1 /* $NetBSD: tftp.c,v 1.4 1997/09/17 16:57:07 drochner Exp $ */ 2 3 /* 4 * Copyright (c) 1996 5 * Matthias Drochner. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed for the NetBSD Project 18 * by Matthias Drochner. 19 * 4. The name of the author may not be used to endorse or promote products 20 * derived from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34 #include <sys/cdefs.h> 35 __FBSDID("$FreeBSD$"); 36 37 /* 38 * Simple TFTP implementation for libsa. 39 * Assumes: 40 * - socket descriptor (int) at open_file->f_devdata 41 * - server host IP in global servip 42 * Restrictions: 43 * - read only 44 * - lseek only with SEEK_SET or SEEK_CUR 45 * - no big time differences between transfers (<tftp timeout) 46 */ 47 48 #include <sys/types.h> 49 #include <sys/stat.h> 50 #include <netinet/in.h> 51 #include <netinet/udp.h> 52 #include <netinet/in_systm.h> 53 #include <arpa/tftp.h> 54 55 #include <string.h> 56 57 #include "stand.h" 58 #include "net.h" 59 #include "netif.h" 60 61 #include "tftp.h" 62 63 struct tftp_handle; 64 struct tftprecv_extra; 65 66 static ssize_t recvtftp(struct iodesc *d, void **pkt, void **payload, 67 time_t tleft, void *recv_extra); 68 static int tftp_open(const char *path, struct open_file *f); 69 static int tftp_close(struct open_file *f); 70 static int tftp_parse_oack(struct tftp_handle *h, char *buf, size_t len); 71 static int tftp_read(struct open_file *f, void *buf, size_t size, size_t *resid); 72 static off_t tftp_seek(struct open_file *f, off_t offset, int where); 73 static int tftp_set_blksize(struct tftp_handle *h, const char *str); 74 static int tftp_stat(struct open_file *f, struct stat *sb); 75 76 struct fs_ops tftp_fsops = { 77 "tftp", 78 tftp_open, 79 tftp_close, 80 tftp_read, 81 null_write, 82 tftp_seek, 83 tftp_stat, 84 null_readdir 85 }; 86 87 extern struct in_addr servip; 88 89 static int tftpport = 2000; 90 static int is_open = 0; 91 92 /* 93 * The legacy TFTP_BLKSIZE value was SEGSIZE(512). 94 * TFTP_REQUESTED_BLKSIZE of 1428 is (Ethernet MTU, less the TFTP, UDP and 95 * IP header lengths). 96 */ 97 #define TFTP_REQUESTED_BLKSIZE 1428 98 99 /* 100 * Choose a blksize big enough so we can test with Ethernet 101 * Jumbo frames in the future. 102 */ 103 #define TFTP_MAX_BLKSIZE 9008 104 105 struct tftp_handle { 106 struct iodesc *iodesc; 107 int currblock; /* contents of lastdata */ 108 int islastblock; /* flag */ 109 int validsize; 110 int off; 111 char *path; /* saved for re-requests */ 112 unsigned int tftp_blksize; 113 unsigned long tftp_tsize; 114 void *pkt; 115 struct tftphdr *tftp_hdr; 116 }; 117 118 struct tftprecv_extra { 119 struct tftp_handle *tftp_handle; 120 unsigned short rtype; /* Received type */ 121 }; 122 123 #define TFTP_MAX_ERRCODE EOPTNEG 124 static const int tftperrors[TFTP_MAX_ERRCODE + 1] = { 125 0, /* ??? */ 126 ENOENT, 127 EPERM, 128 ENOSPC, 129 EINVAL, /* ??? */ 130 EINVAL, /* ??? */ 131 EEXIST, 132 EINVAL, /* ??? */ 133 