search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
6769230 ifconfig gives tunnel security warnings when it shouldn't
[unleashed.git] / usr / src / cmd / cmd-inet / usr.sbin / in.tftpd.c
blob6ff772be87d09b47d9e3faca28cacf1d1a337f5a
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 *
21 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
22 * Use is subject to license terms.
23 */
24
25 /*
26 * Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T
27 * All Rights Reserved.
28 */
29
30 /*
31 * University Copyright- Copyright (c) 1982, 1986, 1988
32 * The Regents of the University of California.
33 * All Rights Reserved.
34 *
35 * University Acknowledgment- Portions of this document are derived from
36 * software developed by the University of California, Berkeley, and its
37 * contributors.
38 */
39
40 /*
41 * Trivial file transfer protocol server. A top level process runs in
42 * an infinite loop fielding new TFTP requests. A child process,
43 * communicating via a pipe with the top level process, sends delayed
44 * NAKs for those that we can't handle. A new child process is created
45 * to service each request that we can handle. The top level process
46 * exits after a period of time during which no new requests are
47 * received.
48 */
49
50 #include <sys/types.h>
51 #include <sys/socket.h>
52 #include <sys/wait.h>
53 #include <sys/stat.h>
54 #include <sys/time.h>
55
56 #include <netinet/in.h>
57
58 #include <arpa/inet.h>
59 #include <dirent.h>
60 #include <signal.h>
61 #include <stdio.h>
62 #include <stdlib.h>
63 #include <unistd.h>
64 #include <errno.h>
65 #include <ctype.h>
66 #include <netdb.h>
67 #include <setjmp.h>
68 #include <syslog.h>
69 #include <sys/param.h>
70 #include <fcntl.h>
71 #include <pwd.h>
72 #include <string.h>
73 #include <priv_utils.h>
74 #include "tftpcommon.h"
75
76 #define TIMEOUT 5
77 #define DELAY_SECS 3
78 #define DALLYSECS 60
79
80 #define SYSLOG_MSG(message) \
81 (syslog((((errno == ENETUNREACH) || (errno == EHOSTUNREACH) || \
82 (errno == ECONNREFUSED)) ? LOG_WARNING : LOG_ERR), message))
83
84 static int rexmtval = TIMEOUT;
85 static int maxtimeout = 5*TIMEOUT;
86 static int securetftp;
87 static int debug;
88 static int disable_pnp;
89 static int standalone;
90 static uid_t uid_nobody = UID_NOBODY;
91 static uid_t gid_nobody = GID_NOBODY;
92 static int reqsock = -1;
93 /* file descriptor of request socket */
94 static socklen_t fromlen;
95 static socklen_t fromplen;
96 static struct sockaddr_storage client;
97 static struct sockaddr_in6 *sin6_ptr;
98 static struct sockaddr_in *sin_ptr;
99 static struct sockaddr_in6 *from6_ptr;
100 static struct sockaddr_in *from_ptr;
101 static int addrfmly;
102 static int peer;
103 static off_t tsize;
104 static tftpbuf ackbuf;
105 static struct sockaddr_storage from;
106 static boolean_t tsize_set;
107 static pid_t child;
108 /* pid of child handling delayed replys */
109 static int delay_fd [2];
110 /* pipe for communicating with child */
111 static FILE *file;
112 static char *filename;
113
114 static union {
115 struct tftphdr hdr;
116 char data[SEGSIZE + 4];
117 } buf;
118
119 static union {
120 struct tftphdr hdr;
121 char data[SEGSIZE];
122 } oackbuf;
123
124 struct delay_info {
125 long timestamp; /* time request received */
126 int ecode; /* error code to return */
127 struct sockaddr_storage from; /* address of client */
128 };
129
130 int blocksize = SEGSIZE; /* Number of data bytes in a DATA packet */
131
132 /*
133 * Default directory for unqualified names
134 * Used by TFTP boot procedures
135 */
136 static char *homedir = "/tftpboot";
137
138 struct formats {
139 char *f_mode;
140 int (*f_validate)(int);
141 void (*f_send)(struct formats *, int);
142 void (*f_recv)(struct formats *, int);
143 int f_convert;
144 };
145
146 static void delayed_responder(void);
147 static void tftp(struct tftphdr *, int);
148 static int validate_filename(int);
149 static void tftpd_sendfile(struct formats *, int);
150 static void tftpd_recvfile(struct formats *, int);
151 static void nak(int);
152 static char *blksize_handler(int, char *, int *);
153 static char *timeout_handler(int, char *, int *);
154 static char *tsize_handler(int, char *, int *);
155
156 static struct formats formats[] = {
157 { "netascii", validate_filename, tftpd_sendfile, tftpd_recvfile, 1 },
158 { "octet", validate_filename, tftpd_sendfile, tftpd_recvfile, 0 },
159 { NULL }
160 };
161
162 struct options {
163 char *opt_name;
164 char *(*opt_handler)(int, char *, int *);
165 };
166
167 static struct options options[] = {
168 { "blksize", blksize_handler },
169 { "timeout", timeout_handler },
170 { "tsize", tsize_handler },
171 { NULL }
172 };
173
174 static char optbuf[MAX_OPTVAL_LEN];
175 static int timeout;
176 static sigjmp_buf timeoutbuf;
177
178 int
179 main(int argc, char **argv)
180 {
181 struct tftphdr *tp;
182 int n;
183 int c;
184 struct passwd *pwd; /* for "nobody" entry */
185 struct in_addr ipv4addr;
186 char abuf[INET6_ADDRSTRLEN];
187 socklen_t addrlen;
188
189 openlog("tftpd", LOG_PID, LOG_DAEMON);
190
191 pwd = getpwnam("nobody");
192 if (pwd != NULL) {
193 uid_nobody = pwd->pw_uid;
194 gid_nobody = pwd->pw_gid;
195 }
196
197 (void) __init_daemon_priv(
198 PU_LIMITPRIVS,
199 uid_nobody, gid_nobody,
200 PRIV_PROC_FORK, PRIV_PROC_CHROOT, PRIV_NET_PRIVADDR, NULL);
201
202 /*
203 * Limit set is still "all." Trim it down to just what we need:
204 * fork and chroot.
