Copy stable/10@r272459 to releng/10.1 as part of
the 10.1-RELEASE process.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

MFC: r262136

Remove the 3rd clause ("advertising clause") of the BSD license as
permitted by the University of Berkeley on July 22, 1999.

Reviewed by: imp

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Mark tftp_log() as __printflike() (which would have caught the bug
fixed in r246106) and deal with the fallout.

MFC after: 2 weeks

Remove extra %s from debug statement that ends up crashing tftpd if
debug is set very high (like -d15 in my case).

Obtained from: Yahoo! Inc
MFC after: 2 weeks

Use correct size in snprintf.
Remove unused buffer.

PR: 174631
Submitted by: Henning Petersen
MFC after: 1 month

Check the return error of set[e][ug]id. While this can never fail in the
current version of FreeBSD, this isn't guarenteed by the API.
Custom security modules, or future implementations of the setuid and
setgid may fail.

Submitted by: Erik Cederstrand
Approved by: cperciva
MFC after: 3 days

Fix warnings found by -Wmising-variable-declarations.

This self-written compiler warning, which is hopefully going to be
committed into LLVM sources soon, warns about potentially missing
`static' keywords, similar to -Wmissing-prototypes.

- bin/pax: Move external declaration of chdname and s_mask into extern.h.
- bin/setfacl: Move setfacl.c-specific stuff out of setfacl.h.
- sbin/mount_fusefs: Remove char *progname; use getprogname().
- others: add `static' where possible.

mdoc: Only use macros inside a reference block.

Properly use LDADD & DPADD to link against libwrap.

Remove trailing whitespace per mdoc lint warning

Disussed with: gavin
No objection from: doc
Approved by: joel
MFC after: 3 days

Avoid error log for transfer stop w/o error code.

A number of tftp clients, including the one in Intel's pxe boot loader,
may intentionally stop a transfer using error code 0 (i.e., EUNDEF).
These are not real errors. Avoid spamming log files with these by
logging them at level LOG_DEBUG instead.

Discussed on -hackers with an initial patch proposal; this change is an
improved approach suggested by kan@.

Fix warning when compiling with gcc46:
error: variable 'bp' set but not use

Approved by: dim
MFC After: 3 days

Spelling fixes for libexec/

Pull in some wording to the tftpd.8 man page
from NetBSD, with some slight changes:

=========================================================================================
http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/tftpd/tftpd.8?only_with_tag=MAIN#rev1.22

Revision 1.22 or diffs], Fri Jan 8 21:05:14 2010 UTC (18 months, 2 weeks ago) by christos

Patrick Welche <prlw1@cam.ac.uk>
- add -p pathsep option
- make wrap to zero work, but produce a warning
While here:
- fix gcc warnings, in particular variable clobbered warnings
(compiling with fewer warnings does not really fix the problem)
=========================================================================================

These wording changes clarify the default rollover behavior
as a "kludge". Also, the block numbers and octet counts for 65535 blocks
and 32767 blocks are more accurate than the existing documented numbers.

Requested by: Pawan Gupta <pawang at juniper dot net>
Obtained from: Juniper Networks
Approved by: re (kib)

In the old TFTP server, there was an undocumented behavior where
the block counter would rollover to 0 if a file larger
than 65535 blocks was transferred. With the default block size
of 512 octets per block, this is a file size of approximately 32 megabytes.

The new TFTP server code would report an error and stop transferring
the file if a file was larger than 65535 blocks.

This patch restores the old TFTP server's behavior to the new
TFTP server code. If a TFTP client transfers a file larger
than 65535 blocks, and does *not* specify the "rollover" option,
then automatically rollover the block counter to 0 every time
we reach 65535 blocks.

This restores interoperability with the FreeBSD 6 TFTP client.
Without this change, if a FreeBSD 6 TFTP client tried to
retrieve a file larger than 65535 blocks from a FreeBSD 9 TFTP server
, the transfer would fail.
The same file could be retrieved successfully if the same FreeBSD 6
TFTP client was used against a FreeBSD 6 TFTP server.

Approved by: re (kib)
Tested by: Pawan Gupta <pawang at juniper dot net>,
Obtained from: Juniper Networks

Acknowledge Edwin Groothuis for the major rewrite he
did of the tftpd and tftp code to support TFTP blocksize.

