1 /* 2 * Copyright (c) 1983, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #ifndef lint 35 static const char copyright[] = 36 "@(#) Copyright (c) 1983, 1993\n\ 37 The Regents of the University of California. All rights reserved.\n"; 38 #endif /* not lint */ 39 40 #ifndef lint 41 #if 0 42 static char sccsid[] = "@(#)tftpd.c 8.1 (Berkeley) 6/4/93"; 43 #endif 44 static const char rcsid[] = 45 "$FreeBSD$"; 46 #endif /* not lint */ 47 48 /* 49 * Trivial file transfer protocol server. 50 * 51 * This version includes many modifications by Jim Guyton 52 * <guyton@rand-unix>. 53 */ 54 55 #include <sys/param.h> 56 #include <sys/ioctl.h> 57 #include <sys/stat.h> 58 #include <sys/socket.h> 59 #include <sys/types.h> 60 #include <sys/time.h> 61 62 #include <netinet/in.h> 63 #include <arpa/tftp.h> 64 #include <arpa/inet.h> 65 66 #include <ctype.h> 67 #include <errno.h> 68 #include <fcntl.h> 69 #include <libutil.h> 70 #include <netdb.h> 71 #include <pwd.h> 72 #include <setjmp.h> 73 #include <signal.h> 74 #include <stdio.h> 75 #include <stdlib.h> 76 #include <string.h> 77 #include <syslog.h> 78 #include <unistd.h> 79 80 #include "tftpsubs.h" 81 82 #define TIMEOUT 5 83 #define MAX_TIMEOUTS 5 84 85 int peer; 86 int rexmtval = TIMEOUT; 87 int max_rexmtval = 2*TIMEOUT; 88 89 #define PKTSIZE SEGSIZE+4 90 char buf[PKTSIZE]; 91 char ackbuf[PKTSIZE]; 92 struct sockaddr_storage from; 93 94 void tftp(struct tftphdr *, int); 95 static void unmappedaddr(struct sockaddr_in6 *); 96 97 /* 98 * Null-terminated directory prefix list for absolute pathname requests and 99 * search list for relative pathname requests. 100 * 101 * MAXDIRS should be at least as large as the number of arguments that 102 * inetd allows (currently 20). 103 */ 104 #define MAXDIRS 20 105 static struct dirlist { 106 const char *name; 107 int len; 108 } dirs[MAXDIRS+1]; 109 static int suppress_naks; 110 static int logging; 111 static int ipchroot; 112 static int create_new = 0; 113 static mode_t mask = S_IWGRP|S_IWOTH; 114 115 static const char *errtomsg(int); 116 static void nak(int); 117 static void oack(void); 118 119 static void timer(int); 120 static void justquit(int); 121 122 int 123 main(int argc, char *argv[]) 124 { 125 struct tftphdr *tp; 126 socklen_t fromlen, len; 127 int n; 128 int ch, on; 129 struct sockaddr_storage me; 130 char *chroot_dir = NULL; 131 struct passwd *nobody; 132 const char *chuser = "nobody"; 133 134 tzset(); /* syslog in localtime */ 135 136 openlog("tftpd", LOG_PID | LOG_NDELAY, LOG_FTP); 137 while ((ch = getopt(argc, argv, "cClns:u:Uw")) != -1) { 138 switch (ch) { 139 case 'c': 140 ipchroot = 1; 141 break; 142 case 'C': 143 ipchroot = 2; 144 break; 145 case 'l': 146 logging = 1; 147 break; 148 case 'n': 149 suppress_naks = 1; 150 break; 151 case 's': 152 chroot_dir = optarg; 153 break; 154 case 'u': 155 chuser = optarg; 156 break; 157 case 'U': 158 mask = strtol(optarg, NULL, 0); 159 break; 160 case 'w': 161 create_new = 1; 162 break; 163 default: 164 syslog(LOG_WARNING, "ignoring unknown option -%c", ch); 165 } 166 } 167 if (optind < argc) { 168 struct dirlist *dirp; 169 170 /* Get list of directory prefixes. Skip relative