1 /*
2 * Copyright (c) 1983 Regents of the University of California.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the University of
16 * California, Berkeley and its contributors.
17 * 4. Neither the name of the University nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #ifndef lint
35 char copyright[] =
36 "@(#) Copyright (c) 1983 Regents of the University of California.\n\
37 All rights reserved.\n";
38 #endif /* not lint */
39
40 #ifndef lint
41 /*static char sccsid[] = "from: @(#)tftpd.c 5.13 (Berkeley) 2/26/91";*/
42 /*static char rcsid[] = "$Id: tftpd.c,v 1.3 1993/08/01 18:28:53 mycroft Exp $";*/
43 #endif /* not lint */
44
45 /*
46 * Trivial file transfer protocol server.
47 *
48 * This version includes many modifications by Jim Guyton <guyton@rand-unix>
49 */
50
51 #include <sys/types.h>
52 #include <sys/ioctl.h>
53 #include <sys/stat.h>
54 #include <unistd.h>
55 #include <signal.h>
56 #include <fcntl.h>
57
58 #include <sys/socket.h>
59 #include <netinet/in.h>
60 #include <netdb.h>
61
62 #include <setjmp.h>
63 #include <syslog.h>
64 #include <stdio.h>
65 #include <errno.h>
66 #include <ctype.h>
67 #include <string.h>
68 #include <stdlib.h>
69
70 #include "tftp.h"
71
72 #ifndef MSG_CONFIRM
73 #define MSG_CONFIRM 0
74 #warning Please, upgrade kernel, otherwise this tftpd has no advantages.
75 #endif
76
77 #define TIMEOUT 5
78
79 int peer;
80 int rexmtval = TIMEOUT;
81 int maxtimeout = 5*TIMEOUT;
82
83 #define PKTSIZE SEGSIZE+4
84 char buf[PKTSIZE];
85 char ackbuf[PKTSIZE];
86 union {
87 struct sockaddr sa;
88 struct sockaddr_in sin;
89 struct sockaddr_in6 sin6;
90 } from;
91 socklen_t fromlen;
92
93 #define MAXARG 1
94 char *dirs[MAXARG+1];
95
96 void tftp(struct tftphdr *tp, int size) __attribute__((noreturn));
97 void nak(int error);
98 int validate_access(char *filename, int mode);
99
100 struct formats;
101
102 void sendfile(struct formats *pf);
103 void recvfile(struct formats *pf);
104
105
main(int ac,char ** av)106 int main(int ac, char **av)
107 {
108 register struct tftphdr *tp;
109 register int n = 0;
110 int on = 1;
111
112 /* Sanity. If parent forgot to setuid() on us. */
113 if (geteuid() == 0) {
114 setgid(65534);
115 setuid(65534);
116 }
117
118 ac--; av++;
119 while (ac-- > 0 && n < MAXARG)
120 dirs[n++] = *av++;
121
122 openlog("tftpd", LOG_PID, LOG_DAEMON);
123 if (ioctl(0, FIONBIO, &on) < 0) {
124 syslog(LOG_ERR, "ioctl(FIONBIO): %m\n");
125 exit(1);
126 }
127 fromlen = sizeof (from);
128 n = recvfrom(0, buf, sizeof (buf), 0,
129 (struct sockaddr *)&from, &fromlen);
130 if (n < 0) {
131 if (errno != EAGAIN)
132 syslog(LOG_ERR, "recvfrom: %m\n");
133 exit(1);
134 }
135 /*
136 * Now that we have read the message out of the UDP
137 * socket, we fork and exit. Thus, inetd will go back
138 * to listening to the tftp port, and the next request
139 * to come in will start up a new instance of tftpd.
140 *
141 * We do this so that inetd can run tftpd in "wait" mode.
142 * The problem with tftpd running in "nowait" mode is that
143 * inetd may get one or more successful "selects" on the
144 * tftp port before we do our receive, so more than one
145 * instance of tftpd may be started up. Worse, if tftpd
146 * break before doing the above "recvfrom", inetd would
147 * spawn endless instances, clogging the system.
