diff --git a/tftpd/Makefile b/tftpd/Makefile index f64faab..ea1170f 100644 --- a/tftpd/Makefile +++ b/tftpd/Makefile @@ -1,7 +1,7 @@ all: tftpd -include ../MCONFIG -include ../MRULES +-include ../MCONFIG +-include ../MRULES OBJS = tftpd.o tftpsubs.o recvfrom.o diff --git a/tftpd/recvfrom.c b/tftpd/recvfrom.c index 280800f..c8af007 100644 --- a/tftpd/recvfrom.c +++ b/tftpd/recvfrom.c @@ -33,11 +33,26 @@ #include +#ifdef IP_PKTINFO +# ifndef HAVE_STRUCT_IN_PKTINFO +# ifdef __linux__ +/* Assume this version of glibc simply lacks the definition */ +struct in_pktinfo { + int ipi_ifindex; + struct in_addr ipi_spec_dst; + struct in_addr ipi_addr; +}; +# else +# undef IP_PKTINFO /* No definition, no way to get it */ +# endif +# endif +#endif + #ifndef CMSG_LEN -#define CMSG_LEN(size) (sizeof(struct cmsghdr) + (size)) +# define CMSG_LEN(size) (sizeof(struct cmsghdr) + (size)) #endif #ifndef CMSG_SPACE -#define CMSG_SPACE(size) (sizeof(struct cmsghdr) + (size)) +# define CMSG_SPACE(size) (sizeof(struct cmsghdr) + (size)) #endif int diff --git a/tftpd/tftpd.c b/tftpd/tftpd.c index 2e86da7..8193888 100644 --- a/tftpd/tftpd.c +++ b/tftpd/tftpd.c @@ -76,6 +76,12 @@ static const char *rcsid = "tftp-hpa $Id$"; #include "tftpsubs.h" #include "recvfrom.h" +#ifdef HAVE_TCPWRAPPERS +#include +int deny_severity = LOG_WARNING; +int allow_severity = LOG_INFO; +#endif + void bsd_signal(int, void (*)(int)); #ifndef HAVE_SIGSETJMP @@ -248,6 +254,14 @@ main(int argc, char **argv) syslog(LOG_ERR, "recvfrom: %m"); exit(1); } + +#ifdef HAVE_TCPWRAPPERS + /* Verify if this was a legal request for us. */ + + if ( hosts_ctl("tftp", STRING_UNKNOWN, inet_ntoa(from.sin_addr), STRING_UNKNOWN) == 0 ) + exit(1); /* Access denied */ +#endif + /* * Now that we have read the message out of the UDP * socket, we fork and exit. Thus, inetd will go back @@ -296,6 +310,7 @@ main(int argc, char **argv) alarm(0); close(fd); close(1); + peer = socket(AF_INET, SOCK_DGRAM, 0); if (peer < 0) { syslog(LOG_ERR, "socket: %m");