EINVAL, /* Option negotiation failed. */ 134 }; 135 136 static int tftp_getnextblock(struct tftp_handle *h); 137 138 /* send error message back. */ 139 static void 140 tftp_senderr(struct tftp_handle *h, u_short errcode, const char *msg) 141 { 142 struct { 143 u_char header[HEADER_SIZE]; 144 struct tftphdr t; 145 u_char space[63]; /* +1 from t */ 146 } __packed __aligned(4) wbuf; 147 char *wtail; 148 int len; 149 150 len = strlen(msg); 151 if (len > sizeof(wbuf.space)) 152 len = sizeof(wbuf.space); 153 154 wbuf.t.th_opcode = htons((u_short) ERROR); 155 wbuf.t.th_code = htons(errcode); 156 157 wtail = wbuf.t.th_msg; 158 bcopy(msg, wtail, len); 159 wtail[len] = '\0'; 160 wtail += len + 1; 161 162 sendudp(h->iodesc, &wbuf.t, wtail - (char *) &wbuf.t); 163 } 164 165 static void 166 tftp_sendack(struct tftp_handle *h, u_short block) 167 { 168 struct { 169 u_char header[HEADER_SIZE]; 170 struct tftphdr t; 171 } __packed __aligned(4) wbuf; 172 char *wtail; 173 174 wbuf.t.th_opcode = htons((u_short) ACK); 175 wtail = (char *) &wbuf.t.th_block; 176 wbuf.t.th_block = htons(block); 177 wtail += 2; 178 179 sendudp(h->iodesc, &wbuf.t, wtail - (char *) &wbuf.t); 180 } 181 182 static ssize_t 183 recvtftp(struct iodesc *d, void **pkt, void **payload, time_t tleft, 184 void *recv_extra) 185 { 186 struct tftprecv_extra *extra; 187 struct tftp_handle *h; 188 struct tftphdr *t; 189 void *ptr = NULL; 190 ssize_t len; 191 192 errno = 0; 193 extra = (struct tftprecv_extra *)recv_extra; 194 h = extra->tftp_handle; 195 196 len = readudp(d, &ptr, (void **)&t, tleft); 197 198 if (len < 4) { 199 free(ptr); 200 return (-1); 201 } 202 203 extra->rtype = ntohs(t->th_opcode); 204 switch (ntohs(t->th_opcode)) { 205 case DATA: { 206 int got; 207 208 if (htons(t->th_block) < (u_short) d->xid) { 209 /* 210 * Apparently our ACK was missed, re-send. 211 */ 212 tftp_sendack(h, htons(t->th_block)); 213 free(ptr); 214 return (-1); 215 } 216 if (htons(t->th_block) != (u_short) d->xid) { 217 /* 218 * Packet from the future, drop this. 219 */ 220 free(ptr); 221 return (-1); 222 } 223 if (d->xid == 1) { 224 /* 225 * First data packet from new port. 226 */ 227 struct udphdr *uh; 228 uh = (struct udphdr *) t - 1; 229 d->destport = uh->uh_sport; 230 } 231 got = len - (t->th_data - (char *)t); 232 *pkt = ptr; 233 *payload = t; 234 return (got); 235 } 236 case ERROR: 237 if ((unsigned) ntohs(t->th_code) > TFTP_MAX_ERRCODE) { 238 printf("illegal tftp error %d\n", ntohs(t->th_code)); 239 errno = EIO; 240 } else { 241 #ifdef TFTP_DEBUG 242 printf("tftp-error %d\n", ntohs(t->th_code)); 243 #endif 244 errno = tftperrors[ntohs(t->th_code)]; 245 } 246 free(ptr); 247 return (-1); 248 case OACK: { 249 struct udphdr *uh; 250 int tftp_oack_len; 251 252 /* 253 * Unexpected OACK. TFTP transfer already in progress. 