205 */
206 (void) priv_set(PRIV_SET, PRIV_ALLSETS,
207 PRIV_PROC_FORK, PRIV_PROC_CHROOT, PRIV_NET_PRIVADDR, NULL);
208 (void) priv_set(PRIV_SET, PRIV_EFFECTIVE, NULL);
209 (void) priv_set(PRIV_SET, PRIV_INHERITABLE, NULL);
210
211 while ((c = getopt(argc, argv, "dspST:")) != EOF)
212 switch (c) {
213 case 'd': /* enable debug */
214 debug++;
215 continue;
216 case 's': /* secure daemon */
217 securetftp = 1;
218 continue;
219 case 'p': /* disable name pnp mapping */
220 disable_pnp = 1;
221 continue;
222 case 'S':
223 standalone = 1;
224 continue;
225 case 'T':
226 rexmtval = atoi(optarg);
227 if (rexmtval <= 0 || rexmtval > MAX_TIMEOUT) {
228 (void) fprintf(stderr,
229 "%s: Invalid retransmission "
230 "timeout value: %s\n", argv[0], optarg);
231 exit(1);
232 }
233 maxtimeout = 5 * rexmtval;
234 continue;
235 case '?':
236 default:
237 usage:
238 (void) fprintf(stderr,
239 "usage: %s [-T rexmtval] [-spd] [home-directory]\n",
240 argv[0]);
241 for (; optind < argc; optind++)
242 syslog(LOG_ERR, "bad argument %s",
243 argv[optind]);
244 exit(1);
245 }
246
247 if (optind < argc)
248 if (optind == argc - 1 && *argv [optind] == '/')
249 homedir = argv [optind];
250 else
251 goto usage;
252
253 if (pipe(delay_fd) < 0) {
254 syslog(LOG_ERR, "pipe (main): %m");
255 exit(1);
256 }
257
258 (void) sigset(SIGCHLD, SIG_IGN); /* no zombies please */
259
260 if (standalone) {
261 socklen_t clientlen;
262
263 sin6_ptr = (struct sockaddr_in6 *)&client;
264 clientlen = sizeof (struct sockaddr_in6);
265 reqsock = socket(AF_INET6, SOCK_DGRAM, 0);
266 if (reqsock == -1) {
267 perror("socket");
268 exit(1);
269 }
270 (void) memset(&client, 0, clientlen);
271 sin6_ptr->sin6_family = AF_INET6;
272 sin6_ptr->sin6_port = htons(IPPORT_TFTP);
273
274 /* Enable privilege as tftp port is < 1024 */
275 (void) priv_set(PRIV_SET,
276 PRIV_EFFECTIVE, PRIV_NET_PRIVADDR, NULL);
277 if (bind(reqsock, (struct sockaddr *)&client,
278 clientlen) == -1) {
279 perror("bind");
280 exit(1);
281 }
282 (void) priv_set(PRIV_SET, PRIV_EFFECTIVE, NULL);
283
284 if (debug)
285 (void) puts("running in standalone mode...");
286 } else {
287 /* request socket passed on fd 0 by inetd */
288 reqsock = 0;
289 }
290 if (debug) {
291 int on = 1;
292
293 (void) setsockopt(reqsock, SOL_SOCKET, SO_DEBUG,
294 (char *)&on, sizeof (on));
295 }
296
297 (void) chdir(homedir);
298
299 (void) priv_set(PRIV_SET, PRIV_EFFECTIVE, PRIV_PROC_FORK, NULL);
300 if ((child = fork()) < 0) {
301 syslog(LOG_ERR, "fork (main): %m");
302 exit(1);
303 }
304 (void) priv_set(PRIV_SET, PRIV_EFFECTIVE, NULL);
305
306 if (child == 0) {
307 (void) priv_set(PRIV_SET, PRIV_ALLSETS, NULL);
308 delayed_responder();
309 } /* child */
310
311 /* close read side of pipe */
312 (void) close(delay_fd[0]);
313
314
315 /*
316 * Top level handling of incomming tftp requests. Read a request
317 * and pass it off to be handled. If request is valid, handling
318 * forks off and parent returns to this loop. If no new requests
319 * are received for DALLYSECS, exit and return to inetd.
