tftp.c revision 330898
1/* $NetBSD: tftp.c,v 1.4 1997/09/17 16:57:07 drochner Exp $ */ 2 3/* 4 * Copyright (c) 1996 5 * Matthias Drochner. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed for the NetBSD Project 18 * by Matthias Drochner. 19 * 4. The name of the author may not be used to endorse or promote products 20 * derived from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34#include <sys/cdefs.h> 35__FBSDID("$FreeBSD: stable/11/stand/libsa/tftp.c 330898 2018-03-14 03:30:34Z kevans $"); 36 37/* 38 * Simple TFTP implementation for libsa. 39 * Assumes: 40 * - socket descriptor (int) at open_file->f_devdata 41 * - server host IP in global servip 42 * Restrictions: 43 * - read only 44 * - lseek only with SEEK_SET or SEEK_CUR 45 * - no big time differences between transfers (<tftp timeout) 46 */ 47 48#include <sys/types.h> 49#include <sys/stat.h> 50#include <netinet/in.h> 51#include <netinet/udp.h> 52#include <netinet/in_systm.h> 53#include <arpa/tftp.h> 54 55#include <string.h> 56 57#include "stand.h" 58#include "net.h" 59#include "netif.h" 60 61#include "tftp.h" 62 63struct tftp_handle; 64struct tftprecv_extra; 65 66static ssize_t recvtftp(struct iodesc *d, void **pkt, void **payload, 67 time_t tleft, void *recv_extra); 68static int tftp_open(const char *path, struct open_file *f); 69static int tftp_close(struct open_file *f); 70static int tftp_parse_oack(struct tftp_handle *h, char *buf, size_t len); 71static int tftp_read(struct open_file *f, void *buf, size_t size, size_t *resid); 72static int tftp_write(struct open_file *f, void *buf, size_t size, size_t *resid); 73static off_t tftp_seek(struct open_file *f, off_t offset, int where); 74static int tftp_set_blksize(struct tftp_handle *h, const char *str); 75static int tftp_stat(struct open_file *f, struct stat *sb); 76 77struct fs_ops tftp_fsops = { 78 "tftp", 79 tftp_open, 80 tftp_close, 81 tftp_read, 82 tftp_write, 83 tftp_seek, 84 tftp_stat, 85 null_readdir 86}; 87 88extern struct in_addr servip; 89 90static int tftpport = 2000; 91static int is_open = 0; 92 93/* 94 * The legacy TFTP_BLKSIZE value was SEGSIZE(512). 95 * TFTP_REQUESTED_BLKSIZE of 1428 is (Ethernet MTU, less the TFTP, UDP and 96 * IP header lengths). 97 */ 98#define TFTP_REQUESTED_BLKSIZE 1428 99 100/* 101 * Choose a blksize big enough so we can test with Ethernet 102 * Jumbo frames in the future. 103 */ 104#define TFTP_MAX_BLKSIZE 9008 105 106struct tftp_handle { 107 struct iodesc *iodesc; 108 int currblock; /* contents of lastdata */ 109 int islastblock; /* flag */ 110 int validsize; 111 int off; 112 char *path; /* saved for re-requests */ 113 unsigned int tftp_blksize; 114 unsigned long tftp_tsize; 115 void *pkt; 116 struct tftphdr *tftp_hdr; 117}; 118 119struct tftprecv_extra { 120 struct tftp_handle *tftp_handle; 121 unsigned short rtype; /* Received type */ 122}; 123 124#define TFTP_MAX_ERRCODE EOPTNEG 125static const int tftperrors[TFTP_MAX_ERRCODE + 1] = { 126 0, /* ??? */ 