1 /*************************************************************************** 2 * _ _ ____ _ 3 * Project ___| | | | _ \| | 4 * / __| | | | |_) | | 5 * | (__| |_| | _ <| |___ 6 * \___|\___/|_| \_\_____| 7 * 8 * 9 * Trivial file transfer protocol server. 10 * 11 * This code includes many modifications by Jim Guyton <guyton@rand-unix> 12 * 13 * This source file was started based on netkit-tftpd 0.17 14 * Heavily modified for curl's test suite 15 */ 16 17 /* 18 * Copyright (c) 1983, 2016 Regents of the University of California. 19 * All rights reserved. 20 * 21 * Redistribution and use in source and binary forms, with or without 22 * modification, are permitted provided that the following conditions 23 * are met: 24 * 1. Redistributions of source code must retain the above copyright 25 * notice, this list of conditions and the following disclaimer. 26 * 2. Redistributions in binary form must reproduce the above copyright 27 * notice, this list of conditions and the following disclaimer in the 28 * documentation and/or other materials provided with the distribution. 29 * 3. All advertising materials mentioning features or use of this software 30 * must display the following acknowledgement: 31 * This product includes software developed by the University of 32 * California, Berkeley and its contributors. 33 * 4. Neither the name of the University nor the names of its contributors 34 * may be used to endorse or promote products derived from this software 35 * without specific prior written permission. 36 * 37 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 38 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 40 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 41 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 42 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 43 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 45 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 46 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 47 * SUCH DAMAGE. 48 */ 49 50 #include "server_setup.h" 51 52 #ifdef HAVE_SYS_IOCTL_H 53 #include <sys/ioctl.h> 54 #endif 55 #ifdef HAVE_SIGNAL_H 56 #include <signal.h> 57 #endif 58 #ifdef HAVE_FCNTL_H 59 #include <fcntl.h> 60 #endif 61 #ifdef HAVE_NETINET_IN_H 62 #include <netinet/in.h> 63 #endif 64 #ifdef HAVE_ARPA_INET_H 65 #include <arpa/inet.h> 66 #endif 67 #ifdef HAVE_ARPA_TFTP_H 68 #include <arpa/tftp.h> 69 #else 70 #include "tftp.h" 71 #endif 72 #ifdef HAVE_NETDB_H 73 #include <netdb.h> 74 #endif 75 #ifdef HAVE_SYS_FILIO_H 76 /* FIONREAD on Solaris 7 */ 77 #include <sys/filio.h> 78 #endif 79 80 #include <setjmp.h> 81 82 #ifdef HAVE_PWD_H 83 #include <pwd.h> 84 #endif 85 86 #define ENABLE_CURLX_PRINTF 87 /* make the curlx header define all printf() functions to use the curlx_* 88 versions instead */ 89 #include "curlx.h" /* from the private lib dir */ 90 #include "getpart.h" 91 #include "util.h" 92 #include "server_sockaddr.h" 93 94 /* include memdebug.h last */ 95 #include "memdebug.h" 96 97 /***************************************************************************** 98 * STRUCT DECLARATIONS AND DEFINES * 99 *****************************************************************************/ 100 101 #ifndef PKTSIZE 102 #define PKTSIZE (SEGSIZE + 4) /* SEGSIZE defined in arpa/tftp.h */ 103 #endif 104 105 struct testcase { 106 char *buffer; /* holds the file data to send to the client */ 107 size_t bufsize; /* size of the data in buffer */ 108 char *rptr; /* read pointer into the buffer */ 109 size_t rcount; /* amount of data left to read of the file */ 110 long testno; /* test case number */ 111 int ofile; /* file descriptor for output file when uploading to us */ 112 113 int writedelay; /* number of seconds between each packet */ 114 }; 115 116 struct formats { 117 const char *f_mode; 118 int f_convert; 119 }; 120 121 struct errmsg { 122 int e_code; 123 const char *e_msg; 124 }; 125 126 typedef union { 127 struct tftphdr hdr; 128 char storage[PKTSIZE]; 129 } tftphdr_storage_t; 130 131 /* 132 * bf.counter values in range [-1 .. SEGSIZE] represents size of data in the 133 * bf.buf buffer. Additionally it can also hold flags BF_ALLOC or BF_FREE. 134 */ 135 136 struct bf { 137 int counter; /* size of data in buffer, or flag */ 138 tftphdr_storage_t buf; /* room for data packet */ 139 }; 140 141 #define BF_ALLOC -3 /* alloc'd but not yet filled */ 142 #define BF_FREE -2 /* free */ 143 144 #define opcode_RRQ 1 145 #define opcode_WRQ 2 146 #define opcode_DATA 3 147 #define opcode_ACK 4 148 #define opcode_ERROR 5 149 150 #define TIMEOUT 5 151 152 #undef MIN 153 #define MIN(x,y) ((x)<(y)?