1 /*************************************************************************** 2 * _ _ ____ _ 3 * Project ___| | | | _ \| | 4 * / __| | | | |_) | | 5 * | (__| |_| | _ <| |___ 6 * \___|\___/|_| \_\_____| 7 * 8 * 9 * Trivial file transfer protocol server. 10 * 11 * This code includes many modifications by Jim Guyton <guyton@rand-unix> 12 * 13 * This source file was started based on netkit-tftpd 0.17 14 * Heavily modified for curl's test suite 15 */ 16 17 /* 18 * Copyright (c) 1983, 2016 Regents of the University of California. 19 * All rights reserved. 20 * 21 * Redistribution and use in source and binary forms, with or without 22 * modification, are permitted provided that the following conditions 23 * are met: 24 * 1. Redistributions of source code must retain the above copyright 25 * notice, this list of conditions and the following disclaimer. 26 * 2. Redistributions in binary form must reproduce the above copyright 27 * notice, this list of conditions and the following disclaimer in the 28 * documentation and/or other materials provided with the distribution. 29 * 3. All advertising materials mentioning features or use of this software 30 * must display the following acknowledgement: 31 * This product includes software developed by the University of 32 * California, Berkeley and its contributors. 33 * 4. Neither the name of the University nor the names of its contributors 34 * may be used to endorse or promote products derived from this software 35 * without specific prior written permission. 36 * 37 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 38 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 40 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 41 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 42 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 43 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 45 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 46 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 47 * SUCH DAMAGE. 48 */ 49 50 #include "server_setup.h" 51 52 #ifdef HAVE_SYS_IOCTL_H 53 #include <sys/ioctl.h> 54 #endif 55 #ifdef HAVE_SIGNAL_H 56 #include <signal.h> 57 #endif 58 #ifdef HAVE_FCNTL_H 59 #include <fcntl.h> 60 #endif 61 #ifdef HAVE_NETINET_IN_H 62 #include <netinet/in.h> 63 #endif 64 #ifdef HAVE_ARPA_INET_H 65 #include <arpa/inet.h> 66 #endif 67 #ifdef HAVE_ARPA_TFTP_H 68 #include <arpa/tftp.h> 69 #else 70 #include "tftp.h" 71 #endif 72 #ifdef HAVE_NETDB_H 73 #include <netdb.h> 74 #endif 75 #ifdef HAVE_SYS_FILIO_H 76 /* FIONREAD on Solaris 7 */ 77 #include <sys/filio.h> 78 #endif 79 80 #include <setjmp.h> 81 82 #ifdef HAVE_PWD_H 83 #include <pwd.h> 84 #endif 85 86 #define ENABLE_CURLX_PRINTF 87 /* make the curlx header define all printf() functions to use the curlx_* 88 versions instead */ 89 #include "curlx.h" /* from the private lib dir */ 90 #include "getpart.h" 91 #include "util.h" 92 #include "server_sockaddr.h" 93 94 /* include memdebug.h last */ 95 #include "memdebug.h" 96 97 /***************************************************************************** 98 * STRUCT DECLARATIONS AND DEFINES * 99 *****************************************************************************/ 100 101 #ifndef PKTSIZE 102 #define PKTSIZE (SEGSIZE + 4) /* SEGSIZE defined in arpa/tftp.h */ 103 #endif 104 105 struct testcase { 106 char *buffer; /* holds the file data to send to the client */ 107 size_t bufsize; /* size of the data in buffer */ 108 char *rptr; /* read pointer into the buffer */ 109 size_t rcount; /* amount of data left to read of the file */ 110 long testno; /* test case number */ 111 int ofile; /* file descriptor for output file when uploading to us */ 112 113 int writedelay; /* number of seconds between each packet */ 114 }; 115 116 struct formats { 117 const char *f_mode; 118 int f_convert; 119 }; 120 121 struct errmsg { 122 int e_code; 123 const char *e_msg; 124 }; 125 126 typedef union { 127 struct tftphdr hdr; 128 char storage[PKTSIZE]; 129 } tftphdr_storage_t; 130 131 /* 132 * bf.counter values in range [-1 .. SEGSIZE] represents size of data in the 133 * bf.buf buffer. Additionally it can also hold flags BF_ALLOC or BF_FREE. 134 */ 135 136 struct bf { 137 int counter; /* size of data in buffer, or flag */ 138 tftphdr_storage_t buf; /* room for data packet */ 139 }; 140 141 #define BF_ALLOC -3 /* alloc'd but not yet filled */ 142 #define BF_FREE -2 /* free */ 143 144 #define opcode_RRQ 1 145 #define opcode_WRQ 2 146 #define opcode_DATA 3 147 #define opcode_ACK 4 148 #define opcode_ERROR 5 149 150 #define TIMEOUT 5 151 152 #undef MIN 153 #define MIN(x,y) ((x)<(y)?