127 ENOENT, 128 EPERM, 129 ENOSPC, 130 EINVAL, /* ??? */ 131 EINVAL, /* ??? */ 132 EEXIST, 133 EINVAL, /* ??? */ 134 EINVAL, /* Option negotiation failed. */ 135}; 136 137static int tftp_getnextblock(struct tftp_handle *h); 138 139/* send error message back. */ 140static void 141tftp_senderr(struct tftp_handle *h, u_short errcode, const char *msg) 142{ 143 struct { 144 u_char header[HEADER_SIZE]; 145 struct tftphdr t; 146 u_char space[63]; /* +1 from t */ 147 } __packed __aligned(4) wbuf; 148 char *wtail; 149 int len; 150 151 len = strlen(msg); 152 if (len > sizeof(wbuf.space)) 153 len = sizeof(wbuf.space); 154 155 wbuf.t.th_opcode = htons((u_short) ERROR); 156 wbuf.t.th_code = htons(errcode); 157 158 wtail = wbuf.t.th_msg; 159 bcopy(msg, wtail, len); 160 wtail[len] = '\0'; 161 wtail += len + 1; 162 163 sendudp(h->iodesc, &wbuf.t, wtail - (char *) &wbuf.t); 164} 165 166static void 167tftp_sendack(struct tftp_handle *h) 168{ 169 struct { 170 u_char header[HEADER_SIZE]; 171 struct tftphdr t; 172 } __packed __aligned(4) wbuf; 173 char *wtail; 174 175 wbuf.t.th_opcode = htons((u_short) ACK); 176 wtail = (char *) &wbuf.t.th_block; 177 wbuf.t.th_block = htons((u_short) h->currblock); 178 wtail += 2; 179 180 sendudp(h->iodesc, &wbuf.t, wtail - (char *) &wbuf.t); 181} 182 183static ssize_t 184recvtftp(struct iodesc *d, void **pkt, void **payload, time_t tleft, 185 void *recv_extra) 186{ 187 struct tftprecv_extra *extra; 188 struct tftp_handle *h; 189 struct tftphdr *t; 190 unsigned short *rtype; 191 void *ptr = NULL; 192 ssize_t len; 193 194 errno = 0; 195 extra = (struct tftprecv_extra *)recv_extra; 196 h = extra->tftp_handle; 197 198 len = readudp(d, &ptr, (void **)&t, tleft); 199 200 if (len < 4) { 201 free(ptr); 202 return (-1); 203 } 204 205 extra->rtype = ntohs(t->th_opcode); 206 switch (ntohs(t->th_opcode)) { 207 case DATA: { 208 int got; 209 210 if (htons(t->th_block) != (u_short) d->xid) { 211 /* 212 * Expected block? 213 */ 214 free(ptr); 215 return (-1); 216 } 217 if (d->xid == 1) { 218 /* 219 * First data packet from new port. 220 */ 221 struct udphdr *uh; 222 uh = (struct udphdr *) t - 1; 223 d->destport = uh->uh_sport; 224 } /* else check uh_sport has not changed??? */ 225 got = len - (t->th_data - (char *)t); 226 *pkt = ptr; 227 *payload = t; 228 return (got); 229 } 230 case ERROR: 231 if ((unsigned) ntohs(t->th_code) > TFTP_MAX_ERRCODE) { 232 printf("illegal tftp error %d\n", ntohs(t->th_code)); 233 errno = EIO; 234 } else { 235#ifdef TFTP_DEBUG 236 printf("tftp-error %d\n", ntohs(t->th_code)); 237#endif 238 errno = tftperrors[ntohs(t->th_code)]; 239 } 240 free(ptr); 241 return (-1); 242 case OACK: { 243 struct udphdr *uh; 244 int tftp_oack_len; 245 246 /* 247 * Unexpected OACK. TFTP transfer already in progress. 