2 * tftp.c - a simple, read-only tftp server for qemu
4 * Copyright (c) 2004 Magnus Damm <damm@opensource.se>
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
29 unsigned char filename[TFTP_FILENAME_MAX];
31 struct in_addr client_ip;
32 u_int16_t client_port;
37 struct tftp_session tftp_sessions[TFTP_SESSIONS_MAX];
39 const char *tftp_prefix;
41 static void tftp_session_update(struct tftp_session *spt)
43 spt->timestamp = curtime;
47 static void tftp_session_terminate(struct tftp_session *spt)
52 static int tftp_session_allocate(struct tftp_t *tp)
54 struct tftp_session *spt;
57 for (k = 0; k < TFTP_SESSIONS_MAX; k++) {
58 spt = &tftp_sessions[k];
63 /* sessions time out after 5 inactive seconds */
64 if ((int)(curtime - spt->timestamp) > 5000)
71 memset(spt, 0, sizeof(*spt));
72 memcpy(&spt->client_ip, &tp->ip.ip_src, sizeof(spt->client_ip));
73 spt->client_port = tp->udp.uh_sport;
75 tftp_session_update(spt);
80 static int tftp_session_find(struct tftp_t *tp)
82 struct tftp_session *spt;
85 for (k = 0; k < TFTP_SESSIONS_MAX; k++) {
86 spt = &tftp_sessions[k];
89 if (!memcmp(&spt->client_ip, &tp->ip.ip_src, sizeof(spt->client_ip))) {
90 if (spt->client_port == tp->udp.uh_sport) {
100 static int tftp_read_data(struct tftp_session *spt, u_int16_t block_nr,
101 u_int8_t *buf, int len)
108 n = snprintf(buffer, sizeof(buffer), "%s/%s",
109 tftp_prefix, spt->filename);
110 if (n >= sizeof(buffer))
113 fd = open(buffer, O_RDONLY | O_BINARY);
120 lseek(fd, block_nr * 512, SEEK_SET);
122 bytes_read = read(fd, buf, len);
130 static int tftp_send_oack(struct tftp_session *spt,
131 const char *key, uint32_t value,
132 struct tftp_t *recv_tp)
134 struct sockaddr_in saddr, daddr;
144 memset(m->m_data, 0, m->m_size);
146 m->m_data += if_maxlinkhdr;
147 tp = (void *)m->m_data;
148 m->m_data += sizeof(struct udpiphdr);
150 tp->tp_op = htons(TFTP_OACK);
151 n += sprintf(tp->x.tp_buf + n, "%s", key) + 1;
152 n += sprintf(tp->x.tp_buf + n, "%u", value) + 1;
154 saddr.sin_addr = recv_tp->ip.ip_dst;
155 saddr.sin_port = recv_tp->udp.uh_dport;
157 daddr.sin_addr = spt->client_ip;
158 daddr.sin_port = spt->client_port;
160 m->m_len = sizeof(struct tftp_t) - 514 + n -
161 sizeof(struct ip) - sizeof(struct udphdr);
162 udp_output2(NULL, m, &saddr, &daddr, IPTOS_LOWDELAY);
169 static int tftp_send_error(struct tftp_session *spt,
170 u_int16_t errorcode, const char *msg,
171 struct tftp_t *recv_tp)
173 struct sockaddr_in saddr, daddr;
184 memset(m->m_data, 0, m->m_size);
186 m->m_data += if_maxlinkhdr;
187 tp = (void *)m->m_data;
188 m->m_data += sizeof(struct udpiphdr);
190 tp->tp_op = htons(TFTP_ERROR);
191 tp->x.tp_error.tp_error_code = htons(errorcode);
192 strcpy(tp->x.tp_error.tp_msg, msg);
194 saddr.sin_addr = recv_tp->ip.ip_dst;
195 saddr.sin_port = recv_tp->udp.uh_dport;
197 daddr.sin_addr = spt->client_ip;
198 daddr.sin_port = spt->client_port;
202 m->m_len = sizeof(struct tftp_t) - 514 + 3 + strlen(msg) -
