copyparty 1.10.2__py3-none-any.whl → 1.11.1__py3-none-any.whl

copyparty/cfg.py

@@ -66,6 +66,7 @@ def vf_vmap()   :
         "rm_retry",
         "sort",
         "unlist",
+        "u2abort",
         "u2ts",
     ):
         ret[k] = k
@@ -116,6 +117,7 @@ flagcats = {
         "hardlink": "does dedup with hardlinks instead of symlinks",
         "neversymlink": "disables symlink fallback; full copy instead",
         "copydupes": "disables dedup, always saves full copies of dupes",
+        "sparse": "force use of sparse files, mainly for s3-backed storage",
         "daw": "enable full WebDAV write support (dangerous);\nPUT-operations will now \033[1;31mOVERWRITE\033[0;35m existing files",
         "nosub": "forces all uploads into the top folder of the vfs",
         "magic": "enables filetype detection for nameless uploads",
@@ -130,6 +132,7 @@ flagcats = {
         "rand": "force randomized filenames, 9 chars long by default",
         "nrand=N": "randomized filenames are N chars long",
         "u2ts=fc": "[f]orce [c]lient-last-modified or [u]pload-time",
+        "u2abort=1": "allow aborting unfinished uploads? 0=no 1=strict 2=ip-chk 3=acct-chk",
         "sz=1k-3m": "allow filesizes between 1 KiB and 3MiB",
         "df=1g": "ensure 1 GiB free disk space",
     },

copyparty/ftpd.py

@@ -295,7 +295,7 @@ class FtpFs(AbstractedFS):
 
         vp = join(self.cwd, path).lstrip("/")
         try:
-            self.hub.up2k.handle_rm(self.uname, self.h.cli_ip, [vp], [], False)
+            self.hub.up2k.handle_rm(self.uname, self.h.cli_ip, [vp], [], False, False)
         except Exception as ex:
             raise FSE(str(ex))
 
@@ -405,7 +405,7 @@ class FtpHandler(FTPHandler):
         if cip.startswith("::ffff:"):
             cip = cip[7:]
 
-        if self.args.ftp_ipa_re and not self.args.ftp_ipa_re.match(cip):
+        if self.args.ftp_ipa_nm and not self.args.ftp_ipa_nm.map(cip):
             logging.warning("client rejected (--ftp-ipa): %s", cip)
             self.connected = False
             conn.close()

copyparty/httpcli.py

@@ -166,16 +166,12 @@ class HttpCli(object):
         self.can_dot = False
         self.out_headerlist   = []
         self.out_headers   = {}
-        self.html_head = " "
         # post
         self.parser  = None
         # end placeholders
 
         self.bufsz = 1024 * 32
-        h = self.args.html_head
-        if self.args.no_robots:
-            h = META_NOBOTS + (("\n" + h) if h else "")
-        self.html_head = h
+        self.html_head = ""
 
     def log(self, msg , c   = 0)  :
         ptn = self.asrv.re_pwd
@@ -227,13 +223,11 @@ class HttpCli(object):
             "Vary": "Origin, PW, Cookie",
             "Cache-Control": "no-store, max-age=0",
         }
-        if self.args.no_robots:
-            self.out_headers["X-Robots-Tag"] = "noindex, nofollow"
 
-        if self.is_banned():
+        if self.args.early_ban and self.is_banned():
             return False
 
-        if self.args.ipa_re and not self.args.ipa_re.match(self.conn.addr[0]):
+        if self.conn.ipa_nm and not self.conn.ipa_nm.map(self.conn.addr[0]):
             self.log("client rejected (--ipa)", 3)
             self.terse_reply(b"", 500)
             return False
@@ -296,6 +290,7 @@ class HttpCli(object):
             zs = "%s:%s" % self.s.getsockname()[:2]
             self.host = zs[7:] if zs.startswith("::ffff:") else zs
 
