xref: /freebsd/libexec/tftpd/tftpd.c (revision 271c3a9060f2ee55607ebe146523f888e1db2654)
1 /*
2  * Copyright (c) 1983, 1993
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 3. All advertising materials mentioning features or use of this software
14  *    must display the following acknowledgement:
15  *	This product includes software developed by the University of
16  *	California, Berkeley and its contributors.
17  * 4. Neither the name of the University nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #ifndef lint
35 static const char copyright[] =
36 "@(#) Copyright (c) 1983, 1993\n\
37 	The Regents of the University of California.  All rights reserved.\n";
38 #endif /* not lint */
39 
40 #ifndef lint
41 #if 0
42 static char sccsid[] = "@(#)tftpd.c	8.1 (Berkeley) 6/4/93";
43 #endif
44 static const char rcsid[] =
45   "$FreeBSD$";
46 #endif /* not lint */
47 
48 /*
49  * Trivial file transfer protocol server.
50  *
51  * This version includes many modifications by Jim Guyton
52  * <guyton@rand-unix>.
53  */
54 
55 #include <sys/param.h>
56 #include <sys/ioctl.h>
57 #include <sys/stat.h>
58 #include <sys/socket.h>
59 #include <sys/types.h>
60 #include <sys/time.h>
61 
62 #include <netinet/in.h>
63 #include <arpa/tftp.h>
64 #include <arpa/inet.h>
65 
66 #include <ctype.h>
67 #include <errno.h>
68 #include <fcntl.h>
69 #include <libutil.h>
70 #include <netdb.h>
71 #include <pwd.h>
72 #include <setjmp.h>
73 #include <signal.h>
74 #include <stdio.h>
75 #include <stdlib.h>
76 #include <string.h>
77 #include <syslog.h>
78 #include <unistd.h>
79 
80 #include "tftpsubs.h"
81 
82 #define	TIMEOUT		5
83 #define	MAX_TIMEOUTS	5
84 
85 int	peer;
86 int	rexmtval = TIMEOUT;
87 int	max_rexmtval = 2*TIMEOUT;
88 
89 #define	PKTSIZE	SEGSIZE+4
90 char	buf[PKTSIZE];
91 char	ackbuf[PKTSIZE];
92 struct	sockaddr_storage from;
93 
94 void	tftp(struct tftphdr *, int);
95 static void unmappedaddr(struct sockaddr_in6 *);
96 
97 /*
98  * Null-terminated directory prefix list for absolute pathname requests and
99  * search list for relative pathname requests.
100  *
101  * MAXDIRS should be at least as large as the number of arguments that
102  * inetd allows (currently 20).
103  */
104 #define MAXDIRS	20
105 static struct dirlist {
106 	const char	*name;
107 	int	len;
108 } dirs[MAXDIRS+1];
109 static int	suppress_naks;
110 static int	logging;
111 static int	ipchroot;
112 static int	create_new = 0;
113 static char	*newfile_format = "%Y%m%d";
114 static int	increase_name = 0;
115 static mode_t	mask = S_IWGRP|S_IWOTH;
116 
117 static const char *errtomsg(int);
118 static void  nak(int);
119 static void  oack(void);
120 
121 static void  timer(int);
122 static void  justquit(int);
123 
124 int
125 main(int argc, char *argv[])
126 {
127 	struct tftphdr *tp;
128 	socklen_t fromlen, len;
129 	int n;
130 	int ch, on;
131 	struct sockaddr_storage me;
132 	char *chroot_dir = NULL;
133 	struct passwd *nobody;
134 	const char *chuser = "nobody";
135 
136 	tzset();			/* syslog in localtime */
137 
138 	openlog("tftpd", LOG_PID | LOG_NDELAY, LOG_FTP);
139 	while ((ch = getopt(argc, argv, "cCF:lns:u:U:wW")) != -1) {
140 		switch (ch) {
141 		case 'c':
142 			ipchroot = 1;
143 			break;
144 		case 'C':
145 			ipchroot = 2;
146 			break;
