48
48
extern int default_af_hint;
49
49
extern int logfile_format_has_i;
50
50
extern int logfile_format_has_o_or_i;
51
extern mode_t orig_umask;
52
51
extern char *bind_address;
53
52
extern char *config_file;
54
53
extern char *logfile_format;
55
54
extern char *files_from;
56
55
extern char *tmpdir;
57
56
extern struct chmod_mode_struct *chmod_modes;
58
extern struct filter_list_struct daemon_filter_list;
57
extern filter_rule_list daemon_filter_list;
59
58
#ifdef ICONV_OPTION
60
59
extern char *iconv_opt;
61
60
extern iconv_t ic_send, ic_recv;
63
#define MAX_GID_LIST 32
66
67
int module_id = -1;
67
int munge_symlinks = 0;
68
68
struct chmod_mode_struct *daemon_chmod_modes;
70
70
/* module_dirlen is the length of the module_dir string when in daemon
345
static char *finish_pre_exec(pid_t pid, int fd, char *request,
351
static char *finish_pre_exec(pid_t pid, int write_fd, int read_fd, char *request,
346
352
char **early_argv, char **argv)
348
int j = 0, status = -1;
354
char buf[BIGPATHBUFLEN], *bp;
355
int j = 0, status = -1, msglen = sizeof buf - 1;
351
358
request = "(NONE)";
353
write_buf(fd, request, strlen(request)+1);
360
write_buf(write_fd, request, strlen(request)+1);
354
361
if (early_argv) {
355
362
for ( ; *early_argv; early_argv++)
356
write_buf(fd, *early_argv, strlen(*early_argv)+1);
363
write_buf(write_fd, *early_argv, strlen(*early_argv)+1);
357
364
j = 1; /* Skip arg0 name in argv. */
359
for ( ; argv[j]; j++) {
360
write_buf(fd, argv[j], strlen(argv[j])+1);
361
if (argv[j][0] == '.' && argv[j][1] == '\0')
366
for ( ; argv[j]; j++)
367
write_buf(write_fd, argv[j], strlen(argv[j])+1);
368
write_byte(write_fd, 0);
372
/* Read the stdout from the pre-xfer exec program. This it is only
373
* displayed to the user if the script also returns an error status. */
374
for (bp = buf; msglen > 0; msglen -= j) {
375
if ((j = read(read_fd, bp, msglen)) <= 0) {
380
break; /* Just ignore the read error for now... */
383
if (j > 1 && bp[-1] == '\n' && bp[-2] == '\r') {
368
393
if (wait_process(pid, &status, 0) < 0
369
394
|| !WIFEXITED(status) || WEXITSTATUS(status) != 0) {
371
if (asprintf(&e, "pre-xfer exec returned failure (%d)%s%s\n",
396
if (asprintf(&e, "pre-xfer exec returned failure (%d)%s%s%s\n%s",
372
397
status, status < 0 ? ": " : "",
373
status < 0 ? strerror(errno) : "") < 0)
374
out_of_memory("finish_pre_exec");
398
status < 0 ? strerror(errno) : "",
399
*buf ? ":" : "", buf) < 0)
400
return "out_of_memory in finish_pre_exec\n";
380
407
static int read_arg_from_pipe(int fd, char *buf, int limit)
382
409
char *bp = buf, *eob = buf + limit - 1;
385
int got = read(fd, bp, 1);
387
if (got < 0 && errno == EINTR)
412
int got = read(fd, bp, 1);
414
if (got < 0 && errno == EINTR)
401
429
static int path_failure(int f_out, const char *dir, BOOL was_chdir)
411
static int rsync_module(int f_in, int f_out, int i, char *addr, char *host)
439
static int add_a_group(int f_out, const char *gname)
442
if (!group_to_gid(gname, &gid, True)) {
443
rprintf(FLOG, "Invalid gid %s\n", gname);
444
io_printf(f_out, "@ERROR: invalid gid %s\n", gname);
447
if (gid_count == MAX_GID_LIST) {
448
rprintf(FLOG, "Too many groups specified via gid parameter.\n");
449
io_printf(f_out, "@ERROR: too many groups\n");