+        trusted_xff = False
         n = self.args.rproxy
         if n:
             zso = self.headers.get(self.args.xff_hdr)
@@ -312,21 +307,26 @@ class HttpCli(object):
                     self.log(t.format(self.args.rproxy, zso), c=3)
 
                 pip = self.conn.addr[0]
-                if self.args.xff_re and not self.args.xff_re.match(pip):
-                    t = 'got header "%s" from untrusted source "%s" claiming the true client ip is "%s" (raw value: "%s");  if you trust this, you must allowlist this proxy with "--xff-src=%s"'
+                xffs = self.conn.xff_nm
+                if xffs and not xffs.map(pip):
+                    t = 'got header "%s" from untrusted source "%s" claiming the true client ip is "%s" (raw value: "%s");  if you trust this, you must allowlist this proxy with "--xff-src=%s"%s'
                     if self.headers.get("cf-connecting-ip"):
-                        t += "  Alternatively, if you are behind cloudflare, it is better to specify these two instead:  --xff-hdr=cf-connecting-ip  --xff-src=any"
+                        t += '  Note: if you are behind cloudflare, then this default header is not a good choice; please first make sure your local reverse-proxy (if any) does not allow non-cloudflare IPs from providing cf-* headers, and then add this additional global setting: "--xff-hdr=cf-connecting-ip"'
+                    else:
+                        t += '  Note: depending on your reverse-proxy, and/or WAF, and/or other intermediates, you may want to read the true client IP from another header by also specifying "--xff-hdr=SomeOtherHeader"'
                     zs = (
                         ".".join(pip.split(".")[:2]) + "."
                         if "." in pip
                         else ":".join(pip.split(":")[:4]) + ":"
-                    )
-                    self.log(t % (self.args.xff_hdr, pip, cli_ip, zso, zs), 3)
+                    ) + "0.0/16"
+                    zs2 = ' or "--xff-src=lan"' if self.conn.xff_lan.map(pip) else ""
+                    self.log(t % (self.args.xff_hdr, pip, cli_ip, zso, zs, zs2), 3)
                 else:
                     self.ip = cli_ip
                     self.is_vproxied = bool(self.args.R)
                     self.log_src = self.conn.set_rproxy(self.ip)
                     self.host = self.headers.get("x-forwarded-host") or self.host
+                    trusted_xff = True
 
         if self.is_banned():
             return False
@@ -454,9 +454,56 @@ class HttpCli(object):
 
         if self.args.idp_h_usr:
             self.pw = ""
-            self.uname = self.headers.get(self.args.idp_h_usr) or "*"
-            if self.uname not in self.asrv.vfs.aread:
-                self.log("unknown username: [%s]" % (self.uname), 1)
+            idp_usr = self.headers.get(self.args.idp_h_usr) or ""
+            if idp_usr:
+                idp_grp = (
+                    self.headers.get(self.args.idp_h_grp) or ""
+                    if self.args.idp_h_grp
+                    else ""
+                )
+
+                if not trusted_xff:
+                    pip = self.conn.addr[0]
+                    xffs = self.conn.xff_nm
+                    trusted_xff = xffs and xffs.map(pip)
+
+                trusted_key = (
+                    not self.args.idp_h_key
+                ) or self.args.idp_h_key in self.headers
+
+                if trusted_key and trusted_xff:
+                    self.asrv.idp_checkin(self.conn.hsrv.broker, idp_usr, idp_grp)
+                else:
+                    if not trusted_key:
+                        t = 'the idp-h-key header ("%s") is not present in the request; will NOT trust the other headers saying that the client\'s username is "%s" and group is "%s"'
+                        self.log(t % (self.args.idp_h_key, idp_usr, idp_grp), 3)
+
+                    if not trusted_xff:
+                        t = 'got IdP headers from untrusted source "%s" claiming the client\'s username is "%s" and group is "%s";  if you trust this, you must allowlist this proxy with "--xff-src=%s"%s'
+                        if not self.args.idp_h_key:
+                            t += "  Note: you probably also want to specify --idp-h-key <SECRET-HEADER-NAME> for additional security"
+
+                        pip = self.conn.addr[0]
+                        zs = (
+                            ".".join(pip.split(".")[:2]) + "."
+                            if "." in pip
+                            else ":".join(pip.split(":")[:4]) + ":"
+                        ) + "0.0/16"
+                        zs2 = (
+                            ' or "--xff-src=lan"' if self.conn.xff_lan.map(pip) else ""
+                        )
+                        self.log(t % (pip, idp_usr, idp_grp, zs, zs2), 3)
+
+                    idp_usr = "*"
+                    idp_grp = ""
+
+                if idp_usr in self.asrv.vfs.aread:
+                    self.uname = idp_usr
+                    self.html_head += "<script>var is_idp=1</script>\n"
+                else:
+                    self.log("unknown username: [%s]" % (idp_usr), 1)
+                    self.uname = "*"
+            else:
                 self.uname = "*"
         else:
             self.pw = uparam.get("pw") or self.headers.get("pw") or bauth or cookie_pw
@@ -506,6 +553,10 @@ class HttpCli(object):
 