(x):(y)) 154 155 #ifndef DEFAULT_LOGFILE 156 #define DEFAULT_LOGFILE "log/tftpd.log" 157 #endif 158 159 #define REQUEST_DUMP "log/server.input" 160 161 #define DEFAULT_PORT 8999 /* UDP */ 162 163 /***************************************************************************** 164 * GLOBAL VARIABLES * 165 *****************************************************************************/ 166 167 static struct errmsg errmsgs[] = { 168 { EUNDEF, "Undefined error code" }, 169 { ENOTFOUND, "File not found" }, 170 { EACCESS, "Access violation" }, 171 { ENOSPACE, "Disk full or allocation exceeded" }, 172 { EBADOP, "Illegal TFTP operation" }, 173 { EBADID, "Unknown transfer ID" }, 174 { EEXISTS, "File already exists" }, 175 { ENOUSER, "No such user" }, 176 { -1, 0 } 177 }; 178 179 static struct formats formata[] = { 180 { "netascii", 1 }, 181 { "octet", 0 }, 182 { NULL, 0 } 183 }; 184 185 static struct bf bfs[2]; 186 187 static int nextone; /* index of next buffer to use */ 188 static int current; /* index of buffer in use */ 189 190 /* control flags for crlf conversions */ 191 static int newline = 0; /* fillbuf: in middle of newline expansion */ 192 static int prevchar = -1; /* putbuf: previous char (cr check) */ 193 194 static tftphdr_storage_t buf; 195 static tftphdr_storage_t ackbuf; 196 197 static srvr_sockaddr_union_t from; 198 static curl_socklen_t fromlen; 199 200 static curl_socket_t peer = CURL_SOCKET_BAD; 201 202 static int timeout; 203 static int maxtimeout = 5 * TIMEOUT; 204 205 #ifdef ENABLE_IPV6 206 static bool use_ipv6 = FALSE; 207 #endif 208 static const char *ipv_inuse = "IPv4"; 209 210 const char *serverlogfile = DEFAULT_LOGFILE; 211 static char *pidname= (char *)".tftpd.pid"; 212 static int serverlogslocked = 0; 213 static int wrotepidfile = 0; 214 215 #ifdef HAVE_SIGSETJMP 216 static sigjmp_buf timeoutbuf; 217 #endif 218 219 #if defined(HAVE_ALARM) && defined(SIGALRM) 220 static int rexmtval = TIMEOUT; 221 #endif 222 223 /* do-nothing macro replacement for systems which lack siginterrupt() */ 224 225 #ifndef HAVE_SIGINTERRUPT 226 #define siginterrupt(x,y) do {} while(0) 227 #endif 228 229 /* vars used to keep around previous signal handlers */ 230 231 typedef RETSIGTYPE (*SIGHANDLER_T)(int); 232 233 #ifdef SIGHUP 234 static SIGHANDLER_T old_sighup_handler = SIG_ERR; 235 #endif 236 237 #ifdef SIGPIPE 238 static SIGHANDLER_T old_sigpipe_handler = SIG_ERR; 239 #endif 240 241 #ifdef SIGINT 242 static SIGHANDLER_T old_sigint_handler = SIG_ERR; 243 #endif 244 245 #ifdef SIGTERM 246 static SIGHANDLER_T old_sigterm_handler = SIG_ERR; 247 #endif 248 249 #if defined(SIGBREAK) && defined(WIN32) 250 static SIGHANDLER_T old_sigbreak_handler = SIG_ERR; 251 #endif 252 253 /* var which if set indicates that the program should finish execution */ 254 255 SIG_ATOMIC_T got_exit_signal = 0; 256 257 /* if next is set indicates the first signal handled in exit_signal_handler */ 258 259 static volatile int exit_signal = 0; 260 261 /***************************************************************************** 262 * FUNCTION PROTOTYPES * 263 *****************************************************************************/ 264 265 static struct tftphdr *rw_init(int); 266 267 static struct tftphdr *w_init(void); 268 269 static struct tftphdr *r_init(void); 270 271 static void read_ahead(struct testcase *test, int convert); 272 273 static ssize_t write_behind(struct testcase *test, int convert); 274 275 static int synchnet(curl_socket_t); 276 277 static int do_tftp(struct testcase *test, struct tftphdr *tp, ssize_t size); 278 279 static int validate_access(struct testcase *test, const char *fname, int mode); 280 281 static void sendtftp(struct testcase *test, struct formats *pf); 282 283 static void recvtftp(struct testcase *test, struct formats *pf); 284 285 static void nak(int error); 286 287 #if defined(HAVE_ALARM) && defined(SIGALRM) 288 289 static void mysignal(int sig, void (*handler)(int)); 290 291 static void timer(int signum); 292 293 static void justtimeout(int signum); 294 295 #endif /* HAVE_ALARM && SIGALRM */ 296 297 static RETSIGTYPE exit_signal_handler(int signum); 298 299 static void install_signal_handlers(void); 300 301 static void restore_signal_handlers(void); 302 303 /***************************************************************************** 304 * FUNCTION IMPLEMENTATIONS * 305 *****************************************************************************/ 306 307 #if defined(HAVE_ALARM) && defined(SIGALRM) 308 309 /* 310 * Like signal(), but with well-defined semantics. 