1 /* $NetBSD: tftp.c,v 1.4 1997/09/17 16:57:07 drochner Exp $ */ 2 3 /* 4 * Copyright (c) 1996 5 * Matthias Drochner. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed for the NetBSD Project 18 * by Matthias Drochner. 19 * 4. The name of the author may not be used to endorse or promote products 20 * derived from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34 #include <sys/cdefs.h> 35 36 /* 37 * Simple TFTP implementation for libsa. 38 * Assumes: 39 * - socket descriptor (int) at dev->d_opendata, dev stored at 40 * open_file->f_devdata 41 * - server host IP in global rootip 42 * Restrictions: 43 * - read only 44 * - lseek only with SEEK_SET or SEEK_CUR 45 * - no big time differences between transfers (<tftp timeout) 46 */ 47 48 #include <sys/types.h> 49 #include <sys/stat.h> 50 #include <netinet/in.h> 51 #include <netinet/udp.h> 52 #include <netinet/in_systm.h> 53 #include <arpa/tftp.h> 54 55 #include <string.h> 56 57 #include "stand.h" 58 #include "net.h" 59 #include "netif.h" 60 61 #include "tftp.h" 62 63 struct tftp_handle; 64 struct tftprecv_extra; 65 66 static ssize_t recvtftp(struct iodesc *, void **, void **, time_t, void *); 67 static int tftp_open(const char *, struct open_file *); 68 static int tftp_close(struct open_file *); 69 static int tftp_parse_oack(struct tftp_handle *, char *, size_t); 70 static int tftp_read(struct open_file *, void *, size_t, size_t *); 71 static off_t tftp_seek(struct open_file *, off_t, int); 72 static int tftp_set_blksize(struct tftp_handle *, const char *); 73 static int tftp_stat(struct open_file *, struct stat *); 74 75 struct fs_ops tftp_fsops = { 76 .fs_name = "tftp", 77 .fo_open = tftp_open, 78 .fo_close = tftp_close, 79 .fo_read = tftp_read, 80 .fo_write = null_write, 81 .fo_seek = tftp_seek, 82 .fo_stat = tftp_stat, 83 .fo_readdir = null_readdir 84 }; 85 86 static int tftpport = 2000; 87 static int is_open = 0; 88 89 /* 90 * The legacy TFTP_BLKSIZE value was SEGSIZE(512). 91 * TFTP_REQUESTED_BLKSIZE of 1428 is (Ethernet MTU, less the TFTP, UDP and 92 * IP header lengths). 93 */ 94 #define TFTP_REQUESTED_BLKSIZE 1428 95 96 /* 97 * Choose a blksize big enough so we can test with Ethernet 98 * Jumbo frames in the future. 99 */ 100 #define TFTP_MAX_BLKSIZE 9008 101 102 struct tftp_handle { 103 struct iodesc *iodesc; 104 int currblock; /* contents of lastdata */ 105 int islastblock; /* flag */ 106 int validsize; 107 int off; 108 char *path; /* saved for re-requests */ 109 unsigned int tftp_blksize; 110 unsigned long tftp_tsize; 111 void *pkt; 112 struct tftphdr *tftp_hdr; 113 }; 114 115 struct tftprecv_extra { 116 struct tftp_handle *tftp_handle; 117 unsigned short rtype; /* Received type */ 118 }; 119 120 #define TFTP_MAX_ERRCODE EOPTNEG 121 static const int tftperrors[TFTP_MAX_ERRCODE + 1] = { 122 0, /* ??? */ 123 ENOENT, 124 EPERM, 125 ENOSPC, 126 EINVAL, /* ??? */ 127 EINVAL, /* ??? */ 128 EEXIST, 129 EINVAL, /* ??? */ 130 EINVAL, /* Option negotiation