X-Git-Url: https://mattmccutchen.net/rsync/rsync-patches.git/blobdiff_plain/03019e41fc3299020c8acdda06cf57a1e2c57a25..c1ff70aa47e11c5b37634479a0facee775a7b6d9:/openssl-support.diff diff --git a/openssl-support.diff b/openssl-support.diff index c6c7e40..daa419b 100644 --- a/openssl-support.diff +++ b/openssl-support.diff @@ -35,31 +35,34 @@ To use this patch, run these commands for a successful build: ./configure make ---- old/Makefile.in -+++ new/Makefile.in -@@ -39,7 +39,7 @@ OBJS3=progress.o pipe.o +based-on: a01e3b490eb36ccf9e704840e1b6683dab867550 +diff --git a/Makefile.in b/Makefile.in +--- a/Makefile.in ++++ b/Makefile.in +@@ -41,7 +41,7 @@ OBJS3=progress.o pipe.o DAEMON_OBJ = params.o loadparm.o clientserver.o access.o connection.o authenticate.o popt_OBJS=popt/findme.o popt/popt.o popt/poptconfig.o \ popt/popthelp.o popt/poptparse.o -OBJS=$(OBJS1) $(OBJS2) $(OBJS3) $(DAEMON_OBJ) $(LIBOBJ) $(ZLIBOBJ) @BUILD_POPT@ +OBJS=$(OBJS1) $(OBJS2) $(OBJS3) $(DAEMON_OBJ) $(LIBOBJ) $(ZLIBOBJ) @BUILD_POPT@ @SSL_OBJS@ - TLS_OBJ = tls.o syscall.o lib/compat.o lib/snprintf.o lib/permstring.o + TLS_OBJ = tls.o syscall.o lib/compat.o lib/snprintf.o lib/permstring.o lib/sysxattrs.o @BUILD_POPT@ ---- old/cleanup.c -+++ new/cleanup.c -@@ -26,6 +26,9 @@ - extern int am_server; +diff --git a/cleanup.c b/cleanup.c +--- a/cleanup.c ++++ b/cleanup.c +@@ -26,6 +26,9 @@ extern int am_server; extern int am_daemon; + extern int am_receiver; extern int io_error; +#ifdef HAVE_OPENSSL +extern int use_ssl; +#endif extern int keep_partial; - extern int log_got_error; - extern char *partial_dir; -@@ -117,6 +120,14 @@ NORETURN void _exit_cleanup(int code, co - code, file, line); + extern int got_xfer_error; + extern int protocol_version; +@@ -137,6 +140,14 @@ NORETURN void _exit_cleanup(int code, const char *file, int line) + who_am_i(), code, file, line); } +#ifdef HAVE_OPENSSL @@ -73,8 +76,9 @@ To use this patch, run these commands for a successful build: /* FALLTHROUGH */ #include "case_N.h" ---- old/clientserver.c -+++ new/clientserver.c +diff --git a/clientserver.c b/clientserver.c +--- a/clientserver.c ++++ b/clientserver.c @@ -30,6 +30,9 @@ extern int am_sender; extern int am_server; extern int am_daemon; @@ -83,16 +87,15 @@ To use this patch, run these commands for a successful build: +extern int use_ssl; +#endif extern int rsync_port; - extern int kluge_around_eof; - extern int daemon_over_rsh; -@@ -106,8 +109,18 @@ int start_socket_client(char *host, char - set_socket_options(fd, sockopts); + extern int protect_args; + extern int ignore_errors; +@@ -133,8 +136,18 @@ int start_socket_client(char *host, int remote_argc, char *remote_argv[], + #endif - ret = start_inband_exchange(user, path, fd, fd, argc); + ret = start_inband_exchange(fd, fd, user, remote_argc, remote_argv); + if (ret) + return ret; - -- return ret ? ret : client_run(fd, fd, -1, argc, argv); ++ +#ifdef HAVE_OPENSSL + if (use_ssl) { + int f_in = get_tls_rfd(); @@ -100,20 +103,21 @@ To use this patch, run these commands for a successful build: + return client_run(f_in, f_out, -1, argc, argv); + } +#endif -+ + +- return ret ? ret : client_run(fd, fd, -1, argc, argv); + return client_run(fd, fd, -1, argc, argv); } - int start_inband_exchange(char *user, char *path, int f_in, int f_out, -@@ -168,6 +181,33 @@ int start_inband_exchange(char *user, ch - if (verbose > 1) - print_child_argv(sargs); + static int exchange_protocols(int f_in, int f_out, char *buf, size_t bufsiz, int am_client) +@@ -277,6 +290,32 @@ int start_inband_exchange(int f_in, int f_out, const char *user, int argc, char + if (DEBUG_GTE(CMD, 1)) + print_child_argv("sending daemon args:", sargs); +#ifdef HAVE_OPENSSL + if (use_ssl) { + io_printf(f_out, "#starttls\n"); + while (1) { -+ if (!read_line(f_in, line, sizeof(line)-1)) { ++ if (!read_line_old(f_in, line, sizeof line)) { + rprintf(FERROR, "rsync: did not receive reply to #starttls\n"); + return -1; + } @@ -121,9 +125,8 @@ To use this patch, run these commands for a successful build: + rprintf(FERROR, "%s\n", line); + return -1; + } -+ if (strcmp(line, "@RSYNCD: starttls") == 0) { ++ if (strcmp(line, "@RSYNCD: starttls") == 0) + break; -+ } + rprintf(FINFO, "%s\n", line); + } + if (start_tls(f_in, f_out)) { @@ -136,10 +139,10 @@ To use this patch, run these commands for a successful build: + } +#endif + - p = strchr(path,'/'); - if (p) *p = 0; - io_printf(f_out, "%s\n", path); -@@ -196,6 +236,10 @@ int start_inband_exchange(char *user, ch + io_printf(f_out, "%.*s\n", modlen, modname); + + /* Old servers may just drop the connection here, +@@ -302,6 +341,10 @@ int start_inband_exchange(int f_in, int f_out, const char *user, int argc, char * server to terminate the listing of modules. * We don't want to go on and transfer * anything; just exit. */ @@ -150,7 +153,7 @@ To use this patch, run these commands for a successful build: exit(0); } -@@ -203,6 +247,10 @@ int start_inband_exchange(char *user, ch +@@ -309,6 +352,10 @@ int start_inband_exchange(int f_in, int f_out, const char *user, int argc, char rprintf(FERROR, "%s\n", line); /* This is always fatal; the server will now * close the socket. */ @@ -161,17 +164,17 @@ To use this patch, run these commands for a successful build: return -1; } -@@ -780,6 +828,9 @@ int start_daemon(int f_in, int f_out) - if (protocol_version > remote_protocol) - protocol_version = remote_protocol; +@@ -1028,6 +1075,9 @@ int start_daemon(int f_in, int f_out) + if (exchange_protocols(f_in, f_out, line, sizeof line, 0) < 0) + return -1; +#ifdef HAVE_OPENSSL +retry: +#endif line[0] = 0; - if (!read_line(f_in, line, sizeof line - 1)) + if (!read_line_old(f_in, line, sizeof line)) return -1; -@@ -791,6 +842,20 @@ int start_daemon(int f_in, int f_out) +@@ -1039,6 +1089,20 @@ int start_daemon(int f_in, int f_out) return -1; } @@ -192,9 +195,10 @@ To use this patch, run these commands for a successful build: if (*line == '#') { /* it's some sort of command that I don't understand */ io_printf(f_out, "@ERROR: Unknown command '%s'\n", line); ---- old/configure.in -+++ new/configure.in -@@ -290,6 +290,21 @@ if test x"$enable_locale" != x"no"; then +diff --git a/configure.in b/configure.in +--- a/configure.in ++++ b/configure.in +@@ -318,6 +318,21 @@ if test x"$enable_locale" != x"no"; then AC_DEFINE(CONFIG_LOCALE) fi @@ -216,9 +220,10 @@ To use this patch, run these commands for a successful build: AC_MSG_CHECKING([whether to call shutdown on all sockets]) case $host_os in *cygwin* ) AC_MSG_RESULT(yes) ---- old/options.c -+++ new/options.c -@@ -173,6 +173,14 @@ int logfile_format_has_o_or_i = 0; +diff --git a/options.c b/options.c +--- a/options.c ++++ b/options.c +@@ -191,6 +191,14 @@ int logfile_format_has_o_or_i = 0; int always_checksum = 0; int list_only = 0; @@ -233,41 +238,39 @@ To use this patch, run these commands for a successful build: #define MAX_BATCH_NAME_LEN 256 /* Must be less than MAXPATHLEN-13 */ char *batch_name = NULL; -@@ -201,6 +209,7 @@ static void print_rsync_version(enum log - char const *hardlinks = "no "; +@@ -567,6 +575,7 @@ static void print_rsync_version(enum logcode f) char const *links = "no "; + char const *iconv = "no "; char const *ipv6 = "no "; + char const *ssl = "no "; STRUCT_STAT *dumstat; - #ifdef HAVE_SOCKETPAIR -@@ -223,6 +232,10 @@ static void print_rsync_version(enum log - ipv6 = ""; + #if SUBPROTOCOL_VERSION != 0 +@@ -600,6 +609,9 @@ static void print_rsync_version(enum logcode f) + #ifdef CAN_SET_SYMLINK_TIMES + symtimes = ""; #endif - +#ifdef HAVE_OPENSSL + ssl = ""; +#endif -+ - rprintf(f, "%s version %s protocol version %d\n", - RSYNC_NAME, RSYNC_VERSION, PROTOCOL_VERSION); - rprintf(f, "Copyright (C) 1996-2006 by Andrew Tridgell, Wayne Davison, and others.\n"); -@@ -235,9 +248,9 @@ static void print_rsync_version(enum log - /* Note that this field may not have type ino_t. It depends - * on the complicated interaction between largefile feature - * macros. */ -- rprintf(f, " %sinplace, %sIPv6, " -+ rprintf(f, " %sinplace, %sIPv6, %sSSL, " - "%d-bit system inums, %d-bit internal inums\n", -- have_inplace, ipv6, -+ have_inplace, ipv6, ssl, - (int) (sizeof dumstat->st_ino * 8), - (int) (sizeof (int64) * 8)); + + rprintf(f, "%s version %s protocol version %d%s\n", + RSYNC_NAME, RSYNC_VERSION, PROTOCOL_VERSION, subprotocol); +@@ -613,8 +625,8 @@ static void print_rsync_version(enum logcode f) + (int)(sizeof (int64) * 8)); + rprintf(f, " %ssocketpairs, %shardlinks, %ssymlinks, %sIPv6, batchfiles, %sinplace,\n", + got_socketpair, hardlinks, links, ipv6, have_inplace); +- rprintf(f, " %sappend, %sACLs, %sxattrs, %siconv, %ssymtimes\n", +- have_inplace, acls, xattrs, iconv, symtimes); ++ rprintf(f, " %sappend, %sACLs, %sxattrs, %siconv, %ssymtimes, %sSSL\n", ++ have_inplace, acls, xattrs, iconv, symtimes, ssl); + #ifdef MAINTAINER_MODE -@@ -385,6 +398,13 @@ void usage(enum logcode F) + rprintf(f, "Panic Action: \"%s\"\n", get_panic_action()); +@@ -785,6 +797,13 @@ void usage(enum logcode F) + #endif rprintf(F," -4, --ipv4 prefer IPv4\n"); rprintf(F," -6, --ipv6 prefer IPv6\n"); - #endif +#ifdef HAVE_OPENSSL + rprintf(F," --ssl allow socket connections to use SSL\n"); + rprintf(F," --ssl-cert=FILE path to daemon's SSL certificate\n"); @@ -278,16 +281,16 @@ To use this patch, run these commands for a successful build: rprintf(F," --version print version number\n"); rprintf(F,"(-h) --help show this help (-h works with no other options)\n"); -@@ -398,7 +418,7 @@ enum {OPT_VERSION = 1000, OPT_DAEMON, OP +@@ -798,7 +817,7 @@ enum {OPT_VERSION = 1000, OPT_DAEMON, OPT_SENDER, OPT_EXCLUDE, OPT_EXCLUDE_FROM, OPT_FILTER, OPT_COMPARE_DEST, OPT_COPY_DEST, OPT_LINK_DEST, OPT_HELP, OPT_INCLUDE, OPT_INCLUDE_FROM, OPT_MODIFY_WINDOW, OPT_MIN_SIZE, OPT_CHMOD, OPT_READ_BATCH, OPT_WRITE_BATCH, OPT_ONLY_WRITE_BATCH, OPT_MAX_SIZE, -- OPT_NO_D, -+ OPT_NO_D, OPT_USE_SSL, +- OPT_NO_D, OPT_APPEND, OPT_NO_ICONV, OPT_INFO, OPT_DEBUG, ++ OPT_NO_D, OPT_APPEND, OPT_NO_ICONV, OPT_INFO, OPT_DEBUG, OPT_USE_SSL, + OPT_USERMAP, OPT_GROUPMAP, OPT_CHOWN, OPT_BWLIMIT, OPT_SERVER, OPT_REFUSED_BASE = 9000}; - static struct poptOption long_options[] = { -@@ -545,6 +565,13 @@ static struct poptOption long_options[] +@@ -1013,6 +1032,13 @@ static struct poptOption long_options[] = { {"checksum-seed", 0, POPT_ARG_INT, &checksum_seed, 0, 0, 0 }, {"server", 0, POPT_ARG_NONE, 0, OPT_SERVER, 0, 0 }, {"sender", 0, POPT_ARG_NONE, 0, OPT_SENDER, 0, 0 }, @@ -301,10 +304,10 @@ To use this patch, run these commands for a successful build: /* All the following options switch us into daemon-mode option-parsing. */ {"config", 0, POPT_ARG_STRING, 0, OPT_DAEMON, 0, 0 }, {"daemon", 0, POPT_ARG_NONE, 0, OPT_DAEMON, 0, 0 }, -@@ -572,6 +599,13 @@ static void daemon_usage(enum logcode F) +@@ -1040,6 +1066,13 @@ static void daemon_usage(enum logcode F) + rprintf(F," -v, --verbose increase verbosity\n"); rprintf(F," -4, --ipv4 prefer IPv4\n"); rprintf(F," -6, --ipv6 prefer IPv6\n"); - #endif +#ifdef HAVE_OPENSSL + rprintf(F," --ssl allow socket connections to use SSL\n"); + rprintf(F," --ssl-cert=FILE path to daemon's SSL certificate\n"); @@ -315,7 +318,7 @@ To use this patch, run these commands for a successful build: rprintf(F," --help show this help screen\n"); rprintf(F,"\n"); -@@ -598,6 +632,13 @@ static struct poptOption long_daemon_opt +@@ -1065,6 +1098,13 @@ static struct poptOption long_daemon_options[] = { {"protocol", 0, POPT_ARG_INT, &protocol_version, 0, 0, 0 }, {"server", 0, POPT_ARG_NONE, &am_server, 0, 0, 0 }, {"temp-dir", 'T', POPT_ARG_STRING, &tmpdir, 0, 0, 0 }, @@ -329,7 +332,7 @@ To use this patch, run these commands for a successful build: {"verbose", 'v', POPT_ARG_NONE, 0, 'v', 0, 0 }, {"no-verbose", 0, POPT_ARG_VAL, &verbose, 0, 0, 0 }, {"no-v", 0, POPT_ARG_VAL, &verbose, 0, 0, 0 }, -@@ -855,6 +896,12 @@ int parse_arguments(int *argc, const cha +@@ -1360,6 +1400,12 @@ int parse_arguments(int *argc_p, const char ***argv_p) verbose++; break; @@ -342,7 +345,7 @@ To use this patch, run these commands for a successful build: default: rprintf(FERROR, "rsync: %s: %s (in daemon mode)\n", -@@ -878,6 +925,17 @@ int parse_arguments(int *argc, const cha +@@ -1386,6 +1432,17 @@ int parse_arguments(int *argc_p, const char ***argv_p) exit_cleanup(RERR_SYNTAX); } @@ -357,12 +360,12 @@ To use this patch, run these commands for a successful build: + } +#endif + - *argv = poptGetArgs(pc); - *argc = count_args(*argv); + *argv_p = argv = poptGetArgs(pc); + *argc_p = argc = count_args(argv); am_starting_up = 0; -@@ -1089,6 +1147,12 @@ int parse_arguments(int *argc, const cha - usage(FINFO); - exit_cleanup(0); +@@ -1764,6 +1821,12 @@ int parse_arguments(int *argc_p, const char ***argv_p) + return 0; + #endif +#ifdef HAVE_OPENSSL + case OPT_USE_SSL: @@ -373,7 +376,7 @@ To use this patch, run these commands for a successful build: default: /* A large opt value means that set_refuse_options() * turned this option off. */ -@@ -1365,6 +1429,17 @@ int parse_arguments(int *argc, const cha +@@ -2160,6 +2223,17 @@ int parse_arguments(int *argc_p, const char ***argv_p) if (delay_updates && !partial_dir) partial_dir = tmp_partialdir; @@ -391,47 +394,40 @@ To use this patch, run these commands for a successful build: if (inplace) { #ifdef HAVE_FTRUNCATE if (partial_dir) { -@@ -1782,10 +1857,27 @@ char *check_for_hostspec(char *s, char * - char *p; - int not_host; - int