pathnames. */ 171 for (dirp = dirs; optind < argc && dirp < &dirs[MAXDIRS]; 172 optind++) { 173 if (argv[optind][0] == '/') { 174 dirp->name = argv[optind]; 175 dirp->len = strlen(dirp->name); 176 dirp++; 177 } 178 } 179 } 180 else if (chroot_dir) { 181 dirs->name = "/"; 182 dirs->len = 1; 183 } 184 if (ipchroot > 0 && chroot_dir == NULL) { 185 syslog(LOG_ERR, "-c requires -s"); 186 exit(1); 187 } 188 189 umask(mask); 190 191 on = 1; 192 if (ioctl(0, FIONBIO, &on) < 0) { 193 syslog(LOG_ERR, "ioctl(FIONBIO): %m"); 194 exit(1); 195 } 196 fromlen = sizeof (from); 197 n = recvfrom(0, buf, sizeof (buf), 0, 198 (struct sockaddr *)&from, &fromlen); 199 if (n < 0) { 200 syslog(LOG_ERR, "recvfrom: %m"); 201 exit(1); 202 } 203 /* 204 * Now that we have read the message out of the UDP 205 * socket, we fork and exit. Thus, inetd will go back 206 * to listening to the tftp port, and the next request 207 * to come in will start up a new instance of tftpd. 208 * 209 * We do this so that inetd can run tftpd in "wait" mode. 210 * The problem with tftpd running in "nowait" mode is that 211 * inetd may get one or more successful "selects" on the 212 * tftp port before we do our receive, so more than one 213 * instance of tftpd may be started up. Worse, if tftpd 214 * break before doing the above "recvfrom", inetd would 215 * spawn endless instances, clogging the system. 216 */ 217 { 218 int i, pid; 219 220 for (i = 1; i < 20; i++) { 221 pid = fork(); 222 if (pid < 0) { 223 sleep(i); 224 /* 225 * flush out to most recently sent request. 226 * 227 * This may drop some request, but those 228 * will be resent by the clients when 229 * they timeout. The positive effect of 230 * this flush is to (try to) prevent more 231 * than one tftpd being started up to service 232 * a single request from a single client. 233 */ 234 fromlen = sizeof from; 235 i = recvfrom(0, buf, sizeof (buf), 0, 236 (struct sockaddr *)&from, &fromlen); 237 if (i > 0) { 238 n = i; 239 } 240 } else { 241 break; 242 } 243 } 244 if (pid < 0) { 245 syslog(LOG_ERR, "fork: %m"); 246 exit(1); 247 } else if (pid != 0) { 248 exit(0); 249 } 250 } 251 252 /* 253 * Since we exit here, we should do that only after the above 254 * recvfrom to keep inetd from constantly forking should there 255 * be a problem. See the above comment about system clogging. 256 */ 257 if (chroot_dir) { 258 if (ipchroot > 0) { 259 char *tempchroot; 260 struct stat sb; 261 int statret; 262 struct sockaddr_storage ss; 263 char hbuf[NI_MAXHOST]; 264 265 memcpy(&ss, &from, from.ss_len); 266 unmappedaddr((struct sockaddr_in6 *)&ss); 267 getnameinfo((struct sockaddr *)&ss, ss.ss_len, 268 hbuf, sizeof(hbuf), NULL, 0, 269 NI_NUMERICHOST | NI_WITHSCOPEID); 270 asprintf(&tempchroot, "%s/%s", chroot_dir, hbuf); 271 if (ipchroot == 2) 272 statret = stat(tempchroot, &sb); 273 if (ipchroot == 1 || 274 (statret == 0 && (sb.st_mode & S_IFDIR))) 275 chroot_dir = tempchroot; 276 } 277 /* Must get this before chroot because /etc might go away */ 278 if ((nobody = getpwnam(chuser)) == NULL) { 279 syslog(LOG_ERR, "%s: no such user", chuser); 280 exit(1); 281 } 282 if (chroot(chroot_dir)) { 283 syslog(LOG_ERR, "chroot: %s: %m", chroot_dir); 284 exit(1); 285 } 286 chdir("/"); 287 setgroups(1, &nobody->pw_gid); 288 setuid(nobody->pw_uid); 289 } 290 291 len = sizeof(me); 292 if (getsockname(0, (struct sockaddr *)&me, &len) == 0) { 293 switch (me.ss_family) { 294 case AF_INET: 295 ((struct sockaddr_in *)&me)->sin_port = 0; 296 break; 297 case AF_INET6: 298 ((struct sockaddr_in6 *)&me)->sin6_port = 0; 299 break; 300 default: 301 /* unsupported */ 302 break; 303 } 304 } else { 305 memset(&me, 0, sizeof(me)); 306 me.ss_family = from.ss_family; 307 me.ss_len = from.ss_len; 308 } 309 alarm(0); 310 close(0); 311 close(1); 312 peer = socket(from.ss_family, SOCK_DGRAM, 0); 313 if (peer < 0) { 314 syslog(LOG_ERR, "socket: %m"); 315 exit(1); 316 } 317 if (bind(peer, (struct sockaddr *)&me, me.ss_len) < 0) { 318 syslog(LOG_ERR, "bind: %m"); 319 exit(1); 320 } 321 if (connect(peer, (struct sockaddr *)&from, from.ss_len) < 0) { 322 syslog(LOG_ERR, "connect: %m"); 323 exit(1); 324 } 325 tp = (struct tftphdr *)buf; 326 tp->th_opcode = ntohs(tp->th_opcode); 327 if (tp->th_opcode == RRQ || tp->th_opcode == WRQ) 328 tftp(tp, n); 329 exit(1); 330 } 331 332 static void 333 reduce_path(char *fn) 334 { 335 char *slash, *ptr; 336 337 /* Reduce all "/+./" to "/" (just in case we've got "/./../" later */ 338 while ((slash = strstr(fn, "/./")) != NULL) { 339 for (ptr = slash; ptr > fn && ptr[-1] == '/'; ptr--) 340 ; 341 slash += 2; 342 while (*slash) 343 *++ptr = *++slash; 344 } 345 346 /* Now reduce all "/something/+../" to "/" */ 347 while ((slash = strstr(fn, "/../")) != NULL) { 348 if (slash == fn) 349 break; 350 for (ptr = slash; ptr > fn && ptr[-1] == '/'; ptr--) 351 ; 352 for (ptr--; ptr >= fn; ptr--) 353 if (*ptr == '/') 354 break; 355 if (ptr < fn) 356 break; 357 slash += 3; 358 while (*slash) 359 *++ptr = *++slash; 360 } 361 } 362 363 struct formats; 364 int validate_access(char **, int); 365 void xmitfile(struct formats *); 366 void recvfile(struct formats *); 367 368 struct formats { 369 const char *f_mode; 370 int (*f_validate)(char **, int); 371 void (*f_send)(struct formats *); 372 void (*f_recv)(struct formats *); 373 int f_convert; 374 } formats[] = { 375 { "netascii", validate_access, xmitfile, recvfile, 1 }, 376 { "octet", validate_access, xmitfile, recvfile, 0 }, 377 #ifdef notdef 378 { "mail", validate_user, sendmail, recvmail, 1 }, 379 #endif 380 { 0, NULL, NULL, NULL, 0 } 381 }; 382 383 struct options { 384 const char *o_type; 385 char *o_request; 386 int o_reply; /* turn into union if need be */ 387 } options[] = { 388 { "tsize", NULL, 0 }, /* OPT_TSIZE */ 389 { "timeout", NULL, 0 }, /* OPT_TIMEOUT */ 390 { NULL, NULL, 0 } 391 }; 392 393 enum opt_enum { 394 OPT_TSIZE = 0, 395 OPT_TIMEOUT, 396 }; 397 398 /* 399 * Handle initial connection protocol. 