failed. */ 131 }; 132 133 static int tftp_getnextblock(struct tftp_handle *h); 134 135 /* send error message back. */ 136 static void 137 tftp_senderr(struct tftp_handle *h, ushort_t errcode, const char *msg) 138 { 139 struct { 140 uchar_t header[HEADER_SIZE]; 141 struct tftphdr t; 142 uchar_t space[63]; /* +1 from t */ 143 } __packed __aligned(4) wbuf; 144 char *wtail; 145 int len; 146 147 len = strlen(msg); 148 if (len > sizeof (wbuf.space)) 149 len = sizeof (wbuf.space); 150 151 wbuf.t.th_opcode = htons((ushort_t)ERROR); 152 wbuf.t.th_code = htons(errcode); 153 154 wtail = wbuf.t.th_msg; 155 bcopy(msg, wtail, len); 156 wtail[len] = '\0'; 157 wtail += len + 1; 158 159 sendudp(h->iodesc, &wbuf.t, wtail - (char *)&wbuf.t); 160 } 161 162 static void 163 tftp_sendack(struct tftp_handle *h, ushort_t block) 164 { 165 struct { 166 uchar_t header[HEADER_SIZE]; 167 struct tftphdr t; 168 } __packed __aligned(4) wbuf; 169 char *wtail; 170 171 wbuf.t.th_opcode = htons((ushort_t)ACK); 172 wtail = (char *)&wbuf.t.th_block; 173 wbuf.t.th_block = htons(block); 174 wtail += 2; 175 176 sendudp(h->iodesc, &wbuf.t, wtail - (char *)&wbuf.t); 177 } 178 179 static ssize_t 180 recvtftp(struct iodesc *d, void **pkt, void **payload, time_t tleft, 181 void *recv_extra) 182 { 183 struct tftprecv_extra *extra; 184 struct tftp_handle *h; 185 struct tftphdr *t; 186 void *ptr = NULL; 187 ssize_t len; 188 189 errno = 0; 190 extra = recv_extra; 191 h = extra->tftp_handle; 192 193 len = readudp(d, &ptr, (void **)&t, tleft); 194 195 if (len < 4) { 196 free(ptr); 197 return (-1); 198 } 199 200 extra->rtype = ntohs(t->th_opcode); 201 switch (ntohs(t->th_opcode)) { 202 case DATA: { 203 int got; 204 205 if (htons(t->th_block) < (ushort_t)d->xid) { 206 /* 207 * Apparently our ACK was missed, re-send. 208 */ 209 tftp_sendack(h, htons(t->th_block)); 210 free(ptr); 211 return (-1); 212 } 213 if (htons(t->th_block) != (ushort_t)d->xid) { 214 /* 215 * Packet from the future, drop this. 216 */ 217 free(ptr); 218 return (-1); 219 } 220 if (d->xid == 1) { 221 /* 222 * First data packet from new port. 223 */ 224 struct udphdr *uh; 225 uh = (struct udphdr *)t - 1; 226 d->destport = uh->uh_sport; 227 } 228 got = len - (t->th_data - (char *)t); 229 *pkt = ptr; 230 *payload = t; 231 return (got); 232 } 233 case ERROR: 234 if ((unsigned)ntohs(t->th_code) > TFTP_MAX_ERRCODE) { 235 printf("illegal tftp error %d\n", ntohs(t->th_code)); 236 errno = EIO; 237 } else { 238 #ifdef TFTP_DEBUG 239 printf("tftp-error %d\n", ntohs(t->th_code)); 240 #endif 241 errno = tftperrors[ntohs(t->th_code)]; 242 } 243 free(ptr); 244 return (-1); 245 case OACK: { 246 struct udphdr *uh; 247 int tftp_oack_len; 248 249 /* 250 * Unexpected OACK. TFTP transfer already in progress. 