Updated to apply cleanly.
[rsync-patches.git] / openssl-support.diff
1 After applying this patch, run these commands for a successful build:
2
3     autoconf
4     autoheader
5     ./configure
6     make proto
7     make
8
9 Casey Marshall writes:
10
11 I've been hacking together a way to use rsync with OpenSSL, and have
12 attached my current patch against a recent CVS tree. The details of
13 this implementation are:
14
15   1. The SSL code is added as a "layer" that is forked into its own
16      process.
17
18   2. An SSL connection is established by the client issuing the
19      command:
20
21        #starttls
22
23      And, if the server allows SSL, it replies with
24
25        @RSYNCD: starttls
26
27      At which point both sides begin negotiating the SSL connection.
28      Servers that can't or don't want to use SSL just treat it as a
29      normal unknown command.
30
31   3. The SSL code is meant to be unobtrusive, and when this patch is
32      applied the program may still be built with no SSL code.
33
34   4. There are a number of details not implemented.
35
36 All warnings apply; I don't do C programming all that often, so I
37 can't say if I've left any cleanup/compatibility errors in the code.
38
39
40 --- Makefile.in 15 May 2004 00:48:11 -0000      1.101
41 +++ Makefile.in 18 Jun 2004 17:28:26 -0000
42 @@ -39,7 +39,7 @@ OBJS3=progress.o pipe.o
43  DAEMON_OBJ = params.o loadparm.o clientserver.o access.o connection.o authenticate.o
44  popt_OBJS=popt/findme.o  popt/popt.o  popt/poptconfig.o \
45         popt/popthelp.o popt/poptparse.o
46 -OBJS=$(OBJS1) $(OBJS2) $(OBJS3) $(DAEMON_OBJ) $(LIBOBJ) $(ZLIBOBJ) @BUILD_POPT@
47 +OBJS=$(OBJS1) $(OBJS2) $(OBJS3) $(DAEMON_OBJ) $(LIBOBJ) $(ZLIBOBJ) @BUILD_POPT@ @SSL_OBJS@
48  
49  TLS_OBJ = tls.o syscall.o lib/permstring.o
50  
51 --- cleanup.c   13 May 2004 07:08:18 -0000      1.22
52 +++ cleanup.c   18 Jun 2004 17:28:26 -0000
53 @@ -24,6 +24,9 @@
54  extern int io_error;
55  extern int keep_partial;
56  extern int log_got_error;
57 +#ifdef HAVE_OPENSSL
58 +extern int use_ssl;
59 +#endif
60  
61  /**
62   * Close all open sockets and files, allowing a (somewhat) graceful
63 @@ -99,6 +102,11 @@ void _exit_cleanup(int code, const char 
64         signal(SIGUSR1, SIG_IGN);
65         signal(SIGUSR2, SIG_IGN);
66  
67 +#ifdef HAVE_OPENSSL
68 +       if (use_ssl)
69 +               end_tls();
70 +#endif
71 +
72         if (verbose > 3) {
73                 rprintf(FINFO,"_exit_cleanup(code=%d, file=%s, line=%d): entered\n",
74                         code, file, line);
75 --- clientserver.c      13 Jun 2004 14:18:48 -0000      1.127
76 +++ clientserver.c      18 Jun 2004 17:28:26 -0000
77 @@ -46,6 +46,9 @@ extern int io_timeout;
78  extern int orig_umask;
79  extern int no_detach;
80  extern int default_af_hint;
81 +#ifdef HAVE_OPENSSL
82 +extern int use_ssl;
83 +#endif
84  extern char *bind_address;
85  extern struct exclude_list_struct server_exclude_list;
86  extern char *exclude_path_prefix;
87 @@ -93,8 +96,18 @@ int start_socket_client(char *host, char
88                 exit_cleanup(RERR_SOCKETIO);
89  
90         ret = start_inband_exchange(user, path, fd, fd, argc);
91 +       if (ret < 0)
92 +               return ret;
93 +
94 +#ifdef HAVE_OPENSSL
95 +       if (use_ssl) {
96 +               int f_in = get_tls_rfd();
97 +               int f_out = get_tls_wfd();
98 +               return client_run(f_in, f_out, -1, argc, argv);
99 +       }
100 +#endif
101  
102 -       return ret < 0? ret : client_run(fd, fd, -1, argc, argv);
103 +       return client_run(fd, fd, -1, argc, argv);
104  }
105  
106  int start_inband_exchange(char *user, char *path, int f_in, int f_out, int argc)
107 @@ -148,6 +161,33 @@ int start_inband_exchange(char *user, ch
108         if (protocol_version > remote_protocol)
109                 protocol_version = remote_protocol;
110  
111 +#ifdef HAVE_OPENSSL
112 +       if (use_ssl) {
113 +               io_printf(f_out, "#starttls\n");
114 +               while (1) {
