#starttls
- And, if the server allows SSL, it replies with
+ And, if the daemon allows SSL, it replies with
@RSYNCD: starttls
can't say if I've left any cleanup/compatibility errors in the code.
---- orig/Makefile.in 2004-11-03 11:56:03
+--- orig/Makefile.in 2006-01-14 08:14:29
+++ Makefile.in 2004-10-08 20:17:06
-@@ -39,7 +39,7 @@ OBJS3=progress.o pipe.o
+@@ -38,7 +38,7 @@ OBJS3=progress.o pipe.o
DAEMON_OBJ = params.o loadparm.o clientserver.o access.o connection.o authenticate.o
popt_OBJS=popt/findme.o popt/popt.o popt/poptconfig.o \
popt/popthelp.o popt/poptparse.o
TLS_OBJ = tls.o syscall.o lib/compat.o lib/snprintf.o lib/permstring.o
---- orig/cleanup.c 2005-02-07 20:41:56
+--- orig/cleanup.c 2006-01-30 07:18:27
+++ cleanup.c 2005-01-10 10:43:22
@@ -22,6 +22,9 @@
#include "rsync.h"
+
if (verbose > 3) {
rprintf(FINFO,"_exit_cleanup(code=%d, file=%s, line=%d): entered\n",
- code, safe_fname(file), line);
---- orig/clientserver.c 2005-02-14 02:45:10
-+++ clientserver.c 2004-10-08 20:44:59
-@@ -45,6 +45,9 @@ extern int select_timeout;
+ code, file, line);
+--- orig/clientserver.c 2006-01-30 21:47:45
++++ clientserver.c 2005-04-09 17:39:57
+@@ -44,6 +44,9 @@ extern int io_timeout;
extern int orig_umask;
extern int no_detach;
extern int default_af_hint;
+extern int use_ssl;
+#endif
extern char *bind_address;
- extern struct filter_list_struct server_filter_list;
+ extern char *sockopts;
extern char *config_file;
-@@ -100,8 +103,18 @@ int start_socket_client(char *host, char
- exit_cleanup(RERR_SOCKETIO);
+@@ -103,8 +106,18 @@ int start_socket_client(char *host, char
+ set_socket_options(fd, sockopts);
ret = start_inband_exchange(user, path, fd, fd, argc);
-+ if (ret < 0)
++ if (ret)
+ return ret;
+
+#if HAVE_OPENSSL
+ }
+#endif
-- return ret < 0? ret : client_run(fd, fd, -1, argc, argv);
+- return ret ? ret : client_run(fd, fd, -1, argc, argv);
+ return client_run(fd, fd, -1, argc, argv);
}
int start_inband_exchange(char *user, char *path, int f_in, int f_out,
-@@ -162,6 +175,33 @@ int start_inband_exchange(char *user, ch
+@@ -165,6 +178,33 @@ int start_inband_exchange(char *user, ch
if (verbose > 1)
print_child_argv(sargs);
p = strchr(path,'/');
if (p) *p = 0;
io_printf(f_out, "%s\n", path);
-@@ -190,6 +230,10 @@ int start_inband_exchange(char *user, ch
+@@ -193,6 +233,10 @@ int start_inband_exchange(char *user, ch
* server to terminate the listing of modules.
* We don't want to go on and transfer
* anything; just exit. */
exit(0);
}
-@@ -197,6 +241,10 @@ int start_inband_exchange(char *user, ch
+@@ -200,6 +244,10 @@ int start_inband_exchange(char *user, ch
rprintf(FERROR, "%s\n", line);
/* This is always fatal; the server will now
* close the socket. */
+ if (use_ssl)
+ end_tls();
+#endif
- return RERR_STARTCLIENT;
- } else {
- rprintf(FINFO,"%s\n", line);
-@@ -526,6 +574,7 @@ static void send_listing(int fd)
+ return -1;
+ }
+
+@@ -714,6 +762,7 @@ static void send_listing(int fd)
io_printf(fd,"@RSYNCD: EXIT\n");
}
/* this is called when a connection is established to a client
and we want to start talking. The setup of the system is done from
here */
-@@ -575,6 +624,9 @@ int start_daemon(int f_in, int f_out)
+@@ -766,6 +815,9 @@ int start_daemon(int f_in, int f_out)
