-After applying this patch, run these commands for a successful build:
-
- autoconf
- autoheader
- ./configure
- make proto
- make
-
-Casey Marshall writes:
+Casey Marshall wrote:
I've been hacking together a way to use rsync with OpenSSL, and have
attached my current patch against a recent CVS tree. The details of
#starttls
- And, if the server allows SSL, it replies with
+ And, if the daemon allows SSL, it replies with
@RSYNCD: starttls
All warnings apply; I don't do C programming all that often, so I
can't say if I've left any cleanup/compatibility errors in the code.
+To use this patch, run these commands for a successful build:
+
+ patch -p1 <patches/openssl-support.diff
+ ./prepare-source
+ ./configure
+ make
---- Makefile.in 15 May 2004 00:48:11 -0000 1.101
-+++ Makefile.in 4 Jun 2004 05:28:32 -0000
-@@ -39,7 +39,7 @@ OBJS3=progress.o pipe.o
+based-on: a01e3b490eb36ccf9e704840e1b6683dab867550
+diff --git a/Makefile.in b/Makefile.in
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -41,7 +41,7 @@ OBJS3=progress.o pipe.o
DAEMON_OBJ = params.o loadparm.o clientserver.o access.o connection.o authenticate.o
popt_OBJS=popt/findme.o popt/popt.o popt/poptconfig.o \
popt/popthelp.o popt/poptparse.o
-OBJS=$(OBJS1) $(OBJS2) $(OBJS3) $(DAEMON_OBJ) $(LIBOBJ) $(ZLIBOBJ) @BUILD_POPT@
+OBJS=$(OBJS1) $(OBJS2) $(OBJS3) $(DAEMON_OBJ) $(LIBOBJ) $(ZLIBOBJ) @BUILD_POPT@ @SSL_OBJS@
- TLS_OBJ = tls.o syscall.o lib/permstring.o
+ TLS_OBJ = tls.o syscall.o lib/compat.o lib/snprintf.o lib/permstring.o lib/sysxattrs.o @BUILD_POPT@
---- cleanup.c 13 May 2004 07:08:18 -0000 1.22
-+++ cleanup.c 4 Jun 2004 05:28:32 -0000
-@@ -24,6 +24,9 @@
+diff --git a/cleanup.c b/cleanup.c
+--- a/cleanup.c
++++ b/cleanup.c
+@@ -26,6 +26,9 @@ extern int am_server;
+ extern int am_daemon;
+ extern int am_receiver;
extern int io_error;
- extern int keep_partial;
- extern int log_got_error;
+#ifdef HAVE_OPENSSL
+extern int use_ssl;
+#endif
-
- /**
- * Close all open sockets and files, allowing a (somewhat) graceful
-@@ -99,6 +102,11 @@ void _exit_cleanup(int code, const char
- signal(SIGUSR1, SIG_IGN);
- signal(SIGUSR2, SIG_IGN);
+ extern int keep_partial;
+ extern int got_xfer_error;
+ extern int protocol_version;
+@@ -137,6 +140,14 @@ NORETURN void _exit_cleanup(int code, const char *file, int line)
+ who_am_i(), code, file, line);
+ }
+#ifdef HAVE_OPENSSL
-+ if (use_ssl)
-+ end_tls();
++ /* FALLTHROUGH */
++#include "case_N.h"
++
++ if (use_ssl)
++ end_tls();
+#endif
+
- if (verbose > 3) {
- rprintf(FINFO,"_exit_cleanup(code=%d, file=%s, line=%d): entered\n",
- code, file, line);
---- clientserver.c 15 May 2004 19:31:10 -0000 1.122
-+++ clientserver.c 4 Jun 2004 05:28:32 -0000