         self.s.settimeout(self.args.s_tbody or None)
 
+        if "norobots" in vn.flags:
+            self.html_head += META_NOBOTS
+            self.out_headers["X-Robots-Tag"] = "noindex, nofollow"
+
         try:
             cors_k = self._cors()
             if self.mode in ("GET", "HEAD"):
@@ -514,9 +565,13 @@ class HttpCli(object):
                 return self.handle_options() and self.keepalive
 
             if not cors_k:
+                host = self.headers.get("host", "<?>")
                 origin = self.headers.get("origin", "<?>")
-                self.log("cors-reject {} from {}".format(self.mode, origin), 3)
-                raise Pebkac(403, "no surfing")
+                proto = "https://" if self.is_https else "http://"
+                guess = "modifying" if (origin and host) else "stripping"
+                t = "cors-reject %s because request-header Origin='%s' does not match request-protocol '%s' and host '%s' based on request-header Host='%s' (note: if this request is not malicious, check if your reverse-proxy is accidentally %s request headers, in particular 'Origin', for example by running copyparty with --ihead='*' to show all request headers)"
+                self.log(t % (self.mode, origin, proto, self.host, host, guess), 3)
+                raise Pebkac(403, "rejected by cors-check")
 
             # getattr(self.mode) is not yet faster than this
             if self.mode == "POST":
@@ -647,7 +702,11 @@ class HttpCli(object):
 
     def k304(self)  :
         k304 = self.cookies.get("k304")
-        return k304 == "y" or ("; Trident/" in self.ua and not k304)
+        return (
+            k304 == "y"
+            or (self.args.k304 == 2 and k304 != "n")
+            or ("; Trident/" in self.ua and not k304)
+        )
 
     def send_headers(
         self,
@@ -2823,11 +2882,11 @@ class HttpCli(object):
         logtail = ""
 
         #
-        # if request is for foo.js, check if we have foo.js.{gz,br}
+        # if request is for foo.js, check if we have foo.js.gz
 
         file_ts = 0.0
         editions    = {}
-        for ext in ["", ".gz", ".br"]:
+        for ext in ("", ".gz"):
             try:
                 fs_path = req_path + ext
                 st = bos.stat(fs_path)
@@ -2872,12 +2931,7 @@ class HttpCli(object):
             x.strip()
             for x in self.headers.get("accept-encoding", "").lower().split(",")
         ]
-        if ".br" in editions and "br" in supported_editions:
-            is_compressed = True
-            selected_edition = ".br"
-            fs_path, file_sz = editions[".br"]
-            self.out_headers["Content-Encoding"] = "br"
-        elif ".gz" in editions:
+        if ".gz" in editions:
             is_compressed = True
             selected_edition = ".gz"
             fs_path, file_sz = editions[".gz"]
@@ -2893,13 +2947,8 @@ class HttpCli(object):
             is_compressed = False
             selected_edition = "plain"
 
-        try:
-            fs_path, file_sz = editions[selected_edition]
-            logmsg += "{} ".format(selected_edition.lstrip("."))
-        except:
-            # client is old and we only have .br
-            # (could make brotli a dep to fix this but it's not worth)
-            raise Pebkac(404)
+        fs_path, file_sz = editions[selected_edition]
+        logmsg += "{} ".format(selected_edition.lstrip("."))
 
