tftpd.c 7.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438
  1. #include <u.h>
  2. #include <libc.h>
  3. #include <bio.h>
  4. #include <ip.h>
  5. #include <ndb.h>
  6. enum
  7. {
  8. Maxpath= 128,
  9. Maxerr= 256,
  10. };
  11. int dbg;
  12. int restricted;
  13. void sendfile(int, char*, char*);
  14. void recvfile(int, char*, char*);
  15. void nak(int, int, char*);
  16. void ack(int, ushort);
  17. void clrcon(void);
  18. void setuser(void);
  19. char* sunkernel(char*);
  20. void remoteaddr(char*, char*, int);
  21. void doserve(int);
  22. char bigbuf[32768];
  23. char raddr[64];
  24. char *dir = "/lib/tftpd";
  25. char *dirsl;
  26. int dirsllen;
  27. char flog[] = "ipboot";
  28. char net[Maxpath];
  29. enum
  30. {
  31. Tftp_READ = 1,
  32. Tftp_WRITE = 2,
  33. Tftp_DATA = 3,
  34. Tftp_ACK = 4,
  35. Tftp_ERROR = 5,
  36. Segsize = 512,
  37. };
  38. void
  39. usage(void)
  40. {
  41. fprint(2, "usage: %s [-dr] [-h homedir] [-x netmtpt]\n", argv0);
  42. exits("usage");
  43. }
  44. void
  45. main(int argc, char **argv)
  46. {
  47. char buf[64];
  48. char adir[64], ldir[64];
  49. int cfd, lcfd, dfd;
  50. char *p;
  51. setnetmtpt(net, sizeof(net), nil);
  52. ARGBEGIN{
  53. case 'd':
  54. dbg++;
  55. break;
  56. case 'h':
  57. dir = ARGF();
  58. break;
  59. case 'r':
  60. restricted = 1;
  61. break;
  62. case 'x':
  63. p = ARGF();
  64. if(p == nil)
  65. usage();
  66. setnetmtpt(net, sizeof(net), p);
  67. break;
  68. default:
  69. usage();
  70. }ARGEND
  71. snprint(buf, sizeof buf, "%s/", dir);
  72. dirsl = strdup(buf);
  73. dirsllen = strlen(dirsl);
  74. fmtinstall('E', eipfmt);
  75. fmtinstall('I', eipfmt);
  76. if(chdir(dir) < 0)
  77. sysfatal("can't get to directory %s: %r", dir);
  78. if(!dbg)
  79. switch(rfork(RFNOTEG|RFPROC|RFFDG)) {
  80. case -1:
  81. sysfatal("fork: %r");
  82. case 0:
  83. break;
  84. default:
  85. exits(0);
  86. }
  87. syslog(dbg, flog, "started");
  88. sprint(buf, "%s/udp!*!69", net);
  89. cfd = announce(buf, adir);
  90. setuser();
  91. for(;;) {
  92. lcfd = listen(adir, ldir);
  93. if(lcfd < 0)
  94. sysfatal("listening: %r");
  95. switch(fork()) {
  96. case -1:
  97. sysfatal("fork: %r");
  98. case 0:
  99. dfd = accept(cfd, ldir);
  100. if(dfd < 0)
  101. exits(0);
  102. remoteaddr(ldir, raddr, sizeof(raddr));
  103. doserve(dfd);
  104. exits("done");
  105. break;
  106. default:
  107. close(lcfd);
  108. continue;
  109. }
  110. }
  111. }
  112. void
  113. doserve(int fd)
  114. {
  115. int dlen;
  116. char *mode, *p;
  117. short op;
  118. dlen = read(fd, bigbuf, sizeof(bigbuf));
  119. if(dlen < 0)
  120. sysfatal("listen read: %r");
  121. op = (bigbuf[0]<<8) | bigbuf[1];
  122. dlen -= 2;
  123. mode = bigbuf+2;
  124. while(*mode != '\0' && dlen--)
  125. mode++;
  126. mode++;
  127. p = mode;
  128. while(*p && dlen--)
  129. p++;
  130. if(dlen == 0) {
  131. nak(fd, 0, "bad tftpmode");
  132. close(fd);
  133. syslog(dbg, flog, "bad mode %s", raddr);
  134. return;
  135. }