400 */ 401 void 402 tftp(struct tftphdr *tp, int size) 403 { 404 char *cp; 405 int i, first = 1, has_options = 0, ecode; 406 struct formats *pf; 407 char *filename, *mode, *option, *ccp; 408 char fnbuf[PATH_MAX]; 409 410 cp = tp->th_stuff; 411 again: 412 while (cp < buf + size) { 413 if (*cp == '\0') 414 break; 415 cp++; 416 } 417 if (*cp != '\0') { 418 nak(EBADOP); 419 exit(1); 420 } 421 i = cp - tp->th_stuff; 422 if (i >= sizeof(fnbuf)) { 423 nak(EBADOP); 424 exit(1); 425 } 426 memcpy(fnbuf, tp->th_stuff, i); 427 fnbuf[i] = '\0'; 428 reduce_path(fnbuf); 429 filename = fnbuf; 430 if (first) { 431 mode = ++cp; 432 first = 0; 433 goto again; 434 } 435 for (cp = mode; *cp; cp++) 436 if (isupper(*cp)) 437 *cp = tolower(*cp); 438 for (pf = formats; pf->f_mode; pf++) 439 if (strcmp(pf->f_mode, mode) == 0) 440 break; 441 if (pf->f_mode == 0) { 442 nak(EBADOP); 443 exit(1); 444 } 445 while (++cp < buf + size) { 446 for (i = 2, ccp = cp; i > 0; ccp++) { 447 if (ccp >= buf + size) { 448 /* 449 * Don't reject the request, just stop trying 450 * to parse the option and get on with it. 451 * Some Apple Open Firmware versions have 452 * trailing garbage on the end of otherwise 453 * valid requests. 454 */ 455 goto option_fail; 456 } else if (*ccp == '\0') 457 i--; 458 } 459 for (option = cp; *cp; cp++) 460 if (isupper(*cp)) 461 *cp = tolower(*cp); 462 for (i = 0; options[i].o_type != NULL; i++) 463 if (strcmp(option, options[i].o_type) == 0) { 464 options[i].o_request = ++cp; 465 has_options = 1; 466 } 467 cp = ccp-1; 468 } 469 470 option_fail: 471 if (options[OPT_TIMEOUT].o_request) { 472 int to = atoi(options[OPT_TIMEOUT].o_request); 473 if (to < 1 || to > 255) { 474 nak(EBADOP); 475 exit(1); 476 } 477 else if (to <= max_rexmtval) 478 options[OPT_TIMEOUT].o_reply = rexmtval = to; 479 else 480 options[OPT_TIMEOUT].o_request = NULL; 481 } 482 483 ecode = (*pf->f_validate)(&filename, tp->th_opcode); 484 if (has_options && ecode == 0) 485 oack(); 486 if (logging) { 487 char hbuf[NI_MAXHOST]; 488 489 getnameinfo((struct sockaddr *)&from, from.ss_len, 490 hbuf, sizeof(hbuf), NULL, 0, 491 NI_WITHSCOPEID); 492 syslog(LOG_INFO, "%s: %s request for %s: %s", hbuf, 493 tp->th_opcode == WRQ ? "write" : "read", 494 filename, errtomsg(ecode)); 495 } 496 if (ecode) { 497 /* 498 * Avoid storms of naks to a RRQ broadcast for a relative 499 * bootfile pathname from a diskless Sun. 500 */ 501 if (suppress_naks && *filename != '/' && ecode == ENOTFOUND) 502 exit(0); 503 nak(ecode); 504 exit(1); 505 } 506 if (tp->th_opcode == WRQ) 507 (*pf->f_recv)(pf); 508 else 509 (*pf->f_send)(pf); 510 exit(0); 511 } 512 513 514 FILE *file; 515 516 /* 517 * Validate file access. Since we 518 * have no uid or gid, for now require 519 * file to exist and be publicly 520 * readable/writable. 521 * If we were invoked with arguments 522 * from inetd then the file must also be 523 * in one of the given directory prefixes. 524 * Note also, full path name must be 525 * given as we have no login directory. 526 */ 527 int 528 validate_access(char **filep, int mode) 529 { 530 struct stat stbuf; 531 int fd; 532 struct dirlist *dirp; 533 static char pathname[MAXPATHLEN]; 534 char *filename = *filep; 535 536 /* 537 * Prevent tricksters from getting around the directory restrictions 538 */ 539 if (strstr(filename, "/../")) 540 return (EACCESS); 541 542 if (*filename == '/') { 543 /* 544 * Allow the request if it's in one of the approved locations. 545 * Special case: check the null prefix ("/") by looking 546 * for length = 1 and relying on the arg. processing that 547 * it's a /. 