xref: /freebsd/libexec/tftpd/tests/functional.c (revision 19261079b74319502c6ffa1249920079f0f69a72)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3  *
4  * Copyright (c) 2018 Alan Somers.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
19  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25  * SUCH DAMAGE.
26  */
27 
28 #include <sys/cdefs.h>
29 __FBSDID("$FreeBSD$");
30 
31 #include <sys/param.h>
32 #include <sys/socket.h>
33 #include <sys/stat.h>
34 #include <sys/wait.h>
35 
36 #include <netinet/in.h>
37 
38 #include <errno.h>
39 #include <fcntl.h>
40 #include <signal.h>
41 #include <stdalign.h>
42 #include <stdio.h>
43 #include <unistd.h>
44 
45 #include <atf-c.h>
46 #include <libutil.h>
47 
48 static const uint16_t BASEPORT = 6969;
49 static const char pidfile[] = "tftpd.pid";
50 static int protocol = PF_UNSPEC;
51 static int s = -1;	/* tftp client socket */
52 static struct sockaddr_storage addr; /* Destination address for the client */
53 static bool s_flag = false;	/* Pass -s to tftpd */
54 static bool w_flag = false;	/* Pass -w to tftpd */
55 
56 /* Helper functions*/
57 static void require_bufeq(const char *expected, ssize_t expected_len,
58     const char *actual, ssize_t len);
59 
60 /*
61  * Receive a response from tftpd
62  * @param	hdr		The reply's expected header, as a char array
63  * @param	contents	The reply's expected contents, as a char array
64  * @param	contents_len	Length of contents
65  */
66 #define RECV(hdr, contents, contents_len) do { \
67 	char buffer[1024]; \
68 	struct sockaddr_storage from; \
69 	socklen_t fromlen = sizeof(from); \
70 	ssize_t r = recvfrom(s, buffer, sizeof(buffer), 0, \
71 	    (struct sockaddr*)&from, &fromlen); \
72 	ATF_REQUIRE(r > 0); \
73 	require_bufeq((hdr), sizeof(hdr), buffer, \
74 	    MIN(r, (ssize_t)sizeof(hdr))); \
75 	require_bufeq((const char*) (contents), (contents_len), \
76 	    &buffer[sizeof(hdr)], r - sizeof(hdr)); \
77 	if (protocol == PF_INET) { \
78 		((struct sockaddr_in*)&addr)->sin_port = \
79 		    ((struct sockaddr_in*)&from)->sin_port; \
80 	} else { \
81 		((struct sockaddr_in6*)&addr)->sin6_port = \
82 		    ((struct sockaddr_in6*)&from)->sin6_port; \
83 	} \
84 } while(0)
85 
86 static void
87 recv_ack(uint16_t blocknum)
88 {
89 	char hdr[] = {0, 4, blocknum >> 8, blocknum & 0xFF};
90 	RECV(hdr, NULL, 0);
91 }
92 
93 static void
94 recv_oack(const char *options, size_t options_len)
95 {
96 	char hdr[] = {0, 6};
97 	RECV(hdr, options, options_len);
98 }
99 
100 /*
101  * Receive a data packet from tftpd
102  * @param	blocknum	Expected block number to be received
103  * @param	contents	Pointer to expected contents
104  * @param	contents_len	Length of contents expected to receive
105  */
106 static void
107 recv_data(uint16_t blocknum, const char* contents, size_t contents_len)
108 {
109 	char hdr[] = {0, 3, blocknum >> 8, blocknum & 0xFF};
110 	RECV(hdr, contents, contents_len);
111 }
112 
113 #define RECV_ERROR(code, msg) do { \
114 	char hdr[] = {0, 5, code >> 8, code & 0xFF}; \
115 	RECV(hdr, msg, sizeof(msg)); \
116 } while (0)
117 
118 /*
119  * send a command to tftpd.
120  * @param	cmd		Command to send, as a char array
121  */
122 static void
123 send_bytes(const void* cmd, ssize_t len)
124 {
125 	ssize_t r;
126 
127 	r = sendto(s, cmd, len, 0, (struct sockaddr*)(&addr), addr.ss_len);
128 	ATF_REQUIRE_EQ(r, len);
129 }
130 
131 static void
132 send_data(uint16_t blocknum, const char* contents, size_t contents_len)
133 {
134 	char buffer[1024];
135 
136 	buffer[0] = 0;	/* DATA opcode high byte */
137 	buffer[1] = 3;	/* DATA opcode low byte */
138 	buffer[2] = blocknum >> 8;
139 	buffer[3] = blocknum & 0xFF;
140 	memmove(&buffer[4], contents, contents_len);
141 	send_bytes(buffer, 4 + contents_len);
142 }
143 
144 /*
145  * send a command to tftpd.
146  * @param	cmd		Command to send, as a const string
147  *				(terminating NUL will be ignored)
148  */
149 #define SEND_STR(cmd) ATF_REQUIRE_EQ( \
150 	sendto(s, (cmd), sizeof(cmd) - 1, 0, (struct sockaddr*)(&addr), \
151 	    addr.ss_len), \
152 	sizeof(cmd) - 1)
153 
154 /*
155  * Acknowledge block blocknum
156  */
157 static void
158 send_ack(uint16_t blocknum)
159 {
160 	char packet[] = {
161 	    0, 4,	/* ACK opcode in BE */
162 	    blocknum >> 8,
163 	    blocknum & 0xFF
164 	};
165 
166 	send_bytes(packet, sizeof(packet));
167 
168 }
169 
170 /*
171  * build an option string
172  */
173 #define OPTION_STR(name, value)	name "\000" value "\000"
174 
175 /*
176  * send a read request to tftpd.
