1 /*
2 * ProFTPD - FTP server daemon
3 * Copyright (c) 1997, 1998 Public Flood Software
4 * Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgyver@tos.net>
5 * Copyright (c) 2001-2021 The ProFTPD Project team
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335, USA.
20 *
21 * As a special exemption, Public Flood Software/MacGyver aka Habeeb J. Dihu
22 * and other respective copyright holders give permission to link this program
23 * with OpenSSL, and distribute the resulting executable, without including
24 * the source code for OpenSSL in the source distribution.
25 */
26
27 /* Data connection management functions */
28
29 #include "conf.h"
30
31 #ifdef HAVE_SYS_SENDFILE_H
32 #include <sys/sendfile.h>
33 #endif /* HAVE_SYS_SENDFILE_H */
34
35 #ifdef HAVE_SYS_UIO_H
36 #include <sys/uio.h>
37 #endif /* HAVE_SYS_UIO_H */
38
39 static const char *trace_channel = "data";
40 static const char *timing_channel = "timing";
41
42 #define PR_DATA_OPT_IGNORE_ASCII 0x0001
43 static unsigned long data_opts = 0UL;
44 static uint64_t data_start_ms = 0L;
45 static int data_first_byte_read = FALSE;
46 static int data_first_byte_written = FALSE;
47
48 /* local macro */
49
50 #define MODE_STRING (session.sf_flags & (SF_ASCII|SF_ASCII_OVERRIDE) ? \
51 "ASCII" : "BINARY")
52
53 /* Internal usage: pointer to current data connection stream in use (may be
54 * in either read or write mode)
55 */
56 static pr_netio_stream_t *nstrm = NULL;
57
58 static long timeout_linger = PR_TUNABLE_TIMEOUTLINGER;
59
60 static int timeout_idle = PR_TUNABLE_TIMEOUTIDLE;
61 static int timeout_noxfer = PR_TUNABLE_TIMEOUTNOXFER;
62 static int timeout_stalled = PR_TUNABLE_TIMEOUTSTALLED;
63
64 /* Called if the "Stalled" timer goes off
65 */
stalled_timeout_cb(CALLBACK_FRAME)66 static int stalled_timeout_cb(CALLBACK_FRAME) {
67 pr_event_generate("core.timeout-stalled", NULL);
68 pr_log_pri(PR_LOG_NOTICE, "Data transfer stall timeout: %d %s",
69 timeout_stalled, timeout_stalled != 1 ? "seconds" : "second");
70 pr_session_disconnect(NULL, PR_SESS_DISCONNECT_TIMEOUT,
71 "TimeoutStalled during data transfer");
72
73 /* Prevent compiler warning. */
74 return 0;
75 }
76
77 /* This signal is raised if we get OOB data on the control connection, and
78 * a data transfer is in progress.
79 */
data_urgent(int signo)80 static RETSIGTYPE data_urgent(int signo) {
81 if (session.sf_flags & SF_XFER) {
82 pr_trace_msg(trace_channel, 5, "received SIGURG signal (signal %d), "
83 "setting 'aborted' session flag", signo);
84 session.sf_flags |= SF_ABORT;
85
86 if (nstrm) {
87 pr_netio_abort(nstrm);
88 }
89 }
90
91 signal(SIGURG, data_urgent);
92 }
93
data_new_xfer(char * filename,int direction)94 static void data_new_xfer(char *filename, int direction) {
95 pr_data_clear_xfer_pool();
96
97 session.xfer.p = make_sub_pool(session.pool);
98 pr_pool_tag(session.xfer.p, "Data Transfer pool");
99
100 session.xfer.filename = pstrdup(session.xfer.p, filename);
101 session.xfer.direction = direction;
102 session.xfer.bufsize = pr_config_get_server_xfer_bufsz(direction);
103 session.xfer.buf = pcalloc(session.xfer.p, session.xfer.bufsize + 1);
104 pr_trace_msg(trace_channel, 8, "allocated data transfer buffer of %lu bytes",
105 (unsigned long) session.xfer.bufsize);
106 session.xfer.buf++; /* leave room for ascii translation */
107 session.xfer.buflen = 0;
108 }
109
data_passive_open(const char * reason,off_t size)110 static int data_passive_open(const char *reason, off_t size) {
111 conn_t *c;
112 int rev, xerrno = 0;
113
114 if (reason == NULL &&
115 session.xfer.filename) {
116 reason = session.xfer.filename;
117 }
118
119 /* Set the "stalled" timer, if any, to prevent the connection
120 * open from taking too long
121 */
122 if (timeout_stalled) {
123 pr_timer_add(timeout_stalled, PR_TIMER_STALLED, NULL, stalled_timeout_cb,
124 "TimeoutStalled");
125 }
126
127 /* We save the state of our current disposition for doing reverse
128 * lookups, and then set it to what the configuration wants it to
129 * be.
130 */
131 rev = pr_netaddr_set_reverse_dns(ServerUseReverseDNS);
132
133 /* Protocol and socket options should be set before handshaking. */
134
135 if (session.xfer.direction == PR_NETIO_IO_RD) {
136 pr_inet_set_socket_opts2(session.d->pool, session.d,
137 (main_server->tcp_rcvbuf_override ? main_server->tcp_rcvbuf_len : 0), 0,
138 main_server->tcp_keepalive, 0);
139
140 } else {
141 pr_inet_set_socket_opts2(session.d->pool, session.d,
142 0, (main_server->tcp_sndbuf_override ? main_server->tcp_sndbuf_len : 0),
143 main_server->tcp_keepalive, 0);
144 }
145
146 c = pr_inet_accept(session.pool, session.d, session.c, -1, -1, TRUE);
147 pr_netaddr_set_reverse_dns(rev);
148
149 if (c && c->mode != CM_ERROR) {
150 pr_inet_close(session.pool, session.d);
151 (void) pr_inet_set_nonblock(session.pool, c);
152 session.d = c;
153
154 pr_log_debug(DEBUG4, "passive data connection opened - local : %s:%d",
155 pr_netaddr_get_ipstr(session.d->local_addr), session.d->local_port);
156 pr_log_debug(DEBUG4, "passive data connection opened - remote : %s:%d",
157 pr_netaddr_get_ipstr(session.d->remote_addr), session.d->remote_port);
158
159 if (session.xfer.xfer_type != STOR_UNIQUE) {
160 if (size) {
161 pr_response_send(R_150, _("Opening %s mode data connection for %s "
162 "(%" PR_LU " %s)"), MODE_STRING, reason, (pr_off_t) size,
163 size != 1 ? "bytes" : "byte");
164
165 } else {
166 pr_response_send(R_150, _("Opening %s mode data connection for %s"),
167 MODE_STRING, reason);
168 }
169
170 } else {
171
172 /* Format of 150 responses for STOU is explicitly dictated by
173 * RFC 1123:
174 *
175 * 4.1.2.9 STOU Command: RFC-959 Section 4.1.3
176 *
177 * The STOU command stores into a uniquely named file. When it
178 * receives an STOU command, a Server-FTP MUST return the
179 * actual file name in the "125 Transfer Starting" or the "150
180 * Opening Data Connection" message that precedes the transfer
181 * (the 250 reply code mentioned in RFC-959 is incorrect). The
182 * exact format of these messages is hereby defined to be as
183 * follows:
184 *
185 * 125 FILE: pppp
186 * 150 FILE: pppp
187 *
188 * where pppp represents the unique pathname of the file that
189 * will be written.
