[syslinux] [PATCH tftp-hpa] Add --forbid-get option to disable downloads
Georgi Chorbadzhiyski
gf at unixsol.org
Tue Nov 5 07:12:01 PST 2013
In my tftp usage I'm using the server to collect device
configurations but I don't want once the files are uploaded
to be accessible for download.
I've solved my problem by adding --forbid-get/-F option which
disables file downloads.
--
Georgi Chorbadzhiyski | http://georgi.unixsol.org/ | http://github.com/gfto/
-------------- next part --------------
From 597206e1773443c9f0df3e32387ad1cbbb55849f Mon Sep 17 00:00:00 2001
From: Georgi Chorbadzhiyski <gf at unixsol.org>
Date: Tue, 5 Nov 2013 17:02:51 +0200
Subject: [PATCH] Add --forbid-get/-F option to disable file downloads.
In my tftp usage I'm using the server to collect device
configurations but I don't want once the files are uploaded
to be accessible for download.
I've solved my problem by adding --forbid-get/-F option which
disables file downloads.
---
tftpd/tftpd.8.in | 3 +++
tftpd/tftpd.c | 12 +++++++++++-
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/tftpd/tftpd.8.in b/tftpd/tftpd.8.in
index 78b4cfb..9bc4b8f 100644
--- a/tftpd/tftpd.8.in
+++ b/tftpd/tftpd.8.in
@@ -188,6 +188,9 @@ on a standard Ethernet (MTU 1500) a value of 1468 is reasonable.
Force the server port number (the Transaction ID) to be in the
specified range of port numbers.
.TP
+\fB\-\-forbid-get\fP, \fB\-F\fP
+Do not allow files to be downloaded from the server.
+.TP
\fB\-\-version\fP, \fB\-V\fP
Print the version number and configuration to standard output, then
exit gracefully.
diff --git a/tftpd/tftpd.c b/tftpd/tftpd.c
index 1873e70..3da1975 100644
--- a/tftpd/tftpd.c
+++ b/tftpd/tftpd.c
@@ -106,6 +106,7 @@ int unixperms = 0;
int portrange = 0;
unsigned int portrange_from, portrange_to;
int verbosity = 0;
+int forbid_get = 0;
struct formats;
#ifdef WITH_REGEX
@@ -347,9 +348,10 @@ static struct option long_options[] = {
{ "port-range", 1, NULL, 'R' },
{ "map-file", 1, NULL, 'm' },
{ "pidfile", 1, NULL, 'P' },
+ { "forbid-get", 0, NULL, 'F' },
{ NULL, 0, NULL, 0 }
};
-static const char short_options[] = "46cspvVlLa:B:u:U:r:t:T:R:m:P:";
+static const char short_options[] = "46cspvVlLa:B:u:U:r:t:T:R:m:P:F";
int main(int argc, char **argv)
{
@@ -494,6 +496,9 @@ int main(int argc, char **argv)
rewrite_file = optarg;
break;
#endif
+ case 'F':
+ forbid_get = 1;
+ break;
case 'v':
verbosity++;
break;
@@ -1444,6 +1449,11 @@ static int validate_access(char *filename, int mode,
tsize_ok = 0;
*errmsg = NULL;
+ if (mode == RRQ && forbid_get) {
+ *errmsg = "GET command is disabled";
+ return (EACCESS);
+ }
+
if (!secure) {
if (*filename != '/') {
*errmsg = "Only absolute filenames allowed";
--
1.7.12.1
More information about the Syslinux
mailing list