452
gid_list[gid_count++] = gid;
456
#ifdef HAVE_GETGROUPLIST
457
static int want_all_groups(int f_out, uid_t uid)
460
gid_count = MAX_GID_LIST;
461
if ((err = getallgroups(uid, gid_list, &gid_count)) != NULL) {
462
rsyserr(FLOG, errno, "%s", err);
463
io_printf(f_out, "@ERROR: %s\n", err);
468
#elif defined HAVE_INITGROUPS
469
static struct passwd *want_all_groups(int f_out, uid_t uid)
472
if ((pw = getpwuid(uid)) == NULL) {
473
rsyserr(FLOG, errno, "getpwuid failed");
474
io_printf(f_out, "@ERROR: getpwuid failed\n");
477
/* Start with the default group and initgroups() will add the reset. */
479
gid_list[0] = pw->pw_gid;
484
static void set_env_str(const char *var, const char *str)
488
if (asprintf(&mem, "%s=%s", var, str) < 0)
489
out_of_memory("set_env_str");
495
static void set_env_num(const char *var, long num)
498
if (asprintf(&mem, "%s=%ld", var, num) < 0)
499
out_of_memory("set_env_num");
504
static int rsync_module(int f_in, int f_out, int i, const char *addr, const char *host)
414
507
char **argv, **orig_argv, **orig_early_argv, *module_chdir;
415
508
char line[BIGPATHBUFLEN];
416
uid_t uid = (uid_t)-2; /* canonically "nobody" */
417
gid_t gid = (gid_t)-2;
509
#if defined HAVE_INITGROUPS && !defined HAVE_GETGROUPLIST
510
struct passwd *pw = NULL;
418
514
char *p, *err_msg = NULL;
419
515
char *name = lp_name(i);
420
516
int use_chroot = lp_use_chroot(i);
421
int ret, pre_exec_fd = -1;
517
int ret, pre_exec_arg_fd = -1, pre_exec_error_fd = -1;
518
int save_munge_symlinks;
422
519
pid_t pre_exec_pid = 0;
423
520
char *request = NULL;
522
set_env_str("RSYNC_MODULE_NAME", name);
425
524
#ifdef ICONV_OPTION
426
525
iconv_opt = lp_charset(i);
429
528
iconv_opt = NULL;
432
if (!allow_access(addr, host, lp_hosts_allow(i), lp_hosts_deny(i))) {
531
/* If reverse lookup is disabled globally but enabled for this module,
532
* we need to do it now before the access check. */
533
if (host == undetermined_hostname && lp_reverse_lookup(i))
534
host = client_name(f_in);
535
set_env_str("RSYNC_HOST_NAME", host);
536
set_env_str("RSYNC_HOST_ADDR", addr);
538
if (!allow_access(addr, &host, i)) {
433
539
rprintf(FLOG, "rsync denied on module %s from %s (%s)\n",
434
540
name, host, addr);
570
read_only = lp_read_only(i); /* may also be overridden by auth_server() */
464
571
auth_user = auth_server(f_in, f_out, i, host, addr, "@RSYNCD: AUTHREQD ");
466
573
if (!auth_user) {
467
574
io_printf(f_out, "@ERROR: auth failed on module %s\n", name);
577
set_env_str("RSYNC_USER_NAME", auth_user);
476
581
if (lp_transfer_logging(i) && !logfile_format)
477
582
logfile_format = lp_log_format(i);
478
583
if (log_format_has(logfile_format, 'i'))
480
585
if (logfile_format_has_i || log_format_has(logfile_format, 'o'))
481
586
logfile_format_has_o_or_i = 1;
483
am_root = (MY_UID() == 0);
487
if (!name_to_uid(p, &uid)) {
489
rprintf(FLOG, "Invalid uid %s\n", p);
490
io_printf(f_out, "@ERROR: invalid uid %s\n", p);
497
if (!name_to_gid(p, &gid)) {
499
rprintf(FLOG, "Invalid gid %s\n", p);
500
io_printf(f_out, "@ERROR: invalid gid %s\n", p);
589
am_root = (uid == 0);
591
p = *lp_uid(i) ? lp_uid(i) : am_root ? NOBODY_USER : NULL;
593
if (!user_to_uid(p, &uid, True)) {
594
rprintf(FLOG, "Invalid uid %s\n", p);
595
