Commit | Line | Data |
---|---|---|
19e5b31b MP |
1 | Here's a new version of my rsync-server-over-remote-shell patch: |
2 | ||
3 | - diffs (-u) against 2.5.0 | |
4 | ||
5 | - syntax for running rsync server over remote shell is | |
6 | ||
7 | rsync [options] -e ssh source [user@]host::module[/dest] | |
8 | rsync [options] -e ssh [user@]host::module[/source] dest | |
9 | ||
10 | If you need different usernames at the rsyncd and ssh levels, you | |
11 | can do | |
12 | ||
13 | rsync [options] -e "ssh -l ssh-user" source rsyncd-user@host::module[/path] | |
14 | ||
15 | - rsync_module() now uses the SSH_CLIENT environment variable to get | |
16 | an IP address. As Martin mentioned, there is the potential for | |
17 | spoofing here, if the client can control what the SSH_CLIENT | |
18 | environment variable contains. (However, if the client can control | |
19 | the environment on the server side, it can do pretty much whatever | |
20 | it wants anyway....) If you're using this in a locked-down scheme | |
21 | with single-use SSH keys, then there's no way for the client to do | |
22 | anything to the environment, and it should be safe. | |
23 | ||
24 | Cheers -- | |
25 | ||
26 | JD Paul | |
27 | jdpaul@interstel.net | |
28 | ||
29 | P.S. Question -- is the enum { } of all the OPT_ variables in | |
30 | options.c necessary any more? It looks like it's not. | |
31 | ||
32 | On Tue, 20 Nov 2001, JD Paul wrote: | |
33 | ||
34 | > Hi -- | |
35 | > | |
36 | > I've made the changes to my code changes and the new diffs (against | |
37 | > 2.4.6 again) are included below. | |
38 | > | |
39 | > Syntax for running rsync server over a remote shell (e.g. ssh) is now: | |
40 | > | |
41 | > rsync [options] -e ssh source [user@]host::module[/dest] | |
42 | > rsync [options] -e ssh [user@]host::module[/source] dest | |
43 | > | |
44 | > Cheers -- | |
45 | > | |
46 | > JD | |
47 | > jdpaul@interstel.net | |
48 | > | |
49 | ||
50 | -------------------------<cut here>----------------------------------- | |
51 | ||
52 | ||
53 | Index: authenticate.c | |
54 | =================================================================== | |
55 | RCS file: /juno/repository/usr/local/pkg/rsync/authenticate.c,v | |
56 | retrieving revision 1.1.1.5 | |
57 | retrieving revision 1.4 | |
58 | diff -u -b -r1.1.1.5 -r1.4 | |
59 | --- authenticate.c 2001/12/03 23:48:45 1.1.1.5 | |
60 | +++ authenticate.c 2001/12/04 00:10:38 1.4 | |
61 | @@ -203,7 +203,7 @@ | |
62 | ||
63 | otherwise return username | |
64 | */ | |
65 | -char *auth_server(int fd, int module, char *addr, char *leader) | |
66 | +char *auth_server(int f_in, int f_out, int module, char *addr, char *leader) | |
67 | { | |
68 | char *users = lp_auth_users(module); | |
69 | char challenge[16]; | |
70 | @@ -222,9 +222,9 @@ | |
71 | ||
72 | base64_encode(challenge, 16, b64_challenge); | |
73 | ||
74 | - io_printf(fd,"%s%s\n", leader, b64_challenge); | |
75 | + io_printf(f_out,"%s%s\n", leader, b64_challenge); | |
76 | ||
77 | - if (!read_line(fd, line, sizeof(line)-1)) { | |
78 | + if (!read_line(f_in, line, sizeof(line)-1)) { | |
79 | return NULL; | |
80 | } | |
81 | ||
82 | Index: clientserver.c | |
83 | =================================================================== | |
84 | RCS file: /juno/repository/usr/local/pkg/rsync/clientserver.c,v | |
85 | retrieving revision 1.1.1.5 | |
86 | retrieving revision 1.11 | |
87 | diff -u -b -r1.1.1.5 -r1.11 | |
88 | --- clientserver.c 2001/12/03 23:48:48 1.1.1.5 | |
89 | +++ clientserver.c 2001/12/04 04:51:10 1.11 | |
90 | @@ -35,34 +35,22 @@ | |
91 | */ | |
92 | int start_socket_client(char *host, char *path, int argc, char *argv[]) | |
93 | { | |
94 | - int fd, i; | |
95 | - char *sargs[MAX_ARGS]; | |
96 | - int sargc=0; | |
97 | - char line[MAXPATHLEN]; | |
98 | + int fd; | |
99 | + int ret; | |
100 | char *p, *user=NULL; | |
101 | extern int remote_version; | |
102 | extern int am_sender; | |
103 | extern char *shell_cmd; | |
104 | - extern int kludge_around_eof; | |
105 | extern char *bind_address; | |
106 | ||
107 | if (argc == 0 && !am_sender) { | |
108 | extern int list_only; | |
109 | list_only = 1; | |
110 | } | |
111 | - | |
112 | - /* This is just a friendliness enhancement: if the connection | |
113 | - * is to an rsyncd then there is no point specifying the -e option. | |
114 | - * Note that this is only set if the -e was explicitly specified, | |
115 | - * not if the environment variable just happens to be set. | |
116 | - * See http://lists.samba.org/pipermail/rsync/2000-September/002744.html | |
117 | - */ | |
118 | - if (shell_cmd) { | |
119 | - rprintf(FERROR, "WARNING: --rsh or -e option ignored when " | |
120 | - "connecting to rsync daemon\n"); | |
121 | - /* continue */ | |
122 | - } | |
123 | ||
124 | + /* this is redundant with code in start_inband_exchange(), but | |
125 | + this short-circuits a problem before we open a socket, and | |
126 | + the extra check won't hurt */ | |
127 | if (*path == '/') { | |
128 | rprintf(FERROR,"ERROR: The remote path must start with a module name not a /\n"); | |
129 | return -1; | |
130 | @@ -75,15 +63,46 @@ | |
131 | *p = 0; | |
132 | } | |
133 | ||
134 | - if (!user) user = getenv("USER"); | |
135 | - if (!user) user = getenv("LOGNAME"); | |
136 | - | |
137 | fd = open_socket_out_wrapped (host, rsync_port, bind_address, | |
138 | global_opts.af_hint); | |
139 | if (fd == -1) { | |
140 | exit_cleanup(RERR_SOCKETIO); | |
141 | } | |
142 | ||
143 | + ret = start_inband_exchange(user, path, fd, fd, argc, argv); | |
144 | + | |
145 | + return (ret < 0 ) ? ret : client_run(fd, fd, -1, argc, argv); | |
146 | +} | |
147 | + | |
148 | +int start_inband_exchange(char *user, char *path, int f_in, int f_out, int argc, char *argv[]) | |
149 | +{ | |
150 | + int i; | |
151 | + char *sargs[MAX_ARGS]; | |
152 | + int sargc = 0; | |
153 | + char line[MAXPATHLEN]; | |
154 | + char *p; | |
155 | + extern int remote_version; | |
156 | + extern int kludge_around_eof; | |
157 | + extern int am_sender; | |
158 | + extern int daemon_over_rsh; | |
159 | + | |
160 | + if (argc == 0 && !am_sender) { | |
161 | + extern int list_only; | |
162 | + list_only = 1; | |
163 | + } | |
164 | + | |
165 | + if (*path == '/') { | |
166 | + rprintf(FERROR,"ERROR: The remote path must start with a module name\n"); | |
167 | + return -1; | |
168 | + } | |
169 | + | |
170 | + if (!user) user = getenv("USER"); | |
171 | + if (!user) user = getenv("LOGNAME"); | |
172 | + | |
173 | + /* set daemon_over_rsh to false since we need to build the | |
174 | + true set of args passed through the rsh/ssh connection; | |
175 | + this is a no-op for direct-socket-connection mode */ | |
176 | + daemon_over_rsh = 0; | |
177 | server_options(sargs,&sargc); | |
178 | ||
179 | sargs[sargc++] = "."; | |
