1: /*
2: * The socket based protocol for setting up a connection with rsyncd.
3: *
4: * Copyright (C) 1998-2001 Andrew Tridgell <tridge@samba.org>
5: * Copyright (C) 2001-2002 Martin Pool <mbp@samba.org>
6: * Copyright (C) 2002-2015 Wayne Davison
7: *
8: * This program is free software; you can redistribute it and/or modify
9: * it under the terms of the GNU General Public License as published by
10: * the Free Software Foundation; either version 3 of the License, or
11: * (at your option) any later version.
12: *
13: * This program is distributed in the hope that it will be useful,
14: * but WITHOUT ANY WARRANTY; without even the implied warranty of
15: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16: * GNU General Public License for more details.
17: *
18: * You should have received a copy of the GNU General Public License along
19: * with this program; if not, visit the http://fsf.org website.
20: */
21:
22: #include "rsync.h"
23: #include "itypes.h"
24:
25: extern int quiet;
26: extern int dry_run;
27: extern int output_motd;
28: extern int list_only;
29: extern int am_sender;
30: extern int am_server;
31: extern int am_daemon;
32: extern int am_root;
33: extern int rsync_port;
34: extern int protect_args;
35: extern int ignore_errors;
36: extern int preserve_xattrs;
37: extern int kluge_around_eof;
38: extern int daemon_over_rsh;
39: extern int munge_symlinks;
40: extern int sanitize_paths;
41: extern int numeric_ids;
42: extern int filesfrom_fd;
43: extern int remote_protocol;
44: extern int protocol_version;
45: extern int io_timeout;
46: extern int no_detach;
47: extern int write_batch;
48: extern int default_af_hint;
49: extern int logfile_format_has_i;
50: extern int logfile_format_has_o_or_i;
51: extern char *bind_address;
52: extern char *config_file;
53: extern char *logfile_format;
54: extern char *files_from;
55: extern char *tmpdir;
56: extern struct chmod_mode_struct *chmod_modes;
57: extern filter_rule_list daemon_filter_list;
58: #ifdef ICONV_OPTION
59: extern char *iconv_opt;
60: extern iconv_t ic_send, ic_recv;
61: #endif
62:
63: char *auth_user;
64: int read_only = 0;
65: int module_id = -1;
66: struct chmod_mode_struct *daemon_chmod_modes;
67:
68: /* module_dirlen is the length of the module_dir string when in daemon
69: * mode and module_dir is not "/"; otherwise 0. (Note that a chroot-
70: * enabled module can have a non-"/" module_dir these days.) */
71: char *module_dir = NULL;
72: unsigned int module_dirlen = 0;
73:
74: char *full_module_path;
75:
76: static int rl_nulls = 0;
77:
78: #ifdef HAVE_SIGACTION
79: static struct sigaction sigact;
80: #endif
81:
82: static item_list gid_list = EMPTY_ITEM_LIST;
83:
84: /* Used when "reverse lookup" is off. */
85: const char undetermined_hostname[] = "UNDETERMINED";
86:
87: /**
88: * Run a client connected to an rsyncd. The alternative to this
89: * function for remote-shell connections is do_cmd().
90: *
91: * After negotiating which module to use and reading the server's
92: * motd, this hands over to client_run(). Telling the server the
93: * module will cause it to chroot/setuid/etc.
94: *
95: * Instead of doing a transfer, the client may at this stage instead
96: * get a listing of remote modules and exit.
97: *
98: * @return -1 for error in startup, or the result of client_run().
99: * Either way, it eventually gets passed to exit_cleanup().
100: **/
101: int start_socket_client(char *host, int remote_argc, char *remote_argv[],
102: int argc, char *argv[])
103: {
104: int fd, ret;
105: char *p, *user = NULL;
106:
107: /* This is redundant with code in start_inband_exchange(), but this
108: * short-circuits a problem in the client before we open a socket,
109: * and the extra check won't hurt. */
110: if (**remote_argv == '/') {
111: rprintf(FERROR,
112: "ERROR: The remote path must start with a module name not a /\n");
113: return -1;
114: }
115:
116: if ((p = strrchr(host, '@')) != NULL) {
117: user = host;
118: host = p+1;
119: *p = '\0';
120: }
121:
122: fd = open_socket_out_wrapped(host, rsync_port, bind_address,
123: default_af_hint);
124: if (fd == -1)
125: exit_cleanup(RERR_SOCKETIO);
126:
127: #ifdef ICONV_CONST
128: setup_iconv();
129: #endif
130:
131: ret = start_inband_exchange(fd, fd, user, remote_argc, remote_argv);
132:
133: return ret ? ret : client_run(fd, fd, -1, argc, argv);
134: }
135:
136: static int exchange_protocols(int f_in, int f_out, char *buf, size_t bufsiz, int am_client)
137: {
138: int remote_sub = -1;