147 		case 'F':
148 			newfile_format = optarg;
149 			break;
150 		case 'l':
151 			logging = 1;
152 			break;
153 		case 'n':
154 			suppress_naks = 1;
155 			break;
156 		case 's':
157 			chroot_dir = optarg;
158 			break;
159 		case 'u':
160 			chuser = optarg;
161 			break;
162 		case 'U':
163 			mask = strtol(optarg, NULL, 0);
164 			break;
165 		case 'w':
166 			create_new = 1;
167 			break;
168 		case 'W':
169 			create_new = 1;
170 			increase_name = 1;
171 			break;
172 		default:
173 			syslog(LOG_WARNING, "ignoring unknown option -%c", ch);
174 		}
175 	}
176 	if (optind < argc) {
177 		struct dirlist *dirp;
178 
179 		/* Get list of directory prefixes. Skip relative pathnames. */
180 		for (dirp = dirs; optind < argc && dirp < &dirs[MAXDIRS];
181 		     optind++) {
182 			if (argv[optind][0] == '/') {
183 				dirp->name = argv[optind];
184 				dirp->len  = strlen(dirp->name);
185 				dirp++;
186 			}
187 		}
188 	}
189 	else if (chroot_dir) {
190 		dirs->name = "/";
191 		dirs->len = 1;
192 	}
193 	if (ipchroot > 0 && chroot_dir == NULL) {
194 		syslog(LOG_ERR, "-c requires -s");
195 		exit(1);
196 	}
197 
198 	umask(mask);
199 
200 	on = 1;
201 	if (ioctl(0, FIONBIO, &on) < 0) {
202 		syslog(LOG_ERR, "ioctl(FIONBIO): %m");
203 		exit(1);
204 	}
205 	fromlen = sizeof (from);
206 	n = recvfrom(0, buf, sizeof (buf), 0,
207 	    (struct sockaddr *)&from, &fromlen);
208 	if (n < 0) {
209 		syslog(LOG_ERR, "recvfrom: %m");
210 		exit(1);
211 	}
212 	/*
213 	 * Now that we have read the message out of the UDP
214 	 * socket, we fork and exit.  Thus, inetd will go back
215 	 * to listening to the tftp port, and the next request
216 	 * to come in will start up a new instance of tftpd.
217 	 *
218 	 * We do this so that inetd can run tftpd in "wait" mode.
219 	 * The problem with tftpd running in "nowait" mode is that
220 	 * inetd may get one or more successful "selects" on the
221 	 * tftp port before we do our receive, so more than one
222 	 * instance of tftpd may be started up.  Worse, if tftpd
223 	 * break before doing the above "recvfrom", inetd would
224 	 * spawn endless instances, clogging the system.
225 	 */
226 	{
227 		int i, pid;
228 
229 		for (i = 1; i < 20; i++) {
230 		    pid = fork();
231 		    if (pid < 0) {
232 				sleep(i);
233 				/*
234 				 * flush out to most recently sent request.
235 				 *
236 				 * This may drop some request, but those
237 				 * will be resent by the clients when
238 				 * they timeout.  The positive effect of
239 				 * this flush is to (try to) prevent more
240 				 * than one tftpd being started up to service
241 				 * a single request from a single client.
242 				 */
243 				fromlen = sizeof from;
244 				i = recvfrom(0, buf, sizeof (buf), 0,
245 				    (struct sockaddr *)&from, &fromlen);
246 				if (i > 0) {
247 					n = i;
248 				}
249 		    } else {
250 				break;
251 		    }
252 		}
253 		if (pid < 0) {
254 			syslog(LOG_ERR, "fork: %m");
255 			exit(1);
256 		} else if (pid != 0) {
257 			exit(0);
258 		}
259 	}
260 
261 	/*
262 	 * Since we exit here, we should do that only after the above
263 	 * recvfrom to keep inetd from constantly forking should there
264 	 * be a problem.  See the above comment about system clogging.