180 | @@ -93,9 +112,9 @@ | |
181 | ||
182 | sargs[sargc] = NULL; | |
183 | ||
184 | - io_printf(fd,"@RSYNCD: %d\n", PROTOCOL_VERSION); | |
185 | + io_printf(f_out,"@RSYNCD: %d\n", PROTOCOL_VERSION); | |
186 | ||
187 | - if (!read_line(fd, line, sizeof(line)-1)) { | |
188 | + if (!read_line(f_in, line, sizeof(line)-1)) { | |
189 | return -1; | |
190 | } | |
191 | ||
192 | @@ -105,7 +124,7 @@ | |
193 | ||
194 | p = strchr(path,'/'); | |
195 | if (p) *p = 0; | |
196 | - io_printf(fd,"%s\n",path); | |
197 | + io_printf(f_out,"%s\n",path); | |
198 | if (p) *p = '/'; | |
199 | ||
200 | /* Old servers may just drop the connection here, | |
201 | @@ -113,12 +132,12 @@ | |
202 | kludge_around_eof = remote_version < 25; | |
203 | ||
204 | while (1) { | |
205 | - if (!read_line(fd, line, sizeof(line)-1)) { | |
206 | + if (!read_line(f_in, line, sizeof(line)-1)) { | |
207 | return -1; | |
208 | } | |
209 | ||
210 | if (strncmp(line,"@RSYNCD: AUTHREQD ",18) == 0) { | |
211 | - auth_client(fd, user, line+18); | |
212 | + auth_client(f_out, user, line+18); | |
213 | continue; | |
214 | } | |
215 | ||
216 | @@ -131,69 +150,97 @@ | |
217 | kludge_around_eof = False; | |
218 | ||
219 | for (i=0;i<sargc;i++) { | |
220 | - io_printf(fd,"%s\n", sargs[i]); | |
221 | + io_printf(f_out,"%s\n", sargs[i]); | |
222 | } | |
223 | - io_printf(fd,"\n"); | |
224 | + io_printf(f_out,"\n"); | |
225 | ||
226 | if (remote_version < 23) { | |
227 | if (remote_version == 22 || (remote_version > 17 && !am_sender)) | |
228 | - io_start_multiplex_in(fd); | |
229 | + io_start_multiplex_in(f_in); | |
230 | } | |
231 | ||
232 | - return client_run(fd, fd, -1, argc, argv); | |
233 | -} | |
234 | + return 0; | |
235 | ||
236 | +} | |
237 | ||
238 | ||
239 | -static int rsync_module(int fd, int i) | |
240 | +static int rsync_module(int f_in, int f_out, int i) | |
241 | { | |
242 | int argc=0; | |
243 | char *argv[MAX_ARGS]; | |
244 | char **argp; | |
245 | char line[MAXPATHLEN]; | |
246 | + char addr_buf[128]; | |
247 | uid_t uid = (uid_t)-2; /* canonically "nobody" */ | |
248 | gid_t gid = (gid_t)-2; | |
249 | char *p; | |
250 | - char *addr = client_addr(fd); | |
251 | - char *host = client_name(fd); | |
252 | + char *addr; | |
253 | + char *host; | |
254 | char *name = lp_name(i); | |
255 | int use_chroot = lp_use_chroot(i); | |
256 | int start_glob=0; | |
257 | int ret; | |
258 | char *request=NULL; | |
259 | extern int am_sender; | |
260 | + extern int am_server; | |
261 | + extern int am_daemon; | |
262 | extern int remote_version; | |
263 | extern int am_root; | |
264 | ||
265 | + if (is_a_socket(f_in)) { | |
266 | + addr = client_addr(f_in); | |
267 | + host = client_name(f_in); | |
268 | + } else { | |
269 | + char *ssh_client = getenv("SSH_CLIENT"); | |
270 | + if (ssh_client) { | |
271 | + strlcpy(addr_buf, ssh_client, sizeof(addr_buf)); | |
272 | + /* truncate SSH_CLIENT to just IP address */ | |
273 | + p = strchr(addr_buf, ' '); | |
274 | + if (p) { | |
275 | + *p = '\0'; | |
276 | + } | |
277 | + addr = addr_buf; | |
278 | + host = "remote.shell.connection"; | |
279 | + } else { | |
280 | + addr = "0.0.0.0"; | |
281 | + host = "remote.shell.connection"; | |
282 | + } | |
283 | + } | |
284 | + | |
285 | if (!allow_access(addr, host, lp_hosts_allow(i), lp_hosts_deny(i))) { | |
286 | rprintf(FERROR,"rsync denied on module %s from %s (%s)\n", | |
287 | - name, client_name(fd), client_addr(fd)); | |
288 | - io_printf(fd,"@ERROR: access denied to %s from %s (%s)\n", | |
289 | - name, client_name(fd), client_addr(fd)); | |
290 | + name, host, addr); | |
291 | + io_printf(f_out,"@ERROR: access denied to %s from %s (%s)\n", | |
292 | + name, host, addr); | |
293 | return -1; | |
294 | } | |
295 | ||
296 | + if (am_daemon && am_server) { | |
297 | + rprintf(FINFO, "rsync allowed access on module %s from %s (%s)\n", | |
298 | + name, host, addr); | |
299 | + } | |
300 | + | |
301 | if (!claim_connection(lp_lock_file(i), lp_max_connections(i))) { | |
302 | if (errno) { | |
303 | rprintf(FERROR,"failed to open lock file %s : %s\n", | |
304 | lp_lock_file(i), strerror(errno)); | |
305 | - io_printf(fd,"@ERROR: failed to open lock file %s : %s\n", | |
306 | + io_printf(f_out,"@ERROR: failed to open lock file %s : %s\n", | |
307 | lp_lock_file(i), strerror(errno)); | |
308 | } else { | |
309 | rprintf(FERROR,"max connections (%d) reached\n", | |
310 | lp_max_connections(i)); | |
311 | - io_printf(fd,"@ERROR: max connections (%d) reached - try again later\n", lp_max_connections(i)); | |
312 | + io_printf(f_out,"@ERROR: max connections (%d) reached - try again later\n", lp_max_connections(i)); | |
313 | } | |
314 | return -1; | |
315 | } | |
316 | ||
317 | ||
318 | - auth_user = auth_server(fd, i, addr, "@RSYNCD: AUTHREQD "); | |
319 | + auth_user = auth_server(f_in, f_out, i, addr, "@RSYNCD: AUTHREQD "); | |
320 | ||
321 | if (!auth_user) { | |
322 | rprintf(FERROR,"auth failed on module %s from %s (%s)\n", | |
323 | - name, client_name(fd), client_addr(fd)); | |
324 | - io_printf(fd,"@ERROR: auth failed on module %s\n",name); | |
325 | + name, host, addr); | |
326 | + io_printf(f_out,"@ERROR: auth failed on module %s\n",name); | |
327 | return -1; | |
328 | } | |
329 | ||
330 | @@ -206,7 +253,7 @@ | |
331 | if (!name_to_uid(p, &uid)) { | |
332 | if (!isdigit(*p)) { | |
333 | rprintf(FERROR,"Invalid uid %s\n", p); | |
334 | - io_printf(fd,"@ERROR: invalid uid %s\n", p); | |
335 | + io_printf(f_out,"@ERROR: invalid uid\n"); | |
336 | return -1; | |
337 | } | |
338 | uid = atoi(p); | |
339 | @@ -216,7 +263,7 @@ | |
340 | if (!name_to_gid(p, &gid)) { | |
341 | if (!isdigit(*p)) { | |
342 | rprintf(FERROR,"Invalid gid %s\n", p); | |
343 | - io_printf(fd,"@ERROR: invalid gid %s\n", p); | |
344 | + io_printf(f_out,"@ERROR: invalid gid\n"); | |
345 | return -1; | |
346 | } | |
347 | gid = atoi(p); | |
348 | @@ -259,20 +306,20 @@ | |
349 | */ | |
350 | if (chroot(lp_path(i))) { | |
351 | rsyserr(FERROR, errno, "chroot %s failed", lp_path(i)); | |
352 | - io_printf(fd,"@ERROR: chroot failed\n"); | |
353 | + io_printf(f_out,"@ERROR: chroot failed\n"); | |
354 | return -1; | |
355 | } | |
356 | ||
357 | if (!push_dir("/", 0)) { | |
358 | rsyserr(FERROR, errno, "chdir %s failed\n", lp_path(i)); | |
359 | - io_printf(fd,"@ERROR: chdir failed\n"); | |
360 | + io_printf(f_out,"@ERROR: chdir failed\n"); | |
361 | return -1; | |
362 | } | |
363 | ||
364 | } else { | |
365 | if (!push_dir(lp_path(i), 0)) { | |
366 | rsyserr(FERROR, errno, "chdir %s failed\n", lp_path(i)); | |
367 | - io_printf(fd,"@ERROR: chdir failed\n"); | |
368 | + io_printf(f_out,"@ERROR: chdir failed\n"); | |
369 | return -1; | |
370 | } | |
371 | sanitize_paths = 1; | |
372 | @@ -281,25 +328,25 @@ | |
373 | if (am_root) { | |
374 | if (setgid(gid)) { | |