115 +                       if (!read_line(f_in, line, sizeof(line)-1)) {
116 +                               rprintf(FERROR, "rsync: did not receive reply to #starttls\n");
117 +                               return -1;
118 +                       }
119 +                       if (strncmp(line, "@ERROR", 6) == 0) {
120 +                               rprintf(FERROR, "rsync: ssl connection denied\n");
121 +                               return -1;
122 +                       }
123 +                       if (strcmp(line, "@RSYNCD: starttls") == 0) {
124 +                               break;
125 +                       }
126 +                       rprintf(FINFO, "%s\n", line);
127 +               }
128 +               if (start_tls(f_in, f_out)) {
129 +                       rprintf(FERROR, "rsync: error during SSL handshake: %s\n",
130 +                               get_ssl_error());
131 +                       return -1;
132 +               }
133 +               f_in = get_tls_rfd();
134 +               f_out = get_tls_wfd();
135 +       }
136 +#endif
137 +
138         p = strchr(path,'/');
139         if (p) *p = 0;
140         io_printf(f_out, "%s\n", path);
141 @@ -176,6 +216,10 @@ int start_inband_exchange(char *user, ch
142                          * server to terminate the listing of modules.
143                          * We don't want to go on and transfer
144                          * anything; just exit. */
145 +#ifdef HAVE_OPENSSL
146 +                       if (use_ssl)
147 +                               end_tls();
148 +#endif
149                         exit(0);
150                 }
151  
152 @@ -183,6 +227,10 @@ int start_inband_exchange(char *user, ch
153                         rprintf(FERROR, "%s\n", line);
154                         /* This is always fatal; the server will now
155                          * close the socket. */
156 +#ifdef HAVE_OPENSSL
157 +                       if (use_ssl)
158 +                               end_tls();
159 +#endif
160                         return RERR_STARTCLIENT;
161                 } else {
162                         rprintf(FINFO,"%s\n", line);
163 @@ -487,6 +535,7 @@ static void send_listing(int fd)
164                 io_printf(fd,"@RSYNCD: EXIT\n");
165  }
166  
167 +
168  /* this is called when a connection is established to a client
169     and we want to start talking. The setup of the system is done from
170     here */
171 @@ -544,6 +593,20 @@ int start_daemon(int f_in, int f_out)
172                         return -1;
173                 }
174  
175 +#if HAVE_OPENSSL
176 +               if (use_ssl && strcmp(line, "#starttls") == 0) {
177 +                       io_printf(f_out, "@RSYNCD: starttls\n");
178 +                       if (start_tls(f_in, f_out)) {
179 +                               rprintf(FLOG, "SSL connection failed: %s\n",
180 +                                       get_ssl_error());
181 +                               return -1;
182 +                       }
183 +                       f_in = get_tls_rfd();
184 +                       f_out = get_tls_wfd();
185 +                       continue;
186 +               }
187 +#endif
188 +
189                 if (*line == '#') {
190                         /* it's some sort of command that I don't understand */
191                         io_printf(f_out, "@ERROR: Unknown command '%s'\n", line);
192 --- config.h.in 29 Apr 2004 19:40:39 -0000      1.90
193 +++ config.h.in 18 Jun 2004 17:28:26 -0000
194 @@ -167,6 +167,9 @@
195  /* */
196  #undef HAVE_OFF64_T
197  
198 +/* true if you want to use SSL. */
199 +#undef HAVE_OPENSSL
200 +
201  /* Define to 1 if you have the `readlink' function. */
202  #undef HAVE_READLINK
203  
204 --- configure.in        30 Apr 2004 18:03:33 -0000      1.196
205 +++ configure.in        18 Jun 2004 17:28:26 -0000
206 @@ -271,6 +271,21 @@ yes
207         AC_SEARCH_LIBS(getaddrinfo, inet6)
208  fi
209  
210 +AC_ARG_ENABLE(openssl,
211 +              AC_HELP_STRING([--enable-openssl], [compile SSL support with OpenSSL.]))