190 */
191 pr_response_send(R_150, "FILE: %s", reason);
192 }
193
194 return 0;
195 }
196
197 /* Check for error conditions. */
198 if (c != NULL &&
199 c->mode == CM_ERROR) {
200 pr_log_pri(PR_LOG_ERR, "error: unable to accept an incoming data "
201 "connection: %s", strerror(c->xerrno));
202 }
203
204 xerrno = session.d->xerrno;
205 pr_response_add_err(R_425, _("Unable to build data connection: %s"),
206 strerror(xerrno));
207 pr_data_close2();
208
209 errno = xerrno;
210 return -1;
211 }
212
data_active_open(const char * reason,off_t size)213 static int data_active_open(const char *reason, off_t size) {
214 conn_t *c;
215 int bind_port, rev, *root_revoke = NULL, xerrno;
216 const pr_netaddr_t *bind_addr = NULL;
217
218 if (session.c->remote_addr == NULL) {
219 /* An opened but unconnected connection? */
220 errno = EINVAL;
221 return -1;
222 }
223
224 if (reason == NULL &&
225 session.xfer.filename) {
226 reason = session.xfer.filename;
227 }
228
229 if (pr_netaddr_get_family(session.c->local_addr) == pr_netaddr_get_family(session.c->remote_addr)) {
230 bind_addr = session.c->local_addr;
231
232 } else {
233 /* In this scenario, the server has an IPv6 socket, but the remote client
234 * is an IPv4 (or IPv4-mapped IPv6) peer.
235 */
236 bind_addr = pr_netaddr_v6tov4(session.xfer.p, session.c->local_addr);
237 }
238
239 /* Default source port to which to bind for the active transfer, as
240 * per RFC959.
241 */
242 bind_port = session.c->local_port-1;
243
244 root_revoke = get_param_ptr(TOPLEVEL_CONF, "RootRevoke", FALSE);
245 if (root_revoke == NULL) {
246 /* In the absence of any explicit RootRevoke, the default behavior is to
247 * change the source port. This means we are technically noncompliant,
248 * but most clients do not enforce this behavior.
249 */
250 bind_port = INPORT_ANY;
251
252 } else {
253 /* A RootRevoke value of 0 indicates 'false', 1 indicates 'true', and
254 * 2 indicates 'NonCompliantActiveTransfer'. We change the source port for
255 * a RootRevoke value of 2, and for a value of 1, we make sure that
256 * that the port is not a privileged port.
257 */
258 switch (*root_revoke) {
259 case 1:
260 if (bind_port < 1024) {
261 pr_log_debug(DEBUG0, "RootRevoke in effect, unable to bind to local "
262 "port %d for active transfer", bind_port);
263 errno = EPERM;
264 return -1;
265 }
266 break;
267
268 case 2:
269 bind_port = INPORT_ANY;
270 break;
271
272 default:
273 break;
274 }
275 }
276
277 session.d = pr_inet_create_conn(session.pool, -1, bind_addr, bind_port, TRUE);
278 if (session.d == NULL) {
279 xerrno = errno;
280
281 pr_response_add_err(R_425, _("Unable to build data connection: %s"),
282 strerror(xerrno));
283
284 errno = xerrno;
285 return -1;
286 }
287
288 /* Default remote address to which to connect for an active transfer,
289 * if the client has not specified a different address via PORT/EPRT,
290 * as per RFC 959.
291 */
292 if (pr_netaddr_get_family(&session.data_addr) == AF_UNSPEC) {
293 pr_log_debug(DEBUG6, "Client has not sent previous PORT/EPRT command, "
294 "defaulting to %s#%u for active transfer",
295 pr_netaddr_get_ipstr(session.c->remote_addr), session.c->remote_port);
296
297 pr_netaddr_set_family(&session.data_addr, pr_netaddr_get_family(session.c->remote_addr));
298 pr_netaddr_set_sockaddr(&session.data_addr, pr_netaddr_get_sockaddr(session.c->remote_addr));
299 }
300
301 /* Set the "stalled" timer, if any, to prevent the connection
302 * open from taking too long
303 */
304 if (timeout_stalled) {
305 pr_timer_add(timeout_stalled, PR_TIMER_STALLED, NULL, stalled_timeout_cb,
306 "TimeoutStalled");
307 }
308
309 rev = pr_netaddr_set_reverse_dns(ServerUseReverseDNS);
310
311 /* Protocol and socket options should be set before handshaking. */
312
313 if (session.xfer.direction == PR_NETIO_IO_RD) {
314 pr_inet_set_socket_opts2(session.d->pool, session.d,
315 (main_server->tcp_rcvbuf_override ? main_server->tcp_rcvbuf_len : 0), 0,
316 main_server->tcp_keepalive, 1);
317
318 } else {
319 pr_inet_set_socket_opts2(session.d->pool, session.d,
320 0, (main_server->tcp_sndbuf_override ? main_server->tcp_sndbuf_len : 0),
321 main_server->tcp_keepalive, 1);
322 }
323
324 /* Make sure that the necessary socket options are set on the socket prior
325 * to the call to connect(2).
326 */
327 pr_inet_set_proto_opts(session.pool, session.d, main_server->tcp_mss_len, 0,
328 IPTOS_THROUGHPUT, 1);
329 pr_inet_generate_socket_event("core.data-connect", main_server,
330 session.d->local_addr, session.d->listen_fd);
331
332 if (pr_inet_connect(session.d->pool, session.d, &session.data_addr,
333 session.data_port) < 0) {
334 xerrno = session.d->xerrno;
335
336 pr_log_debug(DEBUG6,
337 "Error connecting to %s#%u for active data transfer: %s",
338 pr_netaddr_get_ipstr(&session.data_addr), session.data_port,
339 strerror(xerrno));
340 pr_response_add_err(R_425, _("Unable to build data connection: %s"),
341 strerror(xerrno));
342 pr_data_close2();
343
344 errno = xerrno;
345 return -1;
346 }
347
348 c = pr_inet_openrw(session.pool, session.d, NULL, PR_NETIO_STRM_DATA,
349 session.d->listen_fd, -1, -1, TRUE);
350
351 pr_netaddr_set_reverse_dns(rev);
352
353 if (c) {
354 pr_log_debug(DEBUG4, "active data connection opened - local : %s:%d",
355 pr_netaddr_get_ipstr(session.d->local_addr), session.d->local_port);
356 pr_log_debug(DEBUG4, "active data connection opened - remote : %s:%d",
357 pr_netaddr_get_ipstr(session.d->remote_addr), session.d->remote_port);
358
359 if (session.xfer.xfer_type != STOR_UNIQUE) {
360 if (size) {
361 pr_response_send(R_150, _("Opening %s mode data connection for %s "
362 "(%" PR_LU " %s)"), MODE_STRING, reason, (pr_off_t) size,
363 size != 1 ? "bytes" : "byte");
364
365 } else {
366 pr_response_send(R_150, _("Opening %s mode data connection for %s"),
367 MODE_STRING, reason);
368 }
369
370 } else {
371
372 /* Format of 150 responses for STOU is explicitly dictated by
373 * RFC 1123:
374 *
375 * 4.1.2.9 STOU Command: RFC-959 Section 4.1.3
376 *
377 * The STOU command stores into a uniquely named file. When it
378 * receives an STOU command, a Server-FTP MUST return the
379 * actual file name in the "125 Transfer Starting" or the "150
380 * Opening Data Connection" message that precedes the transfer
381 * (the 250 reply code mentioned in RFC-959 is incorrect). The
382 * exact format of these messages is hereby defined to be as
383 * follows:
384 *
385 * 125 FILE: pppp
386 * 150 FILE: pppp
387 *
388 * where pppp represents the unique pathname of the file that
389 * will be written.