-@@ -46,6 +46,9 @@ extern int io_timeout;
- extern int orig_umask;
- extern int no_detach;
- extern int default_af_hint;
+ /* FALLTHROUGH */
+ #include "case_N.h"
+
+diff --git a/clientserver.c b/clientserver.c
+--- a/clientserver.c
++++ b/clientserver.c
+@@ -30,6 +30,9 @@ extern int am_sender;
+ extern int am_server;
+ extern int am_daemon;
+ extern int am_root;
+#ifdef HAVE_OPENSSL
+extern int use_ssl;
+#endif
- extern char *bind_address;
- extern struct exclude_list_struct server_exclude_list;
- extern char *exclude_path_prefix;
-@@ -93,8 +96,18 @@ int start_socket_client(char *host, char
- exit_cleanup(RERR_SOCKETIO);
+ extern int rsync_port;
+ extern int protect_args;
+ extern int ignore_errors;
+@@ -133,8 +136,18 @@ int start_socket_client(char *host, int remote_argc, char *remote_argv[],
+ #endif
- ret = start_inband_exchange(user, path, fd, fd, argc);
-+ if (ret < 0)
+ ret = start_inband_exchange(fd, fd, user, remote_argc, remote_argv);
++ if (ret)
+ return ret;
+
+#ifdef HAVE_OPENSSL
+ }
+#endif
-- return ret < 0? ret : client_run(fd, fd, -1, argc, argv);
+- return ret ? ret : client_run(fd, fd, -1, argc, argv);
+ return client_run(fd, fd, -1, argc, argv);
}
- int start_inband_exchange(char *user, char *path, int f_in, int f_out, int argc)
-@@ -145,6 +158,33 @@ int start_inband_exchange(char *user, ch
- if (protocol_version > remote_protocol)
- protocol_version = remote_protocol;
+ static int exchange_protocols(int f_in, int f_out, char *buf, size_t bufsiz, int am_client)
+@@ -277,6 +290,32 @@ int start_inband_exchange(int f_in, int f_out, const char *user, int argc, char
+ if (DEBUG_GTE(CMD, 1))
+ print_child_argv("sending daemon args:", sargs);
+#ifdef HAVE_OPENSSL
+ if (use_ssl) {
+ io_printf(f_out, "#starttls\n");
+ while (1) {
-+ if (!read_line(f_in, line, sizeof(line)-1)) {
++ if (!read_line_old(f_in, line, sizeof line)) {
+ rprintf(FERROR, "rsync: did not receive reply to #starttls\n");
+ return -1;
+ }
+ if (strncmp(line, "@ERROR", 6) == 0) {
-+ rprintf(FERROR, "rsync: ssl connection denied\n");
++ rprintf(FERROR, "%s\n", line);
+ return -1;
+ }
-+ if (strcmp(line, "@RSYNCD: starttls") == 0) {
++ if (strcmp(line, "@RSYNCD: starttls") == 0)
+ break;
-+ }
+ rprintf(FINFO, "%s\n", line);
+ }
+ if (start_tls(f_in, f_out)) {
+ }
+#endif
+
- p = strchr(path,'/');
- if (p) *p = 0;
- io_printf(f_out, "%s\n", path);
-@@ -172,6 +212,10 @@ int start_inband_exchange(char *user, ch
+ io_printf(f_out, "%.*s\n", modlen, modname);
+
+ /* Old servers may just drop the connection here,
+@@ -302,6 +341,10 @@ int start_inband_exchange(int f_in, int f_out, const char *user, int argc, char
* server to terminate the listing of modules.