177  * @param	filename	filename as a string, absolute or relative
178  * @param	mode		either "octet" or "netascii"
179  */
180 #define SEND_RRQ(filename, mode) SEND_STR("\0\001" filename "\0" mode "\0")
181 
182 /*
183  * send a read request with options
184  */
185 #define SEND_RRQ_OPT(filename, mode, options) SEND_STR("\0\001" filename "\0" mode "\000" options)
186 
187 /*
188  * send a write request to tftpd.
189  * @param	filename	filename as a string, absolute or relative
190  * @param	mode		either "octet" or "netascii"
191  */
192 #define SEND_WRQ(filename, mode) SEND_STR("\0\002" filename "\0" mode "\0")
193 
194 /*
195  * send a write request with options
196  */
197 #define SEND_WRQ_OPT(filename, mode, options) SEND_STR("\0\002" filename "\0" mode "\000" options)
198 
199 /* Define a test case, for both IPv4 and IPv6 */
200 #define TFTPD_TC_DEFINE(name, head, ...) \
201 static void \
202 name ## _body(void); \
203 ATF_TC_WITH_CLEANUP(name ## _v4); \
204 ATF_TC_HEAD(name ## _v4, tc) \
205 { \
206 	head \
207 } \
208 ATF_TC_BODY(name ## _v4, tc) \
209 { \
210 	__VA_ARGS__; \
211 	protocol = AF_INET; \
212 	s = setup(&addr, __COUNTER__); \
213 	name ## _body(); \
214 	close(s); \
215 } \
216 ATF_TC_CLEANUP(name ## _v4, tc) \
217 { \
218 	cleanup(); \
219 } \
220 ATF_TC_WITH_CLEANUP(name ## _v6); \
221 ATF_TC_HEAD(name ## _v6, tc) \
222 { \
223 	head \
224 } \
225 ATF_TC_BODY(name ## _v6, tc) \
226 { \
227 	__VA_ARGS__; \
228 	protocol = AF_INET6; \
229 	s = setup(&addr, __COUNTER__); \
230 	name ## _body(); \
231 	close(s); \
232 } \
233 ATF_TC_CLEANUP(name ## _v6, tc) \
234 { \
235 	cleanup(); \
236 } \
237 static void \
238 name ## _body(void)
239 
240 /* Add the IPv4 and IPv6 versions of a test case */
241 #define TFTPD_TC_ADD(tp, name ) \
242 do { \
243 	ATF_TP_ADD_TC(tp, name ## _v4); \
244 	ATF_TP_ADD_TC(tp, name ## _v6); \
245 } while (0)
246 
247 /* Standard cleanup used by all testcases */
248 static void
249 cleanup(void)
250 {
251 	FILE *f;
252 	pid_t pid;
253 
254 	f = fopen(pidfile, "r");
255 	if (f == NULL)
256 		return;
257 	if (fscanf(f, "%d", &pid) == 1) {
258 		kill(pid, SIGTERM);
259 		waitpid(pid, NULL, 0);
260 	}
261 	fclose(f);
262 	unlink(pidfile);
263 }
264 
265 /* Assert that two binary buffers are identical */
266 static void
267 require_bufeq(const char *expected, ssize_t expected_len, const char *actual,
268     ssize_t len)
269 {
270 	ssize_t i;
271 
272 	ATF_REQUIRE_EQ_MSG(expected_len, len,
273 	    "Expected %zd bytes but got %zd", expected_len, len);
274 	for (i = 0; i < len; i++) {
275 		ATF_REQUIRE_EQ_MSG(actual[i], expected[i],
276 		    "Expected %#hhx at position %zd; got %hhx instead",
277 		    expected[i], i, actual[i]);
278 	}
279 }
280 
281 /*
282  * Start tftpd and return its communicating socket
283  * @param	to	Will be filled in for use with sendto
284  * @param	idx	Unique identifier of the test case
285  * @return		Socket ready to use
286  */
287 static int
288 setup(struct sockaddr_storage *to, uint16_t idx)
289 {
290 	int client_s, server_s, pid, argv_idx;
291 	char execname[] = "/usr/libexec/tftpd";
292 	char s_flag_str[] = "-s";
293 	char w_flag_str[] = "-w";
294 	char pwd[MAXPATHLEN];
295 	char *argv[10];
296 	struct sockaddr_in addr4;
297 	struct sockaddr_in6 addr6;
298 	struct sockaddr *server_addr;
299 	struct pidfh *pfh;
300 	uint16_t port = BASEPORT + idx;
301 	socklen_t len;
302 
303 	if (protocol == PF_INET) {
304 		len = sizeof(addr4);
305 		bzero(&addr4, len);
306 		addr4.sin_len = len;
307 		addr4.sin_family = PF_INET;
308 		addr4.sin_port = htons(port);
309 		server_addr = (struct sockaddr*)&addr4;
310 	} else {
311 		len = sizeof(addr6);
312 		bzero(&addr6, len);
313 		addr6.sin6_len = len;
314 		addr6.sin6_family = PF_INET6;
315 		addr6.sin6_port = htons(port);
