X-Git-Url: https://mattmccutchen.net/rsync/rsync-patches.git/blobdiff_plain/2f5fa77e39d1beb21a251e1ca17aa119525f9f68..cc6497db24201ec1b784dcfe3fa03aa304f1745b:/openssl-support.diff diff --git a/openssl-support.diff b/openssl-support.diff index 12c219b..870f24c 100644 --- a/openssl-support.diff +++ b/openssl-support.diff @@ -37,8 +37,8 @@ All warnings apply; I don't do C programming all that often, so I can't say if I've left any cleanup/compatibility errors in the code. ---- orig/Makefile.in 2004-07-04 08:59:17 -+++ Makefile.in 2004-07-03 20:22:28 +--- orig/Makefile.in 2004-10-08 20:16:26 ++++ Makefile.in 2004-10-08 20:17:06 @@ -39,7 +39,7 @@ OBJS3=progress.o pipe.o DAEMON_OBJ = params.o loadparm.o clientserver.o access.o connection.o authenticate.o popt_OBJS=popt/findme.o popt/popt.o popt/poptconfig.o \ @@ -46,9 +46,9 @@ can't say if I've left any cleanup/compatibility errors in the code. -OBJS=$(OBJS1) $(OBJS2) $(OBJS3) $(DAEMON_OBJ) $(LIBOBJ) $(ZLIBOBJ) @BUILD_POPT@ +OBJS=$(OBJS1) $(OBJS2) $(OBJS3) $(DAEMON_OBJ) $(LIBOBJ) $(ZLIBOBJ) @BUILD_POPT@ @SSL_OBJS@ - TLS_OBJ = tls.o syscall.o lib/permstring.o + TLS_OBJ = tls.o syscall.o lib/compat.o lib/permstring.o ---- orig/cleanup.c 2004-07-20 21:36:07 +--- orig/cleanup.c 2004-07-29 16:08:03 +++ cleanup.c 2004-07-03 20:22:28 @@ -24,6 +24,9 @@ extern int io_error; @@ -72,8 +72,8 @@ can't say if I've left any cleanup/compatibility errors in the code. if (verbose > 3) { rprintf(FINFO,"_exit_cleanup(code=%d, file=%s, line=%d): entered\n", code, file, line); ---- orig/clientserver.c 2004-07-17 15:20:05 -+++ clientserver.c 2004-07-03 20:22:28 +--- orig/clientserver.c 2004-08-02 02:29:16 ++++ clientserver.c 2004-10-08 20:44:59 @@ -46,6 +46,9 @@ extern int io_timeout; extern int orig_umask; extern int no_detach; @@ -84,7 +84,7 @@ can't say if I've left any cleanup/compatibility errors in the code. extern char *bind_address; extern struct exclude_list_struct server_exclude_list; extern char *exclude_path_prefix; -@@ -93,8 +96,18 @@ int start_socket_client(char *host, char +@@ -94,8 +97,18 @@ int start_socket_client(char *host, char exit_cleanup(RERR_SOCKETIO); ret = start_inband_exchange(user, path, fd, fd, argc); @@ -104,7 +104,7 @@ can't say if I've left any cleanup/compatibility errors in the code. } int start_inband_exchange(char *user, char *path, int f_in, int f_out, -@@ -149,6 +162,33 @@ int start_inband_exchange(char *user, ch +@@ -150,6 +163,33 @@ int start_inband_exchange(char *user, ch if (protocol_version > remote_protocol) protocol_version = remote_protocol; @@ -117,7 +117,7 @@ can't say if I've left any cleanup/compatibility errors in the code. + return -1; + } + if (strncmp(line, "@ERROR", 6) == 0) { -+ rprintf(FERROR, "rsync: ssl connection denied\n"); ++ rprintf(FERROR, "%s\n", line); + return -1; + } + if (strcmp(line, "@RSYNCD: starttls") == 0) { @@ -138,7 +138,7 @@ can't say if I've left any cleanup/compatibility errors in the code. p = strchr(path,'/'); if (p) *p = 0; io_printf(f_out, "%s\n", path); -@@ -177,6 +217,10 @@ int start_inband_exchange(char *user, ch +@@ -178,6 +218,10 @@ int start_inband_exchange(char *user, ch * server to terminate the listing of modules. * We don't want to go on and transfer * anything; just exit. */ @@ -149,7 +149,7 @@ can't say if I've left any cleanup/compatibility errors in the code. exit(0); } -@@ -184,6 +228,10 @@ int start_inband_exchange(char *user, ch +@@ -185,6 +229,10 @@ int start_inband_exchange(char *user, ch rprintf(FERROR, "%s\n", line); /* This is always fatal; the server will now * close the socket. */ @@ -160,7 +160,7 @@ can't say if I've left any cleanup/compatibility errors in the code. return RERR_STARTCLIENT; } else { rprintf(FINFO,"%s\n", line); -@@ -488,6 +536,7 @@ static void send_listing(int fd) +@@ -497,6 +545,7 @@ static void send_listing(int fd) io_printf(fd,"@RSYNCD: EXIT\n"); } @@ -168,28 +168,38 @@ can't say if I've left any cleanup/compatibility errors in the code. /* this is called when a connection is established to a client and we want to start talking. The setup of the system is done from here */ -@@ -547,6 +596,20 @@ int start_daemon(int f_in, int f_out) - return -1; - } +@@ -546,6 +595,9 @@ int start_daemon(int f_in, int f_out) + if (protocol_version > remote_protocol) + protocol_version = remote_protocol; +#if HAVE_OPENSSL -+ if (use_ssl && strcmp(line, "#starttls") == 0) { -+ io_printf(f_out, "@RSYNCD: starttls\n"); -+ if (start_tls(f_in, f_out)) { -+ rprintf(FLOG, "SSL connection failed: %s\n", -+ get_ssl_error()); -+ return -1; -+ } -+ f_in = get_tls_rfd(); -+ f_out = get_tls_wfd(); -+ continue; ++retry: ++#endif + line[0] = 0; + if (!read_line(f_in, line, sizeof line - 1)) + return -1; +@@ -555,6 +607,20 @@ int start_daemon(int f_in, int f_out) + return -1; + } + ++#if HAVE_OPENSSL ++ if (use_ssl && strcmp(line, "#starttls") == 0) { ++ io_printf(f_out, "@RSYNCD: starttls\n"); ++ if (start_tls(f_in, f_out)) { ++ rprintf(FLOG, "SSL connection failed: %s\n", ++ get_ssl_error()); ++ return -1; + } ++ f_in = get_tls_rfd(); ++ f_out = get_tls_wfd(); ++ goto retry; ++ } +#endif + - if (*line == '#') { - /* it's some sort of command that I don't understand */ - io_printf(f_out, "@ERROR: Unknown command '%s'\n", line); ---- orig/configure.in 2004-07-16 20:07:22 + if (*line == '#') { + /* it's some sort of command that I don't understand */ + io_printf(f_out, "@ERROR: Unknown command '%s'\n", line); +--- orig/configure.in 2004-10-06 00:12:16 +++ configure.in 2004-07-03 20:22:28 @@ -271,6 +271,21 @@ yes AC_SEARCH_LIBS(getaddrinfo, inet6) @@ -213,9 +223,9 @@ can't say if I've left any cleanup/compatibility errors in the code. AC_MSG_CHECKING([whether to call shutdown on all sockets]) case $host_os in *cygwin* ) AC_MSG_RESULT(yes) ---- orig/main.c 2004-07-21 23:59:35 -+++ main.c 2004-07-15 02:40:51 -@@ -55,6 +55,9 @@ extern int write_batch; +--- orig/main.c 2004-10-08 20:16:26 ++++ main.c 2004-10-08 20:15:28 +@@ -56,6 +56,9 @@ extern int write_batch; extern int batch_fd; extern int batch_gen_fd; extern int filesfrom_fd; @@ -225,75 +235,112 @@ can't say if I've left any cleanup/compatibility errors in the code. extern pid_t cleanup_child_pid; extern char *files_from; extern char *remote_filesfrom_file; -@@ -750,18 +753,32 @@ static