X-Git-Url: https://mattmccutchen.net/rsync/rsync-patches.git/blobdiff_plain/ae5a2ebc4f0bb9aa374d8314b4cfd60e9dbfcca9..cb0d2e2b200e6610054021db977334088f9bd04f:/openssl-support.diff diff --git a/openssl-support.diff b/openssl-support.diff index 17ae13e..d703d35 100644 --- a/openssl-support.diff +++ b/openssl-support.diff @@ -20,7 +20,7 @@ this implementation are: #starttls - And, if the server allows SSL, it replies with + And, if the daemon allows SSL, it replies with @RSYNCD: starttls @@ -37,9 +37,9 @@ All warnings apply; I don't do C programming all that often, so I can't say if I've left any cleanup/compatibility errors in the code. ---- orig/Makefile.in 2004-11-03 11:56:03 +--- orig/Makefile.in 2005-11-07 04:29:00 +++ Makefile.in 2004-10-08 20:17:06 -@@ -39,7 +39,7 @@ OBJS3=progress.o pipe.o +@@ -38,7 +38,7 @@ OBJS3=progress.o pipe.o DAEMON_OBJ = params.o loadparm.o clientserver.o access.o connection.o authenticate.o popt_OBJS=popt/findme.o popt/popt.o popt/poptconfig.o \ popt/popthelp.o popt/poptparse.o @@ -48,7 +48,7 @@ can't say if I've left any cleanup/compatibility errors in the code. TLS_OBJ = tls.o syscall.o lib/compat.o lib/snprintf.o lib/permstring.o ---- orig/cleanup.c 2005-02-07 20:41:56 +--- orig/cleanup.c 2005-11-10 16:58:36 +++ cleanup.c 2005-01-10 10:43:22 @@ -22,6 +22,9 @@ #include "rsync.h" @@ -72,9 +72,9 @@ can't say if I've left any cleanup/compatibility errors in the code. if (verbose > 3) { rprintf(FINFO,"_exit_cleanup(code=%d, file=%s, line=%d): entered\n", code, safe_fname(file), line); ---- orig/clientserver.c 2005-02-20 00:02:22 -+++ clientserver.c 2004-10-08 20:44:59 -@@ -45,6 +45,9 @@ extern int select_timeout; +--- orig/clientserver.c 2005-10-24 21:04:44 ++++ clientserver.c 2005-04-09 17:39:57 +@@ -44,6 +44,9 @@ extern int io_timeout; extern int orig_umask; extern int no_detach; extern int default_af_hint; @@ -84,11 +84,11 @@ can't say if I've left any cleanup/compatibility errors in the code. extern char *bind_address; extern struct filter_list_struct server_filter_list; extern char *config_file; -@@ -102,8 +105,18 @@ int start_socket_client(char *host, char +@@ -101,8 +104,18 @@ int start_socket_client(char *host, char exit_cleanup(RERR_SOCKETIO); ret = start_inband_exchange(user, path, fd, fd, argc); -+ if (ret < 0) ++ if (ret) + return ret; + +#if HAVE_OPENSSL @@ -99,12 +99,12 @@ can't say if I've left any cleanup/compatibility errors in the code. + } +#endif -- return ret < 0? ret : client_run(fd, fd, -1, argc, argv); +- return ret ? ret : client_run(fd, fd, -1, argc, argv); + return client_run(fd, fd, -1, argc, argv); } int start_inband_exchange(char *user, char *path, int f_in, int f_out, -@@ -164,6 +177,33 @@ int start_inband_exchange(char *user, ch +@@ -163,6 +176,33 @@ int start_inband_exchange(char *user, ch if (verbose > 1) print_child_argv(sargs); @@ -138,7 +138,7 @@ can't say if I've left any