375 | rsyserr(FERROR, errno, "setgid %d failed", (int) gid); | |
376 | - io_printf(fd,"@ERROR: setgid failed\n"); | |
377 | + io_printf(f_out,"@ERROR: setgid failed\n"); | |
378 | return -1; | |
379 | } | |
380 | ||
381 | if (setuid(uid)) { | |
382 | rsyserr(FERROR, errno, "setuid %d failed", (int) uid); | |
383 | - io_printf(fd,"@ERROR: setuid failed\n"); | |
384 | + io_printf(f_out,"@ERROR: setuid failed\n"); | |
385 | return -1; | |
386 | } | |
387 | ||
388 | am_root = (getuid() == 0); | |
389 | } | |
390 | ||
391 | - io_printf(fd,"@RSYNCD: OK\n"); | |
392 | + io_printf(f_out,"@RSYNCD: OK\n"); | |
393 | ||
394 | argv[argc++] = "rsyncd"; | |
395 | ||
396 | while (1) { | |
397 | - if (!read_line(fd, line, sizeof(line)-1)) { | |
398 | + if (!read_line(f_in, line, sizeof(line)-1)) { | |
399 | return -1; | |
400 | } | |
401 | ||
402 | @@ -367,7 +414,7 @@ | |
403 | ||
404 | if (remote_version < 23) { | |
405 | if (remote_version == 22 || (remote_version > 17 && am_sender)) | |
406 | - io_start_multiplex_out(fd); | |
407 | + io_start_multiplex_out(f_out); | |
408 | } | |
409 | ||
410 | /* For later protocol versions, we don't start multiplexing | |
411 | @@ -388,7 +435,7 @@ | |
412 | io_timeout = lp_timeout(i); | |
413 | } | |
414 | ||
415 | - start_server(fd, fd, argc, argp); | |
416 | + start_server(f_in, f_out, argc, argp); | |
417 | ||
418 | return 0; | |
419 | } | |
420 | @@ -409,26 +456,29 @@ | |
421 | io_printf(fd,"@RSYNCD: EXIT\n"); | |
422 | } | |
423 | ||
424 | -/* this is called when a socket connection is established to a client | |
425 | +/* this is called when a connection is established to a client | |
426 | and we want to start talking. The setup of the system is done from | |
427 | here */ | |
428 | -static int start_daemon(int fd) | |
429 | +int start_daemon(int f_in, int f_out) | |
430 | { | |
431 | char line[200]; | |
432 | char *motd; | |
433 | int i = -1; | |
434 | extern char *config_file; | |
435 | extern int remote_version; | |
436 | + extern int am_server; | |
437 | ||
438 | if (!lp_load(config_file, 0)) { | |
439 | exit_cleanup(RERR_SYNTAX); | |
440 | } | |
441 | ||
442 | - set_socket_options(fd,"SO_KEEPALIVE"); | |
443 | - set_socket_options(fd,lp_socket_options()); | |
444 | - set_nonblocking(fd); | |
445 | + if ( !am_server ) { | |
446 | + set_socket_options(f_in,"SO_KEEPALIVE"); | |
447 | + set_socket_options(f_in,lp_socket_options()); | |
448 | + set_nonblocking(f_in); | |
449 | + } | |
450 | ||
451 | - io_printf(fd,"@RSYNCD: %d\n", PROTOCOL_VERSION); | |
452 | + io_printf(f_out,"@RSYNCD: %d\n", PROTOCOL_VERSION); | |
453 | ||
454 | motd = lp_motd_file(); | |
455 | if (motd && *motd) { | |
456 | @@ -437,50 +487,49 @@ | |
457 | int len = fread(line, 1, sizeof(line)-1, f); | |
458 | if (len > 0) { | |
459 | line[len] = 0; | |
460 | - io_printf(fd,"%s", line); | |
461 | + io_printf(f_out,"%s", line); | |
462 | } | |
463 | } | |
464 | if (f) fclose(f); | |
465 | - io_printf(fd,"\n"); | |
466 | + io_printf(f_out,"\n"); | |
467 | } | |
468 | ||
469 | - if (!read_line(fd, line, sizeof(line)-1)) { | |
470 | + if (!read_line(f_in, line, sizeof(line)-1)) { | |
471 | return -1; | |
472 | } | |
473 | ||
474 | if (sscanf(line,"@RSYNCD: %d", &remote_version) != 1) { | |
475 | - io_printf(fd,"@ERROR: protocol startup error\n"); | |
476 | + io_printf(f_out,"@ERROR: protocol startup error\n"); | |
477 | return -1; | |
478 | } | |
479 | ||
480 | while (i == -1) { | |
481 | line[0] = 0; | |
482 | - if (!read_line(fd, line, sizeof(line)-1)) { | |
483 | + if (!read_line(f_in, line, sizeof(line)-1)) { | |
484 | return -1; | |
485 | } | |
486 | ||
487 | if (!*line || strcmp(line,"#list")==0) { | |
488 | - send_listing(fd); | |
489 | + send_listing(f_out); | |
490 | return -1; | |
491 | } | |
492 | ||
493 | if (*line == '#') { | |
494 | /* it's some sort of command that I don't understand */ | |
495 | - io_printf(fd,"@ERROR: Unknown command '%s'\n", line); | |
496 | + io_printf(f_out,"@ERROR: Unknown command '%s'\n", line); | |
497 | return -1; | |
498 | } | |
499 | ||
500 | i = lp_number(line); | |
501 | if (i == -1) { | |
502 | - io_printf(fd,"@ERROR: Unknown module '%s'\n", line); | |
503 | + io_printf(f_out,"@ERROR: Unknown module '%s'\n", line); | |
504 | return -1; | |
505 | } | |
506 | } | |
507 | ||
508 | - return rsync_module(fd, i); | |
509 | + return rsync_module(f_in, f_out, i); | |
510 | } | |
511 | ||
512 | - | |
513 | int daemon_main(void) | |
514 | { | |
515 | extern char *config_file; | |
516 | @@ -498,7 +547,7 @@ | |
517 | open("/dev/null", O_RDWR); | |
518 | } | |
519 | ||
520 | - return start_daemon(STDIN_FILENO); | |
521 | + return start_daemon(STDIN_FILENO, STDIN_FILENO); | |
522 | } | |
523 | ||
524 | become_daemon(); | |
525 | Index: main.c | |
526 | =================================================================== | |
527 | RCS file: /juno/repository/usr/local/pkg/rsync/main.c,v | |
528 | retrieving revision 1.1.1.7 | |
529 | retrieving revision 1.7 | |
530 | diff -u -b -r1.1.1.7 -r1.7 | |
531 | --- main.c 2001/12/03 23:48:56 1.1.1.7 | |
532 | +++ main.c 2001/12/04 00:10:38 1.7 | |
533 | @@ -133,9 +133,11 @@ | |
534 | int i,argc=0; | |
535 | pid_t ret; | |
536 | char *tok,*dir=NULL; | |
537 | + int dash_l_set = 0; | |
538 | extern int local_server; | |
539 | extern char *rsync_path; | |
540 | extern int blocking_io; | |
541 | + extern int daemon_over_rsh; | |
542 | extern int read_batch; | |
543 | ||
544 | if (!read_batch && !local_server) { /* dw -- added read_batch */ | |
545 | @@ -151,15 +153,23 @@ | |
546 | args[argc++] = tok; | |
547 | } | |
548 | ||
549 | + /* check to see if we've already been given '-l user' in | |
550 | + the remote-shell command */ | |
551 | + for (i=0;i<(argc-1);i++) { | |
552 | + if (!strcmp("-l", args[i]) && (args[i+1][0] != '-')) { | |
553 | + dash_l_set = 1; | |
554 | + } | |
555 | + } | |
556 | + | |
557 | #if HAVE_REMSH | |
558 | /* remsh (on HPUX) takes the arguments the other way around */ | |
559 | args[argc++] = machine; | |
560 | - if (user) { | |
561 | + if (user && !(daemon_over_rsh && dash_l_set)) { | |
562 | args[argc++] = "-l"; | |
563 | args[argc++] = user; | |
564 | } | |
565 | #else | |
566 | - if (user) { | |
567 | + if (user && !(daemon_over_rsh && dash_l_set)) { | |
568 | args[argc++] = "-l"; | |
569 | args[argc++] = user; | |
570 | } | |
571 | @@ -176,8 +186,10 @@ | |
572 | ||
573 | args[argc++] = "."; | |
574 | ||
575 | + if (!daemon_over_rsh) { | |
576 | if (path && *path) | |
577 | args[argc++] = path; | |
578 | + } | |
579 | ||
580 | args[argc] = NULL; | |
581 | ||
582 | @@ -617,15 +629,17 @@ | |
583 | extern int am_sender; | |
584 | extern char *shell_cmd; | |
585 | extern int rsync_port; | |
586 | + extern int daemon_over_rsh; | |
587 | extern int whole_file; | |