212 +
213 +if test "x$enable_openssl" != xno
214 +then
215 +       have_ssl=yes
216 +       AC_CHECK_LIB(ssl, SSL_library_init, , [have_ssl=no])
217 +       if test "x$have_ssl" = xyes
218 +       then
219 +               AC_DEFINE(HAVE_OPENSSL, 1, [true if you want to use SSL.])
220 +               SSL_OBJS=ssl.o
221 +               AC_SUBST(SSL_OBJS)
222 +       fi
223 +fi
224 +
225  AC_MSG_CHECKING([whether to call shutdown on all sockets])
226  case $host_os in
227         *cygwin* ) AC_MSG_RESULT(yes)
228 --- main.c      18 Jun 2004 16:50:20 -0000      1.198
229 +++ main.c      18 Jun 2004 17:28:26 -0000
230 @@ -52,6 +52,9 @@ extern int rsync_port;
231  extern int read_batch;
232  extern int write_batch;
233  extern int filesfrom_fd;
234 +#ifdef HAVE_OPENSSL
235 +extern int use_ssl;
236 +#endif
237  extern pid_t cleanup_child_pid;
238  extern char *files_from;
239  extern char *remote_filesfrom_file;
240 @@ -709,17 +712,32 @@ static int start_client(int argc, char *
241         pid_t pid;
242         int f_in,f_out;
243         int rc;
244 +       int url_prefix = strlen(URL_PREFIX);
245  
246         /* Don't clobber argv[] so that ps(1) can still show the right
247          * command line. */
248         if ((rc = copy_argv(argv)))
249                 return rc;
250  
251 +       if (strncasecmp(URL_PREFIX, argv[0], url_prefix) != 0) {
252 +#ifdef HAVE_OPENSSL
253 +               url_prefix = strlen(SSL_URL_PREFIX);
254 +               if (strncasecmp(SSL_URL_PREFIX, argv[0], url_prefix) != 0)
255 +                       url_prefix = 0;
256 +               else {
257 +                       if (!use_ssl)
258 +                               init_tls();
259 +                       use_ssl = 1;
260 +               }
261 +#else
262 +               url_prefix = 0;
263 +#endif
264 +       }
265         /* rsync:// always uses rsync server over direct socket connection */
266 -       if (strncasecmp(URL_PREFIX, argv[0], strlen(URL_PREFIX)) == 0) {
267 +       if (url_prefix) {
268                 char *host, *path;
269  
270 -               host = argv[0] + strlen(URL_PREFIX);
271 +               host = argv[0] + url_prefix;
272                 p = strchr(host,'/');
273                 if (p) {
274                         *p = 0;
275 @@ -767,12 +785,27 @@ static int start_client(int argc, char *
276                         argv++;
277                 } else { /* source is local */
278                         am_sender = 1;
279 +                       url_prefix = strlen(URL_PREFIX);
280 +                       if (strncasecmp(URL_PREFIX, argv[0], url_prefix) != 0) {
281 +#ifdef HAVE_OPENSSL
282 +                               url_prefix = strlen(SSL_URL_PREFIX);
283 +                               if (strncasecmp(SSL_URL_PREFIX, argv[0], url_prefix) != 0)
284 +                                       url_prefix = 0;
285 +                               else {
286 +                                       if (!use_ssl)
287 +                                               init_tls();
288 +                                       use_ssl = 1;
289 +                               }
290 +#else
291 +                               url_prefix = 0;
292 +#endif
293 +                       }
294  
295                         /* rsync:// destination uses rsync server over direct socket */
296 -                       if (strncasecmp(URL_PREFIX, argv[argc-1], strlen(URL_PREFIX)) == 0) {
297 +                       if (url_prefix) {
298                                 char *host, *path;
299  
300 -                               host = argv[argc-1] + strlen(URL_PREFIX);
301 +                               host = argv[argc-1] + url_prefix;
302                                 p = strchr(host,'/');
303                                 if (p) {
304                                         *p = 0;
305 --- options.c   7 Jun 2004 22:05:22 -0000       1.156
