4 files changed, 407 insertions, 0 deletions

diff --git a/src/usr.bin/nc/scripts/web b/src/usr.bin/nc/scripts/web
new file mode 100644
index 0000000000..382b18e1e3
--- /dev/null
+++ b/src/usr.bin/nc/scripts/web
@@ -0,0 +1,148 @@
+#! /bin/sh
+## The web sucks.  It is a mighty dismal kludge built out of a thousand
+## tiny dismal kludges all band-aided together, and now these bottom-line
+## clueless pinheads who never heard of "TCP handshake" want to run
+## *commerce* over the damn thing.  Ye godz.  Welcome to TV of the next
+## century -- six million channels of worthless shit to choose from, and
+## about as much security as today's cable industry!
+##
+## Having grown mightily tired of pain in the ass browsers, I decided
+## to build the minimalist client.  It doesn't handle POST, just GETs, but
+## the majority of cgi forms handlers apparently ignore the method anyway.
+## A distinct advantage is that it *doesn't* pass on any other information
+## to the server, like Referer: or info about your local machine such as
+## Netscum tries to!
+##
+## Since the first version, this has become the *almost*-minimalist client,
+## but it saves a lot of typing now.  And with netcat as its backend, it's
+## totally the balls.  Don't have netcat?  Get it here in /src/hacks!
+## _H* 950824, updated 951009 et seq.
+##
+## args: hostname [port].  You feed it the filename-parts of URLs.
+## In the loop, HOST, PORT, and SAVE do the right things; a null line
+## gets the previous spec again [useful for initial timeouts]; EOF to exit.
+## Relative URLs behave like a "cd" to wherever the last slash appears, or
+## just use the last component with the saved preceding "directory" part.
+## "\" clears the "filename" part and asks for just the "directory", and
+## ".." goes up one "directory" level while retaining the "filename" part.
+## Play around; you'll get used to it.
+
+if test "$1" = "" ; then
+  echo Needs hostname arg.
+  exit 1
+fi
+umask 022
+
+# optional PATH fixup
+# PATH=${HOME}:${PATH} ; export PATH
+
+test "${PAGER}" || PAGER=more
+BACKEND="nc -v -w 15"
+TMPAGE=/tmp/web$$
+host="$1"
+port="80"
+if test "$2" != "" ; then
+  port="$2"
+fi
+
+spec="/"
+specD="/"
+specF=''
+saving=''
+
+# be vaguely smart about temp file usage.  Use your own homedir if you're
+# paranoid about someone symlink-racing your shell script, jeez.
+rm -f ${TMPAGE}
+test -f ${TMPAGE} && echo "Can't use ${TMPAGE}" && exit 1
+
+# get loopy.  Yes, I know "echo -n" aint portable.  Everything echoed would
+# need "\c" tacked onto the end in an SV universe, which you can fix yourself.
+while echo -n "${specD}${specF} " && read spec ; do
+  case $spec in
+  HOST)
+    echo -n 'New host: '
+    read host
+    continue
+  ;;
+  PORT)
+    echo -n 'New port: '
+    read port
+    continue
+  ;;
+  SAVE)
+    echo -n 'Save file: '
+    read saving
+# if we've already got a page, save it
+    test "${saving}" && test -f ${TMPAGE} &&
+      echo "=== ${host}:${specD}${specF} ===" >> $saving &&
+      cat ${TMPAGE} >> $saving && echo '' >> $saving
+    continue
+  ;;
+# changing the logic a bit here.  Keep a state-concept of "current dir"
+# and "current file".  Dir is /foo/bar/ ; file is "baz" or null.
+# leading slash: create whole new state.
+  /*)
+    specF=`echo "${spec}" | sed 's|.*/||'`
+    specD=`echo "${spec}" | sed 's|\(.*/\).*|\1|'`
+    spec="${specD}${specF}"
+  ;;
+# embedded slash: adding to the path.  "file" part can be blank, too
+  */*)
+    specF=`echo "${spec}" | sed 's|.*/||'`
+    specD=`echo "${specD}${spec}" | sed 's|\(.*/\).*|\1|'`
+  ;;
+# dotdot: jump "up" one level and just reprompt [confirms what it did...]
+  ..)
+    specD=`echo "${specD}" | sed 's|\(.*/\)..*/|\1|'`
+    continue
+  ;;
+# blank line: do nothing, which will re-get the current one
+  '')
+  ;;
+# hack-quoted blank line: "\" means just zero out "file" part
+  '\')
+    specF=''
+  ;;
+# sigh
+  '?')
+    echo Help yourself.  Read the script fer krissake.
+    continue
+  ;;
+# anything else is taken as a "file" part
+  *)
+    specF=${spec}
+  ;;
+  esac
+
+# now put it together and stuff it down a connection.  Some lame non-unix
+# http servers assume they'll never get simple-query format, and wait till
+# an extra newline arrives.  If you're up against one of these, change
+# below to (echo GET "$spec" ; echo '') | $BACKEND ...