390 */
391 pr_response_send(R_150, "FILE: %s", reason);
392 }
393
394 pr_inet_close(session.pool, session.d);
395 (void) pr_inet_set_nonblock(session.pool, session.d);
396 session.d = c;
397 return 0;
398 }
399
400 pr_response_add_err(R_425, _("Unable to build data connection: %s"),
401 strerror(session.d->xerrno));
402 xerrno = session.d->xerrno;
403 pr_data_close2();
404
405 errno = xerrno;
406 return -1;
407 }
408
pr_data_set_linger(long linger)409 void pr_data_set_linger(long linger) {
410 timeout_linger = linger;
411 }
412
pr_data_get_timeout(int id)413 int pr_data_get_timeout(int id) {
414 switch (id) {
415 case PR_DATA_TIMEOUT_IDLE:
416 return timeout_idle;
417
418 case PR_DATA_TIMEOUT_NO_TRANSFER:
419 return timeout_noxfer;
420
421 case PR_DATA_TIMEOUT_STALLED:
422 return timeout_stalled;
423 }
424
425 errno = EINVAL;
426 return -1;
427 }
428
pr_data_set_timeout(int id,int timeout)429 void pr_data_set_timeout(int id, int timeout) {
430 switch (id) {
431 case PR_DATA_TIMEOUT_IDLE:
432 timeout_idle = timeout;
433 break;
434
435 case PR_DATA_TIMEOUT_NO_TRANSFER:
436 timeout_noxfer = timeout;
437 break;
438
439 case PR_DATA_TIMEOUT_STALLED:
440 timeout_stalled = timeout;
441 break;
442 }
443 }
444
pr_data_clear_xfer_pool(void)445 void pr_data_clear_xfer_pool(void) {
446 int xfer_type;
447
448 if (session.xfer.p)
449 destroy_pool(session.xfer.p);
450
451 /* Note that session.xfer.xfer_type may have been set already, e.g.
452 * for STOR_UNIQUE uploads. To support this, we need to preserve that
453 * value.
454 */
455 xfer_type = session.xfer.xfer_type;
456
457 memset(&session.xfer, 0, sizeof(session.xfer));
458 session.xfer.xfer_type = xfer_type;
459 }
460
pr_data_reset(void)461 void pr_data_reset(void) {
462 if (session.d &&
463 session.d->pool) {
464 destroy_pool(session.d->pool);
465 }
466
467 /* Clear any leftover state from previous transfers. */
468 pr_ascii_ftp_reset();
469
470 session.d = NULL;
471 session.sf_flags &= (SF_ALL^(SF_ABORT|SF_POST_ABORT|SF_XFER|SF_PASSIVE|SF_ASCII_OVERRIDE|SF_EPSV_ALL));
472 }
473
pr_data_ignore_ascii(int ignore_ascii)474 int pr_data_ignore_ascii(int ignore_ascii) {
475 int res;
476
477 if (ignore_ascii != TRUE &&
478 ignore_ascii != FALSE) {
479 errno = EINVAL;
480 return -1;
481 }
482
483 if (data_opts & PR_DATA_OPT_IGNORE_ASCII) {
484 if (!ignore_ascii) {
485 data_opts &= ~PR_DATA_OPT_IGNORE_ASCII;
486 }
487
488 res = TRUE;
489
490 } else {
491 if (ignore_ascii) {
492 data_opts |= PR_DATA_OPT_IGNORE_ASCII;
493 }
494
495 res = FALSE;
496 }
497
498 return res;
499 }
500
pr_data_init(char * filename,int direction)501 void pr_data_init(char *filename, int direction) {
502 if (session.xfer.p == NULL) {
503 data_new_xfer(filename, direction);
504
505 } else {
506 if (!(session.sf_flags & SF_PASSIVE)) {
507 pr_log_debug(DEBUG5,
508 "data_init oddity: session.xfer exists in non-PASV mode");
509 }
510
511 session.xfer.direction = direction;
512 }
513
514 /* Clear any leftover state from previous transfers. */
515 pr_ascii_ftp_reset();
516 }
517
pr_data_open(char * filename,char * reason,int direction,off_t size)518 int pr_data_open(char *filename, char *reason, int direction, off_t size) {
519 int res = 0;
520
521 if (session.c == NULL) {
522 errno = EINVAL;
523 return -1;
524 }
525
526 if ((session.sf_flags & SF_PASSIVE) ||
527 (session.sf_flags & SF_EPSV_ALL)) {
528 /* For passive transfers, we expect there to already be an existing
529 * data connection...
530 */
531 if (session.d == NULL) {
532 errno = EINVAL;
533 return -1;
534 }
535
536 } else {
537 /* ...but for active transfers, we expect there to NOT be an existing
538 * data connection.
539 */
540 if (session.d != NULL) {
541 errno = session.d->xerrno = EINVAL;
542 return -1;
543 }
544 }
545
546 /* Make sure that any abort flags have been cleared. */
547 session.sf_flags &= ~(SF_ABORT|SF_POST_ABORT);
548
549 if (session.xfer.p == NULL) {
550 data_new_xfer(filename, direction);
551
552 } else {
553 session.xfer.direction = direction;
554 }
555
556 if (!reason) {
557 reason = filename;
558 }
559
560 /* Passive data transfers... */
561 if ((session.sf_flags & SF_PASSIVE) ||
562 (session.sf_flags & SF_EPSV_ALL)) {
563 res = data_passive_open(reason, size);
564
565 /* Active data transfers... */
566 } else {
567 res = data_active_open(reason, size);
568 }
569
570 if (res >= 0) {
571 struct sigaction act;
572
573 if (pr_netio_postopen(session.d->instrm) < 0) {
574 int xerrno;
575
576 pr_response_add_err(R_425, _("Unable to build data connection: %s"),
577 strerror(session.d->xerrno));
578 xerrno = session.d->xerrno;
579 pr_data_close2();
580
581 errno = xerrno;
582 return -1;
583 }
584
585 if (pr_netio_postopen(session.d->outstrm) < 0) {
586 int xerrno;
587
588 pr_response_add_err(R_425, _("Unable to build data connection: %s"),
589 strerror(session.d->xerrno));
590 xerrno = session.d->xerrno;
591 pr_data_close2();
592
593 errno = xerrno;
594 return -1;
595 }
596
597 memset(&session.xfer.start_time, '\0', sizeof(session.xfer.start_time));
598 gettimeofday(&session.xfer.start_time, NULL);
599
600 if (session.xfer.direction == PR_NETIO_IO_RD) {
601 nstrm = session.d->instrm;
602
603 } else {
604 nstrm = session.d->outstrm;
605 }
606
607 session.sf_flags |= SF_XFER;
608
609 if (timeout_noxfer) {
610 pr_timer_reset(PR_TIMER_NOXFER, ANY_MODULE);
611 }
612
613 /* Allow aborts -- set the current NetIO stream to allow interrupted
614 * syscalls, so our SIGURG handler can interrupt it
615 */
616 pr_netio_set_poll_interval(nstrm, 1);
617
618 /* PORTABILITY: sigaction is used here to allow us to indicate
619 * (w/ POSIX at least) that we want SIGURG to interrupt syscalls. Put
620 * in whatever is necessary for your arch here; probably not necessary
621 * as the only _important_ interrupted syscall is select(), which on
622 * any sensible system is interrupted.
623 */
624
625 act.sa_handler = data_urgent;
626 sigemptyset(&act.sa_mask);
627 act.sa_flags = 0;
628 #ifdef SA_INTERRUPT
629 act.sa_flags |= SA_INTERRUPT;
630 #endif
631
632 if (sigaction(SIGURG, &act, NULL) < 0) {
633 pr_log_pri(PR_LOG_WARNING,
634 "warning: unable to set SIGURG signal handler: %s", strerror(errno));
635 }
636
637 #ifdef HAVE_SIGINTERRUPT
638 /* This is the BSD way of ensuring interruption.
639 * Linux uses it too (??)