265 	 */
266 	if (chroot_dir) {
267 		if (ipchroot > 0) {
268 			char *tempchroot;
269 			struct stat sb;
270 			int statret;
271 			struct sockaddr_storage ss;
272 			char hbuf[NI_MAXHOST];
273 
274 			memcpy(&ss, &from, from.ss_len);
275 			unmappedaddr((struct sockaddr_in6 *)&ss);
276 			getnameinfo((struct sockaddr *)&ss, ss.ss_len,
277 				    hbuf, sizeof(hbuf), NULL, 0,
278 				    NI_NUMERICHOST);
279 			asprintf(&tempchroot, "%s/%s", chroot_dir, hbuf);
280 			if (ipchroot == 2)
281 				statret = stat(tempchroot, &sb);
282 			if (ipchroot == 1 ||
283 			    (statret == 0 && (sb.st_mode & S_IFDIR)))
284 				chroot_dir = tempchroot;
285 		}
286 		/* Must get this before chroot because /etc might go away */
287 		if ((nobody = getpwnam(chuser)) == NULL) {
288 			syslog(LOG_ERR, "%s: no such user", chuser);
289 			exit(1);
290 		}
291 		if (chroot(chroot_dir)) {
292 			syslog(LOG_ERR, "chroot: %s: %m", chroot_dir);
293 			exit(1);
294 		}
295 		chdir("/");
296 		setgroups(1, &nobody->pw_gid);
297 		setuid(nobody->pw_uid);
298 	}
299 
300 	len = sizeof(me);
301 	if (getsockname(0, (struct sockaddr *)&me, &len) == 0) {
302 		switch (me.ss_family) {
303 		case AF_INET:
304 			((struct sockaddr_in *)&me)->sin_port = 0;
305 			break;
306 		case AF_INET6:
307 			((struct sockaddr_in6 *)&me)->sin6_port = 0;
308 			break;
309 		default:
310 			/* unsupported */
311 			break;
312 		}
313 	} else {
314 		memset(&me, 0, sizeof(me));
315 		me.ss_family = from.ss_family;
316 		me.ss_len = from.ss_len;
317 	}
318 	alarm(0);
319 	close(0);
320 	close(1);
321 	peer = socket(from.ss_family, SOCK_DGRAM, 0);
322 	if (peer < 0) {
323 		syslog(LOG_ERR, "socket: %m");
324 		exit(1);
325 	}
326 	if (bind(peer, (struct sockaddr *)&me, me.ss_len) < 0) {
327 		syslog(LOG_ERR, "bind: %m");
328 		exit(1);
329 	}
330 	if (connect(peer, (struct sockaddr *)&from, from.ss_len) < 0) {
331 		syslog(LOG_ERR, "connect: %m");
332 		exit(1);
333 	}
334 	tp = (struct tftphdr *)buf;
335 	tp->th_opcode = ntohs(tp->th_opcode);
336 	if (tp->th_opcode == RRQ || tp->th_opcode == WRQ)
337 		tftp(tp, n);
338 	exit(1);
339 }
340 
341 static void
342 reduce_path(char *fn)
343 {
344 	char *slash, *ptr;
345 
346 	/* Reduce all "/+./" to "/" (just in case we've got "/./../" later */
347 	while ((slash = strstr(fn, "/./")) != NULL) {
348 		for (ptr = slash; ptr > fn && ptr[-1] == '/'; ptr--)
349 			;
350 		slash += 2;
351 		while (*slash)
352 			*++ptr = *++slash;
353 	}
354 
355 	/* Now reduce all "/something/+../" to "/" */
356 	while ((slash = strstr(fn, "/../")) != NULL) {
357 		if (slash == fn)
358 			break;
359 		for (ptr = slash; ptr > fn && ptr[-1] == '/'; ptr--)
360 			;
361 		for (ptr--; ptr >= fn; ptr--)
362 			if (*ptr == '/')
363 				break;
364 		if (ptr < fn)
365 			break;
366 		slash += 3;
367 		while (*slash)
368 			*++ptr = *++slash;
369 	}
370 }
371 
372 struct formats;
373 int	validate_access(char **, int);
374 void	xmitfile(struct formats *);
375 void	recvfile(struct formats *);
376 
377 struct formats {
378 	const char	*f_mode;
379 	int	(*f_validate)(char **, int);
380 	void	(*f_send)(struct formats *);
381 	void	(*f_recv)(struct formats *);
382 	int	f_convert;
383 } formats[] = {
384 	{ "netascii",	validate_access,	xmitfile,	recvfile, 1 },
385 	{ "octet",	validate_access,	xmitfile,	recvfile, 0 },
386 #ifdef notdef
387 	{ "mail",	validate_user,		sendmail,	recvmail, 1 },
388 #endif
389 	{ 0,		NULL,			NULL,		NULL,	  0 }
390 };
391 
392 struct options {
393 	const char	*o_type;
394 	char	*o_request;
395 	int	o_reply;	/* turn into union if need be */
396 } options[] = {
397 	{ "tsize",	NULL, 0 },		/* OPT_TSIZE */
398 	{ "timeout",	NULL, 0 },		/* OPT_TIMEOUT */
399 	{ NULL,		NULL, 0 }
400 };
401 
402 enum opt_enum {
403 	OPT_TSIZE = 0,
404 	OPT_TIMEOUT,
405 };
406 
407 /*
408  * Handle initial connection protocol.