254 * Drop the pkt. 255 */ 256 if (d->xid != 1) { 257 free(ptr); 258 return (-1); 259 } 260 261 /* 262 * Remember which port this OACK came from, because we need 263 * to send the ACK or errors back to it. 264 */ 265 uh = (struct udphdr *) t - 1; 266 d->destport = uh->uh_sport; 267 268 /* Parse options ACK-ed by the server. */ 269 tftp_oack_len = len - sizeof(t->th_opcode); 270 if (tftp_parse_oack(h, t->th_u.tu_stuff, tftp_oack_len) != 0) { 271 tftp_senderr(h, EOPTNEG, "Malformed OACK"); 272 errno = EIO; 273 free(ptr); 274 return (-1); 275 } 276 *pkt = ptr; 277 *payload = t; 278 return (0); 279 } 280 default: 281 #ifdef TFTP_DEBUG 282 printf("tftp type %d not handled\n", ntohs(t->th_opcode)); 283 #endif 284 free(ptr); 285 return (-1); 286 } 287 } 288 289 /* send request, expect first block (or error) */ 290 static int 291 tftp_makereq(struct tftp_handle *h) 292 { 293 struct { 294 u_char header[HEADER_SIZE]; 295 struct tftphdr t; 296 u_char space[FNAME_SIZE + 6]; 297 } __packed __aligned(4) wbuf; 298 struct tftprecv_extra recv_extra; 299 char *wtail; 300 int l; 301 ssize_t res; 302 void *pkt; 303 struct tftphdr *t; 304 char *tftp_blksize = NULL; 305 int blksize_l; 306 307 /* 308 * Allow overriding default TFTP block size by setting 309 * a tftp.blksize environment variable. 310 */ 311 if ((tftp_blksize = getenv("tftp.blksize")) != NULL) { 312 tftp_set_blksize(h, tftp_blksize); 313 } 314 315 wbuf.t.th_opcode = htons((u_short) RRQ); 316 wtail = wbuf.t.th_stuff; 317 l = strlen(h->path); 318 #ifdef TFTP_PREPEND_PATH 319 if (l > FNAME_SIZE - (sizeof(TFTP_PREPEND_PATH) - 1)) 320 return (ENAMETOOLONG); 321 bcopy(TFTP_PREPEND_PATH, wtail, sizeof(TFTP_PREPEND_PATH) - 1); 322 wtail += sizeof(TFTP_PREPEND_PATH) - 1; 323 #else 324 if (l > FNAME_SIZE) 325 return (ENAMETOOLONG); 326 #endif 327 bcopy(h->path, wtail, l + 1); 328 wtail += l + 1; 329 bcopy("octet", wtail, 6); 330 wtail += 6; 331 bcopy("blksize", wtail, 8); 332 wtail += 8; 333 blksize_l = sprintf(wtail, "%d", h->tftp_blksize); 334 wtail += blksize_l + 1; 335 bcopy("tsize", wtail, 6); 336 wtail += 6; 337 bcopy("0", wtail, 2); 338 wtail += 2; 339 340 /* h->iodesc->myport = htons(--tftpport); */ 341 h->iodesc->myport = htons(tftpport + (getsecs() & 0x3ff)); 342 h->iodesc->destport = htons(IPPORT_TFTP); 343 h->iodesc->xid = 1; /* expected block */ 344 345 h->currblock = 0; 346 h->islastblock = 0; 347 h->validsize = 0; 348 349 pkt = NULL; 350 recv_extra.tftp_handle = h; 351 res = sendrecv(h->iodesc, &sendudp, &wbuf.t, wtail - (char *) &wbuf.t, 352 (void *)&recvtftp, &pkt, (void **)&t, &recv_extra); 353 if (res == -1) { 354 free(pkt); 355 return (errno); 356 } 357 358 free(h->pkt); 359 h->pkt = pkt; 360 h->tftp_hdr = t; 361 362 if (recv_extra.rtype == OACK) 363 return (tftp_getnextblock(h)); 364 365 /* Server ignored our blksize request, revert to TFTP default. */ 366 h->tftp_blksize = SEGSIZE; 367 368 switch (recv_extra.rtype) { 369 case DATA: { 370 h->currblock = 1; 371 h->validsize = res; 372 h->islastblock = 0; 373 if (res < h->tftp_blksize) { 374 h->islastblock = 1; /* very short file */ 375 