tftp.c revision 344289
1/* $NetBSD: tftp.c,v 1.4 1997/09/17 16:57:07 drochner Exp $ */ 2 3/* 4 * Copyright (c) 1996 5 * Matthias Drochner. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed for the NetBSD Project 18 * by Matthias Drochner. 19 * 4. The name of the author may not be used to endorse or promote products 20 * derived from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34#include <sys/cdefs.h> 35__FBSDID("$FreeBSD: stable/11/stand/libsa/tftp.c 344289 2019-02-19 18:45:40Z kevans $"); 36 37/* 38 * Simple TFTP implementation for libsa. 39 * Assumes: 40 * - socket descriptor (int) at open_file->f_devdata 41 * - server host IP in global servip 42 * Restrictions: 43 * - read only 44 * - lseek only with SEEK_SET or SEEK_CUR 45 * - no big time differences between transfers (<tftp timeout) 46 */ 47 48#include <sys/types.h> 49#include <sys/stat.h> 50#include <netinet/in.h> 51#include <netinet/udp.h> 52#include <netinet/in_systm.h> 53#include <arpa/tftp.h> 54 55#include <string.h> 56 57#include "stand.h" 58#include "net.h" 59#include "netif.h" 60 61#include "tftp.h" 62 63struct tftp_handle; 64struct tftprecv_extra; 65 66static ssize_t recvtftp(struct iodesc *d, void **pkt, void **payload, 67 time_t tleft, void *recv_extra); 68static int tftp_open(const char *path, struct open_file *f); 69static int tftp_close(struct open_file *f); 70static int tftp_parse_oack(struct tftp_handle *h, char *buf, size_t len); 71static int tftp_read(struct open_file *f, void *buf, size_t size, size_t *resid); 72static off_t tftp_seek(struct open_file *f, off_t offset, int where); 73static int tftp_set_blksize(struct tftp_handle *h, const char *str); 74static int tftp_stat(struct open_file *f, struct stat *sb); 75 76struct fs_ops tftp_fsops = { 77 "tftp", 78 tftp_open, 79 tftp_close, 80 tftp_read, 81 null_write, 82 tftp_seek, 83 tftp_stat, 84 null_readdir 85}; 86 87extern struct in_addr servip; 88 89static int tftpport = 2000; 90static int is_open = 0; 91 92/* 93 * The legacy TFTP_BLKSIZE value was SEGSIZE(512). 94 * TFTP_REQUESTED_BLKSIZE of 1428 is (Ethernet MTU, less the TFTP, UDP and 95 * IP header lengths). 96 */ 97#define TFTP_REQUESTED_BLKSIZE 1428 98 99/* 100 * Choose a blksize big enough so we can test with Ethernet 101 * Jumbo frames in the future. 102 */ 103#define TFTP_MAX_BLKSIZE 9008 104 105struct tftp_handle { 106 struct iodesc *iodesc; 107 int currblock; /* contents of lastdata */ 108 int islastblock; /* flag */ 109 int validsize; 110 int off; 111 char *path; /* saved for re-requests */ 112 unsigned int tftp_blksize; 113 unsigned long tftp_tsize; 114 void *pkt; 115 struct tftphdr *tftp_hdr; 116}; 117 118struct tftprecv_extra { 119 struct tftp_handle *tftp_handle; 120 unsigned short rtype; /* Received type */ 121}; 122 123#define TFTP_MAX_ERRCODE EOPTNEG 124static const int tftperrors[TFTP_MAX_ERRCODE + 1] = { 125 0, /* ??? */ 126 ENOENT, 127 EPERM, 128 ENOSPC, 129 EINVAL, /* ??? */ 130 EINVAL, /* ??? */ 131 EEXIST, 132 EINVAL, /* ??? */ 133 EINVAL, /* Option negotiation failed. */ 134}; 135 136static int tftp_getnextblock(struct tftp_handle *h); 137 138/* send error message back. */ 139static void 140tftp_senderr(struct tftp_handle *h, u_short errcode, const char *msg) 141{ 142 struct { 143 u_char header[HEADER_SIZE]; 144 struct tftphdr t; 145 u_char space[63]; /* +1 from t */ 146 } __packed __aligned(4) wbuf; 147 char *wtail; 148 int len; 149 150 len = strlen(msg); 151 if (len > sizeof(wbuf.space)) 152 len = sizeof(wbuf.space); 