409  */
410 void
411 tftp(struct tftphdr *tp, int size)
412 {
413 	char *cp;
414 	int i, first = 1, has_options = 0, ecode;
415 	struct formats *pf;
416 	char *filename, *mode, *option, *ccp;
417 	char fnbuf[PATH_MAX];
418 
419 	cp = tp->th_stuff;
420 again:
421 	while (cp < buf + size) {
422 		if (*cp == '\0')
423 			break;
424 		cp++;
425 	}
426 	if (*cp != '\0') {
427 		nak(EBADOP);
428 		exit(1);
429 	}
430 	i = cp - tp->th_stuff;
431 	if (i >= sizeof(fnbuf)) {
432 		nak(EBADOP);
433 		exit(1);
434 	}
435 	memcpy(fnbuf, tp->th_stuff, i);
436 	fnbuf[i] = '\0';
437 	reduce_path(fnbuf);
438 	filename = fnbuf;
439 	if (first) {
440 		mode = ++cp;
441 		first = 0;
442 		goto again;
443 	}
444 	for (cp = mode; *cp; cp++)
445 		if (isupper(*cp))
446 			*cp = tolower(*cp);
447 	for (pf = formats; pf->f_mode; pf++)
448 		if (strcmp(pf->f_mode, mode) == 0)
449 			break;
450 	if (pf->f_mode == 0) {
451 		nak(EBADOP);
452 		exit(1);
453 	}
454 	while (++cp < buf + size) {
455 		for (i = 2, ccp = cp; i > 0; ccp++) {
456 			if (ccp >= buf + size) {
457 				/*
458 				 * Don't reject the request, just stop trying
459 				 * to parse the option and get on with it.
460 				 * Some Apple Open Firmware versions have
461 				 * trailing garbage on the end of otherwise
462 				 * valid requests.
463 				 */
464 				goto option_fail;
465 			} else if (*ccp == '\0')
466 				i--;
467 		}
468 		for (option = cp; *cp; cp++)
469 			if (isupper(*cp))
470 				*cp = tolower(*cp);
471 		for (i = 0; options[i].o_type != NULL; i++)
472 			if (strcmp(option, options[i].o_type) == 0) {
473 				options[i].o_request = ++cp;
474 				has_options = 1;
475 			}
476 		cp = ccp-1;
477 	}
478 
479 option_fail:
480 	if (options[OPT_TIMEOUT].o_request) {
481 		int to = atoi(options[OPT_TIMEOUT].o_request);
482 		if (to < 1 || to > 255) {
483 			nak(EBADOP);
484 			exit(1);
485 		}
486 		else if (to <= max_rexmtval)
487 			options[OPT_TIMEOUT].o_reply = rexmtval = to;
488 		else
489 			options[OPT_TIMEOUT].o_request = NULL;
490 	}
491 
492 	ecode = (*pf->f_validate)(&filename, tp->th_opcode);
493 	if (has_options && ecode == 0)
494 		oack();
495 	if (logging) {
496 		char hbuf[NI_MAXHOST];
497 
498 		getnameinfo((struct sockaddr *)&from, from.ss_len,
499 			    hbuf, sizeof(hbuf), NULL, 0, 0);
500 		syslog(LOG_INFO, "%s: %s request for %s: %s", hbuf,
501 			tp->th_opcode == WRQ ? "write" : "read",
502 			filename, errtomsg(ecode));
503 	}
504 	if (ecode) {
505 		/*
506 		 * Avoid storms of naks to a RRQ broadcast for a relative
507 		 * bootfile pathname from a diskless Sun.
