Unmerged patch from David Bolen to add --ignore-case.

[rsync/rsync-patches.git] / jdpaul__rsyncd_over_ssh.diff

Here's a new version of my rsync-server-over-remote-shell patch:

- diffs (-u) against 2.5.0 

- syntax for running rsync server over remote shell is

rsync [options] -e ssh source [user@]host::module[/dest]
rsync [options] -e ssh [user@]host::module[/source] dest

  If you need different usernames at the rsyncd and ssh levels, you
  can do

rsync [options] -e "ssh -l ssh-user" source rsyncd-user@host::module[/path]

- rsync_module() now uses the SSH_CLIENT environment variable to get
  an IP address.  As Martin mentioned, there is the potential for
  spoofing here, if the client can control what the SSH_CLIENT
  environment variable contains.  (However, if the client can control
  the environment on the server side, it can do pretty much whatever
  it wants anyway....)  If you're using this in a locked-down scheme
  with single-use SSH keys, then there's no way for the client to do
  anything to the environment, and it should be safe.

Cheers --

					JD Paul
					jdpaul@interstel.net

P.S.  Question -- is the enum { } of all the OPT_ variables in
options.c necessary any more?  It looks like it's not.

On Tue, 20 Nov 2001, JD Paul wrote:

> Hi --
> 
> I've made the changes to my code changes and the new diffs (against
> 2.4.6 again) are included below.
> 
> Syntax for running rsync server over a remote shell (e.g. ssh) is now:
> 
> rsync [options] -e ssh source [user@]host::module[/dest]
> rsync [options] -e ssh [user@]host::module[/source] dest
> 
> Cheers --
> 
> 					JD
> 					jdpaul@interstel.net
> 

-------------------------<cut here>-----------------------------------


Index: authenticate.c
===================================================================
RCS file: /juno/repository/usr/local/pkg/rsync/authenticate.c,v
retrieving revision 1.1.1.5
retrieving revision 1.4
diff -u -b -r1.1.1.5 -r1.4
--- authenticate.c	2001/12/03 23:48:45	1.1.1.5
+++ authenticate.c	2001/12/04 00:10:38	1.4
@@ -203,7 +203,7 @@
 
    otherwise return username
 */
-char *auth_server(int fd, int module, char *addr, char *leader)
+char *auth_server(int f_in, int f_out, int module, char *addr, char *leader)
 {
 	char *users = lp_auth_users(module);
 	char challenge[16];
@@ -222,9 +222,9 @@
 	
 	base64_encode(challenge, 16, b64_challenge);
 
-	io_printf(fd,"%s%s\n", leader, b64_challenge);
+	io_printf(f_out,"%s%s\n", leader, b64_challenge);
 
-	if (!read_line(fd, line, sizeof(line)-1)) {
+	if (!read_line(f_in, line, sizeof(line)-1)) {
 		return NULL;
 	}
 
Index: clientserver.c
===================================================================
RCS file: /juno/repository/usr/local/pkg/rsync/clientserver.c,v
retrieving revision 1.1.1.5
retrieving revision 1.11
diff -u -b -r1.1.1.5 -r1.11
--- clientserver.c	2001/12/03 23:48:48	1.1.1.5
+++ clientserver.c	2001/12/04 04:51:10	1.11
@@ -35,34 +35,22 @@
  */
 int start_socket_client(char *host, char *path, int argc, char *argv[])
 {
-	int fd, i;
-	char *sargs[MAX_ARGS];
-	int sargc=0;
-	char line[MAXPATHLEN];
+	int fd;
+	int ret;
 	char *p, *user=NULL;
 	extern int remote_version;
 	extern int am_sender;
 	extern char *shell_cmd;
-	extern int kludge_around_eof;
 	extern char *bind_address;
        
 	if (argc == 0 && !am_sender) {
 		extern int list_only;
 		list_only = 1;
 	}
-
-        /* This is just a friendliness enhancement: if the connection
-         * is to an rsyncd then there is no point specifying the -e option.
-         * Note that this is only set if the -e was explicitly specified,
-         * not if the environment variable just happens to be set.
-         * See http://lists.samba.org/pipermail/rsync/2000-September/002744.html
-         */
-        if (shell_cmd) {
-                rprintf(FERROR, "WARNING: --rsh or -e option ignored when "
-                        "connecting to rsync daemon\n");
-                /* continue */
-        }
         
+	/* this is redundant with code in start_inband_exchange(), but
+	   this short-circuits a problem before we open a socket, and 
+	   the extra check won't hurt */
 	if (*path == '/') {
 		rprintf(FERROR,"ERROR: The remote path must start with a module name not a /\n");
 		return -1;
@@ -75,15 +63,46 @@
 		*p = 0;
 	}
 
-	if (!user) user = getenv("USER");
-	if (!user) user = getenv("LOGNAME");
-
 	fd = open_socket_out_wrapped (host, rsync_port, bind_address,
 				      global_opts.af_hint);
 	if (fd == -1) {
 		exit_cleanup(RERR_SOCKETIO);
 	}
 	
+	ret = start_inband_exchange(user, path, fd, fd, argc, argv);
+
+	return (ret < 0 ) ? ret : client_run(fd, fd, -1, argc, argv);
+}
+
+int start_inband_exchange(char *user, char *path, int f_in, int f_out, int argc, char *argv[])
+{
+	int i;
+	char *sargs[MAX_ARGS];
+	int sargc = 0;
+	char line[MAXPATHLEN];
+	char *p;
+	extern int remote_version;
+	extern int kludge_around_eof;
+	extern int am_sender;
+	extern int daemon_over_rsh;
+
+	if (argc == 0 && !am_sender) {
+		extern int list_only;
+		list_only = 1;
+	}
+
+	if (*path == '/') {
+		rprintf(FERROR,"ERROR: The remote path must start with a module name\n");
+		return -1;
+	}
+
+	if (!user) user = getenv("USER");
+	if (!user) user = getenv("LOGNAME");
+
+	/* set daemon_over_rsh to false since we need to build the 
+	   true set of args passed through the rsh/ssh connection; 
+	   this is a no-op for direct-socket-connection mode */
+	daemon_over_rsh = 0;
 	server_options(sargs,&sargc);
 
 	sargs[sargc++] = ".";
@@ -93,9 +112,9 @@
 
 	sargs[sargc] = NULL;
 