316 		server_addr = (struct sockaddr*)&addr6;
317 	}
318 
319 	ATF_REQUIRE_EQ(getcwd(pwd, sizeof(pwd)), pwd);
320 
321 	/* Must bind(2) pre-fork so it happens before the client's send(2) */
322 	ATF_REQUIRE((server_s = socket(protocol, SOCK_DGRAM, 0)) > 0);
323 	ATF_REQUIRE_EQ_MSG(bind(server_s, server_addr, len), 0,
324 	    "bind failed with error %s", strerror(errno));
325 
326 	pid = fork();
327 	switch (pid) {
328 	case -1:
329 		atf_tc_fail("fork failed");
330 		break;
331 	case 0:
332 		/* In child */
333 		pfh = pidfile_open(pidfile, 0644, NULL);
334 		ATF_REQUIRE_MSG(pfh != NULL,
335 		    "pidfile_open: %s", strerror(errno));
336 		ATF_REQUIRE_EQ(pidfile_write(pfh), 0);
337 		ATF_REQUIRE_EQ(pidfile_close(pfh), 0);
338 
339 		bzero(argv, sizeof(argv));
340 		argv[0] = execname;
341 		argv_idx = 1;
342 		if (w_flag)
343 			argv[argv_idx++] = w_flag_str;
344 		if (s_flag)
345 			argv[argv_idx++] = s_flag_str;
346 		argv[argv_idx++] = pwd;
347 		ATF_REQUIRE_EQ(dup2(server_s, STDOUT_FILENO), STDOUT_FILENO);
348 		ATF_REQUIRE_EQ(dup2(server_s, STDIN_FILENO), STDIN_FILENO);
349 		ATF_REQUIRE_EQ(dup2(server_s, STDERR_FILENO), STDERR_FILENO);
350 		execv(execname, argv);
351 		atf_tc_fail("exec failed");
352 		break;
353 	default:
354 		/* In parent */
355 		bzero(to, sizeof(*to));
356 		if (protocol == PF_INET) {
357 			struct sockaddr_in *to4 = (struct sockaddr_in*)to;
358 			to4->sin_len = sizeof(*to4);
359 			to4->sin_family = PF_INET;
360 			to4->sin_port = htons(port);
361 			to4->sin_addr.s_addr = htonl(INADDR_LOOPBACK);
362 		} else {
363 			struct in6_addr loopback = IN6ADDR_LOOPBACK_INIT;
364 			struct sockaddr_in6 *to6 = (struct sockaddr_in6*)to;
365 			to6->sin6_len = sizeof(*to6);
366 			to6->sin6_family = PF_INET6;
367 			to6->sin6_port = htons(port);
368 			to6->sin6_addr = loopback;
369 		}
370 
371 		close(server_s);
372 		ATF_REQUIRE((client_s = socket(protocol, SOCK_DGRAM, 0)) > 0);
373 		break;
374 	}
375 
376 	/* Clear the client's umask.  Test cases will specify exact modes */
377 	umask(0000);
378 
379 	return (client_s);
380 }
381 
382 /* Like write(2), but never returns less than the requested length */
383 static void
384 write_all(int fd, const void *buf, size_t nbytes)
385 {
386 	ssize_t r;
387 
388 	while (nbytes > 0) {
389 		r = write(fd, buf, nbytes);
390 		ATF_REQUIRE(r > 0);
391 		nbytes -= r;
392 		buf = (const char*)buf + r;
393 	}
394 }
395 
396 
397 /*
398  * Test Cases
399  */
400 
401 /*
402  * Read a file, specified by absolute pathname.
403  */
404 TFTPD_TC_DEFINE(abspath,)
405 {
406 	int fd;
407 	char command[1024];
408 	size_t pathlen;
409 	char suffix[] = {'\0', 'o', 'c', 't', 'e', 't', '\0'};
410 
411 	command[0] = 0;		/* RRQ high byte */
412 	command[1] = 1;		/* RRQ low byte */
413 	ATF_REQUIRE(getcwd(&command[2], sizeof(command) - 2) != NULL);
414 	pathlen = strlcat(&command[2], "/abspath.txt", sizeof(command) - 2);
415 	ATF_REQUIRE(pathlen + sizeof(suffix) < sizeof(command) - 2);
416 	memmove(&command[2 + pathlen], suffix, sizeof(suffix));
417 
418 	fd = open("abspath.txt", O_CREAT | O_RDONLY, 0644);
419 	ATF_REQUIRE(fd >= 0);
420 	close(fd);
421 
422 	send_bytes(command, 2 + pathlen + sizeof(suffix));
423 	recv_data(1, NULL, 0);
424 	send_ack(1);
425 }
426 
427 /*
428  * Attempt to read a file outside of the allowed directory(ies)
429  */
430 TFTPD_TC_DEFINE(dotdot,)
431 {
432 	ATF_REQUIRE_EQ(mkdir("subdir", 0777), 0);
433 	SEND_RRQ("../disallowed.txt", "octet");
434 	RECV_ERROR(2, "Access violation");
435 	s = setup(&addr, __COUNTER__); \
436 	SEND_RRQ("subdir/../../disallowed.txt", "octet");
437 	RECV_ERROR(2, "Access violation");
438 	s = setup(&addr, __COUNTER__); \
439 	SEND_RRQ("/etc/passwd", "octet");
440 	RECV_ERROR(2, "Access violation");
441 }
442 
443 /*
444  * With "-s", tftpd should chroot to the specified directory
