X-Git-Url: https://mattmccutchen.net/rsync/rsync-patches.git/blobdiff_plain/5e3c6c93f546d8015f6b061348d8815c807d8f1a..6fa0767f0e3c9ec869f45f647d7018f37dc7410b:/openssl-support.diff diff --git a/openssl-support.diff b/openssl-support.diff index 708ae3d..101cdae 100644 --- a/openssl-support.diff +++ b/openssl-support.diff @@ -44,11 +44,11 @@ To use this patch, run these commands for a successful build: -OBJS=$(OBJS1) $(OBJS2) $(OBJS3) $(DAEMON_OBJ) $(LIBOBJ) $(ZLIBOBJ) @BUILD_POPT@ +OBJS=$(OBJS1) $(OBJS2) $(OBJS3) $(DAEMON_OBJ) $(LIBOBJ) $(ZLIBOBJ) @BUILD_POPT@ @SSL_OBJS@ - TLS_OBJ = tls.o syscall.o lib/compat.o lib/snprintf.o lib/permstring.o + TLS_OBJ = tls.o syscall.o lib/compat.o lib/snprintf.o lib/permstring.o lib/sysxattrs.o @BUILD_POPT@ --- old/cleanup.c +++ new/cleanup.c -@@ -26,6 +26,9 @@ +@@ -25,6 +25,9 @@ extern int am_server; extern int am_daemon; extern int io_error; @@ -58,7 +58,7 @@ To use this patch, run these commands for a successful build: extern int keep_partial; extern int log_got_error; extern char *partial_dir; -@@ -117,6 +120,14 @@ NORETURN void _exit_cleanup(int code, co +@@ -121,6 +124,14 @@ NORETURN void _exit_cleanup(int code, co code, file, line); } @@ -75,7 +75,7 @@ To use this patch, run these commands for a successful build: --- old/clientserver.c +++ new/clientserver.c -@@ -30,6 +30,9 @@ extern int am_sender; +@@ -29,6 +29,9 @@ extern int am_sender; extern int am_server; extern int am_daemon; extern int am_root; @@ -83,12 +83,12 @@ To use this patch, run these commands for a successful build: +extern int use_ssl; +#endif extern int rsync_port; + extern int ignore_errors; extern int kluge_around_eof; - extern int daemon_over_rsh; -@@ -106,8 +109,18 @@ int start_socket_client(char *host, char +@@ -112,8 +115,18 @@ int start_socket_client(char *host, int set_socket_options(fd, sockopts); - ret = start_inband_exchange(user, path, fd, fd, argc); + ret = start_inband_exchange(fd, fd, user, remote_argc, remote_argv); + if (ret) + return ret; @@ -104,16 +104,16 @@ To use this patch, run these commands for a successful build: + return client_run(fd, fd, -1, argc, argv); } - int start_inband_exchange(const char *user, char *path, int f_in, int f_out, -@@ -168,6 +181,33 @@ int start_inband_exchange(const char *us + static int exchange_protocols(int f_in, int f_out, char *buf, size_t bufsiz, int am_client) +@@ -244,6 +257,32 @@ int start_inband_exchange(int f_in, int if (verbose > 1) - print_child_argv(sargs); + print_child_argv("sending daemon args:", sargs); +#ifdef HAVE_OPENSSL + if (use_ssl) { + io_printf(f_out, "#starttls\n"); + while (1) { -+ if (!read_line(f_in, line, sizeof(line)-1)) { ++ if (!read_line_old(f_in, line, sizeof line)) { + rprintf(FERROR, "rsync: did not receive reply to #starttls\n"); + return -1; + } @@ -121,9 +121,8 @@ To use this patch, run these commands for a successful build: + rprintf(FERROR, "%s\n", line); + return -1; + } -+ if (strcmp(line, "@RSYNCD: starttls") == 0) { ++ if (strcmp(line, "@RSYNCD: starttls") == 0) + break; -+ } + rprintf(FINFO, "%s\n", line); + } + if (start_tls(f_in, f_out)) { @@ -136,10 +135,10 @@ To use this patch, run these commands for a successful build: + } +#endif + - p = strchr(path,'/'); - if (p) *p = 0; + p = strchr(path, '/'); + if (p) *p = '\0'; io_printf(f_out, "%s\n", path); -@@ -196,6 +236,10 @@ int start_inband_exchange(const char *us +@@ -272,6 +311,10 @@ int start_inband_exchange(int f_in, int * server to terminate the listing of modules. * We don't want to go on and transfer * anything; just exit. */ @@ -150,7 +149,7 @@ To use this patch, run these commands for a successful build: exit(0); } -@@ -203,6 +247,10 @@ int start_inband_exchange(const char *us +@@ -279,6 +322,10 @@ int start_inband_exchange(int f_in, int rprintf(FERROR, "%s\n", line); /* This is always fatal; the server will now * close the socket. */ @@ -161,17 +160,17 @@ To use this patch, run these commands for a successful build: return -1; } -@@ -780,6 +828,9 @@ int start_daemon(int f_in, int f_out) - if (protocol_version > remote_protocol) - protocol_version = remote_protocol; +@@ -807,6 +854,9 @@ int start_daemon(int f_in, int f_out) + if (exchange_protocols(f_in, f_out, line, sizeof line, 0) < 0) + return -1; +#ifdef HAVE_OPENSSL +retry: +#endif line[0] = 0; - if (!read_line(f_in, line, sizeof line - 1)) + if (!read_line_old(f_in, line, sizeof line)) return -1; -@@ -791,6 +842,20 @@ int start_daemon(int f_in, int f_out) +@@ -818,6 +868,20 @@ int start_daemon(int f_in, int f_out) return -1; } @@ -218,7 +217,7 @@ To use this patch, run these commands for a successful build: *cygwin* ) AC_MSG_RESULT(yes) --- old/options.c +++ new/options.c -@@ -173,6 +173,14 @@ int logfile_format_has_o_or_i = 0; +@@ -182,6 +182,14 @@ int logfile_format_has_o_or_i = 0; int always_checksum = 0; int list_only = 0; @@ -233,40 +232,39 @@ To use this patch, run these commands for a successful build: #define MAX_BATCH_NAME_LEN 256 /* Must be less than MAXPATHLEN-13 */ char *batch_name = NULL; -@@ -201,6 +209,7 @@ static void print_rsync_version(enum log - char const *hardlinks = "no "; +@@ -221,6 +229,7 @@ static void print_rsync_version(enum log char const *links = "no "; + char const *iconv = "no "; char const *ipv6 = "no "; + char const *ssl = "no "; STRUCT_STAT *dumstat; - #ifdef HAVE_SOCKETPAIR -@@ -223,6 +232,10 @@ static void print_rsync_version(enum log - ipv6 = ""; + #if SUBPROTOCOL_VERSION != 0 +@@ -250,6 +259,9 @@ static void print_rsync_version(enum log + #ifdef ICONV_OPTION + iconv = ""; #endif - +#ifdef HAVE_OPENSSL + ssl = ""; +#endif -+ - rprintf(f, "%s version %s protocol version %d\n", - RSYNC_NAME, RSYNC_VERSION, PROTOCOL_VERSION); - rprintf(f, "Copyright (C) 1996-2006 by Andrew Tridgell, Wayne Davison, and others.