-	io_printf(fd,"@RSYNCD: %d\n", PROTOCOL_VERSION);
+	io_printf(f_out,"@RSYNCD: %d\n", PROTOCOL_VERSION);
 
-	if (!read_line(fd, line, sizeof(line)-1)) {
+	if (!read_line(f_in, line, sizeof(line)-1)) {
 		return -1;
 	}
 
@@ -105,7 +124,7 @@
 
 	p = strchr(path,'/');
 	if (p) *p = 0;
-	io_printf(fd,"%s\n",path);
+	io_printf(f_out,"%s\n",path);
 	if (p) *p = '/';
 
 	/* Old servers may just drop the connection here,
@@ -113,12 +132,12 @@
 	kludge_around_eof = remote_version < 25;
 
 	while (1) {
-		if (!read_line(fd, line, sizeof(line)-1)) {
+		if (!read_line(f_in, line, sizeof(line)-1)) {
 			return -1;
 		}
 
 		if (strncmp(line,"@RSYNCD: AUTHREQD ",18) == 0) {
-			auth_client(fd, user, line+18);
+			auth_client(f_out, user, line+18);
 			continue;
 		}
 
@@ -131,69 +150,97 @@
 	kludge_around_eof = False;
 
 	for (i=0;i<sargc;i++) {
-		io_printf(fd,"%s\n", sargs[i]);
+		io_printf(f_out,"%s\n", sargs[i]);
 	}
-	io_printf(fd,"\n");
+	io_printf(f_out,"\n");
 
 	if (remote_version < 23) {
 		if (remote_version == 22 || (remote_version > 17 && !am_sender))
-			io_start_multiplex_in(fd);
+			io_start_multiplex_in(f_in);
 	}
 
-	return client_run(fd, fd, -1, argc, argv);
-}
+	return 0;
 
+}
 
 
-static int rsync_module(int fd, int i)
+static int rsync_module(int f_in, int f_out, int i)
 {
 	int argc=0;
 	char *argv[MAX_ARGS];
 	char **argp;
 	char line[MAXPATHLEN];
+	char addr_buf[128];
 	uid_t uid = (uid_t)-2;  /* canonically "nobody" */
 	gid_t gid = (gid_t)-2;
 	char *p;
-	char *addr = client_addr(fd);
-	char *host = client_name(fd);
+	char *addr;
+	char *host;
 	char *name = lp_name(i);
 	int use_chroot = lp_use_chroot(i);
 	int start_glob=0;
 	int ret;
 	char *request=NULL;
 	extern int am_sender;
+	extern int am_server;
+	extern int am_daemon;
 	extern int remote_version;
 	extern int am_root;
 
+	if (is_a_socket(f_in)) {
+		addr = client_addr(f_in);
+		host = client_name(f_in);
+	} else {
+		char *ssh_client = getenv("SSH_CLIENT");
+		if (ssh_client) {
+			strlcpy(addr_buf, ssh_client, sizeof(addr_buf));
+			/* truncate SSH_CLIENT to just IP address */
+			p = strchr(addr_buf, ' ');
+			if (p) {
+				*p = '\0';
+			}
+			addr = addr_buf;
+			host = "remote.shell.connection";
+		} else {
+			addr = "0.0.0.0";
+			host = "remote.shell.connection";
+		}
+	}
+
 	if (!allow_access(addr, host, lp_hosts_allow(i), lp_hosts_deny(i))) {
 		rprintf(FERROR,"rsync denied on module %s from %s (%s)\n",
-			name, client_name(fd), client_addr(fd));
-		io_printf(fd,"@ERROR: access denied to %s from %s (%s)\n",
-			  name, client_name(fd), client_addr(fd));
+			name, host, addr);
+		io_printf(f_out,"@ERROR: access denied to %s from %s (%s)\n",
+			  name, host, addr);
 		return -1;
 	}
 
+	if (am_daemon && am_server) {
+		rprintf(FINFO, "rsync allowed access on module %s from %s (%s)\n",
+			name, host, addr);
+	}
+
 	if (!claim_connection(lp_lock_file(i), lp_max_connections(i))) {
 		if (errno) {
 			rprintf(FERROR,"failed to open lock file %s : %s\n",
 				lp_lock_file(i), strerror(errno));
-			io_printf(fd,"@ERROR: failed to open lock file %s : %s\n",
+			io_printf(f_out,"@ERROR: failed to open lock file %s : %s\n",
 				  lp_lock_file(i), strerror(errno));
 		} else {
 			rprintf(FERROR,"max connections (%d) reached\n",
 				lp_max_connections(i));
-			io_printf(fd,"@ERROR: max connections (%d) reached - try again later\n", lp_max_connections(i));
+			io_printf(f_out,"@ERROR: max connections (%d) reached - try again later\n", lp_max_connections(i));
 		}
 		return -1;
 	}
 
 	
-	auth_user = auth_server(fd, i, addr, "@RSYNCD: AUTHREQD ");
+	auth_user = auth_server(f_in, f_out, i, addr, "@RSYNCD: AUTHREQD ");
 
 	if (!auth_user) {
 		rprintf(FERROR,"auth failed on module %s from %s (%s)\n",
-			name, client_name(fd), client_addr(fd));
-		io_printf(fd,"@ERROR: auth failed on module %s\n",name);
+			name, host, addr);
+		io_printf(f_out,"@ERROR: auth failed on module %s\n",name);
 		return -1;		
 	}
 
@@ -206,7 +253,7 @@
 		if (!name_to_uid(p, &uid)) {
 			if (!isdigit(*p)) {
 				rprintf(FERROR,"Invalid uid %s\n", p);
-				io_printf(fd,"@ERROR: invalid uid %s\n", p);
+				io_printf(f_out,"@ERROR: invalid uid\n");
 				return -1;
 			} 
 			uid = atoi(p);
@@ -216,7 +263,7 @@
 		if (!name_to_gid(p, &gid)) {
 			if (!isdigit(*p)) {
 				rprintf(FERROR,"Invalid gid %s\n", p);
-				io_printf(fd,"@ERROR: invalid gid %s\n", p);
+				io_printf(f_out,"@ERROR: invalid gid\n");
 				return -1;
 			} 
 			gid = atoi(p);
@@ -259,20 +306,20 @@
 		 */
 		if (chroot(lp_path(i))) {
 			rsyserr(FERROR, errno, "chroot %s failed", lp_path(i));
-			io_printf(fd,"@ERROR: chroot failed\n");
+			io_printf(f_out,"@ERROR: chroot failed\n");
 			return -1;
 		}
 
 		if (!push_dir("/", 0)) {
                         rsyserr(FERROR, errno, "chdir %s failed\n", lp_path(i));
-			io_printf(fd,"@ERROR: chdir failed\n");
+			io_printf(f_out,"@ERROR: chdir failed\n");
 			return -1;
 		}
 
