[unix-history] / libexec / tftpd / tftpd.c

/*
 * Copyright (c) 1983 Regents of the University of California.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *	This product includes software developed by the University of
 *	California, Berkeley and its contributors.
 * 4. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#ifndef lint
char copyright[] =
"@(#) Copyright (c) 1983 Regents of the University of California.\n\
 All rights reserved.\n";
#endif /* not lint */

#ifndef lint
static char sccsid[] = "@(#)tftpd.c	5.13 (Berkeley) 2/26/91";
#endif /* not lint */

/*
 * Trivial file transfer protocol server.
 *
 * This version includes many modifications by Jim Guyton <guyton@rand-unix>
 */

#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/stat.h>
#include <signal.h>
#include <fcntl.h>

#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/tftp.h>
#include <netdb.h>

#include <setjmp.h>
#include <syslog.h>
#include <stdio.h>
#include <errno.h>
#include <ctype.h>
#include <string.h>
#include <stdlib.h>

#define	TIMEOUT		5

extern	int errno;
struct	sockaddr_in s_in = { AF_INET };
int	peer;
int	rexmtval = TIMEOUT;
int	maxtimeout = 5*TIMEOUT;

#define	PKTSIZE	SEGSIZE+4
char	buf[PKTSIZE];
char	ackbuf[PKTSIZE];
struct	sockaddr_in from;
int	fromlen;

#define MAXARG	4
char	*dirs[MAXARG+1];

main(ac, av)
	char **av;
{
	register struct tftphdr *tp;
	register int n = 0;
	int on = 1;

	ac--; av++;
	while (ac-- > 0 && n < MAXARG)
		dirs[n++] = *av++;
	openlog("tftpd", LOG_PID, LOG_DAEMON);
	if (ioctl(0, FIONBIO, &on) < 0) {
		syslog(LOG_ERR, "ioctl(FIONBIO): %m\n");
		exit(1);
	}
	fromlen = sizeof (from);
	n = recvfrom(0, buf, sizeof (buf), 0,
	    (struct sockaddr *)&from, &fromlen);
	if (n < 0) {
		syslog(LOG_ERR, "recvfrom: %m\n");
		exit(1);
	}
	/*
	 * Now that we have read the message out of the UDP
	 * socket, we fork and exit.  Thus, inetd will go back
	 * to listening to the tftp port, and the next request
	 * to come in will start up a new instance of tftpd.
	 *
	 * We do this so that inetd can run tftpd in "wait" mode.
	 * The problem with tftpd running in "nowait" mode is that
	 * inetd may get one or more successful "selects" on the
	 * tftp port before we do our receive, so more than one
	 * instance of tftpd may be started up.  Worse, if tftpd
	 * break before doing the above "recvfrom", inetd would
	 * spawn endless instances, clogging the system.
	 */
	{
		int pid;
		int i, j;

		for (i = 1; i < 20; i++) {
		    pid = fork();
		    if (pid < 0) {
				sleep(i);
				/*
				 * flush out to most recently sent request.
				 *
				 * This may drop some request, but those
				 * will be resent by the clients when
				 * they timeout.  The positive effect of
				 * this flush is to (try to) prevent more
				 * than one tftpd being started up to service
				 * a single request from a single client.
				 */
				j = sizeof from;
				i = recvfrom(0, buf, sizeof (buf), 0,
				    (struct sockaddr *)&from, &j);
				if (i > 0) {
					n = i;
					fromlen = j;
				}
		    } else {
				break;
		    }
		}
		if (pid < 0) {
			syslog(LOG_ERR, "fork: %m\n");
			exit(1);
		} else if (pid != 0) {
			exit(0);
		}
	}
	from.sin_family = AF_INET;
	alarm(0);
	close(0);
	close(1);
	peer = socket(AF_INET, SOCK_DGRAM, 0);
	if (peer < 0) {
		syslog(LOG_ERR, "socket: %m\n");
		exit(1);
	}
	if (bind(peer, (struct sockaddr *)&s_in, sizeof (s_in)) < 0) {
		syslog(LOG_ERR, "bind: %m\n");
		exit(1);
	}
	if (connect(peer, (struct sockaddr *)&from, sizeof(from)) < 0) {
		syslog(LOG_ERR, "connect: %m\n");
		exit(1);
	}
	tp = (struct tftphdr *)buf;
	tp->th_opcode = ntohs(tp->th_opcode);
	if (tp->th_opcode == RRQ || tp->th_opcode == WRQ)
		tftp(tp, n);
	exit(1);
}