(x):(y)) 154 155 #ifndef DEFAULT_LOGFILE 156 #define DEFAULT_LOGFILE "log/tftpd.log" 157 #endif 158 159 #define REQUEST_DUMP "log/server.input" 160 161 #define DEFAULT_PORT 8999 /* UDP */ 162 163 /***************************************************************************** 164 * GLOBAL VARIABLES * 165 *****************************************************************************/ 166 167 static struct errmsg errmsgs[] = { 168 { EUNDEF, "Undefined error code" }, 169 { ENOTFOUND, "File not found" }, 170 { EACCESS, "Access violation" }, 171 { ENOSPACE, "Disk full or allocation exceeded" }, 172 { EBADOP, "Illegal TFTP operation" }, 173 { EBADID, "Unknown transfer ID" }, 174 { EEXISTS, "File already exists" }, 175 { ENOUSER, "No such user" }, 176 { -1, 0 } 177 }; 178 179 static struct formats formata[] = { 180 { "netascii", 1 }, 181 { "octet", 0 }, 182 { NULL, 0 } 183 }; 184 185 static struct bf bfs[2]; 186 187 static int nextone; /* index of next buffer to use */ 188 static int current; /* index of buffer in use */ 189 190 /* control flags for crlf conversions */ 191 static int newline = 0; /* fillbuf: in middle of newline expansion */ 192 static int prevchar = -1; /* putbuf: previous char (cr check) */ 193 194 static tftphdr_storage_t buf; 195 static tftphdr_storage_t ackbuf; 196 197 static srvr_sockaddr_union_t from; 198 static curl_socklen_t fromlen; 199 200 static curl_socket_t peer = CURL_SOCKET_BAD; 201 202 static unsigned int timeout; 203 static unsigned int maxtimeout = 5 * TIMEOUT; 204 205 #ifdef ENABLE_IPV6 206 static bool use_ipv6 = FALSE; 207 #endif 208 static const char *ipv_inuse = "IPv4"; 209 210 const char *serverlogfile = DEFAULT_LOGFILE; 211 static const char *pidname = ".tftpd.pid"; 212 static int serverlogslocked = 0; 213 static int wrotepidfile = 0; 214 215 #ifdef HAVE_SIGSETJMP 216 static sigjmp_buf timeoutbuf; 217 #endif 218 219 #if defined(HAVE_ALARM) && defined(SIGALRM) 220 static const unsigned int rexmtval = TIMEOUT; 221 #endif 222 223 /* do-nothing macro replacement for systems which lack siginterrupt() */ 224 225 #ifndef HAVE_SIGINTERRUPT 226 #define siginterrupt(x,y) do {} while(0) 227 #endif 228 229 /* vars used to keep around previous signal handlers */ 230 231 typedef RETSIGTYPE (*SIGHANDLER_T)(int); 232 233 #ifdef SIGHUP 234 static SIGHANDLER_T old_sighup_handler = SIG_ERR; 235 #endif 236 237 #ifdef SIGPIPE 238 static SIGHANDLER_T old_sigpipe_handler = SIG_ERR; 239 #endif 240 241 #ifdef SIGINT 242 static SIGHANDLER_T old_sigint_handler = SIG_ERR; 243 #endif 244 245 #ifdef SIGTERM 246 static SIGHANDLER_T old_sigterm_handler = SIG_ERR; 247 #endif 248 249 #if defined(SIGBREAK) && defined(WIN32) 250 static SIGHANDLER_T old_sigbreak_handler = SIG_ERR; 251 #endif 252 253 /* var which if set indicates that the program should finish execution */ 254 255 SIG_ATOMIC_T got_exit_signal = 0; 256 257 /* if next is set indicates the first signal handled in exit_signal_handler */ 258 259 static volatile int exit_signal = 0; 260 261 /***************************************************************************** 262 * FUNCTION PROTOTYPES * 263 *****************************************************************************/ 264 265 static struct tftphdr *rw_init(int); 266 267 static struct tftphdr *w_init(void); 268 269 static struct tftphdr *r_init(void); 270 271 static void read_ahead(struct testcase *test, int convert); 272 273 static ssize_t write_behind(struct testcase *test, int convert); 274 275 static int synchnet(curl_socket_t); 276 277 static int do_tftp(struct testcase *test, struct tftphdr *tp, ssize_t size); 278 279 static int validate_access(struct testcase *test, const char *fname, int mode); 280 281 static void sendtftp(struct testcase *test, struct formats *pf); 282 283 static void recvtftp(struct testcase *test, struct formats *pf); 284 285 static void nak(int error); 286 287 #if defined(HAVE_ALARM) && defined(SIGALRM) 288 289 static void mysignal(int sig, void (*handler)(int)); 290 291 static void timer(int signum); 292 293 static void justtimeout(int signum); 294 295 #endif /* HAVE_ALARM && SIGALRM */ 296 297 static RETSIGTYPE exit_signal_handler(int signum); 298 299 static void install_signal_handlers(void); 300 301 static void restore_signal_handlers(void); 302 303 /***************************************************************************** 304 * FUNCTION IMPLEMENTATIONS * 305 *****************************************************************************/ 306 307 #if defined(HAVE_ALARM) && defined(SIGALRM) 308 309 /* 310 * Like signal(), but with well-defined semantics. 