[syslinux] [PATCH tftp-hpa] Add --forbid-get option to disable downloads

Georgi Chorbadzhiyski gf at unixsol.org
Tue Nov 5 07:12:01 PST 2013


In my tftp usage I'm using the server to collect device
configurations but I don't want once the files are uploaded
to be accessible for download.

I've solved my problem by adding --forbid-get/-F option which
disables file downloads.

-- 
Georgi Chorbadzhiyski | http://georgi.unixsol.org/ | http://github.com/gfto/
-------------- next part --------------
From 597206e1773443c9f0df3e32387ad1cbbb55849f Mon Sep 17 00:00:00 2001
From: Georgi Chorbadzhiyski <gf at unixsol.org>
Date: Tue, 5 Nov 2013 17:02:51 +0200
Subject: [PATCH] Add --forbid-get/-F option to disable file downloads.

In my tftp usage I'm using the server to collect device
configurations but I don't want once the files are uploaded
to be accessible for download.

I've solved my problem by adding --forbid-get/-F option which
disables file downloads.
---
 tftpd/tftpd.8.in |  3 +++
 tftpd/tftpd.c    | 12 +++++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/tftpd/tftpd.8.in b/tftpd/tftpd.8.in
index 78b4cfb..9bc4b8f 100644
--- a/tftpd/tftpd.8.in
+++ b/tftpd/tftpd.8.in
@@ -188,6 +188,9 @@ on a standard Ethernet (MTU 1500) a value of 1468 is reasonable.
 Force the server port number (the Transaction ID) to be in the
 specified range of port numbers.
 .TP
+\fB\-\-forbid-get\fP, \fB\-F\fP
+Do not allow files to be downloaded from the server.
+.TP
 \fB\-\-version\fP, \fB\-V\fP
 Print the version number and configuration to standard output, then
 exit gracefully.
diff --git a/tftpd/tftpd.c b/tftpd/tftpd.c
index 1873e70..3da1975 100644
--- a/tftpd/tftpd.c
+++ b/tftpd/tftpd.c
@@ -106,6 +106,7 @@ int unixperms = 0;
 int portrange = 0;
 unsigned int portrange_from, portrange_to;
 int verbosity = 0;
+int forbid_get = 0;
 
 struct formats;
 #ifdef WITH_REGEX
@@ -347,9 +348,10 @@ static struct option long_options[] = {
     { "port-range",  1, NULL, 'R' },
     { "map-file",    1, NULL, 'm' },
     { "pidfile",     1, NULL, 'P' },
+    { "forbid-get",  0, NULL, 'F' },
     { NULL, 0, NULL, 0 }
 };
-static const char short_options[] = "46cspvVlLa:B:u:U:r:t:T:R:m:P:";
+static const char short_options[] = "46cspvVlLa:B:u:U:r:t:T:R:m:P:F";
 
 int main(int argc, char **argv)
 {
@@ -494,6 +496,9 @@ int main(int argc, char **argv)
             rewrite_file = optarg;
             break;
 #endif
+        case 'F':
+            forbid_get = 1;
+            break;
         case 'v':
             verbosity++;
             break;
@@ -1444,6 +1449,11 @@ static int validate_access(char *filename, int mode,
     tsize_ok = 0;
     *errmsg = NULL;
 
+    if (mode == RRQ && forbid_get) {
+        *errmsg = "GET command is disabled";
+        return (EACCESS);
+    }
+
     if (!secure) {
         if (*filename != '/') {
             *errmsg = "Only absolute filenames allowed";
-- 
1.7.12.1



More information about the Syslinux mailing list