306 +++ options.c   18 Jun 2004 17:28:27 -0000
307 @@ -133,6 +133,14 @@ int quiet = 0;
308  int always_checksum = 0;
309  int list_only = 0;
310  
311 +#ifdef HAVE_OPENSSL
312 +int use_ssl = 0;
313 +char *ssl_cert_path = NULL;
314 +char *ssl_key_path = NULL;
315 +char *ssl_key_passwd = NULL;
316 +char *ssl_ca_path = NULL;
317 +#endif
318 +
319  #define FIXED_CHECKSUM_SEED 32761
320  #define MAX_BATCH_PREFIX_LEN 256       /* Must be less than MAXPATHLEN-13 */
321  char *batch_prefix = NULL;
322 @@ -145,13 +153,13 @@ static int modify_window_set;
323   * address, or a hostname. **/
324  char *bind_address;
325  
326 -
327  static void print_rsync_version(enum logcode f)
328  {
329         char const *got_socketpair = "no ";
330         char const *hardlinks = "no ";
331         char const *links = "no ";
332         char const *ipv6 = "no ";
333 +       char const *ssl = "no ";
334         STRUCT_STAT *dumstat;
335  
336  #ifdef HAVE_SOCKETPAIR
337 @@ -170,6 +178,10 @@ static void print_rsync_version(enum log
338         ipv6 = "";
339  #endif
340  
341 +#ifdef HAVE_OPENSSL
342 +       ssl = "";
343 +#endif
344 +
345         rprintf(f, "%s  version %s  protocol version %d\n",
346                 RSYNC_NAME, RSYNC_VERSION, PROTOCOL_VERSION);
347         rprintf(f,
348 @@ -183,10 +195,10 @@ static void print_rsync_version(enum log
349         /* Note that this field may not have type ino_t.  It depends
350          * on the complicated interaction between largefile feature
351          * macros. */
352 -       rprintf(f, "              %sIPv6, %d-bit system inums, %d-bit internal inums\n",
353 +       rprintf(f, "              %sIPv6, %d-bit system inums, %d-bit internal inums, %sssl\n",
354                 ipv6,
355                 (int) (sizeof dumstat->st_ino * 8),
356 -               (int) (sizeof (uint64) * 8));
357 +               (int) (sizeof (uint64) * 8), ssl);
358  #ifdef MAINTAINER_MODE
359         rprintf(f, "              panic action: \"%s\"\n",
360                 get_panic_action());
361 @@ -299,6 +311,13 @@ void usage(enum logcode F)
362    rprintf(F," -4  --ipv4                  prefer IPv4\n");
363    rprintf(F," -6  --ipv6                  prefer IPv6\n");
364  #endif
365 +#ifdef HAVE_OPENSSL
366 +  rprintf(F,"     --ssl                   allow socket connections to use SSL\n");
367 +  rprintf(F,"     --ssl-cert=FILE         path to server's SSL certificate\n");
368 +  rprintf(F,"     --ssl-key=FILE          path to server's SSL private key\n");
369 +  rprintf(F,"     --ssl-key-passwd=PASS   password for PEM-encoded private key\n");
370 +  rprintf(F,"     --ssl-ca-certs=FILE     path to trusted CA certificates\n");
371 +#endif
372    rprintf(F," -h, --help                  show this help screen\n");
373  
374    rprintf(F,"\n");
375 @@ -310,7 +329,7 @@ void usage(enum logcode F)
376  enum {OPT_VERSION = 1000, OPT_SENDER, OPT_EXCLUDE, OPT_EXCLUDE_FROM,
377        OPT_DELETE_AFTER, OPT_DELETE_EXCLUDED, OPT_LINK_DEST,
378        OPT_INCLUDE, OPT_INCLUDE_FROM, OPT_MODIFY_WINDOW,
379 -      OPT_READ_BATCH, OPT_WRITE_BATCH, OPT_TIMEOUT,
380 +      OPT_READ_BATCH, OPT_WRITE_BATCH, OPT_TIMEOUT, OPT_USE_SSL,
381        OPT_REFUSED_BASE = 9000};
382  
383  static struct poptOption long_options[] = {
384 @@ -397,6 +416,13 @@ static struct poptOption long_options[] 
385    {"ipv4",            '4', POPT_ARG_VAL,    &default_af_hint, AF_INET, 0, 0 },
386    {"ipv6",            '6', POPT_ARG_VAL,    &default_af_hint, AF_INET6, 0, 0 },
387  #endif
388 +#ifdef HAVE_OPENSSL
389 +  {"ssl",              0,  POPT_ARG_NONE,   0,               OPT_USE_SSL, 0, 0},
390 +  {"ssl-cert",         0,  POPT_ARG_STRING, &ssl_cert_path,  OPT_USE_SSL, 0, 0},
391 +  {"ssl-key",          0,  POPT_ARG_STRING, &ssl_key_path,   OPT_USE_SSL, 0, 0},
392 +  {"ssl-key-passwd",   0,  POPT_ARG_STRING, &ssl_key_passwd, OPT_USE_SSL, 0, 0},