311 */ 312 static void mysignal(int sig, void (*handler)(int)) 313 { 314 struct sigaction sa; 315 memset(&sa, 0, sizeof(sa)); 316 sa.sa_handler = handler; 317 sigaction(sig, &sa, NULL); 318 } 319 320 static void timer(int signum) 321 { 322 (void)signum; 323 324 logmsg("alarm!"); 325 326 timeout += rexmtval; 327 if(timeout >= maxtimeout) { 328 if(wrotepidfile) { 329 wrotepidfile = 0; 330 unlink(pidname); 331 } 332 if(serverlogslocked) { 333 serverlogslocked = 0; 334 clear_advisor_read_lock(SERVERLOGS_LOCK); 335 } 336 exit(1); 337 } 338 #ifdef HAVE_SIGSETJMP 339 siglongjmp(timeoutbuf, 1); 340 #endif 341 } 342 343 static void justtimeout(int signum) 344 { 345 (void)signum; 346 } 347 348 #endif /* HAVE_ALARM && SIGALRM */ 349 350 /* signal handler that will be triggered to indicate that the program 351 should finish its execution in a controlled manner as soon as possible. 352 The first time this is called it will set got_exit_signal to one and 353 store in exit_signal the signal that triggered its execution. */ 354 355 static RETSIGTYPE exit_signal_handler(int signum) 356 { 357 int old_errno = errno; 358 if(got_exit_signal == 0) { 359 got_exit_signal = 1; 360 exit_signal = signum; 361 } 362 (void)signal(signum, exit_signal_handler); 363 errno = old_errno; 364 } 365 366 static void install_signal_handlers(void) 367 { 368 #ifdef SIGHUP 369 /* ignore SIGHUP signal */ 370 old_sighup_handler = signal(SIGHUP, SIG_IGN); 371 if(old_sighup_handler == SIG_ERR) 372 logmsg("cannot install SIGHUP handler: %s", strerror(errno)); 373 #endif 374 #ifdef SIGPIPE 375 /* ignore SIGPIPE signal */ 376 old_sigpipe_handler = signal(SIGPIPE, SIG_IGN); 377 if(old_sigpipe_handler == SIG_ERR) 378 logmsg("cannot install SIGPIPE handler: %s", strerror(errno)); 379 #endif 380 #ifdef SIGINT 381 /* handle SIGINT signal with our exit_signal_handler */ 382 old_sigint_handler = signal(SIGINT, exit_signal_handler); 383 if(old_sigint_handler == SIG_ERR) 384 logmsg("cannot install SIGINT handler: %s", strerror(errno)); 385 else 386 siginterrupt(SIGINT, 1); 387 #endif 388 #ifdef SIGTERM 389 /* handle SIGTERM signal with our exit_signal_handler */ 390 old_sigterm_handler = signal(SIGTERM, exit_signal_handler); 391 if(old_sigterm_handler == SIG_ERR) 392 logmsg("cannot install SIGTERM handler: %s", strerror(errno)); 393 else 394 siginterrupt(SIGTERM, 1); 395 #endif 396 #if defined(SIGBREAK) && defined(WIN32) 397 /* handle SIGBREAK signal with our exit_signal_handler */ 398 old_sigbreak_handler = signal(SIGBREAK, exit_signal_handler); 399 if(old_sigbreak_handler == SIG_ERR) 400 logmsg("cannot install SIGBREAK handler: %s", strerror(errno)); 401 else 402 siginterrupt(SIGBREAK, 1); 403 #endif 404 } 405 406 static void restore_signal_handlers(void) 407 { 408 #ifdef SIGHUP 409 if(SIG_ERR != old_sighup_handler) 410 (void)signal(SIGHUP, old_sighup_handler); 411 #endif 412 #ifdef SIGPIPE 413 if(SIG_ERR != old_sigpipe_handler) 414 (void)signal(SIGPIPE, old_sigpipe_handler); 415 #endif 416 #ifdef SIGINT 417 if(SIG_ERR != old_sigint_handler) 418 (void)signal(SIGINT, old_sigint_handler); 419 #endif 420 #ifdef SIGTERM 421 if(SIG_ERR != old_sigterm_handler) 422 (void)signal(SIGTERM, old_sigterm_handler); 423 #endif 424 #if defined(SIGBREAK) && defined(WIN32) 425 if(SIG_ERR != old_sigbreak_handler) 426 (void)signal(SIGBREAK, old_sigbreak_handler); 427 #endif 428 } 429 430 /* 431 * init for either read-ahead or write-behind. 432 * zero for write-behind, one for read-head. 433 */ 434 static struct tftphdr *rw_init(int x) 435 { 436 newline = 0; /* init crlf flag */ 437 prevchar = -1; 438 bfs[0].counter = BF_ALLOC; /* pass out the first buffer */ 439 current = 0; 440 bfs[1].counter = BF_FREE; 441 nextone = x; /* ahead or behind? */ 442 return &bfs[0].buf.hdr; 443 } 444 445 static struct tftphdr *w_init(void) 446 { 447 return rw_init(0); /* write-behind */ 448 } 449 450 static struct tftphdr *r_init(void) 451 { 452 return rw_init(1); /* read-ahead */ 453 } 454 455 /* Have emptied current buffer by sending to net and getting ack. 456 Free it and return next buffer filled with data. 457 */ 458 static int readit(struct testcase *test, struct tftphdr **dpp, 459 int convert /* if true, convert to ascii */) 460 { 461 struct bf *b; 462 463 bfs[current].counter = BF_FREE; /* free old one */ 464 current = !current; /* "incr" current */ 465 466 b = &bfs[current]; /* look at new buffer */ 467 if(b->counter == BF_FREE) /* if it's empty */ 468 read_ahead(test, convert); /* fill it */ 469 470 *dpp = &b->buf.hdr; /* set caller's ptr */ 471 return b->counter; 472 } 473 474 /* 475 * fill the input buffer, doing ascii conversions if requested 476 * conversions are lf -> cr, lf and cr -> cr, nul 477 */ 478 static void read_ahead(struct testcase *test, 479 int convert /* if true, convert to ascii */) 480 { 481 int i; 482 char *p; 483 int c; 484 struct bf *b; 485 struct tftphdr *dp; 486 487 b = &bfs[nextone]; /* look at "next" buffer */ 488 if(b->counter != BF_FREE) /* nop if not free */ 489 return; 490 nextone = !nextone; /* "incr" next buffer ptr */ 491 492 dp = &b->buf.hdr; 493 494 if(convert == 0) { 495 /* The former file reading code did this: 496 b->counter = read(fileno(file), dp->th_data, SEGSIZE); */ 497 size_t copy_n = MIN(SEGSIZE, test->rcount); 498 memcpy(dp->th_data, test->rptr, copy_n); 499 500 /* decrease amount, advance pointer */ 501 test->rcount -= copy_n; 502 test->rptr += copy_n; 503 b->counter = (int)copy_n; 504 return; 505 } 506 507 p = dp->th_data; 508 for(i = 0 ; i < SEGSIZE; i++) { 509 if(newline) { 510 if(prevchar == '\n') 511 c = '\n'; /* lf to cr,lf */ 512 else 513 c = '\0'; /* cr to cr,nul */ 514 newline = 0; 515 } 516 else { 517 if(test->rcount) { 518 c = test->rptr[0]; 519 test->rptr++; 520 test->rcount--; 521 } 522 else 523 break; 524 if(c == '\n' || c == '\r') { 525 prevchar = c; 526 c = '\r'; 527 newline = 1; 528 } 529 } 530 *p++ = (char)c; 531 } 532 b->counter = (int)(p - dp->th_data); 533 } 534 535 /* Update count associated with the buffer, get new buffer from the queue. 536 Calls write_behind only if next buffer not available. 537 */ 538 static int writeit(struct testcase *test, struct tftphdr * volatile *dpp, 539 int ct, int convert) 540 { 541 bfs[current].counter = ct; /* set size of data to write */ 542 current = !current; /* switch to other buffer */ 543 if(bfs[current].counter != BF_FREE) /* if not free */ 544 write_behind(test, convert); /* flush it */ 545 bfs[current].counter = BF_ALLOC; /* mark as alloc'd */ 546 *dpp = &bfs[current].buf.hdr; 547 return ct; /* this is a lie of course */ 548 } 549 550 /* 551 * Output a buffer to a file, converting from netascii if requested. 552 * CR, NUL -> CR and CR, LF => LF. 553 * Note spec is undefined if we get CR as last byte of file or a 554 * CR followed by anything else. In this case we leave it alone. 555 */ 556 static ssize_t write_behind(struct testcase *test, int convert) 557 { 558 char *writebuf; 559 int count; 560 int ct; 561 char *p; 562 int c; /* current character */ 563 struct bf *b; 564 struct tftphdr *dp; 565 566 b = &bfs[nextone]; 567 if(b->counter < -1) /* anything to flush? */ 568 return 0; /* just nop if nothing to do */ 569 570 if(!test->ofile) { 571 char outfile[256]; 572 snprintf(outfile, sizeof(outfile), "log/upload.%ld", test->testno); 573 #ifdef WIN32 574 test->ofile = open(outfile, O_CREAT|O_RDWR|O_BINARY, 0777); 575 #else 576 test->ofile = open(outfile, O_CREAT|O_RDWR, 0777); 577 #endif 578 if(test->ofile == -1) { 579 logmsg("Couldn't create and/or open file %s for upload!", outfile); 580 return -1; /* failure! */ 581 } 582 } 583 584 count = b->counter; /* remember byte count */ 585 b->counter = BF_FREE; /* reset flag */ 586 dp = &b->buf.hdr; 587 nextone = !nextone; /* incr for next time */ 588 writebuf = dp->th_data; 589 590 if(count <= 0) 591 return -1; /* nak logic? */ 592 593 if(convert == 0) 594 return write(test->ofile, writebuf, count); 595 596 p = writebuf; 597 ct = count; 598 while(ct--) { /* loop over the buffer */ 599 c = *p++; /* pick up a character */ 600 if(prevchar == '\r') { /* if prev char was cr */ 601 if(c == '\n') /* if have cr,lf then just */ 602 lseek(test->ofile, -1, SEEK_CUR); /* smash lf on top of the cr */ 603 else 604 if(c == '\0') /* if have cr,nul then */ 605 goto skipit; /* just skip over the putc */ 606 /* else just fall through and allow it */ 607 } 608 /* formerly 609 putc(c, file); */ 610 if(1 != write(test->ofile, &c, 1)) 611 break; 612 skipit: 613 prevchar = c; 614 } 615 return count; 616 } 617 618 /* When an error has occurred, it is possible that the two sides are out of 619 * synch. Ie: that what I think is the other side's response to packet N is 620 * really their response to packet N-1. 621 * 622 * So, to try to prevent that, we flush all the input queued up for us on the 623 * network connection on our host. 624 * 625 * We return the number of packets we flushed (mostly for reporting when trace 626 * is active). 