640 */
641 if (siginterrupt(SIGURG, 1) < 0) {
642 pr_log_pri(PR_LOG_WARNING,
643 "warning: unable to make SIGURG interrupt system calls: %s",
644 strerror(errno));
645 }
646 #endif
647
648 /* Reset all of the timing-related variables for data transfers. */
649 pr_gettimeofday_millis(&data_start_ms);
650 data_first_byte_read = FALSE;
651 data_first_byte_written = FALSE;
652 }
653
654 return res;
655 }
656
pr_data_close2(void)657 void pr_data_close2(void) {
658 nstrm = NULL;
659
660 if (session.d != NULL) {
661 pr_inet_lingering_close(session.pool, session.d, timeout_linger);
662 session.d = NULL;
663 }
664
665 /* Aborts no longer necessary */
666 signal(SIGURG, SIG_IGN);
667
668 if (timeout_noxfer) {
669 pr_timer_reset(PR_TIMER_NOXFER, ANY_MODULE);
670 }
671
672 if (timeout_stalled) {
673 pr_timer_remove(PR_TIMER_STALLED, ANY_MODULE);
674 }
675
676 session.sf_flags &= (SF_ALL^SF_PASSIVE);
677 session.sf_flags &= (SF_ALL^(SF_ABORT|SF_XFER|SF_PASSIVE|SF_ASCII_OVERRIDE));
678 pr_session_set_idle();
679 }
680
681 /* close == successful transfer */
pr_data_close(int quiet)682 void pr_data_close(int quiet) {
683 pr_data_close2();
684
685 if (quiet == FALSE) {
686 pr_response_add(R_226, _("Transfer complete"));
687 }
688 }
689
690 /* Note: true_abort may be false in real abort situations, because
691 * some ftp clients close the data connection at the same time as they
692 * send the OOB byte (which results in a broken pipe on our
693 * end). Thus, it's a race between the OOB data and the tcp close
694 * finishing. Either way, it's ok (client will see either "Broken pipe"
695 * error or "Aborted"). xfer_abor() in mod_xfer cleans up the session
696 * flags in any case. session flags will end up have SF_POST_ABORT
697 * set if the OOB byte won the race.
698 */
pr_data_cleanup(void)699 void pr_data_cleanup(void) {
700 /* sanity check */
701 if (session.d != NULL) {
702 pr_inet_lingering_close(session.pool, session.d, timeout_linger);
703 session.d = NULL;
704 }
705
706 pr_data_clear_xfer_pool();
707
708 /* Clear/restore the default data transfer type. Otherwise, things like
709 * APPEs or STOUs will be preserved for the next upload erroneously
710 * (see Bug#3612).
711 */
712 session.xfer.xfer_type = STOR_DEFAULT;
713 }
714
715 /* In order to avoid clearing the transfer counters in session.xfer, we don't
716 * clear session.xfer here, it should be handled by the appropriate
717 * LOG_CMD/LOG_CMD_ERR handler calling pr_data_cleanup().
718 */
pr_data_abort(int err,int quiet)719 void pr_data_abort(int err, int quiet) {
720 int true_abort = XFER_ABORTED;
721 nstrm = NULL;
722
723 pr_trace_msg(trace_channel, 9,
724 "aborting data transfer (errno = %s (%d), quiet = %s, true abort = %s)",
725 strerror(err), err, quiet ? "true" : "false",
726 true_abort ? "true" : "false");
727
728 if (session.d != NULL) {
729 if (true_abort == FALSE) {
730 pr_inet_lingering_close(session.pool, session.d, timeout_linger);
731
732 } else {
733 pr_inet_lingering_abort(session.pool, session.d, timeout_linger);
734 }
735
736 session.d = NULL;
737 }
738
739 if (timeout_noxfer) {
740 pr_timer_reset(PR_TIMER_NOXFER, ANY_MODULE);
741 }
742
743 if (timeout_stalled) {
744 pr_timer_remove(PR_TIMER_STALLED, ANY_MODULE);
745 }
746
747 session.sf_flags &= (SF_ALL^SF_PASSIVE);
748 session.sf_flags &= (SF_ALL^(SF_XFER|SF_PASSIVE|SF_ASCII_OVERRIDE));
749 pr_session_set_idle();
750
751 /* Aborts no longer necessary */
752 signal(SIGURG, SIG_IGN);
753
754 if (!quiet) {
755 char *respcode = R_426;
756 char *msg = NULL;
757 char msgbuf[64];
758
759 switch (err) {
760
761 case 0:
762 respcode = R_426;
763 msg = _("Data connection closed");
764 break;
765
766 #ifdef ENXIO
767 case ENXIO:
768 respcode = R_451;
769 msg = _("Unexpected streams hangup");
770 break;
771
772 #endif
773
774 #ifdef EAGAIN
775 case EAGAIN: /* FALLTHROUGH */
776 #endif
777 #ifdef ENOMEM
778 case ENOMEM:
779 #endif
780 #if defined(EAGAIN) || defined(ENOMEM)
781 respcode = R_451;
782 msg = _("Insufficient memory or file locked");
783 break;
784 #endif
785
786 #ifdef ETXTBSY
787 case ETXTBSY: /* FALLTHROUGH */
788 #endif
789 #ifdef EBUSY
790 case EBUSY:
791 #endif
792 #if defined(ETXTBSY) || defined(EBUSY)
793 respcode = R_451;
794 break;
795 #endif
796
797 #ifdef ENOSPC
798 case ENOSPC:
799 respcode = R_452;
800 break;
801 #endif
802
803 #ifdef EDQUOT
804 case EDQUOT: /* FALLTHROUGH */
805 #endif
806 #ifdef EFBIG
807 case EFBIG:
808 #endif
809 #if defined(EDQUOT) || defined(EFBIG)
810 respcode = R_552;
811 break;
812 #endif
813
814 #ifdef ECOMM
815 case ECOMM: /* FALLTHROUGH */
816 #endif
817 #ifdef EDEADLK
818 case EDEADLK: /* FALLTHROUGH */
819 #endif
820 #ifdef EDEADLOCK
821 # if !defined(EDEADLK) || (EDEADLOCK != EDEADLK)
822 case EDEADLOCK: /* FALLTHROUGH */
823 # endif
824 #endif
825 #ifdef EXFULL
826 case EXFULL: /* FALLTHROUGH */
827 #endif
828 #ifdef ENOSR
829 case ENOSR: /* FALLTHROUGH */
830 #endif
831 #ifdef EPROTO
832 case EPROTO: /* FALLTHROUGH */
833 #endif
834 #ifdef ETIME
835 case ETIME: /* FALLTHROUGH */
836 #endif
837 #ifdef EIO
838 case EIO: /* FALLTHROUGH */
839 #endif
840 #ifdef EFAULT
841 case EFAULT: /* FALLTHROUGH */
842 #endif
843 #ifdef ESPIPE
844 case ESPIPE: /* FALLTHROUGH */
845 #endif
846 #ifdef EPIPE
847 case EPIPE:
848 #endif
849 #if defined(ECOMM) || defined(EDEADLK) || defined(EDEADLOCK) \
850 || defined(EXFULL) || defined(ENOSR) || defined(EPROTO) \
851 || defined(ETIME) || defined(EIO) || defined(EFAULT) \
852 || defined(ESPIPE) || defined(EPIPE)
853 respcode = R_451;
854 break;
855 #endif
856
857 #ifdef EREMCHG
858 case EREMCHG: /* FALLTHROUGH */
859 #endif
860 #ifdef ESRMNT
861 case ESRMNT: /* FALLTHROUGH */
862 #endif
863 #ifdef ESTALE
864 case ESTALE: /* FALLTHROUGH */
865 #endif
866 #ifdef ENOLINK
867 case ENOLINK: /* FALLTHROUGH */
868 #endif
869 #ifdef ENOLCK
870 case ENOLCK: /* FALLTHROUGH */
871 #endif
872 #ifdef ENETRESET
873 case ENETRESET: /* FALLTHROUGH */
874 #endif
875 #ifdef ECONNABORTED
876 case ECONNABORTED: /* FALLTHROUGH */
877 #endif
878 #ifdef ECONNRESET
879 case ECONNRESET: /* FALLTHROUGH */
880 #endif
881 #ifdef ETIMEDOUT
882 case ETIMEDOUT:
883 #endif
884 #if defined(EREMCHG) || defined(ESRMNT) || defined(ESTALE) \
885 || defined(ENOLINK) || defined(ENOLCK) || defined(ENETRESET) \
886 || defined(ECONNABORTED) || defined(ECONNRESET) || defined(ETIMEDOUT)
887 respcode = R_450;
888 msg = _("Link to file server lost");
889 break;
890 #endif
891 }
892
893 if (msg == NULL &&
894 (msg = strerror(err)) == NULL ) {
895
896 if (pr_snprintf(msgbuf, sizeof(msgbuf),
897 _("Unknown or out of range errno [%d]"), err) > 0)
898 msg = msgbuf;
899 }
900
901 pr_log_pri(PR_LOG_NOTICE, "notice: user %s: aborting transfer: %s",
902 session.user ? session.user : "(unknown)", msg);
903
904 /* If we are aborting, then a 426 response has already been sent,
905 * and we don't want to add another to the error queue.
