1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2018 Alan Somers. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 #include <sys/cdefs.h> 29 __FBSDID("$FreeBSD$"); 30 31 #include <sys/param.h> 32 #include <sys/socket.h> 33 #include <sys/stat.h> 34 #include <sys/wait.h> 35 36 #include <netinet/in.h> 37 38 #include <errno.h> 39 #include <fcntl.h> 40 #include <signal.h> 41 #include <stdalign.h> 42 #include <stdio.h> 43 #include <unistd.h> 44 45 #include <atf-c.h> 46 #include <libutil.h> 47 48 static const uint16_t BASEPORT = 6969; 49 static const char pidfile[] = "tftpd.pid"; 50 static int protocol = PF_UNSPEC; 51 static int s = -1; /* tftp client socket */ 52 static struct sockaddr_storage addr; /* Destination address for the client */ 53 static bool s_flag = false; /* Pass -s to tftpd */ 54 static bool w_flag = false; /* Pass -w to tftpd */ 55 56 /* Helper functions*/ 57 static void require_bufeq(const char *expected, ssize_t expected_len, 58 const char *actual, ssize_t len); 59 60 /* 61 * Receive a response from tftpd 62 * @param hdr The reply's expected header, as a char array 63 * @param contents The reply's expected contents, as a char array 64 * @param contents_len Length of contents 65 */ 66 #define RECV(hdr, contents, contents_len) do { \ 67 char buffer[1024]; \ 68 struct sockaddr_storage from; \ 69 socklen_t fromlen = sizeof(from); \ 70 ssize_t r = recvfrom(s, buffer, sizeof(buffer), 0, \ 71 (struct sockaddr*)&from, &fromlen); \ 72 ATF_REQUIRE(r > 0); \ 73 require_bufeq((hdr), sizeof(hdr), buffer, \ 74 MIN(r, (ssize_t)sizeof(hdr))); \ 75 require_bufeq((const char*) (contents), (contents_len), \ 76 &buffer[sizeof(hdr)], r - sizeof(hdr)); \ 77 if (protocol == PF_INET) { \ 78 ((struct sockaddr_in*)&addr)->sin_port = \ 79 ((struct sockaddr_in*)&from)->sin_port; \ 80 } else { \ 81 ((struct sockaddr_in6*)&addr)->sin6_port = \ 82 ((struct sockaddr_in6*)&from)->sin6_port; \ 83 } \ 84 } while(0) 85 86 static void 87 recv_ack(uint16_t blocknum) 88 { 89 char hdr[] = {0, 4, blocknum >> 8, blocknum & 0xFF}; 90 RECV(hdr, NULL, 0); 91 } 92 93 static void 94 recv_oack(const char *options, size_t options_len) 95 { 96 char hdr[] = {0, 6}; 97 RECV(hdr, options, options_len); 98 } 99 100 /* 101 * Receive a data packet from tftpd 102 * @param blocknum Expected block number to be received 103 * @param contents Pointer to expected contents 104 * @param contents_len Length of contents expected to receive 105 */ 106 static void 107 recv_data(uint16_t blocknum, const char* contents, size_t contents_len) 108 { 109 char hdr[] = {0, 3, blocknum >> 8, blocknum & 0xFF}; 110 RECV(hdr, contents, contents_len); 111 } 112 113 #define RECV_ERROR(code, msg) do { \ 114 char hdr[] = {0, 5, code >> 8, code & 0xFF}; \ 115 RECV(hdr, msg, sizeof(msg)); \ 116 } while (0) 117 118 /* 119 * send a command to tftpd. 120 * @param cmd Command to send, as a char array 121 */ 122 static void 123 send_bytes(const void* cmd, ssize_t len) 124 { 125 ssize_t r; 126 127 r = sendto(s, cmd, len, 0, (struct sockaddr*)(&addr), addr.ss_len); 128 ATF_REQUIRE_EQ(r, len); 129 } 130 131 static void 132 send_data(uint16_t blocknum, const char* contents, size_t contents_len) 133 { 134 char buffer[1024]; 135 136 buffer[0] = 0; /* DATA opcode high byte */ 137 buffer[1] = 3; /* DATA opcode low byte */ 138 buffer[2] = blocknum >> 8; 139 buffer[3] = blocknum & 0xFF; 140 memmove(&buffer[4], contents, contents_len); 141 send_bytes(buffer, 4 + contents_len); 142 } 143 144 /* 145 * send a command to tftpd. 146 * @param cmd Command to send, as a const string 147 * (terminating NUL will be ignored) 148 */ 149 #define SEND_STR(cmd) ATF_REQUIRE_EQ( \ 150 sendto(s, (cmd), sizeof(cmd) - 1, 0, (struct sockaddr*)(&addr), \ 151 addr.ss_len), \ 152 sizeof(cmd) - 1) 153 154 /* 155 * Acknowledge block blocknum 156 */ 157 static void 158 send_ack(uint16_t blocknum) 159 { 160 char packet[] = { 161 0, 4, /* ACK opcode in BE */ 162 blocknum >> 8, 163 blocknum & 0xFF 164 }; 165 166 send_bytes(packet, sizeof(packet)); 167 168 } 169 170 /* 171 * build an option string 172 */ 173 #define OPTION_STR(name, value) name "\000" value "\000" 174 175 /* 176 * send a read request to tftpd. 