311 */ 312 static void mysignal(int sig, void (*handler)(int)) 313 { 314 struct sigaction sa; 315 memset(&sa, 0, sizeof(sa)); 316 sa.sa_handler = handler; 317 sigaction(sig, &sa, NULL); 318 } 319 320 static void timer(int signum) 321 { 322 (void)signum; 323 324 logmsg("alarm!"); 325 326 timeout += rexmtval; 327 if(timeout >= maxtimeout) { 328 if(wrotepidfile) { 329 wrotepidfile = 0; 330 unlink(pidname); 331 } 332 if(serverlogslocked) { 333 serverlogslocked = 0; 334 clear_advisor_read_lock(SERVERLOGS_LOCK); 335 } 336 exit(1); 337 } 338 #ifdef HAVE_SIGSETJMP 339 siglongjmp(timeoutbuf, 1); 340 #endif 341 } 342 343 static void justtimeout(int signum) 344 { 345 (void)signum; 346 } 347 348 #endif /* HAVE_ALARM && SIGALRM */ 349 350 /* signal handler that will be triggered to indicate that the program 351 should finish its execution in a controlled manner as soon as possible. 352 The first time this is called it will set got_exit_signal to one and 353 store in exit_signal the signal that triggered its execution. */ 354 355 static RETSIGTYPE exit_signal_handler(int signum) 356 { 357 int old_errno = errno; 358 if(got_exit_signal == 0) { 359 got_exit_signal = 1; 360 exit_signal = signum; 361 } 362 (void)signal(signum, exit_signal_handler); 363 errno = old_errno; 364 } 365 366 static void install_signal_handlers(void) 367 { 368 #ifdef SIGHUP 369 /* ignore SIGHUP signal */ 370 if((old_sighup_handler = signal(SIGHUP, SIG_IGN)) == SIG_ERR) 371 logmsg("cannot install SIGHUP handler: %s", strerror(errno)); 372 #endif 373 #ifdef SIGPIPE 374 /* ignore SIGPIPE signal */ 375 if((old_sigpipe_handler = signal(SIGPIPE, SIG_IGN)) == SIG_ERR) 376 logmsg("cannot install SIGPIPE handler: %s", strerror(errno)); 377 #endif 378 #ifdef SIGINT 379 /* handle SIGINT signal with our exit_signal_handler */ 380 if((old_sigint_handler = signal(SIGINT, exit_signal_handler)) == SIG_ERR) 381 logmsg("cannot install SIGINT handler: %s", strerror(errno)); 382 else 383 siginterrupt(SIGINT, 1); 384 #endif 385 #ifdef SIGTERM 386 /* handle SIGTERM signal with our exit_signal_handler */ 387 if((old_sigterm_handler = signal(SIGTERM, exit_signal_handler)) == SIG_ERR) 388 logmsg("cannot install SIGTERM handler: %s", strerror(errno)); 389 else 390 siginterrupt(SIGTERM, 1); 391 #endif 392 #if defined(SIGBREAK) && defined(WIN32) 393 /* handle SIGBREAK signal with our exit_signal_handler */ 394 if((old_sigbreak_handler = signal(SIGBREAK, exit_signal_handler)) == SIG_ERR) 395 logmsg("cannot install SIGBREAK handler: %s", strerror(errno)); 396 else 397 siginterrupt(SIGBREAK, 1); 398 #endif 399 } 400 401 static void restore_signal_handlers(void) 402 { 403 #ifdef SIGHUP 404 if(SIG_ERR != old_sighup_handler) 405 (void)signal(SIGHUP, old_sighup_handler); 406 #endif 407 #ifdef SIGPIPE 408 if(SIG_ERR != old_sigpipe_handler) 409 (void)signal(SIGPIPE, old_sigpipe_handler); 410 #endif 411 #ifdef SIGINT 412 if(SIG_ERR != old_sigint_handler) 413 (void)signal(SIGINT, old_sigint_handler); 414 #endif 415 #ifdef SIGTERM 416 if(SIG_ERR != old_sigterm_handler) 417 (void)signal(SIGTERM, old_sigterm_handler); 418 #endif 419 #if defined(SIGBREAK) && defined(WIN32) 420 if(SIG_ERR != old_sigbreak_handler) 421 (void)signal(SIGBREAK, old_sigbreak_handler); 422 #endif 423 } 424 425 /* 426 * init for either read-ahead or write-behind. 427 * zero for write-behind, one for read-head. 428 */ 429 static struct tftphdr *rw_init(int x) 430 { 431 newline = 0; /* init crlf flag */ 432 prevchar = -1; 433 bfs[0].counter = BF_ALLOC; /* pass out the first buffer */ 434 current = 0; 435 bfs[1].counter = BF_FREE; 436 nextone = x; /* ahead or behind? */ 437 return &bfs[0].buf.hdr; 438 } 439 440 static struct tftphdr *w_init(void) 441 { 442 return rw_init(0); /* write-behind */ 443 } 444 445 static struct tftphdr *r_init(void) 446 { 447 return rw_init(1); /* read-ahead */ 448 } 449 450 /* Have emptied current buffer by sending to net and getting ack. 451 Free it and return next buffer filled with data. 452 */ 453 static int readit(struct testcase *test, struct tftphdr **dpp, 454 int convert /* if true, convert to ascii */) 455 { 456 struct bf *b; 457 458 bfs[current].counter = BF_FREE; /* free old one */ 459 current = !current; /* "incr" current */ 460 461 b = &bfs[current]; /* look at new buffer */ 462 if(b->counter == BF_FREE) /* if it's empty */ 463 read_ahead(test, convert); /* fill it */ 464 465 *dpp = &b->buf.hdr; /* set caller's ptr */ 466 return b->counter; 467 } 468 469 /* 470 * fill the input buffer, doing ascii conversions if requested 471 * conversions are lf -> cr, lf and cr -> cr, nul 472 */ 473 static void read_ahead(struct testcase *test, 474 int convert /* if true, convert to ascii */) 475 { 476 int i; 477 char *p; 478 int c; 479 struct bf *b; 480 struct tftphdr *dp; 481 482 b = &bfs[nextone]; /* look at "next" buffer */ 