627 */ 628 629 static int synchnet(curl_socket_t f /* socket to flush */) 630 { 631 632 #if defined(HAVE_IOCTLSOCKET) 633 unsigned long i; 634 #else 635 int i; 636 #endif 637 int j = 0; 638 char rbuf[PKTSIZE]; 639 srvr_sockaddr_union_t fromaddr; 640 curl_socklen_t fromaddrlen; 641 642 for(;;) { 643 #if defined(HAVE_IOCTLSOCKET) 644 (void) ioctlsocket(f, FIONREAD, &i); 645 #else 646 (void) ioctl(f, FIONREAD, &i); 647 #endif 648 if(i) { 649 j++; 650 #ifdef ENABLE_IPV6 651 if(!use_ipv6) 652 #endif 653 fromaddrlen = sizeof(fromaddr.sa4); 654 #ifdef ENABLE_IPV6 655 else 656 fromaddrlen = sizeof(fromaddr.sa6); 657 #endif 658 (void) recvfrom(f, rbuf, sizeof(rbuf), 0, 659 &fromaddr.sa, &fromaddrlen); 660 } 661 else 662 break; 663 } 664 return j; 665 } 666 667 int main(int argc, char **argv) 668 { 669 srvr_sockaddr_union_t me; 670 struct tftphdr *tp; 671 ssize_t n = 0; 672 int arg = 1; 673 unsigned short port = DEFAULT_PORT; 674 curl_socket_t sock = CURL_SOCKET_BAD; 675 int flag; 676 int rc; 677 int error; 678 long pid; 679 struct testcase test; 680 int result = 0; 681 682 memset(&test, 0, sizeof(test)); 683 684 while(argc>arg) { 685 if(!strcmp("--version", argv[arg])) { 686 printf("tftpd IPv4%s\n", 687 #ifdef ENABLE_IPV6 688 "/IPv6" 689 #else 690 "" 691 #endif 692 ); 693 return 0; 694 } 695 else if(!strcmp("--pidfile", argv[arg])) { 696 arg++; 697 if(argc>arg) 698 pidname = argv[arg++]; 699 } 700 else if(!strcmp("--logfile", argv[arg])) { 701 arg++; 702 if(argc>arg) 703 serverlogfile = argv[arg++]; 704 } 705 else if(!strcmp("--ipv4", argv[arg])) { 706 #ifdef ENABLE_IPV6 707 ipv_inuse = "IPv4"; 708 use_ipv6 = FALSE; 709 #endif 710 arg++; 711 } 712 else if(!strcmp("--ipv6", argv[arg])) { 713 #ifdef ENABLE_IPV6 714 ipv_inuse = "IPv6"; 715 use_ipv6 = TRUE; 716 #endif 717 arg++; 718 } 719 else if(!strcmp("--port", argv[arg])) { 720 arg++; 721 if(argc>arg) { 722 char *endptr; 723 unsigned long ulnum = strtoul(argv[arg], &endptr, 10); 724 if((endptr != argv[arg] + strlen(argv[arg])) || 725 (ulnum < 1025UL) || (ulnum > 65535UL)) { 726 fprintf(stderr, "tftpd: invalid --port argument (%s)\n", 727 argv[arg]); 728 return 0; 729 } 730 port = curlx_ultous(ulnum); 731 arg++; 732 } 733 } 734 else if(!strcmp("--srcdir", argv[arg])) { 735 arg++; 736 if(argc>arg) { 737 path = argv[arg]; 738 arg++; 739 } 740 } 741 else { 742 puts("Usage: tftpd [option]\n" 743 " --version\n" 744 " --logfile [file]\n" 745 " --pidfile [file]\n" 746 " --ipv4\n" 747 " --ipv6\n" 748 " --port [port]\n" 749 " --srcdir [path]"); 750 return 0; 751 } 752 } 753 754 #ifdef WIN32 755 win32_init(); 756 atexit(win32_cleanup); 757 #endif 758 759 install_signal_handlers(); 760 761 pid = (long)getpid(); 762 763 #ifdef ENABLE_IPV6 764 if(!use_ipv6) 765 #endif 766 sock = socket(AF_INET, SOCK_DGRAM, 0); 767 #ifdef ENABLE_IPV6 768 else 769 sock = socket(AF_INET6, SOCK_DGRAM, 0); 770 #endif 771 772 if(CURL_SOCKET_BAD == sock) { 773 error = SOCKERRNO; 774 logmsg("Error creating socket: (%d) %s", 775 error, strerror(error)); 776 result = 1; 777 goto tftpd_cleanup; 778 } 779 780 flag = 1; 781 if(0 != setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, 782 (void *)&flag, sizeof(flag))) { 783 error = SOCKERRNO; 784 logmsg("setsockopt(SO_REUSEADDR) failed with error: (%d) %s", 785 error, strerror(error)); 786 result = 1; 787 goto tftpd_cleanup; 788 } 789 790 #ifdef ENABLE_IPV6 791 if(!use_ipv6) { 792 #endif 793 memset(&me.sa4, 0, sizeof(me.sa4)); 794 me.sa4.sin_family = AF_INET; 795 me.sa4.sin_addr.s_addr = INADDR_ANY; 796 me.sa4.sin_port = htons(port); 797 rc = bind(sock, &me.sa, sizeof(me.sa4)); 798 #ifdef ENABLE_IPV6 799 } 800 else { 801 memset(&me.sa6, 0, sizeof(me.sa6)); 802 me.sa6.sin6_family = AF_INET6; 803 me.sa6.sin6_addr = in6addr_any; 804 me.sa6.sin6_port = htons(port); 805 rc = bind(sock, &me.sa, sizeof(me.sa6)); 806 } 807 #endif /* ENABLE_IPV6 */ 808 if(0 != rc) { 809 error = SOCKERRNO; 810 logmsg("Error binding socket on port %hu: (%d) %s", 811 port, error, strerror(error)); 812 result = 1; 813 goto tftpd_cleanup; 814 } 815 816 wrotepidfile = write_pidfile(pidname); 817 if(!wrotepidfile) { 818 result = 1; 819 goto tftpd_cleanup; 820 } 821 822 logmsg("Running %s version on port UDP/%d", ipv_inuse, (int)port); 823 824 for(;;) { 825 fromlen = sizeof(from); 826 #ifdef ENABLE_IPV6 827 if(!use_ipv6) 828 #endif 829 fromlen = sizeof(from.sa4); 830 #ifdef ENABLE_IPV6 831 else 832 fromlen = sizeof(from.sa6); 833 #endif 834 n = (ssize_t)recvfrom(sock, &buf.storage[0], sizeof(buf.storage), 0, 835 &from.sa, &fromlen); 836 if(got_exit_signal) 837 break; 838 if(n < 0) { 839 logmsg("recvfrom"); 840 result = 3; 841 break; 842 } 843 844 set_advisor_read_lock(SERVERLOGS_LOCK); 845 serverlogslocked = 1; 846 847 #ifdef ENABLE_IPV6 848 if(!use_ipv6) { 849 #endif 850 from.sa4.sin_family = AF_INET; 851 peer = socket(AF_INET, SOCK_DGRAM, 0); 852 if(CURL_SOCKET_BAD == peer) { 853 logmsg("socket"); 854 result = 2; 855 break; 856 } 857 if(connect(peer, &from.sa, sizeof(from.sa4)) < 0) { 858 logmsg("connect: fail"); 859 result = 1; 860 break; 861 } 862 #ifdef ENABLE_IPV6 863 } 864 else { 865 from.sa6.sin6_family = AF_INET6; 866 peer = socket(AF_INET6, SOCK_DGRAM, 0); 867 if(CURL_SOCKET_BAD == peer) { 868 logmsg("socket"); 869 result = 2; 870 break; 871 } 872 