1 /* $NetBSD: tftp.c,v 1.4 1997/09/17 16:57:07 drochner Exp $ */ 2 3 /* 4 * Copyright (c) 1996 5 * Matthias Drochner. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed for the NetBSD Project 18 * by Matthias Drochner. 19 * 4. The name of the author may not be used to endorse or promote products 20 * derived from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34 #include <sys/cdefs.h> 35 __FBSDID("$FreeBSD$"); 36 37 /* 38 * Simple TFTP implementation for libsa. 39 * Assumes: 40 * - socket descriptor (int) at open_file->f_devdata 41 * - server host IP in global rootip 42 * Restrictions: 43 * - read only 44 * - lseek only with SEEK_SET or SEEK_CUR 45 * - no big time differences between transfers (<tftp timeout) 46 */ 47 48 #include <sys/types.h> 49 #include <sys/stat.h> 50 #include <netinet/in.h> 51 #include <netinet/udp.h> 52 #include <netinet/in_systm.h> 53 #include <arpa/tftp.h> 54 55 #include <string.h> 56 57 #include "stand.h" 58 #include "net.h" 59 #include "netif.h" 60 61 #include "tftp.h" 62 63 struct tftp_handle; 64 struct tftprecv_extra; 65 66 static ssize_t recvtftp(struct iodesc *, void **, void **, time_t, void *); 67 static int tftp_open(const char *, struct open_file *); 68 static int tftp_close(struct open_file *); 69 static int tftp_parse_oack(struct tftp_handle *, char *, size_t); 70 static int tftp_read(struct open_file *, void *, size_t, size_t *); 71 static off_t tftp_seek(struct open_file *, off_t, int); 72 static int tftp_set_blksize(struct tftp_handle *, const char *); 73 static int tftp_stat(struct open_file *, struct stat *); 74 75 struct fs_ops tftp_fsops = { 76 .fs_name = "tftp", 77 .fo_open = tftp_open, 78 .fo_close = tftp_close, 79 .fo_read = tftp_read, 80 .fo_write = null_write, 81 .fo_seek = tftp_seek, 82 .fo_stat = tftp_stat, 83 .fo_readdir = null_readdir 84 }; 85 86 static int tftpport = 2000; 87 static int is_open = 0; 88 89 /* 90 * The legacy TFTP_BLKSIZE value was SEGSIZE(512). 91 * TFTP_REQUESTED_BLKSIZE of 1428 is (Ethernet MTU, less the TFTP, UDP and 92 * IP header lengths). 93 */ 94 #define TFTP_REQUESTED_BLKSIZE 1428 95 96 /* 97 * Choose a blksize big enough so we can test with Ethernet 98 * Jumbo frames in the future. 99 */ 100 #define TFTP_MAX_BLKSIZE 9008 101 #define TFTP_TRIES 2 102 103 struct tftp_handle { 104 struct iodesc *iodesc; 105 int currblock; /* contents of lastdata */ 106 int islastblock:1; /* flag */ 107 int tries:4; /* number of read attempts */ 108 int validsize; 109 int off; 110 char *path; /* saved for re-requests */ 111 unsigned int tftp_blksize; 112 unsigned long tftp_tsize; 113 void *pkt; 114 struct tftphdr *tftp_hdr; 115 }; 116 117 struct tftprecv_extra { 118 struct tftp_handle *tftp_handle; 119 unsigned short rtype; /* Received type */ 120 }; 121 122 #define TFTP_MAX_ERRCODE EOPTNEG 123 static const int tftperrors[TFTP_MAX_ERRCODE + 1] = { 124 0, /* ??? */ 125 ENOENT, 126 EPERM, 127 ENOSPC, 128 EINVAL, /* ??? */ 129 EINVAL, /* ??? */ 130 EEXIST, 131 