From: Wayne Davison Date: Sun, 9 Sep 2007 07:53:15 +0000 (+0000) Subject: - If the user specifies a source arg with a hostspec in it in a local- X-Git-Url: https://mattmccutchen.net/rsync/rsync.git/commitdiff_plain/f7e5068d94b5de8f568cb835654dc83a31695ddf - If the user specifies a source arg with a hostspec in it in a local- source transer, complain and exit. This can help to find option problems were an arg to an option turns into a local-source arg, and the real remote-source arg will now get rejected rather than attempting to find a file with a colon in its name. - We now support the ability to specify more than one remote arg using the ":FILENAME" idiom for additional remote filenames. - If the --protect-args (-s) option was specified, we send just the "--server -s" options to the remote rsync when it is starting, and then the real args are sent over the socket. --- diff --git a/main.c b/main.c index e9675f96..efcd0603 100644 --- a/main.c +++ b/main.c @@ -49,6 +49,7 @@ extern int preserve_hard_links; extern int protocol_version; extern int file_total; extern int recurse; +extern int protect_args; extern int relative_paths; extern int sanitize_paths; extern int curr_dir_depth; @@ -318,8 +319,8 @@ static void show_malloc_stats(void) /* Start the remote shell. cmd may be NULL to use the default. */ -static pid_t do_cmd(char *cmd, char *machine, char *user, char *path, - int *f_in, int *f_out) +static pid_t do_cmd(char *cmd, char *machine, char *user, char **remote_argv, int remote_argc, + int *f_in_p, int *f_out_p) { int i, argc = 0; char *args[MAX_ARGS]; @@ -342,10 +343,8 @@ static pid_t do_cmd(char *cmd, char *machine, char *user, char *path, if (*f == ' ') continue; /* Comparison leaves rooms for server_options(). */ - if (argc >= MAX_ARGS - MAX_SERVER_ARGS) { - rprintf(FERROR, "internal: args[] overflowed in do_cmd()\n"); - exit_cleanup(RERR_SYNTAX); - } + if (argc >= MAX_ARGS - MAX_SERVER_ARGS) + goto arg_overflow; args[argc++] = t; while (*f != ' ' || in_quote) { if (!*f) { @@ -409,16 +408,23 @@ static pid_t do_cmd(char *cmd, char *machine, char *user, char *path, server_options(args,&argc); - if (argc >= MAX_ARGS - 2) { - rprintf(FERROR, "internal: args[] overflowed in do_cmd()\n"); - exit_cleanup(RERR_SYNTAX); - } + if (argc >= MAX_ARGS - 2) + goto arg_overflow; } args[argc++] = "."; - if (!daemon_over_rsh && path && *path) - args[argc++] = path; + if (!daemon_over_rsh) { + while (remote_argc > 0) { + if (argc >= MAX_ARGS - 1) { + arg_overflow: + rprintf(FERROR, "internal: args[] overflowed in do_cmd()\n"); + exit_cleanup(RERR_SYNTAX); + } + args[argc++] = *remote_argv++; + remote_argc--; + } + } args[argc] = NULL; @@ -435,17 +441,35 @@ static pid_t do_cmd(char *cmd, char *machine, char *user, char *path, exit_cleanup(RERR_IPC); } batch_gen_fd = from_gen_pipe[0]; - *f_out = from_gen_pipe[1]; - *f_in = batch_fd; + *f_out_p = from_gen_pipe[1]; + *f_in_p = batch_fd; ret = -1; /* no child pid */ } else if (local_server) { /* If the user didn't request --[no-]whole-file, force * it on, but only if we're not batch processing. */ if (whole_file < 0 && !write_batch) whole_file = 1; - ret = local_child(argc, args, f_in, f_out, child_main); - } else - ret = piped_child(args,f_in,f_out); + ret = local_child(argc, args, f_in_p, f_out_p, child_main); + } else { + if (protect_args) { + char *save_opts1, *save_opts2; + for (i = 0; strcmp(args[i], "--server") != 0; i++) {} + save_opts1 = args[i+1]; + save_opts2 = args[i+2]; + args[i+1] = "-s"; + args[i+2] = NULL; + ret = piped_child(args, f_in_p, f_out_p); + args[i] = args[i-1]; /* move command name over --server */ + args[i+1] = save_opts1; + args[i+2] = save_opts2; + while (args[i]) { + write_sbuf(*f_out_p, args[i++]); + write_byte(*f_out_p, 0); + } + write_byte(*f_out_p, 0); + } else + ret = piped_child(args, f_in_p, f_out_p); + } if (dir) free(dir); @@ -1061,32 +1085,37 @@ static int copy_argv(char *argv[]) **/ static int start_client(int argc, char *argv[]) { - char *p; - char *shell_machine = NULL; - char *shell_path = NULL; - char *shell_user = NULL; + char *p, *shell_machine = NULL, *shell_user = NULL; + char **remote_argv; + int remote_argc; + int f_in, f_out; int ret; pid_t pid; - int f_in,f_out; - int rc; /* Don't clobber argv[] so that ps(1) can still show the right * command line. */ - if ((rc = copy_argv(argv))) - return rc; + if ((ret = copy_argv(argv)) != 0) + return ret; if (!read_batch) { /* for read_batch, NO source is specified */ - shell_path = check_for_hostspec(argv[0], &shell_machine, &rsync_port); - if (shell_path) { /* source is remote */ + char *path = check_for_hostspec(argv[0], &shell_machine, &rsync_port); + if (path) { /* source is remote */ char *dummy1; int dummy2; - if (--argc - && check_for_hostspec(argv[argc], &dummy1, &dummy2)) { + *argv = path; + remote_argv = argv; + remote_argc = argc; + argv += argc - 1; + if (argc == 1 || **argv == ':') + argc = 0; /* no dest arg */ + else if (check_for_hostspec(*argv, &dummy1, &dummy2)) { rprintf(FERROR, "The source and destination cannot both be remote.