Bring back synchnet() implementation from older
tftp implementation. The synchnet() function
was converted to a no-op when the new TFTP implementation
was committed to FreeBSD. However, this function, as it was
in the older code, is needed
in order to synchronize between the tftpd server and tftp clients,
which may be buggy.

Specifically, we had a buggy TFTP client which would send
TFTP ACK packets for non-TFTP packets, which would cause
the count of packets to get out of whack, causing transfers
to fail with the new TFTPD implementation.

Obtained from: Juniper Networks
Submitted by: Santhanakrishnan Balraj <sbalraj at juniper dot net>

Update references to RFC's that the newer TFTP implementation supports.

Fix typo.

Reported by: Nick Mann <njm at njm dot me dot uk>

Clarify tftpd's -d flag in the new TFTP implementation.
Bump date.

Clarify that the TFTP blocksize (RFC2348) or non-standard
TFTP rollover option can be used to transfer larger files.

Fix tftp_log() usage.

Fix typos.

PR: bin/148894
Submitted by: olgeni

Use a defined FreeBSD version.

MFC after: 3 days

Remove the duplicate logging of failed read requests, whose error message
also was inappropriate as it triggered for every EACCESS and ENOTFOUND, not
just the case the -n option is intended to deal with and thus really spammed
us with ~20 messages in the default configuration when booting a diskless
FreeBSD client, introduced with r207608 again.

MFC after: 1 week

Make WARNS=6 clean.

MFC after: 1 week

Try to adhere to style.Makefile(5).

MFC after: 3 days

Move the pfrom initialization from before the setjmp to after the
setjmp to avoid warnings on the powerpc build...

Remove an explicit assignment of the CFLAGS variable intended for
debugging purposes only.

Bring in new files from edwin's tftp

Go ahead and merge the work edwin@ on tftpd into the tree. It is a
lot better than what's in the tree now. Edwin tested it at a prior
employer, but can't test it today. I've found that it works a lot
better with the various uboot versions that I've used in my embedded
work. Here's the pkg-descr from the port that describes the changes:

It all started when we got some new routers, which told me the
following when trying to upload configuration or download images
from it: The TFTP server doesn't support the blocksize option.

My curiousity was triggered, it took me some reading of RFCs and
other documentation to find out what was possible and what could
be done. Was plain TFTP very simple in its handshake, TFTP with
options was kind of messy because of its backwards capability: The
first packet returned could either be an acknowledgement of options,
or the first data packet.

Going through the source code of src/libexec/tftpd and going through
the code of src/usr.bin/tftp showed that there was a lot of duplicate
code, and the addition of options would only increase the amount
of duplicate code. After all, both the client and the server can
act as a sender and receiver.

At the end, it ended up with a nearly complete rewrite of the tftp
client and server. It has been tested against the following TFTP
clients and servers:

- Itself (yay!)
- The standard FreeBSD tftp client and server
- The Fedora Core 6 tftp client and server
- Cisco router tftp client
- Extreme Networks tftp client

It supports the following RFCs:

RFC1350 - THE TFTP PROTOCOL (REVISION 2)
RFC2347 - TFTP Option Extension
RFC2348 - TFTP Blocksize Option
RFC2349 - TFTP Timeout Interval and Transfer Size Options
RFC3617 - Uniform Resource Identifier (URI) Scheme and Applicability
Statement for the Trivial File Transfer Protocol (TFTP)

It supports the following unofficial TFTP Options as described at
http://www.compuphase.com/tftp.htm:

blksize2 - Block size restricted to powers of 2, excluding protocol headers
rollover - Block counter roll-over (roll back to zero or to one)

From the tftp program point of view the following things are changed:

- New commands: "blocksize", "blocksize2", "rollover" and "options"
- Development features: "debug" and "packetdrop"

If you try this tftp/tftpd implementation, please let me know if
it works (or doesn't work) and against which implementaion so I can
get a list of confirmed working systems.

Author: Edwin Groothuis <edwin@FreeBSD.org>

Fix several typos in macros or macro misusage.

Found by: make manlint
Reviewed by: ru
Approved by: philip (mentor)

Make WARNS=6 the default for libexec/.

Just like bin/ and sbin/, I think setting WARNS to the highest value
possible will make it more attractive for people to fix warnings.