177 * @param filename filename as a string, absolute or relative 178 * @param mode either "octet" or "netascii" 179 */ 180 #define SEND_RRQ(filename, mode) SEND_STR("\0\001" filename "\0" mode "\0") 181 182 /* 183 * send a read request with options 184 */ 185 #define SEND_RRQ_OPT(filename, mode, options) SEND_STR("\0\001" filename "\0" mode "\000" options) 186 187 /* 188 * send a write request to tftpd. 189 * @param filename filename as a string, absolute or relative 190 * @param mode either "octet" or "netascii" 191 */ 192 #define SEND_WRQ(filename, mode) SEND_STR("\0\002" filename "\0" mode "\0") 193 194 /* 195 * send a write request with options 196 */ 197 #define SEND_WRQ_OPT(filename, mode, options) SEND_STR("\0\002" filename "\0" mode "\000" options) 198 199 /* Define a test case, for both IPv4 and IPv6 */ 200 #define TFTPD_TC_DEFINE(name, head, ...) \ 201 static void \ 202 name ## _body(void); \ 203 ATF_TC_WITH_CLEANUP(name ## _v4); \ 204 ATF_TC_HEAD(name ## _v4, tc) \ 205 { \ 206 head \ 207 } \ 208 ATF_TC_BODY(name ## _v4, tc) \ 209 { \ 210 __VA_ARGS__; \ 211 protocol = AF_INET; \ 212 s = setup(&addr, __COUNTER__); \ 213 name ## _body(); \ 214 close(s); \ 215 } \ 216 ATF_TC_CLEANUP(name ## _v4, tc) \ 217 { \ 218 cleanup(); \ 219 } \ 220 ATF_TC_WITH_CLEANUP(name ## _v6); \ 221 ATF_TC_HEAD(name ## _v6, tc) \ 222 { \ 223 head \ 224 } \ 225 ATF_TC_BODY(name ## _v6, tc) \ 226 { \ 227 __VA_ARGS__; \ 228 protocol = AF_INET6; \ 229 s = setup(&addr, __COUNTER__); \ 230 name ## _body(); \ 231 close(s); \ 232 } \ 233 ATF_TC_CLEANUP(name ## _v6, tc) \ 234 { \ 235 cleanup(); \ 236 } \ 237 static void \ 238 name ## _body(void) 239 240 /* Add the IPv4 and IPv6 versions of a test case */ 241 #define TFTPD_TC_ADD(tp, name ) \ 242 do { \ 243 ATF_TP_ADD_TC(tp, name ## _v4); \ 244 ATF_TP_ADD_TC(tp, name ## _v6); \ 245 } while (0) 246 247 /* Standard cleanup used by all testcases */ 248 static void 249 cleanup(void) 250 { 251 FILE *f; 252 pid_t pid; 253 254 f = fopen(pidfile, "r"); 255 if (f == NULL) 256 return; 257 if (fscanf(f, "%d", &pid) == 1) { 258 kill(pid, SIGTERM); 259 waitpid(pid, NULL, 0); 260 } 261 fclose(f); 262 unlink(pidfile); 263 } 264 265 /* Assert that two binary buffers are identical */ 266 static void 267 require_bufeq(const char *expected, ssize_t expected_len, const char *actual, 268 ssize_t len) 269 { 270 ssize_t i; 271 272 ATF_REQUIRE_EQ_MSG(expected_len, len, 273 "Expected %zd bytes but got %zd", expected_len, len); 274 for (i = 0; i < len; i++) { 275 ATF_REQUIRE_EQ_MSG(actual[i], expected[i], 276 "Expected %#hhx at position %zd; got %hhx instead", 277 expected[i], i, actual[i]); 278 } 279 } 280 281 /* 282 * Start tftpd and return its communicating socket 283 * @param to Will be filled in for use with sendto 284 * @param idx Unique identifier of the test case 285 * @return Socket ready to use 286 */ 287 static int 288 setup(struct sockaddr_storage *to, uint16_t idx) 289 { 290 int client_s, server_s, pid, argv_idx; 291 char execname[] = "/usr/libexec/tftpd"; 292 char s_flag_str[] = "-s"; 293 char w_flag_str[] = "-w"; 294 char pwd[MAXPATHLEN]; 295 char *argv[10]; 296 struct sockaddr_in addr4; 297 struct sockaddr_in6 addr6; 298 struct sockaddr *server_addr; 299 struct pidfh *pfh; 300 uint16_t port = BASEPORT + idx; 301 socklen_t len; 302 303 if (protocol == PF_INET) { 304 len = sizeof(addr4); 305 bzero(&addr4, len); 306 addr4.sin_len = len; 307 addr4.sin_family = PF_INET; 308 addr4.sin_port = htons(port); 309 server_addr = (struct sockaddr*)&addr4; 310 } else { 311 len = sizeof(addr6); 312 bzero(&addr6, len); 313 addr6.sin6_len = len; 314 addr6.sin6_family = PF_INET6; 315 addr6.sin6_port = htons(port); 316 server_addr = (struct sockaddr*)&addr6; 317 } 318 319 ATF_REQUIRE_EQ(getcwd(pwd, sizeof(pwd)), pwd); 320 321 /* Must bind(2) pre-fork