int	validate_access();
int	sendfile(), recvfile();

struct formats {
	char	*f_mode;
	int	(*f_validate)();
	int	(*f_send)();
	int	(*f_recv)();
	int	f_convert;
} formats[] = {
	{ "netascii",	validate_access,	sendfile,	recvfile, 1 },
	{ "octet",	validate_access,	sendfile,	recvfile, 0 },
#ifdef notdef
	{ "mail",	validate_user,		sendmail,	recvmail, 1 },
#endif
	{ 0 }
};

/*
 * Handle initial connection protocol.
 */
tftp(tp, size)
	struct tftphdr *tp;
	int size;
{
	register char *cp;
	int first = 1, ecode;
	register struct formats *pf;
	char *filename, *mode;

	filename = cp = tp->th_stuff;
again:
	while (cp < buf + size) {
		if (*cp == '\0')
			break;
		cp++;
	}
	if (*cp != '\0') {
		nak(EBADOP);
		exit(1);
	}
	if (first) {
		mode = ++cp;
		first = 0;
		goto again;
	}
	for (cp = mode; *cp; cp++)
		if (isupper(*cp))
			*cp = tolower(*cp);
	for (pf = formats; pf->f_mode; pf++)
		if (strcmp(pf->f_mode, mode) == 0)
			break;
	if (pf->f_mode == 0) {
		nak(EBADOP);
		exit(1);
	}
	ecode = (*pf->f_validate)(filename, tp->th_opcode);
	if (ecode) {
		nak(ecode);
		exit(1);
	}
	if (tp->th_opcode == WRQ)
		(*pf->f_recv)(pf);
	else
		(*pf->f_send)(pf);
	exit(0);
}


FILE *file;

/*
 * Validate file access.  Since we
 * have no uid or gid, for now require
 * file to exist and be publicly
 * readable/writable.
 * If we were invoked with arguments
 * from inetd then the file must also be
 * in one of the given directory prefixes.
 * Note also, full path name must be
 * given as we have no login directory.
 */
validate_access(filename, mode)
	char *filename;
	int mode;
{
	struct stat stbuf;
	int	fd;
	char *cp, **dirp;

	if (*filename != '/')
		return (EACCESS);
	/*
	 * prevent tricksters from getting around the directory restrictions
	 */
	for (cp = filename + 1; *cp; cp++)
		if(*cp == '.' && strncmp(cp-1, "/../", 4) == 0)
			return(EACCESS);
	for (dirp = dirs; *dirp; dirp++)
		if (strncmp(filename, *dirp, strlen(*dirp)) == 0)
			break;
	if (*dirp==0 && dirp!=dirs)
		return (EACCESS);
	if (stat(filename, &stbuf) < 0)
		return (errno == ENOENT ? ENOTFOUND : EACCESS);
	if (mode == RRQ) {
		if ((stbuf.st_mode&(S_IREAD >> 6)) == 0)
			return (EACCESS);
	} else {
		if ((stbuf.st_mode&(S_IWRITE >> 6)) == 0)
			return (EACCESS);
	}
	fd = open(filename, mode == RRQ ? 0 : 1);
	if (fd < 0)
		return (errno + 100);
	file = fdopen(fd, (mode == RRQ)? "r":"w");
	if (file == NULL) {
		return errno+100;
	}
	return (0);
}

int	timeout;
jmp_buf	timeoutbuf;

void
timer()
{

	timeout += rexmtval;
	if (timeout >= maxtimeout)
		exit(1);
	longjmp(timeoutbuf, 1);
}

/*
 * Send the requested file.
 */
sendfile(pf)
	struct formats *pf;
{
	struct tftphdr *dp, *r_init();
	register struct tftphdr *ap;    /* ack packet */
	register int block = 1, size, n;

	signal(SIGALRM, timer);
	dp = r_init();
	ap = (struct tftphdr *)ackbuf;
	do {
		size = readit(file, &dp, pf->f_convert);
		if (size < 0) {
			nak(errno + 100);
			goto abort;
		}
		dp->th_opcode = htons((u_short)DATA);
		dp->th_block = htons((u_short)block);
		timeout = 0;
		(void) setjmp(timeoutbuf);

