-/* -*- c-file-style: "linux" -*-
-
- Copyright (C) 1996-2001 by Andrew Tridgell <tridge@samba.org>
- Copyright (C) Paul Mackerras 1996
- Copyright (C) 2001, 2002 by Martin Pool <mbp@samba.org>
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
+/*
+ * The startup routines, including main(), for rsync.
+ *
+ * Copyright (C) 1996-2001 Andrew Tridgell <tridge@samba.org>
+ * Copyright (C) 1996 Paul Mackerras
+ * Copyright (C) 2001, 2002 Martin Pool <mbp@samba.org>
+ * Copyright (C) 2003, 2004, 2005, 2006 Wayne Davison
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
+ */
#include "rsync.h"
#if defined CONFIG_LOCALE && defined HAVE_LOCALE_H
extern int do_stats;
extern int log_got_error;
extern int module_id;
-extern int orig_umask;
extern int copy_links;
+extern int copy_dirlinks;
extern int keep_dirlinks;
extern int preserve_hard_links;
extern int protocol_version;
extern int recurse;
extern int relative_paths;
+extern int sanitize_paths;
+extern int curr_dir_depth;
+extern int module_id;
extern int rsync_port;
extern int whole_file;
extern int read_batch;
extern pid_t cleanup_child_pid;
extern struct stats stats;
extern char *filesfrom_host;
+extern char *partial_dir;
+extern char *basis_dir[];
extern char *rsync_path;
extern char *shell_cmd;
extern char *batch_name;
+extern struct filter_list_struct server_filter_list;
int local_server = 0;
+mode_t orig_umask = 0;
struct file_list *the_file_list;
/* There's probably never more than at most 2 outstanding child processes,
static void show_malloc_stats(void);
/* Works like waitpid(), but if we already harvested the child pid in our
- * sigchld_handler(), we succeed instead of returning an error. */
+ * remember_children(), we succeed instead of returning an error. */
pid_t wait_process(pid_t pid, int *status_ptr, int flags)
{
pid_t waited_pid = waitpid(pid, status_ptr, flags);
if (waited_pid == -1 && errno == ECHILD) {
/* Status of requested child no longer available: check to
- * see if it was processed by sigchld_handler(). */
+ * see if it was processed by remember_children(). */
int cnt;
for (cnt = 0; cnt < MAXCHILDPROCS; cnt++) {
if (pid == pid_stat_table[cnt].pid) {
/* this is the client */
if (f < 0 && !am_sender) /* e.g. when we got an empty file list. */
- ;
+ ;
else if (!am_sender) {
/* Read the first two in opposite order because the meaning of
* read/write swaps when switching from sender to receiver. */
/* The receiving side operates in one of two modes:
*
- * 1. it enters a directory and receives one or more files, placing them
- * according to their names in the file-list.
+ * 1. it receives any number of files into a destination directory,
+ * placing them according to their names in the file-list.
*
* 2. it receives a single file and saves it using the name in the
* destination path instead of its file-list name. This requires a
flist->count, NS(dest_path));
}
- if (!dest_path)
+ if (!dest_path || list_only)
return NULL;
/* If the destination path refers to an existing directory, enter
* it and use mode 1. If there is something other than a directory
* at the destination path, we must be transferring one file
* (anything at the destination will be overwritten). */
- if (do_stat(dest_path, &st) == 0) {
+ if (safe_stat(dest_path, &st) == 0) {
if (S_ISDIR(st.st_mode)) {
+ if (sanitize_paths)
+ die_on_unsafe_path(dest_path, 0);
if (!push_dir(dest_path)) {
rsyserr(FERROR, errno, "push_dir#1 %s failed",
full_fname(dest_path));
}
return NULL;
}
+ if (sanitize_paths && S_ISLNK(st.st_mode))
+ die_on_unsafe_path(dest_path, 0);
if (flist->count > 1) {
rprintf(FERROR,
"ERROR: destination must be a directory when"
" copying more than 1 file\n");
exit_cleanup(RERR_FILESELECT);
}
+ /* Caution: flist->count could be 0! */
+ if (flist->count == 1 && S_ISDIR(flist->files[0]->mode)) {
+ rprintf(FERROR,
+ "ERROR: cannot overwrite non-directory"
+ " with a directory\n");
+ exit_cleanup(RERR_FILESELECT);
+ }
+ } else if (errno != ENOENT) {
+ rsyserr(FERROR, errno, "cannot stat destination %s",
+ full_fname(dest_path));
+ exit_cleanup(RERR_FILESELECT);
}
cp = strrchr(dest_path, '/');
if (cp && !cp[1])
*cp = '\0';
- umask(orig_umask);
- if (do_mkdir(dest_path, 0777) != 0) {
+ if (mkdir_defmode(dest_path) != 0) {
rsyserr(FERROR, errno, "mkdir %s failed",
full_fname(dest_path));
exit_cleanup(RERR_FILEIO);
}
- umask(0);
if (verbose)
rprintf(FINFO, "created directory %s\n", dest_path);
return NULL;
}
+ if (sanitize_paths)
+ die_on_unsafe_path(dest_path, 0);
if (!push_dir(dest_path)) {
rsyserr(FERROR, errno, "push_dir#2 %s failed",