 	} else {
 		if (!push_dir(lp_path(i), 0)) {
 			rsyserr(FERROR, errno, "chdir %s failed\n", lp_path(i));
-			io_printf(fd,"@ERROR: chdir failed\n");
+			io_printf(f_out,"@ERROR: chdir failed\n");
 			return -1;
 		}
 		sanitize_paths = 1;
@@ -281,25 +328,25 @@
 	if (am_root) {
 		if (setgid(gid)) {
 			rsyserr(FERROR, errno, "setgid %d failed", (int) gid);
-			io_printf(fd,"@ERROR: setgid failed\n");
+			io_printf(f_out,"@ERROR: setgid failed\n");
 			return -1;
 		}
 
 		if (setuid(uid)) {
 			rsyserr(FERROR, errno, "setuid %d failed", (int) uid);
-			io_printf(fd,"@ERROR: setuid failed\n");
+			io_printf(f_out,"@ERROR: setuid failed\n");
 			return -1;
 		}
 
 		am_root = (getuid() == 0);
 	}
 
-	io_printf(fd,"@RSYNCD: OK\n");
+	io_printf(f_out,"@RSYNCD: OK\n");
 
 	argv[argc++] = "rsyncd";
 
 	while (1) {
-		if (!read_line(fd, line, sizeof(line)-1)) {
+		if (!read_line(f_in, line, sizeof(line)-1)) {
 			return -1;
 		}
 
@@ -367,7 +414,7 @@
 
 	if (remote_version < 23) {
 		if (remote_version == 22 || (remote_version > 17 && am_sender))
-			io_start_multiplex_out(fd);
+			io_start_multiplex_out(f_out);
 	}
         
         /* For later protocol versions, we don't start multiplexing
@@ -388,7 +435,7 @@
 		io_timeout = lp_timeout(i);
 	}
 
-	start_server(fd, fd, argc, argp);
+	start_server(f_in, f_out, argc, argp);
 
 	return 0;
 }
@@ -409,26 +456,29 @@
 		io_printf(fd,"@RSYNCD: EXIT\n");
 }
 
-/* this is called when a socket connection is established to a client
+/* this is called when a connection is established to a client
    and we want to start talking. The setup of the system is done from
    here */
-static int start_daemon(int fd)
+int start_daemon(int f_in, int f_out)
 {
 	char line[200];
 	char *motd;
 	int i = -1;
 	extern char *config_file;
 	extern int remote_version;
+	extern int am_server;
 
 	if (!lp_load(config_file, 0)) {
 		exit_cleanup(RERR_SYNTAX);
 	}
 
-	set_socket_options(fd,"SO_KEEPALIVE");
-	set_socket_options(fd,lp_socket_options());
-	set_nonblocking(fd);
+	if ( !am_server ) {
+		set_socket_options(f_in,"SO_KEEPALIVE");
+		set_socket_options(f_in,lp_socket_options());
+		set_nonblocking(f_in);
+	}
 
-	io_printf(fd,"@RSYNCD: %d\n", PROTOCOL_VERSION);
+	io_printf(f_out,"@RSYNCD: %d\n", PROTOCOL_VERSION);
 
 	motd = lp_motd_file();
 	if (motd && *motd) {
@@ -437,50 +487,49 @@
 			int len = fread(line, 1, sizeof(line)-1, f);
 			if (len > 0) {
 				line[len] = 0;
-				io_printf(fd,"%s", line);
+				io_printf(f_out,"%s", line);
 			}
 		}
 		if (f) fclose(f);
-		io_printf(fd,"\n");
+		io_printf(f_out,"\n");
 	}
 
-	if (!read_line(fd, line, sizeof(line)-1)) {
+	if (!read_line(f_in, line, sizeof(line)-1)) {
 		return -1;
 	}
 
 	if (sscanf(line,"@RSYNCD: %d", &remote_version) != 1) {
-		io_printf(fd,"@ERROR: protocol startup error\n");
+		io_printf(f_out,"@ERROR: protocol startup error\n");
 		return -1;
 	}	
 
 	while (i == -1) {
 		line[0] = 0;
-		if (!read_line(fd, line, sizeof(line)-1)) {
+		if (!read_line(f_in, line, sizeof(line)-1)) {
 			return -1;
 		}
 
 		if (!*line || strcmp(line,"#list")==0) {
-			send_listing(fd);
+			send_listing(f_out);
 			return -1;
 		} 
 
 		if (*line == '#') {
 			/* it's some sort of command that I don't understand */
-			io_printf(fd,"@ERROR: Unknown command '%s'\n", line);
+			io_printf(f_out,"@ERROR: Unknown command '%s'\n", line);
 			return -1;
 		}
 
 		i = lp_number(line);
 		if (i == -1) {
-			io_printf(fd,"@ERROR: Unknown module '%s'\n", line);
+			io_printf(f_out,"@ERROR: Unknown module '%s'\n", line);
 			return -1;
 		}
 	}
 
-	return rsync_module(fd, i);
+	return rsync_module(f_in, f_out, i);
 }
 
-
 int daemon_main(void)
 {
 	extern char *config_file;
@@ -498,7 +547,7 @@
 			open("/dev/null", O_RDWR);
 		}
 