* We don't want to go on and transfer
* anything; just exit. */
exit(0);
}
-@@ -179,6 +223,10 @@ int start_inband_exchange(char *user, ch
- rprintf(FERROR,"%s\n", line);
+@@ -309,6 +352,10 @@ int start_inband_exchange(int f_in, int f_out, const char *user, int argc, char
+ rprintf(FERROR, "%s\n", line);
/* This is always fatal; the server will now
* close the socket. */
+#ifdef HAVE_OPENSSL
+ if (use_ssl)
+ end_tls();
+#endif
- return RERR_STARTCLIENT;
- } else {
- rprintf(FINFO,"%s\n", line);
-@@ -485,6 +533,7 @@ static void send_listing(int fd)
- io_printf(fd,"@RSYNCD: EXIT\n");
- }
-
-+
- /* this is called when a connection is established to a client
- and we want to start talking. The setup of the system is done from
- here */
-@@ -544,6 +593,20 @@ int start_daemon(int f_in, int f_out)
return -1;
}
-+#if HAVE_OPENSSL
-+ if (use_ssl && strcmp(line, "#starttls") == 0) {
-+ io_printf(f_out, "@RSYNCD: starttls\n");
-+ if (start_tls(f_in, f_out)) {
-+ rprintf(FLOG, "SSL connection failed: %s\n",
-+ get_ssl_error());
-+ return -1;
-+ }
-+ f_in = get_tls_rfd();
-+ f_out = get_tls_wfd();
-+ continue;
-+ }
+@@ -1028,6 +1075,9 @@ int start_daemon(int f_in, int f_out)
+ if (exchange_protocols(f_in, f_out, line, sizeof line, 0) < 0)
+ return -1;
+
++#ifdef HAVE_OPENSSL
++retry:
+#endif
-+
- if (*line == '#') {
- /* it's some sort of command that I don't understand */
- io_printf(f_out, "@ERROR: Unknown command '%s'\n", line);
---- config.h.in 29 Apr 2004 19:40:39 -0000 1.90
-+++ config.h.in 4 Jun 2004 05:28:32 -0000
-@@ -167,6 +167,9 @@
- /* */
- #undef HAVE_OFF64_T
+ line[0] = 0;
+ if (!read_line_old(f_in, line, sizeof line))
+ return -1;
+@@ -1039,6 +1089,20 @@ int start_daemon(int f_in, int f_out)
+ return -1;
+ }
-+/* true if you want to use SSL. */
-+#undef HAVE_OPENSSL
++#ifdef HAVE_OPENSSL
++ if (use_ssl && strcmp(line, "#starttls") == 0) {
++ io_printf(f_out, "@RSYNCD: starttls\n");
++ if (start_tls(f_in, f_out)) {
++ rprintf(FLOG, "SSL connection failed: %s\n",
++ get_ssl_error());
++ return -1;
++ }
++ f_in = get_tls_rfd();
++ f_out = get_tls_wfd();
++ goto retry;
++ }
++#endif
+
- /* Define to 1 if you have the `readlink' function. */
- #undef HAVE_READLINK
-
---- configure.in 30 Apr 2004 18:03:33 -0000 1.196
-+++ configure.in 4 Jun 2004 05:28:32 -0000
-@@ -271,6 +271,21 @@ yes
- AC_SEARCH_LIBS(getaddrinfo, inet6)
+ if (*line == '#') {
+ /* it's some sort of command that I don't understand */
+ io_printf(f_out, "@ERROR: Unknown command '%s'\n", line);
+diff --git a/configure.in b/configure.in
+--- a/configure.in
++++ b/configure.in
+@@ -318,6 +318,21 @@ if test x"$enable_locale" != x"no"; then
+ AC_DEFINE(CONFIG_LOCALE)
fi
+AC_ARG_ENABLE(openssl,
AC_MSG_CHECKING([whether to call shutdown on all sockets])
case $host_os in
*cygwin* ) AC_MSG_RESULT(yes)
---- main.c 19 May 2004 22:19:19 -0000 1.195
-+++ main.c 4 Jun 2004 05:28:33 -0000