445  */
446 TFTPD_TC_DEFINE(s_flag, atf_tc_set_md_var(tc, "require.user", "root");,
447 		s_flag = true)
448 {
449 	int fd;
450 	char contents[] = "small";
451 
452 	fd = open("small.txt", O_RDWR | O_CREAT, 0644);
453 	ATF_REQUIRE(fd >= 0);
454 	write_all(fd, contents, strlen(contents) + 1);
455 	close(fd);
456 
457 	SEND_RRQ("/small.txt", "octet");
458 	recv_data(1, contents, strlen(contents) + 1);
459 	send_ack(1);
460 }
461 
462 /*
463  * Read a file, and simulate a dropped ACK packet
464  */
465 TFTPD_TC_DEFINE(rrq_dropped_ack,)
466 {
467 	int fd;
468 	char contents[] = "small";
469 
470 	fd = open("small.txt", O_RDWR | O_CREAT, 0644);
471 	ATF_REQUIRE(fd >= 0);
472 	write_all(fd, contents, strlen(contents) + 1);
473 	close(fd);
474 
475 	SEND_RRQ("small.txt", "octet");
476 	recv_data(1, contents, strlen(contents) + 1);
477 	/*
478 	 * client "sends" the ack, but network drops it
479 	 * Eventually, tftpd should resend the data packet
480 	 */
481 	recv_data(1, contents, strlen(contents) + 1);
482 	send_ack(1);
483 }
484 
485 /*
486  * Read a file, and simulate a dropped DATA packet
487  */
488 TFTPD_TC_DEFINE(rrq_dropped_data,)
489 {
490 	int fd;
491 	size_t i;
492 	uint32_t contents[192];
493 	char buffer[1024];
494 
495 	for (i = 0; i < nitems(contents); i++)
496 		contents[i] = i;
497 
498 	fd = open("medium.txt", O_RDWR | O_CREAT, 0644);
499 	ATF_REQUIRE(fd >= 0);
500 	write_all(fd, contents, sizeof(contents));
501 	close(fd);
502 
503 	SEND_RRQ("medium.txt", "octet");
504 	recv_data(1, (const char*)&contents[0], 512);
505 	send_ack(1);
506 	(void) recvfrom(s, buffer, sizeof(buffer), 0, NULL, NULL);
507 	/*
508 	 * server "sends" the data, but network drops it
509 	 * Eventually, client should resend the last ACK
510 	 */
511 	send_ack(1);
512 	recv_data(2, (const char*)&contents[128], 256);
513 	send_ack(2);
514 }
515 
516 /*
517  * Read a medium file, and simulate a duplicated ACK packet
518  */
519 TFTPD_TC_DEFINE(rrq_duped_ack,)
520 {
521 	int fd;
522 	size_t i;
523 	uint32_t contents[192];
524 
525 	for (i = 0; i < nitems(contents); i++)
526 		contents[i] = i;
527 
528 	fd = open("medium.txt", O_RDWR | O_CREAT, 0644);
529 	ATF_REQUIRE(fd >= 0);
530 	write_all(fd, contents, sizeof(contents));
531 	close(fd);
532 
533 	SEND_RRQ("medium.txt", "octet");
534 	recv_data(1, (const char*)&contents[0], 512);
535 	send_ack(1);
536 	send_ack(1);	/* Dupe an ACK packet */
537 	recv_data(2, (const char*)&contents[128], 256);
538 	recv_data(2, (const char*)&contents[128], 256);
539 	send_ack(2);
540 }
541 
542 
543 /*
544  * Attempt to read a file without read permissions
545  */
546 TFTPD_TC_DEFINE(rrq_eaccess,)
547 {
548 	int fd;
549 
550 	fd = open("empty.txt", O_CREAT | O_RDONLY, 0000);
551 	ATF_REQUIRE(fd >= 0);
552 	close(fd);
553 
554 	SEND_RRQ("empty.txt", "octet");
555 	RECV_ERROR(2, "Access violation");
556 }
557 
558 /*
559  * Read an empty file
560  */
561 TFTPD_TC_DEFINE(rrq_empty,)
562 {
563 	int fd;
564 
565 	fd = open("empty.txt", O_CREAT | O_RDONLY, 0644);
566 	ATF_REQUIRE(fd >= 0);
567 	close(fd);
568 
569 	SEND_RRQ("empty.txt", "octet");
570 	recv_data(1, NULL, 0);
571 	send_ack(1);
572 }
573 
574 /*
575  * Read a medium file of more than one block
576  */
577 TFTPD_TC_DEFINE(rrq_medium,)
578 {
579 	int fd;
580 	size_t i;
581 	uint32_t contents[192];
582 
583 	for (i = 0; i < nitems(contents); i++)
584 		contents[i] = i;
585 
586 	fd = open("medium.txt", O_RDWR | O_CREAT, 0644);
587 	ATF_REQUIRE(fd >= 0);
588 	write_all(fd, contents, sizeof(contents));
589 	close(fd);
590 
591 	SEND_RRQ("medium.txt", "octet");
592 	recv_data(1, (const char*)&contents[0], 512);
593 	send_ack(1);
594 	recv_data(2, (const char*)&contents[128], 256);
595 	send_ack(2);
596 }
597 
598 /*
599  * Read a medium file with a window size of 2.