548 */ 549 for (dirp = dirs; dirp->name != NULL; dirp++) { 550 if (dirp->len == 1 || 551 (!strncmp(filename, dirp->name, dirp->len) && 552 filename[dirp->len] == '/')) 553 break; 554 } 555 /* If directory list is empty, allow access to any file */ 556 if (dirp->name == NULL && dirp != dirs) 557 return (EACCESS); 558 if (stat(filename, &stbuf) < 0) 559 return (errno == ENOENT ? ENOTFOUND : EACCESS); 560 if ((stbuf.st_mode & S_IFMT) != S_IFREG) 561 return (ENOTFOUND); 562 if (mode == RRQ) { 563 if ((stbuf.st_mode & S_IROTH) == 0) 564 return (EACCESS); 565 } else { 566 if ((stbuf.st_mode & S_IWOTH) == 0) 567 return (EACCESS); 568 } 569 } else { 570 int err; 571 572 /* 573 * Relative file name: search the approved locations for it. 574 * Don't allow write requests that avoid directory 575 * restrictions. 576 */ 577 578 if (!strncmp(filename, "../", 3)) 579 return (EACCESS); 580 581 /* 582 * If the file exists in one of the directories and isn't 583 * readable, continue looking. However, change the error code 584 * to give an indication that the file exists. 585 */ 586 err = ENOTFOUND; 587 for (dirp = dirs; dirp->name != NULL; dirp++) { 588 snprintf(pathname, sizeof(pathname), "%s/%s", 589 dirp->name, filename); 590 if (stat(pathname, &stbuf) == 0 && 591 (stbuf.st_mode & S_IFMT) == S_IFREG) { 592 if ((stbuf.st_mode & S_IROTH) != 0) { 593 break; 594 } 595 err = EACCESS; 596 } 597 } 598 if (dirp->name != NULL) 599 *filep = filename = pathname; 600 else if (mode == RRQ) 601 return (err); 602 } 603 if (options[OPT_TSIZE].o_request) { 604 if (mode == RRQ) 605 options[OPT_TSIZE].o_reply = stbuf.st_size; 606 else 607 /* XXX Allows writes of all sizes. */ 608 options[OPT_TSIZE].o_reply = 609 atoi(options[OPT_TSIZE].o_request); 610 } 611 if (mode == RRQ) 612 fd = open(filename, O_RDONLY); 613 else { 614 if (create_new) 615 fd = open(filename, O_WRONLY|O_TRUNC|O_CREAT, 0666); 616 else 617 fd = open(filename, O_WRONLY|O_TRUNC); 618 } 619 if (fd < 0) 620 return (errno + 100); 621 file = fdopen(fd, (mode == RRQ)? "r":"w"); 622 if (file == NULL) { 623 close(fd); 624 return (errno + 100); 625 } 626 return (0); 627 } 628 629 int timeouts; 630 jmp_buf timeoutbuf; 631 632 void 633 timer(int sig __unused) 634 { 635 if (++timeouts > MAX_TIMEOUTS) 636 exit(1); 637 longjmp(timeoutbuf, 1); 638 } 639 640 /* 641 * Send the requested file. 642 */ 643 void 644 xmitfile(struct formats *pf) 645 { 646 struct tftphdr *dp; 647 struct tftphdr *ap; /* ack packet */ 648 int size, n; 649 volatile unsigned short block; 650 651 signal(SIGALRM, timer); 652 dp = r_init(); 653 ap = (struct tftphdr *)ackbuf; 654 block = 1; 655 do { 656 size = readit(file, &dp, pf->f_convert); 657 if (size < 0) { 658 nak(errno + 100); 659 goto abort; 660 } 661 dp->th_opcode = htons((u_short)DATA); 662 dp->th_block = htons((u_short)block); 663 timeouts = 0; 664 (void)setjmp(timeoutbuf); 665 666 send_data: 667 { 668 int i, t = 1; 669 for (i = 0; ; i++){ 670 if (send(peer, dp, size + 4, 0) != size + 4) { 671 sleep(t); 672 t = (t < 32) ? t<< 1 : t; 673 if (i >= 12) { 674 syslog(LOG_ERR, "write: %m"); 675 goto abort; 676 } 