588 | extern int read_batch; | |
589 | int rc; | |
590 | ||
591 | /* Don't clobber argv[] so that ps(1) can still show the right | |
592 | command line. */ | |
593 | - if ((rc = copy_argv (argv))) | |
594 | + if ((rc = copy_argv(argv))) | |
595 | return rc; | |
596 | ||
597 | + /* rsync:// always uses rsync server over direct socket connection */ | |
598 | if (strncasecmp(URL_PREFIX, argv[0], strlen(URL_PREFIX)) == 0) { | |
599 | char *host, *path; | |
600 | ||
601 | @@ -651,7 +665,13 @@ | |
602 | if (p) { | |
603 | if (p[1] == ':') { | |
604 | *p = 0; | |
605 | - return start_socket_client(argv[0], p+2, argc-1, argv+1); | |
606 | + if (!shell_cmd) { | |
607 | + return start_socket_client(argv[0], p+2, | |
608 | + argc-1, argv+1); | |
609 | + } else { | |
610 | + ++p; | |
611 | + daemon_over_rsh = 1; | |
612 | + } | |
613 | } | |
614 | ||
615 | if (argc < 1) { | |
616 | @@ -675,7 +695,13 @@ | |
617 | whole_file = 1; | |
618 | } else if (p[1] == ':') { | |
619 | *p = 0; | |
620 | - return start_socket_client(argv[argc-1], p+2, argc-1, argv); | |
621 | + if (!shell_cmd) { | |
622 | + return start_socket_client(argv[argc-1], p+2, | |
623 | + argc-1, argv); | |
624 | + } else { | |
625 | + ++p; | |
626 | + daemon_over_rsh = 1; | |
627 | + } | |
628 | } | |
629 | ||
630 | if (argc < 2) { | |
631 | @@ -726,8 +752,20 @@ | |
632 | list_only = 1; | |
633 | } | |
634 | ||
635 | - pid = do_cmd(shell_cmd,shell_machine,shell_user,shell_path,&f_in,&f_out); | |
636 | + pid = do_cmd(shell_cmd,shell_machine,shell_user,shell_path, | |
637 | + &f_in,&f_out); | |
638 | ||
639 | + /* if we're running an rsync server on the remote host over a | |
640 | + remote shell command, we need to do the RSYNCD protocol first */ | |
641 | + if (daemon_over_rsh) { | |
642 | + int tmpret; | |
643 | + tmpret = start_inband_exchange(shell_user, shell_path, | |
644 | + f_in, f_out, argc, argv); | |
645 | + if ( tmpret < 0 ) { | |
646 | + return tmpret; | |
647 | + } | |
648 | + } | |
649 | + | |
650 | ret = client_run(f_in, f_out, pid, argc, argv); | |
651 | ||
652 | fflush(stdout); | |
653 | @@ -813,7 +851,7 @@ | |
654 | set_batch_file_ext(batch_ext); | |
655 | } | |
656 | ||
657 | - if (am_daemon) { | |
658 | + if (am_daemon && !am_server) { | |
659 | return daemon_main(); | |
660 | } | |
661 | ||
662 | @@ -835,7 +873,11 @@ | |
663 | if (am_server) { | |
664 | set_nonblocking(STDIN_FILENO); | |
665 | set_nonblocking(STDOUT_FILENO); | |
666 | + if (am_daemon) { | |
667 | + return start_daemon(STDIN_FILENO, STDOUT_FILENO); | |
668 | + } else { | |
669 | start_server(STDIN_FILENO, STDOUT_FILENO, argc, argv); | |
670 | + } | |
671 | } | |
672 | ||
673 | ret = start_client(argc, argv); | |
674 | Index: options.c | |
675 | =================================================================== | |
676 | RCS file: /juno/repository/usr/local/pkg/rsync/options.c,v | |
677 | retrieving revision 1.1.1.5 | |
678 | retrieving revision 1.11 | |
679 | diff -u -b -r1.1.1.5 -r1.11 | |
680 | --- options.c 2001/12/03 23:48:57 1.1.1.5 | |
681 | +++ options.c 2001/12/04 05:30:27 1.11 | |
682 | @@ -21,6 +21,7 @@ | |
683 | #include "rsync.h" | |
684 | #include "popt.h" | |
685 | ||
686 | + | |
687 | int make_backups = 0; | |
688 | int whole_file = 0; | |
689 | int copy_links = 0; | |
690 | @@ -53,6 +54,7 @@ | |
691 | int module_id = -1; | |
692 | int am_server = 0; | |
693 | int am_sender = 0; | |
694 | +int daemon_over_rsh = 0; | |
695 | int recurse = 0; | |
696 | int am_daemon=0; | |
697 | int do_stats=0; | |
698 | @@ -535,6 +537,13 @@ | |
699 | int i, x; | |
700 | ||
701 | args[ac++] = "--server"; | |
702 | + | |
703 | + if (daemon_over_rsh) { | |
704 | + args[ac++] = "--daemon"; | |
705 | + *argc = ac; | |
706 | + /* if we're passing --daemon, we're done */ | |
707 | + return; | |
708 | + } | |
709 | ||
710 | if (!am_sender) | |
711 | args[ac++] = "--sender"; | |
712 | Index: proto.h | |
713 | =================================================================== | |
714 | RCS file: /juno/repository/usr/local/pkg/rsync/proto.h,v | |
715 | retrieving revision 1.1.1.7 | |
716 | retrieving revision 1.5 | |
717 | diff -u -b -r1.1.1.7 -r1.5 | |
718 | --- proto.h 2001/12/03 23:48:57 1.1.1.7 | |
719 | +++ proto.h 2001/12/04 00:10:38 1.5 | |
720 | @@ -1,7 +1,7 @@ | |
721 | /* This file is automatically generated with "make proto". DO NOT EDIT */ | |
722 | ||
723 | int allow_access(char *addr, char *host, char *allow_list, char *deny_list); | |
724 | -char *auth_server(int fd, int module, char *addr, char *leader); | |
725 | +char *auth_server(int f_in, int f_out, int module, char *addr, char *leader); | |
726 | void auth_client(int fd, char *user, char *challenge); | |
727 | int make_backup(char *fname); | |
728 | void create_batch_file_ext(); | |
729 | @@ -37,6 +37,8 @@ | |
730 | struct map_struct *buf, int fd1, int fd2); | |
731 | void cleanup_set_pid(int pid); | |
732 | int start_socket_client(char *host, char *path, int argc, char *argv[]); | |
733 | +int start_inband_exchange(char *user, char *path, int f_in, int f_out, int argc, char *argv[]); | |
734 | +int start_daemon(int f_in, int f_out); | |
735 | int daemon_main(void); | |
736 | void setup_protocol(int f_out,int f_in); | |
737 | int claim_connection(char *fname,int max_connections); | |
738 | @@ -173,7 +175,7 @@ | |
739 | const char *bind_address, | |
740 | int af_hint); | |
741 | int is_a_socket(int fd); | |
742 | -void start_accept_loop(int port, int (*fn)(int )); | |
743 | +void start_accept_loop(int port, int (*fn)(int, int)); | |
744 | void set_socket_options(int fd, char *options); | |
745 | void become_daemon(void); | |
746 | char *client_addr(int fd); | |
747 | Index: rsync.1 | |
748 | =================================================================== | |
749 | RCS file: /juno/repository/usr/local/pkg/rsync/rsync.1,v | |
750 | retrieving revision 1.1.1.7 | |
751 | retrieving revision 1.9 | |
752 | diff -u -b -r1.1.1.7 -r1.9 | |
753 | --- rsync.1 2001/12/03 23:48:58 1.1.1.7 | |
754 | +++ rsync.1 2001/12/04 05:02:26 1.9 | |
755 | @@ -47,7 +47,7 @@ | |
756 | .PP | |
757 | .SH "GENERAL" | |
758 | .PP | |
759 | -There are six different ways of using rsync\&. They are: | |
760 | +There are eight different ways of using rsync\&. They are: | |
761 | .PP | |
762 | .IP o | |
763 | for copying local files\&. This is invoked when neither | |
764 | @@ -75,6 +75,20 @@ | |
765 | separator\&. | |
766 | .IP | |
767 | .IP o | |
768 | +for copying from a remote machine using a remote shell | |
769 | +program as the transport, using rsync server on the remote | |
770 | +machine\&. This is invoked when the source path contains a :: | |
771 | +separator and the --rsh=COMMAND (aka "-e COMMAND") option is | |
772 | +also provided\&. | |
773 | +.IP | |
774 | +.IP o | |
