------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
+After applying this patch, run these commands for a successful build:
-Hi.
+ autoconf
+ autoheader
+ ./configure
+ make proto
+ make
+
+Casey Marshall writes:
I've been hacking together a way to use rsync with OpenSSL, and have
attached my current patch against a recent CVS tree. The details of
All warnings apply; I don't do C programming all that often, so I
can't say if I've left any cleanup/compatibility errors in the code.
-Also: <http://rsync.samba.org/lists.html> refers to the (now gone)
-smart-questions document on tuxedo.org, which should now be catb.org.
-
-Cheers,
-
-- --
-Casey Marshall || rsdio@metastatic.org
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.2.1 (GNU/Linux)
-Comment: Processed by Mailcrypt 3.5.7 <http://mailcrypt.sourceforge.net/>
-
-iD8DBQE/ih9xgAuWMgRGsWsRAp8RAJ0XyONLiOSDgHHAOBRNO6sZ/P2dRwCeKfu8
-LEvhhkUglOm3xMyrdJT4u9Q=
-=aT/N
------END PGP SIGNATURE-----
---- Makefile.in 10 Feb 2004 17:06:11 -0000 1.98
-+++ Makefile.in 25 Apr 2004 18:37:22 -0000
+--- Makefile.in 15 May 2004 00:48:11 -0000 1.101
++++ Makefile.in 30 Jun 2004 00:11:17 -0000
@@ -39,7 +39,7 @@ OBJS3=progress.o pipe.o
DAEMON_OBJ = params.o loadparm.o clientserver.o access.o connection.o authenticate.o
popt_OBJS=popt/findme.o popt/popt.o popt/poptconfig.o \
TLS_OBJ = tls.o syscall.o lib/permstring.o
---- cleanup.c 27 Jan 2004 08:14:33 -0000 1.21
-+++ cleanup.c 25 Apr 2004 18:37:22 -0000
-@@ -87,6 +87,9 @@ void _exit_cleanup(int code, const char
- int ocode = code;
- extern int keep_partial;
- extern int log_got_error;
+--- cleanup.c 13 May 2004 07:08:18 -0000 1.22
++++ cleanup.c 30 Jun 2004 00:11:17 -0000
+@@ -24,6 +24,9 @@
+ extern int io_error;
+ extern int keep_partial;
+ extern int log_got_error;
+#ifdef HAVE_OPENSSL
-+ extern int use_ssl;
++extern int use_ssl;
+#endif
- static int inside_cleanup = 0;
-
- if (inside_cleanup > 10) {
-@@ -97,6 +100,11 @@ void _exit_cleanup(int code, const char
+ /**
+ * Close all open sockets and files, allowing a (somewhat) graceful
+@@ -99,6 +102,11 @@ void _exit_cleanup(int code, const char
signal(SIGUSR1, SIG_IGN);
signal(SIGUSR2, SIG_IGN);
-+
+
+#ifdef HAVE_OPENSSL
+ if (use_ssl)
+ end_tls();
+#endif
-
- if (verbose > 3)
- rprintf(FINFO,"_exit_cleanup(code=%d, file=%s, line=%d): entered\n",
---- clientserver.c 14 Apr 2004 23:33:34 -0000 1.121
-+++ clientserver.c 25 Apr 2004 18:37:23 -0000
++
+ if (verbose > 3) {
+ rprintf(FINFO,"_exit_cleanup(code=%d, file=%s, line=%d): entered\n",
+ code, file, line);
+--- clientserver.c 13 Jun 2004 14:18:48 -0000 1.127
++++ clientserver.c 30 Jun 2004 00:11:17 -0000
@@ -46,6 +46,9 @@ extern int io_timeout;
extern int orig_umask;
extern int no_detach;
}
int start_inband_exchange(char *user, char *path, int f_in, int f_out, int argc)
-@@ -145,6 +158,33 @@ int start_inband_exchange(char *user, ch
+@@ -148,6 +161,33 @@ int start_inband_exchange(char *user, ch
if (protocol_version > remote_protocol)
protocol_version = remote_protocol;
p = strchr(path,'/');
if (p) *p = 0;
io_printf(f_out, "%s\n", path);
-@@ -172,6 +212,10 @@ int start_inband_exchange(char *user, ch
+@@ -176,6 +216,10 @@ int start_inband_exchange(char *user, ch
* server to terminate the listing of modules.
