X-Git-Url: https://mattmccutchen.net/rsync/rsync.git/blobdiff_plain/eecd22ff7b041c6dc3cd5ff517aef64d2b69607c..e3bdb76326a4a06023bc1f24e5e0dd271df87825:/clientserver.c diff --git a/clientserver.c b/clientserver.c index 7dd72e9b..50203350 100644 --- a/clientserver.c +++ b/clientserver.c @@ -42,10 +42,11 @@ int start_socket_client(char *host, char *path, int argc, char *argv[]) char *p, *user=NULL; extern int remote_version; extern int am_sender; - extern struct in_addr socket_address; extern char *shell_cmd; extern int kludge_around_eof; - + extern char *bind_address; + extern int default_af_hint; + if (argc == 0 && !am_sender) { extern int list_only; list_only = 1; @@ -78,7 +79,12 @@ int start_socket_client(char *host, char *path, int argc, char *argv[]) if (!user) user = getenv("USER"); if (!user) user = getenv("LOGNAME"); - fd = open_socket_out_wrapped (host, rsync_port, &socket_address); + if (verbose >= 2) { + rprintf(FINFO, "opening tcp connection to %s port %d\n", + host, rsync_port); + } + fd = open_socket_out_wrapped (host, rsync_port, bind_address, + default_af_hint); if (fd == -1) { exit_cleanup(RERR_SOCKETIO); } @@ -125,7 +131,10 @@ int start_socket_client(char *host, char *path, int argc, char *argv[]) if (strcmp(line,"@RSYNCD: EXIT") == 0) exit(0); - rprintf(FINFO,"%s\n", line); + if (strncmp(line, "@ERROR", 6) == 0) + rprintf(FERROR,"%s\n", line); + else + rprintf(FINFO,"%s\n", line); } kludge_around_eof = False; @@ -166,9 +175,9 @@ static int rsync_module(int fd, int i) if (!allow_access(addr, host, lp_hosts_allow(i), lp_hosts_deny(i))) { rprintf(FERROR,"rsync denied on module %s from %s (%s)\n", - name, client_name(fd), client_addr(fd)); + name, host, addr); io_printf(fd,"@ERROR: access denied to %s from %s (%s)\n", - name, client_name(fd), client_addr(fd)); + name, host, addr); return -1; } @@ -244,6 +253,18 @@ static int rsync_module(int fd, int i) log_init(); if (use_chroot) { + /* + * XXX: The 'use chroot' flag is a fairly reliable + * source of confusion, because it fails under two + * important circumstances: running as non-root, + * running on Win32 (or possibly others). On the + * other hand, if you are running as root, then it + * might be better to always use chroot. + * + * So, perhaps if we can't chroot we should just issue + * a warning, unless a "require chroot" flag is set, + * in which case we fail. + */ if (chroot(lp_path(i))) { rsyserr(FERROR, errno, "chroot %s failed", lp_path(i)); io_printf(fd,"@ERROR: chroot failed\n"); @@ -266,6 +287,26 @@ static int rsync_module(int fd, int i) } if (am_root) { +#ifdef HAVE_SETGROUPS + /* Get rid of any supplementary groups this process + * might have inheristed. */ + if (setgroups(0, NULL)) { + rsyserr(FERROR, errno, "setgroups failed"); + io_printf(fd, "@ERROR: setgroups failed\n"); + return -1; + } +#endif + + /* XXXX: You could argue that if the daemon is started + * by a non-root user and they explicitly specify a + * gid, then we should try to change to that gid -- + * this could be possible if it's already in their + * supplementary groups. */ + + /* TODO: Perhaps we need to document that if rsyncd is + * started by somebody other than root it will inherit + * all their supplementary groups. */ + if (setgid(gid)) { rsyserr(FERROR, errno, "setgid %d failed", (int) gid); io_printf(fd,"@ERROR: setgid failed\n"); @@ -473,6 +514,7 @@ int daemon_main(void) extern char *config_file; extern int orig_umask; char *pid_file; + extern int no_detach; if (is_a_socket(STDIN_FILENO)) { int i; @@ -488,7 +530,8 @@ int daemon_main(void) return start_daemon(STDIN_FILENO); } - become_daemon(); + if (!no_detach) + become_daemon(); if (!lp_load(config_file, 1)) { exit_cleanup(RERR_SYNTAX); @@ -496,10 +539,12 @@ int daemon_main(void) log_init(); - rprintf(FINFO, "rsyncd version %s starting, listening on port %d\n", VERSION, + rprintf(FINFO, "rsyncd version %s starting, listening on port %d\n", + RSYNC_VERSION, rsync_port); /* TODO: If listening on a particular address, then show that - * address too. */ + * address too. In fact, why not just do inet_ntop on the + * local address??? */ if (((pid_file = lp_pid_file()) != NULL) && (*pid_file != '\0')) { char pidbuf[16];