X-Git-Url: https://mattmccutchen.net/rsync/rsync.git/blobdiff_plain/44e2e57837bcdce0d12a429c308211763ab030db..1f8413449dc6430e59b7383c25454de72503f007:/clientserver.c diff --git a/clientserver.c b/clientserver.c index b4745682..9e79538e 100644 --- a/clientserver.c +++ b/clientserver.c @@ -34,7 +34,6 @@ int start_socket_client(char *host, char *path, int argc, char *argv[]) char line[MAXPATHLEN]; char *p, *user=NULL; extern int remote_version; - extern int am_client; extern int am_sender; if (*path == '/') { @@ -52,8 +51,6 @@ int start_socket_client(char *host, char *path, int argc, char *argv[]) if (!user) user = getenv("USER"); if (!user) user = getenv("LOGNAME"); - am_client = 1; - fd = open_socket_out(host, rsync_port); if (fd == -1) { exit_cleanup(RERR_SOCKETIO); @@ -138,16 +135,16 @@ static int rsync_module(int fd, int i) return -1; } - if (!claim_connection(lp_lock_file(), lp_max_connections())) { + if (!claim_connection(lp_lock_file(i), lp_max_connections(i))) { if (errno) { rprintf(FERROR,"failed to open lock file %s : %s\n", - lp_lock_file(), strerror(errno)); + lp_lock_file(i), strerror(errno)); io_printf(fd,"@ERROR: failed to open lock file %s : %s\n", - lp_lock_file(), strerror(errno)); + lp_lock_file(i), strerror(errno)); } else { rprintf(FERROR,"max connections (%d) reached\n", - lp_max_connections()); - io_printf(fd,"@ERROR: max connections (%d) reached - try again later\n", lp_max_connections()); + lp_max_connections(i)); + io_printf(fd,"@ERROR: max connections (%d) reached - try again later\n", lp_max_connections(i)); } return -1; } @@ -167,24 +164,28 @@ static int rsync_module(int fd, int i) if (lp_read_only(i)) read_only = 1; - p = lp_uid(i); - if (!name_to_uid(p, &uid)) { - if (!isdigit(*p)) { - rprintf(FERROR,"Invalid uid %s\n", p); - io_printf(fd,"@ERROR: invalid uid\n"); - return -1; - } - uid = atoi(p); - } + am_root = (getuid() == 0); - p = lp_gid(i); - if (!name_to_gid(p, &gid)) { - if (!isdigit(*p)) { - rprintf(FERROR,"Invalid gid %s\n", p); - io_printf(fd,"@ERROR: invalid gid\n"); - return -1; - } - gid = atoi(p); + if (am_root) { + p = lp_uid(i); + if (!name_to_uid(p, &uid)) { + if (!isdigit(*p)) { + rprintf(FERROR,"Invalid uid %s\n", p); + io_printf(fd,"@ERROR: invalid uid\n"); + return -1; + } + uid = atoi(p); + } + + p = lp_gid(i); + if (!name_to_gid(p, &gid)) { + if (!isdigit(*p)) { + rprintf(FERROR,"Invalid gid %s\n", p); + io_printf(fd,"@ERROR: invalid gid\n"); + return -1; + } + gid = atoi(p); + } } p = lp_include_from(i); @@ -208,34 +209,36 @@ static int rsync_module(int fd, int i) return -1; } - if (chdir("/")) { + if (!push_dir("/", 0)) { rprintf(FERROR,"chdir %s failed\n", lp_path(i)); io_printf(fd,"@ERROR: chdir failed\n"); return -1; } - if (setgid(gid) || getgid() != gid) { + } else { + if (!push_dir(lp_path(i), 0)) { + rprintf(FERROR,"chdir %s failed\n", lp_path(i)); + io_printf(fd,"@ERROR: chdir failed\n"); + return -1; + } + } + + if (am_root) { + if (setgid(gid)) { rprintf(FERROR,"setgid %d failed\n", gid); io_printf(fd,"@ERROR: setgid failed\n"); return -1; } - if (setuid(uid) || getuid() != uid) { + if (setuid(uid)) { rprintf(FERROR,"setuid %d failed\n", uid); io_printf(fd,"@ERROR: setuid failed\n"); return -1; } - } else { - if (!push_dir(lp_path(i), 0)) { - rprintf(FERROR,"chdir %s failed\n", lp_path(i)); - io_printf(fd,"@ERROR: chdir failed\n"); - return -1; - } + am_root = (getuid() == 0); } - am_root = (getuid() == 0); - io_printf(fd,"@RSYNCD: OK\n"); argv[argc++] = "rsyncd"; @@ -286,7 +289,7 @@ static int rsync_module(int fd, int i) } } - ret = parse_arguments(argc, argv); + ret = parse_arguments(argc, argv, 0); if (request) { if (*auth_user) { @@ -416,11 +419,6 @@ int daemon_main(void) extern char *config_file; char *pid_file; - /* this ensures that we don't call getcwd after the chroot, - which doesn't work on platforms that use popen("pwd","r") - for getcwd */ - push_dir("/", 0); - if (is_a_socket(STDIN_FILENO)) { int i;