775 | +for copying from the local machine to a remote machine | |
776 | +using a remote shell program as the transport, using rsync | |
777 | +server on the remote machine\&. This is invoked when the | |
778 | +destination path contains a :: separator and the | |
779 | +--rsh=COMMMAND option is also provided\&. | |
780 | +.IP | |
781 | +.IP o | |
782 | for listing files on a remote machine\&. This is done the | |
783 | same way as rsync transfers except that you leave off the | |
784 | local destination\&. | |
785 | @@ -139,7 +153,7 @@ | |
786 | using the --delete option\&. | |
787 | .PP | |
788 | You can also use rsync in local-only mode, where both the source and | |
789 | -destination don\&'t have a \&':\&' in the name\&. In this case it behaves like | |
790 | +destination don\'t have a \':\' in the name\&. In this case it behaves like | |
791 | an improved copy command\&. | |
792 | .PP | |
793 | .RS | |
794 | @@ -155,7 +169,7 @@ | |
795 | transport\&. In this case you will connect to a remote rsync server | |
796 | running on TCP port 873\&. | |
797 | .PP | |
798 | -You may establish the connetcion via a web proxy by setting the | |
799 | +You may establish the connection via a web proxy by setting the | |
800 | environment variable RSYNC_PROXY to a hostname:port pair pointing to | |
801 | your web proxy\&. Note that your web proxy must allow proxying to port | |
802 | 873, this must be configured in your proxy servers ruleset\&. | |
803 | @@ -188,17 +202,70 @@ | |
804 | WARNING: On some systems environment variables are visible to all | |
805 | users\&. On those systems using --password-file is recommended\&. | |
806 | .PP | |
807 | +.SH "CONNECTING TO AN RSYNC SERVER OVER A REMOTE SHELL PROGRAM" | |
808 | +.PP | |
809 | +It is sometimes useful to be able to set up file transfers using rsync | |
810 | +server capabilities on the remote machine, while still using rsh or | |
811 | +ssh for transport\&. This is especially useful when you want to connect | |
812 | +to a remote machine via ssh (for encryption or to get through a | |
813 | +firewall), but you still want to have access to the rsync server | |
814 | +features (see RUNNING AN RSYNC SERVER OVER A REMOTE SHELL PROGRAM, | |
815 | +below)\&. | |
816 | +.PP | |
817 | +From the user\'s perspective, using rsync in this way is the same as | |
818 | +using it to connect to an rsync server, except that you must | |
819 | +explicitly set the remote shell program on the command line with | |
820 | +--rsh=COMMAND\&. (Setting RSYNC_RSH in the environment will not turn on | |
821 | +this functionality\&.) | |
822 | +.PP | |
823 | +In order to distinguish between the remote-shell user and the rsync | |
824 | +server user, you can use \'-l user\' on your remote-shell command: | |
825 | +.PP | |
826 | +.RS | |
827 | +rsync -av --rsh="ssh -l ssh-user" rsync-user@host::module[/path] local-path | |
828 | +.RE | |
829 | +.PP | |
830 | +The "ssh-user" will be used at the ssh level; the "rsync-user" will be | |
831 | +used to check against the rsyncd\&.conf on the remote host\&. | |
832 | +.PP | |
833 | .SH "RUNNING AN RSYNC SERVER" | |
834 | .PP | |
835 | An rsync server is configured using a config file which by default is | |
836 | called /etc/rsyncd\&.conf\&. Please see the rsyncd\&.conf(5) man page for more | |
837 | information\&. | |
838 | .PP | |
839 | +.SH "RUNNING AN RSYNC SERVER OVER A REMOTE SHELL PROGRAM" | |
840 | +.PP | |
841 | +See the rsyncd\&.conf(5) man page for full information on the rsync | |
842 | +server configuration file\&. | |
843 | +.PP | |
844 | +Several configuration options will not be available unless the remote | |
845 | +user is root (e\&.g\&. chroot, setuid/setgid, etc\&.)\&. There is no need to | |
846 | +configure inetd or the services map to include the rsync server port | |
847 | +if you run an rsync server only via a remote shell program\&. | |
848 | +.PP | |
849 | +To run an rsync server out of a single-use ssh key, use the | |
850 | +"command=\fICOMMAND\fP" syntax in the remote user\'s | |
851 | +authorized_keys entry, where command would be | |
852 | +.PP | |
853 | +.RS | |
854 | +rsync --server --daemon \&. | |
855 | +.RE | |
856 | +.PP | |
857 | +NOTE: rsync\'s argument parsing expects the trailing "\&.", so make sure | |
858 | +that it\'s there\&. If you want to use a rsyncd\&.conf(5)-style | |
859 | +configuration file other than /etc/rsyncd\&.conf, you can added a | |
860 | +--config-file option to the \fIcommand\fP: | |
861 | +.PP | |
862 | +.RS | |
863 | +rsync --server --daemon --config-file=\fIfile\fP \&. | |
864 | +.RE | |
865 | +.PP | |
866 | .SH "EXAMPLES" | |
867 | .PP | |
868 | Here are some examples of how I use rsync\&. | |
869 | .PP | |
870 | -To backup my wife\&'s home directory, which consists of large MS Word | |
871 | +To backup my wife\'s home directory, which consists of large MS Word | |
872 | files and mail folders, I use a cron job that runs | |
873 | .PP | |
874 | .RS | |
875 | @@ -214,7 +281,7 @@ | |
876 | .RS | |
877 | get: | |
878 | .br | |
879 | -rsync -avuzb --exclude \&'*~\&' samba:samba/ \&. | |
880 | +rsync -avuzb --exclude \'*~\' samba:samba/ \&. | |
881 | .PP | |
882 | put: | |
883 | .br | |
884 | @@ -225,7 +292,7 @@ | |
885 | .PP | |
886 | this allows me to sync with a CVS directory at the other end of the | |
887 | link\&. I then do cvs operations on the remote machine, which saves a | |
888 | -lot of time as the remote cvs protocol isn\&'t very efficient\&. | |
889 | +lot of time as the remote cvs protocol isn\'t very efficient\&. | |
890 | .PP | |
891 | I mirror a directory between my "old" and "new" ftp sites with the | |
892 | command | |
893 | @@ -254,7 +321,7 @@ | |
894 | -b, --backup make backups (default ~ suffix) | |
895 | --backup-dir make backups into this directory | |
896 | --suffix=SUFFIX override backup suffix | |
897 | - -u, --update update only (don\&'t overwrite newer files) | |
898 | + -u, --update update only (don\'t overwrite newer files) | |
899 | -l, --links preserve soft links | |
900 | -L, --copy-links treat soft links like regular files | |
901 | --copy-unsafe-links copy links outside the source tree | |
902 | @@ -268,22 +335,22 @@ | |
903 | -S, --sparse handle sparse files efficiently | |
904 | -n, --dry-run show what would have been transferred | |
905 | -W, --whole-file copy whole files, no incremental checks | |
906 | - -x, --one-file-system don\&'t cross filesystem boundaries | |
907 | + -x, --one-file-system don\'t cross filesystem boundaries | |
908 | -B, --block-size=SIZE checksum blocking size (default 700) | |
909 | -e, --rsh=COMMAND specify rsh replacement | |
910 | --rsync-path=PATH specify path to rsync on the remote machine | |
911 | -C, --cvs-exclude auto ignore files in the same way CVS does | |