-		return start_daemon(STDIN_FILENO);
+		return start_daemon(STDIN_FILENO, STDIN_FILENO);
 	}
 
 	become_daemon();
Index: main.c
===================================================================
RCS file: /juno/repository/usr/local/pkg/rsync/main.c,v
retrieving revision 1.1.1.7
retrieving revision 1.7
diff -u -b -r1.1.1.7 -r1.7
--- main.c	2001/12/03 23:48:56	1.1.1.7
+++ main.c	2001/12/04 00:10:38	1.7
@@ -133,9 +133,11 @@
 	int i,argc=0;
 	pid_t ret;
 	char *tok,*dir=NULL;
+	int dash_l_set = 0;
 	extern int local_server;
 	extern char *rsync_path;
 	extern int blocking_io;
+	extern int daemon_over_rsh;
 	extern int read_batch;
 
 	if (!read_batch && !local_server) { /* dw -- added read_batch */
@@ -151,15 +153,23 @@
 			args[argc++] = tok;
 		}
 
+		/* check to see if we've already been given '-l user' in 
+		   the remote-shell command */
+		for (i=0;i<(argc-1);i++) {
+			if (!strcmp("-l", args[i]) && (args[i+1][0] != '-')) {
+				dash_l_set = 1;
+			}
+		}
+
 #if HAVE_REMSH
 		/* remsh (on HPUX) takes the arguments the other way around */
 		args[argc++] = machine;
-		if (user) {
+		if (user && !(daemon_over_rsh && dash_l_set)) {
 			args[argc++] = "-l";
 			args[argc++] = user;
 		}
 #else
-		if (user) {
+		if (user && !(daemon_over_rsh && dash_l_set)) {
 			args[argc++] = "-l";
 			args[argc++] = user;
 		}
@@ -176,8 +186,10 @@
 
 	args[argc++] = ".";
 
+	if (!daemon_over_rsh) {
 	if (path && *path) 
 		args[argc++] = path;
+	}
 
 	args[argc] = NULL;
 
@@ -617,15 +629,17 @@
 	extern int am_sender;
 	extern char *shell_cmd;
 	extern int rsync_port;
+	extern int daemon_over_rsh;
 	extern int whole_file;
 	extern int read_batch;
 	int rc;
 
 	/* Don't clobber argv[] so that ps(1) can still show the right
            command line. */
-	if ((rc = copy_argv (argv)))
+	if ((rc = copy_argv(argv)))
 		return rc;
 
+	/* rsync:// always uses rsync server over direct socket connection */
 	if (strncasecmp(URL_PREFIX, argv[0], strlen(URL_PREFIX)) == 0) {
 		char *host, *path;
 
@@ -651,7 +665,13 @@
 	if (p) {
 		if (p[1] == ':') {
 			*p = 0;
-			return start_socket_client(argv[0], p+2, argc-1, argv+1);
+			if (!shell_cmd) {
+				return start_socket_client(argv[0], p+2, 
+							   argc-1, argv+1);
+			} else {
+				++p;
+				daemon_over_rsh = 1;
+			}
 		}
 
 		if (argc < 1) {
@@ -675,7 +695,13 @@
 			whole_file = 1;
 		} else if (p[1] == ':') {
 			*p = 0;
-			return start_socket_client(argv[argc-1], p+2, argc-1, argv);
+			if (!shell_cmd) {
+				return start_socket_client(argv[argc-1], p+2, 
+							   argc-1, argv);
+			} else {
+				++p;
+				daemon_over_rsh = 1;
+			}
 		}
 
 		if (argc < 2) {
@@ -726,8 +752,20 @@
 		list_only = 1;
 	}
 	
-	pid = do_cmd(shell_cmd,shell_machine,shell_user,shell_path,&f_in,&f_out);
+	pid = do_cmd(shell_cmd,shell_machine,shell_user,shell_path,
+	             &f_in,&f_out);
 	
+	/* if we're running an rsync server on the remote host over a
+	   remote shell command, we need to do the RSYNCD protocol first */
+	if (daemon_over_rsh) {
+		int tmpret;
+		tmpret = start_inband_exchange(shell_user, shell_path,
+					       f_in, f_out, argc, argv);
+		if ( tmpret < 0 ) {
+			return tmpret;
+		}
+	}
+
 	ret = client_run(f_in, f_out, pid, argc, argv);
 
 	fflush(stdout);
@@ -813,7 +851,7 @@
 	    set_batch_file_ext(batch_ext);
 	}
 
-	if (am_daemon) {
+	if (am_daemon && !am_server) {
 		return daemon_main();
 	}
 
@@ -835,7 +873,11 @@
 	if (am_server) {
 		set_nonblocking(STDIN_FILENO);
 		set_nonblocking(STDOUT_FILENO);
+		if (am_daemon) {
+			return start_daemon(STDIN_FILENO, STDOUT_FILENO);
+		} else {
 		start_server(STDIN_FILENO, STDOUT_FILENO, argc, argv);
+		}
 	}
 
 	ret = start_client(argc, argv);
Index: options.c
===================================================================
RCS file: /juno/repository/usr/local/pkg/rsync/options.c,v
retrieving revision 1.1.1.5
retrieving revision 1.11
diff -u -b -r1.1.1.5 -r1.11
--- options.c	2001/12/03 23:48:57	1.1.1.5
+++ options.c	2001/12/04 05:30:27	1.11
@@ -21,6 +21,7 @@
 #include "rsync.h"
 #include "popt.h"
 
+
 int make_backups = 0;
 int whole_file = 0;
 int copy_links = 0;
@@ -53,6 +54,7 @@
 int module_id = -1;
 int am_server = 0;
 int am_sender = 0;
+int daemon_over_rsh = 0;
 int recurse = 0;
 int am_daemon=0;
 int do_stats=0;
@@ -535,6 +537,13 @@
 	int i, x;
 
 	args[ac++] = "--server";
+
+	if (daemon_over_rsh) {
+		args[ac++] = "--daemon";
+		*argc = ac;
+		/* if we're passing --daemon, we're done */
+		return;
+	}
 
 	if (!am_sender)
 		args[ac++] = "--sender";
Index: proto.h
===================================================================
RCS file: /juno/repository/usr/local/pkg/rsync/proto.h,v
retrieving revision 1.1.1.7
retrieving revision 1.5
diff -u -b -r1.1.1.7 -r1.5
--- proto.h	2001/12/03 23:48:57	1.1.1.7
+++ proto.h	2001/12/04 00:10:38	1.5
@@ -1,7 +1,7 @@
 /* This file is automatically generated with "make proto". DO NOT EDIT */
 