251 * Drop the pkt. 252 */ 253 if (d->xid != 1) { 254 free(ptr); 255 return (-1); 256 } 257 258 /* 259 * Remember which port this OACK came from, because we need 260 * to send the ACK or errors back to it. 261 */ 262 uh = (struct udphdr *)t - 1; 263 d->destport = uh->uh_sport; 264 265 /* Parse options ACK-ed by the server. */ 266 tftp_oack_len = len - sizeof (t->th_opcode); 267 if (tftp_parse_oack(h, t->th_u.tu_stuff, tftp_oack_len) != 0) { 268 tftp_senderr(h, EOPTNEG, "Malformed OACK"); 269 errno = EIO; 270 free(ptr); 271 return (-1); 272 } 273 *pkt = ptr; 274 *payload = t; 275 return (0); 276 } 277 default: 278 #ifdef TFTP_DEBUG 279 printf("tftp type %d not handled\n", ntohs(t->th_opcode)); 280 #endif 281 free(ptr); 282 return (-1); 283 } 284 } 285 286 /* send request, expect first block (or error) */ 287 static int 288 tftp_makereq(struct tftp_handle *h) 289 { 290 struct { 291 uchar_t header[HEADER_SIZE]; 292 struct tftphdr t; 293 uchar_t space[FNAME_SIZE + 6]; 294 } __packed __aligned(4) wbuf; 295 struct tftprecv_extra recv_extra; 296 char *wtail; 297 int l; 298 ssize_t res; 299 void *pkt; 300 struct tftphdr *t; 301 char *tftp_blksize = NULL; 302 int blksize_l; 303 304 /* 305 * Allow overriding default TFTP block size by setting 306 * a tftp.blksize environment variable. 307 */ 308 if ((tftp_blksize = getenv("tftp.blksize")) != NULL) { 309 tftp_set_blksize(h, tftp_blksize); 310 } 311 312 wbuf.t.th_opcode = htons((ushort_t)RRQ); 313 wtail = wbuf.t.th_stuff; 314 l = strlen(h->path); 315 #ifdef TFTP_PREPEND_PATH 316 if (l > FNAME_SIZE - (sizeof (TFTP_PREPEND_PATH) - 1)) 317 return (ENAMETOOLONG); 318 bcopy(TFTP_PREPEND_PATH, wtail, sizeof (TFTP_PREPEND_PATH) - 1); 319 wtail += sizeof (TFTP_PREPEND_PATH) - 1; 320 #else 321 if (l > FNAME_SIZE) 322 return (ENAMETOOLONG); 323 #endif 324 bcopy(h->path, wtail, l + 1); 325 wtail += l + 1; 326 bcopy("octet", wtail, 6); 327 wtail += 6; 328 bcopy("blksize", wtail, 8); 329 wtail += 8; 330 blksize_l = sprintf(wtail, "%d", h->tftp_blksize); 331 wtail += blksize_l + 1; 332 bcopy("tsize", wtail, 6); 333 wtail += 6; 334 bcopy("0", wtail, 2); 335 wtail += 2; 336 337 h->iodesc->myport = htons(tftpport + (getsecs() & 0x3ff)); 338 h->iodesc->destport = htons(IPPORT_TFTP); 339 h->iodesc->xid = 1; /* expected block */ 340 341 h->currblock = 0; 342 h->islastblock = 0; 343 h->validsize = 0; 344 345 pkt = NULL; 346 recv_extra.tftp_handle = h; 347 res = sendrecv(h->iodesc, &sendudp, &wbuf.t, wtail - (char *)&wbuf.t, 348 &recvtftp, &pkt, (void **)&t, &recv_extra); 349 if (res == -1) { 350 free(pkt); 351 return (errno); 352 } 353 354 free(h->pkt); 355 h->pkt = pkt; 356 h->tftp_hdr = t; 357 358 if (recv_extra.rtype == OACK) 359 return (tftp_getnextblock(h)); 360 361 /* Server ignored our blksize request, revert to TFTP default. */ 362 h->tftp_blksize = SEGSIZE; 363 364 switch (recv_extra.rtype) { 365 case DATA: { 366 h->currblock = 1; 367 h->validsize = res; 368 h->islastblock = 0; 369 if (res < h->tftp_blksize) { 370 h->islastblock = 1; /* very short file */ 371 tftp_sendack(h, h->currblock); 372 } 373 return (0); 374 } 375 case ERROR: 376 default: 377 return (errno); 378 } 379 380 } 381 382 /* ack block, expect next */ 383 static int 384 tftp_getnextblock(struct tftp_handle *h) 385 { 386 struct { 387 uchar_t header[HEADER_SIZE]; 388 struct tftphdr t; 389 } __packed __aligned(4) wbuf; 390 struct tftprecv_extra recv_extra; 391 char *wtail; 392 int res; 393 void *pkt; 394 struct tftphdr *t; 395 396 wbuf.t.th_opcode = htons((ushort_t)ACK); 397 wtail = (char *)&wbuf.t.th_block; 398 wbuf.t.th_block = htons((ushort_t)h->currblock); 399 wtail += 2; 400 401 h->iodesc->xid = h->currblock + 1; /* expected block */ 402 403 pkt = NULL; 404 recv_extra.tftp_handle = h; 405 res = sendrecv(h->iodesc, &sendudp, &wbuf.t, wtail - (char *)&wbuf.t, 406 &recvtftp, &pkt, (void **)&t, &recv_extra); 407 408 if (res == -1) { /* 0 is OK! */ 409 free(pkt); 410 return (errno); 411 } 412 413 free(h->pkt); 414 h->pkt = pkt; 415 h->tftp_hdr = t; 416 h->currblock++; 417 h->validsize = res; 418 if (res < h->tftp_blksize) 419 h->islastblock = 1; /* EOF */ 420 421 if (h->islastblock == 1) { 422 /* Send an ACK for the last block */ 423 wbuf.t.th_block = htons((ushort_t)h->currblock); 424 sendudp(h->iodesc, &wbuf.t, wtail - (char *)&wbuf.t); 425 } 426 427 return (0); 428 } 429 430 static int 431 tftp_open(const char *path, struct open_file *f) 432 { 433 struct devdesc *dev; 434 struct tftp_handle *tftpfile; 435 struct iodesc *io; 436 int res; 437 const char *extraslash; 438 439 if (netproto != NET_TFTP) 440 return (EINVAL); 441 442 if (f->f_dev->dv_type != DEVT_NET) 443 return (EINVAL); 444 445 if (is_open) 446 return (EBUSY); 447 448 tftpfile = calloc(1, sizeof (*tftpfile)); 449 if (!tftpfile) 450 return (ENOMEM); 451 452 tftpfile->tftp_blksize = TFTP_REQUESTED_BLKSIZE; 453 dev = f->f_devdata; 454 tftpfile->iodesc = io = socktodesc(*(int *)(dev->d_opendata)); 455 if (io == NULL) { 456 free(tftpfile); 457 return (EINVAL); 458 } 459 460 io->destip = rootip; 461 tftpfile->off = 0; 462 463 /* 464 * Remove leading '/' from path, because we will append it to 465 * rootpath. 466 */ 467 while (path[0] == '/') 468 path++; 469 470 /* tftp does not support reading directories */ 471 if (path[0] == '\0' || path[strlen(path) - 1] == '/') 472 return (EPERM); 473 474 if (rootpath[strlen(rootpath) - 1] == '/') { 475 extraslash = ""; 476 } else { 477 extraslash = "/"; 478 } 479 480 res = asprintf(&tftpfile->path, "%s%s%s", rootpath, extraslash, path); 481 if (res < 0) { 482 free(tftpfile); 483 return (ENOMEM); 484 } 485 486 res = tftp_makereq(tftpfile); 487 if (res) { 488 free(tftpfile->path); 489 free(tftpfile->pkt); 490 free(tftpfile); 491 return (res); 492 } 493 f->f_fsdata = tftpfile; 494 is_open = 1; 495 return (0); 496 } 497 498 static int 499 tftp_read(struct open_file *f, void *addr, size_t size, 500 size_t *resid /* out */) 501 { 502 struct tftp_handle *tftpfile; 503 size_t res; 504 int rc; 505 506 rc = 0; 507 res = size; 508 tftpfile = f->f_fsdata; 509 510 /* Make sure we will not read past file end */ 511 if (tftpfile->tftp_tsize > 0 && 512 tftpfile->off + size > tftpfile->tftp_tsize) { 513 size = tftpfile->tftp_tsize - tftpfile->off; 514 } 515 516 while (size > 0) { 517 int needblock, count; 518 519 twiddle(32); 520 521 needblock = tftpfile->off / tftpfile->tftp_blksize + 1; 522 523 if (tftpfile->currblock > needblock) { /* seek backwards */ 524 tftp_senderr(tftpfile, 0, "No error: read aborted"); 525 rc = tftp_makereq(tftpfile); 526 if (rc != 0) 527 break; 528 } 529 530 while (tftpfile->currblock < needblock) { 531 532 rc = tftp_getnextblock(tftpfile); 533 if (rc) { /* no answer */ 534 #ifdef TFTP_DEBUG 535 printf("tftp: read error\n"); 536 #endif 537 return (rc); 538 } 539 if (tftpfile->islastblock) 540 break; 541 } 542 543 if (tftpfile->currblock == needblock) { 544 int offinblock, inbuffer; 545 546 offinblock = tftpfile->off % tftpfile->tftp_blksize; 547 548 inbuffer = tftpfile->validsize - offinblock; 549 if (inbuffer < 0) { 550 #ifdef TFTP_DEBUG 551 printf("tftp: invalid offset %d\n", 552 tftpfile->off); 553 #endif 554 return (EINVAL); 555 } 556 count = (size < inbuffer ? size : inbuffer); 557 bcopy(tftpfile->tftp_hdr->th_data + offinblock, 558 addr, count); 559 560 addr = (char *)addr + count; 561 tftpfile->off += count; 562 size -= count; 563 res -= count; 564 565 if ((tftpfile->islastblock) && (count == inbuffer)) 566 break; /* EOF */ 567 } else { 568 #ifdef TFTP_DEBUG 569 printf("tftp: block %d not found\n", needblock); 570 #endif 571 return (EINVAL); 572 } 573 574 } 575 576 if (resid != NULL) 577 *resid = res; 578 return (rc); 579 } 580 581 static int 582 tftp_close(struct open_file *f) 583 { 584 struct tftp_handle *tftpfile; 585 tftpfile = f->f_fsdata; 586 587 /* let it time out ... */ 588 589 if (tftpfile) { 590 free(tftpfile->path); 591 free(tftpfile->pkt); 592 free(tftpfile); 593 } 594 is_open = 0; 595 return (0); 596 } 597 598 static int 599 tftp_stat(struct open_file *f, struct stat *sb) 600 { 601 struct tftp_handle *tftpfile; 602 tftpfile = f->f_fsdata; 603 604 sb->st_mode = 0444 | S_IFREG; 605 sb->st_nlink = 1; 606 sb->st_uid = 0; 607 sb->st_gid = 0; 608 sb->st_size = tftpfile->tftp_tsize; 609 return (0); 610 } 611 612 static off_t 613 tftp_seek(struct open_file *f, off_t offset, int where) 614 { 615 struct tftp_handle *tftpfile; 616 tftpfile = f->f_fsdata; 617 618 switch (where) { 619 case SEEK_SET: 620 tftpfile->off = offset; 621 break; 622 case SEEK_CUR: 623 tftpfile->off += offset; 624 break; 625 default: 626 errno = EOFFSET; 627 return (-1); 628 } 629 return (tftpfile->off); 630 } 631 632 static int 633 tftp_set_blksize(struct tftp_handle *h, const char *str) 634 { 635 char *endptr; 636 int new_blksize; 637 int ret = 0; 638 639 if (h == NULL || str == NULL) 640 return (ret); 641 642 new_blksize = 643 (unsigned int)strtol(str, &endptr, 0); 644 645 /* 646 * Only accept blksize value if it is numeric. 647 * RFC2348 specifies that acceptable values are 8-65464. 648 * Let's choose a limit less than MAXRSPACE. 