139: #if SUBPROTOCOL_VERSION != 0
140: int our_sub = protocol_version < PROTOCOL_VERSION ? 0 : SUBPROTOCOL_VERSION;
141: #else
142: int our_sub = 0;
143: #endif
144: char *motd;
145:
146: io_printf(f_out, "@RSYNCD: %d.%d\n", protocol_version, our_sub);
147:
148: if (!am_client) {
149: motd = lp_motd_file();
150: if (motd && *motd) {
151: FILE *f = fopen(motd,"r");
152: while (f && !feof(f)) {
153: int len = fread(buf, 1, bufsiz - 1, f);
154: if (len > 0)
155: write_buf(f_out, buf, len);
156: }
157: if (f)
158: fclose(f);
159: write_sbuf(f_out, "\n");
160: }
161: }
162:
163: /* This strips the \n. */
164: if (!read_line_old(f_in, buf, bufsiz, 0)) {
165: if (am_client)
166: rprintf(FERROR, "rsync: did not see server greeting\n");
167: return -1;
168: }
169:
170: if (sscanf(buf, "@RSYNCD: %d.%d", &remote_protocol, &remote_sub) < 1) {
171: if (am_client)
172: rprintf(FERROR, "rsync: server sent \"%s\" rather than greeting\n", buf);
173: else
174: io_printf(f_out, "@ERROR: protocol startup error\n");
175: return -1;
176: }
177:
178: if (remote_sub < 0) {
179: if (remote_protocol == 30) {
180: if (am_client)
181: rprintf(FERROR, "rsync: server is speaking an incompatible beta of protocol 30\n");
182: else
183: io_printf(f_out, "@ERROR: your client is speaking an incompatible beta of protocol 30\n");
184: return -1;
185: }
186: remote_sub = 0;
187: }
188:
189: if (protocol_version > remote_protocol) {
190: protocol_version = remote_protocol;
191: if (remote_sub)
192: protocol_version--;
193: } else if (protocol_version == remote_protocol) {
194: if (remote_sub != our_sub)
195: protocol_version--;
196: }
197: #if SUBPROTOCOL_VERSION != 0
198: else if (protocol_version < remote_protocol) {
199: if (our_sub)
200: protocol_version--;
201: }
202: #endif
203:
204: if (protocol_version >= 30)
205: rl_nulls = 1;
206:
207: return 0;
208: }
209:
210: int start_inband_exchange(int f_in, int f_out, const char *user, int argc, char *argv[])
211: {
212: int i, modlen;
213: char line[BIGPATHBUFLEN];
214: char *sargs[MAX_ARGS];
215: int sargc = 0;
216: char *p, *modname;
217:
218: assert(argc > 0 && *argv != NULL);
219:
220: if (**argv == '/') {
221: rprintf(FERROR,
222: "ERROR: The remote path must start with a module name\n");
223: return -1;
224: }
225:
226: if (!(p = strchr(*argv, '/')))
227: modlen = strlen(*argv);
228: else
229: modlen = p - *argv;
230:
231: if (!(modname = new_array(char, modlen+1+1))) /* room for '/' & '\0' */
232: out_of_memory("start_inband_exchange");
233: strlcpy(modname, *argv, modlen + 1);
234: modname[modlen] = '/';
235: modname[modlen+1] = '\0';
236:
237: if (!user)
238: user = getenv("USER");
239: if (!user)
240: user = getenv("LOGNAME");
241:
242: if (exchange_protocols(f_in, f_out, line, sizeof line, 1) < 0)
243: return -1;
244:
245: /* set daemon_over_rsh to false since we need to build the
246: * true set of args passed through the rsh/ssh connection;
247: * this is a no-op for direct-socket-connection mode */
248: daemon_over_rsh = 0;
249: server_options(sargs, &sargc);
250:
251: if (sargc >= MAX_ARGS - 2)
252: goto arg_overflow;
253:
254: sargs[sargc++] = ".";
255:
256: while (argc > 0) {
257: if (sargc >= MAX_ARGS - 1) {
258: arg_overflow:
259: rprintf(FERROR, "internal: args[] overflowed in do_cmd()\n");
260: exit_cleanup(RERR_SYNTAX);
261: }
262: if (strncmp(*argv, modname, modlen) == 0
263: && argv[0][modlen] == '\0')
264: sargs[sargc++] = modname; /* we send "modname/" */
265: else if (**argv == '-') {
266: if (asprintf(sargs + sargc++, "./%s", *argv) < 0)
267: out_of_memory("start_inband_exchange");
268: } else
269: sargs[sargc++] = *argv;
270: argv++;
271: argc--;
272: }
273:
274: sargs[sargc] = NULL;
275:
276: if (DEBUG_GTE(CMD, 1))
277: print_child_argv("sending daemon args:", sargs);
278:
279: io_printf(f_out, "%.*s\n", modlen, modname);
280:
281: /* Old servers may just drop the connection here,
282: rather than sending a proper EXIT command. Yuck. */
283: kluge_around_eof = list_only && protocol_version < 25 ? 1 : 0;
284:
285: while (1) {
286: if (!read_line_old(f_in, line, sizeof line, 0)) {
287: rprintf(FERROR, "rsync: didn't get server startup line\n");
288: return -1;
289: }
290:
291: if (strncmp(line,"@RSYNCD: AUTHREQD ",18) == 0) {
292: auth_client(f_out, user, line+18);
293: continue;
294: }
295:
296: if (strcmp(line,"@RSYNCD: OK") == 0)
297: break;
298:
299: if (strcmp(line,"@RSYNCD: EXIT") == 0) {
300: /* This is sent by recent versions of the
301: * server to terminate the listing of modules.