 int allow_access(char *addr, char *host, char *allow_list, char *deny_list);
-char *auth_server(int fd, int module, char *addr, char *leader);
+char *auth_server(int f_in, int f_out, int module, char *addr, char *leader);
 void auth_client(int fd, char *user, char *challenge);
 int make_backup(char *fname);
 void create_batch_file_ext();
@@ -37,6 +37,8 @@
 		 struct map_struct *buf, int fd1, int fd2);
 void cleanup_set_pid(int pid);
 int start_socket_client(char *host, char *path, int argc, char *argv[]);
+int start_inband_exchange(char *user, char *path, int f_in, int f_out, int argc, char *argv[]);
+int start_daemon(int f_in, int f_out);
 int daemon_main(void);
 void setup_protocol(int f_out,int f_in);
 int claim_connection(char *fname,int max_connections);
@@ -173,7 +175,7 @@
 			     const char *bind_address,
 			     int af_hint);
 int is_a_socket(int fd);
-void start_accept_loop(int port, int (*fn)(int ));
+void start_accept_loop(int port, int (*fn)(int, int));
 void set_socket_options(int fd, char *options);
 void become_daemon(void);
 char *client_addr(int fd);
Index: rsync.1
===================================================================
RCS file: /juno/repository/usr/local/pkg/rsync/rsync.1,v
retrieving revision 1.1.1.7
retrieving revision 1.9
diff -u -b -r1.1.1.7 -r1.9
--- rsync.1	2001/12/03 23:48:58	1.1.1.7
+++ rsync.1	2001/12/04 05:02:26	1.9
@@ -47,7 +47,7 @@
 .PP 
 .SH "GENERAL" 
 .PP 
-There are six different ways of using rsync\&. They are:
+There are eight different ways of using rsync\&. They are:
 .PP 
 .IP o 
 for copying local files\&. This is invoked when neither
@@ -75,6 +75,20 @@
 separator\&. 
 .IP 
 .IP o 
+for copying from a remote machine using a remote shell
+program as the transport, using rsync server on the remote
+machine\&.  This is invoked when the source path contains a ::
+separator and the --rsh=COMMAND (aka "-e COMMAND") option is
+also provided\&.
+.IP 
+.IP o 
+for copying from the local machine to a remote machine
+using a remote shell program as the transport, using rsync
+server on the remote machine\&.  This is invoked when the
+destination path contains a :: separator and the
+--rsh=COMMMAND option is also provided\&.
+.IP 
+.IP o 
 for listing files on a remote machine\&. This is done the
 same way as rsync transfers except that you leave off the
 local destination\&.  
@@ -139,7 +153,7 @@
 using the --delete option\&.
 .PP 
 You can also use rsync in local-only mode, where both the source and
-destination don\&'t have a \&':\&' in the name\&. In this case it behaves like
+destination don\'t have a \':\' in the name\&. In this case it behaves like
 an improved copy command\&.
 .PP 
 .RS 
@@ -155,7 +169,7 @@
 transport\&. In this case you will connect to a remote rsync server
 running on TCP port 873\&. 
 .PP 
-You may establish the connetcion via a web proxy by setting the
+You may establish the connection via a web proxy by setting the
 environment variable RSYNC_PROXY to a hostname:port pair pointing to
 your web proxy\&. Note that your web proxy must allow proxying to port
 873, this must be configured in your proxy servers ruleset\&.
@@ -188,17 +202,70 @@
 WARNING: On some systems environment variables are visible to all
 users\&. On those systems using --password-file is recommended\&.
 .PP 
+.SH "CONNECTING TO AN RSYNC SERVER OVER A REMOTE SHELL PROGRAM" 
+.PP 
+It is sometimes useful to be able to set up file transfers using rsync
+server capabilities on the remote machine, while still using rsh or
+ssh for transport\&.  This is especially useful when you want to connect
+to a remote machine via ssh (for encryption or to get through a
+firewall), but you still want to have access to the rsync server
+features (see RUNNING AN RSYNC SERVER OVER A REMOTE SHELL PROGRAM,
+below)\&.  
+.PP 
+From the user\'s perspective, using rsync in this way is the same as
+using it to connect to an rsync server, except that you must
+explicitly set the remote shell program on the command line with
+--rsh=COMMAND\&.  (Setting RSYNC_RSH in the environment will not turn on
+this functionality\&.)
+.PP 
+In order to distinguish between the remote-shell user and the rsync
+server user, you can use \'-l user\' on your remote-shell command:
+.PP 
+.RS 
+rsync -av --rsh="ssh -l ssh-user" rsync-user@host::module[/path] local-path
+.RE 
+.PP 
+The "ssh-user" will be used at the ssh level; the "rsync-user" will be
+used to check against the rsyncd\&.conf on the remote host\&.
+.PP 
 .SH "RUNNING AN RSYNC SERVER" 
 .PP 
 An rsync server is configured using a config file which by default is
 called /etc/rsyncd\&.conf\&. Please see the rsyncd\&.conf(5) man page for more
 information\&. 
 .PP 
+.SH "RUNNING AN RSYNC SERVER OVER A REMOTE SHELL PROGRAM" 
+.PP 
+See the rsyncd\&.conf(5) man page for full information on the rsync
+server configuration file\&.  
+.PP 
+Several configuration options will not be available unless the remote
+user is root (e\&.g\&. chroot, setuid/setgid, etc\&.)\&.  There is no need to
+configure inetd or the services map to include the rsync server port
+if you run an rsync server only via a remote shell program\&.
+.PP 
+To run an rsync server out of a single-use ssh key, use the
+"command=\fICOMMAND\fP" syntax in the remote user\'s
+authorized_keys entry, where command would be
+.PP 
+.RS 
+rsync --server --daemon \&.
+.RE 
+.PP 
+NOTE: rsync\'s argument parsing expects the trailing "\&.", so make sure
+that it\'s there\&.  If you want to use a rsyncd\&.conf(5)-style
+configuration file other than /etc/rsyncd\&.conf, you can added a
+--config-file option to the \fIcommand\fP:
+.PP 
+.RS 
+rsync --server --daemon --config-file=\fIfile\fP \&.
+.RE 
+.PP 
 .SH "EXAMPLES" 
 .PP 
