From 144adbf336bedbe50f421e7cd2c6bddea6338b34 Mon Sep 17 00:00:00 2001
From: Wayne Davison <wayned@samba.org>
Date: Wed, 20 Sep 2006 14:22:49 +0000
Subject: [PATCH] Some improvements from marineam@osuosl.org.

---
 openssl-support.diff | 77 ++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 70 insertions(+), 7 deletions(-)

diff --git a/openssl-support.diff b/openssl-support.diff
index 390c1ff..d55b87c 100644
--- a/openssl-support.diff
+++ b/openssl-support.diff
@@ -306,20 +306,79 @@ can't say if I've left any cleanup/compatibility errors in the code.
    /* All the following options switch us into daemon-mode option-parsing. */
    {"config",           0,  POPT_ARG_STRING, 0, OPT_DAEMON, 0, 0 },
    {"daemon",           0,  POPT_ARG_NONE,   0, OPT_DAEMON, 0, 0 },
-@@ -1084,6 +1111,12 @@ int parse_arguments(int *argc, const cha
+@@ -568,6 +595,13 @@ static void daemon_usage(enum logcode F)
+   rprintf(F," -4, --ipv4                  prefer IPv4\n");
+   rprintf(F," -6, --ipv6                  prefer IPv6\n");
+ #endif
++#if HAVE_OPENSSL
++  rprintf(F,"     --ssl                   allow socket connections to use SSL\n");
++  rprintf(F,"     --ssl-cert=FILE         path to daemon's SSL certificate\n");
++  rprintf(F,"     --ssl-key=FILE          path to daemon's SSL private key\n");
++  rprintf(F,"     --ssl-key-passwd=PASS   password for PEM-encoded private key\n");
++  rprintf(F,"     --ssl-ca-certs=FILE     path to trusted CA certificates\n");
++#endif
+   rprintf(F,"     --help                  show this help screen\n");
+ 
+   rprintf(F,"\n");
+@@ -594,6 +628,13 @@ static struct poptOption long_daemon_opt
+   {"protocol",         0,  POPT_ARG_INT,    &protocol_version, 0, 0, 0 },
+   {"server",           0,  POPT_ARG_NONE,   &am_server, 0, 0, 0 },
+   {"temp-dir",        'T', POPT_ARG_STRING, &tmpdir, 0, 0, 0 },
++#if HAVE_OPENSSL
++  {"ssl",              0,  POPT_ARG_NONE,   0, OPT_USE_SSL, 0, 0},
++  {"ssl-cert",         0,  POPT_ARG_STRING, &ssl_cert_path, OPT_USE_SSL, 0, 0},
++  {"ssl-key",          0,  POPT_ARG_STRING, &ssl_key_path, OPT_USE_SSL, 0, 0},
++  {"ssl-key-passwd",   0,  POPT_ARG_STRING, &ssl_key_passwd, OPT_USE_SSL, 0, 0},
++  {"ssl-ca-certs",     0,  POPT_ARG_STRING, &ssl_ca_path, OPT_USE_SSL, 0, 0},
++#endif
+   {"verbose",         'v', POPT_ARG_NONE,   0, 'v', 0, 0 },
+   {"no-verbose",       0,  POPT_ARG_VAL,    &verbose, 0, 0, 0 },
+   {"no-v",             0,  POPT_ARG_VAL,    &verbose, 0, 0, 0 },
+@@ -848,6 +889,12 @@ int parse_arguments(int *argc, const cha
+ 					verbose++;
+ 					break;
+ 
++#ifdef HAVE_OPENSSL
++				case OPT_USE_SSL:
++					use_ssl = 1;
++					break;
++#endif
++
+ 				default:
+ 					rprintf(FERROR,
+ 					    "rsync: %s: %s (in daemon mode)\n",
+@@ -871,6 +918,17 @@ int parse_arguments(int *argc, const cha
+ 				exit_cleanup(RERR_SYNTAX);
+ 			}
+ 
++#ifdef HAVE_OPENSSL
++			if (use_ssl) {
++				if (init_tls()) {
++					snprintf(err_buf, sizeof(err_buf),
++						 "Openssl error: %s\n",
++						 get_ssl_error());
++					return 0;
++				}
++			}
++#endif
++
+ 			*argv = poptGetArgs(pc);
+ 			*argc = count_args(*argv);
+ 			am_starting_up = 0;
+@@ -1084,6 +1142,12 @@ int parse_arguments(int *argc, const cha
  			usage(FINFO);
  			exit_cleanup(0);
  
-+		case OPT_USE_SSL:
 +#if HAVE_OPENSSL
++		case OPT_USE_SSL:
 +			use_ssl = 1;
-+#endif
 +			break;
++#endif
 +
  		default:
  			/* A large opt value means that set_refuse_options()
  			 * turned this option off. */
-@@ -1364,6 +1397,17 @@ int parse_arguments(int *argc, const cha
+@@ -1364,6 +1428,17 @@ int parse_arguments(int *argc, const cha
  	if (delay_updates && !partial_dir)
  		partial_dir = tmp_partialdir;
  
@@ -337,7 +396,7 @@ can't say if I've left any cleanup/compatibility errors in the code.
  	if (inplace) {
  #ifdef HAVE_FTRUNCATE
  		if (partial_dir) {
-@@ -1781,10 +1825,27 @@ char *check_for_hostspec(char *s, char *
+@@ -1781,10 +1856,27 @@ char *check_for_hostspec(char *s, char *
  	char *p;
  	int not_host;
  	int hostlen;
@@ -391,7 +450,7 @@ can't say if I've left any cleanup/compatibility errors in the code.
   * allow files to have 64-bit inums.  That's because the
 --- old/ssl.c
 +++ new/ssl.c
-@@ -0,0 +1,366 @@
+@@ -0,0 +1,370 @@
 +/* -*- c-file-style: "linux" -*-
 + * ssl.c: operations for negotiating SSL rsync connections. 
 + *
@@ -441,6 +500,10 @@ can't say if I've left any cleanup/compatibility errors in the code.
 +static int ssl_running;
 +static int ssl_pid = -1;
 +
++#ifdef HAVE_SIGACTION
++static struct sigaction sigact;
++#endif
++
 +/**
 + * A non-interactive callback to be passed to SSL_CTX_set_default_password_cb,
 + * which merely copies the value of ssl_key_passwd into buf. This is
@@ -629,7 +692,7 @@ can't say if I've left any cleanup/compatibility errors in the code.
 +		return 0;
 +	}
 +
-+	signal(SIGUSR1, tls_sigusr1);
++	SIGACTION(SIGUSR1, tls_sigusr1);
 +	ssl = SSL_new(ssl_ctx);
 +	if (!ssl)
 +		goto closed;
-- 
2.34.1