1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3 *
4 * Copyright (c) 2018 Alan Somers.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
26 */
27
28 #include <sys/cdefs.h>
29 __FBSDID("$FreeBSD$");
30
31 #include <sys/param.h>
32 #include <sys/socket.h>
33 #include <sys/stat.h>
34 #include <sys/wait.h>
35
36 #include <netinet/in.h>
37
38 #include <errno.h>
39 #include <fcntl.h>
40 #include <signal.h>
41 #include <stdalign.h>
42 #include <stdio.h>
43 #include <unistd.h>
44
45 #include <atf-c.h>
46 #include <libutil.h>
47
48 static const uint16_t BASEPORT = 6969;
49 static const char pidfile[] = "tftpd.pid";
50 static int protocol = PF_UNSPEC;
51 static int s = -1; /* tftp client socket */
52 static struct sockaddr_storage addr; /* Destination address for the client */
53 static bool s_flag = false; /* Pass -s to tftpd */
54 static bool w_flag = false; /* Pass -w to tftpd */
55
56 /* Helper functions*/
57 static void require_bufeq(const char *expected, ssize_t expected_len,
58 const char *actual, ssize_t len);
59
60 /*
61 * Receive a response from tftpd
62 * @param hdr The reply's expected header, as a char array
63 * @param contents The reply's expected contents, as a char array
64 * @param contents_len Length of contents
65 */
66 #define RECV(hdr, contents, contents_len) do { \
67 char buffer[1024]; \
68 struct sockaddr_storage from; \
69 socklen_t fromlen = sizeof(from); \
70 ssize_t r = recvfrom(s, buffer, sizeof(buffer), 0, \
71 (struct sockaddr*)&from, &fromlen); \
72 ATF_REQUIRE(r > 0); \
73 require_bufeq((hdr), sizeof(hdr), buffer, \
74 MIN(r, (ssize_t)sizeof(hdr))); \
75 require_bufeq((const char*) (contents), (contents_len), \
76 &buffer[sizeof(hdr)], r - sizeof(hdr)); \
77 if (protocol == PF_INET) { \
78 ((struct sockaddr_in*)&addr)->sin_port = \
79 ((struct sockaddr_in*)&from)->sin_port; \
80 } else { \
81 ((struct sockaddr_in6*)&addr)->sin6_port = \
82 ((struct sockaddr_in6*)&from)->sin6_port; \
83 } \
84 } while(0)
85
86 static void
recv_ack(uint16_t blocknum)87 recv_ack(uint16_t blocknum)
88 {
89 char hdr[] = {0, 4, blocknum >> 8, blocknum & 0xFF};
90 RECV(hdr, NULL, 0);
91 }
92
93 static void
recv_oack(const char * options,size_t options_len)94 recv_oack(const char *options, size_t options_len)
95 {
96 char hdr[] = {0, 6};
97 RECV(hdr, options, options_len);
98 }
99
100 /*
101 * Receive a data packet from tftpd
102 * @param blocknum Expected block number to be received
103 * @param contents Pointer to expected contents
104 * @param contents_len Length of contents expected to receive
105 */
106 static void
recv_data(uint16_t blocknum,const char * contents,size_t contents_len)107 recv_data(uint16_t blocknum, const char* contents, size_t contents_len)
108 {
109 char hdr[] = {0, 3, blocknum >> 8, blocknum & 0xFF};
110 RECV(hdr, contents, contents_len);
111 }
112
113 #define RECV_ERROR(code, msg) do { \
114 char hdr[] = {0, 5, code >> 8, code & 0xFF}; \
115 RECV(hdr, msg, sizeof(msg)); \
116 } while (0)
117
118 /*
119 * send a command to tftpd.
120 * @param cmd Command to send, as a char array
121 */
122 static void
send_bytes(const void * cmd,ssize_t len)123 send_bytes(const void* cmd, ssize_t len)
124 {
125 ssize_t r;
126
127 r = sendto(s, cmd, len, 0, (struct sockaddr*)(&addr), addr.ss_len);
128 ATF_REQUIRE_EQ(r, len);
129 }
130
131 static void
send_data(uint16_t blocknum,const char * contents,size_t contents_len)132 send_data(uint16_t blocknum, const char* contents, size_t contents_len)
133 {
134 char buffer[1024];
135
136 buffer[0] = 0; /* DATA opcode high byte */
137 buffer[1] = 3; /* DATA opcode low byte */
138 buffer[2] = blocknum >> 8;
139 buffer[3] = blocknum & 0xFF;
140 memmove(&buffer[4], contents, contents_len);
141 send_bytes(buffer, 4 + contents_len);
142 }
143
144 /*
145 * send a command to tftpd.
146 * @param cmd Command to send, as a const string
147 * (terminating NUL will be ignored)
148 */
149 #define SEND_STR(cmd) ATF_REQUIRE_EQ( \
150 sendto(s, (cmd), sizeof(cmd) - 1, 0, (struct sockaddr*)(&addr), \
151 addr.ss_len), \
152 sizeof(cmd) - 1)
153
154 /*
155 * Acknowledge block blocknum
156 */
157 static void
send_ack(uint16_t blocknum)158 send_ack(uint16_t blocknum)
159 {
160 char packet[] = {
161 0, 4, /* ACK opcode in BE */
162 blocknum >> 8,
163 blocknum & 0xFF
164 };
165
166 send_bytes(packet, sizeof(packet));
167
168 }
169
170 /*
171 * build an option string
172 */
173 #define OPTION_STR(name, value) name "\000" value "\000"
174
175 /*
176 * send a read request to tftpd.