cleanup/compatibility errors in the code. p = strchr(path,'/'); if (p) *p = 0; io_printf(f_out, "%s\n", path); -@@ -192,6 +232,10 @@ int start_inband_exchange(char *user, ch +@@ -191,6 +231,10 @@ int start_inband_exchange(char *user, ch * server to terminate the listing of modules. * We don't want to go on and transfer * anything; just exit. */ @@ -149,7 +149,7 @@ can't say if I've left any cleanup/compatibility errors in the code. exit(0); } -@@ -199,6 +243,10 @@ int start_inband_exchange(char *user, ch +@@ -198,6 +242,10 @@ int start_inband_exchange(char *user, ch rprintf(FERROR, "%s\n", line); /* This is always fatal; the server will now * close the socket. */ @@ -157,10 +157,10 @@ can't say if I've left any cleanup/compatibility errors in the code. + if (use_ssl) + end_tls(); +#endif - return RERR_STARTCLIENT; - } else { - rprintf(FINFO,"%s\n", line); -@@ -536,6 +584,7 @@ static void send_listing(int fd) + return -1; + } + +@@ -668,6 +716,7 @@ static void send_listing(int fd) io_printf(fd,"@RSYNCD: EXIT\n"); } @@ -168,7 +168,7 @@ can't say if I've left any cleanup/compatibility errors in the code. /* this is called when a connection is established to a client and we want to start talking. The setup of the system is done from here */ -@@ -585,6 +634,9 @@ int start_daemon(int f_in, int f_out) +@@ -717,6 +766,9 @@ int start_daemon(int f_in, int f_out) if (protocol_version > remote_protocol) protocol_version = remote_protocol; @@ -178,7 +178,7 @@ can't say if I've left any cleanup/compatibility errors in the code. line[0] = 0; if (!read_line(f_in, line, sizeof line - 1)) return -1; -@@ -594,6 +646,20 @@ int start_daemon(int f_in, int f_out) +@@ -726,6 +778,20 @@ int start_daemon(int f_in, int f_out) return -1; } @@ -199,9 +199,9 @@ can't say if I've left any cleanup/compatibility errors in the code. if (*line == '#') { /* it's some sort of command that I don't understand */ io_printf(f_out, "@ERROR: Unknown command '%s'\n", line); ---- orig/configure.in 2005-02-22 00:53:58 +--- orig/configure.in 2005-09-24 17:40:30 +++ configure.in 2004-07-03 20:22:28 -@@ -271,6 +271,21 @@ yes +@@ -293,6 +293,21 @@ yes AC_SEARCH_LIBS(getaddrinfo, inet6) fi @@ -223,124 +223,9 @@ can't say if I've left any cleanup/compatibility errors in the code. AC_MSG_CHECKING([whether to call shutdown on all sockets]) case $host_os in *cygwin* ) AC_MSG_RESULT(yes) ---- orig/main.c 2005-02-20 01:12:42 -+++ main.c 2004-10-08 20:15:28 -@@ -54,6 +54,9 @@ extern int write_batch; - extern int batch_fd; - extern int batch_gen_fd; - extern int filesfrom_fd; -+#if HAVE_OPENSSL -+extern int use_ssl; -+#endif - extern pid_t cleanup_child_pid; - extern struct stats stats; - extern char *files_from; -@@ -836,33 +839,48 @@ static int start_client(int argc, char * - if ((rc = copy_argv(argv))) - return rc; - -- /* rsync:// always uses rsync server over direct socket connection */ -- if (strncasecmp(URL_PREFIX, argv[0], strlen(URL_PREFIX)) == 0 -- && !read_batch) { -- char *host, *path; -+ if (!read_batch) { /* for read_batch, NO source is specified */ -+ int url_prefix_len = sizeof URL_PREFIX - 1; - -- host = argv[0] + strlen(URL_PREFIX); -- p = strchr(host,'/'); -- if (p) { -- *p = '\0'; -- path = p+1; -- } else -- path = ""; -- if (*host == '[' && (p = strchr(host, ']')) != NULL) { -- host++; -- *p++ = '\0'; -- if (*p != ':') -- p = NULL; -- } else -- p = strchr(host, ':'); -- if (p) { -- rsync_port = atoi(p+1); -- *p = '\0'; -+ /* rsync:// always uses rsync server over direct socket connection */ -+ if (strncasecmp(URL_PREFIX, argv[0], url_prefix_len) != 0) { -+#if HAVE_OPENSSL -+ url_prefix_len = sizeof SSL_URL_PREFIX - 1; -+ if (strncasecmp(SSL_URL_PREFIX, argv[0], url_prefix_len) != 0) -+ url_prefix_len = 0; -+ else { -+ if (!use_ssl) -+ init_tls(); -+ use_ssl = 1; -+ } -+#else -+ url_prefix_len = 0; -+#endif -+ } -+ if (url_prefix_len) { -+ char *host, *path; -+ -+ host = argv[0] + url_prefix_len; -+ p = strchr(host,'/'); -+ if (p) { -+ *p = '\0'; -+ path = p+1; -+ } else -+ path = ""; -+ if (*host == '[' && (p = strchr(host, ']')) != NULL) { -+ host++; -+ *p++ = '\0'; -+ if (*p != ':') -+ p = NULL; -+ } else -+ p = strchr(host, ':'); -+ if (p) { -+ rsync_port = atoi(p+1); -+ *p = '\0'; -+ } -+ return start_socket_client(host, path, argc-1, argv+1); - } -- return start_socket_client(host, path, argc-1, argv+1); -- } - -- if (!read_batch) { /* for read_batch, NO source is specified */ - p = find_colon(argv[0]); - if (p) { /* source is remote */ - if (remote_filesfrom_file -@@ -894,12 +912,26 @@ static int start_client(int argc, char * - argv++; - } else { /* source is local */ - am_sender = 1; -- -+ url_prefix_len = sizeof URL_PREFIX - 1; - /* rsync:// destination uses rsync server over direct socket */ -- if (strncasecmp(URL_PREFIX, argv[argc-1], strlen(URL_PREFIX)) == 0) { -+ if (strncasecmp(URL_PREFIX, argv[argc-1], url_prefix_len) != 0) { -+#if HAVE_OPENSSL -+ url_prefix_len = sizeof SSL_URL_PREFIX - 1; -+ if (strncasecmp(SSL_URL_PREFIX, argv[argc-1], url_prefix_len) != 0) -+ url_prefix_len = 0; -+ else { -+ if (!use_ssl) -+ init_tls(); -+ use_ssl = 1; -+ } -+#else -+ url_prefix_len = 0; -+#endif -+ } -+ if (url_prefix_len) { - char *host, *path; - -- host = argv[argc-1] + strlen(URL_PREFIX); -+ host = argv[argc-1] + url_prefix_len; - p = strchr(host,'/'); - if (p) { - *p = '\0'; ---- orig/options.c 2005-02-21 10:51:52 -+++ options.c 2004-11-27 18:31:46 -@@ -155,6 +155,14 @@ int log_format_has_o_or_i = 0; +--- orig/options.c 2005-11-15 07:01:03 ++++ options.c 2005-11-15 07:10:33 +@@ -162,6 +162,14 @@ int log_format_has_o_or_i = 0; int always_checksum = 0; int list_only = 0; @@ -355,7 +240,7 @@ can't say if I've left any cleanup/compatibility errors in the code. #define MAX_BATCH_NAME_LEN 256 /* Must be less than MAXPATHLEN-13 */ char *batch_name = NULL; -@@ -180,6 +188,7 @@ static void print_rsync_version(enum log +@@ -190,6 +198,7 @@ static void print_rsync_version(enum log char const *hardlinks = "no "; char const *links = "no "; char const *ipv6 = "no "; @@ -363,7 +248,7 @@ can't say if I've left any cleanup/compatibility errors in the code. STRUCT_STAT *dumstat; #ifdef HAVE_SOCKETPAIR -@@ -202,6 +211,10 @@ static void print_rsync_version(enum log +@@ -212,6 +221,10 @@ static void print_rsync_version(enum log ipv6 = ""; #endif @@ -374,7 +259,7 @@ can't say if I've left any cleanup/compatibility errors in the code. rprintf(f, "%s version %s protocol version %d\n", RSYNC_NAME, RSYNC_VERSION, PROTOCOL_VERSION); rprintf(f, -@@ -215,10 +228,10 @@ static void print_rsync_version(enum log +@@ -225,10 +238,10 @@ static void print_rsync_version(enum log /* Note that this field may not have type ino_t. It depends * on the complicated interaction between largefile feature * macros. */ @@ -387,33 +272,32 @@ can't say if I've left any cleanup/compatibility errors in the code. #ifdef MAINTAINER_MODE rprintf(f, " panic action: \"%s\"\n", get_panic_action()); -@@ -348,6 +361,13 @@ void usage(enum logcode F) +@@ -363,6 +376,13 @@ void usage(enum logcode F) rprintf(F," -4, --ipv4 prefer IPv4\n"); rprintf(F," -6, --ipv6 prefer IPv6\n"); #endif +#if HAVE_OPENSSL + rprintf(F," --ssl allow socket connections to use SSL\n"); -+ rprintf(F," --ssl-cert=FILE path to server's SSL certificate\n"); -+ rprintf(F," --ssl-key=FILE path to server's SSL private key\n"); ++ rprintf(F," --ssl-cert=FILE path to daemon's SSL certificate\n"); ++ rprintf(F," --ssl-key=FILE path to daemon's SSL private key\n"); + rprintf(F," --ssl-key-passwd=PASS password for PEM-encoded private key\n"); + rprintf(F," --ssl-ca-certs=FILE path to trusted CA certificates\n"); +#endif - rprintf(F," -h, --help show this help screen\n"); + rprintf(F," --version print version number\n"); + rprintf(F," --help show this help screen\n"); - rprintf(F,"\nUse \"rsync --daemon --help\" to see the daemon-mode command-line options.\n"); -@@ -358,7 +378,7 @@ void usage(enum logcode F) - enum {OPT_VERSION = 1000, OPT_DAEMON, OPT_SENDER, OPT_EXCLUDE, OPT_EXCLUDE_FROM, - OPT_FILTER, OPT_COMPARE_DEST, OPT_COPY_DEST, OPT_LINK_DEST, - OPT_INCLUDE, OPT_INCLUDE_FROM, OPT_MODIFY_WINDOW, -- OPT_READ_BATCH, OPT_WRITE_BATCH, OPT_TIMEOUT, OPT_MAX_SIZE, -+ OPT_READ_BATCH, OPT_WRITE_BATCH, OPT_TIMEOUT, OPT_MAX_SIZE, OPT_USE_SSL, +@@ -375,6 +395,7 @@ enum {OPT_VERSION = 1000, OPT_DAEMON, OP + OPT_FILTER, OPT_COMPARE_DEST, OPT_COPY_DEST, OPT_LINK_DEST, OPT_HELP, + OPT_INCLUDE, OPT_INCLUDE_FROM, OPT_MODIFY_WINDOW, OPT_MIN_SIZE, + OPT_READ_BATCH, OPT_WRITE_BATCH, OPT_ONLY_WRITE_BATCH, OPT_MAX_SIZE, ++ OPT_USE_SSL, OPT_REFUSED_BASE = 9000}; static struct poptOption long_options[] = { -@@ -457,6 +477,13 @@ static struct poptOption