* We don't want to go on and transfer
* anything; just exit. */
exit(0);
}
-@@ -179,6 +223,10 @@ int start_inband_exchange(char *user, ch
- rprintf(FERROR,"%s\n", line);
+@@ -183,6 +227,10 @@ int start_inband_exchange(char *user, ch
+ rprintf(FERROR, "%s\n", line);
/* This is always fatal; the server will now
* close the socket. */
+#ifdef HAVE_OPENSSL
return RERR_STARTCLIENT;
} else {
rprintf(FINFO,"%s\n", line);
-@@ -485,6 +533,7 @@ static void send_listing(int fd)
+@@ -487,6 +535,7 @@ static void send_listing(int fd)
io_printf(fd,"@RSYNCD: EXIT\n");
}
/* this is called when a connection is established to a client
and we want to start talking. The setup of the system is done from
here */
-@@ -543,6 +592,20 @@ int start_daemon(int f_in, int f_out)
- send_listing(f_out);
+@@ -544,6 +593,20 @@ int start_daemon(int f_in, int f_out)
return -1;
}
-+
+
+#if HAVE_OPENSSL
+ if (use_ssl && strcmp(line, "#starttls") == 0) {
+ io_printf(f_out, "@RSYNCD: starttls\n");
+ continue;
+ }
+#endif
-
++
if (*line == '#') {
/* it's some sort of command that I don't understand */
---- config.h.in 9 Apr 2004 18:09:30 -0000 1.89
-+++ config.h.in 25 Apr 2004 18:37:23 -0000
+ io_printf(f_out, "@ERROR: Unknown command '%s'\n", line);
+--- config.h.in 29 Apr 2004 19:40:39 -0000 1.90
++++ config.h.in 30 Jun 2004 00:11:17 -0000
@@ -167,6 +167,9 @@
/* */
#undef HAVE_OFF64_T
/* Define to 1 if you have the `readlink' function. */
#undef HAVE_READLINK
---- configure.in 17 Apr 2004 18:40:16 -0000 1.191
-+++ configure.in 25 Apr 2004 18:37:23 -0000
-@@ -266,6 +266,21 @@ yes
+--- configure.in 30 Apr 2004 18:03:33 -0000 1.196
++++ configure.in 30 Jun 2004 00:11:17 -0000
+@@ -271,6 +271,21 @@ yes
AC_SEARCH_LIBS(getaddrinfo, inet6)
fi
AC_MSG_CHECKING([whether to call shutdown on all sockets])
case $host_os in
*cygwin* ) AC_MSG_RESULT(yes)
---- main.c 10 Feb 2004 03:54:47 -0000 1.192
-+++ main.c 25 Apr 2004 18:37:23 -0000
-@@ -51,6 +51,9 @@ extern int rsync_port;
+--- main.c 28 Jun 2004 17:45:40 -0000 1.201
++++ main.c 30 Jun 2004 00:11:17 -0000
+@@ -52,6 +52,9 @@ extern int rsync_port;
extern int read_batch;
extern int write_batch;
extern int filesfrom_fd;
extern pid_t cleanup_child_pid;
extern char *files_from;
extern char *remote_filesfrom_file;
-@@ -701,17 +704,32 @@ static int start_client(int argc, char *
+@@ -719,17 +722,32 @@ static int start_client(int argc, char *
pid_t pid;
int f_in,f_out;
int rc;
p = strchr(host,'/');
if (p) {
*p = 0;
-@@ -760,12 +778,27 @@ static int start_client(int argc, char *
+@@ -777,12 +795,27 @@ static int start_client(int argc, char *
argv++;