177 * @param filename filename as a string, absolute or relative
178 * @param mode either "octet" or "netascii"
179 */
180 #define SEND_RRQ(filename, mode) SEND_STR("\0\001" filename "\0" mode "\0")
181
182 /*
183 * send a read request with options
184 */
185 #define SEND_RRQ_OPT(filename, mode, options) SEND_STR("\0\001" filename "\0" mode "\000" options)
186
187 /*
188 * send a write request to tftpd.
189 * @param filename filename as a string, absolute or relative
190 * @param mode either "octet" or "netascii"
191 */
192 #define SEND_WRQ(filename, mode) SEND_STR("\0\002" filename "\0" mode "\0")
193
194 /*
195 * send a write request with options
196 */
197 #define SEND_WRQ_OPT(filename, mode, options) SEND_STR("\0\002" filename "\0" mode "\000" options)
198
199 /* Define a test case, for both IPv4 and IPv6 */
200 #define TFTPD_TC_DEFINE(name, head, ...) \
201 static void \
202 name ## _body(void); \
203 ATF_TC_WITH_CLEANUP(name ## _v4); \
204 ATF_TC_HEAD(name ## _v4, tc) \
205 { \
206 head \
207 } \
208 ATF_TC_BODY(name ## _v4, tc) \
209 { \
210 __VA_ARGS__; \
211 protocol = AF_INET; \
212 s = setup(&addr, __COUNTER__); \
213 name ## _body(); \
214 close(s); \
215 } \
216 ATF_TC_CLEANUP(name ## _v4, tc) \
217 { \
218 cleanup(); \
219 } \
220 ATF_TC_WITH_CLEANUP(name ## _v6); \
221 ATF_TC_HEAD(name ## _v6, tc) \
222 { \
223 head \
224 } \
225 ATF_TC_BODY(name ## _v6, tc) \
226 { \
227 __VA_ARGS__; \
228 protocol = AF_INET6; \
229 s = setup(&addr, __COUNTER__); \
230 name ## _body(); \
231 close(s); \
232 } \
233 ATF_TC_CLEANUP(name ## _v6, tc) \
234 { \
235 cleanup(); \
236 } \
237 static void \
238 name ## _body(void)
239
240 /* Add the IPv4 and IPv6 versions of a test case */
241 #define TFTPD_TC_ADD(tp, name ) \
242 do { \
243 ATF_TP_ADD_TC(tp, name ## _v4); \
244 ATF_TP_ADD_TC(tp, name ## _v6); \
245 } while (0)
246
247 /* Standard cleanup used by all testcases */
248 static void
cleanup(void)249 cleanup(void)
250 {
251 FILE *f;
252 pid_t pid;
253
254 f = fopen(pidfile, "r");
255 if (f == NULL)
256 return;
257 if (fscanf(f, "%d", &pid) == 1) {
258 kill(pid, SIGTERM);
259 waitpid(pid, NULL, 0);
260 }
261 fclose(f);
262 unlink(pidfile);
263 }
264
265 /* Assert that two binary buffers are identical */
266 static void
require_bufeq(const char * expected,ssize_t expected_len,const char * actual,ssize_t len)267 require_bufeq(const char *expected, ssize_t expected_len, const char *actual,
268 ssize_t len)
269 {
270 ssize_t i;
271
272 ATF_REQUIRE_EQ_MSG(expected_len, len,
273 "Expected %zd bytes but got %zd", expected_len, len);
274 for (i = 0; i < len; i++) {
275 ATF_REQUIRE_EQ_MSG(actual[i], expected[i],
276 "Expected %#hhx at position %zd; got %hhx instead",
277 expected[i], i, actual[i]);
278 }
279 }
280
281 /*
282 * Start tftpd and return its communicating socket
283 * @param to Will be filled in for use with sendto
284 * @param idx Unique identifier of the test case
285 * @return Socket ready to use
286 */
287 static int
setup(struct sockaddr_storage * to,uint16_t idx)288 setup(struct sockaddr_storage *to, uint16_t idx)
289 {
290 int client_s, server_s, pid, argv_idx;
291 char execname[] = "/usr/libexec/tftpd";
292 char s_flag_str[] = "-s";
293 char w_flag_str[] = "-w";
294 char pwd[MAXPATHLEN];
295 char *argv[10];
296 struct sockaddr_in addr4;
297 struct sockaddr_in6 addr6;
298 struct sockaddr *server_addr;
299 struct pidfh *pfh;
300 uint16_t port = BASEPORT + idx;
301 socklen_t len;
302
303 if (protocol == PF_INET) {
304 len = sizeof(addr4);
305 bzero(&addr4, len);
306 addr4.sin_len = len;
307 addr4.sin_family = PF_INET;
308 addr4.sin_port = htons(port);
309 server_addr = (struct sockaddr*)&addr4;
310 } else {
311 len = sizeof(addr6);
312 bzero(&addr6, len);