tftp_sendack(h, h->currblock); 376 } 377 return (0); 378 } 379 case ERROR: 380 default: 381 return (errno); 382 } 383 384 } 385 386 /* ack block, expect next */ 387 static int 388 tftp_getnextblock(struct tftp_handle *h) 389 { 390 struct { 391 u_char header[HEADER_SIZE]; 392 struct tftphdr t; 393 } __packed __aligned(4) wbuf; 394 struct tftprecv_extra recv_extra; 395 char *wtail; 396 int res; 397 void *pkt; 398 struct tftphdr *t; 399 wbuf.t.th_opcode = htons((u_short) ACK); 400 wtail = (char *) &wbuf.t.th_block; 401 wbuf.t.th_block = htons((u_short) h->currblock); 402 wtail += 2; 403 404 h->iodesc->xid = h->currblock + 1; /* expected block */ 405 406 pkt = NULL; 407 recv_extra.tftp_handle = h; 408 res = sendrecv(h->iodesc, &sendudp, &wbuf.t, wtail - (char *) &wbuf.t, 409 (void *)&recvtftp, &pkt, (void **)&t, &recv_extra); 410 411 if (res == -1) { /* 0 is OK! */ 412 free(pkt); 413 return (errno); 414 } 415 416 free(h->pkt); 417 h->pkt = pkt; 418 h->tftp_hdr = t; 419 h->currblock++; 420 h->validsize = res; 421 if (res < h->tftp_blksize) 422 h->islastblock = 1; /* EOF */ 423 424 if (h->islastblock == 1) { 425 /* Send an ACK for the last block */ 426 wbuf.t.th_block = htons((u_short) h->currblock); 427 sendudp(h->iodesc, &wbuf.t, wtail - (char *)&wbuf.t); 428 } 429 430 return (0); 431 } 432 433 static int 434 tftp_open(const char *path, struct open_file *f) 435 { 436 struct tftp_handle *tftpfile; 437 struct iodesc *io; 438 int res; 439 size_t pathsize; 440 const char *extraslash; 441 442 if (netproto != NET_TFTP) 443 return (EINVAL); 444 445 if (f->f_dev->dv_type != DEVT_NET) 446 return (EINVAL); 447 448 if (is_open) 449 return (EBUSY); 450 451 tftpfile = (struct tftp_handle *) malloc(sizeof(*tftpfile)); 452 if (!tftpfile) 453 return (ENOMEM); 454 455 memset(tftpfile, 0, sizeof(*tftpfile)); 456 tftpfile->tftp_blksize = TFTP_REQUESTED_BLKSIZE; 457 tftpfile->iodesc = io = socktodesc(*(int *) (f->f_devdata)); 458 if (io == NULL) { 459 free(tftpfile); 460 return (EINVAL); 461 } 462 463 io->destip = servip; 464 tftpfile->off = 0; 465 pathsize = (strlen(rootpath) + 1 + strlen(path) + 1) * sizeof(char); 466 tftpfile->path = malloc(pathsize); 467 if (tftpfile->path == NULL) { 468 free(tftpfile); 469 return(ENOMEM); 470 } 471 if (rootpath[strlen(rootpath) - 1] == '/' || path[0] == '/') 472 extraslash = ""; 473 else 474 extraslash = "/"; 475 res = snprintf(tftpfile->path, pathsize, "%s%s%s", 476 rootpath, extraslash, path); 477 if (res < 0 || res > pathsize) { 478 free(tftpfile->path); 479 free(tftpfile); 480 return(ENOMEM); 481 } 482 483 res = tftp_makereq(tftpfile); 484 485 if (res) { 486 free(tftpfile->path); 487 free(tftpfile->pkt); 488 free(tftpfile); 489 return (res); 490 } 491 f->f_fsdata = (void *) tftpfile; 492 is_open = 1; 493 return (0); 494 } 495 496 static int 497 tftp_read(struct open_file *f, void *addr, size_t size, 498 size_t *resid /* out */) 499 { 500 struct tftp_handle *tftpfile; 501 int rc; 502 