digit code)

 * Allows for tracing the FTP protocol (in LogLevel debug)

 */

static int

proxy_ftp_command(const char *cmd, request_rec *r, conn_rec *ftp_ctrl,

                  apr_bucket_brigade *bb, char **pmessage)

{

    char *crlf;

    int rc;

    char message[HUGE_STRING_LEN];

    /* If cmd == NULL, we retrieve the next ftp response line */

    if (cmd != NULL) {

        conn_rec *c = r->connection;

        APR_BRIGADE_INSERT_TAIL(bb, apr_bucket_pool_create(cmd, strlen(cmd), r->pool, c->bucket_alloc));

        APR_BRIGADE_INSERT_TAIL(bb, apr_bucket_flush_create(c->bucket_alloc));

        ap_pass_brigade(ftp_ctrl->output_filters, bb);

        /* strip off the CRLF for logging */

        apr_cpystrn(message, cmd, sizeof(message));

        if ((crlf = strchr(message, '\r')) != NULL ||

            (crlf = strchr(message, '\n')) != NULL)

            *crlf = '\0';

        if (strncmp(message,"PASS ", 5) == 0)

            strcpy(&message[5], "****");

        ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, ">%s", message);

    }

    rc = ftp_getrc_msg(ftp_ctrl, bb, message, sizeof message);

    if (rc == -1 || rc == 421)

        strcpy(message,"<unable to read result>");

    if ((crlf = strchr(message, '\r')) != NULL ||

        (crlf = strchr(message, '\n')) != NULL)

        *crlf = '\0';

    ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, "<%3.3u %s", rc, message);

    if (pmessage != NULL)

        *pmessage = apr_pstrdup(r->pool, message);

    return rc;

}

/* Set ftp server to TYPE {A,I,E} before transfer of a directory or file */

static int ftp_set_TYPE(char xfer_type, request_rec *r, conn_rec *ftp_ctrl,

                  apr_bucket_brigade *bb, char **pmessage)

{

    char old_type[2] = { 'A', '\0' }; /* After logon, mode is ASCII */

    int ret = HTTP_OK;

    int rc;

    /* set desired type */

    old_type[0] = xfer_type;

    rc = proxy_ftp_command(apr_pstrcat(r->pool, "TYPE ", old_type, CRLF, NULL),

                           r, ftp_ctrl, bb, pmessage);

/* responses: 200, 421, 500, 501, 504, 530 */

    /* 200 Command okay. */

    /* 421 Service not available, closing control connection. */

    /* 500 Syntax error, command unrecognized. */

    /* 501 Syntax error in parameters or arguments. */

    /* 504 Command not implemented for that parameter. */

    /* 530 Not logged in. */

    if (rc == -1 || rc == 421) {

        ret = ap_proxyerror(r, HTTP_BAD_GATEWAY,

                             "Error reading from remote server");

    }

    else if (rc != 200 && rc != 504) {

        ret = ap_proxyerror(r, HTTP_BAD_GATEWAY,

                             "Unable to set transfer type");

    }

/* Allow not implemented */