912 | --existing only update files that already exist | |
913 | - --delete delete files that don\&'t exist on the sending side | |
914 | + --delete delete files that don\'t exist on the sending side | |
915 | --delete-excluded also delete excluded files on the receiving side | |
916 | --delete-after delete after transferring, not before | |
917 | --ignore-errors delete even if there are IO errors | |
918 | - --max-delete=NUM don\&'t delete more than NUM files | |
919 | + --max-delete=NUM don\'t delete more than NUM files | |
920 | --partial keep partially transferred files | |
921 | --force force deletion of directories even if not empty | |
922 | - --numeric-ids don\&'t map uid/gid values by user/group name | |
923 | + --numeric-ids don\'t map uid/gid values by user/group name | |
924 | --timeout=TIME set IO timeout in seconds | |
925 | - -I, --ignore-times don\&'t exclude files that match length and time | |
926 | + -I, --ignore-times don\'t exclude files that match length and time | |
927 | --size-only only use file size when determining if a file should be transferred | |
928 | --modify-window=NUM Timestamp window (seconds) for file match (default=0) | |
929 | -T --temp-dir=DIR create temporary files in directory DIR | |
930 | @@ -292,8 +359,8 @@ | |
931 | -z, --compress compress file data | |
932 | --exclude=PATTERN exclude files matching PATTERN | |
933 | --exclude-from=FILE exclude patterns listed in FILE | |
934 | - --include=PATTERN don\&'t exclude files matching PATTERN | |
935 | - --include-from=FILE don\&'t exclude patterns listed in FILE | |
936 | + --include=PATTERN don\'t exclude files matching PATTERN | |
937 | + --include-from=FILE don\'t exclude patterns listed in FILE | |
938 | --version print version number | |
939 | --daemon run as a rsync daemon | |
940 | --address bind to the specified address | |
941 | @@ -320,7 +387,7 @@ | |
942 | rsync uses the GNU long options package\&. Many of the command line | |
943 | options have two variants, one short and one long\&. These are shown | |
944 | below, separated by commas\&. Some options only have a long variant\&. | |
945 | -The \&'=\&' for options that take a parameter is optional; whitespace | |
946 | +The \'=\' for options that take a parameter is optional; whitespace | |
947 | can be used instead\&. | |
948 | .PP | |
949 | .IP "\fB-h, --help\fP" | |
950 | @@ -384,7 +451,7 @@ | |
951 | .IP | |
952 | .IP "\fB-r, --recursive\fP" | |
953 | This tells rsync to copy directories | |
954 | -recursively\&. If you don\&'t specify this then rsync won\&'t copy | |
955 | +recursively\&. If you don\'t specify this then rsync won\'t copy | |
956 | directories at all\&. | |
957 | .IP | |
958 | .IP "\fB-R, --relative\fP" | |
959 | @@ -502,7 +569,7 @@ | |
960 | option is not used, the optimization that excludes files that have not been | |
961 | modified cannot be effective; in other words, a missing -t or -a will | |
962 | cause the next transfer to behave as if it used -I, and all files will have | |
963 | -their checksums compared and show up in log messages even if they haven\&'t | |
964 | +their checksums compared and show up in log messages even if they haven\'t | |
965 | changed\&. | |
966 | .IP | |
967 | .IP "\fB-n, --dry-run\fP" | |
968 | @@ -513,8 +580,8 @@ | |
969 | Try to handle sparse files efficiently so they take | |
970 | up less space on the destination\&. | |
971 | .IP | |
972 | -NOTE: Don\&'t use this option when the destination is a Solaris "tmpfs" | |
973 | -filesystem\&. It doesn\&'t seem to handle seeks over null regions | |
974 | +NOTE: Don\'t use this option when the destination is a Solaris "tmpfs" | |
975 | +filesystem\&. It doesn\'t seem to handle seeks over null regions | |
976 | correctly and ends up corrupting the files\&. | |
977 | .IP | |
978 | .IP "\fB-x, --one-file-system\fP" | |
979 | @@ -533,14 +600,14 @@ | |
980 | .IP | |
981 | .IP "\fB--delete\fP" | |
982 | This tells rsync to delete any files on the receiving | |
983 | -side that aren\&'t on the sending side\&. Files that are excluded from | |
984 | +side that aren\'t on the sending side\&. Files that are excluded from | |
985 | transfer are excluded from being deleted unless you use --delete-excluded\&. | |
986 | .IP | |
987 | This option has no effect if directory recursion is not selected\&. | |
988 | .IP | |
989 | This option can be dangerous if used incorrectly! It is a very good idea | |
990 | to run first using the dry run option (-n) to see what files would be | |
991 | -deleted to make sure important files aren\&'t listed\&. | |
992 | +deleted to make sure important files aren\'t listed\&. | |
993 | .IP | |
994 | If the sending side detects any IO errors then the deletion of any | |
995 | files at the destination will be automatically disabled\&. This is to | |
996 | @@ -582,14 +649,29 @@ | |
997 | remote copies of rsync\&. By default, rsync will use rsh, but you may | |
998 | like to instead use ssh because of its high security\&. | |
999 | .IP | |
1000 | +If this option is used with \fB[user@]host::module/path\fP, then the | |
1001 | +remote shell \fICOMMMAND\fP will be used to run an rsync server on the | |
1002 | +remote host, and all data will be transmitted through that remote | |
1003 | +shell connection, rather than through a direct socket connection to a | |
1004 | +running rsync server on the remote host\&. | |
1005 | +.IP | |
1006 | You can also choose the remote shell program using the RSYNC_RSH | |
1007 | environment variable\&. | |
1008 | .IP | |
1009 | +In either case, rsync will tokenize the remote-shell command, so you | |
1010 | +can use constructions like | |
1011 | +.IP | |
1012 | +.RS | |
1013 | +rsync [options] --rsh="ssh -l user -i identity" source dest | |
1014 | +.RE | |
1015 | +.IP | |
1016 | +to control things at a fine level\&. | |
1017 | +.IP | |
1018 | See also the --blocking-io option which is affected by this option\&. | |
1019 | .IP | |
1020 | .IP "\fB--rsync-path=PATH\fP" | |
1021 | Use this to specify the path to the copy of | |
1022 | -rsync on the remote machine\&. Useful when it\&'s not in your path\&. Note | |
1023 | +rsync on the remote machine\&. Useful when it\'s not in your path\&. Note | |
1024 | that this is the full path to the binary, not just the directory that | |
1025 | the binary is in\&. | |
1026 | .IP | |
1027 | @@ -608,7 +690,7 @@ | |
1028 | This option is similar to the --exclude | |
1029 | option, but instead it adds all exclude patterns listed in the file | |
1030 | FILE to the exclude list\&. Blank lines in FILE and lines starting with | |
1031 | -\&';\&' or \&'#\&' are ignored\&. | |
1032 | +\';\' or \'#\' are ignored\&. | |
1033 | .IP | |
1034 | .IP "\fB--include=PATTERN\fP" | |
1035 | This option tells rsync to not exclude the | |
1036 | @@ -624,7 +706,7 @@ | |