503 rc = 0; 504 tftpfile = (struct tftp_handle *) f->f_fsdata; 505 506 while (size > 0) { 507 int needblock, count; 508 509 twiddle(32); 510 511 needblock = tftpfile->off / tftpfile->tftp_blksize + 1; 512 513 if (tftpfile->currblock > needblock) { /* seek backwards */ 514 tftp_senderr(tftpfile, 0, "No error: read aborted"); 515 rc = tftp_makereq(tftpfile); 516 if (rc != 0) 517 break; 518 } 519 520 while (tftpfile->currblock < needblock) { 521 522 rc = tftp_getnextblock(tftpfile); 523 if (rc) { /* no answer */ 524 #ifdef TFTP_DEBUG 525 printf("tftp: read error\n"); 526 #endif 527 return (rc); 528 } 529 if (tftpfile->islastblock) 530 break; 531 } 532 533 if (tftpfile->currblock == needblock) { 534 int offinblock, inbuffer; 535 536 offinblock = tftpfile->off % tftpfile->tftp_blksize; 537 538 inbuffer = tftpfile->validsize - offinblock; 539 if (inbuffer < 0) { 540 #ifdef TFTP_DEBUG 541 printf("tftp: invalid offset %d\n", 542 tftpfile->off); 543 #endif 544 return (EINVAL); 545 } 546 count = (size < inbuffer ? size : inbuffer); 547 bcopy(tftpfile->tftp_hdr->th_data + offinblock, 548 addr, count); 549 550 addr = (char *)addr + count; 551 tftpfile->off += count; 552 size -= count; 553 554 if ((tftpfile->islastblock) && (count == inbuffer)) 555 break; /* EOF */ 556 } else { 557 #ifdef TFTP_DEBUG 558 printf("tftp: block %d not found\n", needblock); 559 #endif 560 return (EINVAL); 561 } 562 563 } 564 565 if (resid) 566 *resid = size; 567 return (rc); 568 } 569 570 static int 571 tftp_close(struct open_file *f) 572 { 573 struct tftp_handle *tftpfile; 574 tftpfile = (struct tftp_handle *) f->f_fsdata; 575 576 /* let it time out ... */ 577 578 if (tftpfile) { 579 free(tftpfile->path); 580 free(tftpfile->pkt); 581 free(tftpfile); 582 } 583 is_open = 0; 584 return (0); 585 } 586 587 static int 588 tftp_stat(struct open_file *f, struct stat *sb) 589 { 590 struct tftp_handle *tftpfile; 591 tftpfile = (struct tftp_handle *) f->f_fsdata; 592 593 sb->st_mode = 0444 | S_IFREG; 594 sb->st_nlink = 1; 595 sb->st_uid = 0; 596 sb->st_gid = 0; 597 sb->st_size = (off_t) tftpfile->tftp_tsize; 598 return (0); 599 } 600 601 static off_t 602 tftp_seek(struct open_file *f, off_t offset, int where) 603 { 604 struct tftp_handle *tftpfile; 605 tftpfile = (struct tftp_handle *) f->f_fsdata; 606 607 switch (where) { 608 case SEEK_SET: 609 tftpfile->off = offset; 610 break; 611 case SEEK_CUR: 612 tftpfile->off += offset; 613 break; 614 default: 615 errno = EOFFSET; 616 return (-1); 617 } 618 return (tftpfile->off); 619 } 620 621 static int 622 tftp_set_blksize(struct tftp_handle *h, const char *str) 623 { 624 char *endptr; 625 int new_blksize; 626 int ret = 0; 627 628 if (h == NULL || str == NULL) 629 return (ret); 630 631 new_blksize = 632 (unsigned int)strtol(str, &endptr, 0); 633 634 /* 635 * Only accept blksize value if it is numeric. 636 * RFC2348 specifies that acceptable values are 8-65464. 637 * Let's choose a limit less than MAXRSPACE. 