\n"); -@@ -233,8 +246,8 @@ static void print_rsync_version(enum log + + rprintf(f, "%s version %s protocol version %d%s\n", + RSYNC_NAME, RSYNC_VERSION, PROTOCOL_VERSION, subprotocol); +@@ -263,8 +275,8 @@ static void print_rsync_version(enum log (int)(sizeof (int64) * 8)); rprintf(f, " %ssocketpairs, %shardlinks, %ssymlinks, %sIPv6, batchfiles, %sinplace,\n", got_socketpair, hardlinks, links, ipv6, have_inplace); -- rprintf(f, " %sappend\n", -- have_inplace); -+ rprintf(f, " %sappend, %sSSL\n", -+ have_inplace, ssl); +- rprintf(f, " %sappend, %sACLs, %sxattrs, %siconv\n", +- have_inplace, acls, xattrs, iconv); ++ rprintf(f, " %sappend, %sACLs, %sxattrs, %siconv, %sSSL\n", ++ have_inplace, acls, xattrs, iconv, ssl); #ifdef MAINTAINER_MODE rprintf(f, "Panic Action: \"%s\"\n", get_panic_action()); -@@ -382,6 +395,13 @@ void usage(enum logcode F) +@@ -425,6 +437,13 @@ void usage(enum logcode F) + #endif rprintf(F," -4, --ipv4 prefer IPv4\n"); rprintf(F," -6, --ipv6 prefer IPv6\n"); - #endif +#ifdef HAVE_OPENSSL + rprintf(F," --ssl allow socket connections to use SSL\n"); + rprintf(F," --ssl-cert=FILE path to daemon's SSL certificate\n"); @@ -277,16 +275,16 @@ To use this patch, run these commands for a successful build: rprintf(F," --version print version number\n"); rprintf(F,"(-h) --help show this help (-h works with no other options)\n"); -@@ -395,7 +415,7 @@ enum {OPT_VERSION = 1000, OPT_DAEMON, OP +@@ -438,7 +457,7 @@ enum {OPT_VERSION = 1000, OPT_DAEMON, OP OPT_FILTER, OPT_COMPARE_DEST, OPT_COPY_DEST, OPT_LINK_DEST, OPT_HELP, OPT_INCLUDE, OPT_INCLUDE_FROM, OPT_MODIFY_WINDOW, OPT_MIN_SIZE, OPT_CHMOD, OPT_READ_BATCH, OPT_WRITE_BATCH, OPT_ONLY_WRITE_BATCH, OPT_MAX_SIZE, -- OPT_NO_D, -+ OPT_NO_D, OPT_USE_SSL, +- OPT_NO_D, OPT_APPEND, ++ OPT_NO_D, OPT_APPEND, OPT_USE_SSL, OPT_SERVER, OPT_REFUSED_BASE = 9000}; static struct poptOption long_options[] = { -@@ -543,6 +563,13 @@ static struct poptOption long_options[] +@@ -623,6 +642,13 @@ static struct poptOption long_options[] {"checksum-seed", 0, POPT_ARG_INT, &checksum_seed, 0, 0, 0 }, {"server", 0, POPT_ARG_NONE, 0, OPT_SERVER, 0, 0 }, {"sender", 0, POPT_ARG_NONE, 0, OPT_SENDER, 0, 0 }, @@ -300,10 +298,10 @@ To use this patch, run these commands for a successful build: /* All the following options switch us into daemon-mode option-parsing. */ {"config", 0, POPT_ARG_STRING, 0, OPT_DAEMON, 0, 0 }, {"daemon", 0, POPT_ARG_NONE, 0, OPT_DAEMON, 0, 0 }, -@@ -570,6 +597,13 @@ static void daemon_usage(enum logcode F) +@@ -648,6 +674,13 @@ static void daemon_usage(enum logcode F) + rprintf(F," -v, --verbose increase verbosity\n"); rprintf(F," -4, --ipv4 prefer IPv4\n"); rprintf(F," -6, --ipv6 prefer IPv6\n"); - #endif +#ifdef HAVE_OPENSSL + rprintf(F," --ssl allow socket connections to use SSL\n"); + rprintf(F," --ssl-cert=FILE path to daemon's SSL certificate\n"); @@ -314,7 +312,7 @@ To use this patch, run these commands for a successful build: rprintf(F," --help show this help screen\n"); rprintf(F,"\n"); -@@ -596,6 +630,13 @@ static struct