302: * We don't want to go on and transfer
303: * anything; just exit. */
304: exit(0);
305: }
306:
307: if (strncmp(line, "@ERROR", 6) == 0) {
308: rprintf(FERROR, "%s\n", line);
309: /* This is always fatal; the server will now
310: * close the socket. */
311: return -1;
312: }
313:
314: /* This might be a MOTD line or a module listing, but there is
315: * no way to differentiate it. The manpage mentions this. */
316: if (output_motd)
317: rprintf(FINFO, "%s\n", line);
318: }
319: kluge_around_eof = 0;
320:
321: if (rl_nulls) {
322: for (i = 0; i < sargc; i++) {
323: if (!sargs[i]) /* stop at --protect-args NULL */
324: break;
325: write_sbuf(f_out, sargs[i]);
326: write_byte(f_out, 0);
327: }
328: write_byte(f_out, 0);
329: } else {
330: for (i = 0; i < sargc; i++)
331: io_printf(f_out, "%s\n", sargs[i]);
332: write_sbuf(f_out, "\n");
333: }
334:
335: if (protect_args)
336: send_protected_args(f_out, sargs);
337:
338: if (protocol_version < 23) {
339: if (protocol_version == 22 || !am_sender)
340: io_start_multiplex_in(f_in);
341: }
342:
343: free(modname);
344:
345: return 0;
346: }
347:
348: static char *finish_pre_exec(pid_t pid, int write_fd, int read_fd, char *request,
349: char **early_argv, char **argv)
350: {
351: char buf[BIGPATHBUFLEN], *bp;
352: int j = 0, status = -1, msglen = sizeof buf - 1;
353:
354: if (!request)
355: request = "(NONE)";
356:
357: write_buf(write_fd, request, strlen(request)+1);
358: if (early_argv) {
359: for ( ; *early_argv; early_argv++)
360: write_buf(write_fd, *early_argv, strlen(*early_argv)+1);
361: j = 1; /* Skip arg0 name in argv. */
362: }
363: for ( ; argv[j]; j++)
364: write_buf(write_fd, argv[j], strlen(argv[j])+1);
365: write_byte(write_fd, 0);
366:
367: close(write_fd);
368:
369: /* Read the stdout from the pre-xfer exec program. This it is only
370: * displayed to the user if the script also returns an error status. */
371: for (bp = buf; msglen > 0; msglen -= j) {
372: if ((j = read(read_fd, bp, msglen)) <= 0) {
373: if (j == 0)
374: break;
375: if (errno == EINTR)
376: continue;
377: break; /* Just ignore the read error for now... */
378: }
379: bp += j;
380: if (j > 1 && bp[-1] == '\n' && bp[-2] == '\r') {
381: bp--;
382: j--;
383: bp[-1] = '\n';
384: }
385: }
386: *bp = '\0';
387:
388: close(read_fd);
389:
390: if (wait_process(pid, &status, 0) < 0
391: || !WIFEXITED(status) || WEXITSTATUS(status) != 0) {
392: char *e;
393: if (asprintf(&e, "pre-xfer exec returned failure (%d)%s%s%s\n%s",
394: status, status < 0 ? ": " : "",
395: status < 0 ? strerror(errno) : "",
396: *buf ? ":" : "", buf) < 0)
397: return "out_of_memory in finish_pre_exec\n";
398: return e;
399: }
400: return NULL;
401: }
402:
403: #ifdef HAVE_PUTENV
404: static int read_arg_from_pipe(int fd, char *buf, int limit)
405: {
406: char *bp = buf, *eob = buf + limit - 1;
407:
408: while (1) {
409: int got = read(fd, bp, 1);
410: if (got != 1) {
411: if (got < 0 && errno == EINTR)
412: continue;
413: return -1;
414: }
415: if (*bp == '\0')
416: break;
417: if (bp < eob)
418: bp++;
419: }
420: *bp = '\0';
421:
422: return bp - buf;
423: }
424: #endif
425:
426: static int path_failure(int f_out, const char *dir, BOOL was_chdir)
427: {
428: if (was_chdir)
429: rsyserr(FLOG, errno, "chdir %s failed\n", dir);
430: else
431: rprintf(FLOG, "normalize_path(%s) failed\n", dir);
432: io_printf(f_out, "@ERROR: chdir failed\n");
433: return -1;
434: }
435:
436: static int add_a_group(int f_out, const char *gname)
437: {
438: gid_t gid, *gid_p;
439: if (!group_to_gid(gname, &gid, True)) {
440: rprintf(FLOG, "Invalid gid %s\n", gname);
441: io_printf(f_out, "@ERROR: invalid gid %s\n", gname);
442: return -1;
443: }
444: gid_p = EXPAND_ITEM_LIST(&gid_list, gid_t, -32);
445: *gid_p = gid;
446: return 0;
447: }
448:
449: #ifdef HAVE_GETGROUPLIST
450: static int want_all_groups(int f_out, uid_t uid)
451: {
452: const char *err;
453: if ((err = getallgroups(uid, &gid_list)) != NULL) {
454: rsyserr(FLOG, errno, "%s", err);
455: io_printf(f_out, "@ERROR: %s\n", err);
456: return -1;
457: }
458: return 0;
459: }
460: #elif defined HAVE_INITGROUPS
461: static struct passwd *want_all_groups(int f_out, uid_t uid)
462: {
463: struct passwd *pw;
464: gid_t *gid_p;
465: if ((pw = getpwuid(uid)) == NULL) {
466: rsyserr(FLOG, errno, "getpwuid failed");
467: io_printf(f_out, "@ERROR: getpwuid failed\n");
468: return NULL;
469: }
470: /* Start with the default group and initgroups() will add the rest. */
471: gid_p = EXPAND_ITEM_LIST(&gid_list, gid_t, -32);
472: *gid_p = pw->pw_gid;
473: return pw;
474: }
475: #endif
476:
477: static void set_env_str(const char *var, const char *str)
478: {
479: #ifdef HAVE_PUTENV
480: char *mem;
481: if (asprintf(&mem, "%s=%s", var, str) < 0)
482: out_of_memory("set_env_str");