int start_client(int argc, char * - pid_t pid; - int f_in,f_out; - int rc; -+ int url_prefix = strlen(URL_PREFIX); - - /* Don't clobber argv[] so that ps(1) can still show the right - * command line. */ +@@ -777,33 +780,48 @@ static int start_client(int argc, char * if ((rc = copy_argv(argv))) return rc; -+ if (strncasecmp(URL_PREFIX, argv[0], url_prefix) != 0 && !read_batch) { -+#ifdef HAVE_OPENSSL -+ url_prefix = strlen(SSL_URL_PREFIX); -+ if (strncasecmp(SSL_URL_PREFIX, argv[0], url_prefix) != 0) -+ url_prefix = 0; -+ else { -+ if (!use_ssl) -+ init_tls(); -+ use_ssl = 1; -+ } -+#else -+ url_prefix = 0; -+#endif -+ } - /* rsync:// always uses rsync server over direct socket connection */ +- /* rsync:// always uses rsync server over direct socket connection */ - if (strncasecmp(URL_PREFIX, argv[0], strlen(URL_PREFIX)) == 0 - && !read_batch) { -+ if (url_prefix) { - char *host, *path; +- char *host, *path; ++ if (!read_batch) { /* for read_batch, NO source is specified */ ++ int url_prefix_len = sizeof URL_PREFIX - 1; - host = argv[0] + strlen(URL_PREFIX); -+ host = argv[0] + url_prefix; - p = strchr(host,'/'); - if (p) { - *p = 0; -@@ -809,12 +826,27 @@ static int start_client(int argc, char * +- p = strchr(host,'/'); +- if (p) { +- *p = '\0'; +- path = p+1; +- } else +- path = ""; +- if (*host == '[' && (p = strchr(host, ']')) != NULL) { +- host++; +- *p++ = '\0'; +- if (*p != ':') +- p = NULL; +- } else +- p = strchr(host, ':'); +- if (p) { +- rsync_port = atoi(p+1); +- *p = '\0'; ++ /* rsync:// always uses rsync server over direct socket connection */ ++ if (strncasecmp(URL_PREFIX, argv[0], url_prefix_len) != 0) { ++#ifdef HAVE_OPENSSL ++ url_prefix_len = sizeof SSL_URL_PREFIX - 1; ++ if (strncasecmp(SSL_URL_PREFIX, argv[0], url_prefix_len) != 0) ++ url_prefix_len = 0; ++ else { ++ if (!use_ssl) ++ init_tls(); ++ use_ssl = 1; ++ } ++#else ++ url_prefix_len = 0; ++#endif ++ } ++ if (url_prefix_len) { ++ char *host, *path; ++ ++ host = argv[0] + url_prefix_len; ++ p = strchr(host,'/'); ++ if (p) { ++ *p = '\0'; ++ path = p+1; ++ } else ++ path = ""; ++ if (*host == '[' && (p = strchr(host, ']')) != NULL) { ++ host++; ++ *p++ = '\0'; ++ if (*p != ':') ++ p = NULL; ++ } else ++ p = strchr(host, ':'); ++ if (p) { ++ rsync_port = atoi(p+1); ++ *p = '\0'; ++ } ++ return start_socket_client(host, path, argc-1, argv+1); + } +- return start_socket_client(host, path, argc-1, argv+1); +- } + +- if (!read_batch) { /* for read_batch, NO source is specified */ + p = find_colon(argv[0]); + if (p) { /* source is remote */ + if (remote_filesfrom_file +@@ -835,12 +853,26 @@ static int start_client(int argc, char * argv++; } else { /* source is local */ am_sender = 1; -+ url_prefix = strlen(URL_PREFIX); -+ if (strncasecmp(URL_PREFIX, argv[0], url_prefix) != 0) { +- ++ url_prefix_len = sizeof URL_PREFIX - 1; + /* rsync:// destination uses rsync server over direct socket */ +- if (strncasecmp(URL_PREFIX, argv[argc-1], strlen(URL_PREFIX)) == 0) { ++ if (strncasecmp(URL_PREFIX, argv[argc-1], url_prefix_len) != 0) { +#ifdef HAVE_OPENSSL -+ url_prefix = strlen(SSL_URL_PREFIX); -+ if (strncasecmp(SSL_URL_PREFIX, argv[0], url_prefix) != 0) -+ url_prefix = 0; ++ url_prefix_len = sizeof SSL_URL_PREFIX - 1; ++ if (strncasecmp(SSL_URL_PREFIX, argv[argc-1], url_prefix_len) != 0) ++ url_prefix_len = 0; + else { + if (!use_ssl) + init_tls(); + use_ssl = 1; + } +#else -+ url_prefix = 0; ++ url_prefix_len = 0; +#endif + } - - /* rsync:// destination uses rsync server over direct socket */ -- if (strncasecmp(URL_PREFIX, argv[argc-1], strlen(URL_PREFIX)) == 0) { -+ if (url_prefix) { ++ if (url_prefix_len) { char *host, *path; - host = argv[argc-1] + strlen(URL_PREFIX); -+ host = argv[argc-1] + url_prefix; ++ host = argv[argc-1] + url_prefix_len; p = strchr(host,'/'); if (p) { - *p = 0; ---- orig/options.c 2004-07-21 23:59:35 + *p = '\0'; +--- orig/options.c 2004-10-08 20:16:26 +++ options.c 2004-07-16 20:19:50 -@@ -134,6 +134,14 @@ int quiet = 0; +@@ -135,6 +135,14 @@ int quiet = 0; int always_checksum = 0; int list_only = 0; @@ -308,7 +355,7 @@ can't say if I've left any cleanup/compatibility errors in the code. #define MAX_BATCH_NAME_LEN 256 /* Must be less than MAXPATHLEN-13 */ char *batch_name = NULL; -@@ -153,6 +161,7 @@ static void print_rsync_version(enum log +@@ -154,6 +162,7 @@ static void print_rsync_version(enum log char const *hardlinks = "no "; char const *links = "no "; char const *ipv6 = "no "; @@ -316,7 +363,7 @@ can't say if I've left any cleanup/compatibility errors in the code. STRUCT_STAT *dumstat; #ifdef HAVE_SOCKETPAIR -@@ -175,6 +184,10 @@ static void print_rsync_version(enum log +@@ -176,6 +185,10 @@ static void print_rsync_version(enum log ipv6 = ""; #endif @@ -327,7 +374,7 @@ can't say if I've left any cleanup/compatibility errors in the code. rprintf(f, "%s version %s protocol version %d\n", RSYNC_NAME, RSYNC_VERSION, PROTOCOL_VERSION); rprintf(f, -@@ -188,10 +201,10 @@ static void print_rsync_version(enum log +@@ -189,10 +202,10 @@ static void print_rsync_version(enum log /* Note that this field may not have type ino_t. It depends * on the complicated interaction between largefile feature * macros. */ @@ -340,9 +387,9 @@ can't say if I've left any cleanup/compatibility errors in the code. #ifdef MAINTAINER_MODE rprintf(f, " panic action: \"%s\"\n", get_panic_action()); -@@ -305,6 +318,13 @@ void usage(enum logcode F) - rprintf(F," -4 --ipv4 prefer IPv4\n"); - rprintf(F," -6 --ipv6 prefer IPv6\n"); +@@ -308,6 +321,13 @@ void usage(enum logcode F) + rprintf(F," -4, --ipv4 prefer IPv4\n"); + rprintf(F," -6, --ipv6 prefer IPv6\n"); #endif +#ifdef HAVE_OPENSSL + rprintf(F," --ssl allow socket connections to use SSL\n"); @@ -354,7 +401,7 @@ can't say if I've left any cleanup/compatibility errors in the code. rprintf(F," -h, --help show this help screen\n"); rprintf(F,"\n"); -@@ -316,7 +336,7 @@ void usage(enum logcode F) +@@ -319,7 +339,7 @@ void usage(enum logcode F) enum {OPT_VERSION = 1000, OPT_SENDER, OPT_EXCLUDE, OPT_EXCLUDE_FROM, OPT_DELETE_AFTER, OPT_DELETE_EXCLUDED, OPT_LINK_DEST, OPT_INCLUDE, OPT_INCLUDE_FROM, OPT_MODIFY_WINDOW, @@ -363,7 +410,7 @@ can't say if I've left any cleanup/compatibility errors in the code. OPT_REFUSED_BASE = 9000}; static struct