if(connect(peer, &from.sa, sizeof(from.sa6)) < 0) { 873 logmsg("connect: fail"); 874 result = 1; 875 break; 876 } 877 } 878 #endif 879 880 maxtimeout = 5*TIMEOUT; 881 882 tp = &buf.hdr; 883 tp->th_opcode = ntohs(tp->th_opcode); 884 if(tp->th_opcode == opcode_RRQ || tp->th_opcode == opcode_WRQ) { 885 memset(&test, 0, sizeof(test)); 886 if(do_tftp(&test, tp, n) < 0) 887 break; 888 free(test.buffer); 889 } 890 sclose(peer); 891 peer = CURL_SOCKET_BAD; 892 893 if(test.ofile > 0) { 894 close(test.ofile); 895 test.ofile = 0; 896 } 897 898 if(got_exit_signal) 899 break; 900 901 if(serverlogslocked) { 902 serverlogslocked = 0; 903 clear_advisor_read_lock(SERVERLOGS_LOCK); 904 } 905 906 logmsg("end of one transfer"); 907 908 } 909 910 tftpd_cleanup: 911 912 if(test.ofile > 0) 913 close(test.ofile); 914 915 if((peer != sock) && (peer != CURL_SOCKET_BAD)) 916 sclose(peer); 917 918 if(sock != CURL_SOCKET_BAD) 919 sclose(sock); 920 921 if(got_exit_signal) 922 logmsg("signalled to die"); 923 924 if(wrotepidfile) 925 unlink(pidname); 926 927 if(serverlogslocked) { 928 serverlogslocked = 0; 929 clear_advisor_read_lock(SERVERLOGS_LOCK); 930 } 931 932 restore_signal_handlers(); 933 934 if(got_exit_signal) { 935 logmsg("========> %s tftpd (port: %d pid: %ld) exits with signal (%d)", 936 ipv_inuse, (int)port, pid, exit_signal); 937 /* 938 * To properly set the return status of the process we 939 * must raise the same signal SIGINT or SIGTERM that we 940 * caught and let the old handler take care of it. 941 */ 942 raise(exit_signal); 943 } 944 945 logmsg("========> tftpd quits"); 946 return result; 947 } 948 949 /* 950 * Handle initial connection protocol. 951 */ 952 static int do_tftp(struct testcase *test, struct tftphdr *tp, ssize_t size) 953 { 954 char *cp; 955 int first = 1, ecode; 956 struct formats *pf; 957 char *filename, *mode = NULL; 958 int error; 959 FILE *server; 960 #ifdef USE_WINSOCK 961 DWORD recvtimeout, recvtimeoutbak; 962 #endif 963 const char *option = "mode"; /* mode is implicit */ 964 int toggle = 1; 965 966 /* Open request dump file. */ 967 server = fopen(REQUEST_DUMP, "ab"); 968 if(!server) { 969 error = errno; 970 logmsg("fopen() failed with error: %d %s", error, strerror(error)); 971 logmsg("Error opening file: %s", REQUEST_DUMP); 972 return -1; 973 } 974 975 /* store input protocol */ 976 fprintf(server, "opcode: %x\n", tp->th_opcode); 977 978 cp = (char *)&tp->th_stuff; 979 filename = cp; 980 do { 981 bool endofit = true; 982 while(cp < &buf.storage[size]) { 983 if(*cp == '\0') { 984 endofit = false; 985 break; 986 } 987 cp++; 988 } 989 if(endofit) 990 /* no more options */ 991 break; 992 993 /* before increasing pointer, make sure it is still within the legal 994 space */ 995 if((cp + 1) < &buf.storage[size]) { 996 ++cp; 997 if(first) { 998 /* store the mode since we need it later */ 999 mode = cp; 1000 first = 0; 1001 } 1002 if(toggle) 1003 /* name/value pair: */ 1004 fprintf(server, "%s: %s\n", option, cp); 1005 else { 1006 /* store the name pointer */ 1007 option = cp; 1008 } 1009 toggle ^= 1; 1010 } 1011 else 1012 /* No more options */ 1013 break; 1014 } while(1); 1015 1016 if(*cp) { 1017 nak(EBADOP); 1018 fclose(server); 1019 return 3; 1020 } 1021 1022 /* store input protocol */ 1023 fprintf(server, "filename: %s\n", filename); 1024 1025 for(cp = mode; cp && *cp; cp++) 1026 if(ISUPPER(*cp)) 1027 *cp = (char)tolower((int)*cp); 1028 1029 /* store input protocol */ 1030 fclose(server); 1031 1032 for(pf = formata; pf->f_mode; pf++) 1033 if(strcmp(pf->f_mode, mode) == 0) 1034 break; 1035 if(!pf->f_mode) { 1036 nak(EBADOP); 1037 return 2; 1038 } 1039 ecode = validate_access(test, filename, tp->th_opcode); 1040 if(ecode) { 1041 nak(ecode); 1042 return 1; 1043 } 1044 1045 #ifdef USE_WINSOCK 1046 recvtimeout = sizeof(recvtimeoutbak); 1047 getsockopt(peer, SOL_SOCKET, SO_RCVTIMEO, 1048 (char *)&recvtimeoutbak, (int *)&recvtimeout); 1049 recvtimeout = TIMEOUT*1000; 1050 setsockopt(peer, SOL_SOCKET, SO_RCVTIMEO, 1051 (const char *)&recvtimeout, sizeof(recvtimeout)); 1052 #endif 1053 1054 if(tp->th_opcode == opcode_WRQ) 1055 recvtftp(test, pf); 1056 else 1057 sendtftp(test, pf); 1058 1059 #ifdef USE_WINSOCK 1060 recvtimeout = recvtimeoutbak; 1061 setsockopt(peer, SOL_SOCKET, SO_RCVTIMEO, 1062 (const char *)&recvtimeout, sizeof(recvtimeout)); 1063 #endif 1064 1065 return 0; 1066 } 1067 1068 /* Based on the testno, parse the correct server commands. */ 1069 static int parse_servercmd(struct testcase *req) 1070 { 1071 FILE *stream; 1072 char *filename; 1073 int error; 1074 1075 filename = test2file(req->testno); 1076 1077 stream = fopen(filename, "rb"); 1078 if(!stream) { 1079 error = errno; 1080 logmsg("fopen() failed