diff options
| -rw-r--r-- | authenticate.c | 7 | ||||
| -rw-r--r-- | clientserver.c | 24 | ||||
| -rw-r--r-- | flist.c | 2 | ||||
| -rw-r--r-- | loadparm.c | 2 | ||||
| -rw-r--r-- | log.c | 35 |
5 files changed, 45 insertions, 25 deletions
diff --git a/authenticate.c b/authenticate.c index 351c8a0a..6a389dbb 100644 --- a/authenticate.c +++ b/authenticate.c @@ -107,12 +107,7 @@ static int get_secret(int module, char *user, char *secret, int len) close(fd); if (!found) return 0; - if (strlen(pass) > len-1) { - memset(line, 0, sizeof(line)); - return 0; - } - - strcpy(secret, pass); + strlcpy(secret, pass, len); return 1; } diff --git a/clientserver.c b/clientserver.c index 1c0bd7ec..9cac2ef3 100644 --- a/clientserver.c +++ b/clientserver.c @@ -103,8 +103,8 @@ static int rsync_module(int fd, int i) char *argv[MAX_ARGS]; char **argp; char line[MAXPATHLEN]; - uid_t uid; - gid_t gid; + uid_t uid = (uid_t)-2; + gid_t gid = (gid_t)-2; char *p; char *addr = client_addr(fd); char *host = client_name(fd); @@ -133,8 +133,6 @@ static int rsync_module(int fd, int i) return -1; } - rprintf(FINFO,"rsync on module %s from %s (%s)\n", - name, host, addr); module_id = i; @@ -167,22 +165,28 @@ static int rsync_module(int fd, int i) p = lp_exclude(i); add_exclude_line(p); + log_open(); + if (chroot(lp_path(i))) { + rprintf(FERROR,"chroot %s failed\n", lp_path(i)); io_printf(fd,"@ERROR: chroot failed\n"); return -1; } if (chdir("/")) { + rprintf(FERROR,"chdir %s failed\n", lp_path(i)); io_printf(fd,"@ERROR: chdir failed\n"); return -1; } - if (setgid(gid)) { + if (setgid(gid) || getgid() != gid) { + rprintf(FERROR,"setgid %d failed\n", gid); io_printf(fd,"@ERROR: setgid failed\n"); return -1; } - if (setuid(uid)) { + if (setuid(uid) || getuid() != uid) { + rprintf(FERROR,"setuid %d failed\n", uid); io_printf(fd,"@ERROR: setuid failed\n"); return -1; } @@ -206,7 +210,11 @@ static int rsync_module(int fd, int i) } if (start_glob) { - rprintf(FINFO,"transferring %s\n",p); + if (start_glob == 1) { + rprintf(FINFO,"rsync on %s from %s (%s)\n", + p, host, addr); + start_glob++; + } glob_expand(name, argv, &argc, MAX_ARGS); } else { argc++; @@ -319,6 +327,8 @@ static int start_daemon(int fd) int daemon_main(void) { + log_open(); + if (is_a_socket(STDIN_FILENO)) { /* we are running via inetd */ return start_daemon(STDIN_FILENO); @@ -616,7 +616,7 @@ struct file_list *send_file_list(int f,int argc,char *argv[]) thus getting their permissions right */ *p = 0; if (strcmp(lastpath,fname)) { - strcpy(lastpath, fname); + strlcpy(lastpath, fname, sizeof(lastpath)-1); *p = '/'; for (p=fname+1; (p=strchr(p,'/')); p++) { *p = 0; @@ -583,7 +583,7 @@ static BOOL lp_do_parameter(int snum, char *parmname, char *parmvalue) break; case P_GSTRING: - strcpy((char *)parm_ptr,parmvalue); + strlcpy((char *)parm_ptr,parmvalue,sizeof(pstring)-1); break; case P_ENUM: @@ -24,6 +24,30 @@ #include "rsync.h" +void log_open(void) +{ + static int initialised; + int options = LOG_PID; + + if (initialised) return; + initialised = 1; + +#ifdef LOG_NDELAY + options |= LOG_NDELAY; +#endif + +#ifdef LOG_DAEMON + openlog("rsyncd", options, lp_syslog_facility()); +#else + openlog("rsyncd", options); +#endif + +#ifndef LOG_NDELAY + syslog(LOG_INFO,"rsyncd started\n"); +#endif +} + + /* this is the rsync debugging function. Call it with FINFO or FERROR */ void rprintf(int fd, const char *format, ...) { @@ -44,19 +68,10 @@ void rprintf(int fd, const char *format, ...) buf[len] = 0; if (am_daemon) { - static int initialised; int priority = LOG_INFO; if (fd == FERROR) priority = LOG_WARNING; - if (!initialised) { - initialised = 1; -#ifdef LOG_DAEMON - openlog("rsyncd", LOG_PID, lp_syslog_facility()); -#else - openlog("rsyncd", LOG_PID); -#endif - } - + log_open(); syslog(priority, "%s", buf); return; } |