906 */
907 if (true_abort == FALSE) {
908 pr_response_add_err(respcode, _("Transfer aborted. %s"), msg ? msg : "");
909 }
910
911 /* Forcibly clear the data-transfer instigating command pool from the
912 * Response API.
913 */
914 pr_response_set_pool(session.pool);
915 }
916
917 if (true_abort) {
918 session.sf_flags |= SF_POST_ABORT;
919 }
920 }
921
922 /* From response.c. XXX Need to provide these symbols another way. */
923 extern pr_response_t *resp_list, *resp_err_list;
924
poll_ctrl(void)925 static void poll_ctrl(void) {
926 int res;
927
928 if (session.c == NULL) {
929 return;
930 }
931
932 pr_trace_msg(trace_channel, 4, "polling for commands on control channel");
933 pr_netio_set_poll_interval(session.c->instrm, 0);
934 res = pr_netio_poll(session.c->instrm);
935 pr_netio_reset_poll_interval(session.c->instrm);
936
937 if (res == 0 &&
938 !(session.sf_flags & SF_ABORT)) {
939 cmd_rec *cmd = NULL;
940
941 pr_trace_msg(trace_channel, 1,
942 "data available for reading on control channel during data transfer, "
943 "reading control data");
944 res = pr_cmd_read(&cmd);
945 if (res < 0) {
946 int xerrno;
947
948 #if defined(ECONNABORTED)
949 xerrno = ECONNABORTED;
950 #elif defined(ENOTCONN)
951 xerrno = ENOTCONN;
952 #else
953 xerrno = EIO;
954 #endif
955
956 pr_trace_msg(trace_channel, 1,
957 "unable to read control command during data transfer: %s",
958 strerror(xerrno));
959 errno = xerrno;
960
961 #ifndef PR_DEVEL_NO_DAEMON
962 /* Otherwise, EOF */
963 pr_session_disconnect(NULL, PR_SESS_DISCONNECT_CLIENT_EOF, NULL);
964 #else
965 return;
966 #endif /* PR_DEVEL_NO_DAEMON */
967
968 } else if (cmd != NULL) {
969 char *ch;
970
971 for (ch = cmd->argv[0]; *ch; ch++) {
972 *ch = toupper(*ch);
973 }
974
975 cmd->cmd_id = pr_cmd_get_id(cmd->argv[0]);
976
977 /* Only handle commands which do not involve data transfers; we
978 * already have a data transfer in progress. For any data transfer
979 * command, send a 450 ("busy") reply. Looks like almost all of the
980 * data transfer commands accept that response, as per RFC959.
981 *
982 * We also prevent the EPRT, EPSV, PASV, and PORT commands, since
983 * they will also interfere with the current data transfer. In doing
984 * so, we break RFC compliance a little; RFC959 does not allow a
985 * response code of 450 for those commands (although it should).
986 */
987 if (pr_cmd_cmp(cmd, PR_CMD_APPE_ID) == 0 ||
988 pr_cmd_cmp(cmd, PR_CMD_LIST_ID) == 0 ||
989 pr_cmd_cmp(cmd, PR_CMD_MLSD_ID) == 0 ||
990 pr_cmd_cmp(cmd, PR_CMD_NLST_ID) == 0 ||
991 pr_cmd_cmp(cmd, PR_CMD_RETR_ID) == 0 ||
992 pr_cmd_cmp(cmd, PR_CMD_STOR_ID) == 0 ||
993 pr_cmd_cmp(cmd, PR_CMD_STOU_ID) == 0 ||
994 pr_cmd_cmp(cmd, PR_CMD_RNFR_ID) == 0 ||
995 pr_cmd_cmp(cmd, PR_CMD_RNTO_ID) == 0 ||
996 pr_cmd_cmp(cmd, PR_CMD_PORT_ID) == 0 ||
997 pr_cmd_cmp(cmd, PR_CMD_EPRT_ID) == 0 ||
998 pr_cmd_cmp(cmd, PR_CMD_PASV_ID) == 0 ||
999 pr_cmd_cmp(cmd, PR_CMD_EPSV_ID) == 0) {
1000 pool *resp_pool;
1001
1002 pr_trace_msg(trace_channel, 5,
1003 "client sent '%s' command during data transfer, denying",
1004 (char *) cmd->argv[0]);
1005
1006 resp_list = resp_err_list = NULL;
1007 resp_pool = pr_response_get_pool();
1008
1009 pr_response_set_pool(cmd->pool);
1010
1011 pr_response_add_err(R_450, _("%s: data transfer in progress"),
1012 (char *) cmd->argv[0]);
1013
1014 pr_response_flush(&resp_err_list);
1015
1016 pr_response_set_pool(resp_pool);
1017 destroy_pool(cmd->pool);
1018
1019 /* We don't want to actually dispatch the NOOP command, since that
1020 * would overwrite the scoreboard with the NOOP state; admins probably
1021 * want to see the command that caused the data transfer. And since
1022 * NOOP doesn't take a 450 response (as per RFC959), we will simply
1023 * return 200.
1024 */
1025 } else if (pr_cmd_cmp(cmd, PR_CMD_NOOP_ID) == 0) {
1026 pool *resp_pool;
1027
1028 pr_trace_msg(trace_channel, 5,
1029 "client sent '%s' command during data transfer, ignoring",
1030 (char *) cmd->argv[0]);
1031
1032 resp_list = resp_err_list = NULL;
1033 resp_pool = pr_response_get_pool();
1034
1035 pr_response_set_pool(cmd->pool);
1036
1037 pr_response_add(R_200, _("%s: data transfer in progress"),
1038 (char *) cmd->argv[0]);
1039
1040 pr_response_flush(&resp_list);
1041
1042 pr_response_set_pool(resp_pool);
1043 destroy_pool(cmd->pool);
1044
1045 } else {
1046 char *title_buf = NULL;
1047 int curr_cmd_id = 0, title_len = -1;
1048 const char *curr_cmd = NULL, *sce_cmd = NULL, *sce_cmd_arg = NULL;
1049 cmd_rec *curr_cmd_rec = NULL;
1050
1051 pr_trace_msg(trace_channel, 5,
1052 "client sent '%s' command during data transfer, dispatching",
1053 (char *) cmd->argv[0]);
1054
1055 title_len = pr_proctitle_get(NULL, 0);
1056 if (title_len > 0) {
1057 title_buf = pcalloc(cmd->pool, title_len + 1);
1058 pr_proctitle_get(title_buf, title_len + 1);
1059 }
1060
1061 curr_cmd = session.curr_cmd;
1062 curr_cmd_id = session.curr_cmd_id;
1063 curr_cmd_rec = session.curr_cmd_rec;
1064 sce_cmd = pr_scoreboard_entry_get(PR_SCORE_CMD);
1065 sce_cmd_arg = pr_scoreboard_entry_get(PR_SCORE_CMD_ARG);
1066
1067 pr_cmd_dispatch(cmd);
1068
1069 pr_scoreboard_entry_update(session.pid,
1070 PR_SCORE_CMD, "%s", sce_cmd, NULL, NULL);
1071 pr_scoreboard_entry_update(session.pid,
1072 PR_SCORE_CMD_ARG, "%s", sce_cmd_arg, NULL, NULL);
1073
1074 if (title_len > 0) {
1075 pr_proctitle_set_str(title_buf);
1076 }
1077
1078 destroy_pool(cmd->pool);
1079 session.curr_cmd = curr_cmd;
1080 session.curr_cmd_id = curr_cmd_id;
1081 session.curr_cmd_rec = curr_cmd_rec;
1082 }
1083
1084 } else {
1085 pr_trace_msg(trace_channel, 3,
1086 "invalid command sent, sending error response");
1087 pr_response_send(R_500, _("Invalid command: try being more creative"));
1088 }
1089 }
1090 }
1091
1092 /* pr_data_xfer() actually transfers the data on the data connection. ASCII
1093 * translation is performed if necessary. `direction' is set when the data
1094 * connection was opened.