         #
         # partial
@@ -3339,6 +3388,8 @@ class HttpCli(object):
             self.reply(zb, mime="text/plain; charset=utf-8")
             return True
 
+        self.html_head += self.vn.flags.get("html_head", "")
+
         html = self.j2s(
             "splash",
             this=self,
@@ -3354,6 +3405,7 @@ class HttpCli(object):
             dbwt=vs["dbwt"],
             url_suf=suf,
             k304=self.k304(),
+            k304vis=self.args.k304 > 0,
             ver=S_VERSION if self.args.ver else "",
             ahttps="" if self.is_https else "https://" + self.host + self.req,
         )
@@ -3362,7 +3414,7 @@ class HttpCli(object):
 
     def set_k304(self)  :
         v = self.uparam["k304"].lower()
-        if v == "y":
+        if v in "yn":
             dur = 86400 * 299
         else:
             dur = 0
@@ -3545,9 +3597,6 @@ class HttpCli(object):
         return ret
 
     def tx_ups(self)  :
-        if not self.args.unpost:
-            raise Pebkac(403, "the unpost feature is disabled in server config")
-
         idx = self.conn.get_u2idx()
         if not idx or not hasattr(idx, "p_end"):
             raise Pebkac(500, "sqlite3 is not available on the server; cannot unpost")
@@ -3565,7 +3614,20 @@ class HttpCli(object):
             if "fk" in vol.flags
             and (self.uname in vol.axs.uread or self.uname in vol.axs.upget)
         }
-        for vol in self.asrv.vfs.all_vols.values():
+
+        x = self.conn.hsrv.broker.ask(
+            "up2k.get_unfinished_by_user", self.uname, self.ip
+        )
+        uret = x.get()
+
+        if not self.args.unpost:
+            allvols = []
+        else:
+            allvols = list(self.asrv.vfs.all_vols.values())
+
+        allvols = [x for x in allvols if "e2d" in x.flags]
+
+        for vol in allvols:
             cur = idx.get_cur(vol.realpath)
             if not cur:
                 continue
@@ -3617,9 +3679,13 @@ class HttpCli(object):
             for v in ret:
                 v["vp"] = self.args.SR + v["vp"]
 
-        jtxt = json.dumps(ret, indent=2, sort_keys=True).encode("utf-8", "replace")
-        self.log("{} #{} {:.2f}sec".format(lm, len(ret), time.time() - t0))
-        self.reply(jtxt, mime="application/json")
+        if not allvols:
+            ret = [{"kinshi": 1}]
+
+        jtxt = '{"u":%s,"c":%s}' % (uret, json.dumps(ret, indent=0))
+        zi = len(uret.split('\n"pd":')) - 1
+        self.log("%s #%d+%d %.2fsec" % (lm, zi, len(ret), time.time() - t0))
+        self.reply(jtxt.encode("utf-8", "replace"), mime="application/json")
         return True
 
     def handle_rm(self, req )  :
@@ -3634,11 +3700,12 @@ class HttpCli(object):
         elif self.is_vproxied:
             req = [x[len(self.args.SR) :] for x in req]
 
+        unpost = "unpost" in self.uparam
         nlim = int(self.uparam.get("lim") or 0)
         lim = [nlim, nlim] if nlim else []
 
         x = self.conn.hsrv.broker.ask(
-            "up2k.handle_rm", self.uname, self.ip, req, lim, False
+            "up2k.handle_rm", self.uname, self.ip, req, lim, False, unpost
         )
         self.loud_reply(x.get())
         return True
@@ -3776,11 +3843,9 @@ class HttpCli(object):
         e2d = "e2d" in vn.flags
         e2t = "e2t" in vn.flags
 