-@@ -51,6 +51,9 @@ extern int rsync_port;
- extern int read_batch;
- extern int write_batch;
- extern int filesfrom_fd;
-+#ifdef HAVE_OPENSSL
-+extern int use_ssl;
-+#endif
- extern pid_t cleanup_child_pid;
- extern char *files_from;
- extern char *remote_filesfrom_file;
-@@ -705,17 +708,32 @@ static int start_client(int argc, char *
- pid_t pid;
- int f_in,f_out;
- int rc;
-+ int url_prefix = strlen(URL_PREFIX);
-
- /* Don't clobber argv[] so that ps(1) can still show the right
- * command line. */
- if ((rc = copy_argv(argv)))
- return rc;
-
-+ if (strncasecmp(URL_PREFIX, argv[0], url_prefix) != 0) {
-+#ifdef HAVE_OPENSSL
-+ url_prefix = strlen(SSL_URL_PREFIX);
-+ if (strncasecmp(SSL_URL_PREFIX, argv[0], url_prefix) != 0)
-+ url_prefix = 0;
-+ else {
-+ if (!use_ssl)
-+ init_tls();
-+ use_ssl = 1;
-+ }
-+#else
-+ url_prefix = 0;
-+#endif
-+ }
- /* rsync:// always uses rsync server over direct socket connection */
-- if (strncasecmp(URL_PREFIX, argv[0], strlen(URL_PREFIX)) == 0) {
-+ if (url_prefix) {
- char *host, *path;
-
-- host = argv[0] + strlen(URL_PREFIX);
-+ host = argv[0] + url_prefix;
- p = strchr(host,'/');
- if (p) {
- *p = 0;
-@@ -764,12 +782,27 @@ static int start_client(int argc, char *
- argv++;
- } else {
- am_sender = 1;
-+ url_prefix = strlen(URL_PREFIX);
-+ if (strncasecmp(URL_PREFIX, argv[0], url_prefix) != 0) {
-+#ifdef HAVE_OPENSSL
-+ url_prefix = strlen(SSL_URL_PREFIX);
-+ if (strncasecmp(SSL_URL_PREFIX, argv[0], url_prefix) != 0)
-+ url_prefix = 0;
-+ else {
-+ if (!use_ssl)
-+ init_tls();
-+ use_ssl = 1;
-+ }
-+#else
-+ url_prefix = 0;
-+#endif
-+ }
-
- /* rsync:// destination uses rsync server over direct socket */
-- if (strncasecmp(URL_PREFIX, argv[argc-1], strlen(URL_PREFIX)) == 0) {
-+ if (url_prefix) {
- char *host, *path;
-
-- host = argv[argc-1] + strlen(URL_PREFIX);
-+ host = argv[argc-1] + url_prefix;
- p = strchr(host,'/');
- if (p) {
- *p = 0;
---- options.c 27 May 2004 21:51:53 -0000 1.153
-+++ options.c 4 Jun 2004 05:28:33 -0000
-@@ -131,6 +131,14 @@ int quiet = 0;
+diff --git a/options.c b/options.c
+--- a/options.c
++++ b/options.c
+@@ -191,6 +191,14 @@ int logfile_format_has_o_or_i = 0;
int always_checksum = 0;
int list_only = 0;
+char *ssl_ca_path = NULL;
+#endif
+
- #define FIXED_CHECKSUM_SEED 32761
- #define MAX_BATCH_PREFIX_LEN 256 /* Must be less than MAXPATHLEN-13 */
- char *batch_prefix = NULL;
-@@ -143,13 +151,13 @@ static int modify_window_set;
- * address, or a hostname. **/
- char *bind_address;
+ #define MAX_BATCH_NAME_LEN 256 /* Must be less than MAXPATHLEN-13 */
+ char *batch_name = NULL;
--
- static void print_rsync_version(enum logcode f)
- {
- char const *got_socketpair = "no ";
- char const *hardlinks = "no ";
+@@ -567,6 +575,7 @@ static void print_rsync_version(enum logcode f)
char const *links = "no ";
+ char const *iconv = "no ";
char const *ipv6 = "no ";
+ char const *ssl = "no ";
STRUCT_STAT *dumstat;