1095 *
1096 * We determine if the client buffer is read from or written to. Returns 0 if
1097 * reading and data connection closes, or -1 if error (with errno set).
1098 */
pr_data_xfer(char * cl_buf,size_t cl_size)1099 int pr_data_xfer(char *cl_buf, size_t cl_size) {
1100 int len = 0;
1101 int total = 0;
1102 int res = 0;
1103 pool *tmp_pool = NULL;
1104
1105 if (cl_buf == NULL ||
1106 cl_size == 0) {
1107 errno = EINVAL;
1108 return -1;
1109 }
1110
1111 /* Poll the control channel for any commands we should handle, like
1112 * QUIT or ABOR.
1113 */
1114 poll_ctrl();
1115
1116 /* If we don't have a data connection here (e.g. might have been closed
1117 * by an ABOR), then return zero (no data transferred).
1118 */
1119 if (session.d == NULL) {
1120 int xerrno;
1121
1122 #if defined(ECONNABORTED)
1123 xerrno = ECONNABORTED;
1124 #elif defined(ENOTCONN)
1125 xerrno = ENOTCONN;
1126 #else
1127 xerrno = EIO;
1128 #endif
1129
1130 pr_trace_msg(trace_channel, 1,
1131 "data connection is null prior to data transfer (possibly from "
1132 "aborted transfer), returning '%s' error", strerror(xerrno));
1133 pr_log_debug(DEBUG5,
1134 "data connection is null prior to data transfer (possibly from "
1135 "aborted transfer), returning '%s' error", strerror(xerrno));
1136
1137 errno = xerrno;
1138 return -1;
1139 }
1140
1141 if (session.xfer.direction == PR_NETIO_IO_RD) {
1142 char *buf;
1143
1144 buf = session.xfer.buf;
1145
1146 /* We use ASCII translation if:
1147 *
1148 * - SF_ASCII session flag is set, AND IGNORE_ASCII data opt NOT set
1149 */
1150 if (((session.sf_flags & SF_ASCII) &&
1151 !(data_opts & PR_DATA_OPT_IGNORE_ASCII))) {
1152 int adjlen, buflen;
1153
1154 do {
1155 buflen = session.xfer.buflen; /* how much remains in buf */
1156 adjlen = 0;
1157
1158 pr_signals_handle();
1159
1160 len = pr_netio_read(session.d->instrm, buf + buflen,
1161 session.xfer.bufsize - buflen, 1);
1162 while (len < 0) {
1163 int xerrno = errno;
1164
1165 if (xerrno == EAGAIN || xerrno == EINTR) {
1166 /* Since our socket is in non-blocking mode, read(2) can return
1167 * EAGAIN if there is no data yet for us. Handle this by
1168 * delaying temporarily, then trying again.
1169 */
1170 errno = EINTR;
1171 pr_signals_handle();
1172
1173 len = pr_netio_read(session.d->instrm, buf + buflen,
1174 session.xfer.bufsize - buflen, 1);
1175 continue;
1176 }
1177
1178 destroy_pool(tmp_pool);
1179 errno = xerrno;
1180 return -1;
1181 }
1182
1183 if (len > 0 &&
1184 data_first_byte_read == FALSE) {
1185 if (pr_trace_get_level(timing_channel)) {
1186 unsigned long elapsed_ms;
1187 uint64_t read_ms;
1188
1189 pr_gettimeofday_millis(&read_ms);
1190 elapsed_ms = (unsigned long) (read_ms - data_start_ms);
1191
1192 pr_trace_msg(timing_channel, 7,
1193 "Time for first data byte read: %lu ms", elapsed_ms);
1194 }
1195
1196 data_first_byte_read = TRUE;
1197 }
1198
1199 if (len > 0) {
1200 pr_trace_msg(trace_channel, 19, "read %d %s from network", len,
1201 len != 1 ? "bytes" : "byte");
1202
1203 buflen += len;
1204
1205 if (timeout_stalled) {
1206 pr_timer_reset(PR_TIMER_STALLED, ANY_MODULE);
1207 }
1208 }
1209
1210 /* If buflen > 0, data remains in the buffer to be copied. */
1211 if (len >= 0 &&
1212 buflen > 0) {
1213
1214 /* Perform ASCII translation:
1215 *
1216 * buflen: is returned as the modified buffer length after
1217 * translation
1218 * res: is returned as the number of characters unprocessed in
1219 * the buffer (to be dealt with later)
1220 *
1221 * We skip the call to pr_ascii_ftp_from_crlf() in one case:
1222 * when we have one character in the buffer and have reached
1223 * end of data, this is so that pr_ascii_ftp_from_crlf() won't sit
1224 * forever waiting for the next character after a final '\r'.
1225 */
1226 if (len > 0 ||
1227 buflen > 1) {
1228 size_t outlen = 0;
1229
1230 if (tmp_pool == NULL) {
1231 tmp_pool = make_sub_pool(session.xfer.p);
1232 pr_pool_tag(tmp_pool, "ASCII upload");
1233 }
1234
1235 res = pr_ascii_ftp_from_crlf(tmp_pool, buf, buflen, &buf, &outlen);
1236 if (res < 0) {
1237 pr_trace_msg(trace_channel, 3, "error reading ASCII data: %s",
1238 strerror(errno));
1239
1240 } else {
1241 adjlen += res;
1242 buflen = (int) outlen;
1243 }
1244 }
1245
1246 /* Now copy everything we can into cl_buf */
1247 if ((size_t) buflen > cl_size) {
1248 /* Because we have to cut our buffer short, make sure this
1249 * is made up for later by increasing adjlen.
1250 */
1251 adjlen += (buflen - cl_size);
1252 buflen = cl_size;
1253 }
1254
1255 memcpy(cl_buf, buf, buflen);
1256
1257 /* Copy whatever remains at the end of session.xfer.buf to the
1258 * head of the buffer and adjust buf accordingly.
1259 *
1260 * adjlen is now the total bytes still waiting in buf, if
1261 * anything remains, copy it to the start of the buffer.
1262 */
1263
1264 if (adjlen > 0) {
1265 memcpy(buf, buf + buflen, adjlen);
1266 }
1267
1268 /* Store everything back in session.xfer. */
1269 session.xfer.buflen = adjlen;
1270 total += buflen;
1271 }
1272
1273 /* Restart if data was returned by pr_netio_read() (len > 0) but no
1274 * data was copied to the client buffer (buflen = 0). This indicates
1275 * that pr_ascii_ftp_from_crlf() needs more data in order to
1276 * translate, so we need to call pr_netio_read() again.
1277 */
1278 } while (len > 0 && buflen == 0);
1279
1280 /* Return how much data we actually copied into the client buffer. */
1281 len = buflen;
1282
1283 } else {
1284 len = pr_netio_read(session.d->instrm, cl_buf, cl_size, 1);
1285 while (len < 0) {
1286 int xerrno = errno;
1287
1288 if (xerrno == EAGAIN || xerrno == EINTR) {
1289 /* Since our socket is in non-blocking mode, read(2) can return
1290 * EAGAIN if there is no data yet for us. Handle this by
1291 * delaying temporarily, then trying again.