with error: %d %s", error, strerror(error)); 1081 logmsg(" [1] Error opening file: %s", filename); 1082 logmsg(" Couldn't open test file %ld", req->testno); 1083 return 1; /* done */ 1084 } 1085 else { 1086 char *orgcmd = NULL; 1087 char *cmd = NULL; 1088 size_t cmdsize = 0; 1089 int num = 0; 1090 1091 /* get the custom server control "commands" */ 1092 error = getpart(&orgcmd, &cmdsize, "reply", "servercmd", stream); 1093 fclose(stream); 1094 if(error) { 1095 logmsg("getpart() failed with error: %d", error); 1096 return 1; /* done */ 1097 } 1098 1099 cmd = orgcmd; 1100 while(cmd && cmdsize) { 1101 char *check; 1102 if(1 == sscanf(cmd, "writedelay: %d", &num)) { 1103 logmsg("instructed to delay %d secs between packets", num); 1104 req->writedelay = num; 1105 } 1106 else { 1107 logmsg("Unknown <servercmd> instruction found: %s", cmd); 1108 } 1109 /* try to deal with CRLF or just LF */ 1110 check = strchr(cmd, '\r'); 1111 if(!check) 1112 check = strchr(cmd, '\n'); 1113 1114 if(check) { 1115 /* get to the letter following the newline */ 1116 while((*check == '\r') || (*check == '\n')) 1117 check++; 1118 1119 if(!*check) 1120 /* if we reached a zero, get out */ 1121 break; 1122 cmd = check; 1123 } 1124 else 1125 break; 1126 } 1127 free(orgcmd); 1128 } 1129 1130 return 0; /* OK! */ 1131 } 1132 1133 1134 /* 1135 * Validate file access. 1136 */ 1137 static int validate_access(struct testcase *test, 1138 const char *filename, int mode) 1139 { 1140 char *ptr; 1141 long testno, partno; 1142 int error; 1143 char partbuf[80]="data"; 1144 1145 logmsg("trying to get file: %s mode %x", filename, mode); 1146 1147 if(!strncmp("verifiedserver", filename, 14)) { 1148 char weare[128]; 1149 size_t count = snprintf(weare, sizeof(weare), 1150 "WE ROOLZ: %ld\r\n", (long)getpid()); 1151 1152 logmsg("Are-we-friendly question received"); 1153 test->buffer = strdup(weare); 1154 test->rptr = test->buffer; /* set read pointer */ 1155 test->bufsize = count; /* set total count */ 1156 test->rcount = count; /* set data left to read */ 1157 return 0; /* fine */ 1158 } 1159 1160 /* find the last slash */ 1161 ptr = strrchr(filename, '/'); 1162 1163 if(ptr) { 1164 char *file; 1165 1166 ptr++; /* skip the slash */ 1167 1168 /* skip all non-numericals following the slash */ 1169 while(*ptr && !ISDIGIT(*ptr)) 1170 ptr++; 1171 1172 /* get the number */ 1173 testno = strtol(ptr, &ptr, 10); 1174 1175 if(testno > 10000) { 1176 partno = testno % 10000; 1177 testno /= 10000; 1178 } 1179 else 1180 partno = 0; 1181 1182 1183 logmsg("requested test number %ld part %ld", testno, partno); 1184 1185 test->testno = testno; 1186 1187 (void)parse_servercmd(test); 1188 1189 file = test2file(testno); 1190 1191 if(0 != partno) 1192 snprintf(partbuf, sizeof(partbuf), "data%ld", partno); 1193 1194 if(file) { 1195 FILE *stream = fopen(file, "rb"); 1196 if(!stream) { 1197 error = errno; 1198 logmsg("fopen() failed with error: %d %s", error, strerror(error)); 1199 logmsg("Error opening file: %s", file); 1200 logmsg("Couldn't open test file: %s", file); 1201 return EACCESS; 1202 } 1203 else { 1204 size_t count; 1205 error = getpart(&test->buffer, &count, "reply", partbuf, stream); 1206 fclose(stream); 1207 if(error) { 1208 logmsg("getpart() failed with error: %d", error); 1209 return EACCESS; 1210 } 1211 if(test->buffer) { 1212 test->rptr = test->buffer; /* set read pointer */ 1213 test->bufsize = count; /* set total count */ 1214 test->rcount = count; /* set data left to read */ 1215 } 1216 else 1217 return EACCESS; 1218 } 1219 1220 } 1221 else 1222 return EACCESS; 1223 } 1224 else { 1225 logmsg("no slash found in path"); 1226 return EACCESS; /* failure */ 1227 } 1228 1229 logmsg("file opened and all is good"); 1230 return 0; 1231 } 1232 1233 /* 1234 * Send the requested file. 1235 */ 1236 static void sendtftp(struct testcase *test, struct formats *pf) 1237 { 1238 int size; 1239 ssize_t n; 1240 /* These are volatile to live through a siglongjmp */ 1241 volatile unsigned short sendblock; /* block count */ 1242 struct tftphdr * volatile sdp = r_init(); /* data buffer */ 1243 struct tftphdr * const sap = &ackbuf.hdr; /* ack buffer */ 1244 1245 sendblock = 1; 1246 #if defined(HAVE_ALARM) && defined(SIGALRM) 1247 mysignal(SIGALRM, timer); 1248 #endif 1249 do { 1250 size = readit(test, (struct tftphdr **)&sdp, pf->f_convert); 1251 if(size < 0) { 1252 nak(errno + 100); 1253 return; 1254 } 1255 sdp->th_opcode = htons((unsigned short)opcode_DATA); 1256 sdp->th_block = htons(sendblock); 1257 timeout = 0; 1258 #ifdef HAVE_SIGSETJMP 1259 (void) sigsetjmp(timeoutbuf, 1); 1260 #endif 1261 if(test->writedelay) { 1262 logmsg("Pausing %d seconds before %d