508 		 */
509 		if (suppress_naks && *filename != '/' && ecode == ENOTFOUND)
510 			exit(0);
511 		nak(ecode);
512 		exit(1);
513 	}
514 	if (tp->th_opcode == WRQ)
515 		(*pf->f_recv)(pf);
516 	else
517 		(*pf->f_send)(pf);
518 	exit(0);
519 }
520 
521 
522 FILE *file;
523 
524 /*
525  * Find the next value for YYYYMMDD.nn when the file to be written should
526  * be unique. Due to the limitations of nn, we will fail if nn reaches 100.
527  * Besides, that is four updates per hour on a file, which is kind of
528  * execessive anyway.
529  */
530 static int
531 find_next_name(char *filename, int *fd)
532 {
533 	int i;
534 	time_t tval;
535 	size_t len;
536 	struct tm lt;
537 	char yyyymmdd[MAXPATHLEN];
538 	char newname[MAXPATHLEN];
539 	struct stat sb;
540 	int ret;
541 
542 	/* Create the YYYYMMDD part of the filename */
543 	time(&tval);
544 	lt = *localtime(&tval);
545 	len = strftime(yyyymmdd, sizeof(yyyymmdd), newfile_format, &lt);
546 	if (len == 0) {
547 		syslog(LOG_WARNING,
548 			"Filename suffix too long (%d characters maximum)",
549 			MAXPATHLEN);
550 		return (EACCESS);
551 	}
552 
553 	/* Make sure the new filename is not too long */
554 	if (strlen(filename) > MAXPATHLEN - len - 5) {
555 		syslog(LOG_WARNING,
556 			"Filename too long (%d characters, %d maximum)",
557 			strlen(filename), MAXPATHLEN - len - 5);
558 		return (EACCESS);
559 	}
560 
561 	/* Find the first file which doesn't exist */
562 	for (i = 0; i < 100; i++) {
563 		sprintf(newname, "%s.%s.%02d", filename, yyyymmdd, i);
564 		*fd = open(newname,
565 		    O_WRONLY | O_CREAT | O_EXCL,
566 		    S_IRUSR | S_IWUSR | S_IRGRP |
567 		    S_IWGRP | S_IROTH | S_IWOTH);
568 		if (*fd > 0)
569 			return 0;
570 	}
571 
572 	return (EEXIST);
573 }
574 
575 /*
576  * Validate file access.  Since we
577  * have no uid or gid, for now require
578  * file to exist and be publicly
579  * readable/writable.
580  * If we were invoked with arguments
581  * from inetd then the file must also be
582  * in one of the given directory prefixes.
583  * Note also, full path name must be
584  * given as we have no login directory.
585  */
586 int
587 validate_access(char **filep, int mode)
588 {
589 	struct stat stbuf;
590 	int	fd;
591 	int	error;
592 	struct dirlist *dirp;
593 	static char pathname[MAXPATHLEN];
594 	char *filename = *filep;
595 
596 	/*
597 	 * Prevent tricksters from getting around the directory restrictions
598 	 */
599 	if (strstr(filename, "/../"))
600 		return (EACCESS);
601 
602 	if (*filename == '/') {
603 		/*
604 		 * Allow the request if it's in one of the approved locations.
605 		 * Special case: check the null prefix ("/") by looking
606 		 * for length = 1 and relying on the arg. processing that
607 		 * it's a /.
608 		 */
609 		for (dirp = dirs; dirp->name != NULL; dirp++) {
610 			if (dirp->len == 1 ||
611 			    (!strncmp(filename, dirp->name, dirp->len) &&
612 			     filename[dirp->len] == '/'))
613 				    break;
614 		}
615 		/* If directory list is empty, allow access to any file */
616 		if (dirp->name == NULL && dirp != dirs)
617 			return (EACCESS);
618 		if (stat(filename, &stbuf) < 0)
619 			return (errno == ENOENT ? ENOTFOUND : EACCESS);
620 		if ((stbuf.st_mode & S_IFMT) != S_IFREG)
621 			return (ENOTFOUND);
622 		if (mode == RRQ) {
623 			if ((stbuf.st_mode & S_IROTH) == 0)
624 				return (EACCESS);
625 		} else {
626 			if ((stbuf.st_mode & S_IWOTH) == 0)
627 				return (EACCESS);
628 		}
629 	} else {
630 		int err;
631 
632 		/*
633 		 * Relative file name: search the approved locations for it.