- The WARNS variable is set in the Makefile in the directory of the
application itself, making it more likely that it will be removed out
of curiosity to see what happens.
- New applications will most likely build with WARNS=6 out of the box,
because the author would more likely fix the warnings during
development than lower WARNS.

Unfortunately almost all apps in libexec require a lowered value of
WARNS.

Add "with" to make the line go smoother.

Add the -W options, which acts the same as -w but will generate
unique names based on the submitted filename, a strftime(3) format
string and a two digit sequence number.

By default the strftime(3) format string is %Y%m%d (YYYYMMDD), but
this can be changed by the -F option.

PR: bin/106049 (based on patch in that PR)
Approved by: grog@ (mentor)

Correct a typo.

PR: 106049
Submitted by: edwin (as part of a larger patch)

Markup fixes.

- Improve and extend mark-up.
- Don't use full path in .Nm (we just don't do that).
- Correct some frivolous and poorly rendering language,
such as using possessive case for .Nm or .Fl .
- Use the same capitalization for "user ID" as in setuid(2) and getuid(2).
- Bring SEE ALSO in accord with the text.

MFC after: 5 days

o Missed colon in getopt(3) argument makes tftpd(8) crash. Fix that.

PR: misc/81732
Submitted by: Denis Grudkin
MFC after: 2 weeks

NI_WITHSCOPEID cleanup. Neither RFC 2553 nor RFC 3493 defines
NI_WITHSCOPEID, and our getaddrinfo(3) does nothing special
for it, now.

- Use socklen_t.
- No need for 'fromlen' to have file scope.
- Remove an unused variable.

Instead of "OpenFirmware", "openfirmware", etc. use the official spelling
"Open Firmware" from IEEE 1275 and OpenFirmware.org (no pun intended).

Ok'ed by: tmm

mdoc(7) fixes.

The call to setuid(2) subsequently causes setgroups(2) to fail. setgroups(2)
requires super-user access in order to complete successfully.
Move setgroups(2) to execute before setuid(2) so that it is successful.

Call tzset() at startup.

Submitted by: Andrzej ToboÅa <ato@iem.pw.edu.pl>

o Reduce path names in RRQ and WRQ packets by:

Reducing "/+./" strings to "/"
Reducing "/[^/]+/../" to "/"

o Don't send an OACK when the result of the [RW]RQ is an error.

These changes allow tftpd to interact with pxelinux.bin from the syslinux
package.

Whilst the path reducing code doesn't properly handle situations where the
path component before the "/../" is a symlink to (say) ".", I would suggest
that it does the right thing in terms of the clients perception of what
their path string actually represents. This seems better than using
realpath() and breaking environments where symlinks point outside of the
directory hierarchy that tftpd is configured to allow.

- Close fd if fdopen(fd) fails.
- Format return () to resemble the one 5 lines up.

Add two new flags: -w, which allows new files to be created,
and -U, which allows the umask to be set.

Obtained from: Patton Electronics, Co.

Fix a bug which causes wrong filename being written into the syslog
in the case when client sends request with RFC2347 options.

Approved by: re
MFC After: 2 weeks

properly refuse a connection in the -c case if the client ip's subdirectory
does not exist.

PR: bin/38303
Submitted by: Woei-Luen, Shyu <m8535@cn.ee.ccu.edu.tw>
the committed patch differs from the submitted one, any inaccuracies are mine.

Clean up some warnings that don't result in a change in the object file:
Constness, missing prototypes, non-ansi prototypes, missing
initialisers, unnecessary declarations, shadowing.

Reviewed by: md5

The .Nm utility

Correct indent.

IPv6 support for tftp/tftpd.

Obtained from: KAME
MFC after: 2 weeks

Better handle the case with a network that drops packets by retrying
with a back off. This was discovered when Luigi sent me code to
handle this for Etherboot. The Etherboot patch worked okay but
FreeBSD's tftpd had trouble handling it and would fail to transfer
the file since it would abort on send and not retry.

Submitted by: luigi
MFC after: 1 week

o __P removal
o Use new-style prototypes and function definitions.
o Fix timeout and justquit to have proper signatures for signal
handlers. Mark the args as __unused.
o remove register

Change the failure mode in option parsing to silently bailing out of option
negotiation rather than rejecting the request.