320 */
321
322 for (;;) {
323 fd_set readfds;
324 struct timeval dally;
325
326 FD_ZERO(&readfds);
327 FD_SET(reqsock, &readfds);
328 dally.tv_sec = DALLYSECS;
329 dally.tv_usec = 0;
330
331 n = select(reqsock + 1, &readfds, NULL, NULL, &dally);
332 if (n < 0) {
333 if (errno == EINTR)
334 continue;
335 syslog(LOG_ERR, "select: %m");
336 (void) kill(child, SIGKILL);
337 exit(1);
338 }
339 if (n == 0) {
340 /* Select timed out. Its time to die. */
341 if (standalone)
342 continue;
343 else {
344 (void) kill(child, SIGKILL);
345 exit(0);
346 }
347 }
348 addrlen = sizeof (from);
349 if (getsockname(reqsock, (struct sockaddr *)&from,
350 &addrlen) < 0) {
351 syslog(LOG_ERR, "getsockname: %m");
352 exit(1);
353 }
354
355 switch (from.ss_family) {
356 case AF_INET:
357 fromlen = (socklen_t)sizeof (struct sockaddr_in);
358 break;
359 case AF_INET6:
360 fromlen = (socklen_t)sizeof (struct sockaddr_in6);
361 break;
362 default:
363 syslog(LOG_ERR,
364 "Unknown address Family on peer connection %d",
365 from.ss_family);
366 exit(1);
367 }
368
369 n = recvfrom(reqsock, &buf, sizeof (buf), 0,
370 (struct sockaddr *)&from, &fromlen);
371 if (n < 0) {
372 if (errno == EINTR)
373 continue;
374 if (standalone)
375 perror("recvfrom");
376 else
377 syslog(LOG_ERR, "recvfrom: %m");
378 (void) kill(child, SIGKILL);
379 exit(1);
380 }
381
382 (void) alarm(0);
383
384 switch (from.ss_family) {
385 case AF_INET:
386 addrfmly = AF_INET;
387 fromplen = sizeof (struct sockaddr_in);
388 sin_ptr = (struct sockaddr_in *)&client;
389 (void) memset(&client, 0, fromplen);
390 sin_ptr->sin_family = AF_INET;
391 break;
392 case AF_INET6:
393 addrfmly = AF_INET6;
394 fromplen = sizeof (struct sockaddr_in6);
395 sin6_ptr = (struct sockaddr_in6 *)&client;
396 (void) memset(&client, 0, fromplen);
397 sin6_ptr->sin6_family = AF_INET6;
398 break;
399 default:
400 syslog(LOG_ERR,
401 "Unknown address Family on peer connection");
402 exit(1);
403 }
404 peer = socket(addrfmly, SOCK_DGRAM, 0);
405 if (peer < 0) {
406 if (standalone)
407 perror("socket (main)");
408 else
409 syslog(LOG_ERR, "socket (main): %m");
410 (void) kill(child, SIGKILL);
411 exit(1);
412 }
413 if (debug) {
414 int on = 1;
415
416 (void) setsockopt(peer, SOL_SOCKET, SO_DEBUG,
417 (char *)&on, sizeof (on));
418 }
419
420 if (bind(peer, (struct sockaddr *)&client, fromplen) < 0) {
421 if (standalone)
422 perror("bind (main)");
423 else
424 syslog(LOG_ERR, "bind (main): %m");
425 (void) kill(child, SIGKILL);
426 exit(1);
427 }
428 if (standalone && debug) {
429 sin6_ptr = (struct sockaddr_in6 *)&client;
430 from6_ptr = (struct sockaddr_in6 *)&from;
431 if (IN6_IS_ADDR_V4MAPPED(&from6_ptr->sin6_addr)) {
432 IN6_V4MAPPED_TO_INADDR(&from6_ptr->sin6_addr,
433 &ipv4addr);
434 (void) inet_ntop(AF_INET, &ipv4addr, abuf,
435 sizeof (abuf));
436 } else {
437 (void) inet_ntop(AF_INET6,
438 &from6_ptr->sin6_addr, abuf,
439 sizeof (abuf));
440 }
441 /* get local port */
442 if (getsockname(peer, (struct sockaddr *)&client,
443 &fromplen) < 0)
444 perror("getsockname (main)");
445 (void) fprintf(stderr,
446 "request from %s port %d; local port %d\n",
447 abuf, from6_ptr->sin6_port, sin6_ptr->sin6_port);
448 }
449 tp = &buf.hdr;
450 tp->th_opcode = ntohs((ushort_t)tp->th_opcode);
451 if (tp->th_opcode == RRQ || tp->th_opcode == WRQ)
452 tftp(tp, n);
453
454 (void) close(peer);
455 (void) fclose(file);
456 }
457
458 /*NOTREACHED*/
459 return (0);
460 }
461
462 static void
463 delayed_responder(void)
464 {
465 struct delay_info dinfo;
466 long now;
467
468 /* we don't use the descriptors passed in to the parent */
469 (void) close(0);
470 (void) close(1);
471 if (standalone)
472 (void) close(reqsock);
473
474 /* close write side of pipe */
475 (void) close(delay_fd[1]);
476
477 for (;;) {
478 int n;
479
480 if ((n = read(delay_fd[0], &dinfo,
481 sizeof (dinfo))) != sizeof (dinfo)) {
482 if (n < 0) {
483 if (errno == EINTR)
484 continue;
485 if (standalone)
486 perror("read from pipe "
487 "(delayed responder)");
488 else
489 syslog(LOG_ERR, "read from pipe: %m");
490 }
491 exit(1);
492 }
493 switch (dinfo.from.ss_family) {
494 case AF_INET:
495 addrfmly = AF_INET;
496 fromplen = sizeof (struct sockaddr_in);
497 sin_ptr = (struct sockaddr_in *)&client;
498 (void) memset(&client, 0, fromplen);
499 sin_ptr->sin_family = AF_INET;
500 break;
501 case AF_INET6:
502 addrfmly = AF_INET6;
503 fromplen = sizeof (struct sockaddr_in6);
504 sin6_ptr = (struct sockaddr_in6 *)&client;
505 (void) memset(&client, 0, fromplen);
506 sin6_ptr->sin6_family = AF_INET6;
507 break;
508 }
509 peer = socket(addrfmly, SOCK_DGRAM, 0);
510 if (peer == -1) {
511 if (standalone)
512 perror("socket (delayed responder)");
513 else
514 syslog(LOG_ERR, "socket (delay): %m");
515 exit(1);
516 }
517 if (debug) {
518 int on = 1;
519
520 (void) setsockopt(peer, SOL_SOCKET, SO_DEBUG,
521 (char *)&on, sizeof (on));
522 }
523
524 if (bind(peer, (struct sockaddr *)&client, fromplen) < 0) {
525 if (standalone)
526 perror("bind (delayed responder)");
527 else
528 syslog(LOG_ERR, "bind (delay): %m");
529 exit(1);
530 }
531 if (client.ss_family == AF_INET) {
532 from_ptr = (struct sockaddr_in *)&dinfo.from;
533 from_ptr->sin_family = AF_INET;
534 } else {
535 from6_ptr = (struct sockaddr_in6 *)&dinfo.from;
536 from6_ptr->sin6_family = AF_INET6;
537 }
538 /*
539 * Since a request hasn't been received from the client
540 * before the delayed responder process is forked, the
541 * from variable is uninitialized. So set it to contain
542 * the client address.