if (protocol_version > remote_protocol)
protocol_version = remote_protocol;
line[0] = 0;
if (!read_line(f_in, line, sizeof line - 1))
return -1;
-@@ -584,6 +636,20 @@ int start_daemon(int f_in, int f_out)
+@@ -775,6 +827,20 @@ int start_daemon(int f_in, int f_out)
return -1;
}
if (*line == '#') {
/* it's some sort of command that I don't understand */
io_printf(f_out, "@ERROR: Unknown command '%s'\n", line);
---- orig/configure.in 2005-01-28 23:01:08
+--- orig/configure.in 2006-01-15 14:52:33
+++ configure.in 2004-07-03 20:22:28
-@@ -271,6 +271,21 @@ yes
- AC_SEARCH_LIBS(getaddrinfo, inet6)
+@@ -282,6 +282,21 @@ if test x"$enable_locale" != x"no"; then
+ AC_DEFINE(CONFIG_LOCALE)
fi
+AC_ARG_ENABLE(openssl,
AC_MSG_CHECKING([whether to call shutdown on all sockets])
case $host_os in
*cygwin* ) AC_MSG_RESULT(yes)
---- orig/main.c 2005-02-14 02:45:10
-+++ main.c 2004-10-08 20:15:28
-@@ -53,6 +53,9 @@ extern int write_batch;
- extern int batch_fd;
- extern int batch_gen_fd;
- extern int filesfrom_fd;
-+#if HAVE_OPENSSL
-+extern int use_ssl;
-+#endif
- extern pid_t cleanup_child_pid;
- extern char *files_from;
- extern char *remote_filesfrom_file;
-@@ -823,33 +826,48 @@ static int start_client(int argc, char *
- if ((rc = copy_argv(argv)))
- return rc;
-
-- /* rsync:// always uses rsync server over direct socket connection */
-- if (strncasecmp(URL_PREFIX, argv[0], strlen(URL_PREFIX)) == 0
-- && !read_batch) {
-- char *host, *path;
-+ if (!read_batch) { /* for read_batch, NO source is specified */
-+ int url_prefix_len = sizeof URL_PREFIX - 1;
-
-- host = argv[0] + strlen(URL_PREFIX);
-- p = strchr(host,'/');
-- if (p) {
-- *p = '\0';
-- path = p+1;
-- } else
-- path = "";
-- if (*host == '[' && (p = strchr(host, ']')) != NULL) {
-- host++;
-- *p++ = '\0';
-- if (*p != ':')
-- p = NULL;
-- } else
-- p = strchr(host, ':');
-- if (p) {
-- rsync_port = atoi(p+1);
-- *p = '\0';
-+ /* rsync:// always uses rsync server over direct socket connection */
-+ if (strncasecmp(URL_PREFIX, argv[0], url_prefix_len) != 0) {
-+#if HAVE_OPENSSL
-+ url_prefix_len = sizeof SSL_URL_PREFIX - 1;
-+ if (strncasecmp(SSL_URL_PREFIX, argv[0], url_prefix_len) != 0)
-+ url_prefix_len = 0;
-+ else {
-+ if (!use_ssl)
-+ init_tls();
-+ use_ssl = 1;
-+ }
-+#else
-+ url_prefix_len = 0;
-+#endif
-+ }
-+ if (url_prefix_len) {
-+ char *host, *path;
-+
-+ host = argv[0] + url_prefix_len;
-+ p = strchr(host,'/');
-+ if (p) {
-+ *p = '\0';
-+ path = p+1;
-+ } else
-+ path = "";
-+ if (*host == '[' && (p = strchr(host, ']')) != NULL) {
-+ host++;
-+ *p++ = '\0';
-+ if (*p != ':')
-+ p = NULL;
-+ } else
-+ p = strchr(host, ':');
-+ if (p) {
-+ rsync_port = atoi(p+1);
-+ *p = '\0';
-+ }
-+ return start_socket_client(host, path, argc-1, argv+1);
- }
-- return start_socket_client(host, path, argc-1, argv+1);
-- }
-
-- if (!read_batch) { /* for read_batch, NO source is specified */
- p = find_colon(argv[0]);
- if (p) { /* source is remote */
- if (remote_filesfrom_file
-@@ -881,12 +899,26 @@ static int start_client(int argc, char *
- argv++;
- } else { /* source is local */
- am_sender = 1;
--
-+ url_prefix_len = sizeof URL_PREFIX - 1;
- /* rsync:// destination uses rsync server over direct socket */
