From 65575e9670fb77ececc8255d572d08d7b10bb049 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 1999 10:32:56 +0000 Subject: [PATCH] added --password-file patch from Alex Schlessinger (yes, I know I'm not supposed to be doing rsync work at the moment! only four weeks to go ...) --- authenticate.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++-- options.c | 12 ++++++++---- rsync.yo | 12 ++++++++++-- 3 files changed, 68 insertions(+), 8 deletions(-) diff --git a/authenticate.c b/authenticate.c index ba83a899..896366aa 100644 --- a/authenticate.c +++ b/authenticate.c @@ -130,6 +130,53 @@ static int get_secret(int module, char *user, char *secret, int len) return 1; } +static char *getpassf(char *filename) +{ + char buffer[100]; + int len=0; + int fd=0; + STRUCT_STAT st; + int ok = 1; + extern int am_root; + char *envpw=getenv("RSYNC_PASSWORD"); + + if (!filename) return NULL; + + if ( (fd=open(filename,O_RDONLY)) == -1) { + rprintf(FERROR,"could not open password file \"%s\"\n",filename); + if (envpw) rprintf(FERROR,"falling back to RSYNC_PASSWORD environment variable.\n"); + return NULL; + } + + if (do_stat(filename, &st) == -1) { + rprintf(FERROR,"stat(%s) : %s\n", filename, strerror(errno)); + ok = 0; + } else if ((st.st_mode & 06) != 0) { + rprintf(FERROR,"password file must not be other-accessible\n"); + ok = 0; + } else if (am_root && (st.st_uid != 0)) { + rprintf(FERROR,"password file must be owned by root when running as root\n"); + ok = 0; + } + if (!ok) { + rprintf(FERROR,"continuing without password file\n"); + if (envpw) rprintf(FERROR,"using RSYNC_PASSWORD environment variable.\n"); + close(fd); + return NULL; + } + + if (envpw) rprintf(FERROR,"RSYNC_PASSWORD environment variable ignored\n"); + + buffer[sizeof(buffer)-1]='\0'; + if ( (len=read(fd,buffer,sizeof(buffer)-1)) > 0) + { + close(fd); + return strdup(strtok(buffer,"\n\r")); + } + + return NULL; +} + /* generate a 16 byte hash from a password and challenge */ static void generate_hash(char *in, char *challenge, char *out) { @@ -216,10 +263,11 @@ void auth_client(int fd, char *user, char *challenge) { char *pass; char pass2[30]; + extern char *password_file; if (!user || !*user) return; - if (!(pass=getenv("RSYNC_PASSWORD"))) { + if (!(pass=getpassf(password_file)) && !(pass=getenv("RSYNC_PASSWORD"))) { pass = getpass("Password: "); } @@ -228,7 +276,7 @@ void auth_client(int fd, char *user, char *challenge) } generate_hash(pass, challenge, pass2); - io_printf(fd, "%s %s\n", user, pass2); } + diff --git a/options.c b/options.c index ca1b0187..19ff7ef5 100644 --- a/options.c +++ b/options.c @@ -59,7 +59,6 @@ int do_stats=0; int do_progress=0; int keep_partial=0; int safe_symlinks=0; - int block_size=BLOCK_SIZE; char *backup_suffix = BACKUP_SUFFIX; @@ -68,7 +67,7 @@ char *compare_dest = NULL; char *config_file = RSYNCD_CONF; char *shell_cmd = NULL; char *log_format = NULL; - +char *password_file = NULL; char *rsync_path = RSYNC_NAME; int rsync_port = RSYNC_PORT; @@ -135,6 +134,7 @@ void usage(int F) rprintf(F," --stats give some file transfer stats\n"); rprintf(F," --progress show progress during transfer\n"); rprintf(F," --log-format=FORMAT log file transfers using specified format\n"); + rprintf(F," --password-file=FILE get password from FILE\n"); rprintf(F," -h, --help show this help screen\n"); rprintf(F,"\n"); @@ -149,7 +149,7 @@ enum {OPT_VERSION,OPT_SUFFIX,OPT_SENDER,OPT_SERVER,OPT_EXCLUDE, OPT_EXCLUDE_FROM,OPT_DELETE,OPT_NUMERIC_IDS,OPT_RSYNC_PATH, OPT_FORCE,OPT_TIMEOUT,OPT_DAEMON,OPT_CONFIG,OPT_PORT, OPT_INCLUDE, OPT_INCLUDE_FROM, OPT_STATS, OPT_PARTIAL, OPT_PROGRESS, - OPT_SAFE_LINKS, OPT_COMPARE_DEST, OPT_LOG_FORMAT}; + OPT_SAFE_LINKS, OPT_COMPARE_DEST, OPT_LOG_FORMAT,OPT_PASSWORD_FILE}; static char *short_options = "oblLWHpguDCtcahvrRIxnSe:B:T:z"; @@ -165,6 +165,7 @@ static struct option long_options[] = { {"include", 1, 0, OPT_INCLUDE}, {"include-from",1, 0, OPT_INCLUDE_FROM}, {"rsync-path", 1, 0, OPT_RSYNC_PATH}, + {"password-file", 1, 0, OPT_PASSWORD_FILE}, {"one-file-system",0, 0, 'x'}, {"ignore-times",0, 0, 'I'}, {"help", 0, 0, 'h'}, @@ -276,7 +277,10 @@ int parse_arguments(int argc, char *argv[]) case OPT_RSYNC_PATH: rsync_path = optarg; break; - + + case OPT_PASSWORD_FILE: + password_file =optarg; + break; case 'I': ignore_times = 1; break; diff --git a/rsync.yo b/rsync.yo index 1de12e4e..80ac10b0 100644 --- a/rsync.yo +++ b/rsync.yo @@ -159,10 +159,11 @@ itemize( Some paths on the remote server may require authentication. If so then you will receive a password prompt when you connect. You can avoid the password prompt by setting the environment variable RSYNC_PASSWORD to -the password you want to use. This may be useful when scripting rsync. +the password you want to use or using the --password-file option. This +may be useful when scripting rsync. WARNING: On some systems environment variables are visible to all -users. +users. On those systems using --password-file is recommended. manpagesection(RUNNING AN RSYNC SERVER) @@ -262,6 +263,7 @@ Options --port=PORT specify alternate rsyncd port number --stats give some file transfer stats --progress show progress during transfer + --password-file=FILE get password from FILE --log-format=FORMAT log file transfers using specified format -h, --help show this help screen ) @@ -581,6 +583,12 @@ dit(bf(--progress)) This option tells rsync to print information showing the progress of the transfer. This gives a bored user something to watch. +dit(bf(--password-file)) This option allows you to provide a password +in a file for accessing a remote rsync server. Note that this option +is only useful when accessing a rsync server using the built in +transport, not when using a remote shell as the transport. The file +must not be world readable. + enddit() manpagesection(EXCLUDE PATTERNS) -- 2.34.1