1292 */
1293 errno = EINTR;
1294 pr_signals_handle();
1295
1296 len = pr_netio_read(session.d->instrm, cl_buf, cl_size, 1);
1297 continue;
1298 }
1299
1300 break;
1301 }
1302
1303 if (len > 0) {
1304 pr_trace_msg(trace_channel, 19, "read %d %s from network", len,
1305 len != 1 ? "bytes" : "byte");
1306
1307 if (data_first_byte_read == FALSE) {
1308 if (pr_trace_get_level(timing_channel)) {
1309 unsigned long elapsed_ms;
1310 uint64_t read_ms;
1311
1312 pr_gettimeofday_millis(&read_ms);
1313 elapsed_ms = (unsigned long) (read_ms - data_start_ms);
1314
1315 pr_trace_msg(timing_channel, 7,
1316 "Time for first data byte read: %lu ms", elapsed_ms);
1317 }
1318
1319 data_first_byte_read = TRUE;
1320 }
1321
1322 /* Non-ASCII mode doesn't need to use session.xfer.buf */
1323 if (timeout_stalled) {
1324 pr_timer_reset(PR_TIMER_STALLED, ANY_MODULE);
1325 }
1326
1327 total += len;
1328 }
1329 }
1330
1331 } else { /* PR_NETIO_IO_WR */
1332
1333 while (cl_size) {
1334 int bwrote = 0;
1335 int buflen = cl_size;
1336 unsigned int xferbuflen;
1337 char *xfer_buf = NULL;
1338
1339 pr_signals_handle();
1340
1341 if (buflen > pr_config_get_server_xfer_bufsz(PR_NETIO_IO_WR)) {
1342 buflen = pr_config_get_server_xfer_bufsz(PR_NETIO_IO_WR);
1343 }
1344
1345 xferbuflen = buflen;
1346
1347 /* Fill up our internal buffer. */
1348 memcpy(session.xfer.buf, cl_buf, buflen);
1349
1350 /* We use ASCII translation if:
1351 *
1352 * - SF_ASCII_OVERRIDE session flag is set (e.g. for LIST/NLST)
1353 * - SF_ASCII session flag is set, AND IGNORE_ASCII data opt NOT set
1354 */
1355 if ((session.sf_flags & SF_ASCII_OVERRIDE) ||
1356 ((session.sf_flags & SF_ASCII) &&
1357 !(data_opts & PR_DATA_OPT_IGNORE_ASCII))) {
1358 char *out = NULL;
1359 size_t outlen = 0;
1360
1361 if (tmp_pool == NULL) {
1362 tmp_pool = make_sub_pool(session.xfer.p);
1363 pr_pool_tag(tmp_pool, "ASCII download");
1364 }
1365
1366 /* Scan the internal buffer, looking for LFs with no preceding CRs.
1367 * Add CRs (and expand the internal buffer) as necessary. xferbuflen
1368 * will be adjusted so that it contains the length of data in
1369 * the internal buffer, including any added CRs.
1370 */
1371 res = pr_ascii_ftp_to_crlf(tmp_pool, session.xfer.buf, xferbuflen,
1372 &out, &outlen);
1373 if (res < 0) {
1374 pr_trace_msg(trace_channel, 1, "error writing ASCII data: %s",
1375 strerror(errno));
1376
1377 } else {
1378 xfer_buf = session.xfer.buf;
1379 session.xfer.buf = out;
1380 session.xfer.buflen = xferbuflen = outlen;
1381 }
1382 }
1383
1384 bwrote = pr_netio_write(session.d->outstrm, session.xfer.buf, xferbuflen);
1385 while (bwrote < 0) {
1386 int xerrno = errno;
1387
1388 if (xerrno == EAGAIN || xerrno == EINTR) {
1389 /* Since our socket is in non-blocking mode, write(2) can return
1390 * EAGAIN if there is not enough from for our data yet. Handle
1391 * this by delaying temporarily, then trying again.
1392 */
1393 errno = EINTR;
1394 pr_signals_handle();
1395
1396 bwrote = pr_netio_write(session.d->outstrm, session.xfer.buf,
1397 xferbuflen);
1398 continue;
1399 }
1400
1401 destroy_pool(tmp_pool);
1402 if (xfer_buf != NULL) {
1403 /* Free up the malloc'd memory. */
1404 free(session.xfer.buf);
1405 session.xfer.buf = xfer_buf;
1406 }
1407
1408 errno = xerrno;
1409 return -1;
1410 }
1411
1412 if (bwrote > 0) {
1413 pr_trace_msg(trace_channel, 19, "wrote %d %s to network", bwrote,
1414 bwrote != 1 ? "bytes" : "byte");
1415
1416 if (data_first_byte_written == FALSE) {
1417 if (pr_trace_get_level(timing_channel)) {
1418 unsigned long elapsed_ms;
1419 uint64_t write_ms;
1420
1421 pr_gettimeofday_millis(&write_ms);
1422 elapsed_ms = (unsigned long) (write_ms - data_start_ms);
1423
1424 pr_trace_msg(timing_channel, 7,
1425 "Time for first data byte written: %lu ms", elapsed_ms);
1426 }
1427
1428 data_first_byte_written = TRUE;
1429 }
1430
1431 if (timeout_stalled) {
1432 pr_timer_reset(PR_TIMER_STALLED, ANY_MODULE);
1433 }
1434
1435 cl_size -= buflen;
1436 cl_buf += buflen;
1437 total += buflen;
1438 }
1439
1440 if (xfer_buf != NULL) {
1441 /* Yes, we are using malloc et al here, rather than the memory pools.
1442 * See Bug#4352 for details.
1443 */
1444 free(session.xfer.buf);
1445 session.xfer.buf = xfer_buf;
1446 }
1447 }
1448
1449 len = total;
1450 }
1451
1452 if (total &&
1453 timeout_idle) {
1454 pr_timer_reset(PR_TIMER_IDLE, ANY_MODULE);
1455 }
1456
1457 session.xfer.total_bytes += total;
1458 session.total_bytes += total;
1459 if (session.xfer.direction == PR_NETIO_IO_RD) {
1460 session.total_bytes_in += total;
1461
1462 } else {
1463 session.total_bytes_out += total;
1464 }
1465
1466 destroy_pool(tmp_pool);
1467 return (len < 0 ? -1 : len);
1468 }
1469
1470 #if defined(HAVE_SENDFILE)
1471 /* pr_data_sendfile() actually transfers the data on the data connection.
1472 * ASCII translation is not performed.
1473 * return 0 if reading and data connection closes, or -1 if error
1474 */
pr_data_sendfile(int retr_fd,off_t * offset,off_t count)1475 pr_sendfile_t pr_data_sendfile(int retr_fd, off_t *offset, off_t count) {
1476 int flags, error;
1477 pr_sendfile_t len = 0, total = 0;
1478 # if defined(HAVE_AIX_SENDFILE)
1479 struct sf_parms parms;
1480 int rc;
1481 # endif /* HAVE_AIX_SENDFILE */
1482
1483 if (offset == NULL ||
1484 count == 0) {
1485 errno = EINVAL;
1486 return -1;
1487 }
1488
1489 if (session.xfer.direction == PR_NETIO_IO_RD) {
1490 errno = EPERM;
1491 return -1;
1492 }
1493
1494 if (session.d == NULL) {
1495 errno = EPERM;
1496 return -1;
1497 }
1498
1499 flags = fcntl(PR_NETIO_FD(session.d->outstrm), F_GETFL);
1500 if (flags < 0) {
1501 return -1;
1502 }
1503
1504 /* Set fd to blocking-mode for sendfile() */
1505 if (flags & O_NONBLOCK) {
1506 if (fcntl(PR_NETIO_FD(session.d->outstrm), F_SETFL, flags^O_NONBLOCK) < 0) {
1507 return -1;
1508 }
1509 }
1510
1511 for (;;) {
1512 # if defined(HAVE_LINUX_SENDFILE) || defined(HAVE_SOLARIS_SENDFILE)
1513 off_t orig_offset = *offset;
1514
1515 /* Linux semantics are fairly straightforward in a glibc 2.x world:
1516 *
1517 * #include <sys/sendfile.h>
1518 *
1519 * ssize_t sendfile(int out_fd, int in_fd, off_t *offset, size_t count)
1520 *
1521 * Unfortunately, this API does not allow for an off_t number of bytes
1522 * to be sent, only a size_t. This means we need to make sure that
1523 * the given count does not exceed the maximum value for a size_t. Even
1524 * worse, the return value is a ssize_t, not a size_t, which means
1525 * the maximum value used can only be of the maximum _signed_ value,
1526 * not the maximum unsigned value. This means calling sendfile() more
1527 * times. How annoying.