 Here are some examples of how I use rsync\&.
 .PP 
-To backup my wife\&'s home directory, which consists of large MS Word
+To backup my wife\'s home directory, which consists of large MS Word
 files and mail folders, I use a cron job that runs
 .PP 
 .RS 
@@ -214,7 +281,7 @@
 .RS 
 get:
 .br 
-rsync -avuzb --exclude \&'*~\&' samba:samba/ \&.
+rsync -avuzb --exclude \'*~\' samba:samba/ \&.
 .PP 
 put:
 .br 
@@ -225,7 +292,7 @@
 .PP 
 this allows me to sync with a CVS directory at the other end of the
 link\&. I then do cvs operations on the remote machine, which saves a
-lot of time as the remote cvs protocol isn\&'t very efficient\&.
+lot of time as the remote cvs protocol isn\'t very efficient\&.
 .PP 
 I mirror a directory between my "old" and "new" ftp sites with the
 command
@@ -254,7 +321,7 @@
  -b, --backup                make backups (default ~ suffix)
      --backup-dir            make backups into this directory
      --suffix=SUFFIX         override backup suffix
- -u, --update                update only (don\&'t overwrite newer files)
+ -u, --update                update only (don\'t overwrite newer files)
  -l, --links                 preserve soft links
  -L, --copy-links            treat soft links like regular files
      --copy-unsafe-links     copy links outside the source tree
@@ -268,22 +335,22 @@
  -S, --sparse                handle sparse files efficiently
  -n, --dry-run               show what would have been transferred
  -W, --whole-file            copy whole files, no incremental checks
- -x, --one-file-system       don\&'t cross filesystem boundaries
+ -x, --one-file-system       don\'t cross filesystem boundaries
  -B, --block-size=SIZE       checksum blocking size (default 700)
  -e, --rsh=COMMAND           specify rsh replacement
      --rsync-path=PATH       specify path to rsync on the remote machine
  -C, --cvs-exclude           auto ignore files in the same way CVS does
      --existing              only update files that already exist
-     --delete                delete files that don\&'t exist on the sending side
+     --delete                delete files that don\'t exist on the sending side
      --delete-excluded       also delete excluded files on the receiving side
      --delete-after          delete after transferring, not before
      --ignore-errors         delete even if there are IO errors
-     --max-delete=NUM        don\&'t delete more than NUM files
+     --max-delete=NUM        don\'t delete more than NUM files
      --partial               keep partially transferred files
      --force                 force deletion of directories even if not empty
-     --numeric-ids           don\&'t map uid/gid values by user/group name
+     --numeric-ids           don\'t map uid/gid values by user/group name
      --timeout=TIME          set IO timeout in seconds
- -I, --ignore-times          don\&'t exclude files that match length and time
+ -I, --ignore-times          don\'t exclude files that match length and time
      --size-only             only use file size when determining if a file should be transferred
      --modify-window=NUM     Timestamp window (seconds) for file match (default=0)
  -T  --temp-dir=DIR          create temporary files in directory DIR
@@ -292,8 +359,8 @@
  -z, --compress              compress file data
      --exclude=PATTERN       exclude files matching PATTERN
      --exclude-from=FILE     exclude patterns listed in FILE
-     --include=PATTERN       don\&'t exclude files matching PATTERN
-     --include-from=FILE     don\&'t exclude patterns listed in FILE
+     --include=PATTERN       don\'t exclude files matching PATTERN
+     --include-from=FILE     don\'t exclude patterns listed in FILE
      --version               print version number
      --daemon                run as a rsync daemon
      --address               bind to the specified address
@@ -320,7 +387,7 @@
 rsync uses the GNU long options package\&. Many of the command line
 options have two variants, one short and one long\&.  These are shown
 below, separated by commas\&. Some options only have a long variant\&.
-The \&'=\&' for options that take a parameter is optional; whitespace
+The \'=\' for options that take a parameter is optional; whitespace
 can be used instead\&.
 .PP 
 .IP "\fB-h, --help\fP" 
@@ -384,7 +451,7 @@
 .IP 
 .IP "\fB-r, --recursive\fP" 
 This tells rsync to copy directories
-recursively\&. If you don\&'t specify this then rsync won\&'t copy
+recursively\&. If you don\'t specify this then rsync won\'t copy
 directories at all\&.
 .IP 
 .IP "\fB-R, --relative\fP" 
@@ -502,7 +569,7 @@
 option is not used, the optimization that excludes files that have not been
 modified cannot be effective; in other words, a missing -t or -a will
 cause the next transfer to behave as if it used -I, and all files will have
-their checksums compared and show up in log messages even if they haven\&'t
+their checksums compared and show up in log messages even if they haven\'t
 changed\&.
 .IP 
 .IP "\fB-n, --dry-run\fP" 
@@ -513,8 +580,8 @@
 Try to handle sparse files efficiently so they take
 up less space on the destination\&.
 .IP 
-NOTE: Don\&'t use this option when the destination is a Solaris "tmpfs"
-filesystem\&. It doesn\&'t seem to handle seeks over null regions
+NOTE: Don\'t use this option when the destination is a Solaris "tmpfs"
+filesystem\&. It doesn\'t seem to handle seeks over null regions
 correctly and ends up corrupting the files\&.
 .IP 
 .IP "\fB-x, --one-file-system\fP" 
@@ -533,14 +600,14 @@
 .IP 
 .IP "\fB--delete\fP" 
 This tells rsync to delete any files on the receiving
-side that aren\&'t on the sending side\&.   Files that are excluded from
+side that aren\'t on the sending side\&.   Files that are excluded from