send_data:
		if (send(peer, dp, size + 4, 0) != size + 4) {
			syslog(LOG_ERR, "tftpd: write: %m\n");
			goto abort;
		}
		read_ahead(file, pf->f_convert);
		for ( ; ; ) {
			alarm(rexmtval);        /* read the ack */
			n = recv(peer, ackbuf, sizeof (ackbuf), 0);
			alarm(0);
			if (n < 0) {
				syslog(LOG_ERR, "tftpd: read: %m\n");
				goto abort;
			}
			ap->th_opcode = ntohs((u_short)ap->th_opcode);
			ap->th_block = ntohs((u_short)ap->th_block);

			if (ap->th_opcode == ERROR)
				goto abort;
			
			if (ap->th_opcode == ACK) {
				if (ap->th_block == block) {
					break;
				}
				/* Re-synchronize with the other side */
				(void) synchnet(peer);
				if (ap->th_block == (block -1)) {
					goto send_data;
				}
			}

		}
		block++;
	} while (size == SEGSIZE);
abort:
	(void) fclose(file);
}

void
justquit()
{
	exit(0);
}


/*
 * Receive a file.
 */
recvfile(pf)
	struct formats *pf;
{
	struct tftphdr *dp, *w_init();
	register struct tftphdr *ap;    /* ack buffer */
	register int block = 0, n, size;

	signal(SIGALRM, timer);
	dp = w_init();
	ap = (struct tftphdr *)ackbuf;
	do {
		timeout = 0;
		ap->th_opcode = htons((u_short)ACK);
		ap->th_block = htons((u_short)block);
		block++;
		(void) setjmp(timeoutbuf);
send_ack:
		if (send(peer, ackbuf, 4, 0) != 4) {
			syslog(LOG_ERR, "tftpd: write: %m\n");
			goto abort;
		}
		write_behind(file, pf->f_convert);
		for ( ; ; ) {
			alarm(rexmtval);
			n = recv(peer, dp, PKTSIZE, 0);
			alarm(0);
			if (n < 0) {            /* really? */
				syslog(LOG_ERR, "tftpd: read: %m\n");
				goto abort;
			}
			dp->th_opcode = ntohs((u_short)dp->th_opcode);
			dp->th_block = ntohs((u_short)dp->th_block);
			if (dp->th_opcode == ERROR)
				goto abort;
			if (dp->th_opcode == DATA) {
				if (dp->th_block == block) {
					break;   /* normal */
				}
				/* Re-synchronize with the other side */
				(void) synchnet(peer);
				if (dp->th_block == (block-1))
					goto send_ack;          /* rexmit */
			}
		}
		/*  size = write(file, dp->th_data, n - 4); */
		size = writeit(file, &dp, n - 4, pf->f_convert);
		if (size != (n-4)) {                    /* ahem */
			if (size < 0) nak(errno + 100);
			else nak(ENOSPACE);
			goto abort;
		}
	} while (size == SEGSIZE);
	write_behind(file, pf->f_convert);
	(void) fclose(file);            /* close data file */

	ap->th_opcode = htons((u_short)ACK);    /* send the "final" ack */
	ap->th_block = htons((u_short)(block));
	(void) send(peer, ackbuf, 4, 0);

	signal(SIGALRM, justquit);      /* just quit on timeout */
	alarm(rexmtval);
	n = recv(peer, buf, sizeof (buf), 0); /* normally times out and quits */
	alarm(0);
	if (n >= 4 &&                   /* if read some data */
	    dp->th_opcode == DATA &&    /* and got a data block */
	    block == dp->th_block) {	/* then my last ack was lost */
		(void) send(peer, ackbuf, 4, 0);     /* resend final ack */
	}
abort:
	return;
}

struct errmsg {
	int	e_code;
	char	*e_msg;
} errmsgs[] = {
	{ EUNDEF,	"Undefined error code" },
	{ ENOTFOUND,	"File not found" },
	{ EACCESS,	"Access violation" },
	{ ENOSPACE,	"Disk full or allocation exceeded" },
	{ EBADOP,	"Illegal TFTP operation" },
	{ EBADID,	"Unknown transfer ID" },
	{ EEXISTS,	"File already exists" },
	{ ENOUSER,	"No such user" },
	{ -1,		0 }
};