+  spec="${specD}${specF}"
+    echo GET "${spec}" | $BACKEND $host $port > ${TMPAGE}
+  ${PAGER} ${TMPAGE}
+
+# save in a format that still shows the URLs we hit after a de-html run
+  if test "${saving}" ; then
+    echo "=== ${host}:${spec} ===" >> $saving
+    cat ${TMPAGE} >> $saving
+    echo '' >> $saving
+  fi
+done
+rm -f ${TMPAGE}
+exit 0
+
+#######
+# Encoding notes, finally from RFC 1738:
+# %XX -- hex-encode of special chars
+# allowed alphas in a URL: $_-.+!*'(),
+# relative names *not* described, but obviously used all over the place
+# transport://user:pass@host:port/path/name?query-string
+# wais: port 210, //host:port/database?search or /database/type/file?
+# cgi-bin/script?arg1=foo&arg2=bar&...  scripts have to parse xxx&yyy&zzz
+# ISMAP imagemap stuff: /bin/foobar.map?xxx,yyy -- have to guess at coords!
+# local access-ctl files: ncsa: .htaccess ; cern: .www_acl
+#######
+# SEARCH ENGINES: fortunately, all are GET forms or at least work that way...
+# multi-word args for most cases: foo+bar
+# See 'websearch' for concise results of this research...
diff --git a/src/usr.bin/nc/scripts/webproxy b/src/usr.bin/nc/scripts/webproxy
new file mode 100644
index 0000000000..cee2d29fd1
--- /dev/null
+++ b/src/usr.bin/nc/scripts/webproxy
@@ -0,0 +1,138 @@
+#! /bin/sh
+## Web proxy, following the grand tradition of Web things being handled by
+## gross scripts.  Uses netcat to listen on a high port [default 8000],
+## picks apart requests and sends them on to the right place.  Point this
+## at the browser client machine you'll be coming from [to limit access to
+## only it], and point the browser's concept of an HTTP proxy to the
+## machine running this.  Takes a single argument of the client that will
+## be using it, and rejects connections from elsewhere.  LOGS the queries
+## to a configurable logfile, which can be an interesting read later on!
+## If the argument is "reset", the listener and logfile are cleaned up.
+##
+## This works surprisingly fast and well, for a shell script, although may
+## randomly fail when hammered by a browser that tries to open several
+## connections at once.  Drop the "maximum connections" in your browser if
+## this is a problem.
+##
+## A more degenerate case of this, or preferably a small C program that
+## does the same thing under inetd, could handle a small site's worth of
+## proxy queries.  Given the way browsers are evolving, proxies like this
+## can play an important role in protecting your own privacy.
+##
+## If you grabbed this in ASCII mode, search down for "eew" and make sure
+## the embedded-CR check is intact, or requests might hang.
+##
+## Doesn't handle POST forms.  Who cares, if you're just watching HTTV?
+## Dumbness here has a highly desirable side effect: it only sends the first
+## GET line, since that's all you really ever need to send, and suppresses
+## the other somewhat revealing trash that most browsers insist on sending.
+
+# set these as you wish: proxy port...
+PORT=8000
+# logfile spec: a real file or /dev/null if you don't care
+LFILE=${0}.log
+# optional: where to dump connect info, so you can see if anything went wrong
+# CFILE=${0}.conn
+# optional extra args to the listener "nc", for instance "-s inside-net-addr"
+# XNC=''
+
+# functionality switch has to be done fast, so the next listener can start
+# prelaunch check: if no current client and no args, bail.
+case "${1}${CLIENT}" in
+  "")
+    echo needs client hostname
+    exit 1
+  ;;
+esac
+
+case "${1}" in
+  "")
+# Make like inetd, and run the next relayer process NOW.  All the redirection
+# is necessary so this shell has NO remaining channel open to the net.
+# This will hang around for 10 minutes, and exit if no new connections arrive.
+# Using -n for speed, avoiding any DNS/port lookups.
+    nc -w 600 -n -l -p $PORT -e "$0" $XNC "$CLIENT" < /dev/null > /dev/null \
+        2> $CFILE &
+  ;;
+esac
+
+# no client yet and had an arg, this checking can be much slower now
+umask 077
+
+if test "$1" ; then
+# if magic arg, just clean up and then hit our own port to cause server exit
+  if test "$1" = "reset" ; then
+    rm -f $LFILE
+    test -f "$CFILE" && rm -f $CFILE
+    nc -w 1 -n 127.0.0.1 $PORT < /dev/null > /dev/null 2>&1
+    exit 0
+  fi
+# find our ass with both hands
+  test ! -f "$0" && echo "Oops, cannot find my own corporeal being" && exit 1
+# correct launch: set up client access control, passed along thru environment.