248 * Drop the pkt. 249 */ 250 if (d->xid != 1) { 251 free(ptr); 252 return (-1); 253 } 254 255 /* 256 * Remember which port this OACK came from, because we need 257 * to send the ACK or errors back to it. 258 */ 259 uh = (struct udphdr *) t - 1; 260 d->destport = uh->uh_sport; 261 262 /* Parse options ACK-ed by the server. */ 263 tftp_oack_len = len - sizeof(t->th_opcode); 264 if (tftp_parse_oack(h, t->th_u.tu_stuff, tftp_oack_len) != 0) { 265 tftp_senderr(h, EOPTNEG, "Malformed OACK"); 266 errno = EIO; 267 free(ptr); 268 return (-1); 269 } 270 *pkt = ptr; 271 *payload = t; 272 return (0); 273 } 274 default: 275#ifdef TFTP_DEBUG 276 printf("tftp type %d not handled\n", ntohs(t->th_opcode)); 277#endif 278 free(ptr); 279 return (-1); 280 } 281} 282 283/* send request, expect first block (or error) */ 284static int 285tftp_makereq(struct tftp_handle *h) 286{ 287 struct { 288 u_char header[HEADER_SIZE]; 289 struct tftphdr t; 290 u_char space[FNAME_SIZE + 6]; 291 } __packed __aligned(4) wbuf; 292 struct tftprecv_extra recv_extra; 293 char *wtail; 294 int l; 295 ssize_t res; 296 void *pkt; 297 struct tftphdr *t; 298 char *tftp_blksize = NULL; 299 int blksize_l; 300 301 /* 302 * Allow overriding default TFTP block size by setting 303 * a tftp.blksize environment variable. 304 */ 305 if ((tftp_blksize = getenv("tftp.blksize")) != NULL) { 306 tftp_set_blksize(h, tftp_blksize); 307 } 308 309 wbuf.t.th_opcode = htons((u_short) RRQ); 310 wtail = wbuf.t.th_stuff; 311 l = strlen(h->path); 312#ifdef TFTP_PREPEND_PATH 313 if (l > FNAME_SIZE - (sizeof(TFTP_PREPEND_PATH) - 1)) 314 return (ENAMETOOLONG); 315 bcopy(TFTP_PREPEND_PATH, wtail, sizeof(TFTP_PREPEND_PATH) - 1); 316 wtail += sizeof(TFTP_PREPEND_PATH) - 1; 317#else 318 if (l > FNAME_SIZE) 319 return (ENAMETOOLONG); 320#endif 321 bcopy(h->path, wtail, l + 1); 322 wtail += l + 1; 323 bcopy("octet", wtail, 6); 324 wtail += 6; 325 bcopy("blksize", wtail, 8); 326 wtail += 8; 327 blksize_l = sprintf(wtail, "%d", h->tftp_blksize); 328 wtail += blksize_l + 1; 329 bcopy("tsize", wtail, 6); 330 wtail += 6; 331 bcopy("0", wtail, 2); 332 wtail += 2; 333 334 /* h->iodesc->myport = htons(--tftpport); */ 335 h->iodesc->myport = htons(tftpport + (getsecs() & 0x3ff)); 336 h->iodesc->destport = htons(IPPORT_TFTP); 337 h->iodesc->xid = 1; /* expected block */ 338 339 h->currblock = 0; 340 h->islastblock = 0; 341 h->validsize = 0; 342 343 pkt = NULL; 344 recv_extra.tftp_handle = h; 345 res = sendrecv(h->iodesc, &sendudp, &wbuf.t, wtail - (char *) &wbuf.t, 346 (void *)&recvtftp, &pkt, (void **)&t, &recv_extra); 347 if (res == -1) { 348 free(pkt); 349 return (errno); 350 } 351 352 free(h->pkt); 353 h->pkt = pkt; 354 h->tftp_hdr = t; 355 356 if (recv_extra.rtype == OACK) 357 return (tftp_getnextblock(h)); 358 359 /* Server ignored our blksize request, revert to TFTP default. */ 360 h->tftp_blksize = SEGSIZE; 361 362 switch (recv_extra.rtype) { 363 case DATA: { 364 h->currblock = 1; 365 h->validsize = res; 366 h->islastblock = 0; 367 if (res < h->tftp_blksize) { 368 h->islastblock = 1; /* very short file */ 369 tftp_sendack(h); 370 } 371 return (0); 372 } 373 case ERROR: 374 