-        self.html_head = vn.flags.get("html_head", "")
-        if vn.flags.get("norobots") or "b" in self.uparam:
+        self.html_head += vn.flags.get("html_head", "")
+        if "b" in self.uparam:
             self.out_headers["X-Robots-Tag"] = "noindex, nofollow"
-        else:
-            self.out_headers.pop("X-Robots-Tag", None)
 
         is_dir = stat.S_ISDIR(st.st_mode)
         fk_pass = False

copyparty/httpconn.py

@@ -23,7 +23,7 @@ from .mtag import HAVE_FFMPEG
 from .th_cli import ThumbCli
 from .th_srv import HAVE_PIL, HAVE_VIPS
 from .u2idx import U2idx
-from .util import HMaccas, shut_socket
+from .util import HMaccas, NetMap, shut_socket
 
 if TYPE_CHECKING:
     from .httpsrv import HttpSrv
@@ -52,6 +52,9 @@ class HttpConn(object):
         self.E  = self.args.E
         self.asrv  = hsrv.asrv  # mypy404
         self.u2fh  = hsrv.u2fh  # mypy404
+        self.ipa_nm  = hsrv.ipa_nm
+        self.xff_nm  = hsrv.xff_nm
+        self.xff_lan  = hsrv.xff_lan  # type: ignore
         self.iphash  = hsrv.broker.iphash
         self.bans   = hsrv.bans
         self.aclose   = hsrv.aclose

copyparty/httpsrv.py

@@ -67,6 +67,7 @@ from .util import (
     Netdev,
     NetMap,
     absreal,
+    build_netmap,
     ipnorm,
     min_ex,
     shut_socket,
@@ -99,7 +100,7 @@ class HttpSrv(object):
         self.t0 = time.time()
         nsuf = "-n{}-i{:x}".format(nid, os.getpid()) if nid else ""
         self.magician = Magician()
-        self.nm = NetMap([], {})
+        self.nm = NetMap([], [])
         self.ssdp  = None
         self.gpwd = Garda(self.args.ban_pw)
         self.g404 = Garda(self.args.ban_404)
@@ -146,6 +147,10 @@ class HttpSrv(object):
         zs = os.path.join(self.E.mod, "web", "deps", "prism.js.gz")
         self.prism = os.path.exists(zs)
 
+        self.ipa_nm = build_netmap(self.args.ipa)
+        self.xff_nm = build_netmap(self.args.xff_src)
+        self.xff_lan = build_netmap("lan")
+
         self.statics  = set()
         self._build_statics()
 
@@ -187,7 +192,7 @@ class HttpSrv(object):
             for fn in df:
                 ap = absreal(os.path.join(dp, fn))
                 self.statics.add(ap)
-                if ap.endswith(".gz") or ap.endswith(".br"):
+                if ap.endswith(".gz"):
                     self.statics.add(ap[:-3])
 
     def set_netdevs(self, netdevs  )  :
@@ -195,7 +200,7 @@ class HttpSrv(object):
         for ip, _ in self.bound:
             ips.add(ip)
 
-        self.nm = NetMap(list(ips), netdevs)
+        self.nm = NetMap(list(ips), list(netdevs))
 
     def start_threads(self, n )  :
         self.tp_nthr += n

copyparty/metrics.py

@@ -206,6 +206,9 @@ class Metrics(object):
             try:
                 x = self.hsrv.broker.ask("up2k.get_unfinished")
                 xs = x.get()
+                if not xs:
+                    raise Exception("up2k mutex acquisition timed out")
+
                 xj = json.loads(xs)
                 for ptop, (nbytes, nfiles) in xj.items():
                     tnbytes += nbytes

copyparty/multicast.py

@@ -107,7 +107,7 @@ class MCast(object):
             )
 
         ips = [x for x in ips if x not in ("::1", "127.0.0.1")]
-        ips = find_prefix(ips, netdevs)
+        ips = find_prefix(ips, list(netdevs))
 