poptOption long_options[] = { -@@ -404,6 +424,13 @@ static struct poptOption long_options[] +@@ -408,6 +428,13 @@ static struct poptOption long_options[] {"ipv4", '4', POPT_ARG_VAL, &default_af_hint, AF_INET, 0, 0 }, {"ipv6", '6', POPT_ARG_VAL, &default_af_hint, AF_INET6, 0, 0 }, #endif @@ -377,7 +424,7 @@ can't say if I've left any cleanup/compatibility errors in the code. {0,0,0,0, 0, 0, 0} }; -@@ -601,6 +628,12 @@ int parse_arguments(int *argc, const cha +@@ -616,6 +643,12 @@ int parse_arguments(int *argc, const cha return 0; #endif @@ -390,7 +437,7 @@ can't say if I've left any cleanup/compatibility errors in the code. default: /* A large opt value means that set_refuse_options() * turned this option off (opt-BASE is its index). */ -@@ -761,6 +794,17 @@ int parse_arguments(int *argc, const cha +@@ -807,6 +840,17 @@ int parse_arguments(int *argc, const cha if (do_progress && !verbose) verbose = 1; @@ -408,8 +455,8 @@ can't say if I've left any cleanup/compatibility errors in the code. if (bwlimit) { bwlimit_writemax = (size_t)bwlimit * 128; if (bwlimit_writemax < 512) ---- orig/rsync.h 2004-07-20 21:36:08 -+++ rsync.h 2004-07-03 20:22:28 +--- orig/rsync.h 2004-09-22 08:47:31 ++++ rsync.h 2004-10-08 21:01:33 @@ -32,6 +32,7 @@ #define DEFAULT_LOCK_FILE "/var/run/rsyncd.lock" @@ -418,7 +465,7 @@ can't say if I've left any cleanup/compatibility errors in the code. #define BACKUP_SUFFIX "~" -@@ -326,6 +327,11 @@ enum msgcode { +@@ -330,6 +331,11 @@ enum msgcode { #define uint64 unsigned off_t #endif @@ -430,8 +477,8 @@ can't say if I've left any cleanup/compatibility errors in the code. /* Starting from protocol version 26, we always use 64-bit * ino_t and dev_t internally, even if this platform does not * allow files to have 64-bit inums. That's because the ---- orig/ssl.c 2004-07-02 21:44:19 -+++ ssl.c 2004-07-02 21:44:19 +--- orig/ssl.c 2004-10-08 19:37:22 ++++ ssl.c 2004-10-08 19:37:22 @@ -0,0 +1,366 @@ +/* -*- c-file-style: "linux" -*- + * ssl.c: operations for negotiating SSL rsync connections. @@ -489,7 +536,7 @@ can't say if I've left any cleanup/compatibility errors in the code. + */ +static int default_password_cb(char *buf, int n, UNUSED(int f), UNUSED(void *u)) +{ -+ if (ssl_key_passwd == NULL || n < strlen(ssl_key_passwd)) ++ if (ssl_key_passwd == NULL || n < (int)strlen(ssl_key_passwd)) + return 0; + strncpy(buf, ssl_key_passwd, n-1); + return strlen(ssl_key_passwd); @@ -498,7 +545,7 @@ can't say if I've left any cleanup/compatibility errors in the code. +/** + * If verbose, this method traces the status of the SSL handshake. + */ -+static void info_callback(SSL *ssl, int cb, int val) ++static void info_callback(const SSL *ssl, int cb, int val) +{ + char buf[128]; + char *cbs; @@ -551,7 +598,7 @@ can't say if I've left any cleanup/compatibility errors in the code. + if (verbose > 2) { + rprintf(FLOG, "SSL: info_callback(%p,%s,%d)\n", ssl, cbs, val); + if (cb == SSL_CB_HANDSHAKE_DONE) { -+ SSL_CIPHER_description(SSL_get_current_cipher(ssl), ++ SSL_CIPHER_description(SSL_get_current_cipher((SSL*)ssl), + buf, sizeof buf); + rprintf(FLOG, "SSL: cipher: %s", buf); + }