1037 | .IP | |
1038 | .IP "\fB-C, --cvs-exclude\fP" | |
1039 | This is a useful shorthand for excluding a | |
1040 | -broad range of files that you often don\&'t want to transfer between | |
1041 | +broad range of files that you often don\'t want to transfer between | |
1042 | systems\&. It uses the same algorithm that CVS uses to determine if | |
1043 | a file should be ignored\&. | |
1044 | .IP | |
1045 | @@ -676,7 +758,7 @@ | |
1046 | flash-cutover when all files have been successfully transferred (for | |
1047 | example by moving directories around and removing the old directory, | |
1048 | although this requires also doing the transfer with -I to avoid skipping | |
1049 | -files that haven\&'t changed)\&. This option increases the usefulness of | |
1050 | +files that haven\'t changed)\&. This option increases the usefulness of | |
1051 | --partial because partially transferred files will remain in the new | |
1052 | temporary destination until they have a chance to be completed\&. If DIR is | |
1053 | a relative path, it is relative to the destination directory\&. | |
1054 | @@ -741,7 +823,7 @@ | |
1055 | a remote shell transport\&. If -e or --rsh are not specified or are set to | |
1056 | the default "rsh", this defaults to blocking IO, otherwise it defaults to | |
1057 | non-blocking IO\&. You may find the --blocking-io option is needed for some | |
1058 | -remote shells that can\&'t handle non-blocking IO\&. Ssh prefers blocking IO\&. | |
1059 | +remote shells that can\'t handle non-blocking IO\&. Ssh prefers blocking IO\&. | |
1060 | .IP | |
1061 | .IP "\fB--log-format=FORMAT\fP" | |
1062 | This allows you to specify exactly what the | |
1063 | @@ -847,7 +929,7 @@ | |
1064 | .IP o | |
1065 | if the pattern contains a / (not counting a trailing /) then it | |
1066 | is matched against the full filename, including any leading | |
1067 | -directory\&. If the pattern doesn\&'t contain a / then it is matched | |
1068 | +directory\&. If the pattern doesn\'t contain a / then it is matched | |
1069 | only against the final component of the filename\&. Again, remember | |
1070 | that the algorithm is applied recursively so "full filename" can | |
1071 | actually be any portion of a path\&. | |
1072 | @@ -869,12 +951,12 @@ | |
1073 | The +/- rules are most useful in exclude lists, allowing you to have a | |
1074 | single exclude list that contains both include and exclude options\&. | |
1075 | .PP | |
1076 | -If you end an exclude list with --exclude \&'*\&', note that since the | |
1077 | +If you end an exclude list with --exclude \'*\', note that since the | |
1078 | algorithm is applied recursively that unless you explicitly include | |
1079 | parent directories of files you want to include then the algorithm | |
1080 | will stop at the parent directories and never see the files below | |
1081 | -them\&. To include all directories, use --include \&'*/\&' before the | |
1082 | ---exclude \&'*\&'\&. | |
1083 | +them\&. To include all directories, use --include \'*/\' before the | |
1084 | +--exclude \'*\'\&. | |
1085 | .PP | |
1086 | Here are some exclude/include examples: | |
1087 | .PP | |
1088 | @@ -1020,7 +1102,7 @@ | |
1089 | are used to determine the default username sent to a rsync server\&. | |
1090 | .IP | |
1091 | .IP "\fBHOME\fP" | |
1092 | -The HOME environment variable is used to find the user\&'s | |
1093 | +The HOME environment variable is used to find the user\'s | |
1094 | default \&.cvsignore file\&. | |
1095 | .IP | |
1096 | .PP | |
1097 | @@ -1070,7 +1152,7 @@ | |
1098 | .SH "THANKS" | |
1099 | .PP | |
1100 | Thanks to Richard Brent, Brendan Mackay, Bill Waite, Stephen Rothwell | |
1101 | -and David Bell for helpful suggestions and testing of rsync\&. I\&'ve | |
1102 | +and David Bell for helpful suggestions and testing of rsync\&. I\'ve | |
1103 | probably missed some people, my apologies if I have\&. | |
1104 | .PP | |
1105 | .SH "AUTHOR" | |
1106 | Index: rsync.yo | |
1107 | =================================================================== | |
1108 | RCS file: /juno/repository/usr/local/pkg/rsync/rsync.yo,v | |
1109 | retrieving revision 1.1.1.5 | |
1110 | retrieving revision 1.4 | |
1111 | diff -u -b -r1.1.1.5 -r1.4 | |
1112 | --- rsync.yo 2001/12/03 23:49:01 1.1.1.5 | |
1113 | +++ rsync.yo 2001/12/04 00:10:39 1.4 | |
1114 | @@ -42,7 +42,7 @@ | |
1115 | ||
1116 | manpagesection(GENERAL) | |
1117 | ||
1118 | -There are six different ways of using rsync. They are: | |
1119 | +There are eight different ways of using rsync. They are: | |
1120 | ||
1121 | itemize( | |
1122 | it() for copying local files. This is invoked when neither | |
1123 | @@ -65,6 +65,18 @@ | |
1124 | server. This is invoked when the destination path contains a :: | |
1125 | separator. | |
1126 | ||
1127 | + it() for copying from a remote machine using a remote shell | |
1128 | + program as the transport, using rsync server on the remote | |
1129 | + machine. This is invoked when the source path contains a :: | |
1130 | + separator and the --rsh=COMMAND (aka "-e COMMAND") option is | |
1131 | + also provided. | |
1132 | + | |
1133 | + it() for copying from the local machine to a remote machine | |
1134 | + using a remote shell program as the transport, using rsync | |
1135 | + server on the remote machine. This is invoked when the | |
1136 | + destination path contains a :: separator and the | |
1137 | + --rsh=COMMMAND option is also provided. | |
1138 | + | |
1139 | it() for listing files on a remote machine. This is done the | |
1140 | same way as rsync transfers except that you leave off the | |
1141 | local destination. | |
1142 | @@ -139,7 +151,7 @@ | |
1143 | transport. In this case you will connect to a remote rsync server | |
1144 | running on TCP port 873. | |
1145 | ||
1146 | -You may establish the connetcion via a web proxy by setting the | |
1147 | +You may establish the connection via a web proxy by setting the | |
1148 | environment variable RSYNC_PROXY to a hostname:port pair pointing to | |
1149 | your web proxy. Note that your web proxy must allow proxying to port | |
1150 | 873, this must be configured in your proxy servers ruleset. | |
1151 | @@ -170,12 +182,59 @@ | |
1152 | WARNING: On some systems environment variables are visible to all | |
1153 | users. On those systems using --password-file is recommended. | |
1154 | ||
1155 | +manpagesection(CONNECTING TO AN RSYNC SERVER OVER A REMOTE SHELL PROGRAM) | |
1156 | + | |
1157 | +It is sometimes useful to be able to set up file transfers using rsync | |
1158 | +server capabilities on the remote machine, while still using rsh or | |
1159 | +ssh for transport. This is especially useful when you want to connect | |
1160 | +to a remote machine via ssh (for encryption or to get through a | |