long_options[] - {"ipv4", '4', POPT_ARG_VAL, &default_af_hint, AF_INET, 0, 0 }, - {"ipv6", '6', POPT_ARG_VAL, &default_af_hint, AF_INET6, 0, 0 }, - #endif +@@ -503,6 +524,13 @@ static struct poptOption long_options[] + {"checksum-seed", 0, POPT_ARG_INT, &checksum_seed, 0, 0, 0 }, + {"server", 0, POPT_ARG_NONE, &am_server, 0, 0, 0 }, + {"sender", 0, POPT_ARG_NONE, 0, OPT_SENDER, 0, 0 }, +#if HAVE_OPENSSL + {"ssl", 0, POPT_ARG_NONE, 0, OPT_USE_SSL, 0, 0}, + {"ssl-cert", 0, POPT_ARG_STRING, &ssl_cert_path, OPT_USE_SSL, 0, 0}, @@ -421,10 +305,10 @@ can't say if I've left any cleanup/compatibility errors in the code. + {"ssl-key-passwd", 0, POPT_ARG_STRING, &ssl_key_passwd, OPT_USE_SSL, 0, 0}, + {"ssl-ca-certs", 0, POPT_ARG_STRING, &ssl_ca_path, OPT_USE_SSL, 0, 0}, +#endif - /* All these options switch us into daemon-mode option-parsing. */ - {"address", 0, POPT_ARG_STRING, 0, OPT_DAEMON, 0, 0 }, + /* All the following options switch us into daemon-mode option-parsing. */ {"config", 0, POPT_ARG_STRING, 0, OPT_DAEMON, 0, 0 }, -@@ -860,6 +887,12 @@ int parse_arguments(int *argc, const cha + {"daemon", 0, POPT_ARG_NONE, 0, OPT_DAEMON, 0, 0 }, +@@ -997,6 +1025,12 @@ int parse_arguments(int *argc, const cha basis_dir[basis_dir_cnt++] = (char *)arg; break; @@ -437,7 +321,7 @@ can't say if I've left any cleanup/compatibility errors in the code. default: /* A large opt value means that set_refuse_options() * turned this option off. */ -@@ -1126,6 +1159,17 @@ int parse_arguments(int *argc, const cha +@@ -1274,6 +1308,17 @@ int parse_arguments(int *argc, const cha if (delay_updates && !partial_dir) partial_dir = partialdir_for_delayupdate; @@ -455,7 +339,38 @@ can't say if I've left any cleanup/compatibility errors in the code. if (inplace) { #ifdef HAVE_FTRUNCATE if (partial_dir) { ---- orig/rsync.h 2005-02-20 00:02:23 +@@ -1664,11 +1709,28 @@ char *check_for_hostspec(char *s, char * + { + char *p; + int not_host; ++ int url_prefix_len = sizeof URL_PREFIX - 1; + +- if (port_ptr && strncasecmp(URL_PREFIX, s, strlen(URL_PREFIX)) == 0) { ++ if (!port_ptr) ++ url_prefix_len = 0; ++ else if (strncasecmp(URL_PREFIX, s, url_prefix_len) != 0) { ++#if HAVE_OPENSSL ++ url_prefix_len = sizeof SSL_URL_PREFIX - 1; ++ if (strncasecmp(SSL_URL_PREFIX, s, url_prefix_len) != 0) ++ url_prefix_len = 0; ++ else { ++ if (!use_ssl) ++ init_tls(); ++ use_ssl = 1; ++ } ++#else ++ url_prefix_len = 0; ++#endif ++ } ++ if (url_prefix_len) { + char *path; + int hostlen; +- s += strlen(URL_PREFIX); ++ s += url_prefix_len; + if ((p = strchr(s, '/')) != NULL) { + hostlen = p - s; + path = p + 1; +--- orig/rsync.h 2005-11-12 20:31:04 +++ rsync.h 2004-10-08 21:01:33 @@ -32,6 +32,7 @@ @@ -465,7 +380,7 @@ can't say if I've left any cleanup/compatibility errors in the code. #define BACKUP_SUFFIX "~" -@@ -399,6 +400,11 @@ enum msgcode { +@@ -410,6 +411,11 @@ enum msgcode { # define SIZEOF_INT64 SIZEOF_OFF_T #endif