483: putenv(mem);
484: #endif
485: }
486:
487: #ifdef HAVE_PUTENV
488: static void set_env_num(const char *var, long num)
489: {
490: char *mem;
491: if (asprintf(&mem, "%s=%ld", var, num) < 0)
492: out_of_memory("set_env_num");
493: putenv(mem);
494: }
495: #endif
496:
497: static int rsync_module(int f_in, int f_out, int i, const char *addr, const char *host)
498: {
499: int argc;
500: char **argv, **orig_argv, **orig_early_argv, *module_chdir;
501: char line[BIGPATHBUFLEN];
502: #if defined HAVE_INITGROUPS && !defined HAVE_GETGROUPLIST
503: struct passwd *pw = NULL;
504: #endif
505: uid_t uid;
506: int set_uid;
507: char *p, *err_msg = NULL;
508: char *name = lp_name(i);
509: int use_chroot = lp_use_chroot(i);
510: int ret, pre_exec_arg_fd = -1, pre_exec_error_fd = -1;
511: int save_munge_symlinks;
512: pid_t pre_exec_pid = 0;
513: char *request = NULL;
514:
515: set_env_str("RSYNC_MODULE_NAME", name);
516:
517: #ifdef ICONV_OPTION
518: iconv_opt = lp_charset(i);
519: if (*iconv_opt)
520: setup_iconv();
521: iconv_opt = NULL;
522: #endif
523:
524: /* If reverse lookup is disabled globally but enabled for this module,
525: * we need to do it now before the access check. */
526: if (host == undetermined_hostname && lp_reverse_lookup(i))
527: host = client_name(f_in);
528: set_env_str("RSYNC_HOST_NAME", host);
529: set_env_str("RSYNC_HOST_ADDR", addr);
530:
531: if (!allow_access(addr, &host, i)) {
532: rprintf(FLOG, "rsync denied on module %s from %s (%s)\n",
533: name, host, addr);
534: if (!lp_list(i))
535: io_printf(f_out, "@ERROR: Unknown module '%s'\n", name);
536: else {
537: io_printf(f_out,
538: "@ERROR: access denied to %s from %s (%s)\n",
539: name, host, addr);
540: }
541: return -1;
542: }
543:
544: if (am_daemon && am_server) {
545: rprintf(FLOG, "rsync allowed access on module %s from %s (%s)\n",
546: name, host, addr);
547: }
548:
549: if (!claim_connection(lp_lock_file(i), lp_max_connections(i))) {
550: if (errno) {
551: rsyserr(FLOG, errno, "failed to open lock file %s",
552: lp_lock_file(i));
553: io_printf(f_out, "@ERROR: failed to open lock file\n");
554: } else {
555: rprintf(FLOG, "max connections (%d) reached\n",
556: lp_max_connections(i));
557: io_printf(f_out, "@ERROR: max connections (%d) reached -- try again later\n",
558: lp_max_connections(i));
559: }
560: return -1;
561: }
562:
563: read_only = lp_read_only(i); /* may also be overridden by auth_server() */
564: auth_user = auth_server(f_in, f_out, i, host, addr, "@RSYNCD: AUTHREQD ");
565:
566: if (!auth_user) {
567: io_printf(f_out, "@ERROR: auth failed on module %s\n", name);
568: return -1;
569: }
570: set_env_str("RSYNC_USER_NAME", auth_user);
571:
572: module_id = i;
573:
574: if (lp_transfer_logging(i) && !logfile_format)
575: logfile_format = lp_log_format(i);
576: if (log_format_has(logfile_format, 'i'))
577: logfile_format_has_i = 1;
578: if (logfile_format_has_i || log_format_has(logfile_format, 'o'))
579: logfile_format_has_o_or_i = 1;
580:
581: uid = MY_UID();
582: am_root = (uid == 0);
583:
584: p = *lp_uid(i) ? lp_uid(i) : am_root ? NOBODY_USER : NULL;
585: if (p) {
586: if (!user_to_uid(p, &uid, True)) {
587: rprintf(FLOG, "Invalid uid %s\n", p);
588: io_printf(f_out, "@ERROR: invalid uid %s\n", p);
589: return -1;
590: }
591: set_uid = 1;
592: } else
593: set_uid = 0;
594:
595: p = *lp_gid(i) ? strtok(lp_gid(i), ", ") : NULL;
596: if (p) {
597: /* The "*" gid must be the first item in the list. */
598: if (strcmp(p, "*") == 0) {
599: #ifdef HAVE_GETGROUPLIST
600: if (want_all_groups(f_out, uid) < 0)
601: return -1;
602: #elif defined HAVE_INITGROUPS
603: if ((pw = want_all_groups(f_out, uid)) == NULL)
604: return -1;
605: #else
606: rprintf(FLOG, "This rsync does not support a gid of \"*\"\n");
607: io_printf(f_out, "@ERROR: invalid gid setting.\n");
608: return -1;
609: #endif
610: } else if (add_a_group(f_out, p) < 0)
611: return -1;
612: while ((p = strtok(NULL, ", ")) != NULL) {
613: #if defined HAVE_INITGROUPS && !defined HAVE_GETGROUPLIST
614: if (pw) {
615: rprintf(FLOG, "This rsync cannot add groups after \"*\".\n");
616: io_printf(f_out, "@ERROR: invalid gid setting.\n");
617: return -1;
618: }
619: #endif
620: if (add_a_group(f_out, p) < 0)
621: return -1;
622: }
623: } else if (am_root) {
624: if (add_a_group(f_out, NOBODY_GROUP) < 0)
625: return -1;
626: }
627:
628: module_dir = lp_path(i);
629: if (*module_dir == '\0') {
630: rprintf(FLOG, "No path specified for module %s\n", name);
631: io_printf(f_out, "@ERROR: no path setting.\n");
632: return -1;
633: }
634: if (use_chroot) {
635: if ((p = strstr(module_dir, "/./")) != NULL) {
636: *p = '\0'; /* Temporary... */
637: if (!(module_chdir = normalize_path(module_dir, True, NULL)))
638: return path_failure(f_out, module_dir, False);
639: *p = '/';