full_fname(dest_path));
dest_path = "/";
*cp = '\0';
+ if (sanitize_paths)
+ die_on_unsafe_path(dest_path, 0);
if (!push_dir(dest_path)) {
rsyserr(FERROR, errno, "push_dir#3 %s failed",
full_fname(dest_path));
return;
}
- if (!relative_paths && !push_dir(dir)) {
- rsyserr(FERROR, errno, "push_dir#3 %s failed",
- full_fname(dir));
- exit_cleanup(RERR_FILESELECT);
+ if (!relative_paths) {
+ if (sanitize_paths)
+ die_on_unsafe_path(dir, 0);
+ if (!push_dir(dir)) {
+ rsyserr(FERROR, errno, "push_dir#3 %s failed",
+ full_fname(dir));
+ exit_cleanup(RERR_FILESELECT);
+ }
}
argc--;
argv++;
/* The receiving side mustn't obey this, or an existing symlink that
* points to an identical file won't be replaced by the referent. */
- copy_links = 0;
+ copy_links = copy_dirlinks = 0;
if (preserve_hard_links)
init_hard_links();
if (argc > 0)
local_name = get_local_name(flist,argv[0]);
+ /* Now that we know what our destination directory turned out to be,
+ * we can sanitize the --link-/copy-/compare-dest args correctly. */
+ if (sanitize_paths) {
+ char **dir;
+ for (dir = basis_dir; *dir; dir++) {
+ *dir = sanitize_path(NULL, *dir, NULL, curr_dir_depth, NULL);
+ die_on_unsafe_path(*dir, 0);
+ }
+ if (partial_dir) {
+ partial_dir = sanitize_path(NULL, partial_dir, NULL, curr_dir_depth, NULL);
+ /* A relative path gets this checked at every dir change. */
+ if (*partial_dir == '/')
+ die_on_unsafe_path(partial_dir, 0);
+ }
+ }
+ if (server_filter_list.head) {
+ char **dir;
+ struct filter_list_struct *elp = &server_filter_list;
+
+ for (dir = basis_dir; *dir; dir++) {
+ if (check_filter(elp, *dir, 1) < 0)
+ goto options_rejected;
+ }
+ if (partial_dir && *partial_dir == '/'
+ && check_filter(elp, partial_dir, 1) < 0) {
+ options_rejected:
+ rprintf(FERROR,
+ "Your options have been rejected by the server.\n");
+ exit_cleanup(RERR_SYNTAX);
+ }
+ }
+
exit_code = do_recv(f_in,f_out,flist,local_name);
exit_cleanup(exit_code);
}
io_set_sock_fds(f_in, f_out);
setup_protocol(f_out, f_in);
+#if defined HAVE_ICONV_OPEN && defined HAVE_ICONV_H
+ setup_iconv();
+#endif
if (protocol_version >= 23)
io_start_multiplex_out();
io_set_sock_fds(f_in, f_out);
setup_protocol(f_out,f_in);
+#if defined HAVE_ICONV_OPEN && defined HAVE_ICONV_H
+ setup_iconv();
+#endif
if (protocol_version >= 23 && !read_batch)
io_start_multiplex_in();
return rc;
if (!read_batch) { /* for read_batch, NO source is specified */
- argc--;
shell_path = check_for_hostspec(argv[0], &shell_machine, &rsync_port);
if (shell_path) { /* source is remote */
char *dummy1;
int dummy2;
- if (argc && check_for_hostspec(argv[argc], &dummy1, &dummy2)) {
+ if (--argc
+ && check_for_hostspec(argv[argc], &dummy1, &dummy2)) {
rprintf(FERROR,
"The source and destination cannot both be remote.\n");
exit_cleanup(RERR_SYNTAX);
} else { /* source is local, check dest arg */
am_sender = 1;
- if (argc < 1) { /* destination required */
- usage(FERROR);
- exit_cleanup(RERR_SYNTAX);
+ if (argc > 1)
+ p = argv[--argc];
+ else {
+ p = ".";
+ list_only = 1;
}
- shell_path = check_for_hostspec(argv[argc], &shell_machine, &rsync_port);
+ shell_path = check_for_hostspec(p, &shell_machine, &rsync_port);
if (shell_path && filesfrom_host && *filesfrom_host
&& strcmp(filesfrom_host, shell_machine) != 0) {
rprintf(FERROR,
exit_cleanup(RERR_SYNTAX);
}
shell_machine = NULL;
- shell_path = argv[argc];
+ shell_path = p;
} else if (rsync_port) {
if (!shell_cmd) {
return start_socket_client(shell_machine,
_exit(0);
}
-static RETSIGTYPE sigchld_handler(UNUSED(int val))
+RETSIGTYPE remember_children(UNUSED(int val))
{
#ifdef WNOHANG
int cnt, status;
}
#endif
#ifndef HAVE_SIGACTION
- signal(SIGCHLD, sigchld_handler);
+ signal(SIGCHLD, remember_children);
#endif
}
#endif
SIGACTMASK(SIGUSR1, sigusr1_handler);
SIGACTMASK(SIGUSR2, sigusr2_handler);
- SIGACTMASK(SIGCHLD, sigchld_handler);
+ SIGACTMASK(SIGCHLD, remember_children);
#ifdef MAINTAINER_MODE
SIGACTMASK(SIGSEGV, rsync_panic_handler);
SIGACTMASK(SIGFPE, rsync_panic_handler);
/* we set a 0 umask so that correct file permissions can be
* carried across */
- orig_umask = (int)umask(0);
+ orig_umask = umask(0);
#if defined CONFIG_LOCALE && defined HAVE_SETLOCALE
setlocale(LC_CTYPE, "");
/* Ignore SIGPIPE; we consistently check error codes and will
* see the EPIPE. */
SIGACTION(SIGPIPE, SIG_IGN);
+#ifdef SIGXFSZ
+ SIGACTION(SIGXFSZ, SIG_IGN);
+#endif
/* Initialize push_dir here because on some old systems getcwd
* (implemented by forking "pwd" and reading its output) doesn't
Matt McCutchen's Web Site / rsync / rsync.git / blobdiff