600  */
601 TFTPD_TC_DEFINE(rrq_medium_window,)
602 {
603 	int fd;
604 	size_t i;
605 	uint32_t contents[192];
606 	char options[] = OPTION_STR("windowsize", "2");
607 
608 	for (i = 0; i < nitems(contents); i++)
609 		contents[i] = i;
610 
611 	fd = open("medium.txt", O_RDWR | O_CREAT, 0644);
612 	ATF_REQUIRE(fd >= 0);
613 	write_all(fd, contents, sizeof(contents));
614 	close(fd);
615 
616 	SEND_RRQ_OPT("medium.txt", "octet", OPTION_STR("windowsize", "2"));
617 	recv_oack(options, sizeof(options) - 1);
618 	send_ack(0);
619 	recv_data(1, (const char*)&contents[0], 512);
620 	recv_data(2, (const char*)&contents[128], 256);
621 	send_ack(2);
622 }
623 
624 /*
625  * Read a file in netascii format
626  */
627 TFTPD_TC_DEFINE(rrq_netascii,)
628 {
629 	int fd;
630 	char contents[] = "foo\nbar\rbaz\n";
631 	/*
632 	 * Weirdly, RFC-764 says that CR must be followed by NUL if a line feed
633 	 * is not intended
634 	 */
635 	char expected[] = "foo\r\nbar\r\0baz\r\n";
636 
637 	fd = open("unix.txt", O_RDWR | O_CREAT, 0644);
638 	ATF_REQUIRE(fd >= 0);
639 	write_all(fd, contents, strlen(contents) + 1);
640 	close(fd);
641 
642 	SEND_RRQ("unix.txt", "netascii");
643 	recv_data(1, expected, sizeof(expected));
644 	send_ack(1);
645 }
646 
647 /*
648  * Read a file that doesn't exist
649  */
650 TFTPD_TC_DEFINE(rrq_nonexistent,)
651 {
652 	SEND_RRQ("nonexistent.txt", "octet");
653 	RECV_ERROR(1, "File not found");
654 }
655 
656 /*
657  * Attempt to read a file whose name exceeds PATH_MAX
658  */
659 TFTPD_TC_DEFINE(rrq_path_max,)
660 {
661 #define AReallyBigFileName \
662 	    "AReallyBigFileNameXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
663 	    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
664 	    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
665 	    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
666 	    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
667 	    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
668 	    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
669 	    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
670 	    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
671 	    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
672 	    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
673 	    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
674 	    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
675 	    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
676 	    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
677 	    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
678 	    ".txt"
679 	ATF_REQUIRE_MSG(strlen(AReallyBigFileName) > PATH_MAX,
680 	    "Somebody increased PATH_MAX.  Update the test");
681 	SEND_RRQ(AReallyBigFileName, "octet");
682 	RECV_ERROR(4, "Illegal TFTP operation");
683 }
684 
685 /*
686  * Read a small file of less than one block
687  */
688 TFTPD_TC_DEFINE(rrq_small,)
689 {
690 	int fd;
691 	char contents[] = "small";
692 
693 	fd = open("small.txt", O_RDWR | O_CREAT, 0644);
694 	ATF_REQUIRE(fd >= 0);
695 	write_all(fd, contents, strlen(contents) + 1);
696 	close(fd);
697 
698 	SEND_RRQ("small.txt", "octet");
699 	recv_data(1, contents, strlen(contents) + 1);
700 	send_ack(1);
701 }
702 
703 /*
704  * Read a file following the example in RFC 7440.
705  */
706 TFTPD_TC_DEFINE(rrq_window_rfc7440,)
707 {
708 	int fd;
709 	size_t i;
710 	char options[] = OPTION_STR("windowsize", "4");
711 	alignas(uint32_t) char contents[13 * 512 - 4];
712 	uint32_t *u32p;
713 
714 	u32p = (uint32_t *)contents;
715 	for (i = 0; i < sizeof(contents) / sizeof(uint32_t); i++)
716 		u32p[i] = i;
717 
718 	fd = open("rfc7440.txt", O_RDWR | O_CREAT, 0644);
719 	ATF_REQUIRE(fd >= 0);
720 	write_all(fd, contents, sizeof(contents));
721 	close(fd);
722 
723 	SEND_RRQ_OPT("rfc7440.txt", "octet", OPTION_STR("windowsize", "4"));
724 	recv_oack(options, sizeof(options) - 1);
725 	send_ack(0);
726 	recv_data(1, &contents[0 * 512], 512);
727 	recv_data(2, &contents[1 * 512], 512);
728 	recv_data(3, &contents[2 * 512], 512);
729 	recv_data(4, &contents[3 * 512], 512);
730 	send_ack(4);
731 	recv_data(5, &contents[4 * 512], 512);
732 	recv_data(6, &contents[5 * 512], 512);
733 	recv_data(7, &contents[6 * 512], 512);
734 	recv_data(8, &contents[7 * 512], 512);
735 
736 	/* ACK 5 as if 6-8 were dropped. */
737 	send_ack(5);
738 	recv_data(6, &contents[5 * 512], 512);
739 	recv_data(7, &contents[6 * 512], 512);
740 	recv_data(8, &contents[7 * 512], 512);
741 	recv_data(9, &contents[8 * 512], 512);
742 	send_ack(9);
743 	recv_data(10, &contents[9 * 512], 512);
744 	recv_data(11, &contents[10 * 512], 512);
745 	recv_data(12, &contents[11 * 512], 512);
746 	recv_data(13, &contents[12 * 512], 508);
747 
748 	/* Drop ACK and after timeout receive 10-13. */
749 	recv_data(10, &contents[9 * 512], 512);
750 	recv_data(11, &contents[10 * 512], 512);
751 	recv_data(12, &contents[11 * 512], 512);
752 	recv_data(13, &contents[12 * 512], 508);
753 	send_ack(13);
754 }
755 
756 /*
757  * Try to transfer a file with an unknown mode.
758  */
759 TFTPD_TC_DEFINE(unknown_modes,)
760 {
761 	SEND_RRQ("foo.txt", "ascii");	/* Misspelling of "ascii" */
762 	RECV_ERROR(4, "Illegal TFTP operation");
763 	s = setup(&addr, __COUNTER__); \
764 	SEND_RRQ("foo.txt", "binary");	/* Obsolete.  Use "octet" instead */
765 	RECV_ERROR(4, "Illegal TFTP operation");
766 	s = setup(&addr, __COUNTER__); \
767 	SEND_RRQ("foo.txt", "en_US.UTF-8");
768 	RECV_ERROR(4, "Illegal TFTP operation");
769 	s = setup(&addr, __COUNTER__); \
770 	SEND_RRQ("foo.txt", "mail");	/* Obsolete in RFC-1350 */
771 	RECV_ERROR(4, "Illegal TFTP operation");
772 }
773 
774 /*
775  * Send an unknown opcode.  tftpd should respond with the appropriate error
776  */
777 TFTPD_TC_DEFINE(unknown_opcode,)
778 {
779 	/* Looks like an RRQ or WRQ request, but with a bad opcode */
780 	SEND_STR("\0\007foo.txt\0octet\0");
781 	RECV_ERROR(4, "Illegal TFTP operation");
782 }
783 
784 /*
785  * Invoke tftpd with "-w" and write to a nonexistent file.