+  CLIENT="$1"
+  export CLIENT
+  test "$CFILE" || CFILE=/dev/null
+  export CFILE
+  touch "$CFILE"
+# tell us what happened during the last run, if possible
+  if test -f "$CFILE"  ; then
+    echo "Last connection results:"
+    cat $CFILE
+  fi
+
+# ping client machine and get its bare IP address
+  CLIENT=`nc -z -v -w 8 "$1" 22000 2>&1 | sed 's/.*\[\(..*\)\].*/\1/'`
+  test ! "$CLIENT" && echo "Can't find address of $1" && exit 1
+
+# if this was an initial launch, be informative about it
+  echo "=== Launch: $CLIENT" >> $LFILE
+  echo "Proxy running -- will accept connections on $PORT from $CLIENT"
+  echo "  Logging queries to $LFILE"
+  test -f "$CFILE" && echo "  and connection fuckups to $CFILE"
+
+# and run the first listener, showing us output just for the first hit
+  nc -v -w 600 -n -l -p $PORT -e "$0" $XNC "$CLIENT" &
+  exit 0
+fi
+
+# Fall here to handle a page.
+# GET type://host.name:80/file/path HTTP/1.0
+# Additional: trash
+# More: trash
+# <newline>
+
+read x1 x2 x3 x4
+echo "=== query: $x1 $x2 $x3 $x4" >> $LFILE
+test "$x4" && echo "extra junk after request: $x4" && exit 0
+# nuke questionable characters and split up the request
+hurl=`echo "$x2" | sed -e "s+.*//++" -e 's+[\`'\''|$;<>{}\\!*()"]++g'`
+# echo massaged hurl: $hurl >> $LFILE
+hh=`echo "$hurl" | sed -e "s+/.*++" -e "s+:.*++"`
+hp=`echo "$hurl" | sed -e "s+.*:++" -e "s+/.*++"`
+test "$hp" = "$hh" && hp=80
+hf=`echo "$hurl" | sed -e "s+[^/]*++"`
+# echo total split: $hh : $hp : $hf >> $LFILE
+# suck in and log the entire request, because we're curious
+# Fails on multipart stuff like forms; oh well...
+if test "$x3" ; then
+  while read xx ; do
+    echo "${xx}" >> $LFILE
+    test "${xx}" || break
+# eew, buried returns, gross but necessary for DOS stupidity:
+    test "${xx}" = "
" && break
+  done
+fi
+# check for non-GET *after* we log the query...
+test "$x1" != "GET" && echo "sorry, this proxy only does GETs" && exit 0
+# no, you can *not* phone home, you miserable piece of shit
+test "`echo $hh | fgrep -i netscap`" && \
+  echo "access to Netscam's servers <b>DENIED.</b>" && exit 0
+# Do it.  30 sec net-wait time oughta be *plenty*...
+# Some braindead servers have forgotten how to handle the simple-query syntax.
+# If necessary, replace below with (echo "$x1 $hf" ; echo '') | nc...
+echo "$x1 $hf" | nc -w 30 "$hh" "$hp" 2> /dev/null || \
+  echo "oops, can't get to $hh : $hp".
+echo "sent \"$x1 $hf\" to $hh : $hp" >> $LFILE
+exit 0
+
diff --git a/src/usr.bin/nc/scripts/webrelay b/src/usr.bin/nc/scripts/webrelay
new file mode 100644
index 0000000000..829a8b0708
--- /dev/null
+++ b/src/usr.bin/nc/scripts/webrelay
@@ -0,0 +1,44 @@
+#! /bin/sh
+## web relay -- a degenerate version of webproxy, usable with browsers that
+## don't understand proxies.  This just forwards connections to a given server.
+## No query logging, no access control [although you can add it to XNC for
+## your own run], and full-URL links will undoubtedly confuse the browser
+## if it can't reach the server directly.  This was actually written before
+## the full proxy was, and it shows.
+## The arguments in this case are the destination server and optional port.
+## Please flame pinheads who use self-referential absolute links.
+
+# set these as you wish: proxy port...
+PORT=8000
+# any extra args to the listening "nc", for instance "-s inside-net-addr"
+XNC=''
+
+# functionality switch, which has to be done fast to start the next listener
+case "${1}${RDEST}" in
+  "")
+    echo needs hostname
+    exit 1
+  ;;
+esac
+
+case "${1}" in
+  "")
+# no args: fire off new relayer process NOW.  Will hang around for 10 minutes
+    nc -w 600 -l -n -p $PORT -e "$0" $XNC < /dev/null > /dev/null 2>&1 &
+# and handle this request, which will simply fail if vars not set yet.
+    exec nc -w 15 $RDEST $RPORT
+  ;;
+esac
+
+# Fall here for setup; this can now be slower.