148 */
149 {
150 int pid;
151 int i;
152 socklen_t j;
153
154 for (i = 1; i < 20; i++) {
155 pid = fork();
156 if (pid < 0) {
157 sleep(i);
158 /*
159 * flush out to most recently sent request.
160 *
161 * This may drop some request, but those
162 * will be resent by the clients when
163 * they timeout. The positive effect of
164 * this flush is to (try to) prevent more
165 * than one tftpd being started up to service
166 * a single request from a single client.
167 */
168 j = sizeof from;
169 i = recvfrom(0, buf, sizeof (buf), 0,
170 (struct sockaddr *)&from, &j);
171 if (i > 0) {
172 n = i;
173 fromlen = j;
174 }
175 } else {
176 break;
177 }
178 }
179 if (pid < 0) {
180 syslog(LOG_ERR, "fork: %m\n");
181 exit(1);
182 } else if (pid != 0) {
183 exit(0);
184 }
185 }
186 alarm(0);
187 close(0);
188 close(1);
189 peer = socket(from.sa.sa_family, SOCK_DGRAM, 0);
190 if (peer < 0) {
191 syslog(LOG_ERR, "socket: %m\n");
192 exit(1);
193 }
194 if (connect(peer, (struct sockaddr *)&from, sizeof(from)) < 0) {
195 syslog(LOG_ERR, "connect: %m\n");
196 exit(1);
197 }
198 tp = (struct tftphdr *)buf;
199 tp->th_opcode = ntohs(tp->th_opcode);
200 if (tp->th_opcode == RRQ || tp->th_opcode == WRQ)
201 tftp(tp, n);
202 exit(1);
203 }
204
205 struct formats {
206 char *f_mode;
207 int (*f_validate)(char *filename, int mode);
208 void (*f_send)(struct formats*);
209 void (*f_recv)(struct formats*);
210 int f_convert;
211 } formats[] = {
212 { "netascii", validate_access, sendfile, recvfile, 1 },
213 { "octet", validate_access, sendfile, recvfile, 0 },
214 #ifdef notdef
215 { "mail", validate_user, sendmail, recvmail, 1 },
216 #endif
217 { 0 }
218 };
219
220 /*
221 * Handle initial connection protocol.
222 */
tftp(struct tftphdr * tp,int size)223 void tftp(struct tftphdr *tp, int size)
224 {
225 register char *cp;
226 int first = 1, ecode;
227 register struct formats *pf;
228 char *filename, *mode = NULL;
229
230 filename = cp = tp->th_stuff;
231 again:
232 while (cp < buf + size) {
233 if (*cp == '\0')
234 break;
235 cp++;
236 }
237 if (*cp != '\0') {
238 nak(EBADOP);
239 exit(1);
240 }
241 if (first) {
242 mode = ++cp;
243 first = 0;
244 goto again;
245 }
246 for (cp = mode; *cp; cp++)
247 if (isupper(*cp))
248 *cp = tolower(*cp);
249 for (pf = formats; pf->f_mode; pf++)
250 if (strcmp(pf->f_mode, mode) == 0)
251 break;
252 if (pf->f_mode == 0) {
253 nak(EBADOP);
254 exit(1);
255 }
256 ecode = (*pf->f_validate)(filename, tp->th_opcode);
257 if (ecode) {
258 nak(ecode);
259 exit(1);
260 }
261 if (tp->th_opcode == WRQ)
262 (*pf->f_recv)(pf);
263 else
264 (*pf->f_send)(pf);
265 exit(0);
266 }
267
268
269 FILE *file;
270
271 /*
272 * Validate file access. Since we
273 * have no uid or gid, for now require
274 * file to exist and be publicly
275 * readable/writable.
276 * If we were invoked with arguments
277 * from inetd then the file must also be
278 * in one of the given directory prefixes.
279 * Note also, full path name must be
280 * given as we have no login directory.