677 } 678 break; 679 } 680 } 681 read_ahead(file, pf->f_convert); 682 for ( ; ; ) { 683 alarm(rexmtval); /* read the ack */ 684 n = recv(peer, ackbuf, sizeof (ackbuf), 0); 685 alarm(0); 686 if (n < 0) { 687 syslog(LOG_ERR, "read: %m"); 688 goto abort; 689 } 690 ap->th_opcode = ntohs((u_short)ap->th_opcode); 691 ap->th_block = ntohs((u_short)ap->th_block); 692 693 if (ap->th_opcode == ERROR) 694 goto abort; 695 696 if (ap->th_opcode == ACK) { 697 if (ap->th_block == block) 698 break; 699 /* Re-synchronize with the other side */ 700 (void) synchnet(peer); 701 if (ap->th_block == (block -1)) 702 goto send_data; 703 } 704 705 } 706 block++; 707 } while (size == SEGSIZE); 708 abort: 709 (void) fclose(file); 710 } 711 712 void 713 justquit(int sig __unused) 714 { 715 exit(0); 716 } 717 718 719 /* 720 * Receive a file. 721 */ 722 void 723 recvfile(struct formats *pf) 724 { 725 struct tftphdr *dp; 726 struct tftphdr *ap; /* ack buffer */ 727 int n, size; 728 volatile unsigned short block; 729 730 signal(SIGALRM, timer); 731 dp = w_init(); 732 ap = (struct tftphdr *)ackbuf; 733 block = 0; 734 do { 735 timeouts = 0; 736 ap->th_opcode = htons((u_short)ACK); 737 ap->th_block = htons((u_short)block); 738 block++; 739 (void) setjmp(timeoutbuf); 740 send_ack: 741 if (send(peer, ackbuf, 4, 0) != 4) { 742 syslog(LOG_ERR, "write: %m"); 743 goto abort; 744 } 745 write_behind(file, pf->f_convert); 746 for ( ; ; ) { 747 alarm(rexmtval); 748 n = recv(peer, dp, PKTSIZE, 0); 749 alarm(0); 750 if (n < 0) { /* really? */ 751 syslog(LOG_ERR, "read: %m"); 752 goto abort; 753 } 754 dp->th_opcode = ntohs((u_short)dp->th_opcode); 755 dp->th_block = ntohs((u_short)dp->th_block); 756 if (dp->th_opcode == ERROR) 757 goto abort; 758 if (dp->th_opcode == DATA) { 759 if (dp->th_block == block) { 760 break; /* normal */ 761 } 762 /* Re-synchronize with the other side */ 763 (void) synchnet(peer); 764 if (dp->th_block == (block-1)) 765 goto send_ack; /* rexmit */ 766 } 767 } 768 /* size = write(file, dp->th_data, n - 4); */ 769 size = writeit(file, &dp, n - 4, pf->f_convert); 770 if (size != (n-4)) { /* ahem */ 771 if (size < 0) nak(errno + 100); 772 else nak(ENOSPACE); 773 goto abort; 774 } 775 } while (size == SEGSIZE); 776 write_behind(file, pf->f_convert); 777 (void) fclose(file); /* close data file */ 778 779 ap->th_opcode = htons((u_short)ACK); /* send the "final" ack */ 780 ap->th_block = htons((u_short)(block)); 781 (void) send(peer, ackbuf, 4, 0); 782 783 signal(SIGALRM, justquit); /* just quit on timeout */ 784 alarm(rexmtval); 785 n = recv(peer, buf, sizeof (buf), 0); /* normally times out and quits */ 786 alarm(0); 787 if (n >= 4 && /* if read some data */ 788 dp->th_opcode == DATA && /* and got a data block */ 789 block == dp->th_block) { /* then my last ack was lost */ 790 (void) send(peer, ackbuf, 4, 0); /* resend final ack */ 791 } 792 abort: 793 return; 794 } 795 796 struct errmsg { 797 int e_code; 798 const char *e_msg; 799 } errmsgs[] = { 800 { EUNDEF, "Undefined error code" }, 801 { ENOTFOUND, "File not found" }, 802 { EACCESS, "Access violation" }, 803 { ENOSPACE, "Disk full or allocation exceeded" }, 804 { EBADOP, "Illegal