  136. if(op != Tftp_READ && op != Tftp_WRITE) {
  137. nak(fd, 4, "Illegal TFTP operation");
  138. close(fd);
  139. syslog(dbg, flog, "bad request %d %s", op, raddr);
  140. return;
  141. }
  142. if(restricted){
  143. if(bigbuf[2] == '#' ||
  144. strncmp(bigbuf+2, "../", 3)==0 || strstr(bigbuf+2, "/../") ||
  145. (bigbuf[2] == '/' && strncmp(bigbuf+2, dirsl, dirsllen)!=0)){
  146. nak(fd, 4, "Permission denied");
  147. close(fd);
  148. syslog(dbg, flog, "bad request %d from %s file %s", op, raddr, bigbuf+2);
  149. return;
  150. }
  151. }
  152. if(op == Tftp_READ)
  153. sendfile(fd, bigbuf+2, mode);
  154. else
  155. recvfile(fd, bigbuf+2, mode);
  156. }
  157. void
  158. catcher(void *junk, char *msg)
  159. {
  160. USED(junk);
  161. if(strncmp(msg, "exit", 4) == 0)
  162. noted(NDFLT);
  163. noted(NCONT);
  164. }
  165. void
  166. sendfile(int fd, char *name, char *mode)
  167. {
  168. int file;
  169. uchar buf[Segsize+4];
  170. uchar ack[1024];
  171. char errbuf[Maxerr];
  172. int ackblock, block, ret;
  173. int rexmit, n, al, txtry, rxl;
  174. short op;
  175. syslog(dbg, flog, "send file '%s' %s to %s", name, mode, raddr);
  176. name = sunkernel(name);
  177. if(name == 0){
  178. nak(fd, 0, "not in our database");
  179. return;
  180. }
  181. notify(catcher);
  182. file = open(name, OREAD);
  183. if(file < 0) {
  184. errstr(errbuf, sizeof errbuf);
  185. nak(fd, 0, errbuf);
  186. return;
  187. }
  188. block = 0;
  189. rexmit = 0;
  190. n = 0;
  191. for(txtry = 0; txtry < 5;) {
  192. if(rexmit == 0) {
  193. block++;
  194. buf[0] = 0;
  195. buf[1] = Tftp_DATA;
  196. buf[2] = block>>8;
  197. buf[3] = block;
  198. n = read(file, buf+4, Segsize);
  199. if(n < 0) {
  200. errstr(errbuf, sizeof errbuf);
  201. nak(fd, 0, errbuf);
  202. return;
  203. }
  204. txtry = 0;
  205. }
  206. else {
  207. syslog(dbg, flog, "rexmit %d %s:%d to %s", 4+n, name, block, raddr);
  208. txtry++;
  209. }
  210. ret = write(fd, buf, 4+n);
  211. if(ret < 0)
  212. sysfatal("tftpd: network write error: %r");
  213. for(rxl = 0; rxl < 10; rxl++) {
  214. rexmit = 0;
  215. alarm(500);
  216. al = read(fd, ack, sizeof(ack));
  217. alarm(0);
  218. if(al < 0) {
  219. rexmit = 1;
  220. break;
  221. }
  222. op = ack[0]<<8|ack[1];
  223. if(op == Tftp_ERROR)
  224. goto error;
  225. ackblock = ack[2]<<8|ack[3];
  226. if(ackblock == block)
  227. break;
  228. if(ackblock == 0xffff) {
  229. rexmit = 1;
  230. break;
  231. }
  232. }
  233. if(ret != Segsize+4 && rexmit == 0)
  234. break;
  235. }
  236. error:
  237. close(fd);
  238. close(file);
  239. }
  240. void
  241. recvfile(int fd, char *name, char *mode)
  242. {
  243. ushort op, block, inblock;
  244. uchar buf[Segsize+8];
  245. char errbuf[Maxerr];
  246. int n, ret, file;
  247. syslog(dbg, flog, "receive file '%s' %s from %s", name, mode, raddr);
  248. file = create(name, OWRITE, 0666);
  249. if(file < 0) {
  250. errstr(errbuf, sizeof errbuf);
  251. nak(fd, 0, errbuf);
  252. return;
  253. }
  254. block = 0;
  255. ack(fd, block);