786  */
787 TFTPD_TC_DEFINE(w_flag,, w_flag = 1;)
788 {
789 	int fd;
790 	ssize_t r;
791 	char contents[] = "small";
792 	char buffer[1024];
793 	size_t contents_len;
794 
795 	contents_len = strlen(contents) + 1;
796 	SEND_WRQ("small.txt", "octet");
797 	recv_ack(0);
798 	send_data(1, contents, contents_len);
799 	recv_ack(1);
800 
801 	fd = open("small.txt", O_RDONLY);
802 	ATF_REQUIRE(fd >= 0);
803 	r = read(fd, buffer, sizeof(buffer));
804 	close(fd);
805 	require_bufeq(contents, contents_len, buffer, r);
806 }
807 
808 /*
809  * Write a medium file, and simulate a dropped ACK packet
810  */
811 TFTPD_TC_DEFINE(wrq_dropped_ack,)
812 {
813 	int fd;
814 	size_t i;
815 	ssize_t r;
816 	uint32_t contents[192];
817 	char buffer[1024];
818 
819 	for (i = 0; i < nitems(contents); i++)
820 		contents[i] = i;
821 
822 	fd = open("medium.txt", O_RDWR | O_CREAT, 0666);
823 	ATF_REQUIRE(fd >= 0);
824 	close(fd);
825 
826 	SEND_WRQ("medium.txt", "octet");
827 	recv_ack(0);
828 	send_data(1, (const char*)&contents[0], 512);
829 	/*
830 	 * Servers "sends" an ACK packet, but network drops it.
831 	 * Eventually, server should resend the last ACK
832 	 */
833 	(void) recvfrom(s, buffer, sizeof(buffer), 0, NULL, NULL);
834 	recv_ack(1);
835 	send_data(2, (const char*)&contents[128], 256);
836 	recv_ack(2);
837 
838 	fd = open("medium.txt", O_RDONLY);
839 	ATF_REQUIRE(fd >= 0);
840 	r = read(fd, buffer, sizeof(buffer));
841 	close(fd);
842 	require_bufeq((const char*)contents, 768, buffer, r);
843 }
844 
845 /*
846  * Write a small file, and simulate a dropped DATA packet
847  */
848 TFTPD_TC_DEFINE(wrq_dropped_data,)
849 {
850 	int fd;
851 	ssize_t r;
852 	char contents[] = "small";
853 	size_t contents_len;
854 	char buffer[1024];
855 
856 	fd = open("small.txt", O_RDWR | O_CREAT, 0666);
857 	ATF_REQUIRE(fd >= 0);
858 	close(fd);
859 	contents_len = strlen(contents) + 1;
860 
861 	SEND_WRQ("small.txt", "octet");
862 	recv_ack(0);
863 	/*
864 	 * Client "sends" a DATA packet, but network drops it.
865 	 * Eventually, server should resend the last ACK
866 	 */
867 	recv_ack(0);
868 	send_data(1, contents, contents_len);
869 	recv_ack(1);
870 
871 	fd = open("small.txt", O_RDONLY);
872 	ATF_REQUIRE(fd >= 0);
873 	r = read(fd, buffer, sizeof(buffer));
874 	close(fd);
875 	require_bufeq(contents, contents_len, buffer, r);
876 }
877 
878 /*
879  * Write a medium file, and simulate a duplicated DATA packet
880  */
881 TFTPD_TC_DEFINE(wrq_duped_data,)
882 {
883 	int fd;
884 	size_t i;
885 	ssize_t r;
886 	uint32_t contents[192];
887 	char buffer[1024];
888 
889 	for (i = 0; i < nitems(contents); i++)
890 		contents[i] = i;
891 
892 	fd = open("medium.txt", O_RDWR | O_CREAT, 0666);
893 	ATF_REQUIRE(fd >= 0);
894 	close(fd);
895 
896 	SEND_WRQ("medium.txt", "octet");
897 	recv_ack(0);
898 	send_data(1, (const char*)&contents[0], 512);
899 	send_data(1, (const char*)&contents[0], 512);
900 	recv_ack(1);
901 	recv_ack(1);
902 	send_data(2, (const char*)&contents[128], 256);
903 	recv_ack(2);
904 
905 	fd = open("medium.txt", O_RDONLY);
906 	ATF_REQUIRE(fd >= 0);
907 	r = read(fd, buffer, sizeof(buffer));
908 	close(fd);
909 	require_bufeq((const char*)contents, 768, buffer, r);
910 }
911 
912 /*
913  * Attempt to write a file without write permissions
914  */
915 TFTPD_TC_DEFINE(wrq_eaccess,)
916 {
917 	int fd;
918 
919 	fd = open("empty.txt", O_CREAT | O_RDONLY, 0440);
920 	ATF_REQUIRE(fd >= 0);
921 	close(fd);
922 
923 	SEND_WRQ("empty.txt", "octet");
924 	RECV_ERROR(2, "Access violation");
925 }
926 
927 /*
928  * Attempt to write a file without world write permissions, but with world
929  * read permissions
930  */
931 TFTPD_TC_DEFINE(wrq_eaccess_world_readable,)
932 {
933 	int fd;
934 
935 	fd = open("empty.txt", O_CREAT | O_RDONLY, 0444);
936 	ATF_REQUIRE(fd >= 0);
937 	close(fd);
938 
939 	SEND_WRQ("empty.txt", "octet");
940 	RECV_ERROR(2, "Access violation");
941 }
942 
943 
944 /*
945  * Write a medium file of more than one block
946  */
947 TFTPD_TC_DEFINE(wrq_medium,)
948 {
949 	int fd;
950 	size_t i;
951 	ssize_t r;
952 	uint32_t contents[192];
953 	char buffer[1024];
954 
955 	for (i = 0; i < nitems(contents); i++)
956 		contents[i] = i;
957 
958 	fd = open("medium.txt", O_RDWR | O_CREAT, 0666);
959 	ATF_REQUIRE(fd >= 0);
960 	close(fd);
961 
962 	SEND_WRQ("medium.txt", "octet");
963 	recv_ack(0);
964 	send_data(1, (const char*)&contents[0], 512);
965 	recv_ack(1);
966 	send_data(2, (const char*)&contents[128], 256);
967 	recv_ack(2);
968 
969 	fd = open("medium.txt", O_RDONLY);
970 	ATF_REQUIRE(fd >= 0);
971 	r = read(fd, buffer, sizeof(buffer));
972 	close(fd);
973 	require_bufeq((const char*)contents, 768, buffer, r);
974 }
975 
976 /*
977  * Write a medium file with a window size of 2.