so it happens before the client's send(2) */ 322 ATF_REQUIRE((server_s = socket(protocol, SOCK_DGRAM, 0)) > 0); 323 ATF_REQUIRE_EQ_MSG(bind(server_s, server_addr, len), 0, 324 "bind failed with error %s", strerror(errno)); 325 326 pid = fork(); 327 switch (pid) { 328 case -1: 329 atf_tc_fail("fork failed"); 330 break; 331 case 0: 332 /* In child */ 333 pfh = pidfile_open(pidfile, 0644, NULL); 334 ATF_REQUIRE_MSG(pfh != NULL, 335 "pidfile_open: %s", strerror(errno)); 336 ATF_REQUIRE_EQ(pidfile_write(pfh), 0); 337 ATF_REQUIRE_EQ(pidfile_close(pfh), 0); 338 339 bzero(argv, sizeof(argv)); 340 argv[0] = execname; 341 argv_idx = 1; 342 if (w_flag) 343 argv[argv_idx++] = w_flag_str; 344 if (s_flag) 345 argv[argv_idx++] = s_flag_str; 346 argv[argv_idx++] = pwd; 347 ATF_REQUIRE_EQ(dup2(server_s, STDOUT_FILENO), STDOUT_FILENO); 348 ATF_REQUIRE_EQ(dup2(server_s, STDIN_FILENO), STDIN_FILENO); 349 ATF_REQUIRE_EQ(dup2(server_s, STDERR_FILENO), STDERR_FILENO); 350 execv(execname, argv); 351 atf_tc_fail("exec failed"); 352 break; 353 default: 354 /* In parent */ 355 bzero(to, sizeof(*to)); 356 if (protocol == PF_INET) { 357 struct sockaddr_in *to4 = (struct sockaddr_in*)to; 358 to4->sin_len = sizeof(*to4); 359 to4->sin_family = PF_INET; 360 to4->sin_port = htons(port); 361 to4->sin_addr.s_addr = htonl(INADDR_LOOPBACK); 362 } else { 363 struct in6_addr loopback = IN6ADDR_LOOPBACK_INIT; 364 struct sockaddr_in6 *to6 = (struct sockaddr_in6*)to; 365 to6->sin6_len = sizeof(*to6); 366 to6->sin6_family = PF_INET6; 367 to6->sin6_port = htons(port); 368 to6->sin6_addr = loopback; 369 } 370 371 close(server_s); 372 ATF_REQUIRE((client_s = socket(protocol, SOCK_DGRAM, 0)) > 0); 373 break; 374 } 375 376 /* Clear the client's umask. Test cases will specify exact modes */ 377 umask(0000); 378 379 return (client_s); 380 } 381 382 /* Like write(2), but never returns less than the requested length */ 383 static void 384 write_all(int fd, const void *buf, size_t nbytes) 385 { 386 ssize_t r; 387 388 while (nbytes > 0) { 389 r = write(fd, buf, nbytes); 390 ATF_REQUIRE(r > 0); 391 nbytes -= r; 392 buf = (const char*)buf + r; 393 } 394 } 395 396 397 /* 398 * Test Cases 399 */ 400 401 /* 402 * Read a file, specified by absolute pathname. 403 */ 404 TFTPD_TC_DEFINE(abspath,) 405 { 406 int fd; 407 char command[1024]; 408 size_t pathlen; 409 char suffix[] = {'\0', 'o', 'c', 't', 'e', 't', '\0'}; 410 411 command[0] = 0; /* RRQ high byte */ 412 command[1] = 1; /* RRQ low byte */ 413 ATF_REQUIRE(getcwd(&command[2], sizeof(command) - 2) != NULL); 414 pathlen = strlcat(&command[2], "/abspath.txt", sizeof(command) - 2); 415 ATF_REQUIRE(pathlen + sizeof(suffix) < sizeof(command) - 2); 416 memmove(&command[2 + pathlen], suffix, sizeof(suffix)); 417 418 fd = open("abspath.txt", O_CREAT | O_RDONLY, 0644); 419 ATF_REQUIRE(fd >= 0); 420 close(fd); 421 422 send_bytes(command, 2 + pathlen + sizeof(suffix)); 423 recv_data(1, NULL, 0); 424 send_ack(1); 425 } 426 427 /* 428 * Attempt to read a file outside of the allowed directory(ies) 429 */ 430 TFTPD_TC_DEFINE(dotdot,) 431 { 432 ATF_REQUIRE_EQ(mkdir("subdir", 0777), 0); 433 SEND_RRQ("../disallowed.txt", "octet"); 434 RECV_ERROR(2, "Access violation"); 435 s = setup(&addr, __COUNTER__); \ 436 SEND_RRQ("subdir/../../disallowed.txt", "octet"); 437 RECV_ERROR(2, "Access violation"); 438 s = setup(&addr, __COUNTER__); \ 439 SEND_RRQ("/etc/passwd", "octet"); 440 RECV_ERROR(2, "Access violation"); 441 } 442 443 /* 444 * With "-s", tftpd should chroot to the specified directory 445 */ 446 TFTPD_TC_DEFINE(s_flag, atf_tc_set_md_var(tc, "require.user", "root");, 447 s_flag = true) 448 { 449 int fd; 450 char contents[] = "small"; 451 452 fd = open("small.txt", O_RDWR | O_CREAT, 0644); 453 ATF_REQUIRE(fd >= 0); 454 write_all(fd, contents, strlen(contents) + 1); 455 close(fd); 456 457 SEND_RRQ("/small.txt", "octet"); 458 recv_data(1, contents, strlen(contents) + 1); 459 send_ack(1); 460 } 461 462 /* 463 * Read a file, and simulate a dropped ACK