281 */
validate_access(char * filename,int mode)282 int validate_access(char *filename, int mode)
283 {
284 struct stat stbuf;
285 int fd;
286 char *cp;
287 char fnamebuf[1024+512];
288
289 for (cp = filename; *cp; cp++) {
290 if(*cp == '.' && (cp == filename || strncmp(cp-1, "/../", 4) == 0)) {
291 syslog(LOG_ERR, "bad path %s", filename);
292 return(EACCESS);
293 }
294 }
295
296 if (*filename == '/')
297 filename++;
298
299 if (!*dirs) {
300 syslog(LOG_ERR, "no dirs");
301 return EACCESS;
302 }
303 snprintf(fnamebuf, sizeof(fnamebuf)-1, "%s/%s", *dirs, filename);
304 filename = fnamebuf;
305
306 if (stat(filename, &stbuf) < 0) {
307 syslog(LOG_ERR, "stat %s : %m", filename);
308 return (errno == ENOENT ? ENOTFOUND : EACCESS);
309 }
310 if (mode == RRQ) {
311 if ((stbuf.st_mode&(S_IREAD >> 6)) == 0) {
312 syslog(LOG_ERR, "not readable %s", filename);
313 return (EACCESS);
314 }
315 } else {
316 if ((stbuf.st_mode&(S_IWRITE >> 6)) == 0) {
317 syslog(LOG_ERR, "not writable %s", filename);
318 return (EACCESS);
319 }
320 }
321 fd = open(filename, mode == RRQ ? 0 : 1);
322 if (fd < 0) {
323 syslog(LOG_ERR, "cannot open %s: %m", filename);
324 return (errno + 100);
325 }
326 file = fdopen(fd, (mode == RRQ)? "r":"w");
327 if (file == NULL) {
328 return errno+100;
329 }
330 return (0);
331 }
332
333 int confirmed;
334 int timeout;
335 jmp_buf timeoutbuf;
336
timer(int signo)337 void timer(int signo)
338 {
339 confirmed = 0;
340 timeout += rexmtval;
341 if (timeout >= maxtimeout)
342 exit(1);
343 longjmp(timeoutbuf, 1);
344 }
345
346 /*
347 * Send the requested file.
348 */
sendfile(struct formats * pf)349 void sendfile(struct formats *pf)
350 {
351 struct tftphdr *dp;
352 register struct tftphdr *ap; /* ack packet */
353 volatile int block = 1;
354 int size, n;
355
356 confirmed = 0;
357 signal(SIGALRM, timer);
358 dp = r_init();
359 ap = (struct tftphdr *)ackbuf;
360 do {
361 size = readit(file, &dp, pf->f_convert);
362 if (size < 0) {
363 nak(errno + 100);
364 goto abort;
365 }
366 dp->th_opcode = htons((u_short)DATA);
367 dp->th_block = htons((u_short)block);
368 timeout = 0;
369 (void) setjmp(timeoutbuf);
370
371 send_data:
372 if (send(peer, dp, size + 4, confirmed) != size + 4) {
373 syslog(LOG_ERR, "tftpd: write: %m\n");
374 goto abort;
375 }
376 confirmed = 0;
377 read_ahead(file, pf->f_convert);
378 for ( ; ; ) {
379 alarm(rexmtval); /* read the ack */
380 n = recv(peer, ackbuf, sizeof (ackbuf), 0);
381 alarm(0);
382 if (n < 0) {
383 syslog(LOG_ERR, "tftpd: read: %m\n");
384 goto abort;
385 }
386 ap->th_opcode = ntohs((u_short)ap->th_opcode);
387 ap->th_block = ntohs((u_short)ap->th_block);
388
389 if (ap->th_opcode == ERROR)
390 goto abort;
391
392 if (ap->th_opcode == ACK) {
393 if (ap->th_block == block) {
394 confirmed = MSG_CONFIRM;
395 break;
396 }
397 /* Re-synchronize with the other side */
398 synchnet(peer);
399 if (ap->th_block == (block -1)) {
400 goto send_data;
401 }
402 }
403
404 }
405 block++;
406 } while (size == SEGSIZE);
407 abort:
408 (void) fclose(file);
409 }
410
justquit(int signo)411 void justquit(int signo)
412 {
413 exit(0);
414 }
415
416
417 /*
418 * Receive a file.