634 		 * Don't allow write requests that avoid directory
635 		 * restrictions.
636 		 */
637 
638 		if (!strncmp(filename, "../", 3))
639 			return (EACCESS);
640 
641 		/*
642 		 * If the file exists in one of the directories and isn't
643 		 * readable, continue looking. However, change the error code
644 		 * to give an indication that the file exists.
645 		 */
646 		err = ENOTFOUND;
647 		for (dirp = dirs; dirp->name != NULL; dirp++) {
648 			snprintf(pathname, sizeof(pathname), "%s/%s",
649 				dirp->name, filename);
650 			if (stat(pathname, &stbuf) == 0 &&
651 			    (stbuf.st_mode & S_IFMT) == S_IFREG) {
652 				if ((stbuf.st_mode & S_IROTH) != 0) {
653 					break;
654 				}
655 				err = EACCESS;
656 			}
657 		}
658 		if (dirp->name != NULL)
659 			*filep = filename = pathname;
660 		else if (mode == RRQ)
661 			return (err);
662 	}
663 	if (options[OPT_TSIZE].o_request) {
664 		if (mode == RRQ)
665 			options[OPT_TSIZE].o_reply = stbuf.st_size;
666 		else
667 			/* XXX Allows writes of all sizes. */
668 			options[OPT_TSIZE].o_reply =
669 				atoi(options[OPT_TSIZE].o_request);
670 	}
671 	if (mode == RRQ)
672 		fd = open(filename, O_RDONLY);
673 	else {
674 		if (create_new) {
675 			if (increase_name) {
676 				error = find_next_name(filename, &fd);
677 				if (error > 0)
678 					return (error + 100);
679 			} else
680 				fd = open(filename,
681 				    O_WRONLY | O_TRUNC | O_CREAT,
682 				    S_IRUSR | S_IWUSR | S_IRGRP |
683 				    S_IWGRP | S_IROTH | S_IWOTH );
684 		} else
685 			fd = open(filename, O_WRONLY | O_TRUNC);
686 	}
687 	if (fd < 0)
688 		return (errno + 100);
689 	file = fdopen(fd, (mode == RRQ)? "r":"w");
690 	if (file == NULL) {
691 		close(fd);
692 		return (errno + 100);
693 	}
694 	return (0);
695 }
696 
697 int	timeouts;
698 jmp_buf	timeoutbuf;
699 
700 void
701 timer(int sig __unused)
702 {
703 	if (++timeouts > MAX_TIMEOUTS)
704 		exit(1);
705 	longjmp(timeoutbuf, 1);
706 }
707 
708 /*
709  * Send the requested file.
710  */
711 void
712 xmitfile(struct formats *pf)
713 {
714 	struct tftphdr *dp;
715 	struct tftphdr *ap;    /* ack packet */
716 	int size, n;
717 	volatile unsigned short block;
718 
719 	signal(SIGALRM, timer);
720 	dp = r_init();
721 	ap = (struct tftphdr *)ackbuf;
722 	block = 1;
723 	do {
724 		size = readit(file, &dp, pf->f_convert);
725 		if (size < 0) {
726 			nak(errno + 100);
727 			goto abort;
728 		}
729 		dp->th_opcode = htons((u_short)DATA);
730 		dp->th_block = htons((u_short)block);
731 		timeouts = 0;
732 		(void)setjmp(timeoutbuf);
733 
734 send_data:
735 		{
736 			int i, t = 1;
737 			for (i = 0; ; i++){
738 				if (send(peer, dp, size + 4, 0) != size + 4) {
739 					sleep(t);
740 					t = (t < 32) ? t<< 1 : t;
741 					if (i >= 12) {
742 						syslog(LOG_ERR, "write: %m");
743 						goto abort;
744 					}
745 				}
746 				break;
747 			}
748 		}
749 		read_ahead(file, pf->f_convert);
750 		for ( ; ; ) {
751 			alarm(rexmtval);        /* read the ack */
752 			n = recv(peer, ackbuf, sizeof (ackbuf), 0);
753 			alarm(0);
754 			if (n < 0) {
755 				syslog(LOG_ERR, "read: %m");
756 				goto abort;
757 			}
758 			ap->th_opcode = ntohs((u_short)ap->th_opcode);
759 			ap->th_block = ntohs((u_short)ap->th_block);
760 
761 			if (ap->th_opcode == ERROR)
762 				goto abort;
763 
764 			if (ap->th_opcode == ACK) {
765 				if (ap->th_block == block)
766 					break;
767 				/* Re-synchronize with the other side */
768 				(void) synchnet(peer);
769 				if (ap->th_block == (block -1))
770 					goto send_data;
771 			}
772 
773 		}
774 		block++;
775 	} while (size == SEGSIZE);
776 abort:
777 	(void) fclose(file);
778 }
779 
780 void
781 justquit(int sig __unused)
782 {
783 	exit(0);
784 }
785 
786 
787 /*
788  * Receive a file.