483 if(b->counter != BF_FREE) /* nop if not free */ 484 return; 485 nextone = !nextone; /* "incr" next buffer ptr */ 486 487 dp = &b->buf.hdr; 488 489 if(convert == 0) { 490 /* The former file reading code did this: 491 b->counter = read(fileno(file), dp->th_data, SEGSIZE); */ 492 size_t copy_n = MIN(SEGSIZE, test->rcount); 493 memcpy(dp->th_data, test->rptr, copy_n); 494 495 /* decrease amount, advance pointer */ 496 test->rcount -= copy_n; 497 test->rptr += copy_n; 498 b->counter = (int)copy_n; 499 return; 500 } 501 502 p = dp->th_data; 503 for(i = 0 ; i < SEGSIZE; i++) { 504 if(newline) { 505 if(prevchar == '\n') 506 c = '\n'; /* lf to cr,lf */ 507 else 508 c = '\0'; /* cr to cr,nul */ 509 newline = 0; 510 } 511 else { 512 if(test->rcount) { 513 c=test->rptr[0]; 514 test->rptr++; 515 test->rcount--; 516 } 517 else 518 break; 519 if(c == '\n' || c == '\r') { 520 prevchar = c; 521 c = '\r'; 522 newline = 1; 523 } 524 } 525 *p++ = (char)c; 526 } 527 b->counter = (int)(p - dp->th_data); 528 } 529 530 /* Update count associated with the buffer, get new buffer from the queue. 531 Calls write_behind only if next buffer not available. 532 */ 533 static int writeit(struct testcase *test, struct tftphdr * volatile *dpp, 534 int ct, int convert) 535 { 536 bfs[current].counter = ct; /* set size of data to write */ 537 current = !current; /* switch to other buffer */ 538 if(bfs[current].counter != BF_FREE) /* if not free */ 539 write_behind(test, convert); /* flush it */ 540 bfs[current].counter = BF_ALLOC; /* mark as alloc'd */ 541 *dpp = &bfs[current].buf.hdr; 542 return ct; /* this is a lie of course */ 543 } 544 545 /* 546 * Output a buffer to a file, converting from netascii if requested. 547 * CR, NUL -> CR and CR, LF => LF. 548 * Note spec is undefined if we get CR as last byte of file or a 549 * CR followed by anything else. In this case we leave it alone. 550 */ 551 static ssize_t write_behind(struct testcase *test, int convert) 552 { 553 char *writebuf; 554 int count; 555 int ct; 556 char *p; 557 int c; /* current character */ 558 struct bf *b; 559 struct tftphdr *dp; 560 561 b = &bfs[nextone]; 562 if(b->counter < -1) /* anything to flush? */ 563 return 0; /* just nop if nothing to do */ 564 565 if(!test->ofile) { 566 char outfile[256]; 567 snprintf(outfile, sizeof(outfile), "log/upload.%ld", test->testno); 568 #ifdef WIN32 569 test->ofile=open(outfile, O_CREAT|O_RDWR|O_BINARY, 0777); 570 #else 571 test->ofile=open(outfile, O_CREAT|O_RDWR, 0777); 572 #endif 573 if(test->ofile == -1) { 574 logmsg("Couldn't create and/or open file %s for upload!", outfile); 575 return -1; /* failure! */ 576 } 577 } 578 579 count = b->counter; /* remember byte count */ 580 b->counter = BF_FREE; /* reset flag */ 581 dp = &b->buf.hdr; 582 nextone = !nextone; /* incr for next time */ 583 writebuf = dp->th_data; 584 585 if(count <= 0) 586 return -1; /* nak logic? */ 587 588 if(convert == 0) 589 return write(test->ofile, writebuf, count); 590 591 p = writebuf; 592 ct = count; 593 while(ct--) { /* loop over the buffer */ 594 c = *p++; /* pick up a character */ 595 if(prevchar == '\r') { /* if prev char was cr */ 596 if(c == '\n') /* if have cr,lf then just */ 597 lseek(test->ofile, -1, SEEK_CUR); /* smash lf on top of the cr */ 598 else 599 if(c == '\0') /* if have cr,nul then */ 600 goto skipit; /* just skip over the putc */ 601 /* else just fall through and allow it */ 602 } 603 /* formerly 604 putc(c, file); */ 605 if(1 != write(test->ofile, &c, 1)) 606 break; 607 skipit: 608 prevchar = c; 609 } 610 return count; 611 } 612 613 /* When an error has occurred, it is possible that the two sides are out of 614 * synch. Ie: that what I think is the other side's response to packet N is 615 * really their response to packet N-1. 616 * 617 * So, to try to prevent that, we flush all the input queued up for us on the 618 * network connection on our host. 619 * 620 * We return the number of packets we flushed (mostly for reporting when trace 621 * is active). 