393 +  {"ssl-ca-certs",     0,  POPT_ARG_STRING, &ssl_ca_path,    OPT_USE_SSL, 0, 0},
394 +#endif
395    {0,0,0,0, 0, 0, 0}
396  };
397  
398 @@ -596,6 +622,12 @@ int parse_arguments(int *argc, const cha
399                         return 0;
400  #endif
401  
402 +               case OPT_USE_SSL:
403 +#ifdef HAVE_OPENSSL
404 +                       use_ssl = 1;
405 +#endif
406 +                       break;
407 +
408                 default:
409                         /* A large opt value means that set_refuse_options()
410                          * turned this option off (opt-BASE is its index). */
411 @@ -733,6 +765,17 @@ int parse_arguments(int *argc, const cha
412         if (do_progress && !verbose)
413                 verbose = 1;
414  
415 +#ifdef HAVE_OPENSSL
416 +       if (use_ssl) {
417 +               if (init_tls()) {
418 +                       snprintf(err_buf, sizeof(err_buf),
419 +                                "Openssl error: %s\n",
420 +                                get_ssl_error());
421 +                       return 0;
422 +               }
423 +       }
424 +#endif
425 +
426         if (bwlimit) {
427                 bwlimit_writemax = (size_t)bwlimit * 128;
428                 if (bwlimit_writemax < 512)
429 --- rsync.h     16 May 2004 07:28:24 -0000      1.204
430 +++ rsync.h     18 Jun 2004 17:28:27 -0000
431 @@ -32,6 +32,7 @@
432  
433  #define DEFAULT_LOCK_FILE "/var/run/rsyncd.lock"
434  #define URL_PREFIX "rsync://"
435 +#define SSL_URL_PREFIX "rsyncs://"
436  
437  #define BACKUP_SUFFIX "~"
438  
439 @@ -326,6 +327,11 @@ enum msgcode {
440  #define uint64 unsigned off_t
441  #endif
442  
443 +#if HAVE_OPENSSL
444 +#include <openssl/ssl.h>
445 +#include <openssl/err.h>
446 +#endif
447 +
448  /* Starting from protocol version 26, we always use 64-bit
449   * ino_t and dev_t internally, even if this platform does not
450   * allow files to have 64-bit inums.  That's because the
451 --- /dev/null   1 Jan 1970 00:00:00 -0000
452 +++ ssl.c       18 Jun 2004 17:28:27 -0000
453 @@ -0,0 +1,366 @@
454 +/* -*- c-file-style: "linux" -*-
455 + * ssl.c: operations for negotiating SSL rsync connections. 
456 + *
457 + * Copyright (C) 2003  Casey Marshall <rsdio@metastatic.org>
458 + *
459 + * This program is free software; you can redistribute it and/or modify
460 + * it under the terms of the GNU General Public License as published by
461 + * the Free Software Foundation; either version 2 of the License, or
462 + * (at your option) any later version.
463 + * 
464 + * This program is distributed in the hope that it will be useful,
465 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
466 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
467 + * GNU General Public License for more details.
468 + * 
469 + * You should have received a copy of the GNU General Public License
470 + * along with this program; if not, write to the Free Software
471 + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
472 + */
473 +
474 +#include "rsync.h"
475 +
476 +#ifdef HAVE_SYS_SELECT_H
477 +#include <sys/select.h>
478 +#else
479 +#include <sys/time.h>
480 +#include <sys/types.h>
481 +#include <unistd.h>
482 +#endif
483 +#include <string.h>
484 +
485 +#define BUF_SIZE 1024
486 +
487 +extern int verbose;
488 +extern int am_daemon;
489 +extern int am_server;
490 +
491 +extern char *ssl_cert_path;
492 +extern char *ssl_key_path;
493 +extern char *ssl_key_passwd;
494 +extern char *ssl_ca_path;
495 +
496 +static SSL_CTX *ssl_ctx;
497 +static SSL *ssl;
498 +static int tls_read[2] = { -1, -1 };
499 +static int tls_write[2] = { -1, -1 };
500 +static int ssl_running;
501 +static int ssl_pid = -1;
502 +
503 +/**
504 + * A non-interactive callback to be passed to SSL_CTX_set_default_password_cb,
505 + * which merely copies the value of ssl_key_passwd into buf. This is
506 + * used for when the private key password is supplied via an option.