419 */
recvfile(struct formats * pf)420 void recvfile(struct formats *pf)
421 {
422 struct tftphdr *dp;
423 register struct tftphdr *ap; /* ack buffer */
424 volatile int block = 0, n, size;
425
426 confirmed = 0;
427 signal(SIGALRM, timer);
428 dp = w_init();
429 ap = (struct tftphdr *)ackbuf;
430 do {
431 timeout = 0;
432 ap->th_opcode = htons((u_short)ACK);
433 ap->th_block = htons((u_short)block);
434 block++;
435 (void) setjmp(timeoutbuf);
436 send_ack:
437 if (send(peer, ackbuf, 4, confirmed) != 4) {
438 syslog(LOG_ERR, "tftpd: write: %m\n");
439 goto abort;
440 }
441 confirmed = 0;
442 write_behind(file, pf->f_convert);
443 for ( ; ; ) {
444 alarm(rexmtval);
445 n = recv(peer, dp, PKTSIZE, 0);
446 alarm(0);
447 if (n < 0) { /* really? */
448 syslog(LOG_ERR, "tftpd: read: %m\n");
449 goto abort;
450 }
451 dp->th_opcode = ntohs((u_short)dp->th_opcode);
452 dp->th_block = ntohs((u_short)dp->th_block);
453 if (dp->th_opcode == ERROR)
454 goto abort;
455 if (dp->th_opcode == DATA) {
456 if (dp->th_block == block) {
457 confirmed = MSG_CONFIRM;
458 break; /* normal */
459 }
460 /* Re-synchronize with the other side */
461 (void) synchnet(peer);
462 if (dp->th_block == (block-1))
463 goto send_ack; /* rexmit */
464 }
465 }
466 /* size = write(file, dp->th_data, n - 4); */
467 size = writeit(file, &dp, n - 4, pf->f_convert);
468 if (size != (n-4)) { /* ahem */
469 if (size < 0) nak(errno + 100);
470 else nak(ENOSPACE);
471 goto abort;
472 }
473 } while (size == SEGSIZE);
474 write_behind(file, pf->f_convert);
475 (void) fclose(file); /* close data file */
476
477 ap->th_opcode = htons((u_short)ACK); /* send the "final" ack */
478 ap->th_block = htons((u_short)(block));
479 (void) send(peer, ackbuf, 4, confirmed);
480
481 signal(SIGALRM, justquit); /* just quit on timeout */
482 alarm(rexmtval);
483 n = recv(peer, buf, sizeof (buf), 0); /* normally times out and quits */
484 alarm(0);
485 if (n >= 4 && /* if read some data */
486 dp->th_opcode == DATA && /* and got a data block */
487 block == dp->th_block) { /* then my last ack was lost */
488 (void) send(peer, ackbuf, 4, 0); /* resend final ack */
489 }
490 abort:
491 return;
492 }
493
494 struct errmsg {
495 int e_code;
496 char *e_msg;
497 } errmsgs[] = {
498 { EUNDEF, "Undefined error code" },
499 { ENOTFOUND, "File not found" },
500 { EACCESS, "Access violation" },
501 { ENOSPACE, "Disk full or allocation exceeded" },
502 { EBADOP, "Illegal TFTP operation" },
503 { EBADID, "Unknown transfer ID" },
504 { EEXISTS, "File already exists" },
505 { ENOUSER, "No such user" },
506 { -1, 0 }
507 };
508
509 /*
510 * Send a nak packet (error message).
511 * Error code passed in is one of the
512 * standard TFTP codes, or a UNIX errno
513 * offset by 100.
514 */
nak(int error)515 void nak(int error)
516 {
517 register struct tftphdr *tp;
518 int length;
519 register struct errmsg *pe;
520
521 tp = (struct tftphdr *)buf;
522 tp->th_opcode = htons((u_short)ERROR);
523 tp->th_code = htons((u_short)error);
524 for (pe = errmsgs; pe->e_code >= 0; pe++)
525 if (pe->e_code == error)
526 break;
527 if (pe->e_code < 0) {
528 pe->e_msg = strerror(error - 100);
529 tp->th_code = EUNDEF; /* set 'undef' errorcode */
530 }
531 strcpy(tp->th_msg, pe->e_msg);
532 length = strlen(pe->e_msg);
533 tp->th_msg[length] = '\0';
534 length += 5;
535 if (send(peer, buf, length, 0) != length)
536 syslog(LOG_ERR, "nak: %m\n");
537 }
538