543 */
544 from = dinfo.from;
545
546 /*
547 * only sleep if DELAY_SECS has not elapsed since
548 * original request was received. Ensure that `now'
549 * is not earlier than `dinfo.timestamp'
550 */
551 now = time(0);
552 if ((uint_t)(now - dinfo.timestamp) < DELAY_SECS)
553 (void) sleep(DELAY_SECS - (now - dinfo.timestamp));
554 nak(dinfo.ecode);
555 (void) close(peer);
556 } /* for */
557
558 /* NOTREACHED */
559 }
560
561 /*
562 * Handle the Blocksize option.
563 * Return the blksize option value string to include in the OACK reply.
564 */
565 /*ARGSUSED*/
566 static char *
567 blksize_handler(int opcode, char *optval, int *errcode)
568 {
569 char *endp;
570 int value;
571
572 *errcode = -1;
573 errno = 0;
574 value = (int)strtol(optval, &endp, 10);
575 if (errno != 0 || value < MIN_BLKSIZE || *endp != '\0')
576 return (NULL);
577 /*
578 * As the blksize value in the OACK reply can be less than the value
579 * requested, to support broken clients if the value requested is larger
580 * than allowed in the RFC, reply with the maximum value permitted.
581 */
582 if (value > MAX_BLKSIZE)
583 value = MAX_BLKSIZE;
584
585 blocksize = value;
586 (void) snprintf(optbuf, sizeof (optbuf), "%d", blocksize);
587 return (optbuf);
588 }
589
590 /*
591 * Handle the Timeout Interval option.
592 * Return the timeout option value string to include in the OACK reply.
593 */
594 /*ARGSUSED*/
595 static char *
596 timeout_handler(int opcode, char *optval, int *errcode)
597 {
598 char *endp;
599 int value;
600
601 *errcode = -1;
602 errno = 0;
603 value = (int)strtol(optval, &endp, 10);
604 if (errno != 0 || *endp != '\0')
605 return (NULL);
606 /*
607 * The timeout value in the OACK reply must match the value specified
608 * by the client, so if an invalid timeout is requested don't include
609 * the timeout option in the OACK reply.
610 */
611 if (value < MIN_TIMEOUT || value > MAX_TIMEOUT)
612 return (NULL);
613
614 rexmtval = value;
615 maxtimeout = 5 * rexmtval;
616 (void) snprintf(optbuf, sizeof (optbuf), "%d", rexmtval);
617 return (optbuf);
618 }
619
620 /*
621 * Handle the Transfer Size option.
622 * Return the tsize option value string to include in the OACK reply.
623 */
624 static char *
625 tsize_handler(int opcode, char *optval, int *errcode)
626 {
627 char *endp;
628 longlong_t value;
629
630 *errcode = -1;
631 errno = 0;
632 value = strtoll(optval, &endp, 10);
633 if (errno != 0 || value < 0 || *endp != '\0')
634 return (NULL);
635
636 if (opcode == RRQ) {
637 if (tsize_set == B_FALSE)
638 return (NULL);
639 /*
640 * The tsize value should be 0 for a read request, but to
641 * support broken clients we don't check that it is.
642 */
643 } else {
644 #if _FILE_OFFSET_BITS == 32
645 if (value > MAXOFF_T) {
646 *errcode = ENOSPACE;
647 return (NULL);
648 }
649 #endif
650 tsize = value;
651 tsize_set = B_TRUE;
652 }
653 (void) snprintf(optbuf, sizeof (optbuf), OFF_T_FMT, tsize);
654 return (optbuf);
655 }
656
657 /*
658 * Process any options included by the client in the request packet.
659 * Return the size of the OACK reply packet built or 0 for no OACK reply.
660 */
661 static int
662 process_options(int opcode, char *opts, char *endopts)
663 {
664 char *cp, *optname, *optval, *ostr, *oackend;
665 struct tftphdr *oackp;
666 int i, errcode;
667
668 /*
669 * To continue to interoperate with broken TFTP clients, ignore
670 * null padding appended to requests which don't include options.
671 */
672 cp = opts;
673 while ((cp < endopts) && (*cp == '\0'))
674 cp++;
675 if (cp == endopts)
676 return (0);
677
678 /*
679 * Construct an Option ACKnowledgement packet if any requested option
680 * is recognized.
681 */
682 oackp = &oackbuf.hdr;
683 oackend = oackbuf.data + sizeof (oackbuf.data);
684 oackp->th_opcode = htons((ushort_t)OACK);
685 cp = (char *)&oackp->th_stuff;
686 while (opts < endopts) {
687 optname = opts;
688 if ((optval = next_field(optname, endopts)) == NULL) {
689 nak(EOPTNEG);
690 exit(1);
691 }
692 if ((opts = next_field(optval, endopts)) == NULL) {
693 nak(EOPTNEG);
694 exit(1);
695 }
696 for (i = 0; options[i].opt_name != NULL; i++) {
697 if (strcasecmp(optname, options[i].opt_name) == 0)
698 break;
699 }
700 if (options[i].opt_name != NULL) {
701 ostr = options[i].opt_handler(opcode, optval, &errcode);
702 if (ostr != NULL) {
703 cp += strlcpy(cp, options[i].opt_name,
704 oackend - cp) + 1;
705 if (cp <= oackend)
706 cp += strlcpy(cp, ostr, oackend - cp)
707 + 1;
708
709 if (cp > oackend) {
710 nak(EOPTNEG);
711 exit(1);
712 }
713 } else if (errcode >= 0) {
714 nak(errcode);
715 exit(1);
716 }
717 }
718 }
719 if (cp != (char *)&oackp->th_stuff)
720 return (cp - oackbuf.data);
721 return (0);
722 }
723
724 /*
725 * Handle access errors caused by client requests.
726 */
727
728 static void
729 delay_exit(int ecode)
730 {
731 struct delay_info dinfo;
732
733 /*
734 * The most likely cause of an error here is that
735 * someone has broadcast an RRQ packet because s/he's
736 * trying to boot and doesn't know who the server is.