EINVAL, /* ??? */ 132 EINVAL, /* Option negotiation failed. */ 133 }; 134 135 static int tftp_getnextblock(struct tftp_handle *h); 136 137 /* send error message back. */ 138 static void 139 tftp_senderr(struct tftp_handle *h, u_short errcode, const char *msg) 140 { 141 struct { 142 u_char header[HEADER_SIZE]; 143 struct tftphdr t; 144 u_char space[63]; /* +1 from t */ 145 } __packed __aligned(4) wbuf; 146 char *wtail; 147 int len; 148 149 len = strlen(msg); 150 if (len > sizeof(wbuf.space)) 151 len = sizeof(wbuf.space); 152 153 wbuf.t.th_opcode = htons((u_short)ERROR); 154 wbuf.t.th_code = htons(errcode); 155 156 wtail = wbuf.t.th_msg; 157 bcopy(msg, wtail, len); 158 wtail[len] = '\0'; 159 wtail += len + 1; 160 161 sendudp(h->iodesc, &wbuf.t, wtail - (char *)&wbuf.t); 162 } 163 164 static void 165 tftp_sendack(struct tftp_handle *h, u_short block) 166 { 167 struct { 168 u_char header[HEADER_SIZE]; 169 struct tftphdr t; 170 } __packed __aligned(4) wbuf; 171 char *wtail; 172 173 wbuf.t.th_opcode = htons((u_short)ACK); 174 wtail = (char *)&wbuf.t.th_block; 175 wbuf.t.th_block = htons(block); 176 wtail += 2; 177 178 sendudp(h->iodesc, &wbuf.t, wtail - (char *)&wbuf.t); 179 } 180 181 static ssize_t 182 recvtftp(struct iodesc *d, void **pkt, void **payload, time_t tleft, 183 void *recv_extra) 184 { 185 struct tftprecv_extra *extra; 186 struct tftp_handle *h; 187 struct tftphdr *t; 188 void *ptr = NULL; 189 ssize_t len; 190 191 errno = 0; 192 extra = recv_extra; 193 h = extra->tftp_handle; 194 195 len = readudp(d, &ptr, (void **)&t, tleft); 196 197 if (len < 4) { 198 free(ptr); 199 return (-1); 200 } 201 202 extra->rtype = ntohs(t->th_opcode); 203 switch (ntohs(t->th_opcode)) { 204 case DATA: { 205 int got; 206 207 if (htons(t->th_block) < (u_short)d->xid) { 208 /* 209 * Apparently our ACK was missed, re-send. 210 */ 211 tftp_sendack(h, htons(t->th_block)); 212 free(ptr); 213 return (-1); 214 } 215 if (htons(t->th_block) != (u_short)d->xid) { 216 /* 217 * Packet from the future, drop this. 218 */ 219 free(ptr); 220 return (-1); 221 } 222 if (d->xid == 1) { 223 /* 224 * First data packet from new port. 225 */ 226 struct udphdr *uh; 227 uh = (struct udphdr *)t - 1; 228 d->destport = uh->uh_sport; 229 } 230 got = len - (t->th_data - (char *)t); 231 *pkt = ptr; 232 *payload = t; 233 return (got); 234 } 235 case ERROR: 236 if ((unsigned)ntohs(t->th_code) > TFTP_MAX_ERRCODE) { 237 printf("illegal tftp error %d\n", ntohs(t->th_code)); 238 errno = EIO; 239 } else { 240 #ifdef TFTP_DEBUG 241 printf("tftp-error %d\n", ntohs(t->th_code)); 242 #endif 243 errno = tftperrors[ntohs(t->th_code)]; 244 } 245 free(ptr); 246 return (-1); 247 case OACK: { 248 struct udphdr *uh; 249 int tftp_oack_len; 250 251 /* 252 * Unexpected OACK. TFTP transfer already in progress. 