io_printf(f_out, "@ERROR: invalid uid %s\n", p);
602
p = *lp_gid(i) ? strtok(lp_gid(i), ", ") : NULL;
604
/* The "*" gid must be the first item in the list. */
605
if (strcmp(p, "*") == 0) {
606
#ifdef HAVE_GETGROUPLIST
607
if (want_all_groups(f_out, uid) < 0)
609
#elif defined HAVE_INITGROUPS
610
if ((pw = want_all_groups(f_out, uid)) == NULL)
613
rprintf(FLOG, "This rsync does not support a gid of \"*\"\n");
614
io_printf(f_out, "@ERROR: invalid gid setting.\n");
617
} else if (add_a_group(f_out, p) < 0)
619
while ((p = strtok(NULL, ", ")) != NULL) {
620
#if defined HAVE_INITGROUPS && !defined HAVE_GETGROUPLIST
622
rprintf(FLOG, "This rsync cannot add groups after \"*\".\n");
623
io_printf(f_out, "@ERROR: invalid gid setting.\n");
627
if (add_a_group(f_out, p) < 0)
630
} else if (am_root) {
631
if (add_a_group(f_out, NOBODY_GROUP) < 0)
507
/* TODO: If we're not root, but the configuration requests
508
* that we change to some uid other than the current one, then
511
/* TODO: Perhaps take a list of gids, and make them into the
512
* supplementary groups. */
514
635
module_dir = lp_path(i);
515
636
if (*module_dir == '\0') {
516
637
rprintf(FLOG, "No path specified for module %s\n", name);
548
670
set_filter_dir(module_dir, module_dirlen);
550
672
p = lp_filter(i);
551
parse_rule(&daemon_filter_list, p, MATCHFLG_WORD_SPLIT,
673
parse_filter_str(&daemon_filter_list, p, rule_template(FILTRULE_WORD_SPLIT),
552
674
XFLG_ABS_IF_SLASH | XFLG_DIR2WILD3);
554
676
p = lp_include_from(i);
555
parse_filter_file(&daemon_filter_list, p, MATCHFLG_INCLUDE,
677
parse_filter_file(&daemon_filter_list, p, rule_template(FILTRULE_INCLUDE),
556
678
XFLG_ABS_IF_SLASH | XFLG_DIR2WILD3 | XFLG_OLD_PREFIXES | XFLG_FATAL_ERRORS);
558
680
p = lp_include(i);
559
parse_rule(&daemon_filter_list, p,
560
MATCHFLG_INCLUDE | MATCHFLG_WORD_SPLIT,
681
parse_filter_str(&daemon_filter_list, p,
682
rule_template(FILTRULE_INCLUDE | FILTRULE_WORD_SPLIT),
561
683
XFLG_ABS_IF_SLASH | XFLG_DIR2WILD3 | XFLG_OLD_PREFIXES);
563
685
p = lp_exclude_from(i);
564
parse_filter_file(&daemon_filter_list, p, 0,
686
parse_filter_file(&daemon_filter_list, p, rule_template(0),
565
687
XFLG_ABS_IF_SLASH | XFLG_DIR2WILD3 | XFLG_OLD_PREFIXES | XFLG_FATAL_ERRORS);
567
689
p = lp_exclude(i);
568
parse_rule(&daemon_filter_list, p, MATCHFLG_WORD_SPLIT,
690
parse_filter_str(&daemon_filter_list, p, rule_template(FILTRULE_WORD_SPLIT),
569
691
XFLG_ABS_IF_SLASH | XFLG_DIR2WILD3 | XFLG_OLD_PREFIXES);
573
695
#ifdef HAVE_PUTENV
574
696
if (*lp_prexfer_exec(i) || *lp_postxfer_exec(i)) {
575
char *modname, *modpath, *hostaddr, *hostname, *username;
578
if (asprintf(&modname, "RSYNC_MODULE_NAME=%s", name) < 0
579
|| asprintf(&modpath, "RSYNC_MODULE_PATH=%s", full_module_path) < 0
580
|| asprintf(&hostaddr, "RSYNC_HOST_ADDR=%s", addr) < 0
581
|| asprintf(&hostname, "RSYNC_HOST_NAME=%s", host) < 0
582
|| asprintf(&username, "RSYNC_USER_NAME=%s", auth_user) < 0)
583
out_of_memory("rsync_module");
590
699
/* For post-xfer exec, fork a new process to run the rsync
591
700
* daemon while this process waits for the exit status and
592
701
* runs the indicated command at that point. */
601
if (asprintf(&p, "RSYNC_PID=%ld", (long)pid) > 0)
713
set_env_num("RSYNC_PID", (long)pid);
603