153 154 wbuf.t.th_opcode = htons((u_short) ERROR); 155 wbuf.t.th_code = htons(errcode); 156 157 wtail = wbuf.t.th_msg; 158 bcopy(msg, wtail, len); 159 wtail[len] = '\0'; 160 wtail += len + 1; 161 162 sendudp(h->iodesc, &wbuf.t, wtail - (char *) &wbuf.t); 163} 164 165static void 166tftp_sendack(struct tftp_handle *h) 167{ 168 struct { 169 u_char header[HEADER_SIZE]; 170 struct tftphdr t; 171 } __packed __aligned(4) wbuf; 172 char *wtail; 173 174 wbuf.t.th_opcode = htons((u_short) ACK); 175 wtail = (char *) &wbuf.t.th_block; 176 wbuf.t.th_block = htons((u_short) h->currblock); 177 wtail += 2; 178 179 sendudp(h->iodesc, &wbuf.t, wtail - (char *) &wbuf.t); 180} 181 182static ssize_t 183recvtftp(struct iodesc *d, void **pkt, void **payload, time_t tleft, 184 void *recv_extra) 185{ 186 struct tftprecv_extra *extra; 187 struct tftp_handle *h; 188 struct tftphdr *t; 189 void *ptr = NULL; 190 ssize_t len; 191 192 errno = 0; 193 extra = (struct tftprecv_extra *)recv_extra; 194 h = extra->tftp_handle; 195 196 len = readudp(d, &ptr, (void **)&t, tleft); 197 198 if (len < 4) { 199 free(ptr); 200 return (-1); 201 } 202 203 extra->rtype = ntohs(t->th_opcode); 204 switch (ntohs(t->th_opcode)) { 205 case DATA: { 206 int got; 207 208 if (htons(t->th_block) != (u_short) d->xid) { 209 /* 210 * Expected block? 211 */ 212 free(ptr); 213 return (-1); 214 } 215 if (d->xid == 1) { 216 /* 217 * First data packet from new port. 218 */ 219 struct udphdr *uh; 220 uh = (struct udphdr *) t - 1; 221 d->destport = uh->uh_sport; 222 } /* else check uh_sport has not changed??? */ 223 got = len - (t->th_data - (char *)t); 224 *pkt = ptr; 225 *payload = t; 226 return (got); 227 } 228 case ERROR: 229 if ((unsigned) ntohs(t->th_code) > TFTP_MAX_ERRCODE) { 230 printf("illegal tftp error %d\n", ntohs(t->th_code)); 231 errno = EIO; 232 } else { 233#ifdef TFTP_DEBUG 234 printf("tftp-error %d\n", ntohs(t->th_code)); 235#endif 236 errno = tftperrors[ntohs(t->th_code)]; 237 } 238 free(ptr); 239 return (-1); 240 case OACK: { 241 struct udphdr *uh; 242 int tftp_oack_len; 243 244 /* 245 * Unexpected OACK. TFTP transfer already in progress. 246 * Drop the pkt. 247 */ 248 if (d->xid != 1) { 249 free(ptr); 250 return (-1); 251 } 252 253 /* 254 * Remember which port this OACK came from, because we need 255 * to send the ACK or errors back to it. 256 */ 257 uh = (struct udphdr *) t - 1; 258 d->destport = uh->uh_sport; 259 260 /* Parse options ACK-ed by the server. */ 261 tftp_oack_len = len - sizeof(t->th_opcode); 262 if (tftp_parse_oack(h, t->th_u.tu_stuff, tftp_oack_len) != 0) { 263 tftp_senderr(h, EOPTNEG, "Malformed OACK"); 264 errno = EIO; 265 free(ptr); 266 return (-1); 267 } 268 *pkt = ptr; 269 *payload = t; 270 return (0); 271 } 272 default: 273#ifdef TFTP_DEBUG 274 printf("tftp type %d not handled\n", ntohs(t->th_opcode)); 275#endif 276 free(ptr); 277 return (-1); 278 } 279} 280 281/* send request, expect first block (or error) */ 282static int 283tftp_makereq(struct tftp_handle *h) 284{ 285 struct { 286 u_char header[HEADER_SIZE]; 287 struct tftphdr t; 288 u_char space[FNAME_SIZE + 6]; 289 } __packed __aligned(4) wbuf; 290 struct tftprecv_extra recv_extra; 291 char *wtail; 292 int l; 293 ssize_t res; 294 void *pkt; 295 struct tftphdr *t; 296 char *tftp_blksize = NULL; 297 int blksize_l; 298 299 /* 300 * Allow overriding default TFTP block size by setting 301 * a tftp.blksize environment variable. 