313 addr6.sin6_len = len;
314 addr6.sin6_family = PF_INET6;
315 addr6.sin6_port = htons(port);
316 server_addr = (struct sockaddr*)&addr6;
317 }
318
319 ATF_REQUIRE_EQ(getcwd(pwd, sizeof(pwd)), pwd);
320
321 /* Must bind(2) pre-fork so it happens before the client's send(2) */
322 ATF_REQUIRE((server_s = socket(protocol, SOCK_DGRAM, 0)) > 0);
323 ATF_REQUIRE_EQ_MSG(bind(server_s, server_addr, len), 0,
324 "bind failed with error %s", strerror(errno));
325
326 pid = fork();
327 switch (pid) {
328 case -1:
329 atf_tc_fail("fork failed");
330 break;
331 case 0:
332 /* In child */
333 pfh = pidfile_open(pidfile, 0644, NULL);
334 ATF_REQUIRE_MSG(pfh != NULL,
335 "pidfile_open: %s", strerror(errno));
336 ATF_REQUIRE_EQ(pidfile_write(pfh), 0);
337 ATF_REQUIRE_EQ(pidfile_close(pfh), 0);
338
339 bzero(argv, sizeof(argv));
340 argv[0] = execname;
341 argv_idx = 1;
342 if (w_flag)
343 argv[argv_idx++] = w_flag_str;
344 if (s_flag)
345 argv[argv_idx++] = s_flag_str;
346 argv[argv_idx++] = pwd;
347 ATF_REQUIRE_EQ(dup2(server_s, STDOUT_FILENO), STDOUT_FILENO);
348 ATF_REQUIRE_EQ(dup2(server_s, STDIN_FILENO), STDIN_FILENO);
349 ATF_REQUIRE_EQ(dup2(server_s, STDERR_FILENO), STDERR_FILENO);
350 execv(execname, argv);
351 atf_tc_fail("exec failed");
352 break;
353 default:
354 /* In parent */
355 bzero(to, sizeof(*to));
356 if (protocol == PF_INET) {
357 struct sockaddr_in *to4 = (struct sockaddr_in*)to;
358 to4->sin_len = sizeof(*to4);
359 to4->sin_family = PF_INET;
360 to4->sin_port = htons(port);
361 to4->sin_addr.s_addr = htonl(INADDR_LOOPBACK);
362 } else {
363 struct in6_addr loopback = IN6ADDR_LOOPBACK_INIT;
364 struct sockaddr_in6 *to6 = (struct sockaddr_in6*)to;
365 to6->sin6_len = sizeof(*to6);
366 to6->sin6_family = PF_INET6;
367 to6->sin6_port = htons(port);
368 to6->sin6_addr = loopback;
369 }
370
371 close(server_s);
372 ATF_REQUIRE((client_s = socket(protocol, SOCK_DGRAM, 0)) > 0);
373 break;
374 }
375
376 /* Clear the client's umask. Test cases will specify exact modes */
377 umask(0000);
378
379 return (client_s);
380 }
381
382 /* Like write(2), but never returns less than the requested length */
383 static void
write_all(int fd,const void * buf,size_t nbytes)384 write_all(int fd, const void *buf, size_t nbytes)
385 {
386 ssize_t r;
387
388 while (nbytes > 0) {
389 r = write(fd, buf, nbytes);
390 ATF_REQUIRE(r > 0);
391 nbytes -= r;
392 buf = (const char*)buf + r;
393 }
394 }
395
396
397 /*
398 * Test Cases
399 */
400
401 /*
402 * Read a file, specified by absolute pathname.
403 */
404 TFTPD_TC_DEFINE(abspath,)
405 {
406 int fd;
407 char command[1024];
408 size_t pathlen;
409 char suffix[] = {'\0', 'o', 'c', 't', 'e', 't', '\0'};
410
411 command[0] = 0; /* RRQ high byte */
412 command[1] = 1; /* RRQ low byte */
413 ATF_REQUIRE(getcwd(&command[2], sizeof(command) - 2) != NULL);
414 pathlen = strlcat(&command[2], "/abspath.txt", sizeof(command) - 2);
415 ATF_REQUIRE(pathlen + sizeof(suffix) < sizeof(command) - 2);
416 memmove(&command[2 + pathlen], suffix, sizeof(suffix));
417
418 fd = open("abspath.txt", O_CREAT | O_RDONLY, 0644);
419 ATF_REQUIRE(fd >= 0);
420 close(fd);
421
422 send_bytes(command, 2 + pathlen + sizeof(suffix));
423 recv_data(1, NULL, 0);
424 send_ack(1);
425 }
426
427 /*
428 * Attempt to read a file outside of the allowed directory(ies)
429 */
430 TFTPD_TC_DEFINE(dotdot,)
431 {
432 ATF_REQUIRE_EQ(mkdir("subdir", 0777), 0);
433 SEND_RRQ("../disallowed.txt", "octet");
434 RECV_ERROR(2, "Access violation");
435 s = setup(&addr, __COUNTER__); \
436 SEND_RRQ("subdir/../../disallowed.txt", "octet");
437 RECV_ERROR(2, "Access violation");
438 s = setup(&addr, __COUNTER__); \
439 SEND_RRQ("/etc/passwd", "octet");
440 RECV_ERROR(2, "Access violation");
441 }
442