507 + */
508 +static int default_password_cb(char *buf, int n, UNUSED(int f), UNUSED(void *u))
509 +{
510 +       if (ssl_key_passwd == NULL || n < strlen(ssl_key_passwd))
511 +               return 0;
512 +       strncpy(buf, ssl_key_passwd, n-1);
513 +       return strlen(ssl_key_passwd);
514 +}
515 +
516 +/**
517 + * If verbose, this method traces the status of the SSL handshake.
518 + */
519 +static void info_callback(SSL *ssl, int cb, int val)
520 +{
521 +       char buf[128];
522 +       char *cbs;
523 +
524 +       switch (cb) {
525 +       case SSL_CB_LOOP:
526 +               cbs = "SSL_CB_LOOP";
527 +               break;
528 +       case SSL_CB_EXIT:
529 +               cbs = "SSL_CB_EXIT";
530 +               break;
531 +       case SSL_CB_READ:
532 +               cbs = "SSL_CB_READ";
533 +               break;
534 +       case SSL_CB_WRITE:
535 +               cbs = "SSL_CB_WRITE";
536 +               break;
537 +       case SSL_CB_ALERT:
538 +               cbs = "SSL_CB_ALERT";
539 +               break;
540 +       case SSL_CB_READ_ALERT:
541 +               cbs = "SSL_CB_READ_ALERT";
542 +               break;
543 +       case SSL_CB_WRITE_ALERT:
544 +               cbs = "SSL_CB_WRITE_ALERT";
545 +               break;
546 +       case SSL_CB_ACCEPT_LOOP:
547 +               cbs = "SSL_CB_ACCEPT_LOOP";
548 +               break;
549 +       case SSL_CB_ACCEPT_EXIT:
550 +               cbs = "SSL_CB_ACCEPT_EXIT";
551 +               break;
552 +       case SSL_CB_CONNECT_LOOP:
553 +               cbs = "SSL_CB_CONNECT_LOOP";
554 +               break;
555 +       case SSL_CB_CONNECT_EXIT:
556 +               cbs = "SSL_CB_CONNECT_EXIT";
557 +               break;
558 +       case SSL_CB_HANDSHAKE_START:
559 +               cbs = "SSL_CB_HANDSHAKE_START";
560 +               break;
561 +       case SSL_CB_HANDSHAKE_DONE:
562 +               cbs = "SSL_CB_HANDSHAKE_DONE";
563 +               break;
564 +       default:
565 +               snprintf(buf, sizeof buf, "??? (%d)", cb);
566 +               cbs = buf;
567 +               break;
568 +       }
569 +       if (verbose > 2) {
570 +               rprintf(FLOG, "SSL: info_callback(%p,%s,%d)\n", ssl, cbs, val);
571 +               if (cb == SSL_CB_HANDSHAKE_DONE) {
572 +                       SSL_CIPHER_description(SSL_get_current_cipher(ssl),
573 +                                              buf, sizeof buf);
574 +                       rprintf(FLOG, "SSL: cipher: %s", buf);
575 +               }
576 +       }
577 +}
578 +
579 +/**
580 + * Initializes the SSL context for TLSv1 connections; returns zero on
581 + * success.