         on = self.on[:]
         off = self.off[:]

copyparty/smbd.py

@@ -337,7 +337,7 @@ class SMB(object):
             yeet("blocked delete (no-del-acc): " + vpath)
 
         vpath = vpath.replace("\\", "/").lstrip("/")
-        self.hub.up2k.handle_rm(uname, "1.7.6.2", [vpath], [], False)
+        self.hub.up2k.handle_rm(uname, "1.7.6.2", [vpath], [], False, False)
 
     def _utime(self, vpath , times  )  :
         if not self.args.smbw:

copyparty/svchub.py

@@ -22,7 +22,7 @@ from datetime import datetime, timedelta
 # print(currentframe().f_lineno)
 
 
-from .__init__ import ANYWIN, EXE, MACOS, TYPE_CHECKING, EnvParams, unicode
+from .__init__ import ANYWIN, E, EXE, MACOS, TYPE_CHECKING, EnvParams, unicode
 from .authsrv import BAD_CFG, AuthSrv
 from .cert import ensure_cert
 from .mtag import HAVE_FFMPEG, HAVE_FFPROBE
@@ -43,6 +43,7 @@ from .util import (
     ODict,
     alltrace,
     ansi_re,
+    build_netmap,
     min_ex,
     mp,
     odfusion,
@@ -88,7 +89,7 @@ class SvcHub(object):
         self.stopping = False
         self.stopped = False
         self.reload_req = False
-        self.reloading = False
+        self.reloading = 0
         self.stop_cond = threading.Condition()
         self.nsigs = 3
         self.retcode = 0
@@ -148,6 +149,8 @@ class SvcHub(object):
         lg.handlers = [lh]
         lg.setLevel(logging.DEBUG)
 
+        self._check_env()
+
         if args.stackmon:
             start_stackmon(args.stackmon, 0)
 
@@ -379,6 +382,17 @@ class SvcHub(object):
 
         Daemon(self.sd_notify, "sd-notify")
 
+    def _check_env(self)  :
+        try:
+            files = os.listdir(E.cfg)
+        except:
+            files = []
+
+        hits = [x for x in files if x.lower().endswith(".conf")]
+        if hits:
+            t = "WARNING: found config files in [%s]: %s\n  config files are not expected here, and will NOT be loaded (unless your setup is intentionally hella funky)"
+            self.log("root", t % (E.cfg, ", ".join(hits)), 3)
+
     def _process_config(self)  :
         al = self.args
 
@@ -459,12 +473,11 @@ class SvcHub(object):
 
         al.xff_hdr = al.xff_hdr.lower()
         al.idp_h_usr = al.idp_h_usr.lower()
-        # al.idp_h_grp = al.idp_h_grp.lower()
+        al.idp_h_grp = al.idp_h_grp.lower()
+        al.idp_h_key = al.idp_h_key.lower()
 
-        al.xff_re = self._ipa2re(al.xff_src)
-        al.ipa_re = self._ipa2re(al.ipa)
-        al.ftp_ipa_re = self._ipa2re(al.ftp_ipa or al.ipa)
-        al.tftp_ipa_re = self._ipa2re(al.tftp_ipa or al.ipa)
+        al.ftp_ipa_nm = build_netmap(al.ftp_ipa or al.ipa)
+        al.tftp_ipa_nm = build_netmap(al.tftp_ipa or al.ipa)
 
         mte = ODict.fromkeys(DEF_MTE.split(","), True)
         al.mte = odfusion(mte, al.mte)
@@ -481,6 +494,18 @@ class SvcHub(object):
             if ptn:
                 setattr(self.args, k, re.compile(ptn))
 