- #ifdef HAVE_SOCKETPAIR
-@@ -168,6 +176,10 @@ static void print_rsync_version(enum log
- ipv6 = "";
+ #if SUBPROTOCOL_VERSION != 0
+@@ -600,6 +609,9 @@ static void print_rsync_version(enum logcode f)
+ #ifdef CAN_SET_SYMLINK_TIMES
+ symtimes = "";
#endif
-
+#ifdef HAVE_OPENSSL
+ ssl = "";
+#endif
-+
- rprintf(f, "%s version %s protocol version %d\n",
- RSYNC_NAME, RSYNC_VERSION, PROTOCOL_VERSION);
- rprintf(f,
-@@ -181,10 +193,10 @@ static void print_rsync_version(enum log
- /* Note that this field may not have type ino_t. It depends
- * on the complicated interaction between largefile feature
- * macros. */
-- rprintf(f, " %sIPv6, %d-bit system inums, %d-bit internal inums\n",
-+ rprintf(f, " %sIPv6, %d-bit system inums, %d-bit internal inums, %sssl\n",
- ipv6,
- (int) (sizeof dumstat->st_ino * 8),
-- (int) (sizeof (uint64) * 8));
-+ (int) (sizeof (uint64) * 8), ssl);
+
+ rprintf(f, "%s version %s protocol version %d%s\n",
+ RSYNC_NAME, RSYNC_VERSION, PROTOCOL_VERSION, subprotocol);
+@@ -613,8 +625,8 @@ static void print_rsync_version(enum logcode f)
+ (int)(sizeof (int64) * 8));
+ rprintf(f, " %ssocketpairs, %shardlinks, %ssymlinks, %sIPv6, batchfiles, %sinplace,\n",
+ got_socketpair, hardlinks, links, ipv6, have_inplace);
+- rprintf(f, " %sappend, %sACLs, %sxattrs, %siconv, %ssymtimes\n",
+- have_inplace, acls, xattrs, iconv, symtimes);
++ rprintf(f, " %sappend, %sACLs, %sxattrs, %siconv, %ssymtimes, %sSSL\n",
++ have_inplace, acls, xattrs, iconv, symtimes, ssl);
+
#ifdef MAINTAINER_MODE
- rprintf(f, " panic action: \"%s\"\n",
- get_panic_action());
-@@ -296,6 +308,13 @@ void usage(enum logcode F)
- rprintf(F," -4 --ipv4 prefer IPv4\n");
- rprintf(F," -6 --ipv6 prefer IPv6\n");
+ rprintf(f, "Panic Action: \"%s\"\n", get_panic_action());
+@@ -785,6 +797,13 @@ void usage(enum logcode F)
#endif
+ rprintf(F," -4, --ipv4 prefer IPv4\n");
+ rprintf(F," -6, --ipv6 prefer IPv6\n");
++#ifdef HAVE_OPENSSL
++ rprintf(F," --ssl allow socket connections to use SSL\n");
++ rprintf(F," --ssl-cert=FILE path to daemon's SSL certificate\n");
++ rprintf(F," --ssl-key=FILE path to daemon's SSL private key\n");
++ rprintf(F," --ssl-key-passwd=PASS password for PEM-encoded private key\n");
++ rprintf(F," --ssl-ca-certs=FILE path to trusted CA certificates\n");
++#endif
+ rprintf(F," --version print version number\n");
+ rprintf(F,"(-h) --help show this help (-h works with no other options)\n");
+
+@@ -798,7 +817,7 @@ enum {OPT_VERSION = 1000, OPT_DAEMON, OPT_SENDER, OPT_EXCLUDE, OPT_EXCLUDE_FROM,
+ OPT_FILTER, OPT_COMPARE_DEST, OPT_COPY_DEST, OPT_LINK_DEST, OPT_HELP,
+ OPT_INCLUDE, OPT_INCLUDE_FROM, OPT_MODIFY_WINDOW, OPT_MIN_SIZE, OPT_CHMOD,
+ OPT_READ_BATCH, OPT_WRITE_BATCH, OPT_ONLY_WRITE_BATCH, OPT_MAX_SIZE,
+- OPT_NO_D, OPT_APPEND, OPT_NO_ICONV, OPT_INFO, OPT_DEBUG,
++ OPT_NO_D, OPT_APPEND, OPT_NO_ICONV, OPT_INFO, OPT_DEBUG, OPT_USE_SSL,