582 + */
583 +int init_tls(void)
584 +{
585 +       if (ssl_ctx)
586 +               return 0;
587 +       SSL_library_init();
588 +       SSL_load_error_strings();
589 +       ssl_ctx = SSL_CTX_new(TLSv1_method());
590 +       if (!ssl_ctx)
591 +               return 1;
592 +       SSL_CTX_set_info_callback(ssl_ctx, info_callback);
593 +
594 +       /* Sets the certificate sent to the other party. */
595 +       if (ssl_cert_path != NULL
596 +           && SSL_CTX_use_certificate_file(ssl_ctx, ssl_cert_path,
597 +                                           SSL_FILETYPE_PEM) != 1)
598 +               return 1;
599 +       /* Set up the simple non-interactive callback if the password
600 +        * was supplied on the command line. */
601 +       if (ssl_key_passwd != NULL)
602 +               SSL_CTX_set_default_passwd_cb(ssl_ctx, default_password_cb);
603 +       /* Sets the private key that matches the public certificate. */
604 +       if (ssl_key_path != NULL) {
605 +               if (SSL_CTX_use_PrivateKey_file(ssl_ctx, ssl_key_path,
606 +                                               SSL_FILETYPE_PEM) != 1)
607 +                       return 1;
608 +               if (SSL_CTX_check_private_key(ssl_ctx) != 1)
609 +                       return 1;
610 +       }
611 +       if (ssl_ca_path != NULL
612 +           && !SSL_CTX_load_verify_locations(ssl_ctx, ssl_ca_path, NULL))
613 +               return 1;
614 +
615 +       return 0;
616 +}
617 +
618 +/**
619 + * Returns the error string for the current SSL error, if any.
620 + */
621 +char *get_ssl_error(void)
622 +{
623 +       return ERR_error_string(ERR_get_error(), NULL);
624 +}
625 +
626 +/**
627 + * Returns the input file descriptor for the SSL connection.
628 + */
629 +int get_tls_rfd(void)
630 +{
631 +       return tls_read[0];
632 +}
633 +
634 +/**
635 + * Returns the output file descriptor for the SSL connection.
636 + */
637 +int get_tls_wfd(void)
638 +{
639 +       return tls_write[1];
640 +}
641 +
642 +/**
643 + * Signal handler that ends the SSL connection.
644 + */
645 +static RETSIGTYPE tls_sigusr1(int UNUSED(val))
646 +{
647 +       if (ssl) {
648 +               SSL_shutdown(ssl);
649 +               SSL_free(ssl);
650 +               ssl = NULL;
651 +       }
652 +       ssl_running = 0;
653 +}
654 +
655 +/**
656 + * Negotiates the TLS connection, creates a socket pair for communicating
657 + * with the rsync process, then forks into a new process that will handle
658 + * the communication.
659 + *
660 + * 0 is returned on success.
661 + */
662 +int start_tls(int f_in, int f_out)
663 +{
664 +       int tls_fd;
665 +       int n = 0, r;
666 +       unsigned char buf1[BUF_SIZE], buf2[BUF_SIZE];
667 +       int avail1 = 0, avail2 = 0, write1 = 0, write2 = 0;
668 +       fd_set rd, wd;
669 +
670 +       if (fd_pair(tls_read))
671 +               return 1;
672 +       if (fd_pair(tls_write))
673 +               return 1;
674 +
675 +       set_blocking(tls_read[0]);
676 +       set_blocking(tls_read[1]);
677 +       set_blocking(tls_write[0]);
678 +       set_blocking(tls_write[1]);
679 +       set_blocking(f_in);
680 +       set_blocking(f_out);
681 +
682 +       ssl_pid = do_fork();
683 +       if (ssl_pid < 0)
684 +               return -1;
685 +       if (ssl_pid != 0) {
686 +               close(tls_write[0]);
687 +               close(tls_read[1]);
688 +               return 0;
689 +       }
690 +
691 +       signal(SIGUSR1, tls_sigusr1);
692 +       ssl = SSL_new(ssl_ctx);
693 +       if (!ssl)
694 +               goto closed;
695 +       if (am_daemon || am_server)
696 +               SSL_set_accept_state(ssl);
697 +       else
698 +               SSL_set_connect_state(ssl);
699 +       SSL_set_rfd(ssl, f_in);
700 +       SSL_set_wfd(ssl, f_out);
701 +
702 +       tls_fd = SSL_get_fd(ssl);
703 +       n = tls_write[0];
704 +       n = MAX(tls_read[1], n);
705 +       n = MAX(tls_fd, n) + 1;
706 +
707 +       ssl_running = 1;
708 +       while (ssl_running) {
709 +               FD_ZERO(&rd);
710 +               FD_ZERO(&wd);
711 +               FD_SET(tls_write[0], &rd);
712 +               FD_SET(tls_read[1], &wd);
713 +               FD_SET(tls_fd, &rd);
714 +               FD_SET(tls_fd, &wd);
715 +
716 +               r = select(n, &rd, &wd, NULL, NULL);
717 +
718 +               if (r == -1 && errno == EINTR)
719 +                       continue;
720 +               if (FD_ISSET(tls_write[0], &rd)) {
721 +                       r = read(tls_write[0], buf1+avail1, BUF_SIZE-avail1);
722 +                       if (r >= 0)
723 +                               avail1 += r;
724 +                       else {