253 * Drop the pkt. 254 */ 255 if (d->xid != 1) { 256 free(ptr); 257 return (-1); 258 } 259 260 /* 261 * Remember which port this OACK came from, because we need 262 * to send the ACK or errors back to it. 263 */ 264 uh = (struct udphdr *)t - 1; 265 d->destport = uh->uh_sport; 266 267 /* Parse options ACK-ed by the server. */ 268 tftp_oack_len = len - sizeof(t->th_opcode); 269 if (tftp_parse_oack(h, t->th_u.tu_stuff, tftp_oack_len) != 0) { 270 tftp_senderr(h, EOPTNEG, "Malformed OACK"); 271 errno = EIO; 272 free(ptr); 273 return (-1); 274 } 275 *pkt = ptr; 276 *payload = t; 277 return (0); 278 } 279 default: 280 #ifdef TFTP_DEBUG 281 printf("tftp type %d not handled\n", ntohs(t->th_opcode)); 282 #endif 283 free(ptr); 284 return (-1); 285 } 286 } 287 288 /* send request, expect first block (or error) */ 289 static int 290 tftp_makereq(struct tftp_handle *h) 291 { 292 struct { 293 u_char header[HEADER_SIZE]; 294 struct tftphdr t; 295 u_char space[FNAME_SIZE + 6]; 296 } __packed __aligned(4) wbuf; 297 struct tftprecv_extra recv_extra; 298 char *wtail; 299 int l; 300 ssize_t res; 301 void *pkt; 302 struct tftphdr *t; 303 char *tftp_blksize = NULL; 304 int blksize_l; 305 306 /* 307 * Allow overriding default TFTP block size by setting 308 * a tftp.blksize environment variable. 309 */ 310 if ((tftp_blksize = getenv("tftp.blksize")) != NULL) { 311 tftp_set_blksize(h, tftp_blksize); 312 } 313 314 wbuf.t.th_opcode = htons((u_short)RRQ); 315 wtail = wbuf.t.th_stuff; 316 l = strlen(h->path); 317 #ifdef TFTP_PREPEND_PATH 318 if (l > FNAME_SIZE - (sizeof(TFTP_PREPEND_PATH) - 1)) 319 return (ENAMETOOLONG); 320 bcopy(TFTP_PREPEND_PATH, wtail, sizeof(TFTP_PREPEND_PATH) - 1); 321 wtail += sizeof(TFTP_PREPEND_PATH) - 1; 322 #else 323 if (l > FNAME_SIZE) 324 return (ENAMETOOLONG); 325 #endif 326 bcopy(h->path, wtail, l + 1); 327 wtail += l + 1; 328 bcopy("octet", wtail, 6); 329 wtail += 6; 330 bcopy("blksize", wtail, 8); 331 wtail += 8; 332 blksize_l = sprintf(wtail, "%d", h->tftp_blksize); 333 wtail += blksize_l + 1; 334 bcopy("tsize", wtail, 6); 335 wtail += 6; 336 bcopy("0", wtail, 2); 337 wtail += 2; 338 339 h->iodesc->myport = htons(tftpport + (getsecs() & 0x3ff)); 340 h->iodesc->destport = htons(IPPORT_TFTP); 341 h->iodesc->xid = 1; /* expected block */ 342 343 h->currblock = 0; 344 h->islastblock = 0; 345 h->validsize = 0; 346 347 pkt = NULL; 348 recv_extra.tftp_handle = h; 349 res = sendrecv(h->iodesc, &sendudp, &wbuf.t, wtail - (char *)&wbuf.t, 350 &recvtftp, &pkt, (void **)&t, &recv_extra); 351 if (res == -1) { 352 free(pkt); 353 return (errno); 354 } 355 356 free(h->pkt); 357 h->pkt = pkt; 358 h->tftp_hdr = t; 359 360 if (recv_extra.rtype == OACK) 361 return (tftp_getnextblock(h)); 362 363 /* Server ignored our blksize request, revert to TFTP default. */ 364 h->tftp_blksize = SEGSIZE; 365 366 switch (recv_extra.rtype) { 367 case DATA: { 368 h->currblock = 1; 369 h->validsize = res; 370 h->islastblock = 0; 371 if (res < h->tftp_blksize) { 372 h->islastblock = 1; /* very short file */ 373 tftp_sendack(h, h->currblock); 374 } 375 return (0); 376 } 377 case ERROR: 378 default: 379 return (errno); 380 } 381 382 } 383 