\n"); exit_cleanup(RERR_SYNTAX); + } else { + remote_argc--; /* don't count dest */ + argc = 1; } - argv++; if (filesfrom_host && *filesfrom_host && strcmp(filesfrom_host, shell_machine) != 0) { rprintf(FERROR, @@ -1099,21 +1128,25 @@ static int start_client(int argc, char *argv[]) } else { /* source is local, check dest arg */ am_sender = 1; - if (argc > 1) + if (argc > 1) { p = argv[--argc]; - else { - p = "."; + remote_argv = argv + argc; + } else { + static char *dotarg[1] = { "." }; + p = dotarg[0]; + remote_argv = dotarg; list_only = 1; } + remote_argc = 1; - shell_path = check_for_hostspec(p, &shell_machine, &rsync_port); - if (shell_path && filesfrom_host && *filesfrom_host + path = check_for_hostspec(p, &shell_machine, &rsync_port); + if (path && filesfrom_host && *filesfrom_host && strcmp(filesfrom_host, shell_machine) != 0) { rprintf(FERROR, "--files-from hostname is not the same as the transfer hostname\n"); exit_cleanup(RERR_SYNTAX); } - if (!shell_path) { /* no hostspec found, so src & dest are local */ + if (!path) { /* no hostspec found, so src & dest are local */ local_server = 1; if (filesfrom_host) { rprintf(FERROR, @@ -1121,27 +1154,50 @@ static int start_client(int argc, char *argv[]) exit_cleanup(RERR_SYNTAX); } shell_machine = NULL; - shell_path = p; - } else if (rsync_port) - daemon_over_rsh = shell_cmd ? 1 : -1; + } else { /* hostspec was found, so dest is remote */ + argv[argc] = path; + if (rsync_port) + daemon_over_rsh = shell_cmd ? 1 : -1; + } } } else { /* read_batch */ local_server = 1; - shell_path = argv[argc-1]; - if (check_for_hostspec(shell_path, &shell_machine, &rsync_port)) { + if (check_for_hostspec(argv[argc-1], &shell_machine, &rsync_port)) { rprintf(FERROR, "remote destination is not allowed with --read-batch\n"); exit_cleanup(RERR_SYNTAX); } + remote_argv = argv + argc - 1; + remote_argc = 1; } - /* for remote source, only single dest arg can remain ... */ - if (!am_sender && argc > 1) { - usage(FERROR); - exit_cleanup(RERR_SYNTAX); + if (am_sender) { + char *dummy1; + int dummy2; + int i; + /* For local source, extra source args must not have hostspec. */ + for (i = 1; i < argc; i++) { + if (check_for_hostspec(argv[i], &dummy1, &dummy2)) { + rprintf(FERROR, "Unexpected remote arg: %s\n", argv[i]); + exit_cleanup(RERR_SYNTAX); + } + } + } else { + int i; + /* For remote source, any extra source args must be ":SOURCE" args. */ + for (i = 1; i < remote_argc; i++) { + if (*remote_argv[i] != ':') { + rprintf(FERROR, "Unexpected local arg: %s\n", remote_argv[i]); + rprintf(FERROR, "If arg is a remote file/dir, prefix it with a colon (:).\n"); + exit_cleanup(RERR_SYNTAX); + } + remote_argv[i]++; + } + if (argc == 0) + list_only |= 1; } if (daemon_over_rsh < 0) - return start_socket_client(shell_machine, shell_path, argc, argv); + return start_socket_client(shell_machine, remote_argc, remote_argv, argc, argv); if (password_file && !daemon_over_rsh) { rprintf(FERROR, "The --password-file option may only be " @@ -1160,25 +1216,18 @@ static int start_client(int argc, char *argv[]) if (verbose > 3) { rprintf(FINFO,"cmd=%s machine=%s user=%s path=%s\n", - shell_cmd ? shell_cmd : "", - shell_machine ? shell_machine : "", - shell_user ? shell_user : "", - shell_path ? shell_path : ""); + NS(shell_cmd), NS(shell_machine), NS(shell_user), + remote_argv ? NS(remote_argv[0]) : ""); } - /* ... or no dest at all */ - if (!am_sender && argc == 0) - list_only |= 1; - - pid = do_cmd(shell_cmd,shell_machine,shell_user,shell_path, - &f_in,&f_out); + pid = do_cmd(shell_cmd, shell_machine, shell_user, remote_argv, remote_argc, + &f_in, &f_out); /* if we're running an rsync server on the remote host over a * remote shell command, we need to do the RSYNCD protocol first */ if (daemon_over_rsh) { int tmpret; - tmpret = start_inband_exchange(shell_user, shell_path, - f_in, f_out, argc); + tmpret = start_inband_exchange(f_in, f_out, shell_user, remote_argc, remote_argv); if (tmpret < 0) return tmpret; } @@ -1383,6 +1432,16 @@ int main(int argc,char *argv[]) if (am_daemon && !am_server) return daemon_main(); + if (am_server && protect_args) { + char buf[MAXPATHLEN]; + protect_args = 0; + read_args(STDIN_FILENO, NULL, buf, sizeof buf, 1, &argv, &argc, NULL); + if (!parse_arguments(&argc, (const char ***) &argv, 1)) { + option_error(); + exit_cleanup(RERR_SYNTAX); + } + } + if (argc < 1) { usage(FERROR); exit_cleanup(RERR_SYNTAX);