443 /*
444 * With "-s", tftpd should chroot to the specified directory
445 */
446 TFTPD_TC_DEFINE(s_flag, atf_tc_set_md_var(tc, "require.user", "root");,
447 s_flag = true)
448 {
449 int fd;
450 char contents[] = "small";
451
452 fd = open("small.txt", O_RDWR | O_CREAT, 0644);
453 ATF_REQUIRE(fd >= 0);
454 write_all(fd, contents, strlen(contents) + 1);
455 close(fd);
456
457 SEND_RRQ("/small.txt", "octet");
458 recv_data(1, contents, strlen(contents) + 1);
459 send_ack(1);
460 }
461
462 /*
463 * Read a file, and simulate a dropped ACK packet
464 */
465 TFTPD_TC_DEFINE(rrq_dropped_ack,)
466 {
467 int fd;
468 char contents[] = "small";
469
470 fd = open("small.txt", O_RDWR | O_CREAT, 0644);
471 ATF_REQUIRE(fd >= 0);
472 write_all(fd, contents, strlen(contents) + 1);
473 close(fd);
474
475 SEND_RRQ("small.txt", "octet");
476 recv_data(1, contents, strlen(contents) + 1);
477 /*
478 * client "sends" the ack, but network drops it
479 * Eventually, tftpd should resend the data packet
480 */
481 recv_data(1, contents, strlen(contents) + 1);
482 send_ack(1);
483 }
484
485 /*
486 * Read a file, and simulate a dropped DATA packet
487 */
488 TFTPD_TC_DEFINE(rrq_dropped_data,)
489 {
490 int fd;
491 size_t i;
492 uint32_t contents[192];
493 char buffer[1024];
494
495 for (i = 0; i < nitems(contents); i++)
496 contents[i] = i;
497
498 fd = open("medium.txt", O_RDWR | O_CREAT, 0644);
499 ATF_REQUIRE(fd >= 0);
500 write_all(fd, contents, sizeof(contents));
501 close(fd);
502
503 SEND_RRQ("medium.txt", "octet");
504 recv_data(1, (const char*)&contents[0], 512);
505 send_ack(1);
506 (void) recvfrom(s, buffer, sizeof(buffer), 0, NULL, NULL);
507 /*
508 * server "sends" the data, but network drops it
509 * Eventually, client should resend the last ACK
510 */
511 send_ack(1);
512 recv_data(2, (const char*)&contents[128], 256);
513 send_ack(2);
514 }
515
516 /*
517 * Read a medium file, and simulate a duplicated ACK packet
518 */
519 TFTPD_TC_DEFINE(rrq_duped_ack,)
520 {
521 int fd;
522 size_t i;
523 uint32_t contents[192];
524
525 for (i = 0; i < nitems(contents); i++)
526 contents[i] = i;
527
528 fd = open("medium.txt", O_RDWR | O_CREAT, 0644);
529 ATF_REQUIRE(fd >= 0);
530 write_all(fd, contents, sizeof(contents));
531 close(fd);
532
533 SEND_RRQ("medium.txt", "octet");
534 recv_data(1, (const char*)&contents[0], 512);
535 send_ack(1);
536 send_ack(1); /* Dupe an ACK packet */
537 recv_data(2, (const char*)&contents[128], 256);
538 recv_data(2, (const char*)&contents[128], 256);
539 send_ack(2);
540 }
541
542
543 /*
544 * Attempt to read a file without read permissions
545 */
546 TFTPD_TC_DEFINE(rrq_eaccess,)
547 {
548 int fd;
549
550 fd = open("empty.txt", O_CREAT | O_RDONLY, 0000);
551 ATF_REQUIRE(fd >= 0);
552 close(fd);
553
554 SEND_RRQ("empty.txt", "octet");
555 RECV_ERROR(2, "Access violation");
556 }
557
558 /*
559 * Read an empty file
560 */
561 TFTPD_TC_DEFINE(rrq_empty,)
562 {
563 int fd;
564
565 fd = open("empty.txt", O_CREAT | O_RDONLY, 0644);
566 ATF_REQUIRE(fd >= 0);
567 close(fd);
568
569 SEND_RRQ("empty.txt", "octet");
570 recv_data(1, NULL, 0);
571 send_ack(1);
572 }
573
574 /*
575 * Read a medium file of more than one block
576 */
577 TFTPD_TC_DEFINE(rrq_medium,)
578 {
579 int fd;
580 size_t i;
581 uint32_t contents[192];
582
583 for (i = 0; i < nitems(contents); i++)
584 contents[i] = i;
585
586 fd = open("medium.txt", O_RDWR | O_CREAT, 0644);
587 ATF_REQUIRE(fd >= 0);
588 write_all(fd, contents, sizeof(contents));
589 close(fd);
590
591 SEND_RRQ("medium.txt", "octet");
592 recv_data(1, (const char*)&contents[0], 512);
593 send_ack(1);
594 recv_data(2, (const char*)&contents[128], 256);
595 send_ack(2);
596 }
597
598 /*
599 * Read a medium file with a window size of 2.