622 */ 623 624 static int synchnet(curl_socket_t f /* socket to flush */) 625 { 626 627 #if defined(HAVE_IOCTLSOCKET) 628 unsigned long i; 629 #else 630 int i; 631 #endif 632 int j = 0; 633 char rbuf[PKTSIZE]; 634 srvr_sockaddr_union_t fromaddr; 635 curl_socklen_t fromaddrlen; 636 637 for(;;) { 638 #if defined(HAVE_IOCTLSOCKET) 639 (void) ioctlsocket(f, FIONREAD, &i); 640 #else 641 (void) ioctl(f, FIONREAD, &i); 642 #endif 643 if(i) { 644 j++; 645 #ifdef ENABLE_IPV6 646 if(!use_ipv6) 647 #endif 648 fromaddrlen = sizeof(fromaddr.sa4); 649 #ifdef ENABLE_IPV6 650 else 651 fromaddrlen = sizeof(fromaddr.sa6); 652 #endif 653 (void) recvfrom(f, rbuf, sizeof(rbuf), 0, 654 &fromaddr.sa, &fromaddrlen); 655 } 656 else 657 break; 658 } 659 return j; 660 } 661 662 int main(int argc, char **argv) 663 { 664 srvr_sockaddr_union_t me; 665 struct tftphdr *tp; 666 ssize_t n = 0; 667 int arg = 1; 668 unsigned short port = DEFAULT_PORT; 669 curl_socket_t sock = CURL_SOCKET_BAD; 670 int flag; 671 int rc; 672 int error; 673 long pid; 674 struct testcase test; 675 int result = 0; 676 677 memset(&test, 0, sizeof(test)); 678 679 while(argc>arg) { 680 if(!strcmp("--version", argv[arg])) { 681 printf("tftpd IPv4%s\n", 682 #ifdef ENABLE_IPV6 683 "/IPv6" 684 #else 685 "" 686 #endif 687 ); 688 return 0; 689 } 690 else if(!strcmp("--pidfile", argv[arg])) { 691 arg++; 692 if(argc>arg) 693 pidname = argv[arg++]; 694 } 695 else if(!strcmp("--logfile", argv[arg])) { 696 arg++; 697 if(argc>arg) 698 serverlogfile = argv[arg++]; 699 } 700 else if(!strcmp("--ipv4", argv[arg])) { 701 #ifdef ENABLE_IPV6 702 ipv_inuse = "IPv4"; 703 use_ipv6 = FALSE; 704 #endif 705 arg++; 706 } 707 else if(!strcmp("--ipv6", argv[arg])) { 708 #ifdef ENABLE_IPV6 709 ipv_inuse = "IPv6"; 710 use_ipv6 = TRUE; 711 #endif 712 arg++; 713 } 714 else if(!strcmp("--port", argv[arg])) { 715 arg++; 716 if(argc>arg) { 717 char *endptr; 718 unsigned long ulnum = strtoul(argv[arg], &endptr, 10); 719 if((endptr != argv[arg] + strlen(argv[arg])) || 720 (ulnum < 1025UL) || (ulnum > 65535UL)) { 721 fprintf(stderr, "tftpd: invalid --port argument (%s)\n", 722 argv[arg]); 723 return 0; 724 } 725 port = curlx_ultous(ulnum); 726 arg++; 727 } 728 } 729 else if(!strcmp("--srcdir", argv[arg])) { 730 arg++; 731 if(argc>arg) { 732 path = argv[arg]; 733 arg++; 734 } 735 } 736 else { 737 puts("Usage: tftpd [option]\n" 738 " --version\n" 739 " --logfile [file]\n" 740 " --pidfile [file]\n" 741 " --ipv4\n" 742 " --ipv6\n" 743 " --port [port]\n" 744 " --srcdir [path]"); 745 return 0; 746 } 747 } 748 749 #ifdef WIN32 750 win32_init(); 751 atexit(win32_cleanup); 752 #endif 753 754 install_signal_handlers(); 755 756 pid = (long)getpid(); 757 758 #ifdef ENABLE_IPV6 759 if(!use_ipv6) 760 #endif 761 sock = socket(AF_INET, SOCK_DGRAM, 0); 762 #ifdef ENABLE_IPV6 763 else 764 sock = socket(AF_INET6, SOCK_DGRAM, 0); 765 #endif 766 767 if(CURL_SOCKET_BAD == sock) { 768 error = SOCKERRNO; 769 logmsg("Error creating socket: (%d) %s", 770 error, strerror(error)); 771 result = 1; 772 goto tftpd_cleanup; 773 } 774 775 flag = 1; 776 if(0 != setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, 777 (void *)&flag, sizeof(flag))) { 778 error = SOCKERRNO; 779 logmsg("setsockopt(SO_REUSEADDR) failed with error: (%d) %s", 780 error, strerror(error)); 781 result = 1; 782 goto tftpd_cleanup; 783 } 784 785 #ifdef ENABLE_IPV6 786 if(!use_ipv6) { 787 #endif 788 memset(&me.sa4, 0, sizeof(me.sa4)); 789 me.sa4.sin_family = AF_INET; 790 me.sa4.sin_addr.s_addr = INADDR_ANY; 791 me.sa4.sin_port = htons(port); 792 rc = bind(sock, &me.sa, sizeof(me.sa4)); 793 #ifdef ENABLE_IPV6 794 } 795 else { 796 memset(&me.sa6, 0, sizeof(me.sa6)); 797 me.sa6.sin6_family = AF_INET6; 798 me.sa6.sin6_addr = in6addr_any; 799 me.sa6.sin6_port = htons(port); 800 rc = bind(sock, &me.sa, sizeof(me.sa6)); 801 } 802 #endif /* ENABLE_IPV6 */ 803 if(0 != rc) { 804 error = SOCKERRNO; 805 logmsg("Error binding socket on port %hu: (%d) %s", 806 port, error, strerror(error)); 807 result = 1; 808 goto tftpd_cleanup; 809 } 810 811 wrotepidfile = write_pidfile(pidname); 812 if(!wrotepidfile) { 813 result = 1; 814 goto tftpd_cleanup; 815 } 816 817 logmsg("Running %s version on port UDP/%d", ipv_inuse, (int)port); 818 819 for(;;) { 820 fromlen = sizeof(from); 821 #ifdef ENABLE_IPV6 822 if(!use_ipv6) 823 #endif 824 fromlen = sizeof(from.sa4); 825 #ifdef ENABLE_IPV6 826 else 827 fromlen = sizeof(from.sa6); 828 #endif 829 n = (ssize_t)recvfrom(sock, &buf.storage[0], sizeof(buf.storage), 0, 830 &from.sa, &fromlen); 831 if(got_exit_signal) 832 break; 833 if(n < 0) { 834 logmsg("recvfrom"); 835 result = 3; 836 break; 837 } 838 839 set_advisor_read_lock(SERVERLOGS_LOCK); 840 serverlogslocked = 1; 841 842 #ifdef ENABLE_IPV6 843 if(!use_ipv6) { 844 #endif 845 from.sa4.sin_family = AF_INET; 846 peer = socket(AF_INET, SOCK_DGRAM, 0); 847 if(CURL_SOCKET_BAD == peer) { 848 logmsg("socket"); 849 result = 2; 850 break; 851 } 852 if(connect(peer, &from.sa, sizeof(from.sa4)) < 0) { 853 logmsg("connect: fail"); 854 result = 1; 855 break; 856 } 857 #ifdef ENABLE_IPV6 858 } 859 else { 860 from.sa6.sin6_family = AF_INET6; 861 peer = socket(AF_INET6, SOCK_DGRAM, 0); 862 if(CURL_SOCKET_BAD == peer) { 863 logmsg("socket"); 864 result = 2; 865 break; 866 } 867 if(connect(peer, &from.sa, sizeof(from.sa6)) < 0) { 868 