bytes", test->writedelay, 1263 size); 1264 wait_ms(1000*test->writedelay); 1265 } 1266 1267 send_data: 1268 if(swrite(peer, sdp, size + 4) != size + 4) { 1269 logmsg("write"); 1270 return; 1271 } 1272 read_ahead(test, pf->f_convert); 1273 for(;;) { 1274 #ifdef HAVE_ALARM 1275 alarm(rexmtval); /* read the ack */ 1276 #endif 1277 n = sread(peer, &ackbuf.storage[0], sizeof(ackbuf.storage)); 1278 #ifdef HAVE_ALARM 1279 alarm(0); 1280 #endif 1281 if(got_exit_signal) 1282 return; 1283 if(n < 0) { 1284 logmsg("read: fail"); 1285 return; 1286 } 1287 sap->th_opcode = ntohs((unsigned short)sap->th_opcode); 1288 sap->th_block = ntohs(sap->th_block); 1289 1290 if(sap->th_opcode == opcode_ERROR) { 1291 logmsg("got ERROR"); 1292 return; 1293 } 1294 1295 if(sap->th_opcode == opcode_ACK) { 1296 if(sap->th_block == sendblock) { 1297 break; 1298 } 1299 /* Re-synchronize with the other side */ 1300 (void) synchnet(peer); 1301 if(sap->th_block == (sendblock-1)) { 1302 goto send_data; 1303 } 1304 } 1305 1306 } 1307 sendblock++; 1308 } while(size == SEGSIZE); 1309 } 1310 1311 /* 1312 * Receive a file. 1313 */ 1314 static void recvtftp(struct testcase *test, struct formats *pf) 1315 { 1316 ssize_t n, size; 1317 /* These are volatile to live through a siglongjmp */ 1318 volatile unsigned short recvblock; /* block count */ 1319 struct tftphdr * volatile rdp; /* data buffer */ 1320 struct tftphdr *rap; /* ack buffer */ 1321 1322 recvblock = 0; 1323 rdp = w_init(); 1324 #if defined(HAVE_ALARM) && defined(SIGALRM) 1325 mysignal(SIGALRM, timer); 1326 #endif 1327 rap = &ackbuf.hdr; 1328 do { 1329 timeout = 0; 1330 rap->th_opcode = htons((unsigned short)opcode_ACK); 1331 rap->th_block = htons(recvblock); 1332 recvblock++; 1333 #ifdef HAVE_SIGSETJMP 1334 (void) sigsetjmp(timeoutbuf, 1); 1335 #endif 1336 send_ack: 1337 if(swrite(peer, &ackbuf.storage[0], 4) != 4) { 1338 logmsg("write: fail\n"); 1339 goto abort; 1340 } 1341 write_behind(test, pf->f_convert); 1342 for(;;) { 1343 #ifdef HAVE_ALARM 1344 alarm(rexmtval); 1345 #endif 1346 n = sread(peer, rdp, PKTSIZE); 1347 #ifdef HAVE_ALARM 1348 alarm(0); 1349 #endif 1350 if(got_exit_signal) 1351 goto abort; 1352 if(n < 0) { /* really? */ 1353 logmsg("read: fail\n"); 1354 goto abort; 1355 } 1356 rdp->th_opcode = ntohs((unsigned short)rdp->th_opcode); 1357 rdp->th_block = ntohs(rdp->th_block); 1358 if(rdp->th_opcode == opcode_ERROR) 1359 goto abort; 1360 if(rdp->th_opcode == opcode_DATA) { 1361 if(rdp->th_block == recvblock) { 1362 break; /* normal */ 1363 } 1364 /* Re-synchronize with the other side */ 1365 (void) synchnet(peer); 1366 if(rdp->th_block == (recvblock-1)) 1367 goto send_ack; /* rexmit */ 1368 } 1369 } 1370 1371 size = writeit(test, &rdp, (int)(n - 4), pf->f_convert); 1372 if(size != (n-4)) { /* ahem */ 1373 if(size < 0) 1374 nak(errno + 100); 1375 else 1376 nak(ENOSPACE); 1377 goto abort; 1378 } 1379 } while(size == SEGSIZE); 1380 write_behind(test, pf->f_convert); 1381 1382 rap->th_opcode = htons((unsigned short)opcode_ACK); /* send the "final" 1383 ack */ 1384 rap->th_block = htons(recvblock); 1385 (void) swrite(peer, &ackbuf.storage[0], 4); 1386 #if defined(HAVE_ALARM) && defined(SIGALRM) 1387 mysignal(SIGALRM, justtimeout); /* just abort read on timeout */ 1388 alarm(rexmtval); 1389 #endif 1390 /* normally times out and quits */ 1391 n = sread(peer, &buf.storage[0], sizeof(buf.storage)); 1392 #ifdef HAVE_ALARM 1393 alarm(0); 1394 #endif 1395 if(got_exit_signal) 1396 goto abort; 1397 if(n >= 4 && /* if read some data */ 1398 rdp->th_opcode == opcode_DATA && /* and got a data block */ 1399 recvblock == rdp->th_block) { /* then my last ack was lost */ 1400 (void) swrite(peer, &ackbuf.storage[0], 4); /* resend final ack */ 1401 } 1402 abort: 1403 return; 1404 } 1405 1406 /* 1407 * Send a nak packet (error message). Error code passed in is one of the 1408 * standard TFTP codes, or a Unix errno offset by 100. 1409 */ 1410 static void nak(int error) 1411 { 1412 struct tftphdr *tp; 1413 int length; 1414 struct errmsg *pe; 1415 1416 tp = &buf.hdr; 1417 tp->th_opcode = htons((unsigned short)opcode_ERROR); 1418 tp->th_code = htons((unsigned short)error); 1419 for(pe = errmsgs; pe->e_code >= 0; pe++) 1420 if(pe->e_code == error) 1421 break; 1422 if(pe->e_code < 0) { 1423 pe->e_msg = strerror(error - 100); 1424 tp->th_code = EUNDEF; /* set 'undef' errorcode */ 1425 } 1426 length = (int)strlen(pe->e_msg); 1427 1428 /* we use memcpy() instead of strcpy() in order to avoid buffer overflow 1429 * report from glibc with FORTIFY_SOURCE */ 1430 memcpy(tp->th_msg, pe->e_msg, length + 1); 1431 length += 5; 1432 if(swrite(peer, &buf.storage[0], length) != length) 1433 logmsg("nak: fail\n"); 1434 } 1435