737 * Rather then sending an ERROR packet immediately, we
738 * wait a while so that the real server has a better chance
739 * of getting through (in case client has lousy Ethernet
740 * interface). We write to a child that handles delayed
741 * ERROR packets to avoid delaying service to new
742 * requests. Of course, we would rather just not answer
743 * RRQ packets that are broadcasted, but there's no way
744 * for a user process to determine this.
745 */
746
747 dinfo.timestamp = time(0);
748
749 /*
750 * If running in secure mode, we map all errors to EACCESS
751 * so that the client gets no information about which files
752 * or directories exist.
753 */
754 if (securetftp)
755 dinfo.ecode = EACCESS;
756 else
757 dinfo.ecode = ecode;
758
759 dinfo.from = from;
760 if (write(delay_fd[1], &dinfo, sizeof (dinfo)) !=
761 sizeof (dinfo)) {
762 syslog(LOG_ERR, "delayed write failed.");
763 (void) kill(child, SIGKILL);
764 exit(1);
765 }
766 exit(0);
767 }
768
769 /*
770 * Handle initial connection protocol.
771 */
772 static void
773 tftp(struct tftphdr *tp, int size)
774 {
775 char *cp;
776 int readmode, ecode;
777 struct formats *pf;
778 char *mode;
779 int fd;
780 static boolean_t firsttime = B_TRUE;
781 int oacklen;
782 struct stat statb;
783
784 readmode = (tp->th_opcode == RRQ);
785 filename = (char *)&tp->th_stuff;
786 mode = next_field(filename, &buf.data[size]);
787 cp = (mode != NULL) ? next_field(mode, &buf.data[size]) : NULL;
788 if (cp == NULL) {
789 nak(EBADOP);
790 exit(1);
791 }
792 if (debug && standalone) {
793 (void) fprintf(stderr, "%s for %s %s ",
794 readmode ? "RRQ" : "WRQ", filename, mode);
795 print_options(stderr, cp, size + buf.data - cp);
796 (void) putc('\n', stderr);
797 }
798 for (pf = formats; pf->f_mode != NULL; pf++)
799 if (strcasecmp(pf->f_mode, mode) == 0)
800 break;
801 if (pf->f_mode == NULL) {
802 nak(EBADOP);
803 exit(1);
804 }
805
806 /*
807 * XXX fork a new process to handle this request before
808 * chroot(), otherwise the parent won't be able to create a
809 * new socket as that requires library access to system files
810 * and devices.
811 */
812 (void) priv_set(PRIV_SET, PRIV_EFFECTIVE, PRIV_PROC_FORK, NULL);
813 switch (fork()) {
814 case -1:
815 syslog(LOG_ERR, "fork (tftp): %m");
816 (void) priv_set(PRIV_SET, PRIV_EFFECTIVE, NULL);
817 return;
818 case 0:
819 (void) priv_set(PRIV_SET, PRIV_EFFECTIVE, NULL);
820 break;
821 default:
822 (void) priv_set(PRIV_SET, PRIV_EFFECTIVE, NULL);
823 return;
824 }
825
826 /*
827 * Try to see if we can access the file. The access can still
828 * fail later if we are running in secure mode because of
829 * the chroot() call. We only want to execute the chroot() once.
830 */
831 if (securetftp && firsttime) {
832 (void) priv_set(
833 PRIV_SET, PRIV_EFFECTIVE, PRIV_PROC_CHROOT, NULL);
834 if (chroot(homedir) == -1) {
835 syslog(LOG_ERR,
836 "tftpd: cannot chroot to directory %s: %m\n",
837 homedir);
838 delay_exit(EACCESS);
839 }
840 else
841 {
842 firsttime = B_FALSE;
843 }
844 (void) priv_set(PRIV_SET, PRIV_EFFECTIVE, NULL);
845 (void) chdir("/"); /* cd to new root */
846 }
847 (void) priv_set(PRIV_SET, PRIV_ALLSETS, NULL);
848
849 ecode = (*pf->f_validate)(tp->th_opcode);
850 if (ecode != 0)
851 delay_exit(ecode);
852
853 /* we don't use the descriptors passed in to the parent */
854 (void) close(STDIN_FILENO);
855 (void) close(STDOUT_FILENO);
856
857 /*
858 * Try to open file as low-priv setuid/setgid. Note that
859 * a chroot() has already been done.
860 */
861 fd = open(filename,
862 (readmode ? O_RDONLY : (O_WRONLY|O_TRUNC)) | O_NONBLOCK);
863 if ((fd < 0) || (fstat(fd, &statb) < 0))
864 delay_exit((errno == ENOENT) ? ENOTFOUND : EACCESS);
865
866 if (((statb.st_mode & ((readmode) ? S_IROTH : S_IWOTH)) == 0) ||
867 ((statb.st_mode & S_IFMT) != S_IFREG))
868 delay_exit(EACCESS);
869
870 file = fdopen(fd, readmode ? "r" : "w");
871 if (file == NULL)
872 delay_exit(errno + 100);
873
874 /* Don't know the size of transfers which involve conversion */
875 tsize_set = (readmode && (pf->f_convert == 0));
876 if (tsize_set)
877 tsize = statb.st_size;
878
879 /* Deal with any options sent by the client */
880 oacklen = process_options(tp->th_opcode, cp, buf.data + size);
881
882 if (tp->th_opcode == WRQ)
883 (*pf->f_recv)(pf, oacklen);
884 else
885 (*pf->f_send)(pf, oacklen);
886
887 exit(0);
888 }
889
890 /*
891 * Maybe map filename into another one.
892 *
893 * For PNP, we get TFTP boot requests for filenames like
894 * <Unknown Hex IP Addr>.<Architecture Name>. We must
895 * map these to 'pnp.<Architecture Name>'. Note that
896 * uppercase is mapped to lowercase in the architecture names.