logmsg("connect: fail"); 869 result = 1; 870 break; 871 } 872 } 873 #endif 874 875 maxtimeout = 5*TIMEOUT; 876 877 tp = &buf.hdr; 878 tp->th_opcode = ntohs(tp->th_opcode); 879 if(tp->th_opcode == opcode_RRQ || tp->th_opcode == opcode_WRQ) { 880 memset(&test, 0, sizeof(test)); 881 if(do_tftp(&test, tp, n) < 0) 882 break; 883 free(test.buffer); 884 } 885 sclose(peer); 886 peer = CURL_SOCKET_BAD; 887 888 if(test.ofile > 0) { 889 close(test.ofile); 890 test.ofile = 0; 891 } 892 893 if(got_exit_signal) 894 break; 895 896 if(serverlogslocked) { 897 serverlogslocked = 0; 898 clear_advisor_read_lock(SERVERLOGS_LOCK); 899 } 900 901 logmsg("end of one transfer"); 902 903 } 904 905 tftpd_cleanup: 906 907 if(test.ofile > 0) 908 close(test.ofile); 909 910 if((peer != sock) && (peer != CURL_SOCKET_BAD)) 911 sclose(peer); 912 913 if(sock != CURL_SOCKET_BAD) 914 sclose(sock); 915 916 if(got_exit_signal) 917 logmsg("signalled to die"); 918 919 if(wrotepidfile) 920 unlink(pidname); 921 922 if(serverlogslocked) { 923 serverlogslocked = 0; 924 clear_advisor_read_lock(SERVERLOGS_LOCK); 925 } 926 927 restore_signal_handlers(); 928 929 if(got_exit_signal) { 930 logmsg("========> %s tftpd (port: %d pid: %ld) exits with signal (%d)", 931 ipv_inuse, (int)port, pid, exit_signal); 932 /* 933 * To properly set the return status of the process we 934 * must raise the same signal SIGINT or SIGTERM that we 935 * caught and let the old handler take care of it. 936 */ 937 raise(exit_signal); 938 } 939 940 logmsg("========> tftpd quits"); 941 return result; 942 } 943 944 /* 945 * Handle initial connection protocol. 946 */ 947 static int do_tftp(struct testcase *test, struct tftphdr *tp, ssize_t size) 948 { 949 char *cp; 950 int first = 1, ecode; 951 struct formats *pf; 952 char *filename, *mode = NULL; 953 int error; 954 FILE *server; 955 #ifdef USE_WINSOCK 956 DWORD recvtimeout, recvtimeoutbak; 957 #endif 958 char *option = (char *)"mode"; /* mode is implicit */ 959 int toggle = 1; 960 961 /* Open request dump file. */ 962 server = fopen(REQUEST_DUMP, "ab"); 963 if(!server) { 964 error = errno; 965 logmsg("fopen() failed with error: %d %s", error, strerror(error)); 966 logmsg("Error opening file: %s", REQUEST_DUMP); 967 return -1; 968 } 969 970 /* store input protocol */ 971 fprintf(server, "opcode: %x\n", tp->th_opcode); 972 973 cp = (char *)&tp->th_stuff; 974 filename = cp; 975 do { 976 bool endofit = true; 977 while(cp < &buf.storage[size]) { 978 if(*cp == '\0') { 979 endofit = false; 980 break; 981 } 982 cp++; 983 } 984 if(endofit) 985 /* no more options */ 986 break; 987 988 /* before increasing pointer, make sure it is still within the legal 989 space */ 990 if((cp+1) < &buf.storage[size]) { 991 ++cp; 992 if(first) { 993 /* store the mode since we need it later */ 994 mode = cp; 995 first = 0; 996 } 997 if(toggle) 998 /* name/value pair: */ 999 fprintf(server, "%s: %s\n", option, cp); 1000 else { 1001 /* store the name pointer */ 1002 option = cp; 1003 } 1004 toggle ^= 1; 1005 } 1006 else 1007 /* No more options */ 1008 break; 1009 } while(1); 1010 1011 if(*cp) { 1012 nak(EBADOP); 1013 fclose(server); 1014 return 3; 1015 } 1016 1017 /* store input protocol */ 1018 fprintf(server, "filename: %s\n", filename); 1019 1020 for(cp = mode; cp && *cp; cp++) 1021 if(ISUPPER(*cp)) 1022 *cp = (char)tolower((int)*cp); 1023 1024 /* store input protocol */ 1025 fclose(server); 1026 1027 for(pf = formata; pf->f_mode; pf++) 1028 if(strcmp(pf->f_mode, mode) == 0) 1029 break; 1030 if(!pf->f_mode) { 1031 nak(EBADOP); 1032 return 2; 1033 } 1034 ecode = validate_access(test, filename, tp->th_opcode); 1035 if(ecode) { 1036 nak(ecode); 1037 return 1; 1038 } 1039 1040 #ifdef USE_WINSOCK 1041 recvtimeout = sizeof(recvtimeoutbak); 1042 getsockopt(peer, SOL_SOCKET, SO_RCVTIMEO, 1043 (char *)&recvtimeoutbak, (int *)&recvtimeout); 1044 recvtimeout = TIMEOUT*1000; 1045 setsockopt(peer, SOL_SOCKET, SO_RCVTIMEO, 1046 (const char *)&recvtimeout, sizeof(recvtimeout)); 1047 #endif 1048 1049 if(tp->th_opcode == opcode_WRQ) 1050 recvtftp(test, pf); 1051 else 1052 sendtftp(test, pf); 1053 1054 #ifdef USE_WINSOCK 1055 recvtimeout = recvtimeoutbak; 1056 setsockopt(peer, SOL_SOCKET, SO_RCVTIMEO, 1057 (const char *)&recvtimeout, sizeof(recvtimeout)); 1058 #endif 1059 1060 return 0; 1061 } 1062 1063 /* Based on the testno, parse the correct server commands. */ 1064 static int parse_servercmd(struct testcase *req) 1065 { 1066 FILE *stream; 1067 char *filename; 1068 int error; 1069 1070 filename = test2file(req->testno); 1071 1072 stream=fopen(filename, "rb"); 1073 if(!stream) { 1074 error = errno; 1075 logmsg("fopen() failed with error: %d %s", error, strerror(error)); 1076 logmsg(" [1] Error opening file: %s", filename); 1077 logmsg(" Couldn't open test file %ld", req->testno); 1078 return 1; /* done */ 1079 } 1080 else { 1081 char *orgcmd = NULL; 1082 char *cmd = NULL; 1083 size_t cmdsize = 0; 1084 int num=0; 1085 1086 /* get the custom server control "commands" */ 1087 error = getpart(&orgcmd, &cmdsize, "reply", "servercmd", stream); 1088 fclose(stream); 1089 if(error) { 1090 logmsg("getpart() failed with error: %d", error); 1091 return 1; /* done */ 1092 } 1093 1094 cmd = orgcmd; 1095 while(cmd && cmdsize) { 1096 char *check; 1097 if(1 == sscanf(cmd, "writedelay: %d", &num)) { 1098 logmsg("instructed to delay %d secs between packets", num); 1099 req->writedelay = num; 1100 } 1101 else { 1102 logmsg("Unknown <servercmd> instruction found: %s", cmd); 1103 } 1104 /* try to deal with CRLF or just LF */ 1105 check = strchr(cmd, '\r'); 1106 if(!check) 1107 check = strchr(cmd, '\n'); 1108 1109 if(check) { 1110 /* get to the letter following the newline */ 1111 while((*check == '\r') || (*check == '\n')) 1112 check++; 1113 1114 if(!*check) 1115 /* if we reached a zero, get out */ 1116 break; 1117 cmd = check; 1118 } 1119 else 1120 break; 1121 } 1122 free(orgcmd); 1123 } 1124 1125 return 0; /* OK! */ 1126 } 1127 1128 1129 /* 1130 * Validate file access. 1131 */ 1132 static int validate_access(struct testcase *test, 1133 const char *filename, int mode) 1134 { 1135 char *ptr; 1136 long testno, partno; 1137 int error; 1138 char partbuf[80]="data"; 1139 1140 logmsg("trying to get file: %s mode %x", filename, mode); 1141 1142 if(!strncmp("verifiedserver", filename, 14)) { 1143 char weare[128]; 1144 size_t count = snprintf(weare, sizeof(weare), 1145 "WE ROOLZ: %ld\r\n", (long)getpid()); 1146 1147 logmsg("Are-we-friendly question received"); 1148 test->buffer = strdup(weare); 1149 test->rptr = test->buffer; /* set read pointer */ 1150 test->bufsize = count; /* set total count */ 1151 test->rcount = count; /* set data left to read */ 1152 return 0; /* fine */ 1153 } 1154 1155 /* find the last slash */ 1156 ptr = strrchr(filename, '/'); 1157 1158 if(ptr) { 1159 char *file; 1160 1161 ptr++; /* skip the slash */ 1162 1163 /* skip all non-numericals following the slash */ 1164 while(*ptr && !ISDIGIT(*ptr)) 1165 ptr++; 1166 1167 /* get the number */ 1168 testno = strtol(ptr, &ptr, 10); 1169 1170 if(testno > 10000) { 1171 partno = testno % 10000; 1172 testno /= 10000; 1173 } 1174 else 1175 partno = 0; 1176 1177 1178 logmsg("requested test number %ld part %ld", testno, partno); 1179 1180 test->testno = testno; 1181 1182 (void)parse_servercmd(test); 1183 1184 file = test2file(testno); 1185 1186 if(0 != partno) 1187 snprintf(partbuf, sizeof(partbuf), "data%ld", partno); 1188 1189 if(file) { 1190 FILE *stream=fopen(file, "rb"); 1191 if(!stream) { 1192 error = errno; 1193 logmsg("fopen() failed with error: %d %s", error, strerror(error)); 1194 logmsg("Error opening file: %s", file); 1195 logmsg("Couldn't open test file: %s", file); 1196 return EACCESS; 1197 } 1198 else { 1199 size_t count; 1200 error = getpart(&test->buffer, &count, "reply", partbuf, stream); 1201 fclose(stream); 1202 if(error) { 1203 logmsg("getpart() failed with error: %d", error); 1204 return EACCESS; 1205 } 1206 if(test->buffer) { 1207 test->rptr = test->buffer; /* set read pointer */ 1208 test->bufsize = count; /* set total count */ 1209 test->rcount = count; /* set data left to read */ 1210 } 1211 else 1212 return EACCESS; 1213 } 1214 1215 } 1216 else 1217 return EACCESS; 1218 } 1219 else { 1220 logmsg("no slash found in path"); 1221 return EACCESS; /* failure */ 1222 } 1223 1224 logmsg("file opened and all is good"); 1225 return 0; 1226 } 1227 1228 /* 1229 * Send the requested file. 1230 */ 1231 static void sendtftp(struct testcase *test, struct formats *pf) 1232 { 1233 int size; 1234 ssize_t n; 1235 /* These are volatile to live through a siglongjmp */ 1236 volatile unsigned short sendblock; /* block count */ 1237 struct tftphdr * volatile sdp = r_init(); /* data buffer */ 1238 struct tftphdr * const sap = &ackbuf.hdr; /* ack buffer */ 1239 1240 sendblock = 1; 1241 #if defined(HAVE_ALARM) && defined(SIGALRM) 1242 mysignal(SIGALRM, timer); 1243 #endif 1244 do { 1245 size = readit(test, (struct tftphdr **)&sdp, pf->f_convert); 1246 if(size < 0) { 1247 nak(errno + 100); 1248 return; 1249 } 1250 sdp->th_opcode = htons((unsigned short)opcode_DATA); 1251 sdp->th_block = htons(sendblock); 1252 timeout = 0; 1253 #ifdef HAVE_SIGSETJMP 1254 (void) sigsetjmp(timeoutbuf, 1); 1255 #endif 1256 if(test->writedelay) { 1257 logmsg("Pausing %d seconds before %d bytes", test->writedelay, 1258 