Annotation of src/usr.bin/rsync/receiver.c, Revision 1.9
1.9 ! deraadt 1: /* $Id: receiver.c,v 1.8 2019/02/14 18:30:11 florian Exp $ */
1.1 benno 2:
3: /*
4: * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
5: *
6: * Permission to use, copy, modify, and distribute this software for any
7: * purpose with or without fee is hereby granted, provided that the above
8: * copyright notice and this permission notice appear in all copies.
9: *
10: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17: */
18: #include <sys/mman.h>
19: #include <sys/stat.h>
20:
21: #include <assert.h>
22: #include <errno.h>
23: #include <fcntl.h>
24: #include <inttypes.h>
25: #include <math.h>
26: #include <poll.h>
27: #include <stdio.h>
28: #include <stdlib.h>
29: #include <string.h>
30: #include <time.h>
31: #include <unistd.h>
32:
33: #include "extern.h"
34:
35: enum pfdt {
36: PFD_SENDER_IN = 0, /* input from the sender */
37: PFD_UPLOADER_IN, /* uploader input from a local file */
38: PFD_DOWNLOADER_IN, /* downloader input from a local file */
39: PFD_SENDER_OUT, /* output to the sender */
40: PFD__MAX
41: };
1.7 florian 42:
43: int
44: rsync_set_metadata(struct sess *sess, int newfile,
45: int fd, const struct flist *f, const char *path)
46: {
1.8 florian 47: uid_t uid = (uid_t)-1;
48: gid_t gid = (gid_t)-1;
1.7 florian 49: struct timespec tv[2];
50:
51: /*
52: * Conditionally adjust identifiers.
53: * If we have an EPERM, report it but continue on: this just
54: * means that we're mapping into an unknown (or disallowed)
55: * group identifier.
56: */
57:
1.8 florian 58: if (getuid() == 0 && sess->opts->preserve_uids)
59: uid = f->st.uid;
60: if (sess->opts->preserve_gids)
61: gid = f->st.gid;
62:
63: if (uid != (uid_t)-1 || gid != (gid_t)-1) {
1.7 florian 64: if (fchown(fd, uid, gid) == -1) {
65: if (errno != EPERM) {
66: ERR(sess, "%s: fchown", path);
67: return 0;
68: }
69: WARNX(sess, "%s: identity unknown or not available "
70: "to user.group: %u.%u", f->path, uid, gid);
71: } else
72: LOG4(sess, "%s: updated uid and/or gid", f->path);
73: }
74:
75: /* Conditionally adjust file modification time. */
76:
77: if (sess->opts->preserve_times) {
78: tv[0].tv_sec = time(NULL);
79: tv[0].tv_nsec = 0;
80: tv[1].tv_sec = f->st.mtime;
81: tv[1].tv_nsec = 0;
82: if (futimens(fd, tv) == -1) {
83: ERR(sess, "%s: futimens", path);
84: return 0;
85: }
86: LOG4(sess, "%s: updated date", f->path);
87: }
88:
89: return 1;
90: }
1.1 benno 91:
1.2 benno 92: /*
1.1 benno 93: * Pledges: unveil, rpath, cpath, wpath, stdio, fattr.
94: * Pledges (dry-run): -cpath, -wpath, -fattr.
95: */
96: int
1.9 ! deraadt 97: rsync_receiver(struct sess *sess, int fdin, int fdout, const char *root)
1.1 benno 98: {
99: struct flist *fl = NULL, *dfl = NULL;
100: size_t i, flsz = 0, dflsz = 0, excl;
101: char *tofree;
102: int rc = 0, dfd = -1, phase = 0, c;
1.2 benno 103: int32_t ioerror;
1.1 benno 104: struct pollfd pfd[PFD__MAX];
105: struct download *dl = NULL;
1.2 benno 106: struct upload *ul = NULL;
1.1 benno 107: mode_t oumask;
108:
1.6 benno 109: if (pledge("stdio rpath wpath cpath fattr getpw unveil", NULL) == -1) {
1.1 benno 110: ERR(sess, "pledge");
111: goto out;
112: }
113:
114: /* Client sends zero-length exclusions. */
115:
1.4 deraadt 116: if (!sess->opts->server &&
117: !io_write_int(sess, fdout, 0)) {
1.1 benno 118: ERRX1(sess, "io_write_int");
119: goto out;
120: }
121:
122: if (sess->opts->server && sess->opts->del) {
1.4 deraadt 123: if (!io_read_size(sess, fdin, &excl)) {
1.1 benno 124: ERRX1(sess, "io_read_size");
125: goto out;
126: } else if (0 != excl) {
127: ERRX(sess, "exclusion list is non-empty");
128: goto out;
129: }
130: }
131:
132: /*
133: * Start by receiving the file list and our mystery number.
134: * These we're going to be touching on our local system.
135: */
136:
1.4 deraadt 137: if (!flist_recv(sess, fdin, &fl, &flsz)) {
1.1 benno 138: ERRX1(sess, "flist_recv");
139: goto out;
1.2 benno 140: }
141:
1.1 benno 142: /* The IO error is sent after the file list. */
143:
1.4 deraadt 144: if (!io_read_int(sess, fdin, &ioerror)) {
1.1 benno 145: ERRX1(sess, "io_read_int");
146: goto out;
147: } else if (0 != ioerror) {
148: ERRX1(sess, "io_error is non-zero");
149: goto out;
150: }
151:
1.5 deraadt 152: if (flsz == 0 && !sess->opts->server) {
1.1 benno 153: WARNX(sess, "receiver has empty file list: exiting");
154: rc = 1;
155: goto out;
1.4 deraadt 156: } else if (!sess->opts->server)
1.1 benno 157: LOG1(sess, "Transfer starting: %zu files", flsz);
158:
159: LOG2(sess, "%s: receiver destination", root);
160:
161: /*
162: * Create the path for our destination directory, if we're not
163: * in dry-run mode (which would otherwise crash w/the pledge).
