2 * tftp.c - a simple, read-only tftp server for qemu
4 * Copyright (c) 2004 Magnus Damm <damm@opensource.se>
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 #include "qemu-common.h" // for pstrcpy
30 unsigned char filename[TFTP_FILENAME_MAX];
32 struct in_addr client_ip;
33 u_int16_t client_port;
38 static struct tftp_session tftp_sessions[TFTP_SESSIONS_MAX];
40 const char *tftp_prefix;
42 static void tftp_session_update(struct tftp_session *spt)
44 spt->timestamp = curtime;
48 static void tftp_session_terminate(struct tftp_session *spt)
53 static int tftp_session_allocate(struct tftp_t *tp)
55 struct tftp_session *spt;
58 for (k = 0; k < TFTP_SESSIONS_MAX; k++) {
59 spt = &tftp_sessions[k];
64 /* sessions time out after 5 inactive seconds */
65 if ((int)(curtime - spt->timestamp) > 5000)
72 memset(spt, 0, sizeof(*spt));
73 memcpy(&spt->client_ip, &tp->ip.ip_src, sizeof(spt->client_ip));
74 spt->client_port = tp->udp.uh_sport;
76 tftp_session_update(spt);
81 static int tftp_session_find(struct tftp_t *tp)
83 struct tftp_session *spt;
86 for (k = 0; k < TFTP_SESSIONS_MAX; k++) {
87 spt = &tftp_sessions[k];
90 if (!memcmp(&spt->client_ip, &tp->ip.ip_src, sizeof(spt->client_ip))) {
91 if (spt->client_port == tp->udp.uh_sport) {
101 static int tftp_read_data(struct tftp_session *spt, u_int16_t block_nr,
102 u_int8_t *buf, int len)
109 n = snprintf(buffer, sizeof(buffer), "%s/%s",
110 tftp_prefix, spt->filename);
111 if (n >= sizeof(buffer))
114 fd = open(buffer, O_RDONLY | O_BINARY);
121 lseek(fd, block_nr * 512, SEEK_SET);
123 bytes_read = read(fd, buf, len);
131 static int tftp_send_oack(struct tftp_session *spt,
132 const char *key, uint32_t value,
133 struct tftp_t *recv_tp)
135 struct sockaddr_in saddr, daddr;
145 memset(m->m_data, 0, m->m_size);
147 m->m_data += IF_MAXLINKHDR;
148 tp = (void *)m->m_data;
149 m->m_data += sizeof(struct udpiphdr);
151 tp->tp_op = htons(TFTP_OACK);
152 n += snprintf(tp->x.tp_buf + n, sizeof(tp->x.tp_buf) - n, "%s", key) + 1;
153 n += snprintf(tp->x.tp_buf + n, sizeof(tp->x.tp_buf) - n, "%u", value) + 1;
155 saddr.sin_addr = recv_tp->ip.ip_dst;
156 saddr.sin_port = recv_tp->udp.uh_dport;
158 daddr.sin_addr = spt->client_ip;
159 daddr.sin_port = spt->client_port;
161 m->m_len = sizeof(struct tftp_t) - 514 + n -
162 sizeof(struct ip) - sizeof(struct udphdr);
163 udp_output2(NULL, m, &saddr, &daddr, IPTOS_LOWDELAY);
170 static int tftp_send_error(struct tftp_session *spt,
171 u_int16_t errorcode, const char *msg,
172 struct tftp_t *recv_tp)
174 struct sockaddr_in saddr, daddr;
185 memset(m->m_data, 0, m->m_size);
187 m->m_data += IF_MAXLINKHDR;
188 tp = (void *)m->m_data;
189 m->m_data += sizeof(struct udpiphdr);
191 tp->tp_op = htons(TFTP_ERROR);
192 tp->x.tp_error.tp_error_code = htons(errorcode);
193 pstrcpy(tp->x.tp_error.tp_msg, sizeof(tp->x.tp_error.tp_msg), msg);
195 saddr.sin_addr = recv_tp->ip.ip_dst;
196 saddr.sin_port = recv_tp->udp.uh_dport;
198 daddr.sin_addr = spt->client_ip;
199 daddr.sin_port = spt->client_port;