640: if (!(p = normalize_path(p + 2, True, &module_dirlen)))
641: return path_failure(f_out, strstr(module_dir, "/./"), False);
642: if (!(full_module_path = normalize_path(module_dir, False, NULL)))
643: full_module_path = module_dir;
644: module_dir = p;
645: } else {
646: if (!(module_chdir = normalize_path(module_dir, False, NULL)))
647: return path_failure(f_out, module_dir, False);
648: full_module_path = module_chdir;
649: module_dir = "/";
650: module_dirlen = 1;
651: }
652: } else {
653: if (!(module_chdir = normalize_path(module_dir, False, &module_dirlen)))
654: return path_failure(f_out, module_dir, False);
655: full_module_path = module_dir = module_chdir;
656: }
657: set_env_str("RSYNC_MODULE_PATH", full_module_path);
658:
659: if (module_dirlen == 1) {
660: module_dirlen = 0;
661: set_filter_dir("/", 1);
662: } else
663: set_filter_dir(module_dir, module_dirlen);
664:
665: p = lp_filter(i);
666: parse_filter_str(&daemon_filter_list, p, rule_template(FILTRULE_WORD_SPLIT),
667: XFLG_ABS_IF_SLASH | XFLG_DIR2WILD3);
668:
669: p = lp_include_from(i);
670: parse_filter_file(&daemon_filter_list, p, rule_template(FILTRULE_INCLUDE),
671: XFLG_ABS_IF_SLASH | XFLG_DIR2WILD3 | XFLG_OLD_PREFIXES | XFLG_FATAL_ERRORS);
672:
673: p = lp_include(i);
674: parse_filter_str(&daemon_filter_list, p,
675: rule_template(FILTRULE_INCLUDE | FILTRULE_WORD_SPLIT),
676: XFLG_ABS_IF_SLASH | XFLG_DIR2WILD3 | XFLG_OLD_PREFIXES);
677:
678: p = lp_exclude_from(i);
679: parse_filter_file(&daemon_filter_list, p, rule_template(0),
680: XFLG_ABS_IF_SLASH | XFLG_DIR2WILD3 | XFLG_OLD_PREFIXES | XFLG_FATAL_ERRORS);
681:
682: p = lp_exclude(i);
683: parse_filter_str(&daemon_filter_list, p, rule_template(FILTRULE_WORD_SPLIT),
684: XFLG_ABS_IF_SLASH | XFLG_DIR2WILD3 | XFLG_OLD_PREFIXES);
685:
686: log_init(1);
687:
688: #ifdef HAVE_PUTENV
689: if (*lp_prexfer_exec(i) || *lp_postxfer_exec(i)) {
690: int status;
691:
692: /* For post-xfer exec, fork a new process to run the rsync
693: * daemon while this process waits for the exit status and
694: * runs the indicated command at that point. */
695: if (*lp_postxfer_exec(i)) {
696: pid_t pid = fork();
697: if (pid < 0) {
698: rsyserr(FLOG, errno, "fork failed");
699: io_printf(f_out, "@ERROR: fork failed\n");
700: return -1;
701: }
702: if (pid) {
703: close(f_in);
704: if (f_out != f_in)
705: close(f_out);
706: set_env_num("RSYNC_PID", (long)pid);
707: if (wait_process(pid, &status, 0) < 0)
708: status = -1;
709: set_env_num("RSYNC_RAW_STATUS", status);
710: if (WIFEXITED(status))
711: status = WEXITSTATUS(status);
712: else
713: status = -1;
714: set_env_num("RSYNC_EXIT_STATUS", status);
715: if (system(lp_postxfer_exec(i)) < 0)
716: status = -1;
717: _exit(status);
718: }
719: }
720: /* For pre-xfer exec, fork a child process to run the indicated
721: * command, though it first waits for the parent process to
722: * send us the user's request via a pipe. */
723: if (*lp_prexfer_exec(i)) {
724: int arg_fds[2], error_fds[2];
725: set_env_num("RSYNC_PID", (long)getpid());
726: if (pipe(arg_fds) < 0 || pipe(error_fds) < 0 || (pre_exec_pid = fork()) < 0) {
727: rsyserr(FLOG, errno, "pre-xfer exec preparation failed");
728: io_printf(f_out, "@ERROR: pre-xfer exec preparation failed\n");
729: return -1;
730: }
731: if (pre_exec_pid == 0) {
732: char buf[BIGPATHBUFLEN];
733: int j, len;
734: close(arg_fds[1]);
735: close(error_fds[0]);
736: pre_exec_arg_fd = arg_fds[0];
737: pre_exec_error_fd = error_fds[1];
738: set_blocking(pre_exec_arg_fd);
739: set_blocking(pre_exec_error_fd);
740: len = read_arg_from_pipe(pre_exec_arg_fd, buf, BIGPATHBUFLEN);
741: if (len <= 0)
742: _exit(1);
743: set_env_str("RSYNC_REQUEST", buf);
744: for (j = 0; ; j++) {
745: len = read_arg_from_pipe(pre_exec_arg_fd, buf,
746: BIGPATHBUFLEN);
747: if (len <= 0) {
748: if (!len)
749: break;
750: _exit(1);
751: }
752: if (asprintf(&p, "RSYNC_ARG%d=%s", j, buf) >= 0)
753: putenv(p);
754: }
755: close(pre_exec_arg_fd);
756: close(STDIN_FILENO);
757: dup2(pre_exec_error_fd, STDOUT_FILENO);
758: close(pre_exec_error_fd);
759: status = system(lp_prexfer_exec(i));
760: if (!WIFEXITED(status))
761: _exit(1);
762: _exit(WEXITSTATUS(status));
763: }
764: close(arg_fds[0]);
765: close(error_fds[1]);
766: pre_exec_arg_fd = arg_fds[1];
767: pre_exec_error_fd = error_fds[0];
768: set_blocking(pre_exec_arg_fd);
769: set_blocking(pre_exec_error_fd);
770: }
771: }
772: #endif
773:
774: if (use_chroot) {
775: /*
776: * XXX: The 'use chroot' flag is a fairly reliable
777: * source of confusion, because it fails under two
778: * important circumstances: running as non-root,
779: * running on Win32 (or possibly others). On the
780: * other hand, if you are running as root, then it
781: * might be better to always use chroot.