-- if (strncasecmp(URL_PREFIX, argv[argc-1], strlen(URL_PREFIX)) == 0) {
-+ if (strncasecmp(URL_PREFIX, argv[argc-1], url_prefix_len) != 0) {
-+#if HAVE_OPENSSL
-+ url_prefix_len = sizeof SSL_URL_PREFIX - 1;
-+ if (strncasecmp(SSL_URL_PREFIX, argv[argc-1], url_prefix_len) != 0)
-+ url_prefix_len = 0;
-+ else {
-+ if (!use_ssl)
-+ init_tls();
-+ use_ssl = 1;
-+ }
-+#else
-+ url_prefix_len = 0;
-+#endif
-+ }
-+ if (url_prefix_len) {
- char *host, *path;
-
-- host = argv[argc-1] + strlen(URL_PREFIX);
-+ host = argv[argc-1] + url_prefix_len;
- p = strchr(host,'/');
- if (p) {
- *p = '\0';
---- orig/options.c 2005-02-14 02:45:10
-+++ options.c 2004-11-27 18:31:46
-@@ -144,6 +144,14 @@ int quiet = 0;
+--- orig/options.c 2006-01-31 03:11:30
++++ options.c 2006-01-26 10:57:46
+@@ -167,6 +167,14 @@ int log_format_has_o_or_i = 0;
int always_checksum = 0;
int list_only = 0;
#define MAX_BATCH_NAME_LEN 256 /* Must be less than MAXPATHLEN-13 */
char *batch_name = NULL;
-@@ -169,6 +177,7 @@ static void print_rsync_version(enum log
+@@ -195,6 +203,7 @@ static void print_rsync_version(enum log
char const *hardlinks = "no ";
char const *links = "no ";
char const *ipv6 = "no ";
STRUCT_STAT *dumstat;
#ifdef HAVE_SOCKETPAIR
-@@ -191,6 +200,10 @@ static void print_rsync_version(enum log
+@@ -217,6 +226,10 @@ static void print_rsync_version(enum log
ipv6 = "";
#endif
+
rprintf(f, "%s version %s protocol version %d\n",
RSYNC_NAME, RSYNC_VERSION, PROTOCOL_VERSION);
- rprintf(f,
-@@ -204,10 +217,10 @@ static void print_rsync_version(enum log
+ rprintf(f, "Copyright (C) 1996-2006 by Andrew Tridgell, Wayne Davison, and others.\n");
+@@ -229,10 +242,10 @@ static void print_rsync_version(enum log
/* Note that this field may not have type ino_t. It depends
* on the complicated interaction between largefile feature
* macros. */
#ifdef MAINTAINER_MODE
rprintf(f, " panic action: \"%s\"\n",
get_panic_action());
-@@ -335,6 +348,13 @@ void usage(enum logcode F)
+@@ -371,6 +384,13 @@ void usage(enum logcode F)
rprintf(F," -4, --ipv4 prefer IPv4\n");
rprintf(F," -6, --ipv6 prefer IPv6\n");
#endif
+#if HAVE_OPENSSL
+ rprintf(F," --ssl allow socket connections to use SSL\n");
-+ rprintf(F," --ssl-cert=FILE path to server's SSL certificate\n");
-+ rprintf(F," --ssl-key=FILE path to server's SSL private key\n");
++ rprintf(F," --ssl-cert=FILE path to daemon's SSL certificate\n");
++ rprintf(F," --ssl-key=FILE path to daemon's SSL private key\n");
+ rprintf(F," --ssl-key-passwd=PASS password for PEM-encoded private key\n");
+ rprintf(F," --ssl-ca-certs=FILE path to trusted CA certificates\n");
+#endif
- rprintf(F," -h, --help show this help screen\n");
+ rprintf(F," --version print version number\n");
+ rprintf(F," --help show this help screen\n");
- rprintf(F,"\nUse \"rsync --daemon --help\" to see the daemon-mode command-line options.\n");
-@@ -345,7 +365,7 @@ void usage(enum logcode F)
- enum {OPT_VERSION = 1000, OPT_DAEMON, OPT_SENDER, OPT_EXCLUDE, OPT_EXCLUDE_FROM,
- OPT_FILTER, OPT_COMPARE_DEST, OPT_COPY_DEST, OPT_LINK_DEST,
- OPT_INCLUDE, OPT_INCLUDE_FROM, OPT_MODIFY_WINDOW,
-- OPT_READ_BATCH, OPT_WRITE_BATCH, OPT_TIMEOUT, OPT_MAX_SIZE,
-+ OPT_READ_BATCH, OPT_WRITE_BATCH, OPT_TIMEOUT, OPT_MAX_SIZE, OPT_USE_SSL,