203 m->m_len = sizeof(struct tftp_t) - 514 + 3 + strlen(msg) -
204 sizeof(struct ip) - sizeof(struct udphdr);
206 udp_output2(NULL, m, &saddr, &daddr, IPTOS_LOWDELAY);
208 tftp_session_terminate(spt);
213 static int tftp_send_data(struct tftp_session *spt,
215 struct tftp_t *recv_tp)
217 struct sockaddr_in saddr, daddr;
232 memset(m->m_data, 0, m->m_size);
234 m->m_data += IF_MAXLINKHDR;
235 tp = (void *)m->m_data;
236 m->m_data += sizeof(struct udpiphdr);
238 tp->tp_op = htons(TFTP_DATA);
239 tp->x.tp_data.tp_block_nr = htons(block_nr);
241 saddr.sin_addr = recv_tp->ip.ip_dst;
242 saddr.sin_port = recv_tp->udp.uh_dport;
244 daddr.sin_addr = spt->client_ip;
245 daddr.sin_port = spt->client_port;
247 nobytes = tftp_read_data(spt, block_nr - 1, tp->x.tp_data.tp_buf, 512);
252 /* send "file not found" error back */
254 tftp_send_error(spt, 1, "File not found", tp);
259 m->m_len = sizeof(struct tftp_t) - (512 - nobytes) -
260 sizeof(struct ip) - sizeof(struct udphdr);
262 udp_output2(NULL, m, &saddr, &daddr, IPTOS_LOWDELAY);
264 if (nobytes == 512) {
265 tftp_session_update(spt);
268 tftp_session_terminate(spt);
274 static void tftp_handle_rrq(struct tftp_t *tp, int pktlen)
276 struct tftp_session *spt;
280 s = tftp_session_allocate(tp);
286 spt = &tftp_sessions[s];
290 n = pktlen - ((uint8_t *)&tp->x.tp_buf[0] - (uint8_t *)tp);
294 for (k = 0; k < n; k++) {
295 if (k < TFTP_FILENAME_MAX) {
302 if (src[k] == '\0') {
318 if (memcmp(&src[k], "octet\0", 6) != 0) {
319 tftp_send_error(spt, 4, "Unsupported transfer mode", tp);
323 k += 6; /* skipping octet */
325 /* do sanity checks on the filename */
327 if ((spt->filename[0] != '/')
328 || (spt->filename[strlen(spt->filename) - 1] == '/')
329 || strstr(spt->filename, "/../")) {
330 tftp_send_error(spt, 2, "Access violation", tp);
334 /* only allow exported prefixes */
337 tftp_send_error(spt, 2, "Access violation", tp);
341 /* check if the file exists */
343 if (tftp_read_data(spt, 0, spt->filename, 0) < 0) {
344 tftp_send_error(spt, 1, "File not found", tp);
348 if (src[n - 1] != 0) {
349 tftp_send_error(spt, 2, "Access violation", tp);
354 const char *key, *value;
357 k += strlen(key) + 1;
360 tftp_send_error(spt, 2, "Access violation", tp);
365 k += strlen(value) + 1;
367 if (strcmp(key, "tsize") == 0) {
368 int tsize = atoi(value);
371 if (tsize == 0 && tftp_prefix) {
375 len = snprintf(buffer, sizeof(buffer), "%s/%s",
376 tftp_prefix, spt->filename);
378 if (stat(buffer, &stat_p) == 0)
379 tsize = stat_p.st_size;
381 tftp_send_error(spt, 1, "File not found", tp);
386 tftp_send_oack(spt, "tsize", tsize, tp);
390 tftp_send_data(spt, 1, tp);
393 static void tftp_handle_ack(struct tftp_t *tp, int pktlen)
397 s = tftp_session_find(tp);
403 if (tftp_send_data(&tftp_sessions[s],
404 ntohs(tp->x.tp_data.tp_block_nr) + 1,
410 void tftp_input(struct mbuf *m)
412 struct tftp_t *tp = (struct tftp_t *)m->m_data;
414 switch(ntohs(tp->tp_op)) {
416 tftp_handle_rrq(tp, m->m_len);
420 tftp_handle_ack(tp, m->m_len);