+RDEST="$1"
+RPORT="$2"
+test "$RPORT" || RPORT=80
+export RDEST RPORT
+
+# Launch the first relayer same as above, but let its error msgs show up
+# will hang around for a minute, and exit if no new connections arrive.
+nc -v -w 600 -l -p $PORT -e "$0" $XNC < /dev/null > /dev/null &
+echo \
+  "Relay to ${RDEST}:${RPORT} running -- point your browser here on port $PORT"
+exit 0
diff --git a/src/usr.bin/nc/scripts/websearch b/src/usr.bin/nc/scripts/websearch
new file mode 100644
index 0000000000..60c3a3356a
--- /dev/null
+++ b/src/usr.bin/nc/scripts/websearch
@@ -0,0 +1,77 @@
+#! /bin/sh
+## Hit the major search engines.  Hose the [large] output to a file!
+## autoconverts multiple arguments into the right format for given servers --
+## usually worda+wordb, with certain lame exceptions like dejanews.
+## Extracting and post-sorting the URLs is highly recommended...
+##
+## Altavista currently handled by a separate script; may merge at some point.
+##
+## _H* original 950824, updated 951218 and 960209
+
+test "${1}" = "" && echo 'Needs argument[s] to search for!' && exit 1
+PLUSARG="`echo $* | sed 's/ /+/g'`"
+PIPEARG="`echo ${PLUSARG} | sed 's/+/|/g'`"
+IFILE=/tmp/.webq.$$
+
+# Don't have "nc"?  Get "netcat" from avian.org and add it to your toolkit.
+doquery () {
+  echo GET "$1" | nc -v -i 1 -w 30 "$2" "$3"
+}
+
+# changed since original: now supplying port numbers and separator lines...
+
+echo "=== Yahoo ==="
+doquery "/bin/search?p=${PLUSARG}&n=300&w=w&s=a" search.yahoo.com 80
+
+echo '' ; echo "=== Webcrawler ==="
+doquery "/cgi-bin/WebQuery?searchText=${PLUSARG}&maxHits=300" webcrawler.com 80
+
+# the infoseek lamers want "registration" before they do a real search, but...
+echo '' ; echo "=== Infoseek ==="
+echo "  is broken."
+# doquery "WW/IS/Titles?qt=${PLUSARG}" www2.infoseek.com 80
+# ... which doesn't work cuz their lame server wants the extra newlines, WITH
+# CRLF pairs ferkrissake.  Fuck 'em for now, they're hopelessly broken.  If
+# you want to play, the basic idea and query formats follow.
+# echo "GET /WW/IS/Titles?qt=${PLUSARG}" > $IFILE
+# echo "" >> $IFILE
+# nc -v -w 30 guide-p.infoseek.com 80 < $IFILE
+
+# this is kinda flakey; might have to do twice??
+echo '' ; echo "=== Opentext ==="
+doquery "/omw/simplesearch?SearchFor=${PLUSARG}&mode=phrase" \
+  search.opentext.com 80
+
+# looks like inktomi will only take hits=100, or defaults back to 30
+# we try to suppress all the stupid rating dots here, too
+echo '' ; echo "=== Inktomi ==="
+doquery "/query/?query=${PLUSARG}&hits=100" ink3.cs.berkeley.edu 1234 | \
+  sed '/^<IMG ALT.*inktomi.*\.gif">$/d'
+
+#djnews lame shit limits hits to 120 and has nonstandard format
+echo '' ; echo "=== Dejanews ==="
+doquery "/cgi-bin/nph-dnquery?query=${PIPEARG}+maxhits=110+format=terse+defaultOp=AND" \
+  smithers.dejanews.com 80
+
+# OLD lycos: used to work until they fucking BROKE it...
+# doquery "/cgi-bin/pursuit?query=${PLUSARG}&maxhits=300&terse=1" \
+#   query5.lycos.cs.cmu.edu 80
+# NEW lycos: wants the User-agent field present in query or it returns nothing
+# 960206: webmaster@lycos duly bitched at
+# 960208: reply received; here's how we will now handle it:
+echo \
+"GET /cgi-bin/pursuit?query=${PLUSARG}&maxhits=300&terse=terse&matchmode=and&minscore=.5 HTTP/1.x" \
+  > $IFILE
+echo "User-agent: *FUCK OFF*" >> $IFILE
+echo "Why: go ask todd@pointcom.com (Todd Whitney)" >> $IFILE
+echo '' >> $IFILE
+echo '' ; echo "=== Lycos ==="
+nc -v -i 1 -w 30 twelve.srv.lycos.com 80 < $IFILE
+
+rm -f $IFILE
+exit 0
+
+# CURRENTLY BROKEN [?]
+# infoseek
+
+# some args need to be redone to ensure whatever "and" mode applies