packet 464 */ 465 TFTPD_TC_DEFINE(rrq_dropped_ack,) 466 { 467 int fd; 468 char contents[] = "small"; 469 470 fd = open("small.txt", O_RDWR | O_CREAT, 0644); 471 ATF_REQUIRE(fd >= 0); 472 write_all(fd, contents, strlen(contents) + 1); 473 close(fd); 474 475 SEND_RRQ("small.txt", "octet"); 476 recv_data(1, contents, strlen(contents) + 1); 477 /* 478 * client "sends" the ack, but network drops it 479 * Eventually, tftpd should resend the data packet 480 */ 481 recv_data(1, contents, strlen(contents) + 1); 482 send_ack(1); 483 } 484 485 /* 486 * Read a file, and simulate a dropped DATA packet 487 */ 488 TFTPD_TC_DEFINE(rrq_dropped_data,) 489 { 490 int fd; 491 size_t i; 492 uint32_t contents[192]; 493 char buffer[1024]; 494 495 for (i = 0; i < nitems(contents); i++) 496 contents[i] = i; 497 498 fd = open("medium.txt", O_RDWR | O_CREAT, 0644); 499 ATF_REQUIRE(fd >= 0); 500 write_all(fd, contents, sizeof(contents)); 501 close(fd); 502 503 SEND_RRQ("medium.txt", "octet"); 504 recv_data(1, (const char*)&contents[0], 512); 505 send_ack(1); 506 (void) recvfrom(s, buffer, sizeof(buffer), 0, NULL, NULL); 507 /* 508 * server "sends" the data, but network drops it 509 * Eventually, client should resend the last ACK 510 */ 511 send_ack(1); 512 recv_data(2, (const char*)&contents[128], 256); 513 send_ack(2); 514 } 515 516 /* 517 * Read a medium file, and simulate a duplicated ACK packet 518 */ 519 TFTPD_TC_DEFINE(rrq_duped_ack,) 520 { 521 int fd; 522 size_t i; 523 uint32_t contents[192]; 524 525 for (i = 0; i < nitems(contents); i++) 526 contents[i] = i; 527 528 fd = open("medium.txt", O_RDWR | O_CREAT, 0644); 529 ATF_REQUIRE(fd >= 0); 530 write_all(fd, contents, sizeof(contents)); 531 close(fd); 532 533 SEND_RRQ("medium.txt", "octet"); 534 recv_data(1, (const char*)&contents[0], 512); 535 send_ack(1); 536 send_ack(1); /* Dupe an ACK packet */ 537 recv_data(2, (const char*)&contents[128], 256); 538 recv_data(2, (const char*)&contents[128], 256); 539 send_ack(2); 540 } 541 542 543 /* 544 * Attempt to read a file without read permissions 545 */ 546 TFTPD_TC_DEFINE(rrq_eaccess,) 547 { 548 int fd; 549 550 fd = open("empty.txt", O_CREAT | O_RDONLY, 0000); 551 ATF_REQUIRE(fd >= 0); 552 close(fd); 553 554 SEND_RRQ("empty.txt", "octet"); 555 RECV_ERROR(2, "Access violation"); 556 } 557 558 /* 559 * Read an empty file 560 */ 561 TFTPD_TC_DEFINE(rrq_empty,) 562 { 563 int fd; 564 565 fd = open("empty.txt", O_CREAT | O_RDONLY, 0644); 566 ATF_REQUIRE(fd >= 0); 567 close(fd); 568 569 SEND_RRQ("empty.txt", "octet"); 570 recv_data(1, NULL, 0); 571 send_ack(1); 572 } 573 574 /* 575 * Read a medium file of more than one block 576 */ 577 TFTPD_TC_DEFINE(rrq_medium,) 578 { 579 int fd; 580 size_t i; 581 uint32_t contents[192]; 582 583 for (i = 0; i < nitems(contents); i++) 584 contents[i] = i; 585 586 fd = open("medium.txt", O_RDWR | O_CREAT, 0644); 587 ATF_REQUIRE(fd >= 0); 588 write_all(fd, contents, sizeof(contents)); 589 close(fd); 590 591 SEND_RRQ("medium.txt", "octet"); 592 recv_data(1, (const char*)&contents[0], 512); 593 send_ack(1); 594 recv_data(2, (const char*)&contents[128], 256); 595 send_ack(2); 596 } 597 598 /* 599 * Read a medium file with a window size of 2. 600 */ 601 TFTPD_TC_DEFINE(rrq_medium_window,) 602 { 603 int fd; 604 size_t i; 605 uint32_t contents[192]; 606 char options[] = OPTION_STR("windowsize", "2"); 607 608 for (i = 0; i < nitems(contents); i++) 609 contents[i] = i; 610 611 fd = open("medium.txt", O_RDWR | O_CREAT, 0644); 612 ATF_REQUIRE(fd >= 0); 613 write_all(fd, contents, sizeof(contents)); 614 close(fd); 615 616 SEND_RRQ_OPT("medium.txt", "octet", OPTION_STR("windowsize", "2")); 617 recv_oack(options, sizeof(options) - 1); 618 send_ack(0); 619 recv_data(1, (const char*)&contents[0], 512); 620 recv_data(2, (const char*)&contents[128], 256); 621 send_ack(2); 622 } 623 624 /* 625 * Read a file in netascii format 626 */ 627 TFTPD_TC_DEFINE(rrq_netascii,) 628 { 629 int fd; 630 char contents[] = "foo\nbar\rbaz\n"; 631 /* 632 * Weirdly, RFC-764 says that CR must be followed by NUL if a line feed 633 * is not intended 634 */ 635 char expected[] = "foo\r\nbar\r\0baz\r\n"; 636 637 fd = open("unix.txt", O_RDWR | O_CREAT, 0644); 638 ATF_REQUIRE(fd >= 0); 639 write_all(fd, contents, strlen(contents) + 1); 640 close(fd); 641 642 SEND_RRQ("unix.txt", "netascii"); 643 recv_data(1, expected, sizeof(expected)); 644 send_ack(1); 645 } 646 647 /* 648 * Read a file that doesn't exist 649 */ 650 TFTPD_TC_DEFINE(rrq_nonexistent,) 651 { 652 SEND_RRQ("nonexistent.txt", "octet"); 653 RECV_ERROR(1, "File not found"); 654 } 655 656 /* 657 * Attempt to read a file whose name exceeds PATH_MAX 658 */ 659 TFTPD_TC_DEFINE(rrq_path_max,) 660 { 661 #define AReallyBigFileName \ 662 "AReallyBigFileNameXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\ 663 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\ 664 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\ 665 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\ 666 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\ 667 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\ 668 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\ 669 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\ 670 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\ 671 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\ 672 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\ 673 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\ 674 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\ 675 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\ 676 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\ 677 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\ 678 ".txt" 679 ATF_REQUIRE_MSG(strlen(AReallyBigFileName) > PATH_MAX, 680 "Somebody increased PATH_MAX. Update the test"); 681 SEND_RRQ(AReallyBigFileName, "octet"); 682 RECV_ERROR(4, "Illegal TFTP operation"); 683 } 684 685 /* 686 * Read a small file of less than one block 687 */ 688 TFTPD_TC_DEFINE(rrq_small,) 689 { 690 int fd; 691 char contents[] = "small"; 692 693 fd = open("small.txt", O_RDWR | O_CREAT, 0644); 694 ATF_REQUIRE(fd >= 0); 695 write_all(fd, contents, strlen(contents) + 1); 696 close(fd); 697 698 SEND_RRQ("small.txt", "octet"); 699 recv_data(1, contents, strlen(contents) + 1); 700 send_ack(1); 701 } 702 703 /* 704 * Read a file following the example in RFC 7440. 705 */ 706 TFTPD_TC_DEFINE(rrq_window_rfc7440,) 707 { 708 int fd; 709 size_t i; 710 char options[] = OPTION_STR("windowsize", "4"); 711 alignas(uint32_t) char contents[13 * 512 - 4]; 712 uint32_t *u32p; 713 714 u32p = (uint32_t *)contents; 715 for (i = 0; i < sizeof(contents) / sizeof(uint32_t); i++) 716 u32p[i] = i; 717 718 fd = open("rfc7440.txt", O_RDWR | O_CREAT, 0644); 719 ATF_REQUIRE(fd >= 0); 720 write_all(fd, contents, sizeof(contents)); 721 close(fd); 722 723 SEND_RRQ_OPT("rfc7440.txt", "octet", OPTION_STR("windowsize", "4")); 724 recv_oack(options, sizeof(options) - 1); 725 send_ack(0); 726 recv_data(1, &contents[0 * 512], 512); 727 recv_data(2, &contents[1 * 512], 512); 728 recv_data(3, &contents[2 * 512], 512); 729 recv_data(4, &contents[3 * 512], 512); 730 send_ack(4); 731 recv_data(5, &contents[4 * 512], 512); 732 recv_data(6, &contents[5 * 512], 512); 733 recv_data(7, &contents[6 * 512], 512); 734 recv_data(8, &contents[7 * 512], 512); 735 736 /* ACK 5 as if 6-8 were dropped. */ 737 send_ack(5); 738 recv_data(6, &contents[5 * 512], 512); 739 recv_data(7, &contents[6 * 512], 512); 740 recv_data(8, &contents[7 * 512], 512); 741 recv_data(9, &contents[8 * 512], 512); 742 send_ack(9); 743 recv_data(10, &contents[9 * 512], 512); 744 recv_data(11, &contents[10 * 512], 512); 745 recv_data(12, &contents[11 * 512], 512); 746 recv_data(13, &contents[12 * 512], 508); 747 748 /* Drop ACK and after timeout receive 10-13. */ 749 recv_data(10, &contents[9 * 512], 512); 750 recv_data(11, &contents[10 * 512], 512); 751 recv_data(12, &contents[11 * 512], 512); 752 recv_data(13, &contents[12 * 512], 508); 753 send_ack(13); 754 } 755 756 /* 757 * Try to transfer a file with an unknown mode. 758 */ 759 TFTPD_TC_DEFINE(unknown_modes,) 760 { 761 SEND_RRQ("foo.txt", "ascii"); /* Misspelling of "ascii" */ 762 RECV_ERROR(4, "Illegal TFTP operation"); 763 s = setup(&addr, __COUNTER__); \ 764 SEND_RRQ("foo.txt", "binary"); /* Obsolete. Use "octet" instead */ 765 RECV_ERROR(4, "Illegal TFTP operation"); 766 s = setup(&addr, __COUNTER__); \ 767 SEND_RRQ("foo.txt", "en_US.UTF-8"); 768 RECV_ERROR(4, "Illegal TFTP operation"); 769 s = setup(&addr, __COUNTER__); \ 770 SEND_RRQ("foo.txt", "mail"); /* Obsolete in RFC-1350 */ 771 RECV_ERROR(4, "Illegal TFTP operation"); 772 } 773 774 /* 775 * Send an unknown opcode. tftpd should respond with the appropriate error 776 */ 777 TFTPD_TC_DEFINE(unknown_opcode,) 778 { 779 /* Looks like an RRQ or WRQ request, but with a bad opcode */ 780 SEND_STR("\0\007foo.txt\0octet\0"); 781 RECV_ERROR(4, "Illegal TFTP operation"); 782 } 783 784 /* 785 * Invoke tftpd with "-w" and write to a nonexistent file. 786 */ 787 TFTPD_TC_DEFINE(w_flag,, w_flag = 1;) 788 { 789 int fd; 790 ssize_t r; 791 char contents[] = "small"; 792 char buffer[1024]; 793 size_t contents_len; 794 795 contents_len = strlen(contents) + 1; 796 SEND_WRQ("small.txt", "octet"); 797 recv_ack(0); 798 send_data(1, contents, contents_len); 799 recv_ack(1); 800 801 fd = open("small.txt", O_RDONLY); 802 ATF_REQUIRE(fd >= 0); 803 r = read(fd, buffer, sizeof(buffer)); 804 close(fd); 805 require_bufeq(contents, contents_len, buffer, r); 806 } 807 808 /* 809 * Write a medium file, and simulate a dropped ACK packet 810 */ 811 TFTPD_TC_DEFINE(wrq_dropped_ack,) 812 { 813 int fd; 814 size_t i; 815 ssize_t r; 816 uint32_t contents[192]; 817 char buffer[1024]; 818 819 for (i = 0; i < nitems(contents); i++) 820 contents[i] = i; 821 822 fd = open("medium.txt", O_RDWR | O_CREAT, 0666); 823 ATF_REQUIRE(fd >= 0); 824 close(fd); 825 826 SEND_WRQ("medium.txt", "octet"); 827 recv_ack(0); 828 send_data(1, (const char*)&contents[0], 512); 829 /* 830 * Servers "sends" an ACK packet, but network drops it. 831 * Eventually, server should resend the last ACK 832 */ 833 (void) recvfrom(s, buffer, sizeof(buffer), 0, NULL, NULL); 834 recv_ack(1); 835 send_data(2, (const char*)&contents[128], 256); 836 recv_ack(2); 837 838 fd = open("medium.txt", O_RDONLY); 839 ATF_REQUIRE(fd >= 0); 840 r = read(fd, buffer, sizeof(buffer)); 841 close(fd); 842 require_bufeq((const char*)contents, 768, buffer, r); 843 } 844 845 /* 846 * Write a small file, and simulate a dropped DATA packet 847 */ 848 TFTPD_TC_DEFINE(wrq_dropped_data,) 849 { 850 int fd; 851 ssize_t r; 852 char contents[] = "small"; 853 size_t contents_len; 854 char buffer[1024]; 855 856 fd = open("small.txt", O_RDWR | O_CREAT, 0666); 857 ATF_REQUIRE(fd >= 0); 858 close(fd); 859 contents_len = strlen(contents) + 1; 860 861 SEND_WRQ("small.txt", "octet"); 862 recv_ack(0); 863 /* 864 * Client "sends" a DATA packet, but network drops it. 865 * Eventually, server should resend the last ACK 866 */ 867 recv_ack(0); 868 send_data(1, contents, contents_len); 869 recv_ack(1); 870 871 fd = open("small.txt", O_RDONLY); 872 ATF_REQUIRE(fd >= 0); 873 r = read(fd, buffer, sizeof(buffer)); 874 close(fd); 875 require_bufeq(contents, contents_len, buffer, r); 876 } 877 878 /* 879 * Write a medium file, and simulate a duplicated DATA packet 880 */ 881 TFTPD_TC_DEFINE(wrq_duped_data,) 882 { 883 int fd; 884 size_t i; 885 ssize_t r; 886 uint32_t contents[192]; 887 char buffer[1024]; 888 889 for (i = 0; i < nitems(contents); i++) 890 contents[i] = i; 891 892 fd = open("medium.txt", O_RDWR | O_CREAT, 0666); 893 ATF_REQUIRE(fd >= 0); 894 close(fd); 895 896 SEND_WRQ("medium.txt", "octet"); 897 recv_ack(0); 898 send_data(1, (const char*)&contents[0], 512); 899 send_data(1, (const char*)&contents[0], 512); 900 recv_ack(1); 901 recv_ack(1); 902 send_data(2, (const char*)&contents[128], 256); 903 recv_ack(2); 904 905 fd = open("medium.txt", O_RDONLY); 