649 */ 650 if (*endptr == '\0' && new_blksize >= 8 && 651 new_blksize <= TFTP_MAX_BLKSIZE) { 652 h->tftp_blksize = new_blksize; 653 ret = 1; 654 } 655 656 return (ret); 657 } 658 659 /* 660 * In RFC2347, the TFTP Option Acknowledgement package (OACK) 661 * is used to acknowledge a client's option negotiation request. 662 * The format of an OACK packet is: 663 * +-------+---~~---+---+---~~---+---+---~~---+---+---~~---+---+ 664 * | opc | opt1 | 0 | value1 | 0 | optN | 0 | valueN | 0 | 665 * +-------+---~~---+---+---~~---+---+---~~---+---+---~~---+---+ 666 * 667 * opc 668 * The opcode field contains a 6, for Option Acknowledgment. 669 * 670 * opt1 671 * The first option acknowledgment, copied from the original 672 * request. 673 * 674 * value1 675 * The acknowledged value associated with the first option. If 676 * and how this value may differ from the original request is 677 * detailed in the specification for the option. 678 * 679 * optN, valueN 680 * The final option/value acknowledgment pair. 681 */ 682 static int 683 tftp_parse_oack(struct tftp_handle *h, char *buf, size_t len) 684 { 685 /* 686 * We parse the OACK strings into an array 687 * of name-value pairs. 688 */ 689 char *tftp_options[128] = { 0 }; 690 char *val = buf; 691 int i = 0; 692 int option_idx = 0; 693 int blksize_is_set = 0; 694 int tsize = 0; 695 696 unsigned int orig_blksize; 697 698 while (option_idx < 128 && i < len) { 699 if (buf[i] == '\0') { 700 if (&buf[i] > val) { 701 tftp_options[option_idx] = val; 702 val = &buf[i] + 1; 703 ++option_idx; 704 } 705 } 706 ++i; 707 } 708 709 /* Save the block size we requested for sanity check later. */ 710 orig_blksize = h->tftp_blksize; 711 712 /* 713 * Parse individual TFTP options. 714 * * "blksize" is specified in RFC2348. 715 * * "tsize" is specified in RFC2349. 716 */ 717 for (i = 0; i < option_idx; i += 2) { 718 if (strcasecmp(tftp_options[i], "blksize") == 0) { 719 if (i + 1 < option_idx) 720 blksize_is_set = 721 tftp_set_blksize(h, tftp_options[i + 1]); 722 } else if (strcasecmp(tftp_options[i], "tsize") == 0) { 723 if (i + 1 < option_idx) 724 tsize = strtol(tftp_options[i + 1], NULL, 10); 725 if (tsize != 0) 726 h->tftp_tsize = tsize; 727 } else { 728 /* 729 * Do not allow any options we did not expect to be 730 * ACKed. 731 */ 732 printf("unexpected tftp option '%s'\n", 733 tftp_options[i]); 734 return (-1); 735 } 736 } 737 738 if (!blksize_is_set) { 739 /* 740 * If TFTP blksize was not set, try defaulting 741 * to the legacy TFTP blksize of SEGSIZE(512) 742 */ 743 h->tftp_blksize = SEGSIZE; 744 } else if (h->tftp_blksize > orig_blksize) { 745 /* 746 * Server should not be proposing block sizes that 747 * exceed what we said we can handle. 748 */ 749 printf("unexpected blksize %u\n", h->tftp_blksize); 750 return (-1); 751 } 752 753 #ifdef TFTP_DEBUG 754 printf("tftp_blksize: %u\n", h->tftp_blksize); 755 printf("tftp_tsize: %lu\n", h->tftp_tsize); 756 #endif 757 return (0); 758 } 759