/*
 * Send a nak packet (error message).
 * Error code passed in is one of the
 * standard TFTP codes, or a UNIX errno
 * offset by 100.
 */
nak(error)
	int error;
{
	register struct tftphdr *tp;
	int length;
	register struct errmsg *pe;

	tp = (struct tftphdr *)buf;
	tp->th_opcode = htons((u_short)ERROR);
	tp->th_code = htons((u_short)error);
	for (pe = errmsgs; pe->e_code >= 0; pe++)
		if (pe->e_code == error)
			break;
	if (pe->e_code < 0) {
		pe->e_msg = strerror(error - 100);
		tp->th_code = EUNDEF;   /* set 'undef' errorcode */
	}
	strcpy(tp->th_msg, pe->e_msg);
	length = strlen(pe->e_msg);
	tp->th_msg[length] = '\0';
	length += 5;
	if (send(peer, buf, length, 0) != length)
		syslog(LOG_ERR, "nak: %m\n");
}
Commit	Line	Data
15637ed4 RG	1	/*
	2	* Copyright (c) 1983 Regents of the University of California.
	3	* All rights reserved.
	4	*
	5	* Redistribution and use in source and binary forms, with or without
	6	* modification, are permitted provided that the following conditions
	7	* are met:
	8	* 1. Redistributions of source code must retain the above copyright
	9	* notice, this list of conditions and the following disclaimer.
	10	* 2. Redistributions in binary form must reproduce the above copyright
	11	* notice, this list of conditions and the following disclaimer in the
	12	* documentation and/or other materials provided with the distribution.
	13	* 3. All advertising materials mentioning features or use of this software
	14	* must display the following acknowledgement:
	15	* This product includes software developed by the University of
	16	* California, Berkeley and its contributors.
	17	* 4. Neither the name of the University nor the names of its contributors
	18	* may be used to endorse or promote products derived from this software
	19	* without specific prior written permission.
	20	*
	21	* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
	22	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	23	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	24	* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
	25	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	26	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	27	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	28	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	29	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	30	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	31	* SUCH DAMAGE.
	32	*/
	33
	34	#ifndef lint
	35	char copyright[] =
	36	"@(#) Copyright (c) 1983 Regents of the University of California.\n\
	37	All rights reserved.\n";
	38	#endif /* not lint */
	39
	40	#ifndef lint
	41	static char sccsid[] = "@(#)tftpd.c 5.13 (Berkeley) 2/26/91";
	42	#endif /* not lint */
	43
	44	/*
	45	* Trivial file transfer protocol server.
	46	*
	47	* This version includes many modifications by Jim Guyton <guyton@rand-unix>
	48	*/
	49
	50	#include <sys/types.h>
	51	#include <sys/ioctl.h>
	52	#include <sys/stat.h>
	53	#include <signal.h>
	54	#include <fcntl.h>
	55
	56	#include <sys/socket.h>
	57	#include <netinet/in.h>
	58	#include <arpa/tftp.h>
	59	#include <netdb.h>
	60
	61	#include <setjmp.h>
	62	#include <syslog.h>
	63	#include <stdio.h>
	64	#include <errno.h>
65	#include <ctype.h>
66	#include <string.h>
67	#include <stdlib.h>
68
69	#define TIMEOUT 5
70
71	extern int errno;
78ed81a3	72	struct sockaddr_in s_in = { AF_INET };
15637ed4 RG	73	int peer;
	74	int rexmtval = TIMEOUT;
	75	int maxtimeout = 5*TIMEOUT;
	76
	77	#define PKTSIZE SEGSIZE+4
	78	char buf[PKTSIZE];