203 sizeof(struct ip) - sizeof(struct udphdr);
205 udp_output2(NULL, m, &saddr, &daddr, IPTOS_LOWDELAY);
207 tftp_session_terminate(spt);
212 static int tftp_send_data(struct tftp_session *spt,
214 struct tftp_t *recv_tp)
216 struct sockaddr_in saddr, daddr;
231 memset(m->m_data, 0, m->m_size);
233 m->m_data += if_maxlinkhdr;
234 tp = (void *)m->m_data;
235 m->m_data += sizeof(struct udpiphdr);
237 tp->tp_op = htons(TFTP_DATA);
238 tp->x.tp_data.tp_block_nr = htons(block_nr);
240 saddr.sin_addr = recv_tp->ip.ip_dst;
241 saddr.sin_port = recv_tp->udp.uh_dport;
243 daddr.sin_addr = spt->client_ip;
244 daddr.sin_port = spt->client_port;
246 nobytes = tftp_read_data(spt, block_nr - 1, tp->x.tp_data.tp_buf, 512);
251 /* send "file not found" error back */
253 tftp_send_error(spt, 1, "File not found", tp);
258 m->m_len = sizeof(struct tftp_t) - (512 - nobytes) -
259 sizeof(struct ip) - sizeof(struct udphdr);
261 udp_output2(NULL, m, &saddr, &daddr, IPTOS_LOWDELAY);
263 if (nobytes == 512) {
264 tftp_session_update(spt);
267 tftp_session_terminate(spt);
273 static void tftp_handle_rrq(struct tftp_t *tp, int pktlen)
275 struct tftp_session *spt;
279 s = tftp_session_allocate(tp);
285 spt = &tftp_sessions[s];
289 n = pktlen - ((uint8_t *)&tp->x.tp_buf[0] - (uint8_t *)tp);
293 for (k = 0; k < n; k++) {
294 if (k < TFTP_FILENAME_MAX) {
301 if (src[k] == '\0') {
317 if (memcmp(&src[k], "octet\0", 6) != 0) {
318 tftp_send_error(spt, 4, "Unsupported transfer mode", tp);
322 k += 6; /* skipping octet */
324 /* do sanity checks on the filename */
326 if ((spt->filename[0] != '/')
327 || (spt->filename[strlen(spt->filename) - 1] == '/')
328 || strstr(spt->filename, "/../")) {
329 tftp_send_error(spt, 2, "Access violation", tp);
333 /* only allow exported prefixes */
336 tftp_send_error(spt, 2, "Access violation", tp);
340 /* check if the file exists */
342 if (tftp_read_data(spt, 0, spt->filename, 0) < 0) {
343 tftp_send_error(spt, 1, "File not found", tp);
347 if (src[n - 1] != 0) {
348 tftp_send_error(spt, 2, "Access violation", tp);
353 const char *key, *value;
356 k += strlen(key) + 1;
359 tftp_send_error(spt, 2, "Access violation", tp);
364 k += strlen(value) + 1;
366 if (strcmp(key, "tsize") == 0) {
367 int tsize = atoi(value);
370 if (tsize == 0 && tftp_prefix) {
374 len = snprintf(buffer, sizeof(buffer), "%s/%s",
375 tftp_prefix, spt->filename);
377 if (stat(buffer, &stat_p) == 0)
378 tsize = stat_p.st_size;
380 tftp_send_error(spt, 1, "File not found", tp);
385 tftp_send_oack(spt, "tsize", tsize, tp);
389 tftp_send_data(spt, 1, tp);
392 static void tftp_handle_ack(struct tftp_t *tp, int pktlen)
396 s = tftp_session_find(tp);
402 if (tftp_send_data(&tftp_sessions[s],
403 ntohs(tp->x.tp_data.tp_block_nr) + 1,
409 void tftp_input(struct mbuf *m)
411 struct tftp_t *tp = (struct tftp_t *)m->m_data;
413 switch(ntohs(tp->tp_op)) {
415 tftp_handle_rrq(tp, m->m_len);
419 tftp_handle_ack(tp, m->m_len);