384 /* ack block, expect next */ 385 static int 386 tftp_getnextblock(struct tftp_handle *h) 387 { 388 struct { 389 u_char header[HEADER_SIZE]; 390 struct tftphdr t; 391 } __packed __aligned(4) wbuf; 392 struct tftprecv_extra recv_extra; 393 char *wtail; 394 int res; 395 void *pkt; 396 struct tftphdr *t; 397 398 wbuf.t.th_opcode = htons((u_short)ACK); 399 wtail = (char *)&wbuf.t.th_block; 400 wbuf.t.th_block = htons((u_short)h->currblock); 401 wtail += 2; 402 403 h->iodesc->xid = h->currblock + 1; /* expected block */ 404 405 pkt = NULL; 406 recv_extra.tftp_handle = h; 407 res = sendrecv(h->iodesc, &sendudp, &wbuf.t, wtail - (char *)&wbuf.t, 408 &recvtftp, &pkt, (void **)&t, &recv_extra); 409 410 if (res == -1) { /* 0 is OK! */ 411 free(pkt); 412 return (errno); 413 } 414 415 free(h->pkt); 416 h->pkt = pkt; 417 h->tftp_hdr = t; 418 h->currblock++; 419 h->validsize = res; 420 if (res < h->tftp_blksize) 421 h->islastblock = 1; /* EOF */ 422 423 if (h->islastblock == 1) { 424 /* Send an ACK for the last block */ 425 wbuf.t.th_block = htons((u_short)h->currblock); 426 sendudp(h->iodesc, &wbuf.t, wtail - (char *)&wbuf.t); 427 } 428 429 return (0); 430 } 431 432 static int 433 tftp_open(const char *path, struct open_file *f) 434 { 435 struct tftp_handle *tftpfile; 436 struct iodesc *io; 437 int res; 438 size_t pathsize; 439 const char *extraslash; 440 441 if (netproto != NET_TFTP) 442 return (EINVAL); 443 444 if (f->f_dev->dv_type != DEVT_NET) 445 return (EINVAL); 446 447 if (is_open) 448 return (EBUSY); 449 450 tftpfile = calloc(1, sizeof(*tftpfile)); 451 if (!tftpfile) 452 return (ENOMEM); 453 454 tftpfile->tftp_blksize = TFTP_REQUESTED_BLKSIZE; 455 tftpfile->iodesc = io = socktodesc(*(int *)(f->f_devdata)); 456 if (io == NULL) { 457 free(tftpfile); 458 return (EINVAL); 459 } 460 461 io->destip = rootip; 462 tftpfile->off = 0; 463 pathsize = (strlen(rootpath) + 1 + strlen(path) + 1) * sizeof(char); 464 tftpfile->path = malloc(pathsize); 465 if (tftpfile->path == NULL) { 466 free(tftpfile); 467 return (ENOMEM); 468 } 469 if (rootpath[strlen(rootpath) - 1] == '/' || path[0] == '/') 470 extraslash = ""; 471 else 472 extraslash = "/"; 473 res = snprintf(tftpfile->path, pathsize, "%s%s%s", 474 rootpath, extraslash, path); 475 if (res < 0 || res > pathsize) { 476 free(tftpfile->path); 477 free(tftpfile); 478 return (ENOMEM); 479 } 480 481 res = tftp_makereq(tftpfile); 482 483 if (res) { 484 free(tftpfile->path); 485 free(tftpfile->pkt); 486 free(tftpfile); 487 return (res); 488 } 489 f->f_fsdata = tftpfile; 490 is_open = 1; 491 return (0); 492 } 493 494 static int 495 tftp_read(struct open_file *f, void *addr, size_t size, 496 size_t *resid /* out */) 497 { 498 struct tftp_handle *tftpfile; 499 size_t res; 500 int rc; 501 502 rc = 0; 503 res = size; 504 tftpfile = f->f_fsdata; 505 506 /* Make sure we will not read past file end */ 507 if (tftpfile->tftp_tsize > 0 && 508 tftpfile->off + size > tftpfile->tftp_tsize) { 509 size = tftpfile->tftp_tsize - tftpfile->off; 510 } 511 512 while (size > 0) { 513 int needblock, count; 514 515 twiddle(32); 516 517 needblock = tftpfile->off / tftpfile->tftp_blksize + 1; 518 519 if (tftpfile->currblock > needblock) { /* seek backwards */ 520 tftp_senderr(tftpfile, 0, "No error: read aborted"); 521 rc = tftp_makereq(tftpfile); 522 if (rc != 0) 523 break; 524 } 525 526 while (tftpfile->currblock < needblock) { 527 528 rc = tftp_getnextblock(tftpfile); 529 if (rc) { /* no answer */ 530 #ifdef TFTP_DEBUG 531 printf("tftp: read error\n"); 532 #endif 533 if (tftpfile->tries > TFTP_TRIES) { 534 return (rc); 535 } else { 536 tftpfile->tries++; 537 tftp_makereq(tftpfile); 538 } 539 } 540 if (tftpfile->islastblock) 541 break; 542 } 543 544 if (tftpfile->currblock == needblock) { 545 int offinblock, inbuffer; 546 547 offinblock = tftpfile->off % tftpfile->tftp_blksize; 548 549 inbuffer = tftpfile->validsize - offinblock; 550 if (inbuffer < 0) { 551 #ifdef TFTP_DEBUG 552 printf("tftp: invalid offset %d\n", 553 tftpfile->off); 554 #endif 555 return (EINVAL); 556 } 557 count = (size < inbuffer ? size : inbuffer); 558 bcopy(tftpfile->tftp_hdr->th_data + offinblock, 559 addr, count); 560 561 addr = (char *)addr + count; 562 tftpfile->off += count; 563 size -= count; 564 res -= count; 565 566 if ((tftpfile->islastblock) && (count == inbuffer)) 567 break; /* EOF */ 568 } else { 569 #ifdef TFTP_DEBUG 570 printf("tftp: block %d not found\n", needblock); 571 #endif 572 return (EINVAL); 573 } 574 575 } 576 577 if (resid != NULL) 578 *resid = res; 579 return (rc); 580 } 581 582 static int 583 tftp_close(struct open_file *f) 584 { 585 struct tftp_handle *tftpfile; 586 tftpfile = f->f_fsdata; 587 588 /* let it time out ... */ 589 590 if (tftpfile) { 591 free(tftpfile->path); 592 free(tftpfile->pkt); 593 free(tftpfile); 594 } 595 is_open = 0; 596 return (0); 597 } 598 599 static int 600 tftp_stat(struct open_file *f, struct stat *sb) 601 { 602 struct tftp_handle *tftpfile; 603 tftpfile = f->f_fsdata; 604 605 sb->st_mode = 0444 | S_IFREG; 606 sb->st_nlink = 1; 607 sb->st_uid = 0; 608 sb->st_gid = 0; 609 sb->st_size = tftpfile->tftp_tsize; 610 return (0); 611 } 612 613 static off_t 614 tftp_seek(struct open_file *f, off_t offset, int where) 615 { 616 struct tftp_handle *tftpfile; 617 tftpfile = f->f_fsdata; 618 619 switch (where) { 620 case SEEK_SET: 621 tftpfile->off = offset; 622 break; 623 case SEEK_CUR: 624 tftpfile->off += offset; 625 break; 626 default: 627 errno = EOFFSET; 628 return (-1); 629 } 630 return (tftpfile->off); 631 } 632 633 static int 634 tftp_set_blksize(struct tftp_handle *h, const char *str) 635 { 636 char *endptr; 637 int new_blksize; 638 int ret = 0; 639 640 if (h == NULL || str == NULL) 641 return (ret); 642 643 new_blksize = 644 (unsigned int)strtol(str, &endptr, 0); 645 646 /* 647 * Only accept blksize value if it is numeric. 648 * RFC2348 specifies that acceptable values are 8-65464. 649 * Let's choose a limit less than MAXRSPACE. 