	79	char ackbuf[PKTSIZE];
	80	struct sockaddr_in from;
	81	int fromlen;
	82
	83	#define MAXARG 4
	84	char *dirs[MAXARG+1];
	85
	86	main(ac, av)
	87	char **av;
	88	{
	89	register struct tftphdr *tp;
	90	register int n = 0;
	91	int on = 1;
	92
	93	ac--; av++;
	94	while (ac-- > 0 && n < MAXARG)
	95	dirs[n++] = *av++;
	96	openlog("tftpd", LOG_PID, LOG_DAEMON);
	97	if (ioctl(0, FIONBIO, &on) < 0) {
	98	syslog(LOG_ERR, "ioctl(FIONBIO): %m\n");
	99	exit(1);
	100	}
	101	fromlen = sizeof (from);
	102	n = recvfrom(0, buf, sizeof (buf), 0,
	103	(struct sockaddr *)&from, &fromlen);
	104	if (n < 0) {
	105	syslog(LOG_ERR, "recvfrom: %m\n");
	106	exit(1);
	107	}
	108	/*
	109	* Now that we have read the message out of the UDP
	110	* socket, we fork and exit. Thus, inetd will go back
	111	* to listening to the tftp port, and the next request
	112	* to come in will start up a new instance of tftpd.
	113	*
	114	* We do this so that inetd can run tftpd in "wait" mode.
	115	* The problem with tftpd running in "nowait" mode is that
	116	* inetd may get one or more successful "selects" on the
	117	* tftp port before we do our receive, so more than one
	118	* instance of tftpd may be started up. Worse, if tftpd
	119	* break before doing the above "recvfrom", inetd would
	120	* spawn endless instances, clogging the system.
	121	*/
	122	{
	123	int pid;
	124	int i, j;
	125
	126	for (i = 1; i < 20; i++) {
	127	pid = fork();
	128	if (pid < 0) {
	129	sleep(i);
	130	/*
	131	* flush out to most recently sent request.
	132	*
	133	* This may drop some request, but those
	134	* will be resent by the clients when
	135	* they timeout. The positive effect of
	136	* this flush is to (try to) prevent more
137	* than one tftpd being started up to service
138	* a single request from a single client.
139	*/
140	j = sizeof from;
141	i = recvfrom(0, buf, sizeof (buf), 0,
142	(struct sockaddr *)&from, &j);
143	if (i > 0) {
144	n = i;
145	fromlen = j;
146	}
147	} else {
148	break;
149	}
150	}
151	if (pid < 0) {
152	syslog(LOG_ERR, "fork: %m\n");
153	exit(1);
154	} else if (pid != 0) {
155	exit(0);
156	}
157	}
158	from.sin_family = AF_INET;
159	alarm(0);
160	close(0);
161	close(1);
162	peer = socket(AF_INET, SOCK_DGRAM, 0);
163	if (peer < 0) {
164	syslog(LOG_ERR, "socket: %m\n");
165	exit(1);
166	}
78ed81a3	167	if (bind(peer, (struct sockaddr *)&s_in, sizeof (s_in)) < 0) {
15637ed4 RG	168	syslog(LOG_ERR, "bind: %m\n");
	169	exit(1);
	170	}
	171	if (connect(peer, (struct sockaddr *)&from, sizeof(from)) < 0) {
	172	syslog(LOG_ERR, "connect: %m\n");
	173	exit(1);
	174	}
	175	tp = (struct tftphdr *)buf;
	176	tp->th_opcode = ntohs(tp->th_opcode);
	177	if (tp->th_opcode == RRQ \|\| tp->th_opcode == WRQ)
	178	tftp(tp, n);
	179	exit(1);
	180	}
	181
	182	int validate_access();
	183	int sendfile(), recvfile();
	184
	185	struct formats {
	186	char *f_mode;
	187	int (*f_validate)();
	188	int (*f_send)();
	189	int (*f_recv)();
	190	int f_convert;
	191	} formats[] = {
	192	{ "netascii", validate_access, sendfile, recvfile, 1 },
	193	{ "octet", validate_access, sendfile, recvfile, 0 },
	194	#ifdef notdef
	195	{ "mail", validate_user, sendmail, recvmail, 1 },
	196	#endif
	197	{ 0 }
	198	};
	199
	200	/*
	201	* Handle initial connection protocol.
	202	*/
	203	tftp(tp, size)
	204	struct tftphdr *tp;
	205	int size;
	206	{
	207	register char *cp;
	208	int first = 1, ecode;
	209	register struct formats *pf;
	210	char filename, mode;
	211
	212	filename = cp = tp->th_stuff;
	213	again:
	214	while (cp < buf + size) {