714
if (wait_process(pid, &status, 0) < 0)
605
if (asprintf(&p, "RSYNC_RAW_STATUS=%d", status) > 0)
716
set_env_num("RSYNC_RAW_STATUS", status);
607
717
if (WIFEXITED(status))
608
718
status = WEXITSTATUS(status);
611
if (asprintf(&p, "RSYNC_EXIT_STATUS=%d", status) > 0)
721
set_env_num("RSYNC_EXIT_STATUS", status);
613
722
if (system(lp_postxfer_exec(i)) < 0)
619
728
* command, though it first waits for the parent process to
620
729
* send us the user's request via a pipe. */
621
730
if (*lp_prexfer_exec(i)) {
623
if (asprintf(&p, "RSYNC_PID=%ld", (long)getpid()) > 0)
625
if (pipe(fds) < 0 || (pre_exec_pid = fork()) < 0) {
731
int arg_fds[2], error_fds[2];
732
set_env_num("RSYNC_PID", (long)getpid());
733
if (pipe(arg_fds) < 0 || pipe(error_fds) < 0 || (pre_exec_pid = fork()) < 0) {
626
734
rsyserr(FLOG, errno, "pre-xfer exec preparation failed");
627
735
io_printf(f_out, "@ERROR: pre-xfer exec preparation failed\n");
630
738
if (pre_exec_pid == 0) {
631
739
char buf[BIGPATHBUFLEN];
634
set_blocking(fds[0]);
635
len = read_arg_from_pipe(fds[0], buf, BIGPATHBUFLEN);
743
pre_exec_arg_fd = arg_fds[0];
744
pre_exec_error_fd = error_fds[1];
745
set_blocking(pre_exec_arg_fd);
746
set_blocking(pre_exec_error_fd);
747
len = read_arg_from_pipe(pre_exec_arg_fd, buf, BIGPATHBUFLEN);
638
if (asprintf(&p, "RSYNC_REQUEST=%s", buf) > 0)
750
set_env_str("RSYNC_REQUEST", buf);
640
751
for (j = 0; ; j++) {
641
len = read_arg_from_pipe(fds[0], buf,
752
len = read_arg_from_pipe(pre_exec_arg_fd, buf,
648
if (asprintf(&p, "RSYNC_ARG%d=%s", j, buf) > 0)
759
if (asprintf(&p, "RSYNC_ARG%d=%s", j, buf) >= 0)
762
close(pre_exec_arg_fd);
652
763
close(STDIN_FILENO);
653
close(STDOUT_FILENO);
764
dup2(pre_exec_error_fd, STDOUT_FILENO);
765
close(pre_exec_error_fd);
654
766
status = system(lp_prexfer_exec(i));
655
767
if (!WIFEXITED(status))
657
769
_exit(WEXITSTATUS(status));
660
set_blocking(fds[1]);
661
pre_exec_fd = fds[1];
773
pre_exec_arg_fd = arg_fds[1];
774
pre_exec_error_fd = error_fds[0];
775
set_blocking(pre_exec_arg_fd);
776
set_blocking(pre_exec_error_fd);
694
808
munge_symlinks = !use_chroot || module_dirlen;
695
809
if (munge_symlinks) {
697
if (do_stat(SYMLINK_PREFIX, &st) == 0 && S_ISDIR(st.st_mode)) {
698
rprintf(FLOG, "Symlink munging is unsupported when a %s directory exists.\n",
811
char prefix[SYMLINK_PREFIX_LEN]; /* NOT +1 ! */
812
strlcpy(prefix, SYMLINK_PREFIX, sizeof prefix); /* trim the trailing slash */
813
if (do_stat(prefix, &st) == 0 && S_ISDIR(st.st_mode)) {
814
rprintf(FLOG, "Symlink munging is unsafe when a %s directory exists.\n",
700
816
io_printf(f_out, "@ERROR: daemon security issue -- contact admin\n", name);
701
817
exit_cleanup(RERR_UNSUPPORTED);
706
/* XXXX: You could argue that if the daemon is started
707
* by a non-root user and they explicitly specify a
708
* gid, then we should try to change to that gid --
709
* this could be possible if it's already in their
710
* supplementary groups. */
712
/* TODO: Perhaps we need to document that if rsyncd is
713
* started by somebody other than root it will inherit
714
* all their supplementary groups. */
717
rsyserr(FLOG, errno, "setgid %d failed", (int)gid);
822
if (setgid(gid_list[0])) {
823
rsyserr(FLOG, errno, "setgid %ld failed", (long)gid_list[0]);