782: *
783: * So, perhaps if we can't chroot we should just issue
784: * a warning, unless a "require chroot" flag is set,
785: * in which case we fail.
786: */
787: if (chroot(module_chdir)) {
788: rsyserr(FLOG, errno, "chroot %s failed", module_chdir);
789: io_printf(f_out, "@ERROR: chroot failed\n");
790: return -1;
791: }
792: module_chdir = module_dir;
793: }
794:
795: if (!change_dir(module_chdir, CD_NORMAL))
796: return path_failure(f_out, module_chdir, True);
797: if (module_dirlen || !use_chroot)
798: sanitize_paths = 1;
799:
800: if ((munge_symlinks = lp_munge_symlinks(i)) < 0)
801: munge_symlinks = !use_chroot || module_dirlen;
802: if (munge_symlinks) {
803: STRUCT_STAT st;
804: char prefix[SYMLINK_PREFIX_LEN]; /* NOT +1 ! */
805: strlcpy(prefix, SYMLINK_PREFIX, sizeof prefix); /* trim the trailing slash */
806: if (do_stat(prefix, &st) == 0 && S_ISDIR(st.st_mode)) {
807: rprintf(FLOG, "Symlink munging is unsafe when a %s directory exists.\n",
808: prefix);
809: io_printf(f_out, "@ERROR: daemon security issue -- contact admin\n", name);
810: exit_cleanup(RERR_UNSUPPORTED);
811: }
812: }
813:
814: if (gid_list.count) {
815: gid_t *gid_array = gid_list.items;
816: if (setgid(gid_array[0])) {
817: rsyserr(FLOG, errno, "setgid %ld failed", (long)gid_array[0]);
818: io_printf(f_out, "@ERROR: setgid failed\n");
819: return -1;
820: }
821: #ifdef HAVE_SETGROUPS
822: /* Set the group(s) we want to be active. */
823: if (setgroups(gid_list.count, gid_array)) {
824: rsyserr(FLOG, errno, "setgroups failed");
825: io_printf(f_out, "@ERROR: setgroups failed\n");
826: return -1;
827: }
828: #endif
829: #if defined HAVE_INITGROUPS && !defined HAVE_GETGROUPLIST
830: /* pw is set if the user wants all the user's groups. */
831: if (pw && initgroups(pw->pw_name, pw->pw_gid) < 0) {
832: rsyserr(FLOG, errno, "initgroups failed");
833: io_printf(f_out, "@ERROR: initgroups failed\n");
834: return -1;
835: }
836: #endif
837: }
838:
839: if (set_uid) {
840: if (setuid(uid) < 0
841: #ifdef HAVE_SETEUID
842: || seteuid(uid) < 0
843: #endif
844: ) {
845: rsyserr(FLOG, errno, "setuid %ld failed", (long)uid);
846: io_printf(f_out, "@ERROR: setuid failed\n");
847: return -1;
848: }
849:
850: am_root = (MY_UID() == 0);
851: }
852:
853: if (lp_temp_dir(i) && *lp_temp_dir(i)) {
854: tmpdir = lp_temp_dir(i);
855: if (strlen(tmpdir) >= MAXPATHLEN - 10) {
856: rprintf(FLOG,
857: "the 'temp dir' value for %s is WAY too long -- ignoring.\n",
858: name);
859: tmpdir = NULL;
860: }
861: }
862:
863: io_printf(f_out, "@RSYNCD: OK\n");
864:
865: read_args(f_in, name, line, sizeof line, rl_nulls, &argv, &argc, &request);
866: orig_argv = argv;
867:
868: save_munge_symlinks = munge_symlinks;
869:
870: reset_output_levels(); /* future verbosity is controlled by client options */
871: ret = parse_arguments(&argc, (const char ***) &argv);
872: if (protect_args && ret) {
873: orig_early_argv = orig_argv;
874: protect_args = 2;
875: read_args(f_in, name, line, sizeof line, 1, &argv, &argc, &request);
876: orig_argv = argv;
877: ret = parse_arguments(&argc, (const char ***) &argv);
878: } else
879: orig_early_argv = NULL;
880:
881: munge_symlinks = save_munge_symlinks; /* The client mustn't control this. */
882:
883: if (pre_exec_pid) {
884: err_msg = finish_pre_exec(pre_exec_pid, pre_exec_arg_fd, pre_exec_error_fd,
885: request, orig_early_argv, orig_argv);
886: }
887:
888: if (orig_early_argv)
889: free(orig_early_argv);
890:
891: am_server = 1; /* Don't let someone try to be tricky. */
892: quiet = 0;
893: if (lp_ignore_errors(module_id))
894: ignore_errors = 1;
895: if (write_batch < 0)
896: dry_run = 1;
897:
898: if (lp_fake_super(i)) {
899: if (preserve_xattrs > 1)
900: preserve_xattrs = 1;
901: am_root = -1;
902: } else if (am_root < 0) /* Treat --fake-super from client as --super. */
903: am_root = 2;
904:
905: if (filesfrom_fd == 0)
906: filesfrom_fd = f_in;
907:
908: if (request) {
909: if (*auth_user) {
910: rprintf(FLOG, "rsync %s %s from %s@%s (%s)\n",
911: am_sender ? "on" : "to",
912: request, auth_user, host, addr);
913: } else {
914: rprintf(FLOG, "rsync %s %s from %s (%s)\n",