600 */
601 TFTPD_TC_DEFINE(rrq_medium_window,)
602 {
603 int fd;
604 size_t i;
605 uint32_t contents[192];
606 char options[] = OPTION_STR("windowsize", "2");
607
608 for (i = 0; i < nitems(contents); i++)
609 contents[i] = i;
610
611 fd = open("medium.txt", O_RDWR | O_CREAT, 0644);
612 ATF_REQUIRE(fd >= 0);
613 write_all(fd, contents, sizeof(contents));
614 close(fd);
615
616 SEND_RRQ_OPT("medium.txt", "octet", OPTION_STR("windowsize", "2"));
617 recv_oack(options, sizeof(options) - 1);
618 send_ack(0);
619 recv_data(1, (const char*)&contents[0], 512);
620 recv_data(2, (const char*)&contents[128], 256);
621 send_ack(2);
622 }
623
624 /*
625 * Read a file in netascii format
626 */
627 TFTPD_TC_DEFINE(rrq_netascii,)
628 {
629 int fd;
630 char contents[] = "foo\nbar\rbaz\n";
631 /*
632 * Weirdly, RFC-764 says that CR must be followed by NUL if a line feed
633 * is not intended
634 */
635 char expected[] = "foo\r\nbar\r\0baz\r\n";
636
637 fd = open("unix.txt", O_RDWR | O_CREAT, 0644);
638 ATF_REQUIRE(fd >= 0);
639 write_all(fd, contents, strlen(contents) + 1);
640 close(fd);
641
642 SEND_RRQ("unix.txt", "netascii");
643 recv_data(1, expected, sizeof(expected));
644 send_ack(1);
645 }
646
647 /*
648 * Read a file that doesn't exist
649 */
650 TFTPD_TC_DEFINE(rrq_nonexistent,)
651 {
652 SEND_RRQ("nonexistent.txt", "octet");
653 RECV_ERROR(1, "File not found");
654 }
655
656 /*
657 * Attempt to read a file whose name exceeds PATH_MAX
658 */
659 TFTPD_TC_DEFINE(rrq_path_max,)
660 {
661 #define AReallyBigFileName \
662 "AReallyBigFileNameXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
663 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
664 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
665 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
666 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
667 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
668 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
669 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
670 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
671 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
672 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
673 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
674 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
675 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
676 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
677 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
678 ".txt"
679 ATF_REQUIRE_MSG(strlen(AReallyBigFileName) > PATH_MAX,
680 "Somebody increased PATH_MAX. Update the test");
681 SEND_RRQ(AReallyBigFileName, "octet");
682 RECV_ERROR(4, "Illegal TFTP operation");
683 }
684
685 /*
686 * Read a small file of less than one block
687 */
688 TFTPD_TC_DEFINE(rrq_small,)
689 {
690 int fd;
691 char contents[] = "small";
692
693 fd = open("small.txt", O_RDWR | O_CREAT, 0644);
694 ATF_REQUIRE(fd >= 0);
695 write_all(fd, contents, strlen(contents) + 1);
696 close(fd);
697
698 SEND_RRQ("small.txt", "octet");
699 recv_data(1, contents, strlen(contents) + 1);
700 send_ack(1);
701 }
702
703 /*
704 * Read a file following the example in RFC 7440.
705 */
706 TFTPD_TC_DEFINE(rrq_window_rfc7440,)
707 {
708 int fd;
709 size_t i;
710 char options[] = OPTION_STR("windowsize", "4");
711 alignas(uint32_t) char contents[13 * 512 - 4];
712 uint32_t *u32p;
713
714 u32p = (uint32_t *)contents;
715 for (i = 0; i < sizeof(contents) / sizeof(uint32_t); i++)
716 u32p[i] = i;
717
718 fd = open("rfc7440.txt", O_RDWR | O_CREAT, 0644);
719 ATF_REQUIRE(fd >= 0);
720 write_all(fd, contents, sizeof(contents));
721 close(fd);
722
723 SEND_RRQ_OPT("rfc7440.txt", "octet", OPTION_STR("windowsize", "4"));
724 recv_oack(options, sizeof(options) - 1);
725 send_ack(0);
726 recv_data(1, &contents[0 * 512], 512);
727 recv_data(2, &contents[1 * 512], 512);
728 recv_data(3, &contents[2 * 512], 512);
729 recv_data(4, &contents[3 * 512], 512);
730 send_ack(4);
731 recv_data(5, &contents[4 * 512], 512);
732 recv_data(6, &contents[5 * 512], 512);
733 recv_data(7, &contents[6 * 512], 512);
734 recv_data(8, &contents[7 * 512], 512);
735
736 /* ACK 5 as if 6-8 were dropped. */
737 send_ack(5);
738 recv_data(6, &contents[5 * 512], 512);
739 recv_data(7, &contents[6 * 512], 512);
740 recv_data(8, &contents[7 * 512], 512);
741 recv_data(9, &contents[8 * 512], 512);
742 send_ack(9);
743 recv_data(10, &contents[9 * 512], 512);
744 recv_data(11, &contents[10 * 512], 512);
745 recv_data(12, &contents[11 * 512], 512);
746 recv_data(13, &contents[12 * 512], 508);
747
748 /* Drop ACK and after timeout receive 10-13. */
749 recv_data(10, &contents[9 * 512], 512);
750 recv_data(11, &contents[10 * 512], 512);
751 recv_data(12, &contents[11 * 512], 512);
752 recv_data(13, &contents[12 * 512], 508);
753 send_ack(13);
754 }
755
756 /*
757 * Try to transfer a file with an unknown mode.
758 */
759 TFTPD_TC_DEFINE(unknown_modes,)
760 {
761 SEND_RRQ("foo.txt", "ascii"); /* Misspelling of "ascii" */
762 RECV_ERROR(4, "Illegal TFTP operation");
763 s = setup(&addr, __COUNTER__); \
764 SEND_RRQ("foo.txt", "binary"); /* Obsolete. Use "octet" instead */
765 RECV_ERROR(4, "Illegal TFTP operation");
766 s = setup(&addr, __COUNTER__); \
767 SEND_RRQ("foo.txt", "en_US.UTF-8");
768 RECV_ERROR(4, "Illegal TFTP operation");
769 s = setup(&addr, __COUNTER__); \
770 SEND_RRQ("foo.txt", "mail"); /* Obsolete in RFC-1350 */
771 RECV_ERROR(4, "Illegal TFTP operation");
772 }
773
774 /*
775 * Send an unknown opcode. tftpd should respond with the appropriate error
776 */
777 TFTPD_TC_DEFINE(unknown_opcode,)
778 {
779 /* Looks like an RRQ or WRQ request, but with a bad opcode */
780 SEND_STR("\0\007foo.txt\0octet\0");
781 RECV_ERROR(4, "Illegal TFTP operation");
782 }
783
784 /*
785 * Invoke tftpd with "-w" and write to a nonexistent file.