897 *
898 * For names <Hex IP Addr> there are two cases. First,
899 * it may be a buggy prom that omits the architecture code.
900 * So first check if <Hex IP Addr>.<arch> is on the filesystem.
901 * Second, this is how most Sun3s work; assume <arch> is sun3.
902 */
903
904 static char *
905 pnp_check(char *origname)
906 {
907 static char buf [MAXNAMLEN + 1];
908 char *arch, *s, *bufend;
909 in_addr_t ipaddr;
910 int len = (origname ? strlen(origname) : 0);
911 DIR *dir;
912 struct dirent *dp;
913
914 if (securetftp || disable_pnp || len < 8 || len > 14)
915 return (NULL);
916
917 /*
918 * XXX see if this cable allows pnp; if not, return NULL
919 * Requires YP support for determining this!
920 */
921
922 ipaddr = htonl(strtol(origname, &arch, 16));
923 if ((arch == NULL) || (len > 8 && *arch != '.'))
924 return (NULL);
925 if (len == 8)
926 arch = "SUN3";
927 else
928 arch++;
929
930 /*
931 * Allow <Hex IP Addr>* filename request to to be
932 * satisfied by <Hex IP Addr><Any Suffix> rather
933 * than enforcing this to be Sun3 systems. Also serves
934 * to make case of suffix a don't-care.
935 */
936 if ((dir = opendir(homedir)) == NULL)
937 return (NULL);
938 while ((dp = readdir(dir)) != NULL) {
939 if (strncmp(origname, dp->d_name, 8) == 0) {
940 (void) strlcpy(buf, dp->d_name, sizeof (buf));
941 (void) closedir(dir);
942 return (buf);
943 }
944 }
945 (void) closedir(dir);
946
947 /*
948 * XXX maybe call YP master for most current data iff
949 * pnp is enabled.
950 */
951
952 /*
953 * only do mapping PNP boot file name for machines that
954 * are not in the hosts database.
955 */
956 if (gethostbyaddr((char *)&ipaddr, sizeof (ipaddr), AF_INET) != NULL)
957 return (NULL);
958
959 s = buf + strlcpy(buf, "pnp.", sizeof (buf));
960 bufend = &buf[sizeof (buf) - 1];
961 while ((*arch != '\0') && (s < bufend))
962 *s++ = tolower (*arch++);
963 *s = '\0';
964 return (buf);
965 }
966
967
968 /*
969 * Try to validate filename. If the filename doesn't exist try PNP mapping.
970 */
971 static int
972 validate_filename(int mode)
973 {
974 struct stat stbuf;
975 char *origfile;
976
977 if (stat(filename, &stbuf) < 0) {
978 if (errno != ENOENT)
979 return (EACCESS);
980 if (mode == WRQ)
981 return (ENOTFOUND);
982
983 /* try to map requested filename into a pnp filename */
984 origfile = filename;
985 filename = pnp_check(origfile);
986 if (filename == NULL)
987 return (ENOTFOUND);
988
989 if (stat(filename, &stbuf) < 0)
990 return (errno == ENOENT ? ENOTFOUND : EACCESS);
991 syslog(LOG_NOTICE, "%s -> %s\n", origfile, filename);
992 }
993
994 return (0);
995 }
996
997 /* ARGSUSED */
998 static void
999 timer(int signum)
1000 {
1001 timeout += rexmtval;
1002 if (timeout >= maxtimeout)
1003 exit(1);
1004 siglongjmp(timeoutbuf, 1);
1005 }
1006
1007 /*
1008 * Send the requested file.
1009 */
1010 static void
1011 tftpd_sendfile(struct formats *pf, int oacklen)
1012 {
1013 struct tftphdr *dp;
1014 volatile ushort_t block = 1;
1015 int size, n, serrno;
1016
1017 if (oacklen != 0) {
1018 (void) sigset(SIGALRM, timer);
1019 timeout = 0;
1020 (void) sigsetjmp(timeoutbuf, 1);
1021 if (debug && standalone) {
1022 (void) fputs("Sending OACK ", stderr);
1023 print_options(stderr, (char *)&oackbuf.hdr.th_stuff,
1024 oacklen - 2);
1025 (void) putc('\n', stderr);
1026 }
1027 if (sendto(peer, &oackbuf, oacklen, 0,
1028 (struct sockaddr *)&from, fromplen) != oacklen) {
1029 if (debug && standalone) {
1030 serrno = errno;
1031 perror("sendto (oack)");
1032 errno = serrno;
1033 }
1034 SYSLOG_MSG("sendto (oack): %m");
1035 goto abort;
1036 }
1037 (void) alarm(rexmtval); /* read the ack */
1038 for (;;) {
1039 (void) sigrelse(SIGALRM);
1040 n = recv(peer, &ackbuf, sizeof (ackbuf), 0);
1041 (void) sighold(SIGALRM);
1042 if (n < 0) {
1043 if (errno == EINTR)
1044 continue;
1045 serrno = errno;
1046 SYSLOG_MSG("recv (ack): %m");
1047 if (debug && standalone) {
1048 errno = serrno;
1049 perror("recv (ack)");
1050 }
1051 goto abort;
1052 }
1053 ackbuf.tb_hdr.th_opcode =
1054 ntohs((ushort_t)ackbuf.tb_hdr.th_opcode);
1055 ackbuf.tb_hdr.th_block =
1056 ntohs((ushort_t)ackbuf.tb_hdr.th_block);
1057
1058 if (ackbuf.tb_hdr.th_opcode == ERROR) {
1059 if (debug && standalone) {
1060 (void) fprintf(stderr,
1061 "received ERROR %d",
1062 ackbuf.tb_hdr.th_code);
1063 if (n > 4)
1064 (void) fprintf(stderr,
1065 " %.*s", n - 4,
1066 ackbuf.tb_hdr.th_msg);
1067 (void) putc('\n', stderr);
1068 }
1069 goto abort;
1070 }
1071
1072 if (ackbuf.tb_hdr.th_opcode == ACK) {
1073 if (debug && standalone)
1074 (void) fprintf(stderr,
1075 "received ACK for block %d\n",
1076 ackbuf.tb_hdr.th_block);
1077 if (ackbuf.tb_hdr.th_block == 0)
1078 break;
1079 /*
1080 * Don't resend the OACK, avoids getting stuck
1081 * in an OACK/ACK loop if the client keeps
1082 * replying with a bad ACK. Client will either
1083 * send a good ACK or timeout sending bad ones.