915: am_sender ? "on" : "to",
916: request, host, addr);
917: }
918: free(request);
919: }
920:
921: #ifndef DEBUG
922: /* don't allow the logs to be flooded too fast */
923: limit_output_verbosity(lp_max_verbosity(i));
924: #endif
925:
926: if (protocol_version < 23
927: && (protocol_version == 22 || am_sender))
928: io_start_multiplex_out(f_out);
929: else if (!ret || err_msg) {
930: /* We have to get I/O multiplexing started so that we can
931: * get the error back to the client. This means getting
932: * the protocol setup finished first in later versions. */
933: setup_protocol(f_out, f_in);
934: if (!am_sender) {
935: /* Since we failed in our option parsing, we may not
936: * have finished parsing that the client sent us a
937: * --files-from option, so look for it manually.
938: * Without this, the socket would be in the wrong
939: * state for the upcoming error message. */
940: if (!files_from) {
941: int i;
942: for (i = 0; i < argc; i++) {
943: if (strncmp(argv[i], "--files-from", 12) == 0) {
944: files_from = "";
945: break;
946: }
947: }
948: }
949: if (files_from)
950: write_byte(f_out, 0);
951: }
952: io_start_multiplex_out(f_out);
953: }
954:
955: if (!ret || err_msg) {
956: if (err_msg) {
957: while ((p = strchr(err_msg, '\n')) != NULL) {
958: int len = p - err_msg + 1;
959: rwrite(FERROR, err_msg, len, 0);
960: err_msg += len;
961: }
962: if (*err_msg)
963: rprintf(FERROR, "%s\n", err_msg);
964: } else
965: option_error();
966: msleep(400);
967: exit_cleanup(RERR_UNSUPPORTED);
968: }
969:
970: #ifdef ICONV_OPTION
971: if (!iconv_opt) {
972: if (ic_send != (iconv_t)-1) {
973: iconv_close(ic_send);
974: ic_send = (iconv_t)-1;
975: }
976: if (ic_recv != (iconv_t)-1) {
977: iconv_close(ic_recv);
978: ic_recv = (iconv_t)-1;
979: }
980: }
981: #endif
982:
983: if (!numeric_ids
984: && (use_chroot ? lp_numeric_ids(i) != False : lp_numeric_ids(i) == True))
985: numeric_ids = -1; /* Set --numeric-ids w/o breaking protocol. */
986:
987: if (lp_timeout(i) && (!io_timeout || lp_timeout(i) < io_timeout))
988: set_io_timeout(lp_timeout(i));
989:
990: /* If we have some incoming/outgoing chmod changes, append them to
991: * any user-specified changes (making our changes have priority).
992: * We also get a pointer to just our changes so that a receiver
993: * process can use them separately if --perms wasn't specified. */
994: if (am_sender)
995: p = lp_outgoing_chmod(i);
996: else
997: p = lp_incoming_chmod(i);
998: if (*p && !(daemon_chmod_modes = parse_chmod(p, &chmod_modes))) {
999: rprintf(FLOG, "Invalid \"%sing chmod\" directive: %s\n",
1000: am_sender ? "outgo" : "incom", p);
1001: }
1002:
1003: start_server(f_in, f_out, argc, argv);
1004:
1005: return 0;
1006: }
1007:
1008: /* send a list of available modules to the client. Don't list those
1009: with "list = False". */
1010: static void send_listing(int fd)
1011: {
1012: int n = lp_num_modules();
1013: int i;
1014:
1015: for (i = 0; i < n; i++) {
1016: if (lp_list(i))
1017: io_printf(fd, "%-15s\t%s\n", lp_name(i), lp_comment(i));
1018: }
1019:
1020: if (protocol_version >= 25)
1021: io_printf(fd,"@RSYNCD: EXIT\n");
1022: }
1023:
1024: static int load_config(int globals_only)
1025: {
1026: if (!config_file) {
1027: if (am_server && am_root <= 0)
1028: config_file = RSYNCD_USERCONF;
1029: else
1030: config_file = RSYNCD_SYSCONF;
1031: }
1032: return lp_load(config_file, globals_only);
1033: }
1034:
1035: /* this is called when a connection is established to a client
1036: and we want to start talking. The setup of the system is done from
1037: here */
1038: int start_daemon(int f_in, int f_out)
1039: {
1040: char line[1024];
1041: const char *addr, *host;
1042: int i;
1043:
1044: io_set_sock_fds(f_in, f_out);
1045:
1046: /* We must load the config file before calling any function that
1047: * might cause log-file output to occur. This ensures that the
1048: * "log file" param gets honored for the 2 non-forked use-cases
1049: * (when rsync is run by init and run by a remote shell). */
1050: if (!load_config(0))
1051: exit_cleanup(RERR_SYNTAX);
1052:
1053: addr = client_addr(f_in);