302 */ 303 if ((tftp_blksize = getenv("tftp.blksize")) != NULL) { 304 tftp_set_blksize(h, tftp_blksize); 305 } 306 307 wbuf.t.th_opcode = htons((u_short) RRQ); 308 wtail = wbuf.t.th_stuff; 309 l = strlen(h->path); 310#ifdef TFTP_PREPEND_PATH 311 if (l > FNAME_SIZE - (sizeof(TFTP_PREPEND_PATH) - 1)) 312 return (ENAMETOOLONG); 313 bcopy(TFTP_PREPEND_PATH, wtail, sizeof(TFTP_PREPEND_PATH) - 1); 314 wtail += sizeof(TFTP_PREPEND_PATH) - 1; 315#else 316 if (l > FNAME_SIZE) 317 return (ENAMETOOLONG); 318#endif 319 bcopy(h->path, wtail, l + 1); 320 wtail += l + 1; 321 bcopy("octet", wtail, 6); 322 wtail += 6; 323 bcopy("blksize", wtail, 8); 324 wtail += 8; 325 blksize_l = sprintf(wtail, "%d", h->tftp_blksize); 326 wtail += blksize_l + 1; 327 bcopy("tsize", wtail, 6); 328 wtail += 6; 329 bcopy("0", wtail, 2); 330 wtail += 2; 331 332 /* h->iodesc->myport = htons(--tftpport); */ 333 h->iodesc->myport = htons(tftpport + (getsecs() & 0x3ff)); 334 h->iodesc->destport = htons(IPPORT_TFTP); 335 h->iodesc->xid = 1; /* expected block */ 336 337 h->currblock = 0; 338 h->islastblock = 0; 339 h->validsize = 0; 340 341 pkt = NULL; 342 recv_extra.tftp_handle = h; 343 res = sendrecv(h->iodesc, &sendudp, &wbuf.t, wtail - (char *) &wbuf.t, 344 (void *)&recvtftp, &pkt, (void **)&t, &recv_extra); 345 if (res == -1) { 346 free(pkt); 347 return (errno); 348 } 349 350 free(h->pkt); 351 h->pkt = pkt; 352 h->tftp_hdr = t; 353 354 if (recv_extra.rtype == OACK) 355 return (tftp_getnextblock(h)); 356 357 /* Server ignored our blksize request, revert to TFTP default. */ 358 h->tftp_blksize = SEGSIZE; 359 360 switch (recv_extra.rtype) { 361 case DATA: { 362 h->currblock = 1; 363 h->validsize = res; 364 h->islastblock = 0; 365 if (res < h->tftp_blksize) { 366 h->islastblock = 1; /* very short file */ 367 tftp_sendack(h); 368 } 369 return (0); 370 } 371 case ERROR: 372 default: 373 return (errno); 374 } 375 376} 377 378/* ack block, expect next */ 379static int 380tftp_getnextblock(struct tftp_handle *h) 381{ 382 struct { 383 u_char header[HEADER_SIZE]; 384 struct tftphdr t; 385 } __packed __aligned(4) wbuf; 386 struct tftprecv_extra recv_extra; 387 char *wtail; 388 int res; 389 void *pkt; 390 struct tftphdr *t; 391 wbuf.t.th_opcode = htons((u_short) ACK); 392 wtail = (char *) &wbuf.t.th_block; 393 wbuf.t.th_block = htons((u_short) h->currblock); 394 wtail += 2; 395 396 h->iodesc->xid = h->currblock + 1; /* expected block */ 397 398 pkt = NULL; 399 recv_extra.tftp_handle = h; 400 res = sendrecv(h->iodesc, &sendudp, &wbuf.t, wtail - (char *) &wbuf.t, 401 (void *)&recvtftp, &pkt, (void **)&t, &recv_extra); 402 403 if (res == -1) { /* 0 is OK! */ 404 free(pkt); 405 return (errno); 406 } 407 408 free(h->pkt); 409 h->pkt = pkt; 410 h->tftp_hdr = t; 411 h->currblock++; 412 h->validsize = res; 413 if (res < h->tftp_blksize) 414 h->islastblock = 1; /* EOF */ 415 416 if (h->islastblock == 1) { 417 /* Send an ACK for the last block */ 418 wbuf.t.th_block = htons((u_short) h->currblock); 419 sendudp(h->iodesc, &wbuf.t, wtail - (char *)&wbuf.t); 420 } 421 422 return (0); 423} 424 425static int 426tftp_open(const char *path, struct open_file *f) 427{ 428 struct tftp_handle *tftpfile; 429 struct iodesc *io; 430 int res; 431 size_t pathsize; 432 const char *extraslash; 433 434 if (netproto != NET_TFTP) 435 return (EINVAL); 436 437 if (f->f_dev->dv_type != DEVT_NET) 438 return (EINVAL); 439 440 if (is_open) 441 return (EBUSY); 442 443 tftpfile = (struct tftp_handle *) malloc(sizeof(*tftpfile)); 444 if (!tftpfile) 445 return (ENOMEM); 446 447 memset(tftpfile, 