786 */
787 TFTPD_TC_DEFINE(w_flag,, w_flag = 1;)
788 {
789 int fd;
790 ssize_t r;
791 char contents[] = "small";
792 char buffer[1024];
793 size_t contents_len;
794
795 contents_len = strlen(contents) + 1;
796 SEND_WRQ("small.txt", "octet");
797 recv_ack(0);
798 send_data(1, contents, contents_len);
799 recv_ack(1);
800
801 fd = open("small.txt", O_RDONLY);
802 ATF_REQUIRE(fd >= 0);
803 r = read(fd, buffer, sizeof(buffer));
804 close(fd);
805 require_bufeq(contents, contents_len, buffer, r);
806 }
807
808 /*
809 * Write a medium file, and simulate a dropped ACK packet
810 */
811 TFTPD_TC_DEFINE(wrq_dropped_ack,)
812 {
813 int fd;
814 size_t i;
815 ssize_t r;
816 uint32_t contents[192];
817 char buffer[1024];
818
819 for (i = 0; i < nitems(contents); i++)
820 contents[i] = i;
821
822 fd = open("medium.txt", O_RDWR | O_CREAT, 0666);
823 ATF_REQUIRE(fd >= 0);
824 close(fd);
825
826 SEND_WRQ("medium.txt", "octet");
827 recv_ack(0);
828 send_data(1, (const char*)&contents[0], 512);
829 /*
830 * Servers "sends" an ACK packet, but network drops it.
831 * Eventually, server should resend the last ACK
832 */
833 (void) recvfrom(s, buffer, sizeof(buffer), 0, NULL, NULL);
834 recv_ack(1);
835 send_data(2, (const char*)&contents[128], 256);
836 recv_ack(2);
837
838 fd = open("medium.txt", O_RDONLY);
839 ATF_REQUIRE(fd >= 0);
840 r = read(fd, buffer, sizeof(buffer));
841 close(fd);
842 require_bufeq((const char*)contents, 768, buffer, r);
843 }
844
845 /*
846 * Write a small file, and simulate a dropped DATA packet
847 */
848 TFTPD_TC_DEFINE(wrq_dropped_data,)
849 {
850 int fd;
851 ssize_t r;
852 char contents[] = "small";
853 size_t contents_len;
854 char buffer[1024];
855
856 fd = open("small.txt", O_RDWR | O_CREAT, 0666);
857 ATF_REQUIRE(fd >= 0);
858 close(fd);
859 contents_len = strlen(contents) + 1;
860
861 SEND_WRQ("small.txt", "octet");
862 recv_ack(0);
863 /*
864 * Client "sends" a DATA packet, but network drops it.
865 * Eventually, server should resend the last ACK
866 */
867 recv_ack(0);
868 send_data(1, contents, contents_len);
869 recv_ack(1);
870
871 fd = open("small.txt", O_RDONLY);
872 ATF_REQUIRE(fd >= 0);
873 r = read(fd, buffer, sizeof(buffer));
874 close(fd);
875 require_bufeq(contents, contents_len, buffer, r);
876 }
877
878 /*
879 * Write a medium file, and simulate a duplicated DATA packet
880 */
881 TFTPD_TC_DEFINE(wrq_duped_data,)
882 {
883 int fd;
884 size_t i;
885 ssize_t r;
886 uint32_t contents[192];
887 char buffer[1024];
888
889 for (i = 0; i < nitems(contents); i++)
890 contents[i] = i;
891
892 fd = open("medium.txt", O_RDWR | O_CREAT, 0666);
893 ATF_REQUIRE(fd >= 0);
894 close(fd);
895
896 SEND_WRQ("medium.txt", "octet");
897 recv_ack(0);
898 send_data(1, (const char*)&contents[0], 512);
899 send_data(1, (const char*)&contents[0], 512);
900 recv_ack(1);
901 recv_ack(1);
902 send_data(2, (const char*)&contents[128], 256);
903 recv_ack(2);
904
905 fd = open("medium.txt", O_RDONLY);
906 ATF_REQUIRE(fd >= 0);
907 r = read(fd, buffer, sizeof(buffer));
908 close(fd);
909 require_bufeq((const char*)contents, 768, buffer, r);
910 }
911
912 /*
913 * Attempt to write a file without write permissions
914 */
915 TFTPD_TC_DEFINE(wrq_eaccess,)
916 {
917 int fd;
918
919 fd = open("empty.txt", O_CREAT | O_RDONLY, 0440);
920 ATF_REQUIRE(fd >= 0);
921 close(fd);
922
923 SEND_WRQ("empty.txt", "octet");
924 RECV_ERROR(2, "Access violation");
925 }
926
927 /*
928 * Attempt to write a file without world write permissions, but with world
929 * read permissions
930 */
931 TFTPD_TC_DEFINE(wrq_eaccess_world_readable,)
932 {
933 int fd;
934
935 fd = open("empty.txt", O_CREAT | O_RDONLY, 0444);
936 ATF_REQUIRE(fd >= 0);
937 close(fd);
938
939 SEND_WRQ("empty.txt", "octet");
940 RECV_ERROR(2, "Access violation");
941 }
942
943
944 /*
945 * Write a medium file of more than one block
946 */
947 TFTPD_TC_DEFINE(wrq_medium,)
948 {
949 int fd;
950 size_t i;
951 ssize_t r;
952 uint32_t contents[192];
953 char buffer[1024];
954
955 for (i = 0; i < nitems(contents); i++)
956 contents[i] = i;
957
958 fd = open("medium.txt", O_RDWR | O_CREAT, 0666);
959 ATF_REQUIRE(fd >= 0);
960 close(fd);
961
962 SEND_WRQ("medium.txt", "octet");
963 recv_ack(0);
964 send_data(1, (const char*)&contents[0], 512);
965 recv_ack(1);
966 send_data(2, (const char*)&contents[128], 256);
967 recv_ack(2);
968
969 fd = open("medium.txt", O_RDONLY);
970 ATF_REQUIRE(fd >= 0);
971 r = read(fd, buffer, sizeof(buffer));
972 close(fd);
973 require_bufeq((const char*)contents, 768, buffer, r);
974 }
975
976 /*
977 * Write a medium file with a window size of 2.