- } else {
+ } else { /* source is local */
am_sender = 1;
+ url_prefix = strlen(URL_PREFIX);
+ if (strncasecmp(URL_PREFIX, argv[0], url_prefix) != 0) {
p = strchr(host,'/');
if (p) {
*p = 0;
---- options.c 17 Apr 2004 17:07:23 -0000 1.147
-+++ options.c 25 Apr 2004 18:37:24 -0000
-@@ -130,6 +130,14 @@ int quiet = 0;
+--- options.c 20 Jun 2004 19:47:05 -0000 1.157
++++ options.c 30 Jun 2004 00:11:18 -0000
+@@ -133,6 +133,14 @@ int quiet = 0;
int always_checksum = 0;
int list_only = 0;
#define FIXED_CHECKSUM_SEED 32761
#define MAX_BATCH_PREFIX_LEN 256 /* Must be less than MAXPATHLEN-13 */
char *batch_prefix = NULL;
-@@ -142,13 +150,13 @@ static int modify_window_set;
+@@ -145,13 +153,13 @@ static int modify_window_set;
* address, or a hostname. **/
char *bind_address;
STRUCT_STAT *dumstat;
#ifdef HAVE_SOCKETPAIR
-@@ -167,6 +175,10 @@ static void print_rsync_version(enum log
+@@ -170,6 +178,10 @@ static void print_rsync_version(enum log
ipv6 = "";
#endif
rprintf(f, "%s version %s protocol version %d\n",
RSYNC_NAME, RSYNC_VERSION, PROTOCOL_VERSION);
rprintf(f,
-@@ -180,10 +192,10 @@ static void print_rsync_version(enum log
+@@ -183,10 +195,10 @@ static void print_rsync_version(enum log
/* Note that this field may not have type ino_t. It depends
* on the complicated interaction between largefile feature
* macros. */
#ifdef MAINTAINER_MODE
rprintf(f, " panic action: \"%s\"\n",
get_panic_action());
-@@ -295,6 +307,13 @@ void usage(enum logcode F)
- rprintf(F," -4 prefer IPv4\n");
- rprintf(F," -6 prefer IPv6\n");
+@@ -299,6 +311,13 @@ void usage(enum logcode F)
+ rprintf(F," -4 --ipv4 prefer IPv4\n");
+ rprintf(F," -6 --ipv6 prefer IPv6\n");
#endif
+#ifdef HAVE_OPENSSL
+ rprintf(F," --ssl allow socket connections to use SSL\n");
+ rprintf(F," --ssl-key-passwd=PASS password for PEM-encoded private key\n");
+ rprintf(F," --ssl-ca-certs=FILE path to trusted CA certificates\n");
+#endif
+ rprintf(F," -h, --help show this help screen\n");
rprintf(F,"\n");
-
-@@ -305,7 +324,7 @@ void usage(enum logcode F)
+@@ -310,7 +329,7 @@ void usage(enum logcode F)
enum {OPT_VERSION = 1000, OPT_SENDER, OPT_EXCLUDE, OPT_EXCLUDE_FROM,
OPT_DELETE_AFTER, OPT_DELETE_EXCLUDED, OPT_LINK_DEST,
OPT_INCLUDE, OPT_INCLUDE_FROM, OPT_MODIFY_WINDOW,
-- OPT_READ_BATCH, OPT_WRITE_BATCH,
-+ OPT_READ_BATCH, OPT_WRITE_BATCH, OPT_USE_SSL,
+- OPT_READ_BATCH, OPT_WRITE_BATCH, OPT_TIMEOUT,
++ OPT_READ_BATCH, OPT_WRITE_BATCH, OPT_TIMEOUT, OPT_USE_SSL,
OPT_REFUSED_BASE = 9000};
static struct poptOption long_options[] = {
-@@ -390,6 +409,13 @@ static struct poptOption long_options[]