718
824
io_printf(f_out, "@ERROR: setgid failed\n");
721
827
#ifdef HAVE_SETGROUPS
722
/* Get rid of any supplementary groups this process
723
* might have inheristed. */
724
if (setgroups(1, &gid)) {
828
/* Set the group(s) we want to be active. */
829
if (setgroups(gid_count, gid_list)) {
725
830
rsyserr(FLOG, errno, "setgroups failed");
726
831
io_printf(f_out, "@ERROR: setgroups failed\n");
835
#if defined HAVE_INITGROUPS && !defined HAVE_GETGROUPLIST
836
/* pw is set if the user wants all the user's groups. */
837
if (pw && initgroups(pw->pw_name, pw->pw_gid) < 0) {
838
rsyserr(FLOG, errno, "initgroups failed");
839
io_printf(f_out, "@ERROR: initgroups failed\n");
731
846
if (setuid(uid) < 0
732
847
#ifdef HAVE_SETEUID
733
848
|| seteuid(uid) < 0
736
rsyserr(FLOG, errno, "setuid %d failed", (int)uid);
851
rsyserr(FLOG, errno, "setuid %ld failed", (long)uid);
737
852
io_printf(f_out, "@ERROR: setuid failed\n");
756
871
read_args(f_in, name, line, sizeof line, rl_nulls, &argv, &argc, &request);
757
872
orig_argv = argv;
759
verbose = 0; /* future verbosity is controlled by client options */
874
save_munge_symlinks = munge_symlinks;
876
reset_output_levels(); /* future verbosity is controlled by client options */
760
877
ret = parse_arguments(&argc, (const char ***) &argv);
761
878
if (protect_args && ret) {
762
879
orig_early_argv = orig_argv;
768
885
orig_early_argv = NULL;
887
munge_symlinks = save_munge_symlinks; /* The client mustn't control this. */
770
889
if (pre_exec_pid) {
771
err_msg = finish_pre_exec(pre_exec_pid, pre_exec_fd, request,
772
orig_early_argv, orig_argv);
890
err_msg = finish_pre_exec(pre_exec_pid, pre_exec_arg_fd, pre_exec_error_fd,
891
request, orig_early_argv, orig_argv);
775
894
if (orig_early_argv)
809
928
/* don't allow the logs to be flooded too fast */
810
if (verbose > lp_max_verbosity(i))
811
verbose = lp_max_verbosity(i);
929
limit_output_verbosity(lp_max_verbosity(i));
814
932
if (protocol_version < 23
815
933
&& (protocol_version == 22 || am_sender))
816
io_start_multiplex_out();
934
io_start_multiplex_out(f_out);
817
935
else if (!ret || err_msg) {
818
936
/* We have to get I/O multiplexing started so that we can
819
937
* get the error back to the client. This means getting
838
956
write_byte(f_out, 0);
840
io_start_multiplex_out();
958
io_start_multiplex_out(f_out);
843
961
if (!ret || err_msg) {
845
rwrite(FERROR, err_msg, strlen(err_msg), 0);
963
while ((p = strchr(err_msg, '\n')) != NULL) {
964
int len = p - err_msg + 1;
965
rwrite(FERROR, err_msg, len, 0);
969
rprintf(FERROR, "%s\n", err_msg);
849
973
exit_cleanup(RERR_UNSUPPORTED);
989
1113
cleanup_set_pid(pid);
990
if ((fd = do_open(pid_file, O_WRONLY|O_CREAT|O_EXCL, 0666 & ~orig_umask)) == -1) {
1114
if ((fd = do_open(pid_file, O_WRONLY|O_CREAT|O_EXCL, 0666)) == -1) {
992
1116
cleanup_set_pid(0);
993
1117
fprintf(stderr, "failed to create pid file %s: %s\n", pid_file, strerror(errno));
994
1118
rsyserr(FLOG, errno, "failed to create pid file %s", pid_file);
995
1119
exit_cleanup(RERR_FILEIO);
997
snprintf(pidbuf, sizeof pidbuf, "%ld\n", (long)pid);
1121
snprintf(pidbuf, sizeof pidbuf, "%d\n", (int)pid);
998
1122
len = strlen(pidbuf);
999
1123
if (write(fd, pidbuf, len) != len)