Some daemon security improvements, including the new parameters

[rsync/rsync.git] / clientserver.c

diff --git a/clientserver.c b/clientserver.c
index 9207b1a..eb83867 100644 (file)
--- a/clientserver.c
+++ b/clientserver.c
@@ -35,6 +35,7 @@ extern int ignore_errors;
 extern int kluge_around_eof;
 extern int daemon_over_rsh;
 extern int sanitize_paths;
+extern int numeric_ids;
 extern int filesfrom_fd;
 extern int remote_protocol;
 extern int protocol_version;
@@ -54,10 +55,15 @@ extern char *tmpdir;
 extern struct chmod_mode_struct *chmod_modes;
 extern struct filter_list_struct server_filter_list;
 extern char curr_dir[];
+#ifdef ICONV_OPTION
+extern char *iconv_opt;
+extern iconv_t ic_send, ic_recv;
+#endif
 
 char *auth_user;
 int read_only = 0;
 int module_id = -1;
+int munge_symlinks = 0;
 struct chmod_mode_struct *daemon_chmod_modes;
 
 /* module_dirlen is the length of the module_dir string when in daemon
@@ -244,7 +250,7 @@ int start_inband_exchange(int f_in, int f_out, const char *user, int argc, char
                        rprintf(FERROR, "internal: args[] overflowed in do_cmd()\n");
                        exit_cleanup(RERR_SYNTAX);
                }
-               if (list_only && strncmp(*argv, modname, modlen) == 0
+               if (strncmp(*argv, modname, modlen) == 0
                 && argv[0][modlen] == '\0')
                        sargs[sargc++] = modname; /* we send "modname/" */
                else
@@ -354,8 +360,12 @@ static int read_arg_from_pipe(int fd, char *buf, int limit)
        char *bp = buf, *eob = buf + limit - 1;
 
        while (1) {
-           if (read(fd, bp, 1) != 1)
+           int got = read(fd, bp, 1);
+           if (got != 1) {
+               if (got < 0 && errno == EINTR)
+                       continue;
                return -1;
+           }
            if (*bp == '\0')
                break;
            if (bp < eob)
@@ -380,6 +390,13 @@ static int rsync_module(int f_in, int f_out, int i, char *addr, char *host)
        pid_t pre_exec_pid = 0;
        char *request = NULL;
 
+#ifdef ICONV_CONST
+       iconv_opt = lp_charset(i);
+       if (*iconv_opt)
+               setup_iconv();
+       iconv_opt = NULL;
+#endif
+
        if (!allow_access(addr, host, lp_hosts_allow(i), lp_hosts_deny(i))) {
                rprintf(FLOG, "rsync denied on module %s from %s (%s)\n",
                        name, host, addr);
@@ -624,6 +641,18 @@ static int rsync_module(int f_in, int f_out, int i, char *addr, char *host)
                sanitize_paths = 1;
        }
 
+       if ((munge_symlinks = lp_munge_symlinks(i)) < 0)
+               munge_symlinks = !use_chroot;
+       if (munge_symlinks) {
+               STRUCT_STAT st;
+               if (stat(SYMLINK_PREFIX, &st) == 0 && S_ISDIR(st.st_mode)) {
+                       rprintf(FLOG, "Symlink munging is unsupported when a %s directory exists.\n",
+                               SYMLINK_PREFIX);
+                       io_printf(f_out, "@ERROR: daemon security issue -- contact admin\n", name);
+                       exit_cleanup(RERR_UNSUPPORTED);
+               }
+       }
+
        if (am_root) {
                /* XXXX: You could argue that if the daemon is started
                 * by a non-root user and they explicitly specify a
@@ -751,6 +780,21 @@ static int rsync_module(int f_in, int f_out, int i, char *addr, char *host)
                exit_cleanup(RERR_UNSUPPORTED);
        }
 
+       if (!iconv_opt) {
+               if (ic_send != (iconv_t)-1) {
+                       iconv_close(ic_send);
+                       ic_send = (iconv_t)-1;
+               }
+               if (ic_recv != (iconv_t)-1) {
+                       iconv_close(ic_recv);
+                       ic_recv = (iconv_t)-1;
+               }
+       }
+
+       if (!numeric_ids
+        && (use_chroot ? lp_numeric_ids(i) != False : lp_numeric_ids(i) == True))
+               numeric_ids = -1; /* Set --numeric-ids w/o breaking protocol. */
+
        if (lp_timeout(i) && lp_timeout(i) > io_timeout)
                set_io_timeout(lp_timeout(i));