- {0, '4', POPT_ARG_VAL, &default_af_hint, AF_INET, 0, 0 },
- {0, '6', POPT_ARG_VAL, &default_af_hint, AF_INET6, 0, 0 },
+@@ -397,6 +416,13 @@ static struct poptOption long_options[]
+ {"ipv4", '4', POPT_ARG_VAL, &default_af_hint, AF_INET, 0, 0 },
+ {"ipv6", '6', POPT_ARG_VAL, &default_af_hint, AF_INET6, 0, 0 },
#endif
+#ifdef HAVE_OPENSSL
+ {"ssl", 0, POPT_ARG_NONE, 0, OPT_USE_SSL, 0, 0},
{0,0,0,0, 0, 0, 0}
};
-@@ -584,6 +610,12 @@ int parse_arguments(int *argc, const cha
+@@ -596,6 +622,12 @@ int parse_arguments(int *argc, const cha
return 0;
#endif
default:
/* A large opt value means that set_refuse_options()
* turned this option off (opt-BASE is its index). */
-@@ -722,6 +754,17 @@ int parse_arguments(int *argc, const cha
-
+@@ -733,6 +765,17 @@ int parse_arguments(int *argc, const cha
if (do_progress && !verbose)
verbose = 1;
-+
+
+#ifdef HAVE_OPENSSL
+ if (use_ssl) {
+ if (init_tls()) {
+ }
+ }
+#endif
-
- if (files_from) {
- char *colon;
---- proto.h 22 Apr 2004 09:58:09 -0000 1.189
-+++ proto.h 25 Apr 2004 18:37:24 -0000
-@@ -209,6 +209,12 @@ void start_accept_loop(int port, int (*f
- void set_socket_options(int fd, char *options);
- void become_daemon(void);
- int sock_exec(const char *prog);
-+int init_tls(void);
-+char *get_ssl_error(void);
-+int get_tls_rfd(void);
-+int get_tls_wfd(void);
-+int start_tls(int f_in, int f_out);
-+void end_tls(void);
- int do_unlink(char *fname);
- int do_symlink(char *fname1, char *fname2);
- int do_link(char *fname1, char *fname2);
---- rsync.h 22 Apr 2004 09:58:24 -0000 1.198
-+++ rsync.h 25 Apr 2004 18:37:24 -0000
++
+ if (bwlimit) {
+ bwlimit_writemax = (size_t)bwlimit * 128;
+ if (bwlimit_writemax < 512)
+--- rsync.h 16 May 2004 07:28:24 -0000 1.204
++++ rsync.h 30 Jun 2004 00:11:18 -0000
@@ -32,6 +32,7 @@
#define DEFAULT_LOCK_FILE "/var/run/rsyncd.lock"
#define BACKUP_SUFFIX "~"
-@@ -321,6 +322,11 @@ enum msgcode {
- #else
- /* As long as it gets... */
+@@ -326,6 +327,11 @@ enum msgcode {
#define uint64 unsigned off_t
-+#endif
-+
+ #endif
+
+#if HAVE_OPENSSL
+#include <openssl/ssl.h>
+#include <openssl/err.h>
- #endif
-
++#endif
++
/* Starting from protocol version 26, we always use 64-bit
+ * ino_t and dev_t internally, even if this platform does not
+ * allow files to have 64-bit inums. That's because the
--- /dev/null 1 Jan 1970 00:00:00 -0000
-+++ ssl.c 25 Apr 2004 18:37:24 -0000
++++ ssl.c 30 Jun 2004 00:11:18 -0000
@@ -0,0 +1,366 @@
+/* -*- c-file-style: "linux" -*-
+ * ssl.c: operations for negotiating SSL rsync connections.
Matt McCutchen's Web Site / rsync / rsync-patches.git / blobdiff