+ OPT_USERMAP, OPT_GROUPMAP, OPT_CHOWN, OPT_BWLIMIT,
+ OPT_SERVER, OPT_REFUSED_BASE = 9000};
+
+@@ -1013,6 +1032,13 @@ static struct poptOption long_options[] = {
+ {"checksum-seed", 0, POPT_ARG_INT, &checksum_seed, 0, 0, 0 },
+ {"server", 0, POPT_ARG_NONE, 0, OPT_SERVER, 0, 0 },
+ {"sender", 0, POPT_ARG_NONE, 0, OPT_SENDER, 0, 0 },
++#ifdef HAVE_OPENSSL
++ {"ssl", 0, POPT_ARG_NONE, 0, OPT_USE_SSL, 0, 0},
++ {"ssl-cert", 0, POPT_ARG_STRING, &ssl_cert_path, OPT_USE_SSL, 0, 0},
++ {"ssl-key", 0, POPT_ARG_STRING, &ssl_key_path, OPT_USE_SSL, 0, 0},
++ {"ssl-key-passwd", 0, POPT_ARG_STRING, &ssl_key_passwd, OPT_USE_SSL, 0, 0},
++ {"ssl-ca-certs", 0, POPT_ARG_STRING, &ssl_ca_path, OPT_USE_SSL, 0, 0},
++#endif
+ /* All the following options switch us into daemon-mode option-parsing. */
+ {"config", 0, POPT_ARG_STRING, 0, OPT_DAEMON, 0, 0 },
+ {"daemon", 0, POPT_ARG_NONE, 0, OPT_DAEMON, 0, 0 },
+@@ -1040,6 +1066,13 @@ static void daemon_usage(enum logcode F)
+ rprintf(F," -v, --verbose increase verbosity\n");
+ rprintf(F," -4, --ipv4 prefer IPv4\n");
+ rprintf(F," -6, --ipv6 prefer IPv6\n");
+#ifdef HAVE_OPENSSL
+ rprintf(F," --ssl allow socket connections to use SSL\n");
-+ rprintf(F," --ssl-cert=FILE path to server's SSL certificate\n");
-+ rprintf(F," --ssl-key=FILE path to server's SSL private key\n");
++ rprintf(F," --ssl-cert=FILE path to daemon's SSL certificate\n");
++ rprintf(F," --ssl-key=FILE path to daemon's SSL private key\n");
+ rprintf(F," --ssl-key-passwd=PASS password for PEM-encoded private key\n");
+ rprintf(F," --ssl-ca-certs=FILE path to trusted CA certificates\n");
+#endif
- rprintf(F," -h, --help show this help screen\n");
+ rprintf(F," --help show this help screen\n");
rprintf(F,"\n");
-@@ -307,7 +326,7 @@ void usage(enum logcode F)
- enum {OPT_VERSION = 1000, OPT_SENDER, OPT_EXCLUDE, OPT_EXCLUDE_FROM,
- OPT_DELETE_AFTER, OPT_DELETE_EXCLUDED, OPT_LINK_DEST,
- OPT_INCLUDE, OPT_INCLUDE_FROM, OPT_MODIFY_WINDOW,
-- OPT_READ_BATCH, OPT_WRITE_BATCH,
-+ OPT_READ_BATCH, OPT_WRITE_BATCH, OPT_USE_SSL,
- OPT_REFUSED_BASE = 9000};
-
- static struct poptOption long_options[] = {
-@@ -393,6 +412,13 @@ static struct poptOption long_options[]
- {"ipv4", '4', POPT_ARG_VAL, &default_af_hint, AF_INET, 0, 0 },
- {"ipv6", '6', POPT_ARG_VAL, &default_af_hint, AF_INET6, 0, 0 },
- #endif
+@@ -1065,6 +1098,13 @@ static struct poptOption long_daemon_options[] = {
+ {"protocol", 0, POPT_ARG_INT, &protocol_version, 0, 0, 0 },
+ {"server", 0, POPT_ARG_NONE, &am_server, 0, 0, 0 },
+ {"temp-dir", 'T', POPT_ARG_STRING, &tmpdir, 0, 0, 0 },
+#ifdef HAVE_OPENSSL
-+ {"ssl", 0, POPT_ARG_NONE, 0, OPT_USE_SSL, 0, 0},
-+ {"ssl-cert", 0, POPT_ARG_STRING, &ssl_cert_path, OPT_USE_SSL, 0, 0},
-+ {"ssl-key", 0, POPT_ARG_STRING, &ssl_key_path, OPT_USE_SSL, 0, 0},
++ {"ssl", 0, POPT_ARG_NONE, 0, OPT_USE_SSL, 0, 0},
++ {"ssl-cert", 0, POPT_ARG_STRING, &ssl_cert_path, OPT_USE_SSL, 0, 0},