978 */
979 TFTPD_TC_DEFINE(wrq_medium_window,)
980 {
981 int fd;
982 size_t i;
983 ssize_t r;
984 uint32_t contents[192];
985 char buffer[1024];
986 char options[] = OPTION_STR("windowsize", "2");
987
988 for (i = 0; i < nitems(contents); i++)
989 contents[i] = i;
990
991 fd = open("medium.txt", O_RDWR | O_CREAT, 0666);
992 ATF_REQUIRE(fd >= 0);
993 close(fd);
994
995 SEND_WRQ_OPT("medium.txt", "octet", OPTION_STR("windowsize", "2"));
996 recv_oack(options, sizeof(options) - 1);
997 send_data(1, (const char*)&contents[0], 512);
998 send_data(2, (const char*)&contents[128], 256);
999 recv_ack(2);
1000
1001 fd = open("medium.txt", O_RDONLY);
1002 ATF_REQUIRE(fd >= 0);
1003 r = read(fd, buffer, sizeof(buffer));
1004 close(fd);
1005 require_bufeq((const char*)contents, 768, buffer, r);
1006 }
1007
1008 /*
1009 * Write a file in netascii format
1010 */
1011 TFTPD_TC_DEFINE(wrq_netascii,)
1012 {
1013 int fd;
1014 ssize_t r;
1015 /*
1016 * Weirdly, RFC-764 says that CR must be followed by NUL if a line feed
1017 * is not intended
1018 */
1019 char contents[] = "foo\r\nbar\r\0baz\r\n";
1020 char expected[] = "foo\nbar\rbaz\n";
1021 size_t contents_len;
1022 char buffer[1024];
1023
1024 fd = open("unix.txt", O_RDWR | O_CREAT, 0666);
1025 ATF_REQUIRE(fd >= 0);
1026 close(fd);
1027 contents_len = sizeof(contents);
1028
1029 SEND_WRQ("unix.txt", "netascii");
1030 recv_ack(0);
1031 send_data(1, contents, contents_len);
1032 recv_ack(1);
1033
1034 fd = open("unix.txt", O_RDONLY);
1035 ATF_REQUIRE(fd >= 0);
1036 r = read(fd, buffer, sizeof(buffer));
1037 close(fd);
1038 require_bufeq(expected, sizeof(expected), buffer, r);
1039 }
1040
1041 /*
1042 * Attempt to write to a nonexistent file. With the default options, this
1043 * isn't allowed.
1044 */
1045 TFTPD_TC_DEFINE(wrq_nonexistent,)
1046 {
1047 SEND_WRQ("nonexistent.txt", "octet");
1048 RECV_ERROR(1, "File not found");
1049 }
1050
1051 /*
1052 * Write a small file of less than one block
1053 */
1054 TFTPD_TC_DEFINE(wrq_small,)
1055 {
1056 int fd;
1057 ssize_t r;
1058 char contents[] = "small";
1059 size_t contents_len;
1060 char buffer[1024];
1061
1062 fd = open("small.txt", O_RDWR | O_CREAT, 0666);
1063 ATF_REQUIRE(fd >= 0);
1064 close(fd);
1065 contents_len = strlen(contents) + 1;
1066
1067 SEND_WRQ("small.txt", "octet");
1068 recv_ack(0);
1069 send_data(1, contents, contents_len);
1070 recv_ack(1);
1071
1072 fd = open("small.txt", O_RDONLY);
1073 ATF_REQUIRE(fd >= 0);
1074 r = read(fd, buffer, sizeof(buffer));
1075 close(fd);
1076 require_bufeq(contents, contents_len, buffer, r);
1077 }
1078
1079 /*
1080 * Write an empty file over a non-empty one
1081 */
1082 TFTPD_TC_DEFINE(wrq_truncate,)
1083 {
1084 int fd;
1085 char contents[] = "small";
1086 struct stat sb;
1087
1088 fd = open("small.txt", O_RDWR | O_CREAT, 0666);
1089 ATF_REQUIRE(fd >= 0);
1090 write_all(fd, contents, strlen(contents) + 1);
1091 close(fd);
1092
1093 SEND_WRQ("small.txt", "octet");
1094 recv_ack(0);
1095 send_data(1, NULL, 0);
1096 recv_ack(1);
1097
1098 ATF_REQUIRE_EQ(stat("small.txt", &sb), 0);
1099 ATF_REQUIRE_EQ(sb.st_size, 0);
1100 }
1101
1102 /*
1103 * Write a file following the example in RFC 7440.
