On Wed, Oct 18 2017, Jan Klemkow <[email protected]> wrote:
> On Wed, Oct 18, 2017 at 08:37:48PM +0000, Jason McIntyre wrote:
>> On Wed, Oct 18, 2017 at 10:25:13PM +0200, Jan Klemkow wrote:
>> > This diff adds an option for client IP address path prefixes to the
>> > tftpd(8). First, I used the -r rewrite socket for this, but...
>> >
>> > If you use the rewrite socket feature, the tftpd(8) will exit with an
>> > error when the rewrite socket is closed. A reopen of the socket is not
>> > possible, if its outside of the chroot directory. And a privilege
>> > separated tftpd(8) is a bit overkill for a stable per client path
>> > rewrite feature. This story led me to this change here.
I think it makes sense to support this feature without the need for an
additional unix service.
>> > Any suggestions or objections are welcome. :-)
Do we want to provide a fallback directory so that you don't need to
restart tftpd without -i to support unknown clients?
>> evening. some comments inline:
>
> Thanks. Fixed diff:
>
> Index: tftpd.8
> ===================================================================
> RCS file: /mount/openbsd/cvs/src/usr.sbin/tftpd/tftpd.8,v
> retrieving revision 1.5
> diff -u -p -r1.5 tftpd.8
> --- tftpd.8 18 Jul 2015 05:32:56 -0000 1.5
> +++ tftpd.8 18 Oct 2017 21:12:52 -0000
> @@ -37,7 +37,7 @@
> .Nd DARPA Trivial File Transfer Protocol daemon
> .Sh SYNOPSIS
> .Nm tftpd
> -.Op Fl 46cdv
> +.Op Fl 46cdiv
> .Op Fl l Ar address
> .Op Fl p Ar port
> .Op Fl r Ar socket
> @@ -100,6 +100,11 @@ If this option is specified,
> .Nm
> will run in the foreground and log
> the client IP, type of request, and filename to stderr.
> +.It Fl i
> +Use the client's IP address as a subdirectory prefix for all requested
> +filenames.
> +This option can not be combined with
> +.Fl r .
> .It Fl l Ar address
> Listen on the specified address.
> By default
> @@ -126,6 +131,8 @@ before the TFTP request will continue.
> By default
> .Nm
> does not use filename rewriting.
> +This option can not be combined with
> +.Fl i .
> .It Fl v
> Log the client IP, type of request, and filename.
> .It Ar directory
> Index: tftpd.c
> ===================================================================
> RCS file: /mount/openbsd/cvs/src/usr.sbin/tftpd/tftpd.c,v
> retrieving revision 1.39
> diff -u -p -r1.39 tftpd.c
> --- tftpd.c 26 May 2017 17:38:46 -0000 1.39
> +++ tftpd.c 18 Oct 2017 21:16:25 -0000
> @@ -282,7 +282,7 @@ __dead void
> usage(void)
> {
> extern char *__progname;
> - fprintf(stderr, "usage: %s [-46cdv] [-l address] [-p port] [-r socket]"
> + fprintf(stderr, "usage: %s [-46cdiv] [-l address] [-p port] [-r socket]"
> " directory\n", __progname);
> exit(1);
> }
> @@ -290,6 +290,7 @@ usage(void)
> int cancreate = 0;
> int verbose = 0;
> int debug = 0;
> +int iflag = 0;
>
> int
> main(int argc, char *argv[])
> @@ -307,7 +308,7 @@ main(int argc, char *argv[])
> int family = AF_UNSPEC;
> int devnull = -1;
>
> - while ((c = getopt(argc, argv, "46cdl:p:r:v")) != -1) {
> + while ((c = getopt(argc, argv, "46cdil:p:r:v")) != -1) {
> switch (c) {
> case '4':
> family = AF_INET;
> @@ -321,6 +322,11 @@ main(int argc, char *argv[])
> case 'd':
> verbose = debug = 1;
> break;
> + case 'i':
> + if (rewrite != NULL)
> + usage();
> + iflag = 1;
> + break;
> case 'l':
> addr = optarg;
> break;
> @@ -328,6 +334,8 @@ main(int argc, char *argv[])
> port = optarg;
> break;
> case 'r':
> + if (iflag)
> + usage();
> rewrite = optarg;
> break;
> case 'v':
> @@ -903,7 +911,13 @@ again:
>
> if (rwmap != NULL)
> rewrite_map(client, filename);
> - else
> + else if (iflag) {
> + char nfilename[PATH_MAX];
> +
> + snprintf(nfilename, sizeof nfilename, "%s/%s",
> + getip(&client->ss), filename);
> + tftp_open(client, nfilename);
> + } else
> tftp_open(client, filename);
>
> return;
>
--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