 transfer are excluded from being deleted unless you use --delete-excluded\&.
 .IP 
 This option has no effect if directory recursion is not selected\&.
 .IP 
 This option can be dangerous if used incorrectly!  It is a very good idea
 to run first using the dry run option (-n) to see what files would be
-deleted to make sure important files aren\&'t listed\&.
+deleted to make sure important files aren\'t listed\&.
 .IP 
 If the sending side detects any IO errors then the deletion of any
 files at the destination will be automatically disabled\&. This is to
@@ -582,14 +649,29 @@
 remote copies of rsync\&. By default, rsync will use rsh, but you may
 like to instead use ssh because of its high security\&.
 .IP 
+If this option is used with \fB[user@]host::module/path\fP, then the
+remote shell \fICOMMMAND\fP will be used to run an rsync server on the
+remote host, and all data will be transmitted through that remote
+shell connection, rather than through a direct socket connection to a
+running rsync server on the remote host\&.
+.IP 
 You can also choose the remote shell program using the RSYNC_RSH
 environment variable\&.
 .IP 
+In either case, rsync will tokenize the remote-shell command, so you
+can use constructions like
+.IP 
+.RS 
+rsync [options] --rsh="ssh -l user -i identity" source dest
+.RE 
+.IP 
+to control things at a fine level\&.
+.IP 
 See also the --blocking-io option which is affected by this option\&.
 .IP 
 .IP "\fB--rsync-path=PATH\fP" 
 Use this to specify the path to the copy of
-rsync on the remote machine\&. Useful when it\&'s not in your path\&. Note
+rsync on the remote machine\&. Useful when it\'s not in your path\&. Note
 that this is the full path to the binary, not just the directory that
 the binary is in\&.
 .IP 
@@ -608,7 +690,7 @@
 This option is similar to the --exclude
 option, but instead it adds all exclude patterns listed in the file
 FILE to the exclude list\&.  Blank lines in FILE and lines starting with
-\&';\&' or \&'#\&' are ignored\&.
+\';\' or \'#\' are ignored\&.
 .IP 
 .IP "\fB--include=PATTERN\fP" 
 This option tells rsync to not exclude the
@@ -624,7 +706,7 @@
 .IP 
 .IP "\fB-C, --cvs-exclude\fP" 
 This is a useful shorthand for excluding a
-broad range of files that you often don\&'t want to transfer between
+broad range of files that you often don\'t want to transfer between
 systems\&. It uses the same algorithm that CVS uses to determine if
 a file should be ignored\&.
 .IP 
@@ -676,7 +758,7 @@
 flash-cutover when all files have been successfully transferred (for
 example by moving directories around and removing the old directory,
 although this requires also doing the transfer with -I to avoid skipping
-files that haven\&'t changed)\&.  This option increases the usefulness of
+files that haven\'t changed)\&.  This option increases the usefulness of
 --partial because partially transferred files will remain in the new
 temporary destination until they have a chance to be completed\&.  If DIR is
 a relative path, it is relative to the destination directory\&.
@@ -741,7 +823,7 @@
 a remote shell transport\&.  If -e or --rsh are not specified or are set to
 the default "rsh", this defaults to blocking IO, otherwise it defaults to
 non-blocking IO\&.  You may find the --blocking-io option is needed for some
-remote shells that can\&'t handle non-blocking IO\&.  Ssh prefers blocking IO\&.
+remote shells that can\'t handle non-blocking IO\&.  Ssh prefers blocking IO\&.
 .IP 
 .IP "\fB--log-format=FORMAT\fP" 
 This allows you to specify exactly what the
@@ -847,7 +929,7 @@
 .IP o 
 if the pattern contains a / (not counting a trailing /) then it
 is matched against the full filename, including any leading
-directory\&. If the pattern doesn\&'t contain a / then it is matched
+directory\&. If the pattern doesn\'t contain a / then it is matched
 only against the final component of the filename\&.  Again, remember
 that the algorithm is applied recursively so "full filename" can 
 actually be any portion of a path\&.
@@ -869,12 +951,12 @@
 The +/- rules are most useful in exclude lists, allowing you to have a
 single exclude list that contains both include and exclude options\&.
 .PP 
-If you end an exclude list with --exclude \&'*\&', note that since the
+If you end an exclude list with --exclude \'*\', note that since the
 algorithm is applied recursively that unless you explicitly include
 parent directories of files you want to include then the algorithm
 will stop at the parent directories and never see the files below
-them\&.  To include all directories, use --include \&'*/\&' before the
---exclude \&'*\&'\&.
+them\&.  To include all directories, use --include \'*/\' before the
+--exclude \'*\'\&.
 .PP 
 Here are some exclude/include examples:
 .PP 
@@ -1020,7 +1102,7 @@
 are used to determine the default username sent to a rsync server\&.
 .IP 
 .IP "\fBHOME\fP" 
-The HOME environment variable is used to find the user\&'s
+The HOME environment variable is used to find the user\'s
 default \&.cvsignore file\&.
 .IP 
 .PP 
@@ -1070,7 +1152,7 @@
 .SH "THANKS" 
 .PP 
 Thanks to Richard Brent, Brendan Mackay, Bill Waite, Stephen Rothwell
-and David Bell for helpful suggestions and testing of rsync\&. I\&'ve
+and David Bell for helpful suggestions and testing of rsync\&. I\'ve
 probably missed some people, my apologies if I have\&.
 .PP 
 .SH "AUTHOR" 
Index: rsync.yo
===================================================================
RCS file: /juno/repository/usr/local/pkg/rsync/rsync.yo,v
retrieving revision 1.1.1.5
retrieving revision 1.4
diff -u -b -r1.1.1.5 -r1.4
--- rsync.yo	2001/12/03 23:49:01	1.1.1.5
+++ rsync.yo	2001/12/04 00:10:39	1.4
@@ -42,7 +42,7 @@
 