0, sizeof(*tftpfile)); 448 tftpfile->tftp_blksize = TFTP_REQUESTED_BLKSIZE; 449 tftpfile->iodesc = io = socktodesc(*(int *) (f->f_devdata)); 450 if (io == NULL) 451 return (EINVAL); 452 453 io->destip = servip; 454 tftpfile->off = 0; 455 pathsize = (strlen(rootpath) + 1 + strlen(path) + 1) * sizeof(char); 456 tftpfile->path = malloc(pathsize); 457 if (tftpfile->path == NULL) { 458 free(tftpfile); 459 return(ENOMEM); 460 } 461 if (rootpath[strlen(rootpath) - 1] == '/' || path[0] == '/') 462 extraslash = ""; 463 else 464 extraslash = "/"; 465 res = snprintf(tftpfile->path, pathsize, "%s%s%s", 466 rootpath, extraslash, path); 467 if (res < 0 || res > pathsize) { 468 free(tftpfile->path); 469 free(tftpfile); 470 return(ENOMEM); 471 } 472 473 res = tftp_makereq(tftpfile); 474 475 if (res) { 476 free(tftpfile->path); 477 free(tftpfile->pkt); 478 free(tftpfile); 479 return (res); 480 } 481 f->f_fsdata = (void *) tftpfile; 482 is_open = 1; 483 return (0); 484} 485 486static int 487tftp_read(struct open_file *f, void *addr, size_t size, 488 size_t *resid /* out */) 489{ 490 struct tftp_handle *tftpfile; 491 tftpfile = (struct tftp_handle *) f->f_fsdata; 492 493 while (size > 0) { 494 int needblock, count; 495 496 twiddle(32); 497 498 needblock = tftpfile->off / tftpfile->tftp_blksize + 1; 499 500 if (tftpfile->currblock > needblock) { /* seek backwards */ 501 tftp_senderr(tftpfile, 0, "No error: read aborted"); 502 tftp_makereq(tftpfile); /* no error check, it worked 503 * for open */ 504 } 505 506 while (tftpfile->currblock < needblock) { 507 int res; 508 509 res = tftp_getnextblock(tftpfile); 510 if (res) { /* no answer */ 511#ifdef TFTP_DEBUG 512 printf("tftp: read error\n"); 513#endif 514 return (res); 515 } 516 if (tftpfile->islastblock) 517 break; 518 } 519 520 if (tftpfile->currblock == needblock) { 521 int offinblock, inbuffer; 522 523 offinblock = tftpfile->off % tftpfile->tftp_blksize; 524 525 inbuffer = tftpfile->validsize - offinblock; 526 if (inbuffer < 0) { 527#ifdef TFTP_DEBUG 528 printf("tftp: invalid offset %d\n", 529 tftpfile->off); 530#endif 531 return (EINVAL); 532 } 533 count = (size < inbuffer ? size : inbuffer); 534 bcopy(tftpfile->tftp_hdr->th_data + offinblock, 535 addr, count); 536 537 addr = (char *)addr + count; 538 tftpfile->off += count; 539 size -= count; 540 541 if ((tftpfile->islastblock) && (count == inbuffer)) 542 break; /* EOF */ 543 } else { 544#ifdef TFTP_DEBUG 545 printf("tftp: block %d not found\n", needblock); 546#endif 547 return (EINVAL); 548 } 549 550 } 551 552 if (resid) 553 *resid = size; 554 return (0); 555} 556 557static int 558tftp_close(struct open_file *f) 559{ 560 struct tftp_handle *tftpfile; 561 tftpfile = (struct tftp_handle *) f->f_fsdata; 562 563 /* let it time out ... */ 564 565 if (tftpfile) { 566 free(tftpfile->path); 567 free(tftpfile->pkt); 568 free(tftpfile); 569 } 570 is_open = 0; 571 return (0); 572} 573 574static int 575tftp_stat(struct open_file *f, struct stat *sb) 576{ 577 struct tftp_handle *tftpfile; 578 tftpfile = (struct tftp_handle *) f->f_fsdata; 579 580 sb->st_mode = 0444 | S_IFREG; 581 sb->st_nlink = 1; 582 sb->st_uid = 0; 583 sb->st_gid = 0; 584 sb->st_size = (off_t) tftpfile->tftp_tsize; 585 return (0); 586} 587 588static off_t 589tftp_seek(struct open_file *f, off_t offset, int where) 590{ 591 struct tftp_handle *tftpfile; 592 tftpfile = (struct tftp_handle *) f->f_fsdata; 593 594 switch (where) { 595 case SEEK_SET: 596 tftpfile->off = offset; 597 break; 598 case SEEK_CUR: 599 tftpfile->off += offset; 600 break; 601 default: 602 errno = EOFFSET; 603 return (-1); 604 } 605 return (tftpfile->off); 606} 607 608static int 609tftp_set_blksize(struct tftp_handle *h, const char *str) 610{ 611 char *endptr; 612 int new_blksize; 613 int ret = 0; 614 615 if (h == NULL || str == NULL) 616 return (ret); 617 618 new_blksize = 619 (unsigned int)strtol(str, &endptr, 0); 620 621 /* 622 * Only accept blksize value if it is numeric. 