| Age | Commit message (Collapse) | Author |
|---|
|
This is only required for the single fchmod(2) ensuring default permissions
which only happens in the -c code path.
OK millert
|
|
|
|
Write access seems less often required these days and other ways to ensure
effective read-only access are mere workarounds; worst case malicious users
can fill up the server's disk by writing to existing files.
diskless(8) only ever needs to read and running with "stdio rpath dns inet"
by default is much safer for a network daemon without any authentication.
Initially proposed as a new -R flag for read-only mode
new default suggestion dlg deraadt
"looks great" millert
OK sthen dlg
|
|
OK millert
|
|
3rd (variadic) mode_t parameter is irrelevant. Many developers in the past
have passed mode_t (0, 044, 0644, or such), which might lead future people
to copy this broken idiom, and perhaps even believe this parameter has some
meaning or implication or application. Delete them all.
This comes out of a conversation where tb@ noticed that a strange (but
intentional) pledge behaviour is to always knock-out high-bits from
mode_t on a number of system calls as a safety factor, and his bewilderment
that this appeared to be happening against valid modes (at least visually),
but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef.
ok millert
|
|
struct in6_pktinfo includes the interface index in ipi6_ifindex but no
struct sockaddr_in6.
OK jca@
|
|
NAK.
Suggestion & ok dlg@
|
|
without this we just bump the timeout, which delays resending the
block, which means the client gives up before they get the data.
this seems to fix "timeouts" ive had a lot recently with uefi pxe
stacks, and fetching firmware images on certain switches, all over
busy networks.
|
|
|
|
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
|
this lists the current RFCs, the obsoleted or updated RFCs are left
commented out.
|
|
|
|
Without this, clients that queried the size would receive 0 as response.
ok jca@
|
|
tftpd -i will look up the requested path the directory named after the
client's IP address. For read requests, if the file is not found, there's
a fall back to its root directory.
From Jan Klemkow with input and tweaks from at least jmc@, bluhm@,
deraadt@, sthen@, semarie@ and myself. ok bluhm@
|
|
tftp-proxy and tftpd to the severity used in log.c style loggers.
This also fixes an issue where syslog_err and syslog_errx logged with
different severities.
Sure deraadt@
|
|
Remove -Werror to give code a greater chance of building.
ok deraadt@ florian@
|
|
fd == -1 check suggested by deraadt@, ok florian@
|
|
Add syslog_debug to keep in sync with others.
Input & OK benno@
|
|
|
|
rev. 1.34 moved the call to daemon() before the chroot, thus hiding
errors if the target directory or _tftpd user don't exist. To go in the
background later we need to preopen /dev/null. The code is put in
a daemon(3) like function that could be used in other daemons.
Lack of error reporting spotted by ajacoutot@, initial diff from dlg@.
rdaemon() "concept" discussed with semarie@. ok ajacoutot@ dlg@
|
|
so daemon(3) will be able to redirect standard input, standard output and
standard error to /dev/null.
ok jca@
|
|
|
|
alas "dns" is now a mandatory statement if you want to do dns!
|
|
appears to be good enough for the main loop processing.
|
|
|
|
for guenther@
|
|
fmemopen for the rest of the code to chew on, rather than having
special casing for seed generation in the sending code.
this also means our fake random.seed files will get proper netascii
encoding by being read via the fgetc api instead of directly from
a buffer.
ok deraadt@ mcbride@
|
|
/etc/random.seed.
This allows netbooted systems to inject entropy early in the kernel start.
pxeboot requests it already, so no configuration or change is needed on
the client side.
ok deraadt@ beck@
|
|
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)
|
|
not with alloca(). found by dickman; ok kettenis
|
|
so you have to check their return values in the same way and handle
errors the same way.
returning 0 from evbuffer_read means the other end of the socket
has gone away.
we should try again on both evbuffer_read and evbuffer_write if we
get EAGAIN or EINTR.
ok millert@ bluhm@
|
|
ok doug@ millert@
|
|
ok dlg@
|
|
|
|
handling the error.
|
|
|
|
|
|
|
|
disk), we maintain the client state after we've finished writing
the file in case the client loses our ack of the last write.
unfortunately we didnt close the file we'd just written when we
knew it was finished, but only after we clean up the client state
after that wait.
because we use FILE stuff to write the file out, its likely some
io flushed to disk until we finish that wait and close the file as
part of cleaning up the client state. if something is coordinating
a bunch of uploads and expects the file to be there after the client
is happy its there, this can be "not good".
this closes the file after we know its finished before proceeding
to hang to handle lost acks to the client.
found by and ok henning@
|
|
ok guenther dtucker
|
|
failed.
|
|
oack on error.
his fix is better, so this marges all of it in.
|
|
negotiated for data tranfsers.
this lets people negotiate 2 byte transfers with other options too if they
want. im looking at you Maxime Villard.
|
|
|
|
|
|
there was a double free if an option ack failed. if oack fails, the client
gets freed, then the oack caller tries to free the options which were just
freed.
found by Maxime Villard who provided a fix. unfortunately his fix still
had a double free but it was pretty close.
ok MALLOC_OPTIONS=S
|
|
Makes "make build" build with WARNINGS=Yes on amd64.
ok espie
|
|
ok dlg
|
|
libexec and usr.sbin tftpd.
libexec waitied around after finishing a wrq in case our ack for the last
write from a client got lost. this does the same dance, or an arguably
better version of it compared to libexec tftpd.
|
|
block by flushing the data on the socket and waiting for a retransmit
by timeout to occur.
my stuff (usr.sbin/tftpd) had XXXs and failure in those places.
this diff fixes that.
this should address the problems that sthen and jcs have been having
(and which i was finally able to reproduce here).
it also avoids reusing the clients buffer to both send and recv
frames. we recv onto the stack now so retry always sends what we
originally built for the peer.
tested by and ok jcs@ sthen@
|