	215	if (*cp == '\0')
	216	break;
	217	cp++;
	218	}
	219	if (*cp != '\0') {
	220	nak(EBADOP);
	221	exit(1);
	222	}
	223	if (first) {
	224	mode = ++cp;
	225	first = 0;
	226	goto again;
	227	}
	228	for (cp = mode; *cp; cp++)
	229	if (isupper(*cp))
	230	cp = tolower(cp);
	231	for (pf = formats; pf->f_mode; pf++)
232	if (strcmp(pf->f_mode, mode) == 0)
233	break;
234	if (pf->f_mode == 0) {
235	nak(EBADOP);
236	exit(1);
237	}
238	ecode = (*pf->f_validate)(filename, tp->th_opcode);
239	if (ecode) {
240	nak(ecode);
241	exit(1);
242	}
243	if (tp->th_opcode == WRQ)
244	(*pf->f_recv)(pf);
245	else
246	(*pf->f_send)(pf);
247	exit(0);
248	}
249
250
251	FILE *file;
252
253	/*
254	* Validate file access. Since we
255	* have no uid or gid, for now require
256	* file to exist and be publicly
257	* readable/writable.
258	* If we were invoked with arguments
259	* from inetd then the file must also be
260	* in one of the given directory prefixes.
261	* Note also, full path name must be
262	* given as we have no login directory.
263	*/
264	validate_access(filename, mode)
265	char *filename;
266	int mode;
267	{
268	struct stat stbuf;
269	int fd;
270	char cp, *dirp;
271
272	if (*filename != '/')
273	return (EACCESS);
274	/*
275	* prevent tricksters from getting around the directory restrictions
276	*/
277	for (cp = filename + 1; *cp; cp++)
278	if(*cp == '.' && strncmp(cp-1, "/../", 4) == 0)
279	return(EACCESS);
280	for (dirp = dirs; *dirp; dirp++)
281	if (strncmp(filename, dirp, strlen(dirp)) == 0)
282	break;
283	if (*dirp==0 && dirp!=dirs)
284	return (EACCESS);
285	if (stat(filename, &stbuf) < 0)
286	return (errno == ENOENT ? ENOTFOUND : EACCESS);
287	if (mode == RRQ) {
288	if ((stbuf.st_mode&(S_IREAD >> 6)) == 0)
289	return (EACCESS);
290	} else {
291	if ((stbuf.st_mode&(S_IWRITE >> 6)) == 0)
292	return (EACCESS);
293	}
294	fd = open(filename, mode == RRQ ? 0 : 1);
295	if (fd < 0)
296	return (errno + 100);
297	file = fdopen(fd, (mode == RRQ)? "r":"w");
298	if (file == NULL) {
299	return errno+100;
300	}
301	return (0);
302	}
303
304	int timeout;
305	jmp_buf timeoutbuf;
306
307	void
308	timer()
309	{
310
311	timeout += rexmtval;
312	if (timeout >= maxtimeout)
313	exit(1);
314	longjmp(timeoutbuf, 1);
315	}
316
317	/*
318	* Send the requested file.
319	*/
320	sendfile(pf)
321	struct formats *pf;
322	{
323	struct tftphdr dp, r_init();
324	register struct tftphdr ap; / ack packet */
325	register int block = 1, size, n;
326
327	signal(SIGALRM, timer);
328	dp = r_init();
329	ap = (struct tftphdr *)ackbuf;
330	do {
331	size = readit(file, &dp, pf->f_convert);
332	if (size < 0) {
333	nak(errno + 100);
334	goto abort;
335	}
336	dp->th_opcode = htons((u_short)DATA);
337	dp->th_block = htons((u_short)block);
338	timeout = 0;
339	(void) setjmp(timeoutbuf);
340
341	send_data:
342	if (send(peer, dp, size + 4, 0) != size + 4) {
343	syslog(LOG_ERR, "tftpd: write: %m\n");
344	goto abort;
345	}
346	read_ahead(file, pf->f_convert);
347	for ( ; ; ) {
348	alarm(rexmtval); /* read the ack */
349	n = recv(peer, ackbuf, sizeof (ackbuf), 0);
350	alarm(0);
351	if (n < 0) {
352	syslog(LOG_ERR, "tftpd: read: %m\n");
353	goto abort;
354	}
355	ap->th_opcode = ntohs((u_short)ap->th_opcode);
356	ap->th_block = ntohs((u_short)ap->th_block);
357
358	if (ap->th_opcode == ERROR)
359	goto abort;
360
361	if (ap->th_opcode == ACK) {
362	if (ap->th_block == block) {
363	break;
364	}
365	/* Re-synchronize with the other side */
366	(void) synchnet(peer);
367	if (ap->th_block == (block -1)) {