size); 1259 wait_ms(1000*test->writedelay); 1260 } 1261 1262 send_data: 1263 if(swrite(peer, sdp, size + 4) != size + 4) { 1264 logmsg("write"); 1265 return; 1266 } 1267 read_ahead(test, pf->f_convert); 1268 for(;;) { 1269 #ifdef HAVE_ALARM 1270 alarm(rexmtval); /* read the ack */ 1271 #endif 1272 n = sread(peer, &ackbuf.storage[0], sizeof(ackbuf.storage)); 1273 #ifdef HAVE_ALARM 1274 alarm(0); 1275 #endif 1276 if(got_exit_signal) 1277 return; 1278 if(n < 0) { 1279 logmsg("read: fail"); 1280 return; 1281 } 1282 sap->th_opcode = ntohs((unsigned short)sap->th_opcode); 1283 sap->th_block = ntohs(sap->th_block); 1284 1285 if(sap->th_opcode == opcode_ERROR) { 1286 logmsg("got ERROR"); 1287 return; 1288 } 1289 1290 if(sap->th_opcode == opcode_ACK) { 1291 if(sap->th_block == sendblock) { 1292 break; 1293 } 1294 /* Re-synchronize with the other side */ 1295 (void) synchnet(peer); 1296 if(sap->th_block == (sendblock-1)) { 1297 goto send_data; 1298 } 1299 } 1300 1301 } 1302 sendblock++; 1303 } while(size == SEGSIZE); 1304 } 1305 1306 /* 1307 * Receive a file. 1308 */ 1309 static void recvtftp(struct testcase *test, struct formats *pf) 1310 { 1311 ssize_t n, size; 1312 /* These are volatile to live through a siglongjmp */ 1313 volatile unsigned short recvblock; /* block count */ 1314 struct tftphdr * volatile rdp; /* data buffer */ 1315 struct tftphdr *rap; /* ack buffer */ 1316 1317 recvblock = 0; 1318 rdp = w_init(); 1319 #if defined(HAVE_ALARM) && defined(SIGALRM) 1320 mysignal(SIGALRM, timer); 1321 #endif 1322 rap = &ackbuf.hdr; 1323 do { 1324 timeout = 0; 1325 rap->th_opcode = htons((unsigned short)opcode_ACK); 1326 rap->th_block = htons(recvblock); 1327 recvblock++; 1328 #ifdef HAVE_SIGSETJMP 1329 (void) sigsetjmp(timeoutbuf, 1); 1330 #endif 1331 send_ack: 1332 if(swrite(peer, &ackbuf.storage[0], 4) != 4) { 1333 logmsg("write: fail\n"); 1334 goto abort; 1335 } 1336 write_behind(test, pf->f_convert); 1337 for(;;) { 1338 #ifdef HAVE_ALARM 1339 alarm(rexmtval); 1340 #endif 1341 n = sread(peer, rdp, PKTSIZE); 1342 #ifdef HAVE_ALARM 1343 alarm(0); 1344 #endif 1345 if(got_exit_signal) 1346 goto abort; 1347 if(n < 0) { /* really? */ 1348 logmsg("read: fail\n"); 1349 goto abort; 1350 } 1351 rdp->th_opcode = ntohs((unsigned short)rdp->th_opcode); 1352 rdp->th_block = ntohs(rdp->th_block); 1353 if(rdp->th_opcode == opcode_ERROR) 1354 goto abort; 1355 if(rdp->th_opcode == opcode_DATA) { 1356 if(rdp->th_block == recvblock) { 1357 break; /* normal */ 1358 } 1359 /* Re-synchronize with the other side */ 1360 (void) synchnet(peer); 1361 if(rdp->th_block == (recvblock-1)) 1362 goto send_ack; /* rexmit */ 1363 } 1364 } 1365 1366 size = writeit(test, &rdp, (int)(n - 4), pf->f_convert); 1367 if(size != (n-4)) { /* ahem */ 1368 if(size < 0) 1369 nak(errno + 100); 1370 else 1371 nak(ENOSPACE); 1372 goto abort; 1373 } 1374 } while(size == SEGSIZE); 1375 write_behind(test, pf->f_convert); 1376 1377 rap->th_opcode = htons((unsigned short)opcode_ACK); /* send the "final" 1378 ack */ 1379 rap->th_block = htons(recvblock); 1380 (void) swrite(peer, &ackbuf.storage[0], 4); 1381 #if defined(HAVE_ALARM) && defined(SIGALRM) 1382 mysignal(SIGALRM, justtimeout); /* just abort read on timeout */ 1383 alarm(rexmtval); 1384 #endif 1385 /* normally times out and quits */ 1386 n = sread(peer, &buf.storage[0], sizeof(buf.storage)); 1387 #ifdef HAVE_ALARM 1388 alarm(0); 1389 #endif 1390 if(got_exit_signal) 1391 goto abort; 1392 if(n >= 4 && /* if read some data */ 1393 rdp->th_opcode == opcode_DATA && /* and got a data block */ 1394 recvblock == rdp->th_block) { /* then my last ack was lost */ 1395 (void) swrite(peer, &ackbuf.storage[0], 4); /* resend final ack */ 1396 } 1397 abort: 1398 return; 1399 } 1400 1401 /* 1402 * Send a nak packet (error message). Error code passed in is one of the 1403 * standard TFTP codes, or a Unix errno offset by 100. 1404 */ 1405 static void nak(int error) 1406 { 1407 struct tftphdr *tp; 1408 int length; 1409 struct errmsg *pe; 1410 1411 tp = &buf.hdr; 1412 tp->th_opcode = htons((unsigned short)opcode_ERROR); 1413 tp->th_code = htons((unsigned short)error); 1414 for(pe = errmsgs; pe->e_code >= 0; pe++) 1415 if(pe->e_code == error) 1416 break; 1417 if(pe->e_code < 0) { 1418 pe->e_msg = strerror(error - 100); 1419 tp->th_code = EUNDEF; /* set 'undef' errorcode */ 1420 } 1421 length = (int)strlen(pe->e_msg); 1422 1423 /* we use memcpy() instead of strcpy() in order to avoid buffer overflow 1424 * report from glibc with FORTIFY_SOURCE */ 1425 memcpy(tp->th_msg, pe->e_msg, length + 1); 1426 length += 5; 1427 if(swrite(peer, &buf.storage[0], length) != length) 1428 logmsg("nak: fail\n"); 1429 } 1430