++ {"ssl-key", 0, POPT_ARG_STRING, &ssl_key_path, OPT_USE_SSL, 0, 0},
+ {"ssl-key-passwd", 0, POPT_ARG_STRING, &ssl_key_passwd, OPT_USE_SSL, 0, 0},
-+ {"ssl-ca-certs", 0, POPT_ARG_STRING, &ssl_ca_path, OPT_USE_SSL, 0, 0},
++ {"ssl-ca-certs", 0, POPT_ARG_STRING, &ssl_ca_path, OPT_USE_SSL, 0, 0},
+#endif
- {0,0,0,0, 0, 0, 0}
- };
+ {"verbose", 'v', POPT_ARG_NONE, 0, 'v', 0, 0 },
+ {"no-verbose", 0, POPT_ARG_VAL, &verbose, 0, 0, 0 },
+ {"no-v", 0, POPT_ARG_VAL, &verbose, 0, 0, 0 },
+@@ -1360,6 +1400,12 @@ int parse_arguments(int *argc_p, const char ***argv_p)
+ verbose++;
+ break;
-@@ -592,6 +618,12 @@ int parse_arguments(int *argc, const cha
++#ifdef HAVE_OPENSSL
++ case OPT_USE_SSL:
++ use_ssl = 1;
++ break;
++#endif
++
+ default:
+ rprintf(FERROR,
+ "rsync: %s: %s (in daemon mode)\n",
+@@ -1386,6 +1432,17 @@ int parse_arguments(int *argc_p, const char ***argv_p)
+ exit_cleanup(RERR_SYNTAX);
+ }
+
++#ifdef HAVE_OPENSSL
++ if (use_ssl) {
++ if (init_tls()) {
++ snprintf(err_buf, sizeof(err_buf),
++ "Openssl error: %s\n",
++ get_ssl_error());
++ return 0;
++ }
++ }
++#endif
++
+ *argv_p = argv = poptGetArgs(pc);
+ *argc_p = argc = count_args(argv);
+ am_starting_up = 0;
+@@ -1764,6 +1821,12 @@ int parse_arguments(int *argc_p, const char ***argv_p)
return 0;
#endif
-+ case OPT_USE_SSL:
+#ifdef HAVE_OPENSSL
++ case OPT_USE_SSL:
+ use_ssl = 1;
-+#endif
+ break;
++#endif
+
default:
/* A large opt value means that set_refuse_options()
- * turned this option off (opt-BASE is its index). */
-@@ -729,6 +761,17 @@ int parse_arguments(int *argc, const cha
- if (do_progress && !verbose)
- verbose = 1;
+ * turned this option off. */
+@@ -2160,6 +2223,17 @@ int parse_arguments(int *argc_p, const char ***argv_p)
+ if (delay_updates && !partial_dir)
+ partial_dir = tmp_partialdir;
+#ifdef HAVE_OPENSSL
+ if (use_ssl) {
+ }
+#endif
+
- if (bwlimit) {
- bwlimit_writemax = (size_t)bwlimit * 128;
- if (bwlimit_writemax < 512)
---- rsync.h 16 May 2004 07:28:24 -0000 1.204
-+++ rsync.h 4 Jun 2004 05:28:33 -0000
-@@ -32,6 +32,7 @@
+ if (inplace) {
+ #ifdef HAVE_FTRUNCATE
+ if (partial_dir) {
+@@ -2750,9 +2824,18 @@ char *check_for_hostspec(char *s, char **host_ptr, int *port_ptr)
+ {
+ char *path;
+
+- if (port_ptr && strncasecmp(URL_PREFIX, s, strlen(URL_PREFIX)) == 0) {
+- *host_ptr = parse_hostspec(s + strlen(URL_PREFIX), &path, port_ptr);
+- if (*host_ptr) {
++ if (port_ptr) {
++ int url_prefix_len;
++ if (strncasecmp(URL_PREFIX, s, sizeof URL_PREFIX - 1) == 0)
++ url_prefix_len = sizeof URL_PREFIX - 1;
++ else if (strncasecmp(SSL_URL_PREFIX, s, sizeof SSL_URL_PREFIX - 1) == 0) {
++ if (!use_ssl)
++ init_tls();
++ use_ssl = 1;
++ url_prefix_len = sizeof SSL_URL_PREFIX - 1;
++ } else
++ url_prefix_len = 0;
++ if (url_prefix_len && (*host_ptr = parse_hostspec(s + url_prefix_len, &path, port_ptr))) {
+ if (!*port_ptr)
+ *port_ptr = RSYNC_PORT;
+ return path;
+diff --git a/rsync.h b/rsync.h