638 */ 639 if (*endptr == '\0' && new_blksize >= 8 640 && new_blksize <= TFTP_MAX_BLKSIZE) { 641 h->tftp_blksize = new_blksize; 642 ret = 1; 643 } 644 645 return (ret); 646 } 647 648 /* 649 * In RFC2347, the TFTP Option Acknowledgement package (OACK) 650 * is used to acknowledge a client's option negotiation request. 651 * The format of an OACK packet is: 652 * +-------+---~~---+---+---~~---+---+---~~---+---+---~~---+---+ 653 * | opc | opt1 | 0 | value1 | 0 | optN | 0 | valueN | 0 | 654 * +-------+---~~---+---+---~~---+---+---~~---+---+---~~---+---+ 655 * 656 * opc 657 * The opcode field contains a 6, for Option Acknowledgment. 658 * 659 * opt1 660 * The first option acknowledgment, copied from the original 661 * request. 662 * 663 * value1 664 * The acknowledged value associated with the first option. If 665 * and how this value may differ from the original request is 666 * detailed in the specification for the option. 667 * 668 * optN, valueN 669 * The final option/value acknowledgment pair. 670 */ 671 static int 672 tftp_parse_oack(struct tftp_handle *h, char *buf, size_t len) 673 { 674 /* 675 * We parse the OACK strings into an array 676 * of name-value pairs. 677 */ 678 char *tftp_options[128] = { 0 }; 679 char *val = buf; 680 int i = 0; 681 int option_idx = 0; 682 int blksize_is_set = 0; 683 int tsize = 0; 684 685 unsigned int orig_blksize; 686 687 while (option_idx < 128 && i < len) { 688 if (buf[i] == '\0') { 689 if (&buf[i] > val) { 690 tftp_options[option_idx] = val; 691 val = &buf[i] + 1; 692 ++option_idx; 693 } 694 } 695 ++i; 696 } 697 698 /* Save the block size we requested for sanity check later. */ 699 orig_blksize = h->tftp_blksize; 700 701 /* 702 * Parse individual TFTP options. 703 * * "blksize" is specified in RFC2348. 704 * * "tsize" is specified in RFC2349. 705 */ 706 for (i = 0; i < option_idx; i += 2) { 707 if (strcasecmp(tftp_options[i], "blksize") == 0) { 708 if (i + 1 < option_idx) 709 blksize_is_set = 710 tftp_set_blksize(h, tftp_options[i + 1]); 711 } else if (strcasecmp(tftp_options[i], "tsize") == 0) { 712 if (i + 1 < option_idx) 713 tsize = strtol(tftp_options[i + 1], (char **)NULL, 10); 714 if (tsize != 0) 715 h->tftp_tsize = tsize; 716 } else { 717 /* Do not allow any options we did not expect to be ACKed. */ 718 printf("unexpected tftp option '%s'\n", tftp_options[i]); 719 return (-1); 720 } 721 } 722 723 if (!blksize_is_set) { 724 /* 725 * If TFTP blksize was not set, try defaulting 726 * to the legacy TFTP blksize of SEGSIZE(512) 727 */ 728 h->tftp_blksize = SEGSIZE; 729 } else if (h->tftp_blksize > orig_blksize) { 730 /* 731 * Server should not be proposing block sizes that 732 * exceed what we said we can handle. 733 */ 734 printf("unexpected blksize %u\n", h->tftp_blksize); 735 return (-1); 736 } 737 738 #ifdef TFTP_DEBUG 739 printf("tftp_blksize: %u\n", h->tftp_blksize); 740 printf("tftp_tsize: %lu\n", h->tftp_tsize); 741 #endif 742 return 0; 743 } 744