Fix significant security holes with "use chroot = no" in an rsync daemon:

[rsync/rsync.git] / loadparm.c

diff --git a/loadparm.c b/loadparm.c
index 9b28c3b..074e6cb 100644 (file)
--- a/loadparm.c
+++ b/loadparm.c
@@ -44,9 +44,6 @@
  */
 
 #include "rsync.h"
-#define BOOL int
-#define False 0
-#define True 1
 #define PTR_DIFF(p1,p2) ((ptrdiff_t)(((char *)(p1)) - (char *)(p2)))
 #define strequal(a,b) (strcasecmp(a,b)==0)
 #define BOOLSTR(b) ((b) ? "Yes" : "No")
@@ -126,6 +123,7 @@ typedef struct
        char *hosts_deny;
        char *auth_users;
        char *secrets_file;
+       BOOL strict_modes;
        char *exclude;
        char *exclude_from;
        char *include;
@@ -155,6 +153,7 @@ static service sDefault =
        NULL,    /* hosts deny */
        NULL,    /* auth users */
        NULL,    /* secrets file */
+       True,   /* strict modes */
        NULL,    /* exclude */
        NULL,    /* exclude from */
        NULL,    /* include */
@@ -267,6 +266,7 @@ static struct parm_struct parm_table[] =
   {"hosts deny",       P_STRING,  P_LOCAL,  &sDefault.hosts_deny,  NULL,   0},
   {"auth users",       P_STRING,  P_LOCAL,  &sDefault.auth_users,  NULL,   0},
   {"secrets file",     P_STRING,  P_LOCAL,  &sDefault.secrets_file,NULL,   0},
+  {"strict modes",     P_BOOL,    P_LOCAL,  &sDefault.strict_modes,NULL,   0},
   {"exclude",          P_STRING,  P_LOCAL,  &sDefault.exclude,     NULL,   0},
   {"exclude from",     P_STRING,  P_LOCAL,  &sDefault.exclude_from,NULL,   0},
   {"include",          P_STRING,  P_LOCAL,  &sDefault.include,     NULL,   0},
@@ -342,6 +342,7 @@ FN_LOCAL_STRING(lp_hosts_allow, hosts_allow)
 FN_LOCAL_STRING(lp_hosts_deny, hosts_deny)
 FN_LOCAL_STRING(lp_auth_users, auth_users)
 FN_LOCAL_STRING(lp_secrets_file, secrets_file)
+FN_LOCAL_BOOL(lp_strict_modes, strict_modes)
 FN_LOCAL_STRING(lp_exclude, exclude)
 FN_LOCAL_STRING(lp_exclude_from, exclude_from)
 FN_LOCAL_STRING(lp_include, include)