1528 */
1529
1530 # if defined(HAVE_LINUX_SENDFILE)
1531 if (count > INT_MAX) {
1532 count = INT_MAX;
1533 }
1534 # elif defined(HAVE_SOLARIS_SENDFILE)
1535 # if SIZEOF_SIZE_T == SIZEOF_INT
1536 if (count > INT_MAX) {
1537 count = INT_MAX;
1538 }
1539 # elif SIZEOF_SIZE_T == SIZEOF_LONG
1540 if (count > LONG_MAX) {
1541 count = LONG_MAX;
1542 }
1543 # elif SIZEOF_SIZE_T == SIZEOF_LONG_LONG
1544 if (count > LLONG_MAX) {
1545 count = LLONG_MAX;
1546 }
1547 # endif
1548 # endif /* !HAVE_SOLARIS_SENDFILE */
1549
1550 errno = 0;
1551 len = sendfile(PR_NETIO_FD(session.d->outstrm), retr_fd, offset, count);
1552
1553 /* If no data could be written (e.g. the file was truncated), we're
1554 * done (Bug#4318).
1555 */
1556 if (len == 0) {
1557 if (errno != EINTR &&
1558 errno != EAGAIN) {
1559 break;
1560 }
1561
1562 /* Handle our interrupting signal, and continue. */
1563 pr_signals_handle();
1564 }
1565
1566 if (len != -1 &&
1567 len < count) {
1568 /* Under Linux semantics, this occurs when a signal has interrupted
1569 * sendfile().
1570 */
1571 if (XFER_ABORTED) {
1572 errno = EINTR;
1573
1574 session.xfer.total_bytes += len;
1575 session.total_bytes += len;
1576 session.total_bytes_out += len;
1577 session.total_raw_out += len;
1578
1579 return -1;
1580 }
1581
1582 count -= len;
1583
1584 /* Only reset the timers if data have actually been written out. */
1585 if (len > 0) {
1586 if (timeout_stalled) {
1587 pr_timer_reset(PR_TIMER_STALLED, ANY_MODULE);
1588 }
1589
1590 if (timeout_idle) {
1591 pr_timer_reset(PR_TIMER_IDLE, ANY_MODULE);
1592 }
1593 }
1594
1595 session.xfer.total_bytes += len;
1596 session.total_bytes += len;
1597 session.total_bytes_out += len;
1598 session.total_raw_out += len;
1599 total += len;
1600
1601 pr_signals_handle();
1602 continue;
1603
1604 } else if (len == -1) {
1605 /* Linux updates offset on error, not len like BSD, fix up so
1606 * BSD-based code works.
1607 */
1608 len = *offset - orig_offset;
1609 *offset = orig_offset;
1610
1611 # elif defined(HAVE_BSD_SENDFILE)
1612 /* BSD semantics for sendfile are flexible...it'd be nice if we could
1613 * standardize on something like it. The semantics are:
1614 *
1615 * #include <sys/types.h>
1616 * #include <sys/socket.h>
1617 * #include <sys/uio.h>
1618 *
1619 * int sendfile(int in_fd, int out_fd, off_t offset, size_t count,
1620 * struct sf_hdtr *hdtr, off_t *len, int flags)
1621 *
1622 * The comments above, about size_t versus off_t, apply here as
1623 * well. Except that BSD's sendfile() uses an off_t * for returning
1624 * the number of bytes sent, so we can use the maximum unsigned
1625 * value.
1626 */
1627
1628 # if SIZEOF_SIZE_T == SIZEOF_INT
1629 if (count > UINT_MAX) {
1630 count = UINT_MAX;
1631 }
1632 # elif SIZEOF_SIZE_T == SIZEOF_LONG
1633 if (count > ULONG_MAX) {
1634 count = ULONG_MAX;
1635 }
1636 # elif SIZEOF_SIZE_T == SIZEOF_LONG_LONG
1637 if (count > ULLONG_MAX) {
1638 count = ULLONG_MAX;
1639 }
1640 # endif
1641
1642 if (sendfile(retr_fd, PR_NETIO_FD(session.d->outstrm), *offset, count,
1643 NULL, &len, 0) == -1) {
1644
1645 # elif defined(HAVE_MACOSX_SENDFILE)
1646 off_t orig_len = count;
1647 int res;
1648
1649 /* Since Mac OSX uses the fourth argument as a value-return parameter,
1650 * success or failure, we need to put the result into len after the
1651 * call.
1652 */
1653
1654 res = sendfile(retr_fd, PR_NETIO_FD(session.d->outstrm), *offset, &orig_len,
1655 NULL, 0);
1656 len = orig_len;
1657
1658 if (res < 0) {
1659 # elif defined(HAVE_AIX_SENDFILE)
1660
1661 memset(&parms, 0, sizeof(parms));
1662
1663 parms.file_descriptor = retr_fd;
1664 parms.file_offset = (uint64_t) *offset;
1665 parms.file_bytes = (int64_t) count;
1666
1667 rc = send_file(&(PR_NETIO_FD(session.d->outstrm)), &(parms), (uint_t)0);
1668 len = (int) parms.bytes_sent;
1669
1670 if (rc < -1 || rc == 1) {
1671 # else
1672 if (FALSE) {
1673 # endif /* HAVE_AIX_SENDFILE */
1674
1675 /* IMO, BSD's semantics are warped. Apparently, since we have our
1676 * alarms tagged SA_INTERRUPT (allowing system calls to be
1677 * interrupted - primarily for select), BSD will interrupt a
1678 * sendfile operation as well, so we have to catch and handle this
1679 * case specially. It should also be noted that the sendfile(2) man
1680 * page doesn't state any of this.
1681 *
1682 * HP/UX has the same semantics, however, EINTR is well documented
1683 * as a side effect in the sendfile(2) man page. HP/UX, however,
1684 * is implemented horribly wrong. If a signal would result in
1685 * -1 being returned and EINTR being set, what ACTUALLY happens is
1686 * that errno is cleared and the number of bytes written is returned.
1687 *
1688 * For obvious reasons, HP/UX sendfile is not supported yet.
1689 */
1690 if (errno == EINTR) {
1691 if (XFER_ABORTED) {
1692 session.xfer.total_bytes += len;
1693 session.total_bytes += len;
1694 session.total_bytes_out += len;
1695 session.total_raw_out += len;
1696
1697 return -1;
1698 }
1699
1700 pr_signals_handle();
1701
1702 /* If we got everything in this transaction, we're done. */
1703 if (len >= count) {
1704 break;
1705
1706 } else {
1707 count -= len;
1708 }
1709
1710 *offset += len;
1711
1712 if (timeout_stalled) {
1713 pr_timer_reset(PR_TIMER_STALLED, ANY_MODULE);
1714 }
1715
1716 if (timeout_idle) {
1717 pr_timer_reset(PR_TIMER_IDLE, ANY_MODULE);
1718 }
1719
1720 session.xfer.total_bytes += len;
1721 session.total_bytes += len;
1722 session.total_bytes_out += len;
1723 session.total_raw_out += len;
1724 total += len;
1725
1726 continue;
1727 }
1728
1729 error = errno;
1730 (void) fcntl(PR_NETIO_FD(session.d->outstrm), F_SETFL, flags);
1731 errno = error;
1732
1733 return -1;
1734 }
1735
1736 break;
1737 }
1738
1739 if (flags & O_NONBLOCK) {
1740 (void) fcntl(PR_NETIO_FD(session.d->outstrm), F_SETFL, flags);
1741 }
1742
1743 if (timeout_stalled) {
1744 pr_timer_reset(PR_TIMER_STALLED, ANY_MODULE);
1745 }
1746
1747 if (timeout_idle) {
1748 pr_timer_reset(PR_TIMER_IDLE, ANY_MODULE);
1749 }
1750
1751 session.xfer.total_bytes += len;
1752 session.total_bytes += len;
1753 session.total_bytes_out += len;
1754 session.total_raw_out += len;
1755 total += len;
1756
1757 return total;
1758 }
1759 #else
1760 pr_sendfile_t pr_data_sendfile(int retr_fd, off_t *offset, off_t count) {
1761 errno = ENOSYS;
1762 return -1;
1763 }
1764 #endif /* HAVE_SENDFILE */
1765