789  */
790 void
791 recvfile(struct formats *pf)
792 {
793 	struct tftphdr *dp;
794 	struct tftphdr *ap;    /* ack buffer */
795 	int n, size;
796 	volatile unsigned short block;
797 
798 	signal(SIGALRM, timer);
799 	dp = w_init();
800 	ap = (struct tftphdr *)ackbuf;
801 	block = 0;
802 	do {
803 		timeouts = 0;
804 		ap->th_opcode = htons((u_short)ACK);
805 		ap->th_block = htons((u_short)block);
806 		block++;
807 		(void) setjmp(timeoutbuf);
808 send_ack:
809 		if (send(peer, ackbuf, 4, 0) != 4) {
810 			syslog(LOG_ERR, "write: %m");
811 			goto abort;
812 		}
813 		write_behind(file, pf->f_convert);
814 		for ( ; ; ) {
815 			alarm(rexmtval);
816 			n = recv(peer, dp, PKTSIZE, 0);
817 			alarm(0);
818 			if (n < 0) {            /* really? */
819 				syslog(LOG_ERR, "read: %m");
820 				goto abort;
821 			}
822 			dp->th_opcode = ntohs((u_short)dp->th_opcode);
823 			dp->th_block = ntohs((u_short)dp->th_block);
824 			if (dp->th_opcode == ERROR)
825 				goto abort;
826 			if (dp->th_opcode == DATA) {
827 				if (dp->th_block == block) {
828 					break;   /* normal */
829 				}
830 				/* Re-synchronize with the other side */
831 				(void) synchnet(peer);
832 				if (dp->th_block == (block-1))
833 					goto send_ack;          /* rexmit */
834 			}
835 		}
836 		/*  size = write(file, dp->th_data, n - 4); */
837 		size = writeit(file, &dp, n - 4, pf->f_convert);
838 		if (size != (n-4)) {                    /* ahem */
839 			if (size < 0) nak(errno + 100);
840 			else nak(ENOSPACE);
841 			goto abort;
842 		}
843 	} while (size == SEGSIZE);
844 	write_behind(file, pf->f_convert);
845 	(void) fclose(file);            /* close data file */
846 
847 	ap->th_opcode = htons((u_short)ACK);    /* send the "final" ack */
848 	ap->th_block = htons((u_short)(block));
849 	(void) send(peer, ackbuf, 4, 0);
850 
851 	signal(SIGALRM, justquit);      /* just quit on timeout */
852 	alarm(rexmtval);
853 	n = recv(peer, buf, sizeof (buf), 0); /* normally times out and quits */
854 	alarm(0);
855 	if (n >= 4 &&                   /* if read some data */
856 	    dp->th_opcode == DATA &&    /* and got a data block */
857 	    block == dp->th_block) {	/* then my last ack was lost */
858 		(void) send(peer, ackbuf, 4, 0);     /* resend final ack */
859 	}
860 abort:
861 	return;
862 }
863 
864 struct errmsg {
865 	int	e_code;
866 	const char	*e_msg;
867 } errmsgs[] = {
868 	{ EUNDEF,	"Undefined error code" },
869 	{ ENOTFOUND,	"File not found" },
870 	{ EACCESS,	"Access violation" },
871 	{ ENOSPACE,	"Disk full or allocation exceeded" },
872 	{ EBADOP,	"Illegal TFTP operation" },
873 	{ EBADID,	"Unknown transfer ID" },
874 	{ EEXISTS,	"File already exists" },
875 	{ ENOUSER,	"No such user" },
876 	{ EOPTNEG,	"Option negotiation" },
877 	{ -1,		0 }
878 };
879 
880 static const char *
881 errtomsg(int error)
882 {
883 	static char ebuf[20];
884 	struct errmsg *pe;
885 	if (error == 0)
886 		return "success";
887 	for (pe = errmsgs; pe->e_code >= 0; pe++)
888 		if (pe->e_code == error)
889 			return pe->e_msg;
890 	snprintf(ebuf, sizeof(buf), "error %d", error);
891 	return ebuf;
892 }
893 
894 /*
895  * Send a nak packet (error message).