Apple OpenFirmware 3.0f3 (the version in my iMac) adds trailing garbage to the
end of an otherwise valid request. Without this change, the requests were
rejected which prevented me from booting.

Reviewed by: obrien

When we set our UID to `nobody', set an appropriate group also.

Submitted by: peter

RFC2349 (http://www.hypermail.org/rfcs/rfc2349.html) adds support
for negotiation of timeout and file size to the tftp protocol. This
is required by some firmware like EFI boot managers (at least on
HP i2000 Itanium servers) in order to boot an image using tftp. The
attached patch implements the RFC, and in doing so also implements
RFC2347; a generic tftp option extension.

PR: 30710
Submitted by: Espen Skoglund <esk@ira.uka.de>

Remove whitespace at EOL.

mdoc(7) police: removed HISTORY info from the .Os call.

mdoc(7) police: normalize .Nd.

- Backout botched attempt to intoduce MANSECT feature.
- MAN[1-9] -> MAN.

Set the default manual section for libexec/ to 8.

First appeared in 4.3, not 5.0

Fix tftpd and tftp to support file transfers of over 65535 blocks
(about 31 MB - 32 MB).

Submitted (partially)
by: Pascal Hofstee <daeron@wit401305.student.utwente.nl>

Add -c/C which chroots by IP of tftp client, (i.e. /tftproot/127.0.0.1/).

mdoc(7) police: use the new features of the Nm macro.

Some more slight doco fixes: update date, and add a bit more to the history.

Allow tftpd to run as a specified user, not just `nobody'.
Update documentation to reflect new option. Also fix documentation
style and add missing references.

PR: 21268
Submitted by: "Aleksandr A. Babaylov" <babolo@links.ru>
Reviewed by: imp

Add $FreeBSD$ lines to man pages that are missing them to make it
easier for translation teams.

PR: docs/13418
Submitted by: Alexey Zelkin <phantom@cris.net>

$Id$ -> $FreeBSD$

Ensure that things returned by gethostname() and
friends are terminated and allow for a maximum
host name length of MAXHOSTNAMELEN - 1.
Put parenthesis around sizeof args.
Make some variables static.
Fix telnetd -u (broken by my last commit)

Prompted by: bde

Use realhostname() rather than various combinations of
gethostbyaddr() & gethostbyname().

Remove brokeness in ftpd for hosts of MAXHOSTNAMELEN length.

Rename a function name so that it doesn't conflict with a future system call.

Mention that syslog.conf(5) does not log LOG_FTP messages by default.

PR: 5287

openlog() needs to have LOG_NDELAY added, or else the syslog() calls after
the chroot will not get sent to syslogd.

PR: 4910
Reviewed by: phk
Submitted by: Jim Mercer <jim@komodo.reptiles.org>

Use full path in synopsis. Syslog will add trailing \n.

Clarify the actions of -s and the list of allowable names.

compare return value from getopt against -1 rather than EOF, per the final
posix standard on the topic.

Fix non explloitable buffer overflows (since the largest packet processed
precludes it) to keep people from whining about it in the newsgroups and
mailing lists.

Revert $FreeBSD$ to $Id$

Make the long-awaited change from $Id$ to $FreeBSD$

This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.

Truncate the file when opening it with write intent. Otherwise,
there's a good chance that garbage will remain at the end.

Closes PR # bin/2112: tftpd doesn't truncate ...

Reviewed by: fenner

add forgotten $Id$

Reviewed by: Bill Fenner <fennder@parc.xerox.com>
Reviewed by: Garrett Wollman <wollman@freebsd.org>
Submitted by: Warner Losh <imp@village.org>
Close PR bin/1145:
Add -s flag to tftpd. This enables the so-called secure mode
of tftpd where it chroots to a given directory before allowing access
to the files. In addition, it runs as nobody when in this mode.
Reviewed a long time ago by Bill and Garrett. Apply my patch from the
pr, and close the PR.

I think the security check to invalidate ALL write requests was just a little
excessive, and violates the specification defined in the manpage to boot.

Update to new make macros and disable Kerberos because we haven't got it
set up right yet.

This commit was generated by cvs2svn to compensate for changes in r1592,
which included commits to RCS files with non-trunk default branches.