+        for k in ["idp_gsep"]:
+            ptn = getattr(self.args, k)
+            if "]" in ptn:
+                ptn = "]" + ptn.replace("]", "")
+            if "[" in ptn:
+                ptn = ptn.replace("[", "") + "["
+            if "-" in ptn:
+                ptn = ptn.replace("-", "") + "-"
+
+            ptn = ptn.replace("\\", "\\\\").replace("^", "\\^")
+            setattr(self.args, k, re.compile("[%s]" % (ptn,)))
+
         try:
             zf1, zf2 = self.args.rm_retry.split("/")
             self.args.rm_re_t = float(zf1)
@@ -656,21 +681,37 @@ class SvcHub(object):
                 self.log("root", "ssdp startup failed;\n" + min_ex(), 3)
 
     def reload(self)  :
-        if self.reloading:
-            return "cannot reload; already in progress"
+        with self.up2k.mutex:
+            if self.reloading:
+                return "cannot reload; already in progress"
+            self.reloading = 1
 
-        self.reloading = True
         Daemon(self._reload, "reloading")
         return "reload initiated"
 
-    def _reload(self)  :
-        self.log("root", "reload scheduled")
+    def _reload(self, rescan_all_vols  = True)  :
         with self.up2k.mutex:
+            if self.reloading != 1:
+                return
+            self.reloading = 2
+            self.log("root", "reloading config")
             self.asrv.reload()
-            self.up2k.reload()
+            self.up2k.reload(rescan_all_vols)
             self.broker.reload()
+            self.reloading = 0
+
+    def _reload_blocking(self, rescan_all_vols  = True)  :
+        while True:
+            with self.up2k.mutex:
+                if self.reloading < 2:
+                    self.reloading = 1
+                    break
+            time.sleep(0.05)
+
+        # try to handle multiple pending IdP reloads at once:
+        time.sleep(0.2)
 
-        self.reloading = False
+        self._reload(rescan_all_vols=rescan_all_vols)
 
     def stop_thr(self)  :
         while not self.stop_req:

copyparty/tftpd.py

@@ -52,17 +52,16 @@ def noop(*a, **ka)  :
 
 def _serverInitial(self, pkt , raddress , rport )  :
     info("connection from %s:%s", raddress, rport)
-    ret = _orig_serverInitial(self, pkt, raddress, rport)
-    ptn = _hub[0].args.tftp_ipa_re
-    if ptn and not ptn.match(raddress):
+    ret = _sinitial[0](self, pkt, raddress, rport)
+    nm = _hub[0].args.tftp_ipa_nm
+    if nm and not nm.map(raddress):
         yeet("client rejected (--tftp-ipa): %s" % (raddress,))
     return ret
 
 
-# patch ipa-check into partftpd
+# patch ipa-check into partftpd (part 1/2)
 _hub  = []
-_orig_serverInitial = TftpStates.TftpServerState.serverInitial
-TftpStates.TftpServerState.serverInitial = _serverInitial
+_sinitial  = []
 
 
 class Tftpd(object):
@@ -95,8 +94,6 @@ class Tftpd(object):
             cbak = []
             if not self.args.tftp_no_fast and not EXE:
                 try:
-                    import inspect
-
                     ptn = re.compile(r"(^\s*)log\.debug\(.*\)$")
                     for C in Cs:
                         cbak.append(C.__dict__)
@@ -113,6 +110,11 @@ class Tftpd(object):
             for C in Cs:
                 C.log.debug = noop
 
+        # patch ipa-check into partftpd (part 2/2)
+        _sinitial[:] = []
+        _sinitial.append(TftpStates.TftpServerState.serverInitial)
+        TftpStates.TftpServerState.serverInitial = _serverInitial
+
         # patch vfs into partftpy
         TftpContexts.open = self._open
         TftpStates.open = self._open
@@ -357,7 +359,7 @@ class Tftpd(object):
             yeet("attempted delete of non-empty file")
 
         vpath = vpath.replace("\\", "/").lstrip("/")
-        self.hub.up2k.handle_rm("*", "8.3.8.7", [vpath], [], False)
+        self.hub.up2k.handle_rm("*", "8.3.8.7", [vpath], [], False, False)
 
     def _access(self, *a )  :
         return True