725 +                               rprintf(FERROR, "pipe read error: %s\n",
726 +                                       strerror(errno));
727 +                               break;
728 +                       }
729 +               }
730 +               if (FD_ISSET(tls_fd, &rd)) {
731 +                       r = SSL_read(ssl, buf2+avail2, BUF_SIZE-avail2);
732 +                       if (r > 0)
733 +                               avail2 += r;
734 +                       else {
735 +                               switch (SSL_get_error(ssl, r)) {
736 +                               case SSL_ERROR_ZERO_RETURN:
737 +                                       goto closed;
738 +                               case SSL_ERROR_WANT_READ:
739 +                               case SSL_ERROR_WANT_WRITE:
740 +                                       break;
741 +                               case SSL_ERROR_SYSCALL:
742 +                                       if (r == 0)
743 +                                               rprintf(FERROR, "SSL spurious EOF\n");
744 +                                       else
745 +                                               rprintf(FERROR, "SSL I/O error: %s\n",
746 +                                                       strerror(errno));
747 +                                       goto closed;
748 +                               case SSL_ERROR_SSL:
749 +                                       rprintf(FERROR, "SSL: %s\n",
750 +                                               ERR_error_string(ERR_get_error(), NULL));
751 +                                       goto closed;
752 +                               default:
753 +                                       rprintf(FERROR, "unexpected ssl error %d\n", r);
754 +                                       goto closed;
755 +                               }
756 +                       }
757 +               }
758 +               if (FD_ISSET(tls_read[1], &wd) && write2 < avail2) {
759 +                       r = write(tls_read[1], buf2+write2, avail2-write2);
760 +                       if (r >= 0)
761 +                               write2 += r;
762 +                       else {
763 +                               rprintf(FERROR, "pipe write error: %s\n",
764 +                                       strerror(errno));
765 +                               break;
766 +                       }
767 +               }
768 +               if (FD_ISSET(tls_fd, &wd) && write1 < avail1) {
769 +                       r = SSL_write(ssl, buf1+write1, avail1-write1);
770 +                       if (r > 0)
771 +                               write1 += r;
772 +                       else {
773 +                               switch (SSL_get_error(ssl, r)) {
774 +                               case SSL_ERROR_ZERO_RETURN:
775 +                                       goto closed;
776 +                               case SSL_ERROR_WANT_READ:
777 +                               case SSL_ERROR_WANT_WRITE:
778 +                                       break;
779 +                               case SSL_ERROR_SYSCALL:
780 +                                       if (r == 0)
781 +                                               rprintf(FERROR, "SSL: spurious EOF\n");
782 +                                       else
783 +                                               rprintf(FERROR, "SSL: I/O error: %s\n",
784 +                                                       strerror(errno));
785 +                                       goto closed;
786 +                               case SSL_ERROR_SSL:
787 +                                       rprintf(FERROR, "SSL: %s\n",
788 +                                               ERR_error_string(ERR_get_error(), NULL));
789 +                                       goto closed;
790 +                               default:
791 +                                       rprintf(FERROR, "unexpected ssl error %d\n", r);
792 +                                       goto closed;
793 +                               }
794 +                       }
795 +               }
796 +               if (avail1 == write1)
797 +                       avail1 = write1 = 0;
798 +               if (avail2 == write2)
799 +                       avail2 = write2 = 0;
800 +       }
801 +
802 +       /* XXX I'm pretty sure that there is a lot that I am not considering
803 +          here. Bugs? Yes, probably. */
804 +
805 +       /* We're finished. */
806 +    closed:
807 +       close(tls_read[1]);
808 +       close(tls_write[0]);
809 +       exit(0);
810 +}
811 +
812 +/**
813 + * Ends the TLS connection.
814 + */
815 +void end_tls(void)
816 +{
817 +       if (ssl_pid > 0)
818 +               kill(ssl_pid, SIGUSR1);
819 +}