+--- a/rsync.h
++++ b/rsync.h
+@@ -31,6 +31,7 @@
#define DEFAULT_LOCK_FILE "/var/run/rsyncd.lock"
#define URL_PREFIX "rsync://"
+#define SSL_URL_PREFIX "rsyncs://"
- #define BACKUP_SUFFIX "~"
-
-@@ -326,6 +327,11 @@ enum msgcode {
- #define uint64 unsigned off_t
+ #define SYMLINK_PREFIX "/rsyncd-munged/" /* This MUST have a trailing slash! */
+ #define SYMLINK_PREFIX_LEN ((int)sizeof SYMLINK_PREFIX - 1)
+@@ -581,6 +582,11 @@ typedef unsigned int size_t;
+ # define SIZEOF_INT64 SIZEOF_OFF_T
#endif
-+#if HAVE_OPENSSL
++#ifdef HAVE_OPENSSL
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#endif
+
- /* Starting from protocol version 26, we always use 64-bit
- * ino_t and dev_t internally, even if this platform does not
- * allow files to have 64-bit inums. That's because the
---- /dev/null 1 Jan 1970 00:00:00 -0000
-+++ ssl.c 4 Jun 2004 05:28:33 -0000
-@@ -0,0 +1,366 @@
+ struct hashtable {
+ void *nodes;
+ int32 size, entries;
+diff --git a/ssl.c b/ssl.c
+new file mode 100644
+--- /dev/null
++++ b/ssl.c
+@@ -0,0 +1,369 @@
+/* -*- c-file-style: "linux" -*-
-+ * ssl.c: operations for negotiating SSL rsync connections.
++ * ssl.c: operations for negotiating SSL rsync connections.
+ *
+ * Copyright (C) 2003 Casey Marshall <rsdio@metastatic.org>
+ *
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
-+ *
++ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
-+ *
++ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+#define BUF_SIZE 1024
+
-+extern int verbose;
+extern int am_daemon;
+extern int am_server;
+
+static int ssl_running;
+static int ssl_pid = -1;
+
++#ifdef HAVE_SIGACTION
++static struct sigaction sigact;
++#endif
++
+/**
+ * A non-interactive callback to be passed to SSL_CTX_set_default_password_cb,
+ * which merely copies the value of ssl_key_passwd into buf. This is
+ */
+static int default_password_cb(char *buf, int n, UNUSED(int f), UNUSED(void *u))
+{
-+ if (ssl_key_passwd == NULL || n < strlen(ssl_key_passwd))
++ if (ssl_key_passwd == NULL || n < (int)strlen(ssl_key_passwd))
+ return 0;
+ strncpy(buf, ssl_key_passwd, n-1);
+ return strlen(ssl_key_passwd);
+/**
+ * If verbose, this method traces the status of the SSL handshake.
+ */
-+static void info_callback(SSL *ssl, int cb, int val)
++static void info_callback(const SSL *ssl, int cb, int val)
+{
+ char buf[128];
+ char *cbs;
+ cbs = buf;
+ break;
+ }
-+ if (verbose > 2) {
++ if (DEBUG_GTE(CONNECT, 1)) {
+ rprintf(FLOG, "SSL: info_callback(%p,%s,%d)\n", ssl, cbs, val);
+ if (cb == SSL_CB_HANDSHAKE_DONE) {
-+ SSL_CIPHER_description(SSL_get_current_cipher(ssl),
++ SSL_CIPHER_description(SSL_get_current_cipher((SSL*)ssl),
+ buf, sizeof buf);
+ rprintf(FLOG, "SSL: cipher: %s", buf);
+ }
+ return 0;
+ }
+
-+ signal(SIGUSR1, tls_sigusr1);
++ SIGACTION(SIGUSR1, tls_sigusr1);
+ ssl = SSL_new(ssl_ctx);
+ if (!ssl)
+ goto closed;
Matt McCutchen's Web Site / rsync / rsync-patches.git / blobdiff