  256. block++;
  257. for(;;) {
  258. alarm(15000);
  259. n = read(fd, buf, sizeof(buf));
  260. alarm(0);
  261. if(n < 0)
  262. goto error;
  263. op = buf[0]<<8|buf[1];
  264. if(op == Tftp_ERROR)
  265. goto error;
  266. n -= 4;
  267. inblock = buf[2]<<8|buf[3];
  268. if(op == Tftp_DATA) {
  269. if(inblock == block) {
  270. ret = write(file, buf, n);
  271. if(ret < 0) {
  272. errstr(errbuf, sizeof errbuf);
  273. nak(fd, 0, errbuf);
  274. goto error;
  275. }
  276. ack(fd, block);
  277. block++;
  278. }
  279. ack(fd, 0xffff);
  280. }
  281. }
  282. error:
  283. close(file);
  284. }
  285. void
  286. ack(int fd, ushort block)
  287. {
  288. uchar ack[4];
  289. int n;
  290. ack[0] = 0;
  291. ack[1] = Tftp_ACK;
  292. ack[2] = block>>8;
  293. ack[3] = block;
  294. n = write(fd, ack, 4);
  295. if(n < 0)
  296. sysfatal("network write: %r");
  297. }
  298. void
  299. nak(int fd, int code, char *msg)
  300. {
  301. char buf[128];
  302. int n;
  303. buf[0] = 0;
  304. buf[1] = Tftp_ERROR;
  305. buf[2] = 0;
  306. buf[3] = code;
  307. strcpy(buf+4, msg);
  308. n = strlen(msg) + 4 + 1;
  309. n = write(fd, buf, n);
  310. if(n < 0)
  311. sysfatal("write nak: %r");
  312. }
  313. void
  314. setuser(void)
  315. {
  316. int f;
  317. f = open("/dev/user", OWRITE);
  318. if(f < 0)
  319. return;
  320. write(f, "none", sizeof("none"));
  321. close(f);
  322. }
  323. char*
  324. lookup(char *sattr, char *sval, char *tattr, char *tval)
  325. {
  326. static Ndb *db;
  327. char *attrs[1];
  328. Ndbtuple *t;
  329. if(db == nil)
  330. db = ndbopen(0);
  331. if(db == nil)
  332. return nil;
  333. if(sattr == nil)
  334. sattr = ipattr(sval);
  335. attrs[0] = tattr;
  336. t = ndbipinfo(db, sattr, sval, attrs, 1);
  337. if(t == nil)
  338. return nil;
  339. strcpy(tval, t->val);
  340. ndbfree(t);
  341. return tval;
  342. }
  343. /*
  344. * for sun kernel boots, replace the requested file name with
  345. * a one from our database. If the database doesn't specify a file,
  346. * don't answer.
  347. */
  348. char*
  349. sunkernel(char *name)
  350. {
  351. ulong addr;
  352. uchar v4[IPv4addrlen];
  353. uchar v6[IPaddrlen];
  354. char buf[Ndbvlen];
  355. char ipbuf[Ndbvlen];
  356. if(strlen(name) != 14 || strncmp(name + 8, ".SUN", 4) != 0)
  357. return name;
  358. addr = strtoul(name, 0, 16);
  359. v4[0] = addr>>24;
  360. v4[1] = addr>>16;
  361. v4[2] = addr>>8;
  362. v4[3] = addr;
  363. v4tov6(v6, v4);
  364. sprint(ipbuf, "%I", v6);
  365. return lookup("ip", ipbuf, "bootf", buf);
  366. }
  367. void
  368. remoteaddr(char *dir, char *raddr, int len)
  369. {
  370. char buf[64];
  371. int fd, n;
  372. snprint(buf, sizeof(buf), "%s/remote", dir);
  373. fd = open(buf, OREAD);
  374. if(fd < 0){
  375. snprint(raddr, sizeof(raddr), "unknown");
  376. return;
  377. }
  378. n = read(fd, raddr, len-1);
  379. close(fd);
  380. if(n <= 0){
  381. snprint(raddr, sizeof(raddr), "unknown");
  382. return;
  383. }
  384. if(n > 0)
  385. n--;
  386. raddr[n] = 0;
  387. }