default: 375 return (errno); 376 } 377 378} 379 380/* ack block, expect next */ 381static int 382tftp_getnextblock(struct tftp_handle *h) 383{ 384 struct { 385 u_char header[HEADER_SIZE]; 386 struct tftphdr t; 387 } __packed __aligned(4) wbuf; 388 struct tftprecv_extra recv_extra; 389 char *wtail; 390 int res; 391 void *pkt; 392 struct tftphdr *t; 393 wbuf.t.th_opcode = htons((u_short) ACK); 394 wtail = (char *) &wbuf.t.th_block; 395 wbuf.t.th_block = htons((u_short) h->currblock); 396 wtail += 2; 397 398 h->iodesc->xid = h->currblock + 1; /* expected block */ 399 400 pkt = NULL; 401 recv_extra.tftp_handle = h; 402 res = sendrecv(h->iodesc, &sendudp, &wbuf.t, wtail - (char *) &wbuf.t, 403 (void *)&recvtftp, &pkt, (void **)&t, &recv_extra); 404 405 if (res == -1) { /* 0 is OK! */ 406 free(pkt); 407 return (errno); 408 } 409 410 free(h->pkt); 411 h->pkt = pkt; 412 h->tftp_hdr = t; 413 h->currblock++; 414 h->validsize = res; 415 if (res < h->tftp_blksize) 416 h->islastblock = 1; /* EOF */ 417 418 if (h->islastblock == 1) { 419 /* Send an ACK for the last block */ 420 wbuf.t.th_block = htons((u_short) h->currblock); 421 sendudp(h->iodesc, &wbuf.t, wtail - (char *)&wbuf.t); 422 } 423 424 return (0); 425} 426 427static int 428tftp_open(const char *path, struct open_file *f) 429{ 430 struct tftp_handle *tftpfile; 431 struct iodesc *io; 432 int res; 433 size_t pathsize; 434 const char *extraslash; 435 436 if (netproto != NET_TFTP) 437 return (EINVAL); 438 439 if (f->f_dev->dv_type != DEVT_NET) 440 return (EINVAL); 441 442 if (is_open) 443 return (EBUSY); 444 445 tftpfile = (struct tftp_handle *) malloc(sizeof(*tftpfile)); 446 if (!tftpfile) 447 return (ENOMEM); 448 449 memset(tftpfile, 0, sizeof(*tftpfile)); 450 tftpfile->tftp_blksize = TFTP_REQUESTED_BLKSIZE; 451 tftpfile->iodesc = io = socktodesc(*(int *) (f->f_devdata)); 452 if (io == NULL) 453 return (EINVAL); 454 455 io->destip = servip; 456 tftpfile->off = 0; 457 pathsize = (strlen(rootpath) + 1 + strlen(path) + 1) * sizeof(char); 458 tftpfile->path = malloc(pathsize); 459 if (tftpfile->path == NULL) { 460 free(tftpfile); 461 return(ENOMEM); 462 } 463 if (rootpath[strlen(rootpath) - 1] == '/' || path[0] == '/') 464 extraslash = ""; 465 else 466 extraslash = "/"; 467 res = snprintf(tftpfile->path, pathsize, "%s%s%s", 468 rootpath, extraslash, path); 469 if (res < 0 || res > pathsize) { 470 free(tftpfile->path); 471 free(tftpfile); 472 return(ENOMEM); 473 } 474 475 res = tftp_makereq(tftpfile); 476 477 if (res) { 478 free(tftpfile->path); 479 free(tftpfile->pkt); 480 free(tftpfile); 481 return (res); 482 } 483 f->f_fsdata = (void *) tftpfile; 484 is_open = 1; 485 return (0); 486} 487 488static int 489tftp_read(struct open_file *f, void *addr, size_t size, 490 size_t *resid /* out */) 491{ 492 struct tftp_handle *tftpfile; 493 tftpfile = (struct tftp_handle *) f->f_fsdata; 494 495 while (size > 0) { 496 int needblock, count; 497 498 twiddle(32); 499 500 needblock = tftpfile->off / tftpfile->tftp_blksize + 1; 501 502 if (tftpfile->currblock > needblock) { /* seek backwards */ 503 tftp_senderr(tftpfile, 0, "No error: read aborted"); 504 tftp_makereq(tftpfile); /* no error check, it worked 505 * for open */ 506 } 507 508 while (tftpfile->currblock < needblock) { 509 int res; 510 511 res = tftp_getnextblock(tftpfile); 512 if (res) { /* no answer */ 513#ifdef TFTP_DEBUG 514 printf("tftp: read error\n"); 515#endif 516 return (res); 517 } 518 if (tftpfile->islastblock) 519 break; 520 } 521 522 if (tftpfile->currblock == needblock) { 523 int offinblock, inbuffer; 524 525 offinblock = tftpfile->off % tftpfile->tftp_blksize; 526 527 inbuffer = tftpfile->validsize - offinblock; 528 if (inbuffer < 0) { 529#ifdef TFTP_DEBUG 530 printf("tftp: invalid offset %d\n", 531 tftpfile->off); 532#endif 533 return (EINVAL); 534 } 535 count = (size < inbuffer ? size : inbuffer); 536 bcopy(tftpfile->tftp_hdr->th_data + offinblock, 537 addr, count); 538 539 addr = (char *)addr + count; 540 tftpfile->off += count; 541 size -= count; 542 543 if ((tftpfile->islastblock) && (count == inbuffer)) 544 break; /* EOF */ 545 } else { 546#ifdef TFTP_DEBUG 547 printf("tftp: block %d not found\n", needblock); 548#endif 549 return (EINVAL); 550 } 551 552 } 553 554 if (resid) 555 *resid = size; 556 return (0); 557} 558 559static int 560tftp_close(struct open_file *f) 561{ 562 struct tftp_handle *tftpfile; 563 tftpfile = (struct tftp_handle *) f->f_fsdata; 564 565 /* let it time out ... */ 566 567 if (tftpfile) { 568 free(tftpfile->path); 569 free(tftpfile->pkt); 570 free(tftpfile); 571 } 572 is_open = 0; 573 return (0); 574} 575 576static int 577tftp_write(struct open_file *f __unused, void *start __unused, size_t size __unused, 578 size_t *resid __unused /* out */) 579{ 580 return (EROFS); 581} 582 583static int 584tftp_stat(struct open_file *f, struct stat *sb) 585{ 586 struct tftp_handle *tftpfile; 587 tftpfile = (struct tftp_handle *) f->f_fsdata; 588 589 sb->st_mode = 0444 | S_IFREG; 590 sb->st_nlink = 1; 591 sb->st_uid = 0; 592 sb->st_gid = 0; 593 sb->st_size = (off_t) tftpfile->tftp_tsize; 594 return (0); 595} 596 597static off_t 598tftp_seek(struct open_file *f, off_t offset, int where) 599{ 600 struct tftp_handle *tftpfile; 601 tftpfile = (struct tftp_handle *) f->f_fsdata; 602 603 switch (where) { 604 case SEEK_SET: 605 tftpfile->off = offset; 606 break; 607 case SEEK_CUR: 608 tftpfile->off += offset; 609 break; 610 default: 611 errno = EOFFSET; 612 return (-1); 613 } 614 return (tftpfile->off); 615} 616 617static int 618tftp_set_blksize(struct tftp_handle *h, const char *str) 619{ 620 char *endptr; 621 int new_blksize; 622 int ret = 0; 623 624 if (h == NULL || str == NULL) 625 return (ret); 626 627 new_blksize = 628 (unsigned int)strtol(str, &endptr, 0); 629 630 /* 631 * Only accept blksize value if it is numeric. 632 * RFC2348 specifies that acceptable values are 8-65464. 