1084 */
1085 }
1086 }
1087 cancel_alarm();
1088 }
1089 dp = r_init();
1090 do {
1091 (void) sigset(SIGALRM, timer);
1092 size = readit(file, &dp, pf->f_convert);
1093 if (size < 0) {
1094 nak(errno + 100);
1095 goto abort;
1096 }
1097 dp->th_opcode = htons((ushort_t)DATA);
1098 dp->th_block = htons((ushort_t)block);
1099 timeout = 0;
1100 (void) sigsetjmp(timeoutbuf, 1);
1101 if (debug && standalone)
1102 (void) fprintf(stderr, "Sending DATA block %d\n",
1103 block);
1104 if (sendto(peer, dp, size + 4, 0,
1105 (struct sockaddr *)&from, fromplen) != size + 4) {
1106 if (debug && standalone) {
1107 serrno = errno;
1108 perror("sendto (data)");
1109 errno = serrno;
1110 }
1111 SYSLOG_MSG("sendto (data): %m");
1112 goto abort;
1113 }
1114 read_ahead(file, pf->f_convert);
1115 (void) alarm(rexmtval); /* read the ack */
1116 for (;;) {
1117 (void) sigrelse(SIGALRM);
1118 n = recv(peer, &ackbuf, sizeof (ackbuf), 0);
1119 (void) sighold(SIGALRM);
1120 if (n < 0) {
1121 if (errno == EINTR)
1122 continue;
1123 serrno = errno;
1124 SYSLOG_MSG("recv (ack): %m");
1125 if (debug && standalone) {
1126 errno = serrno;
1127 perror("recv (ack)");
1128 }
1129 goto abort;
1130 }
1131 ackbuf.tb_hdr.th_opcode =
1132 ntohs((ushort_t)ackbuf.tb_hdr.th_opcode);
1133 ackbuf.tb_hdr.th_block =
1134 ntohs((ushort_t)ackbuf.tb_hdr.th_block);
1135
1136 if (ackbuf.tb_hdr.th_opcode == ERROR) {
1137 if (debug && standalone) {
1138 (void) fprintf(stderr,
1139 "received ERROR %d",
1140 ackbuf.tb_hdr.th_code);
1141 if (n > 4)
1142 (void) fprintf(stderr,
1143 " %.*s", n - 4,
1144 ackbuf.tb_hdr.th_msg);
1145 (void) putc('\n', stderr);
1146 }
1147 goto abort;
1148 }
1149
1150 if (ackbuf.tb_hdr.th_opcode == ACK) {
1151 if (debug && standalone)
1152 (void) fprintf(stderr,
1153 "received ACK for block %d\n",
1154 ackbuf.tb_hdr.th_block);
1155 if (ackbuf.tb_hdr.th_block == block) {
1156 break;
1157 }
1158 /*
1159 * Never resend the current DATA packet on
1160 * receipt of a duplicate ACK, doing so would
1161 * cause the "Sorcerer's Apprentice Syndrome".
1162 */
1163 }
1164 }
1165 cancel_alarm();
1166 block++;
1167 } while (size == blocksize);
1168
1169 abort:
1170 cancel_alarm();
1171 (void) fclose(file);
1172 }
1173
1174 /* ARGSUSED */
1175 static void
1176 justquit(int signum)
1177 {
1178 exit(0);
1179 }
1180
1181 /*
1182 * Receive a file.
1183 */
1184 static void
1185 tftpd_recvfile(struct formats *pf, int oacklen)
1186 {
1187 struct tftphdr *dp;
1188 struct tftphdr *ap; /* ack buffer */
1189 ushort_t block = 0;
1190 int n, size, acklen, serrno;
1191
1192 dp = w_init();
1193 ap = &ackbuf.tb_hdr;
1194 do {
1195 (void) sigset(SIGALRM, timer);
1196 timeout = 0;
1197 if (oacklen == 0) {
1198 ap->th_opcode = htons((ushort_t)ACK);
1199 ap->th_block = htons((ushort_t)block);
1200 acklen = 4;
1201 } else {
1202 /* copy OACK packet to the ack buffer ready to send */
1203 (void) memcpy(&ackbuf, &oackbuf, oacklen);
1204 acklen = oacklen;
1205 oacklen = 0;
1206 }
1207 block++;
1208 (void) sigsetjmp(timeoutbuf, 1);
1209 send_ack:
1210 if (debug && standalone) {
1211 if (ap->th_opcode == htons((ushort_t)ACK)) {
1212 (void) fprintf(stderr,
1213 "Sending ACK for block %d\n", block - 1);
1214 } else {
1215 (void) fprintf(stderr, "Sending OACK ");
1216 print_options(stderr, (char *)&ap->th_stuff,
1217 acklen - 2);
1218 (void) putc('\n', stderr);
1219 }
1220 }
1221 if (sendto(peer, &ackbuf, acklen, 0, (struct sockaddr *)&from,
1222 fromplen) != acklen) {
1223 if (ap->th_opcode == htons((ushort_t)ACK)) {
1224 if (debug && standalone) {
1225 serrno = errno;
1226 perror("sendto (ack)");
1227 errno = serrno;
1228 }
1229 syslog(LOG_ERR, "sendto (ack): %m\n");
1230 } else {
1231 if (debug && standalone) {
1232 serrno = errno;
1233 perror("sendto (oack)");
1234 errno = serrno;
1235 }
1236 syslog(LOG_ERR, "sendto (oack): %m\n");
1237 }
1238 goto abort;
1239 }
1240 if (write_behind(file, pf->f_convert) < 0) {
1241 nak(errno + 100);
1242 goto abort;
1243 }
1244 (void) alarm(rexmtval);
1245 for (;;) {
1246 (void) sigrelse(SIGALRM);
1247 n = recv(peer, dp, blocksize + 4, 0);
1248 (void) sighold(SIGALRM);
1249 if (n < 0) { /* really? */
