if (!user) user = getenv("USER");
if (!user) user = getenv("LOGNAME");
+ if (verbose >= 2) {
+ rprintf(FINFO, "opening tcp connection to %s port %d\n",
+ host, rsync_port);
+ }
fd = open_socket_out_wrapped (host, rsync_port, bind_address,
default_af_hint);
if (fd == -1) {
if (strcmp(line,"@RSYNCD: EXIT") == 0) exit(0);
- rprintf(FINFO,"%s\n", line);
+ if (strncmp(line, "@ERROR", 6) == 0)
+ rprintf(FERROR,"%s\n", line);
+ else
+ rprintf(FINFO,"%s\n", line);
}
kludge_around_eof = False;
if (!allow_access(addr, host, lp_hosts_allow(i), lp_hosts_deny(i))) {
rprintf(FERROR,"rsync denied on module %s from %s (%s)\n",
- name, client_name(fd), client_addr(fd));
+ name, host, addr);
io_printf(fd,"@ERROR: access denied to %s from %s (%s)\n",
- name, client_name(fd), client_addr(fd));
+ name, host, addr);
return -1;
}
}
if (am_root) {
+ /* Get rid of any supplementary groups this process
+ * might have inheristed. */
+ if (setgroups(0, NULL)) {
+ rsyserr(FERROR, errno, "setgroups failed");
+ io_printf(fd, "@ERROR: setgroups failed\n");
+ return -1;
+ }
+
+ /* XXXX: You could argue that if the daemon is started
+ * by a non-root user and they explicitly specify a
+ * gid, then we should try to change to that gid --
+ * this could be possible if it's already in their
+ * supplementary groups. */
+
+ /* TODO: Perhaps we need to document that if rsyncd is
+ * started by somebody other than root it will inherit
+ * all their supplementary groups. */
+
if (setgid(gid)) {
rsyserr(FERROR, errno, "setgid %d failed", (int) gid);
io_printf(fd,"@ERROR: setgid failed\n");