368	goto send_data;
369	}
370	}
371
372	}
373	block++;
374	} while (size == SEGSIZE);
375	abort:
376	(void) fclose(file);
377	}
378
379	void
380	justquit()
381	{
382	exit(0);
383	}
384
385
386	/*
387	* Receive a file.
388	*/
389	recvfile(pf)
390	struct formats *pf;
391	{
392	struct tftphdr dp, w_init();
393	register struct tftphdr ap; / ack buffer */
394	register int block = 0, n, size;
395
396	signal(SIGALRM, timer);
397	dp = w_init();
398	ap = (struct tftphdr *)ackbuf;
399	do {
400	timeout = 0;
401	ap->th_opcode = htons((u_short)ACK);
402	ap->th_block = htons((u_short)block);
403	block++;
404	(void) setjmp(timeoutbuf);
405	send_ack:
406	if (send(peer, ackbuf, 4, 0) != 4) {
407	syslog(LOG_ERR, "tftpd: write: %m\n");
408	goto abort;
409	}
410	write_behind(file, pf->f_convert);
411	for ( ; ; ) {
412	alarm(rexmtval);
413	n = recv(peer, dp, PKTSIZE, 0);
414	alarm(0);
415	if (n < 0) { /* really? */
416	syslog(LOG_ERR, "tftpd: read: %m\n");
417	goto abort;
418	}
419	dp->th_opcode = ntohs((u_short)dp->th_opcode);
420	dp->th_block = ntohs((u_short)dp->th_block);
421	if (dp->th_opcode == ERROR)
422	goto abort;
423	if (dp->th_opcode == DATA) {
424	if (dp->th_block == block) {
425	break; /* normal */
426	}
427	/* Re-synchronize with the other side */
428	(void) synchnet(peer);
429	if (dp->th_block == (block-1))
430	goto send_ack; /* rexmit */
431	}
432	}
433	/* size = write(file, dp->th_data, n - 4); */
434	size = writeit(file, &dp, n - 4, pf->f_convert);
435	if (size != (n-4)) { /* ahem */
436	if (size < 0) nak(errno + 100);
437	else nak(ENOSPACE);
438	goto abort;
439	}
440	} while (size == SEGSIZE);
441	write_behind(file, pf->f_convert);
442	(void) fclose(file); /* close data file */
443
444	ap->th_opcode = htons((u_short)ACK); /* send the "final" ack */
445	ap->th_block = htons((u_short)(block));
446	(void) send(peer, ackbuf, 4, 0);
447
448	signal(SIGALRM, justquit); /* just quit on timeout */
449	alarm(rexmtval);
450	n = recv(peer, buf, sizeof (buf), 0); /* normally times out and quits */
451	alarm(0);
452	if (n >= 4 && /* if read some data */
453	dp->th_opcode == DATA && /* and got a data block */
454	block == dp->th_block) { /* then my last ack was lost */
455	(void) send(peer, ackbuf, 4, 0); /* resend final ack */
456	}
457	abort:
458	return;
459	}
460
461	struct errmsg {
462	int e_code;
463	char *e_msg;
464	} errmsgs[] = {
465	{ EUNDEF, "Undefined error code" },
466	{ ENOTFOUND, "File not found" },
467	{ EACCESS, "Access violation" },
468	{ ENOSPACE, "Disk full or allocation exceeded" },
469	{ EBADOP, "Illegal TFTP operation" },
470	{ EBADID, "Unknown transfer ID" },
471	{ EEXISTS, "File already exists" },
472	{ ENOUSER, "No such user" },
473	{ -1, 0 }
474	};
475
476	/*
477	* Send a nak packet (error message).
478	* Error code passed in is one of the
479	* standard TFTP codes, or a UNIX errno
480	* offset by 100.
481	*/
482	nak(error)
483	int error;
484	{
485	register struct tftphdr *tp;
486	int length;
487	register struct errmsg *pe;
488
489	tp = (struct tftphdr *)buf;
490	tp->th_opcode = htons((u_short)ERROR);
491	tp->th_code = htons((u_short)error);
492	for (pe = errmsgs; pe->e_code >= 0; pe++)
493	if (pe->e_code == error)
494	break;
495	if (pe->e_code < 0) {
496	pe->e_msg = strerror(error - 100);
497	tp->th_code = EUNDEF; /* set 'undef' errorcode */
498	}
499	strcpy(tp->th_msg, pe->e_msg);
500	length = strlen(pe->e_msg);
501	tp->th_msg[length] = '\0';
502	length += 5;
503	if (send(peer, buf, length, 0) != length)
504	syslog(LOG_ERR, "nak: %m\n");
505	}