1250 if (errno == EINTR)
1251 continue;
1252 syslog(LOG_ERR, "recv (data): %m");
1253 goto abort;
1254 }
1255 dp->th_opcode = ntohs((ushort_t)dp->th_opcode);
1256 dp->th_block = ntohs((ushort_t)dp->th_block);
1257 if (dp->th_opcode == ERROR) {
1258 cancel_alarm();
1259 if (debug && standalone) {
1260 (void) fprintf(stderr,
1261 "received ERROR %d", dp->th_code);
1262 if (n > 4)
1263 (void) fprintf(stderr,
1264 " %.*s", n - 4, dp->th_msg);
1265 (void) putc('\n', stderr);
1266 }
1267 return;
1268 }
1269 if (dp->th_opcode == DATA) {
1270 if (debug && standalone)
1271 (void) fprintf(stderr,
1272 "Received DATA block %d\n",
1273 dp->th_block);
1274 if (dp->th_block == block) {
1275 break; /* normal */
1276 }
1277 /* Re-synchronize with the other side */
1278 if (synchnet(peer) < 0) {
1279 nak(errno + 100);
1280 goto abort;
1281 }
1282 if (dp->th_block == (block-1))
1283 goto send_ack; /* rexmit */
1284 }
1285 }
1286 cancel_alarm();
1287 /* size = write(file, dp->th_data, n - 4); */
1288 size = writeit(file, &dp, n - 4, pf->f_convert);
1289 if (size != (n - 4)) {
1290 nak((size < 0) ? (errno + 100) : ENOSPACE);
1291 goto abort;
1292 }
1293 } while (size == blocksize);
1294 if (write_behind(file, pf->f_convert) < 0) {
1295 nak(errno + 100);
1296 goto abort;
1297 }
1298 n = fclose(file); /* close data file */
1299 file = NULL;
1300 if (n == EOF) {
1301 nak(errno + 100);
1302 goto abort;
1303 }
1304
1305 ap->th_opcode = htons((ushort_t)ACK); /* send the "final" ack */
1306 ap->th_block = htons((ushort_t)(block));
1307 if (debug && standalone)
1308 (void) fprintf(stderr, "Sending ACK for block %d\n", block);
1309 if (sendto(peer, &ackbuf, 4, 0, (struct sockaddr *)&from,
1310 fromplen) == -1) {
1311 if (debug && standalone)
1312 perror("sendto (ack)");
1313 }
1314 (void) sigset(SIGALRM, justquit); /* just quit on timeout */
1315 (void) alarm(rexmtval);
1316 /* normally times out and quits */
1317 n = recv(peer, dp, blocksize + 4, 0);
1318 (void) alarm(0);
1319 dp->th_opcode = ntohs((ushort_t)dp->th_opcode);
1320 dp->th_block = ntohs((ushort_t)dp->th_block);
1321 if (n >= 4 && /* if read some data */
1322 dp->th_opcode == DATA && /* and got a data block */
1323 block == dp->th_block) { /* then my last ack was lost */
1324 if (debug && standalone) {
1325 (void) fprintf(stderr, "Sending ACK for block %d\n",
1326 block);
1327 }
1328 /* resend final ack */
1329 if (sendto(peer, &ackbuf, 4, 0, (struct sockaddr *)&from,
1330 fromplen) == -1) {
1331 if (debug && standalone)
1332 perror("sendto (last ack)");
1333 }
1334 }
1335
1336 abort:
1337 cancel_alarm();
1338 if (file != NULL)
1339 (void) fclose(file);
1340 }
1341
1342 /*
1343 * Send a nak packet (error message).
1344 * Error code passed in is one of the
1345 * standard TFTP codes, or a UNIX errno
1346 * offset by 100.
1347 * Handles connected as well as unconnected peer.
1348 */
1349 static void
1350 nak(int error)
1351 {
1352 struct tftphdr *tp;
1353 int length;
1354 struct errmsg *pe;
1355 int ret;
1356
1357 tp = &buf.hdr;
1358 tp->th_opcode = htons((ushort_t)ERROR);
1359 tp->th_code = htons((ushort_t)error);
1360 for (pe = errmsgs; pe->e_code >= 0; pe++)
1361 if (pe->e_code == error)
1362 break;
1363 if (pe->e_code < 0) {
1364 pe->e_msg = strerror(error - 100);
1365 tp->th_code = EUNDEF; /* set 'undef' errorcode */
1366 }
1367 (void) strlcpy(tp->th_msg, (pe->e_msg != NULL) ? pe->e_msg : "UNKNOWN",
1368 sizeof (buf) - sizeof (struct tftphdr));
1369 length = strlen(tp->th_msg);
1370 length += sizeof (struct tftphdr);
1371 if (debug && standalone)
1372 (void) fprintf(stderr, "Sending NAK: %s\n", tp->th_msg);
1373
1374 ret = sendto(peer, &buf, length, 0, (struct sockaddr *)&from,
1375 fromplen);
1376 if (ret == -1 && errno == EISCONN) {
1377 /* Try without an address */
1378 ret = send(peer, &buf, length, 0);
1379 }
1380 if (ret == -1) {
1381 if (standalone)
1382 perror("sendto (nak)");
1383 else
1384 syslog(LOG_ERR, "tftpd: nak: %m\n");
1385 } else if (ret != length) {
1386 if (standalone)
1387 perror("sendto (nak) lost data");
1388 else
1389 syslog(LOG_ERR, "tftpd: nak: %d lost\n", length - ret);
1390 }
1391 }
Unleashed OS