906 ATF_REQUIRE(fd >= 0); 907 r = read(fd, buffer, sizeof(buffer)); 908 close(fd); 909 require_bufeq((const char*)contents, 768, buffer, r); 910 } 911 912 /* 913 * Attempt to write a file without write permissions 914 */ 915 TFTPD_TC_DEFINE(wrq_eaccess,) 916 { 917 int fd; 918 919 fd = open("empty.txt", O_CREAT | O_RDONLY, 0440); 920 ATF_REQUIRE(fd >= 0); 921 close(fd); 922 923 SEND_WRQ("empty.txt", "octet"); 924 RECV_ERROR(2, "Access violation"); 925 } 926 927 /* 928 * Attempt to write a file without world write permissions, but with world 929 * read permissions 930 */ 931 TFTPD_TC_DEFINE(wrq_eaccess_world_readable,) 932 { 933 int fd; 934 935 fd = open("empty.txt", O_CREAT | O_RDONLY, 0444); 936 ATF_REQUIRE(fd >= 0); 937 close(fd); 938 939 SEND_WRQ("empty.txt", "octet"); 940 RECV_ERROR(2, "Access violation"); 941 } 942 943 944 /* 945 * Write a medium file of more than one block 946 */ 947 TFTPD_TC_DEFINE(wrq_medium,) 948 { 949 int fd; 950 size_t i; 951 ssize_t r; 952 uint32_t contents[192]; 953 char buffer[1024]; 954 955 for (i = 0; i < nitems(contents); i++) 956 contents[i] = i; 957 958 fd = open("medium.txt", O_RDWR | O_CREAT, 0666); 959 ATF_REQUIRE(fd >= 0); 960 close(fd); 961 962 SEND_WRQ("medium.txt", "octet"); 963 recv_ack(0); 964 send_data(1, (const char*)&contents[0], 512); 965 recv_ack(1); 966 send_data(2, (const char*)&contents[128], 256); 967 recv_ack(2); 968 969 fd = open("medium.txt", O_RDONLY); 970 ATF_REQUIRE(fd >= 0); 971 r = read(fd, buffer, sizeof(buffer)); 972 close(fd); 973 require_bufeq((const char*)contents, 768, buffer, r); 974 } 975 976 /* 977 * Write a medium file with a window size of 2. 978 */ 979 TFTPD_TC_DEFINE(wrq_medium_window,) 980 { 981 int fd; 982 size_t i; 983 ssize_t r; 984 uint32_t contents[192]; 985 char buffer[1024]; 986 char options[] = OPTION_STR("windowsize", "2"); 987 988 for (i = 0; i < nitems(contents); i++) 989 contents[i] = i; 990 991 fd = open("medium.txt", O_RDWR | O_CREAT, 0666); 992 ATF_REQUIRE(fd >= 0); 993 close(fd); 994 995 SEND_WRQ_OPT("medium.txt", "octet", OPTION_STR("windowsize", "2")); 996 recv_oack(options, sizeof(options) - 1); 997 send_data(1, (const char*)&contents[0], 512); 998 send_data(2, (const char*)&contents[128], 256); 999 recv_ack(2); 1000 1001 fd = open("medium.txt", O_RDONLY); 1002 ATF_REQUIRE(fd >= 0); 1003 r = read(fd, buffer, sizeof(buffer)); 1004 close(fd); 1005 require_bufeq((const char*)contents, 768, buffer, r); 1006 } 1007 1008 /* 1009 * Write a file in netascii format 1010 */ 1011 TFTPD_TC_DEFINE(wrq_netascii,) 1012 { 1013 int fd; 1014 ssize_t r; 1015 /* 1016 * Weirdly, RFC-764 says that CR must be followed by NUL if a line feed 1017 * is not intended 1018 */ 1019 char contents[] = "foo\r\nbar\r\0baz\r\n"; 1020 char expected[] = "foo\nbar\rbaz\n"; 1021 size_t contents_len; 1022 char buffer[1024]; 1023 1024 fd = open("unix.txt", O_RDWR | O_CREAT, 0666); 1025 ATF_REQUIRE(fd >= 0); 1026 close(fd); 1027 contents_len = sizeof(contents); 1028 1029 SEND_WRQ("unix.txt", "netascii"); 1030 recv_ack(0); 1031 send_data(1, contents, contents_len); 1032 recv_ack(1); 1033 1034 fd = open("unix.txt", O_RDONLY); 1035 ATF_REQUIRE(fd >= 0); 1036 r = read(fd, buffer, sizeof(buffer)); 1037 close(fd); 1038 require_bufeq(expected, sizeof(expected), buffer, r); 1039 } 1040 1041 /* 1042 * Attempt to write to a nonexistent file. With the default options, this 1043 * isn't allowed. 