TFTP operation" }, 805 { EBADID, "Unknown transfer ID" }, 806 { EEXISTS, "File already exists" }, 807 { ENOUSER, "No such user" }, 808 { EOPTNEG, "Option negotiation" }, 809 { -1, 0 } 810 }; 811 812 static const char * 813 errtomsg(int error) 814 { 815 static char ebuf[20]; 816 struct errmsg *pe; 817 if (error == 0) 818 return "success"; 819 for (pe = errmsgs; pe->e_code >= 0; pe++) 820 if (pe->e_code == error) 821 return pe->e_msg; 822 snprintf(ebuf, sizeof(buf), "error %d", error); 823 return ebuf; 824 } 825 826 /* 827 * Send a nak packet (error message). 828 * Error code passed in is one of the 829 * standard TFTP codes, or a UNIX errno 830 * offset by 100. 831 */ 832 static void 833 nak(int error) 834 { 835 struct tftphdr *tp; 836 int length; 837 struct errmsg *pe; 838 839 tp = (struct tftphdr *)buf; 840 tp->th_opcode = htons((u_short)ERROR); 841 tp->th_code = htons((u_short)error); 842 for (pe = errmsgs; pe->e_code >= 0; pe++) 843 if (pe->e_code == error) 844 break; 845 if (pe->e_code < 0) { 846 pe->e_msg = strerror(error - 100); 847 tp->th_code = EUNDEF; /* set 'undef' errorcode */ 848 } 849 strcpy(tp->th_msg, pe->e_msg); 850 length = strlen(pe->e_msg); 851 tp->th_msg[length] = '\0'; 852 length += 5; 853 if (send(peer, buf, length, 0) != length) 854 syslog(LOG_ERR, "nak: %m"); 855 } 856 857 /* translate IPv4 mapped IPv6 address to IPv4 address */ 858 static void 859 unmappedaddr(struct sockaddr_in6 *sin6) 860 { 861 struct sockaddr_in *sin4; 862 u_int32_t addr; 863 int port; 864 865 if (sin6->sin6_family != AF_INET6 || 866 !IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) 867 return; 868 sin4 = (struct sockaddr_in *)sin6; 869 addr = *(u_int32_t *)&sin6->sin6_addr.s6_addr[12]; 870 port = sin6->sin6_port; 871 memset(sin4, 0, sizeof(struct sockaddr_in)); 872 sin4->sin_addr.s_addr = addr; 873 sin4->sin_port = port; 874 sin4->sin_family = AF_INET; 875 sin4->sin_len = sizeof(struct sockaddr_in); 876 } 877 878 /* 879 * Send an oack packet (option acknowledgement). 880 */ 881 static void 882 oack(void) 883 { 884 struct tftphdr *tp, *ap; 885 int size, i, n; 886 char *bp; 887 888 tp = (struct tftphdr *)buf; 889 bp = buf + 2; 890 size = sizeof(buf) - 2; 891 tp->th_opcode = htons((u_short)OACK); 892 for (i = 0; options[i].o_type != NULL; i++) { 893 if (options[i].o_request) { 894 n = snprintf(bp, size, "%s%c%d", options[i].o_type, 895 0, options[i].o_reply); 896 bp += n+1; 897 size -= n+1; 898 if (size < 0) { 899 syslog(LOG_ERR, "oack: buffer overflow"); 900 exit(1); 901 } 902 } 903 } 904 size = bp - buf; 905 ap = (struct tftphdr *)ackbuf; 906 signal(SIGALRM, timer); 907 timeouts = 0; 908 909 (void)setjmp(timeoutbuf); 910 if (send(peer, buf, size, 0) != size) { 911 syslog(LOG_INFO, "oack: %m"); 912 exit(1); 913 } 914 915 for (;;) { 916 alarm(rexmtval); 917 n = recv(peer, ackbuf, sizeof (ackbuf), 0); 918 alarm(0); 919 if (n < 0) { 920 syslog(LOG_ERR, "recv: %m"); 921 exit(1); 922 } 923 ap->th_opcode = ntohs((u_short)ap->th_opcode); 924 ap->th_block = ntohs((u_short)ap->th_block); 925 if (ap->th_opcode == ERROR) 926 exit(1); 927 if (ap->th_opcode == ACK && ap->th_block == 0) 928 break; 929 } 930 } 931