623 * RFC2348 specifies that acceptable values are 8-65464. 624 * Let's choose a limit less than MAXRSPACE. 625 */ 626 if (*endptr == '\0' && new_blksize >= 8 627 && new_blksize <= TFTP_MAX_BLKSIZE) { 628 h->tftp_blksize = new_blksize; 629 ret = 1; 630 } 631 632 return (ret); 633} 634 635/* 636 * In RFC2347, the TFTP Option Acknowledgement package (OACK) 637 * is used to acknowledge a client's option negotiation request. 638 * The format of an OACK packet is: 639 * +-------+---~~---+---+---~~---+---+---~~---+---+---~~---+---+ 640 * | opc | opt1 | 0 | value1 | 0 | optN | 0 | valueN | 0 | 641 * +-------+---~~---+---+---~~---+---+---~~---+---+---~~---+---+ 642 * 643 * opc 644 * The opcode field contains a 6, for Option Acknowledgment. 645 * 646 * opt1 647 * The first option acknowledgment, copied from the original 648 * request. 649 * 650 * value1 651 * The acknowledged value associated with the first option. If 652 * and how this value may differ from the original request is 653 * detailed in the specification for the option. 654 * 655 * optN, valueN 656 * The final option/value acknowledgment pair. 657 */ 658static int 659tftp_parse_oack(struct tftp_handle *h, char *buf, size_t len) 660{ 661 /* 662 * We parse the OACK strings into an array 663 * of name-value pairs. 664 */ 665 char *tftp_options[128] = { 0 }; 666 char *val = buf; 667 int i = 0; 668 int option_idx = 0; 669 int blksize_is_set = 0; 670 int tsize = 0; 671 672 unsigned int orig_blksize; 673 674 while (option_idx < 128 && i < len) { 675 if (buf[i] == '\0') { 676 if (&buf[i] > val) { 677 tftp_options[option_idx] = val; 678 val = &buf[i] + 1; 679 ++option_idx; 680 } 681 } 682 ++i; 683 } 684 685 /* Save the block size we requested for sanity check later. */ 686 orig_blksize = h->tftp_blksize; 687 688 /* 689 * Parse individual TFTP options. 690 * * "blksize" is specified in RFC2348. 691 * * "tsize" is specified in RFC2349. 692 */ 693 for (i = 0; i < option_idx; i += 2) { 694 if (strcasecmp(tftp_options[i], "blksize") == 0) { 695 if (i + 1 < option_idx) 696 blksize_is_set = 697 tftp_set_blksize(h, tftp_options[i + 1]); 698 } else if (strcasecmp(tftp_options[i], "tsize") == 0) { 699 if (i + 1 < option_idx) 700 tsize = strtol(tftp_options[i + 1], (char **)NULL, 10); 701 if (tsize != 0) 702 h->tftp_tsize = tsize; 703 } else { 704 /* Do not allow any options we did not expect to be ACKed. */ 705 printf("unexpected tftp option '%s'\n", tftp_options[i]); 706 return (-1); 707 } 708 } 709 710 if (!blksize_is_set) { 711 /* 712 * If TFTP blksize was not set, try defaulting 713 * to the legacy TFTP blksize of SEGSIZE(512) 714 */ 715 h->tftp_blksize = SEGSIZE; 716 } else if (h->tftp_blksize > orig_blksize) { 717 /* 718 * Server should not be proposing block sizes that 719 * exceed what we said we can handle. 720 */ 721 printf("unexpected blksize %u\n", h->tftp_blksize); 722 return (-1); 723 } 724 725#ifdef TFTP_DEBUG 726 printf("tftp_blksize: %u\n", h->tftp_blksize); 727 printf("tftp_tsize: %lu\n", h->tftp_tsize); 728#endif 729 return 0; 730} 731