-- Martin Pool <mbp@samba.org>
-$Id$
-
-
-
This is the protocol used for rsync --daemon; i.e. connections to port
873 rather than invocations over a remote shell.
-When the server accepts a connection, it prints a greeting
+When the server accepts a connection, it prints a newline-terminated
+greeting line:
+
+ @RSYNCD: <version>.<subprotocol> <digest1> <digestN>
- @RSYNCD: <version>
+The <version> is the numeric version (see PROTOCOL_VERSION in rsync.h)
+The <subprotocol> is the numeric subprotocol version (which is 0 for a
+final protocol version, as the SUBPROTOCOL_VERSION define discusses).
+The <digestN> names are the authentication digest algorithms that the
+daemon supports, listed in order of preference.
-where <version> is the numeric version; currently 24. It follows this
-with a free text message-of-the-day. It expects to see a similar
-greeting back from the client.
+An rsync prior to 3.2.7 omits the digest names. An rsync prior to 3.0.0
+also omits the period and the <subprotocol> value. Since a final
+protocol has a subprotocol value of 0, a missing subprotocol value is
+assumed to be 0 for any protocol prior to 30. It is considered a fatal
+error for protocol 30 and above to omit it. It is considered a fatal
+error for protocol 32 and above to omit the digest name list (currently
+31 is the newest protocol).
+
+The daemon expects to see a similar greeting line back from the client.
+Once received, the daemon follows the opening line with a free-format
+text message-of-the-day (if any is defined).
The server is now in the connected state. The client can either send
-the command
+the command:
#list
-to get a listing of modules, or the name of a module. After this, the
+(to get a listing of modules) or the name of a module. After this, the
connection is now bound to a particular module. Access per host for
this module is now checked, as is per-module connection limits.
-If authentication is required to use this module, the server will say
+If authentication is required to use this module, the server will say:
@RSYNCD: AUTHREQD <challenge>
where <challenge> is a random string of base64 characters. The client
-must respond with
+must respond with:
<user> <response>
-where <user> is the username they claim to be, and <response> is the
-base64 form of the MD4 hash of challenge+password.
+The <user> is the username they claim to be. The <response> is the
+base64 form of the digest hash of the challenge+password string. The
+chosen digest method is the most preferred client method that is also in
+the server's list. If no digest list was explicitly provided, the side
+expecting a list assumes the other side provided either the single name
+"md5" (for a negotiated protocol 30 or 31), or the single name "md4"
+(for an older protocol).
At this point the server applies all remaining constraints before
handing control to the client, including switching uid/gid, setting up
allow the server to asynchronously pass errors back, while still
allowing streamed and pipelined data.
+Unfortunately, the multiplex protocol is not used at every stage. We
+start up in plain socket mode and then change over by calling
+io_start_buffering. Of course both the client and the server have to
+do this at the same point.
+
The server then talks to the client as normal across the socket,
passing checksums, file lists and so on. For documentation of that,
stay tuned (or write it yourself!).
+
+
+------------
+Protocol version changes
+
+31 (2013-09-28, 3.1.0)
+
+ Initial release of protocol 31 had no changes. Rsync 3.2.7
+ introduced the suffixed list of digest names on the greeting
+ line. The presence of the list is allowed even if the greeting
+ indicates an older protocol version number.
+
+30 (2007-10-04, 3.0.0pre1)
+
+ The use of a ".<subprotocol>" number was added to
+ @RSYNCD: <version>.<subprotocol>
+
+25 (2001-08-20, 2.4.7pre2)
+
+ Send an explicit "@RSYNC EXIT" command at the end of the
+ module listing. We never intentionally end the transmission
+ by just closing the socket anymore.
git.samba.org / rsync.git / blobdiff