poptOption long_daemon_opt +@@ -672,6 +705,13 @@ static struct poptOption long_daemon_opt {"protocol", 0, POPT_ARG_INT, &protocol_version, 0, 0, 0 }, {"server", 0, POPT_ARG_NONE, &am_server, 0, 0, 0 }, {"temp-dir", 'T', POPT_ARG_STRING, &tmpdir, 0, 0, 0 }, @@ -328,7 +326,7 @@ To use this patch, run these commands for a successful build: {"verbose", 'v', POPT_ARG_NONE, 0, 'v', 0, 0 }, {"no-verbose", 0, POPT_ARG_VAL, &verbose, 0, 0, 0 }, {"no-v", 0, POPT_ARG_VAL, &verbose, 0, 0, 0 }, -@@ -853,6 +894,12 @@ int parse_arguments(int *argc, const cha +@@ -946,6 +986,12 @@ int parse_arguments(int *argc_p, const c verbose++; break; @@ -341,7 +339,7 @@ To use this patch, run these commands for a successful build: default: rprintf(FERROR, "rsync: %s: %s (in daemon mode)\n", -@@ -876,6 +923,17 @@ int parse_arguments(int *argc, const cha +@@ -969,6 +1015,17 @@ int parse_arguments(int *argc_p, const c exit_cleanup(RERR_SYNTAX); } @@ -356,12 +354,12 @@ To use this patch, run these commands for a successful build: + } +#endif + - *argv = poptGetArgs(pc); - *argc = count_args(*argv); + *argv_p = argv = poptGetArgs(pc); + *argc_p = argc = count_args(argv); am_starting_up = 0; -@@ -1087,6 +1145,12 @@ int parse_arguments(int *argc, const cha - usage(FINFO); - exit_cleanup(0); +@@ -1221,6 +1278,12 @@ int parse_arguments(int *argc_p, const c + return 0; + #endif +#ifdef HAVE_OPENSSL + case OPT_USE_SSL: @@ -372,7 +370,7 @@ To use this patch, run these commands for a successful build: default: /* A large opt value means that set_refuse_options() * turned this option off. */ -@@ -1359,6 +1423,17 @@ int parse_arguments(int *argc, const cha +@@ -1536,6 +1599,17 @@ int parse_arguments(int *argc_p, const c if (delay_updates && !partial_dir) partial_dir = tmp_partialdir; @@ -390,7 +388,7 @@ To use this patch, run these commands for a successful build: if (inplace) { #ifdef HAVE_FTRUNCATE if (partial_dir) { -@@ -1783,10 +1858,27 @@ char *check_for_hostspec(char *s, char * +@@ -2011,10 +2085,27 @@ char *check_for_hostspec(char *s, char * char *p; int not_host; int hostlen; @@ -422,7 +420,7 @@ To use this patch, run these commands for a successful build: path = p + 1; --- old/rsync.h +++ new/rsync.h -@@ -32,6 +32,7 @@ +@@ -31,6 +31,7 @@ #define DEFAULT_LOCK_FILE "/var/run/rsyncd.lock" #define URL_PREFIX "rsync://" @@ -430,7 +428,7 @@ To use this patch, run these commands for a successful build: #define BACKUP_SUFFIX "~" -@@ -420,6 +421,11 @@ enum msgcode { +@@ -500,6 +501,11 @@ enum msgcode { # define SIZEOF_INT64 SIZEOF_OFF_T #endif @@ -439,9 +437,9 @@ To use this patch, run these commands for a successful build: +#include +#endif + - /* Starting from protocol version 26, we always use 64-bit - * ino_t and dev_t internally, even if this platform does not - * allow files to have 64-bit inums. That's because the + struct hashtable { + void *nodes; + int32 size, entries; --- old/ssl.c +++ new/ssl.c @@ -0,0 +1,370 @@