- OPT_REFUSED_BASE = 9000};
+@@ -383,7 +403,7 @@ enum {OPT_VERSION = 1000, OPT_DAEMON, OP
+ OPT_FILTER, OPT_COMPARE_DEST, OPT_COPY_DEST, OPT_LINK_DEST, OPT_HELP,
+ OPT_INCLUDE, OPT_INCLUDE_FROM, OPT_MODIFY_WINDOW, OPT_MIN_SIZE, OPT_CHMOD,
+ OPT_READ_BATCH, OPT_WRITE_BATCH, OPT_ONLY_WRITE_BATCH, OPT_MAX_SIZE,
+- OPT_NO_D,
++ OPT_NO_D, OPT_USE_SSL,
+ OPT_SERVER, OPT_REFUSED_BASE = 9000};
static struct poptOption long_options[] = {
-@@ -442,6 +462,13 @@ static struct poptOption long_options[]
- {"ipv4", '4', POPT_ARG_VAL, &default_af_hint, AF_INET, 0, 0 },
- {"ipv6", '6', POPT_ARG_VAL, &default_af_hint, AF_INET6, 0, 0 },
- #endif
+@@ -520,6 +540,13 @@ static struct poptOption long_options[]
+ {"checksum-seed", 0, POPT_ARG_INT, &checksum_seed, 0, 0, 0 },
+ {"server", 0, POPT_ARG_NONE, 0, OPT_SERVER, 0, 0 },
+ {"sender", 0, POPT_ARG_NONE, 0, OPT_SENDER, 0, 0 },
+#if HAVE_OPENSSL
+ {"ssl", 0, POPT_ARG_NONE, 0, OPT_USE_SSL, 0, 0},
+ {"ssl-cert", 0, POPT_ARG_STRING, &ssl_cert_path, OPT_USE_SSL, 0, 0},
+ {"ssl-key-passwd", 0, POPT_ARG_STRING, &ssl_key_passwd, OPT_USE_SSL, 0, 0},
+ {"ssl-ca-certs", 0, POPT_ARG_STRING, &ssl_ca_path, OPT_USE_SSL, 0, 0},
+#endif
- /* All these options switch us into daemon-mode option-parsing. */
- {"address", 0, POPT_ARG_STRING, 0, OPT_DAEMON, 0, 0 },
+ /* All the following options switch us into daemon-mode option-parsing. */
{"config", 0, POPT_ARG_STRING, 0, OPT_DAEMON, 0, 0 },
-@@ -834,6 +861,12 @@ int parse_arguments(int *argc, const cha
- basis_dir[basis_dir_cnt++] = (char *)arg;
- break;
+ {"daemon", 0, POPT_ARG_NONE, 0, OPT_DAEMON, 0, 0 },
+@@ -1057,6 +1084,12 @@ int parse_arguments(int *argc, const cha
+ usage(FINFO);
+ exit_cleanup(0);
+ case OPT_USE_SSL:
+#if HAVE_OPENSSL
default:
/* A large opt value means that set_refuse_options()
* turned this option off. */
-@@ -1066,6 +1099,17 @@ int parse_arguments(int *argc, const cha
+@@ -1335,6 +1368,17 @@ int parse_arguments(int *argc, const cha
if (delay_updates && !partial_dir)
- partial_dir = partialdir_for_delayupdate;
+ partial_dir = tmp_partialdir;
+#if HAVE_OPENSSL
+ if (use_ssl) {
if (inplace) {
#ifdef HAVE_FTRUNCATE
if (partial_dir) {
---- orig/rsync.h 2005-02-14 02:45:10
+@@ -1746,11 +1790,28 @@ char *check_for_hostspec(char *s, char *
+ {
+ char *p;
+ int not_host;
++ int url_prefix_len = sizeof URL_PREFIX - 1;
+
+- if (port_ptr && strncasecmp(URL_PREFIX, s, strlen(URL_PREFIX)) == 0) {
++ if (!port_ptr)
++ url_prefix_len = 0;
++ else if (strncasecmp(URL_PREFIX, s, url_prefix_len) != 0) {
++#if HAVE_OPENSSL
++ url_prefix_len = sizeof SSL_URL_PREFIX - 1;
++ if (strncasecmp(SSL_URL_PREFIX, s, url_prefix_len) != 0)
++ url_prefix_len = 0;
++ else {
++ if (!use_ssl)
++ init_tls();
++ use_ssl = 1;
++ }
++#else
++ url_prefix_len = 0;
++#endif
++ }
++ if (url_prefix_len) {
+ char *path;
+ int hostlen;
+- s += strlen(URL_PREFIX);
++ s += url_prefix_len;
+ if ((p = strchr(s, '/')) != NULL) {
+ hostlen = p - s;
+ path = p + 1;
+--- orig/rsync.h 2006-01-30 20:39:09
+++ rsync.h 2004-10-08 21:01:33
@@ -32,6 +32,7 @@
#define BACKUP_SUFFIX "~"
-@@ -384,6 +385,11 @@ enum msgcode {
+@@ -410,6 +411,11 @@ enum msgcode {
# define SIZEOF_INT64 SIZEOF_OFF_T
#endif