1104 */
1105 TFTPD_TC_DEFINE(wrq_window_rfc7440,)
1106 {
1107 int fd;
1108 size_t i;
1109 ssize_t r;
1110 char options[] = OPTION_STR("windowsize", "4");
1111 alignas(uint32_t) char contents[13 * 512 - 4];
1112 char buffer[sizeof(contents)];
1113 uint32_t *u32p;
1114
1115 u32p = (uint32_t *)contents;
1116 for (i = 0; i < sizeof(contents) / sizeof(uint32_t); i++)
1117 u32p[i] = i;
1118
1119 fd = open("rfc7440.txt", O_RDWR | O_CREAT, 0666);
1120 ATF_REQUIRE(fd >= 0);
1121 close(fd);
1122
1123 SEND_WRQ_OPT("rfc7440.txt", "octet", OPTION_STR("windowsize", "4"));
1124 recv_oack(options, sizeof(options) - 1);
1125 send_data(1, &contents[0 * 512], 512);
1126 send_data(2, &contents[1 * 512], 512);
1127 send_data(3, &contents[2 * 512], 512);
1128 send_data(4, &contents[3 * 512], 512);
1129 recv_ack(4);
1130 send_data(5, &contents[4 * 512], 512);
1131
1132 /* Drop 6-8. */
1133 recv_ack(5);
1134 send_data(6, &contents[5 * 512], 512);
1135 send_data(7, &contents[6 * 512], 512);
1136 send_data(8, &contents[7 * 512], 512);
1137 send_data(9, &contents[8 * 512], 512);
1138 recv_ack(9);
1139
1140 /* Drop 11. */
1141 send_data(10, &contents[9 * 512], 512);
1142 send_data(12, &contents[11 * 512], 512);
1143
1144 /*
1145 * We can't send 13 here as tftpd has probably already seen 12
1146 * and sent the ACK of 10 if running locally. While it would
1147 * recover by sending another ACK of 10, our state machine
1148 * would be out of sync.
1149 */
1150
1151 /* Ignore ACK for 10 and resend 10-13. */
1152 recv_ack(10);
1153 send_data(10, &contents[9 * 512], 512);
1154 send_data(11, &contents[10 * 512], 512);
1155 send_data(12, &contents[11 * 512], 512);
1156 send_data(13, &contents[12 * 512], 508);
1157 recv_ack(13);
1158
1159 fd = open("rfc7440.txt", O_RDONLY);
1160 ATF_REQUIRE(fd >= 0);
1161 r = read(fd, buffer, sizeof(buffer));
1162 close(fd);
1163 require_bufeq(contents, sizeof(contents), buffer, r);
1164 }
1165
1166
1167 /*
1168 * Main
1169 */
1170
ATF_TP_ADD_TCS(tp)1171 ATF_TP_ADD_TCS(tp)
1172 {
1173 TFTPD_TC_ADD(tp, abspath);
1174 TFTPD_TC_ADD(tp, dotdot);
1175 TFTPD_TC_ADD(tp, s_flag);
1176 TFTPD_TC_ADD(tp, rrq_dropped_ack);
1177 TFTPD_TC_ADD(tp, rrq_dropped_data);
1178 TFTPD_TC_ADD(tp, rrq_duped_ack);
1179 TFTPD_TC_ADD(tp, rrq_eaccess);
1180 TFTPD_TC_ADD(tp, rrq_empty);
1181 TFTPD_TC_ADD(tp, rrq_medium);
1182 TFTPD_TC_ADD(tp, rrq_medium_window);
1183 TFTPD_TC_ADD(tp, rrq_netascii);
1184 TFTPD_TC_ADD(tp, rrq_nonexistent);
1185 TFTPD_TC_ADD(tp, rrq_path_max);
1186 TFTPD_TC_ADD(tp, rrq_small);
1187 TFTPD_TC_ADD(tp, rrq_window_rfc7440);
1188 TFTPD_TC_ADD(tp, unknown_modes);
1189 TFTPD_TC_ADD(tp, unknown_opcode);
1190 TFTPD_TC_ADD(tp, w_flag);
1191 TFTPD_TC_ADD(tp, wrq_dropped_ack);
1192 TFTPD_TC_ADD(tp, wrq_dropped_data);
1193 TFTPD_TC_ADD(tp, wrq_duped_data);
1194 TFTPD_TC_ADD(tp, wrq_eaccess);
1195 TFTPD_TC_ADD(tp, wrq_eaccess_world_readable);
1196 TFTPD_TC_ADD(tp, wrq_medium);
1197 TFTPD_TC_ADD(tp, wrq_medium_window);
1198 TFTPD_TC_ADD(tp, wrq_netascii);
1199 TFTPD_TC_ADD(tp, wrq_nonexistent);
1200 TFTPD_TC_ADD(tp, wrq_small);
1201 TFTPD_TC_ADD(tp, wrq_truncate);
1202 TFTPD_TC_ADD(tp, wrq_window_rfc7440);
1203
1204 return (atf_no_error());
1205 }
1206