1161 | +firewall), but you still want to have access to the rsync server | |
1162 | +features (see RUNNING AN RSYNC SERVER OVER A REMOTE SHELL PROGRAM, | |
1163 | +below). | |
1164 | + | |
1165 | +From the user's perspective, using rsync in this way is the same as | |
1166 | +using it to connect to an rsync server, except that you must | |
1167 | +explicitly set the remote shell program on the command line with | |
1168 | +--rsh=COMMAND. (Setting RSYNC_RSH in the environment will not turn on | |
1169 | +this functionality.) | |
1170 | + | |
1171 | +In order to distinguish between the remote-shell user and the rsync | |
1172 | +server user, you can use '-l user' on your remote-shell command: | |
1173 | + | |
1174 | +quote(rsync -av --rsh="ssh -l ssh-user" rsync-user@host::module[/path] local-path) | |
1175 | + | |
1176 | +The "ssh-user" will be used at the ssh level; the "rsync-user" will be | |
1177 | +used to check against the rsyncd.conf on the remote host. | |
1178 | + | |
1179 | manpagesection(RUNNING AN RSYNC SERVER) | |
1180 | ||
1181 | An rsync server is configured using a config file which by default is | |
1182 | called /etc/rsyncd.conf. Please see the rsyncd.conf(5) man page for more | |
1183 | information. | |
1184 | ||
1185 | +manpagesection(RUNNING AN RSYNC SERVER OVER A REMOTE SHELL PROGRAM) | |
1186 | + | |
1187 | +See the rsyncd.conf(5) man page for full information on the rsync | |
1188 | +server configuration file. | |
1189 | + | |
1190 | +Several configuration options will not be available unless the remote | |
1191 | +user is root (e.g. chroot, setuid/setgid, etc.). There is no need to | |
1192 | +configure inetd or the services map to include the rsync server port | |
1193 | +if you run an rsync server only via a remote shell program. | |
1194 | + | |
1195 | +To run an rsync server out of a single-use ssh key, use the | |
1196 | +"command=em(COMMAND)" syntax in the remote user's | |
1197 | +authorized_keys entry, where command would be | |
1198 | + | |
1199 | +quote(rsync --server --daemon .) | |
1200 | + | |
1201 | +NOTE: rsync's argument parsing expects the trailing ".", so make sure | |
1202 | +that it's there. If you want to use a rsyncd.conf(5)-style | |
1203 | +configuration file other than /etc/rsyncd.conf, you can added a | |
1204 | +--config-file option to the em(command): | |
1205 | + | |
1206 | +quote(rsync --server --daemon --config-file=em(file) .) | |
1207 | + | |
1208 | manpagesection(EXAMPLES) | |
1209 | ||
1210 | Here are some examples of how I use rsync. | |
1211 | @@ -501,8 +560,21 @@ | |
1212 | remote copies of rsync. By default, rsync will use rsh, but you may | |
1213 | like to instead use ssh because of its high security. | |
1214 | ||
1215 | +If this option is used with bf([user@]host::module/path), then the | |
1216 | +remote shell em(COMMMAND) will be used to run an rsync server on the | |
1217 | +remote host, and all data will be transmitted through that remote | |
1218 | +shell connection, rather than through a direct socket connection to a | |
1219 | +running rsync server on the remote host. | |
1220 | + | |
1221 | You can also choose the remote shell program using the RSYNC_RSH | |
1222 | environment variable. | |
1223 | + | |
1224 | +In either case, rsync will tokenize the remote-shell command, so you | |
1225 | +can use constructions like | |
1226 | + | |
1227 | +quote(rsync [options] --rsh="ssh -l user -i identity" source dest) | |
1228 | + | |
1229 | +to control things at a fine level. | |
1230 | ||
1231 | See also the --blocking-io option which is affected by this option. | |
1232 | ||
1233 | Index: rsyncd.conf.5 | |
1234 | =================================================================== | |
1235 | RCS file: /juno/repository/usr/local/pkg/rsync/rsyncd.conf.5,v | |
1236 | retrieving revision 1.1.1.5 | |
1237 | retrieving revision 1.3 | |
1238 | diff -u -b -r1.1.1.5 -r1.3 | |
1239 | --- rsyncd.conf.5 2001/12/03 23:48:52 1.1.1.5 | |
1240 | +++ rsyncd.conf.5 2001/12/04 00:10:39 1.3 | |
1241 | @@ -238,6 +238,11 @@ | |
1242 | "secrets file" option\&. The default is for all users to be able to | |
1243 | connect without a password (this is called "anonymous rsync")\&. | |
1244 | .IP | |
1245 | +See also the \fBCONNECTING TO AN RSYNC SERVER OVER A REMOTE SHELL | |
1246 | +PROGRAM\fP section in rsync(1) for information on how handle an | |
1247 | +rsyncd\&.conf-level username that differs from the remote-shell-level | |
1248 | +username when using a remote shell to connect to a rsync server\&. | |
1249 | +.IP | |
1250 | .IP "\fBsecrets file\fP" | |
1251 | The "secrets file" option specifies the name of | |
1252 | a file that contains the username:password pairs used for | |
1253 | Index: rsyncd.conf.yo | |
1254 | =================================================================== | |
1255 | RCS file: /juno/repository/usr/local/pkg/rsync/rsyncd.conf.yo,v | |
1256 | retrieving revision 1.1.1.5 | |
1257 | retrieving revision 1.3 | |
1258 | diff -u -b -r1.1.1.5 -r1.3 | |
1259 | --- rsyncd.conf.yo 2001/12/03 23:49:02 1.1.1.5 | |
1260 | +++ rsyncd.conf.yo 2001/12/04 00:10:39 1.3 | |
1261 | @@ -219,6 +219,11 @@ | |
1262 | "secrets file" option. The default is for all users to be able to | |
1263 | connect without a password (this is called "anonymous rsync"). | |
1264 | ||
1265 | +See also the bf(CONNECTING TO AN RSYNC SERVER OVER A REMOTE SHELL | |
1266 | +PROGRAM) section in rsync(1) for information on how handle an | |
1267 | +rsyncd.conf-level username that differs from the remote-shell-level | |
1268 | +username when using a remote shell to connect to a rsync server. | |
1269 | + | |
1270 | dit(bf(secrets file)) The "secrets file" option specifies the name of | |
1271 | a file that contains the username:password pairs used for | |
1272 | authenticating this module. This file is only consulted if the "auth | |
1273 | Index: socket.c | |
1274 | =================================================================== | |
1275 | RCS file: /juno/repository/usr/local/pkg/rsync/socket.c,v | |
1276 | retrieving revision 1.1.1.5 | |
1277 | retrieving revision 1.3 | |
1278 | diff -u -b -r1.1.1.5 -r1.3 | |
1279 | --- socket.c 2001/12/03 23:49:04 1.1.1.5 | |
1280 | +++ socket.c 2001/12/04 00:10:39 1.3 | |
1281 | @@ -349,7 +349,7 @@ | |
1282 | } | |
1283 | ||
1284 | ||
1285 | -void start_accept_loop(int port, int (*fn)(int )) | |
1286 | +void start_accept_loop(int port, int (*fn)(int, int)) | |
1287 | { | |
1288 | int s; | |
1289 | extern char *bind_address; | |
1290 | @@ -407,7 +407,7 @@ | |
1291 | /* open log file in child before possibly giving | |
1292 | up privileges */ | |
1293 | log_open(); | |
1294 | - _exit(fn(fd)); | |
1295 | + _exit(fn(fd, fd)); | |
1296 | } | |
1297 | ||
1298 | close(fd); | |
1299 | ||
1300 |