978  */
979 TFTPD_TC_DEFINE(wrq_medium_window,)
980 {
981 	int fd;
982 	size_t i;
983 	ssize_t r;
984 	uint32_t contents[192];
985 	char buffer[1024];
986 	char options[] = OPTION_STR("windowsize", "2");
987 
988 	for (i = 0; i < nitems(contents); i++)
989 		contents[i] = i;
990 
991 	fd = open("medium.txt", O_RDWR | O_CREAT, 0666);
992 	ATF_REQUIRE(fd >= 0);
993 	close(fd);
994 
995 	SEND_WRQ_OPT("medium.txt", "octet", OPTION_STR("windowsize", "2"));
996 	recv_oack(options, sizeof(options) - 1);
997 	send_data(1, (const char*)&contents[0], 512);
998 	send_data(2, (const char*)&contents[128], 256);
999 	recv_ack(2);
1000 
1001 	fd = open("medium.txt", O_RDONLY);
1002 	ATF_REQUIRE(fd >= 0);
1003 	r = read(fd, buffer, sizeof(buffer));
1004 	close(fd);
1005 	require_bufeq((const char*)contents, 768, buffer, r);
1006 }
1007 
1008 /*
1009  * Write a file in netascii format
1010  */
1011 TFTPD_TC_DEFINE(wrq_netascii,)
1012 {
1013 	int fd;
1014 	ssize_t r;
1015 	/*
1016 	 * Weirdly, RFC-764 says that CR must be followed by NUL if a line feed
1017 	 * is not intended
1018 	 */
1019 	char contents[] = "foo\r\nbar\r\0baz\r\n";
1020 	char expected[] = "foo\nbar\rbaz\n";
1021 	size_t contents_len;
1022 	char buffer[1024];
1023 
1024 	fd = open("unix.txt", O_RDWR | O_CREAT, 0666);
1025 	ATF_REQUIRE(fd >= 0);
1026 	close(fd);
1027 	contents_len = sizeof(contents);
1028 
1029 	SEND_WRQ("unix.txt", "netascii");
1030 	recv_ack(0);
1031 	send_data(1, contents, contents_len);
1032 	recv_ack(1);
1033 
1034 	fd = open("unix.txt", O_RDONLY);
1035 	ATF_REQUIRE(fd >= 0);
1036 	r = read(fd, buffer, sizeof(buffer));
1037 	close(fd);
1038 	require_bufeq(expected, sizeof(expected), buffer, r);
1039 }
1040 
1041 /*
1042  * Attempt to write to a nonexistent file.  With the default options, this
1043  * isn't allowed.
1044  */
1045 TFTPD_TC_DEFINE(wrq_nonexistent,)
1046 {
1047 	SEND_WRQ("nonexistent.txt", "octet");
1048 	RECV_ERROR(1, "File not found");
1049 }
1050 
1051 /*
1052  * Write a small file of less than one block
1053  */
1054 TFTPD_TC_DEFINE(wrq_small,)
1055 {
1056 	int fd;
1057 	ssize_t r;
1058 	char contents[] = "small";
1059 	size_t contents_len;
1060 	char buffer[1024];
1061 
1062 	fd = open("small.txt", O_RDWR | O_CREAT, 0666);
1063 	ATF_REQUIRE(fd >= 0);
1064 	close(fd);
1065 	contents_len = strlen(contents) + 1;
1066 
1067 	SEND_WRQ("small.txt", "octet");
1068 	recv_ack(0);
1069 	send_data(1, contents, contents_len);
1070 	recv_ack(1);
1071 
1072 	fd = open("small.txt", O_RDONLY);
1073 	ATF_REQUIRE(fd >= 0);
1074 	r = read(fd, buffer, sizeof(buffer));
1075 	close(fd);
1076 	require_bufeq(contents, contents_len, buffer, r);
1077 }
1078 
1079 /*
1080  * Write an empty file over a non-empty one
1081  */
1082 TFTPD_TC_DEFINE(wrq_truncate,)
1083 {
1084 	int fd;
1085 	char contents[] = "small";
1086 	struct stat sb;
1087 
1088 	fd = open("small.txt", O_RDWR | O_CREAT, 0666);
1089 	ATF_REQUIRE(fd >= 0);
1090 	write_all(fd, contents, strlen(contents) + 1);
1091 	close(fd);
1092 
1093 	SEND_WRQ("small.txt", "octet");
1094 	recv_ack(0);
1095 	send_data(1, NULL, 0);
1096 	recv_ack(1);
1097 
1098 	ATF_REQUIRE_EQ(stat("small.txt", &sb), 0);
1099 	ATF_REQUIRE_EQ(sb.st_size, 0);
1100 }
1101 
1102 /*
1103  * Write a file following the example in RFC 7440.