896  * Error code passed in is one of the
897  * standard TFTP codes, or a UNIX errno
898  * offset by 100.
899  */
900 static void
901 nak(int error)
902 {
903 	struct tftphdr *tp;
904 	int length;
905 	struct errmsg *pe;
906 
907 	tp = (struct tftphdr *)buf;
908 	tp->th_opcode = htons((u_short)ERROR);
909 	tp->th_code = htons((u_short)error);
910 	for (pe = errmsgs; pe->e_code >= 0; pe++)
911 		if (pe->e_code == error)
912 			break;
913 	if (pe->e_code < 0) {
914 		pe->e_msg = strerror(error - 100);
915 		tp->th_code = EUNDEF;   /* set 'undef' errorcode */
916 	}
917 	strcpy(tp->th_msg, pe->e_msg);
918 	length = strlen(pe->e_msg);
919 	tp->th_msg[length] = '\0';
920 	length += 5;
921 	if (send(peer, buf, length, 0) != length)
922 		syslog(LOG_ERR, "nak: %m");
923 }
924 
925 /* translate IPv4 mapped IPv6 address to IPv4 address */
926 static void
927 unmappedaddr(struct sockaddr_in6 *sin6)
928 {
929 	struct sockaddr_in *sin4;
930 	u_int32_t addr;
931 	int port;
932 
933 	if (sin6->sin6_family != AF_INET6 ||
934 	    !IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr))
935 		return;
936 	sin4 = (struct sockaddr_in *)sin6;
937 	addr = *(u_int32_t *)&sin6->sin6_addr.s6_addr[12];
938 	port = sin6->sin6_port;
939 	memset(sin4, 0, sizeof(struct sockaddr_in));
940 	sin4->sin_addr.s_addr = addr;
941 	sin4->sin_port = port;
942 	sin4->sin_family = AF_INET;
943 	sin4->sin_len = sizeof(struct sockaddr_in);
944 }
945 
946 /*
947  * Send an oack packet (option acknowledgement).
948  */
949 static void
950 oack(void)
951 {
952 	struct tftphdr *tp, *ap;
953 	int size, i, n;
954 	char *bp;
955 
956 	tp = (struct tftphdr *)buf;
957 	bp = buf + 2;
958 	size = sizeof(buf) - 2;
959 	tp->th_opcode = htons((u_short)OACK);
960 	for (i = 0; options[i].o_type != NULL; i++) {
961 		if (options[i].o_request) {
962 			n = snprintf(bp, size, "%s%c%d", options[i].o_type,
963 				     0, options[i].o_reply);
964 			bp += n+1;
965 			size -= n+1;
966 			if (size < 0) {
967 				syslog(LOG_ERR, "oack: buffer overflow");
968 				exit(1);
969 			}
970 		}
971 	}
972 	size = bp - buf;
973 	ap = (struct tftphdr *)ackbuf;
974 	signal(SIGALRM, timer);
975 	timeouts = 0;
976 
977 	(void)setjmp(timeoutbuf);
978 	if (send(peer, buf, size, 0) != size) {
979 		syslog(LOG_INFO, "oack: %m");
980 		exit(1);
981 	}
982 
983 	for (;;) {
984 		alarm(rexmtval);
985 		n = recv(peer, ackbuf, sizeof (ackbuf), 0);
986 		alarm(0);
987 		if (n < 0) {
988 			syslog(LOG_ERR, "recv: %m");
989 			exit(1);
990 		}
991 		ap->th_opcode = ntohs((u_short)ap->th_opcode);
992 		ap->th_block = ntohs((u_short)ap->th_block);
993 		if (ap->th_opcode == ERROR)
994 			exit(1);
995 		if (ap->th_opcode == ACK && ap->th_block == 0)
996 			break;
997 	}
998 }
999