650 */ 651 if (*endptr == '\0' && new_blksize >= 8 && 652 new_blksize <= TFTP_MAX_BLKSIZE) { 653 h->tftp_blksize = new_blksize; 654 ret = 1; 655 } 656 657 return (ret); 658 } 659 660 /* 661 * In RFC2347, the TFTP Option Acknowledgement package (OACK) 662 * is used to acknowledge a client's option negotiation request. 663 * The format of an OACK packet is: 664 * +-------+---~~---+---+---~~---+---+---~~---+---+---~~---+---+ 665 * | opc | opt1 | 0 | value1 | 0 | optN | 0 | valueN | 0 | 666 * +-------+---~~---+---+---~~---+---+---~~---+---+---~~---+---+ 667 * 668 * opc 669 * The opcode field contains a 6, for Option Acknowledgment. 670 * 671 * opt1 672 * The first option acknowledgment, copied from the original 673 * request. 674 * 675 * value1 676 * The acknowledged value associated with the first option. If 677 * and how this value may differ from the original request is 678 * detailed in the specification for the option. 679 * 680 * optN, valueN 681 * The final option/value acknowledgment pair. 682 */ 683 static int 684 tftp_parse_oack(struct tftp_handle *h, char *buf, size_t len) 685 { 686 /* 687 * We parse the OACK strings into an array 688 * of name-value pairs. 689 */ 690 char *tftp_options[128] = { 0 }; 691 char *val = buf; 692 int i = 0; 693 int option_idx = 0; 694 int blksize_is_set = 0; 695 int tsize = 0; 696 697 unsigned int orig_blksize; 698 699 while (option_idx < 128 && i < len) { 700 if (buf[i] == '\0') { 701 if (&buf[i] > val) { 702 tftp_options[option_idx] = val; 703 val = &buf[i] + 1; 704 ++option_idx; 705 } 706 } 707 ++i; 708 } 709 710 /* Save the block size we requested for sanity check later. */ 711 orig_blksize = h->tftp_blksize; 712 713 /* 714 * Parse individual TFTP options. 715 * * "blksize" is specified in RFC2348. 716 * * "tsize" is specified in RFC2349. 717 */ 718 for (i = 0; i < option_idx; i += 2) { 719 if (strcasecmp(tftp_options[i], "blksize") == 0) { 720 if (i + 1 < option_idx) 721 blksize_is_set = 722 tftp_set_blksize(h, tftp_options[i + 1]); 723 } else if (strcasecmp(tftp_options[i], "tsize") == 0) { 724 if (i + 1 < option_idx) 725 tsize = strtol(tftp_options[i + 1], NULL, 10); 726 if (tsize != 0) 727 h->tftp_tsize = tsize; 728 } else { 729 /* 730 * Do not allow any options we did not expect to be 731 * ACKed. 732 */ 733 printf("unexpected tftp option '%s'\n", 734 tftp_options[i]); 735 return (-1); 736 } 737 } 738 739 if (!blksize_is_set) { 740 /* 741 * If TFTP blksize was not set, try defaulting 742 * to the legacy TFTP blksize of SEGSIZE(512) 743 */ 744 h->tftp_blksize = SEGSIZE; 745 } else if (h->tftp_blksize > orig_blksize) { 746 /* 747 * Server should not be proposing block sizes that 748 * exceed what we said we can handle. 749 */ 750 printf("unexpected blksize %u\n", h->tftp_blksize); 751 return (-1); 752 } 753 754 #ifdef TFTP_DEBUG 755 printf("tftp_blksize: %u\n", h->tftp_blksize); 756 printf("tftp_tsize: %lu\n", h->tftp_tsize); 757 #endif 758 return (0); 759 } 760