633 * Let's choose a limit less than MAXRSPACE. 634 */ 635 if (*endptr == '\0' && new_blksize >= 8 636 && new_blksize <= TFTP_MAX_BLKSIZE) { 637 h->tftp_blksize = new_blksize; 638 ret = 1; 639 } 640 641 return (ret); 642} 643 644/* 645 * In RFC2347, the TFTP Option Acknowledgement package (OACK) 646 * is used to acknowledge a client's option negotiation request. 647 * The format of an OACK packet is: 648 * +-------+---~~---+---+---~~---+---+---~~---+---+---~~---+---+ 649 * | opc | opt1 | 0 | value1 | 0 | optN | 0 | valueN | 0 | 650 * +-------+---~~---+---+---~~---+---+---~~---+---+---~~---+---+ 651 * 652 * opc 653 * The opcode field contains a 6, for Option Acknowledgment. 654 * 655 * opt1 656 * The first option acknowledgment, copied from the original 657 * request. 658 * 659 * value1 660 * The acknowledged value associated with the first option. If 661 * and how this value may differ from the original request is 662 * detailed in the specification for the option. 663 * 664 * optN, valueN 665 * The final option/value acknowledgment pair. 666 */ 667static int 668tftp_parse_oack(struct tftp_handle *h, char *buf, size_t len) 669{ 670 /* 671 * We parse the OACK strings into an array 672 * of name-value pairs. 673 */ 674 char *tftp_options[128] = { 0 }; 675 char *val = buf; 676 int i = 0; 677 int option_idx = 0; 678 int blksize_is_set = 0; 679 int tsize = 0; 680 681 unsigned int orig_blksize; 682 683 while (option_idx < 128 && i < len) { 684 if (buf[i] == '\0') { 685 if (&buf[i] > val) { 686 tftp_options[option_idx] = val; 687 val = &buf[i] + 1; 688 ++option_idx; 689 } 690 } 691 ++i; 692 } 693 694 /* Save the block size we requested for sanity check later. */ 695 orig_blksize = h->tftp_blksize; 696 697 /* 698 * Parse individual TFTP options. 699 * * "blksize" is specified in RFC2348. 700 * * "tsize" is specified in RFC2349. 701 */ 702 for (i = 0; i < option_idx; i += 2) { 703 if (strcasecmp(tftp_options[i], "blksize") == 0) { 704 if (i + 1 < option_idx) 705 blksize_is_set = 706 tftp_set_blksize(h, tftp_options[i + 1]); 707 } else if (strcasecmp(tftp_options[i], "tsize") == 0) { 708 if (i + 1 < option_idx) 709 tsize = strtol(tftp_options[i + 1], (char **)NULL, 10); 710 if (tsize != 0) 711 h->tftp_tsize = tsize; 712 } else { 713 /* Do not allow any options we did not expect to be ACKed. */ 714 printf("unexpected tftp option '%s'\n", tftp_options[i]); 715 return (-1); 716 } 717 } 718 719 if (!blksize_is_set) { 720 /* 721 * If TFTP blksize was not set, try defaulting 722 * to the legacy TFTP blksize of SEGSIZE(512) 723 */ 724 h->tftp_blksize = SEGSIZE; 725 } else if (h->tftp_blksize > orig_blksize) { 726 /* 727 * Server should not be proposing block sizes that 728 * exceed what we said we can handle. 729 */ 730 printf("unexpected blksize %u\n", h->tftp_blksize); 731 return (-1); 732 } 733 734#ifdef TFTP_DEBUG 735 printf("tftp_blksize: %u\n", h->tftp_blksize); 736 printf("tftp_tsize: %lu\n", h->tftp_tsize); 737#endif 738 return 0; 739} 740