return 1;
}
+static char *getpassf(char *filename)
+{
+ char buffer[100];
+ int len=0;
+ int fd=0;
+ STRUCT_STAT st;
+ int ok = 1;
+ extern int am_root;
+ char *envpw=getenv("RSYNC_PASSWORD");
+
+ if (!filename) return NULL;
+
+ if ( (fd=open(filename,O_RDONLY)) == -1) {
+ rprintf(FERROR,"could not open password file \"%s\"\n",filename);
+ if (envpw) rprintf(FERROR,"falling back to RSYNC_PASSWORD environment variable.\n");
+ return NULL;
+ }
+
+ if (do_stat(filename, &st) == -1) {
+ rprintf(FERROR,"stat(%s) : %s\n", filename, strerror(errno));
+ ok = 0;
+ } else if ((st.st_mode & 06) != 0) {
+ rprintf(FERROR,"password file must not be other-accessible\n");
+ ok = 0;
+ } else if (am_root && (st.st_uid != 0)) {
+ rprintf(FERROR,"password file must be owned by root when running as root\n");
+ ok = 0;
+ }
+ if (!ok) {
+ rprintf(FERROR,"continuing without password file\n");
+ if (envpw) rprintf(FERROR,"using RSYNC_PASSWORD environment variable.\n");
+ close(fd);
+ return NULL;
+ }
+
+ if (envpw) rprintf(FERROR,"RSYNC_PASSWORD environment variable ignored\n");
+
+ buffer[sizeof(buffer)-1]='\0';
+ if ( (len=read(fd,buffer,sizeof(buffer)-1)) > 0)
+ {
+ close(fd);
+ return strdup(strtok(buffer,"\n\r"));
+ }
+
+ return NULL;
+}
+
/* generate a 16 byte hash from a password and challenge */
static void generate_hash(char *in, char *challenge, char *out)
{
{
char *pass;
char pass2[30];
+ extern char *password_file;
if (!user || !*user) return;
- if (!(pass=getenv("RSYNC_PASSWORD"))) {
+ if (!(pass=getpassf(password_file)) && !(pass=getenv("RSYNC_PASSWORD"))) {
pass = getpass("Password: ");
}
}
generate_hash(pass, challenge, pass2);
-
io_printf(fd, "%s %s\n", user, pass2);
}
+
int do_progress=0;
int keep_partial=0;
int safe_symlinks=0;
-
int block_size=BLOCK_SIZE;
char *backup_suffix = BACKUP_SUFFIX;
char *config_file = RSYNCD_CONF;
char *shell_cmd = NULL;
char *log_format = NULL;
-
+char *password_file = NULL;
char *rsync_path = RSYNC_NAME;
int rsync_port = RSYNC_PORT;
rprintf(F," --stats give some file transfer stats\n");
rprintf(F," --progress show progress during transfer\n");
rprintf(F," --log-format=FORMAT log file transfers using specified format\n");
+ rprintf(F," --password-file=FILE get password from FILE\n");
rprintf(F," -h, --help show this help screen\n");
rprintf(F,"\n");
OPT_EXCLUDE_FROM,OPT_DELETE,OPT_NUMERIC_IDS,OPT_RSYNC_PATH,
OPT_FORCE,OPT_TIMEOUT,OPT_DAEMON,OPT_CONFIG,OPT_PORT,
OPT_INCLUDE, OPT_INCLUDE_FROM, OPT_STATS, OPT_PARTIAL, OPT_PROGRESS,
- OPT_SAFE_LINKS, OPT_COMPARE_DEST, OPT_LOG_FORMAT};
+ OPT_SAFE_LINKS, OPT_COMPARE_DEST, OPT_LOG_FORMAT,OPT_PASSWORD_FILE};
static char *short_options = "oblLWHpguDCtcahvrRIxnSe:B:T:z";
{"include", 1, 0, OPT_INCLUDE},
{"include-from",1, 0, OPT_INCLUDE_FROM},
{"rsync-path", 1, 0, OPT_RSYNC_PATH},
+ {"password-file", 1, 0, OPT_PASSWORD_FILE},
{"one-file-system",0, 0, 'x'},
{"ignore-times",0, 0, 'I'},
{"help", 0, 0, 'h'},
case OPT_RSYNC_PATH:
rsync_path = optarg;
break;
-
+
+ case OPT_PASSWORD_FILE:
+ password_file =optarg;
+ break;
case 'I':
ignore_times = 1;
break;
Some paths on the remote server may require authentication. If so then
you will receive a password prompt when you connect. You can avoid the
password prompt by setting the environment variable RSYNC_PASSWORD to
-the password you want to use. This may be useful when scripting rsync.
+the password you want to use or using the --password-file option. This
+may be useful when scripting rsync.
WARNING: On some systems environment variables are visible to all
-users.
+users. On those systems using --password-file is recommended.
manpagesection(RUNNING AN RSYNC SERVER)
--port=PORT specify alternate rsyncd port number
--stats give some file transfer stats
--progress show progress during transfer
+ --password-file=FILE get password from FILE
--log-format=FORMAT log file transfers using specified format
-h, --help show this help screen
)
showing the progress of the transfer. This gives a bored user
something to watch.
+dit(bf(--password-file)) This option allows you to provide a password
+in a file for accessing a remote rsync server. Note that this option
+is only useful when accessing a rsync server using the built in
+transport, not when using a remote shell as the transport. The file
+must not be world readable.
+
enddit()
manpagesection(EXCLUDE PATTERNS)
Matt McCutchen's Web Site / rsync / rsync.git / commitdiff