1104  */
1105 TFTPD_TC_DEFINE(wrq_window_rfc7440,)
1106 {
1107 	int fd;
1108 	size_t i;
1109 	ssize_t r;
1110 	char options[] = OPTION_STR("windowsize", "4");
1111 	alignas(uint32_t) char contents[13 * 512 - 4];
1112 	char buffer[sizeof(contents)];
1113 	uint32_t *u32p;
1114 
1115 	u32p = (uint32_t *)contents;
1116 	for (i = 0; i < sizeof(contents) / sizeof(uint32_t); i++)
1117 		u32p[i] = i;
1118 
1119 	fd = open("rfc7440.txt", O_RDWR | O_CREAT, 0666);
1120 	ATF_REQUIRE(fd >= 0);
1121 	close(fd);
1122 
1123 	SEND_WRQ_OPT("rfc7440.txt", "octet", OPTION_STR("windowsize", "4"));
1124 	recv_oack(options, sizeof(options) - 1);
1125 	send_data(1, &contents[0 * 512], 512);
1126 	send_data(2, &contents[1 * 512], 512);
1127 	send_data(3, &contents[2 * 512], 512);
1128 	send_data(4, &contents[3 * 512], 512);
1129 	recv_ack(4);
1130 	send_data(5, &contents[4 * 512], 512);
1131 
1132 	/* Drop 6-8. */
1133 	recv_ack(5);
1134 	send_data(6, &contents[5 * 512], 512);
1135 	send_data(7, &contents[6 * 512], 512);
1136 	send_data(8, &contents[7 * 512], 512);
1137 	send_data(9, &contents[8 * 512], 512);
1138 	recv_ack(9);
1139 
1140 	/* Drop 11. */
1141 	send_data(10, &contents[9 * 512], 512);
1142 	send_data(12, &contents[11 * 512], 512);
1143 
1144 	/*
1145 	 * We can't send 13 here as tftpd has probably already seen 12
1146 	 * and sent the ACK of 10 if running locally.  While it would
1147 	 * recover by sending another ACK of 10, our state machine
1148 	 * would be out of sync.
1149 	 */
1150 
1151 	/* Ignore ACK for 10 and resend 10-13. */
1152 	recv_ack(10);
1153 	send_data(10, &contents[9 * 512], 512);
1154 	send_data(11, &contents[10 * 512], 512);
1155 	send_data(12, &contents[11 * 512], 512);
1156 	send_data(13, &contents[12 * 512], 508);
1157 	recv_ack(13);
1158 
1159 	fd = open("rfc7440.txt", O_RDONLY);
1160 	ATF_REQUIRE(fd >= 0);
1161 	r = read(fd, buffer, sizeof(buffer));
1162 	close(fd);
1163 	require_bufeq(contents, sizeof(contents), buffer, r);
1164 }
1165 
1166 
1167 /*
1168  * Main
1169  */
1170 
1171 ATF_TP_ADD_TCS(tp)
1172 {
1173 	TFTPD_TC_ADD(tp, abspath);
1174 	TFTPD_TC_ADD(tp, dotdot);
1175 	TFTPD_TC_ADD(tp, s_flag);
1176 	TFTPD_TC_ADD(tp, rrq_dropped_ack);
1177 	TFTPD_TC_ADD(tp, rrq_dropped_data);
1178 	TFTPD_TC_ADD(tp, rrq_duped_ack);
1179 	TFTPD_TC_ADD(tp, rrq_eaccess);
1180 	TFTPD_TC_ADD(tp, rrq_empty);
1181 	TFTPD_TC_ADD(tp, rrq_medium);
1182 	TFTPD_TC_ADD(tp, rrq_medium_window);
1183 	TFTPD_TC_ADD(tp, rrq_netascii);
1184 	TFTPD_TC_ADD(tp, rrq_nonexistent);
1185 	TFTPD_TC_ADD(tp, rrq_path_max);
1186 	TFTPD_TC_ADD(tp, rrq_small);
1187 	TFTPD_TC_ADD(tp, rrq_window_rfc7440);
1188 	TFTPD_TC_ADD(tp, unknown_modes);
1189 	TFTPD_TC_ADD(tp, unknown_opcode);
1190 	TFTPD_TC_ADD(tp, w_flag);
1191 	TFTPD_TC_ADD(tp, wrq_dropped_ack);
1192 	TFTPD_TC_ADD(tp, wrq_dropped_data);
1193 	TFTPD_TC_ADD(tp, wrq_duped_data);
1194 	TFTPD_TC_ADD(tp, wrq_eaccess);
1195 	TFTPD_TC_ADD(tp, wrq_eaccess_world_readable);
1196 	TFTPD_TC_ADD(tp, wrq_medium);
1197 	TFTPD_TC_ADD(tp, wrq_medium_window);
1198 	TFTPD_TC_ADD(tp, wrq_netascii);
1199 	TFTPD_TC_ADD(tp, wrq_nonexistent);
1200 	TFTPD_TC_ADD(tp, wrq_small);
1201 	TFTPD_TC_ADD(tp, wrq_truncate);
1202 	TFTPD_TC_ADD(tp, wrq_window_rfc7440);
1203 
1204 	return (atf_no_error());
1205 }
1206