hostlen; -+ int url_prefix_len = sizeof URL_PREFIX - 1; +@@ -2750,9 +2824,18 @@ char *check_for_hostspec(char *s, char **host_ptr, int *port_ptr) + { + char *path; - if (port_ptr && strncasecmp(URL_PREFIX, s, strlen(URL_PREFIX)) == 0) { -+ if (!port_ptr) -+ url_prefix_len = 0; -+ else if (strncasecmp(URL_PREFIX, s, url_prefix_len) != 0) { -+#ifdef HAVE_OPENSSL -+ url_prefix_len = sizeof SSL_URL_PREFIX - 1; -+ if (strncasecmp(SSL_URL_PREFIX, s, url_prefix_len) != 0) -+ url_prefix_len = 0; -+ else { +- *host_ptr = parse_hostspec(s + strlen(URL_PREFIX), &path, port_ptr); +- if (*host_ptr) { ++ if (port_ptr) { ++ int url_prefix_len; ++ if (strncasecmp(URL_PREFIX, s, sizeof URL_PREFIX - 1) == 0) ++ url_prefix_len = sizeof URL_PREFIX - 1; ++ else if (strncasecmp(SSL_URL_PREFIX, s, sizeof SSL_URL_PREFIX - 1) == 0) { + if (!use_ssl) + init_tls(); + use_ssl = 1; -+ } -+#else -+ url_prefix_len = 0; -+#endif -+ } -+ if (url_prefix_len) { - char *path; -- s += strlen(URL_PREFIX); -+ s += url_prefix_len; - if ((p = strchr(s, '/')) != NULL) { - hostlen = p - s; - path = p + 1; ---- old/rsync.h -+++ new/rsync.h -@@ -32,6 +32,7 @@ ++ url_prefix_len = sizeof SSL_URL_PREFIX - 1; ++ } else ++ url_prefix_len = 0; ++ if (url_prefix_len && (*host_ptr = parse_hostspec(s + url_prefix_len, &path, port_ptr))) { + if (!*port_ptr) + *port_ptr = RSYNC_PORT; + return path; +diff --git a/rsync.h b/rsync.h +--- a/rsync.h ++++ b/rsync.h +@@ -31,6 +31,7 @@ #define DEFAULT_LOCK_FILE "/var/run/rsyncd.lock" #define URL_PREFIX "rsync://" +#define SSL_URL_PREFIX "rsyncs://" - #define BACKUP_SUFFIX "~" - -@@ -419,6 +420,11 @@ enum msgcode { + #define SYMLINK_PREFIX "/rsyncd-munged/" /* This MUST have a trailing slash! */ + #define SYMLINK_PREFIX_LEN ((int)sizeof SYMLINK_PREFIX - 1) +@@ -581,6 +582,11 @@ typedef unsigned int size_t; # define SIZEOF_INT64 SIZEOF_OFF_T #endif @@ -440,14 +436,16 @@ To use this patch, run these commands for a successful build: +#include +#endif + - /* Starting from protocol version 26, we always use 64-bit - * ino_t and dev_t internally, even if this platform does not - * allow files to have 64-bit inums. That's because the ---- old/ssl.c -+++ new/ssl.c -@@ -0,0 +1,370 @@ + struct hashtable { + void *nodes; + int32 size, entries; +diff --git a/ssl.c b/ssl.c +new file mode 100644 +--- /dev/null ++++ b/ssl.c +@@ -0,0 +1,369 @@ +/* -*- c-file-style: "linux" -*- -+ * ssl.c: operations for negotiating SSL rsync connections. ++ * ssl.c: operations for negotiating SSL rsync connections. + * + * Copyright (C) 2003 Casey Marshall + * @@ -455,12 +453,12 @@ To use this patch, run these commands for a successful build: + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. -+ * ++ * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. -+ * ++ * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. @@ -479,7 +477,6 @@ To use this patch, run these commands for a successful build: + +#define BUF_SIZE 1024 + -+extern int verbose; +extern int am_daemon; +extern int am_server; + @@ -565,7 +562,7 @@ To use this patch, run these commands for a successful build: + cbs = buf; + break; + } -+ if (verbose > 2) { ++ if (DEBUG_GTE(CONNECT, 1)) { + rprintf(FLOG, "SSL: info_callback(%p,%s,%d)\n", ssl, cbs, val); + if (cb == SSL_CB_HANDSHAKE_DONE) { + SSL_CIPHER_description(SSL_get_current_cipher((SSL*)ssl),