Allow --password-file=- for a stdin-supplied password.

2 files changed, 30 insertions, 22 deletions

diff --git a/authenticate.c b/authenticate.c
index c11db253..84d78c52 100644
--- a/authenticate.c
+++ b/authenticate.c
@@ -170,31 +170,38 @@ static const char *getpassf(const char *filename)
 {
 	STRUCT_STAT st;
 	char buffer[512], *p;
-	int fd, n;
+	int n;
 
 	if (!filename)
 		return NULL;
 
-	if ((fd = open(filename,O_RDONLY)) < 0) {
-		rsyserr(FERROR, errno, "could not open password file %s", filename);
-		exit_cleanup(RERR_SYNTAX);
-	}
+	if (strcmp(filename, "-") == 0) {
+		n = fgets(buffer, sizeof buffer, stdin) == NULL ? -1 : (int)strlen(buffer);
+	} else {
+		int fd;
 
-	if (do_stat(filename, &st) == -1) {
-		rsyserr(FERROR, errno, "stat(%s)", filename);
-		exit_cleanup(RERR_SYNTAX);
-	}
-	if ((st.st_mode & 06) != 0) {
-		rprintf(FERROR, "ERROR: password file must not be other-accessible\n");
-		exit_cleanup(RERR_SYNTAX);
-	}
-	if (MY_UID() == 0 && st.st_uid != 0) {
-		rprintf(FERROR, "ERROR: password file must be owned by root when running as root\n");
-		exit_cleanup(RERR_SYNTAX);
+		if ((fd = open(filename,O_RDONLY)) < 0) {
+			rsyserr(FERROR, errno, "could not open password file %s", filename);
+			exit_cleanup(RERR_SYNTAX);
+		}
+
+		if (do_stat(filename, &st) == -1) {
+			rsyserr(FERROR, errno, "stat(%s)", filename);
+			exit_cleanup(RERR_SYNTAX);
+		}
+		if ((st.st_mode & 06) != 0) {
+			rprintf(FERROR, "ERROR: password file must not be other-accessible\n");
+			exit_cleanup(RERR_SYNTAX);
+		}
+		if (MY_UID() == 0 && st.st_uid != 0) {
+			rprintf(FERROR, "ERROR: password file must be owned by root when running as root\n");
+			exit_cleanup(RERR_SYNTAX);
+		}
+
+		n = read(fd, buffer, sizeof buffer - 1);
+		close(fd);
 	}
 
-	n = read(fd, buffer, sizeof buffer - 1);
-	close(fd);
 	if (n > 0) {
 		buffer[n] = '\0';
 		if ((p = strtok(buffer, "\n\r")) != NULL)
diff --git a/rsync.yo b/rsync.yo
index 3aef0c2d..2f68e478 100644
--- a/rsync.yo
+++ b/rsync.yo
@@ -2416,10 +2416,11 @@ want to see how the transfer is doing without scrolling the screen with a
 lot of names.  (You don't need to specify the bf(--progress) option in
 order to use bf(--info=progress2).)
 
-dit(bf(--password-file)) This option allows you to provide a password in a
-file for accessing an rsync daemon.  The file must not be world readable.
-It should contain just the password as the first line of the file (all
-other lines are ignored).
+dit(bf(--password-file=FILE)) This option allows you to provide a password for
+accessing an rsync daemon via a file or via standard input if bf(FILE) is
+bf(-).  The file should contain just the password on the first line (all other
+lines are ignored).  Rsync will exit with an error if bf(FILE) is world
+readable or if a root-run rsync command finds a non-root-owned file.
 
 This option does not supply a password to a remote shell transport such as
 ssh; to learn how to do that, consult the remote shell's documentation.