 manpagesection(GENERAL)
 
-There are six different ways of using rsync. They are:
+There are eight different ways of using rsync. They are:
 
 itemize(
 	it() for copying local files. This is invoked when neither
@@ -65,6 +65,18 @@
 	server. This is invoked when the destination path contains a ::
 	separator. 
 
+	it() for copying from a remote machine using a remote shell
+	program as the transport, using rsync server on the remote
+	machine.  This is invoked when the source path contains a ::
+	separator and the --rsh=COMMAND (aka "-e COMMAND") option is
+	also provided.
+
+	it() for copying from the local machine to a remote machine
+	using a remote shell program as the transport, using rsync
+	server on the remote machine.  This is invoked when the
+	destination path contains a :: separator and the
+	--rsh=COMMMAND option is also provided.
+
 	it() for listing files on a remote machine. This is done the
 	same way as rsync transfers except that you leave off the
 	local destination.  
@@ -139,7 +151,7 @@
 transport. In this case you will connect to a remote rsync server
 running on TCP port 873. 
 
-You may establish the connetcion via a web proxy by setting the
+You may establish the connection via a web proxy by setting the
 environment variable RSYNC_PROXY to a hostname:port pair pointing to
 your web proxy. Note that your web proxy must allow proxying to port
 873, this must be configured in your proxy servers ruleset.
@@ -170,12 +182,59 @@
 WARNING: On some systems environment variables are visible to all
 users. On those systems using --password-file is recommended.
 
+manpagesection(CONNECTING TO AN RSYNC SERVER OVER A REMOTE SHELL PROGRAM)
+
+It is sometimes useful to be able to set up file transfers using rsync
+server capabilities on the remote machine, while still using rsh or
+ssh for transport.  This is especially useful when you want to connect
+to a remote machine via ssh (for encryption or to get through a
+firewall), but you still want to have access to the rsync server
+features (see RUNNING AN RSYNC SERVER OVER A REMOTE SHELL PROGRAM,
+below).  
+
+From the user's perspective, using rsync in this way is the same as
+using it to connect to an rsync server, except that you must
+explicitly set the remote shell program on the command line with
+--rsh=COMMAND.  (Setting RSYNC_RSH in the environment will not turn on
+this functionality.)
+
+In order to distinguish between the remote-shell user and the rsync
+server user, you can use '-l user' on your remote-shell command:
+
+quote(rsync -av --rsh="ssh -l ssh-user" rsync-user@host::module[/path] local-path)
+
+The "ssh-user" will be used at the ssh level; the "rsync-user" will be
+used to check against the rsyncd.conf on the remote host.
+
 manpagesection(RUNNING AN RSYNC SERVER)
 
 An rsync server is configured using a config file which by default is
 called /etc/rsyncd.conf. Please see the rsyncd.conf(5) man page for more
 information. 
 
+manpagesection(RUNNING AN RSYNC SERVER OVER A REMOTE SHELL PROGRAM)
+
+See the rsyncd.conf(5) man page for full information on the rsync
+server configuration file.  
+
+Several configuration options will not be available unless the remote
+user is root (e.g. chroot, setuid/setgid, etc.).  There is no need to
+configure inetd or the services map to include the rsync server port
+if you run an rsync server only via a remote shell program.
+
+To run an rsync server out of a single-use ssh key, use the
+"command=em(COMMAND)" syntax in the remote user's
+authorized_keys entry, where command would be
+
+quote(rsync --server --daemon .)
+
+NOTE: rsync's argument parsing expects the trailing ".", so make sure
+that it's there.  If you want to use a rsyncd.conf(5)-style
+configuration file other than /etc/rsyncd.conf, you can added a
+--config-file option to the em(command):
+
+quote(rsync --server --daemon --config-file=em(file) .)
+
 manpagesection(EXAMPLES)
 
 Here are some examples of how I use rsync.
@@ -501,8 +560,21 @@
 remote copies of rsync. By default, rsync will use rsh, but you may
 like to instead use ssh because of its high security.
 
+If this option is used with bf([user@]host::module/path), then the
+remote shell em(COMMMAND) will be used to run an rsync server on the
+remote host, and all data will be transmitted through that remote
+shell connection, rather than through a direct socket connection to a
+running rsync server on the remote host.
+
 You can also choose the remote shell program using the RSYNC_RSH
 environment variable.
+
+In either case, rsync will tokenize the remote-shell command, so you
+can use constructions like
+
+quote(rsync [options] --rsh="ssh -l user -i identity" source dest)
+
+to control things at a fine level.
 
 See also the --blocking-io option which is affected by this option.
 
Index: rsyncd.conf.5
===================================================================
RCS file: /juno/repository/usr/local/pkg/rsync/rsyncd.conf.5,v
retrieving revision 1.1.1.5
retrieving revision 1.3
diff -u -b -r1.1.1.5 -r1.3
--- rsyncd.conf.5	2001/12/03 23:48:52	1.1.1.5
+++ rsyncd.conf.5	2001/12/04 00:10:39	1.3
@@ -238,6 +238,11 @@
 "secrets file" option\&. The default is for all users to be able to
 connect without a password (this is called "anonymous rsync")\&.
 .IP 
+See also the \fBCONNECTING TO AN RSYNC SERVER OVER A REMOTE SHELL
+PROGRAM\fP section in rsync(1) for information on how handle an
+rsyncd\&.conf-level username that differs from the remote-shell-level
+username when using a remote shell to connect to a rsync server\&.
+.IP 
 .IP "\fBsecrets file\fP" 
 The "secrets file" option specifies the name of
 a file that contains the username:password pairs used for
Index: rsyncd.conf.yo
===================================================================
RCS file: /juno/repository/usr/local/pkg/rsync/rsyncd.conf.yo,v
retrieving revision 1.1.1.5
retrieving revision 1.3
diff -u -b -r1.1.1.5 -r1.3
--- rsyncd.conf.yo	2001/12/03 23:49:02	1.1.1.5
+++ rsyncd.conf.yo	2001/12/04 00:10:39	1.3
@@ -219,6 +219,11 @@
 "secrets file" option. The default is for all users to be able to
 connect without a password (this is called "anonymous rsync").
 
+See also the bf(CONNECTING TO AN RSYNC SERVER OVER A REMOTE SHELL
+PROGRAM) section in rsync(1) for information on how handle an
+rsyncd.conf-level username that differs from the remote-shell-level
+username when using a remote shell to connect to a rsync server.
+
 dit(bf(secrets file)) The "secrets file" option specifies the name of
 a file that contains the username:password pairs used for
 authenticating this module. This file is only consulted if the "auth
Index: socket.c
===================================================================
RCS file: /juno/repository/usr/local/pkg/rsync/socket.c,v
retrieving revision 1.1.1.5
retrieving revision 1.3
diff -u -b -r1.1.1.5 -r1.3
--- socket.c	2001/12/03 23:49:04	1.1.1.5
+++ socket.c	2001/12/04 00:10:39	1.3
@@ -349,7 +349,7 @@
 }
 
 
-void start_accept_loop(int port, int (*fn)(int ))
+void start_accept_loop(int port, int (*fn)(int, int))
 {
 	int s;
 	extern char *bind_address;
@@ -407,7 +407,7 @@
 			/* open log file in child before possibly giving
 			   up privileges  */
 			log_open();
-			_exit(fn(fd));
+			_exit(fn(fd, fd));
 		}
 
 		close(fd);