1044 */ 1045 TFTPD_TC_DEFINE(wrq_nonexistent,) 1046 { 1047 SEND_WRQ("nonexistent.txt", "octet"); 1048 RECV_ERROR(1, "File not found"); 1049 } 1050 1051 /* 1052 * Write a small file of less than one block 1053 */ 1054 TFTPD_TC_DEFINE(wrq_small,) 1055 { 1056 int fd; 1057 ssize_t r; 1058 char contents[] = "small"; 1059 size_t contents_len; 1060 char buffer[1024]; 1061 1062 fd = open("small.txt", O_RDWR | O_CREAT, 0666); 1063 ATF_REQUIRE(fd >= 0); 1064 close(fd); 1065 contents_len = strlen(contents) + 1; 1066 1067 SEND_WRQ("small.txt", "octet"); 1068 recv_ack(0); 1069 send_data(1, contents, contents_len); 1070 recv_ack(1); 1071 1072 fd = open("small.txt", O_RDONLY); 1073 ATF_REQUIRE(fd >= 0); 1074 r = read(fd, buffer, sizeof(buffer)); 1075 close(fd); 1076 require_bufeq(contents, contents_len, buffer, r); 1077 } 1078 1079 /* 1080 * Write an empty file over a non-empty one 1081 */ 1082 TFTPD_TC_DEFINE(wrq_truncate,) 1083 { 1084 int fd; 1085 char contents[] = "small"; 1086 struct stat sb; 1087 1088 fd = open("small.txt", O_RDWR | O_CREAT, 0666); 1089 ATF_REQUIRE(fd >= 0); 1090 write_all(fd, contents, strlen(contents) + 1); 1091 close(fd); 1092 1093 SEND_WRQ("small.txt", "octet"); 1094 recv_ack(0); 1095 send_data(1, NULL, 0); 1096 recv_ack(1); 1097 1098 ATF_REQUIRE_EQ(stat("small.txt", &sb), 0); 1099 ATF_REQUIRE_EQ(sb.st_size, 0); 1100 } 1101 1102 /* 1103 * Write a file following the example in RFC 7440. 1104 */ 1105 TFTPD_TC_DEFINE(wrq_window_rfc7440,) 1106 { 1107 int fd; 1108 size_t i; 1109 ssize_t r; 1110 char options[] = OPTION_STR("windowsize", "4"); 1111 alignas(uint32_t) char contents[13 * 512 - 4]; 1112 char buffer[sizeof(contents)]; 1113 uint32_t *u32p; 1114 1115 u32p = (uint32_t *)contents; 1116 for (i = 0; i < sizeof(contents) / sizeof(uint32_t); i++) 1117 u32p[i] = i; 1118 1119 fd = open("rfc7440.txt", O_RDWR | O_CREAT, 0666); 1120 ATF_REQUIRE(fd >= 0); 1121 close(fd); 1122 1123 SEND_WRQ_OPT("rfc7440.txt", "octet", OPTION_STR("windowsize", "4")); 1124 recv_oack(options, sizeof(options) - 1); 1125 send_data(1, &contents[0 * 512], 512); 1126 send_data(2, &contents[1 * 512], 512); 1127 send_data(3, &contents[2 * 512], 512); 1128 send_data(4, &contents[3 * 512], 512); 1129 recv_ack(4); 1130 send_data(5, &contents[4 * 512], 512); 1131 1132 /* Drop 6-8. */ 1133 recv_ack(5); 1134 send_data(6, &contents[5 * 512], 512); 1135 send_data(7, &contents[6 * 512], 512); 1136 send_data(8, &contents[7 * 512], 512); 1137 send_data(9, &contents[8 * 512], 512); 1138 recv_ack(9); 1139 1140 /* Drop 11. */ 1141 send_data(10, &contents[9 * 512], 512); 1142 send_data(12, &contents[11 * 512], 512); 1143 1144 /* 1145 * We can't send 13 here as tftpd has probably already seen 12 1146 * and sent the ACK of 10 if running locally. While it would 1147 * recover by sending another ACK of 10, our state machine 1148 * would be out of sync. 1149 */ 1150 1151 /* Ignore ACK for 10 and resend 10-13. */ 1152 recv_ack(10); 1153 send_data(10, &contents[9 * 512], 512); 1154 send_data(11, &contents[10 * 512], 512); 1155 send_data(12, &contents[11 * 512], 512); 1156 send_data(13, &contents[12 * 512], 508); 1157 recv_ack(13); 1158 1159 fd = open("rfc7440.txt", O_RDONLY); 1160 ATF_REQUIRE(fd >= 0); 1161 r = read(fd, buffer, sizeof(buffer)); 1162 close(fd); 1163 require_bufeq(contents, sizeof(contents), buffer, r); 1164 } 1165 1166 1167 /* 1168 * Main 1169 */ 1170 1171 ATF_TP_ADD_TCS(tp) 1172 { 1173 TFTPD_TC_ADD(tp, abspath); 1174 TFTPD_TC_ADD(tp, dotdot); 1175 TFTPD_TC_ADD(tp, s_flag); 1176 TFTPD_TC_ADD(tp, rrq_dropped_ack); 1177 TFTPD_TC_ADD(tp, rrq_dropped_data); 1178 TFTPD_TC_ADD(tp, rrq_duped_ack); 1179 TFTPD_TC_ADD(tp, rrq_eaccess); 1180 TFTPD_TC_ADD(tp, rrq_empty); 1181 TFTPD_TC_ADD(tp, rrq_medium); 1182 TFTPD_TC_ADD(tp, rrq_medium_window); 1183 TFTPD_TC_ADD(tp, rrq_netascii); 1184 TFTPD_TC_ADD(tp, rrq_nonexistent); 1185 TFTPD_TC_ADD(tp, rrq_path_max); 1186 TFTPD_TC_ADD(tp, rrq_small); 1187 TFTPD_TC_ADD(tp, rrq_window_rfc7440); 1188 TFTPD_TC_ADD(tp, unknown_modes); 1189 TFTPD_TC_ADD(tp, unknown_opcode); 1190 TFTPD_TC_ADD(tp, w_flag); 1191 TFTPD_TC_ADD(tp, wrq_dropped_ack); 1192 TFTPD_TC_ADD(tp, wrq_dropped_data); 1193 TFTPD_TC_ADD(tp, wrq_duped_data); 1194 TFTPD_TC_ADD(tp, wrq_eaccess); 1195 TFTPD_TC_ADD(tp, wrq_eaccess_world_readable); 1196 TFTPD_TC_ADD(tp, wrq_medium); 1197 TFTPD_TC_ADD(tp, wrq_medium_window); 1198 TFTPD_TC_ADD(tp, wrq_netascii); 1199 TFTPD_TC_ADD(tp, wrq_nonexistent); 1200 TFTPD_TC_ADD(tp, wrq_small); 1201 TFTPD_TC_ADD(tp, wrq_truncate); 1202 TFTPD_TC_ADD(tp, wrq_window_rfc7440); 1203 1204 return (atf_no_error()); 1205 } 1206