1054: host = lp_reverse_lookup(-1) ? client_name(f_in) : undetermined_hostname;
1055: rprintf(FLOG, "connect from %s (%s)\n", host, addr);
1056:
1057: if (!am_server) {
1058: set_socket_options(f_in, "SO_KEEPALIVE");
1059: set_nonblocking(f_in);
1060: }
1061:
1062: if (exchange_protocols(f_in, f_out, line, sizeof line, 0) < 0)
1063: return -1;
1064:
1065: line[0] = 0;
1066: if (!read_line_old(f_in, line, sizeof line, 0))
1067: return -1;
1068:
1069: if (!*line || strcmp(line, "#list") == 0) {
1070: rprintf(FLOG, "module-list request from %s (%s)\n",
1071: host, addr);
1072: send_listing(f_out);
1073: return -1;
1074: }
1075:
1076: if (*line == '#') {
1077: /* it's some sort of command that I don't understand */
1078: io_printf(f_out, "@ERROR: Unknown command '%s'\n", line);
1079: return -1;
1080: }
1081:
1082: if ((i = lp_number(line)) < 0) {
1083: rprintf(FLOG, "unknown module '%s' tried from %s (%s)\n",
1084: line, host, addr);
1085: io_printf(f_out, "@ERROR: Unknown module '%s'\n", line);
1086: return -1;
1087: }
1088:
1089: #ifdef HAVE_SIGACTION
1090: sigact.sa_flags = SA_NOCLDSTOP;
1091: #endif
1092: SIGACTION(SIGCHLD, remember_children);
1093:
1094: return rsync_module(f_in, f_out, i, addr, host);
1095: }
1096:
1097: static void create_pid_file(void)
1098: {
1099: char *pid_file = lp_pid_file();
1100: char pidbuf[16];
1101: pid_t pid = getpid();
1102: int fd, len;
1103:
1104: if (!pid_file || !*pid_file)
1105: return;
1106:
1107: cleanup_set_pid(pid);
1108: if ((fd = do_open(pid_file, O_WRONLY|O_CREAT|O_EXCL, 0666)) == -1) {
1109: failure:
1110: cleanup_set_pid(0);
1111: fprintf(stderr, "failed to create pid file %s: %s\n", pid_file, strerror(errno));
1112: rsyserr(FLOG, errno, "failed to create pid file %s", pid_file);
1113: exit_cleanup(RERR_FILEIO);
1114: }
1115: snprintf(pidbuf, sizeof pidbuf, "%d\n", (int)pid);
1116: len = strlen(pidbuf);
1117: if (write(fd, pidbuf, len) != len)
1118: goto failure;
1119: close(fd);
1120: }
1121:
1122: /* Become a daemon, discarding the controlling terminal. */
1123: static void become_daemon(void)
1124: {
1125: int i;
1126: pid_t pid = fork();
1127:
1128: if (pid) {
1129: if (pid < 0) {
1130: fprintf(stderr, "failed to fork: %s\n", strerror(errno));
1131: exit_cleanup(RERR_FILEIO);
1132: }
1133: _exit(0);
1134: }
1135:
1136: create_pid_file();
1137:
1138: /* detach from the terminal */
1139: #ifdef HAVE_SETSID
1140: setsid();
1141: #elif defined TIOCNOTTY
1142: i = open("/dev/tty", O_RDWR);
1143: if (i >= 0) {
1144: ioctl(i, (int)TIOCNOTTY, (char *)0);
1145: close(i);
1146: }
1147: #endif
1148: /* make sure that stdin, stdout an stderr don't stuff things
1149: * up (library functions, for example) */
1150: for (i = 0; i < 3; i++) {
1151: close(i);
1152: open("/dev/null", O_RDWR);
1153: }
1154: }
1155:
1156: int daemon_main(void)
1157: {
1158: if (is_a_socket(STDIN_FILENO)) {
1159: int i;
1160:
1161: /* we are running via inetd - close off stdout and
1162: * stderr so that library functions (and getopt) don't
1163: * try to use them. Redirect them to /dev/null */
1164: for (i = 1; i < 3; i++) {
1165: close(i);
1166: open("/dev/null", O_RDWR);
1167: }
1168:
1169: return start_daemon(STDIN_FILENO, STDIN_FILENO);
1170: }
1171:
1172: if (!load_config(1)) {
1173: fprintf(stderr, "Failed to parse config file: %s\n", config_file);
1174: exit_cleanup(RERR_SYNTAX);
1175: }
1176: set_dparams(0);
1177:
1178: if (no_detach)
1179: create_pid_file();
1180: else
1181: become_daemon();
1182:
1183: if (rsync_port == 0 && (rsync_port = lp_rsync_port()) == 0)
1184: rsync_port = RSYNC_PORT;
1185: if (bind_address == NULL && *lp_bind_address())
1186: bind_address = lp_bind_address();
1187:
1188: log_init(0);
1189:
1190: rprintf(FLOG, "rsyncd version %s starting, listening on port %d\n",
1191: RSYNC_VERSION, rsync_port);
1192: /* TODO: If listening on a particular address, then show that
1193: * address too. In fact, why not just do getnameinfo on the
1194: * local address??? */
1195:
1196: start_accept_loop(rsync_port, start_daemon);
1197: return -1;
1198: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>