164: * This uses our current umask: we might set the permissions on
165: * this directory in post_dir().
166: */
167:
1.4 deraadt 168: if (!sess->opts->dry_run) {
1.5 deraadt 169: if ((tofree = strdup(root)) == NULL) {
1.1 benno 170: ERR(sess, "strdup");
171: goto out;
172: } else if (mkpath(sess, tofree) < 0) {
173: ERRX1(sess, "%s: mkpath", root);
174: free(tofree);
175: goto out;
176: }
177: free(tofree);
178: }
179:
180: /*
181: * Disable umask() so we can set permissions fully.
182: * Then open the directory iff we're not in dry_run.
183: */
184:
185: oumask = umask(0);
186:
1.4 deraadt 187: if (!sess->opts->dry_run) {
1.1 benno 188: dfd = open(root, O_RDONLY | O_DIRECTORY, 0);
1.5 deraadt 189: if (dfd == -1) {
1.1 benno 190: ERR(sess, "%s: open", root);
191: goto out;
192: }
193: }
194:
195: /*
196: * Begin by conditionally getting all files we have currently
197: * available in our destination.
198: * XXX: THIS IS A BUG IN OPENBSD 6.4.
199: * For newer version of OpenBSD, this is safe to put after the
200: * unveil.
201: */
202:
1.2 benno 203: if (sess->opts->del &&
1.1 benno 204: sess->opts->recursive &&
1.4 deraadt 205: !flist_gen_dels(sess, root, &dfl, &dflsz, fl, flsz)) {
1.1 benno 206: ERRX1(sess, "flist_gen_local");
207: goto out;
208: }
209:
210: /*
211: * Make our entire view of the file-system be limited to what's
212: * in the root directory.
213: * This prevents us from accidentally (or "under the influence")
214: * writing into other parts of the file-system.
215: */
216:
1.5 deraadt 217: if (unveil(root, "rwc") == -1) {
1.1 benno 218: ERR(sess, "%s: unveil", root);
219: goto out;
1.5 deraadt 220: } else if (unveil(NULL, NULL) == -1) {
1.1 benno 221: ERR(sess, "%s: unveil", root);
222: goto out;
223: }
224:
225: /* If we have a local set, go for the deletion. */
226:
1.4 deraadt 227: if (!flist_del(sess, dfd, dfl, dflsz)) {
1.1 benno 228: ERRX1(sess, "flist_del");
229: goto out;
230: }
231:
232: /* Initialise poll events to listen from the sender. */
233:
234: pfd[PFD_SENDER_IN].fd = fdin;
235: pfd[PFD_UPLOADER_IN].fd = -1;
236: pfd[PFD_DOWNLOADER_IN].fd = -1;
237: pfd[PFD_SENDER_OUT].fd = fdout;
238:
239: pfd[PFD_SENDER_IN].events = POLLIN;
240: pfd[PFD_UPLOADER_IN].events = POLLIN;
241: pfd[PFD_DOWNLOADER_IN].events = POLLIN;
242: pfd[PFD_SENDER_OUT].events = POLLOUT;
243:
1.2 benno 244: ul = upload_alloc(sess, dfd, fdout,
1.1 benno 245: CSUM_LENGTH_PHASE1, fl, flsz, oumask);
1.5 deraadt 246: if (ul == NULL) {
1.1 benno 247: ERRX1(sess, "upload_alloc");
248: goto out;
249: }
250:
251: dl = download_alloc(sess, fdin, fl, flsz, dfd);
1.5 deraadt 252: if (dl == NULL) {
1.1 benno 253: ERRX1(sess, "download_alloc");
254: goto out;
255: }
256:
257: LOG2(sess, "%s: ready for phase 1 data", root);
258:
259: for (;;) {
1.5 deraadt 260: if ((c = poll(pfd, PFD__MAX, INFTIM)) == -1) {
1.1 benno 261: ERR(sess, "poll");
262: goto out;
1.2 benno 263: }
1.1 benno 264:
1.2 benno 265: for (i = 0; i < PFD__MAX; i++)
1.1 benno 266: if (pfd[i].revents & (POLLERR|POLLNVAL)) {
267: ERRX(sess, "poll: bad fd");
268: goto out;
269: } else if (pfd[i].revents & POLLHUP) {
270: ERRX(sess, "poll: hangup");
271: goto out;
272: }
273:
274: /*
275: * If we have a read event and we're multiplexing, we
276: * might just have error messages in the pipe.
277: * It's important to flush these out so that we don't
278: * clog the pipe.
279: * Unset our polling status if there's nothing that
280: * remains in the pipe.
281: */
282:
283: if (sess->mplex_reads &&
284: (POLLIN & pfd[PFD_SENDER_IN].revents)) {
1.4 deraadt 285: if (!io_read_flush(sess, fdin)) {
1.1 benno 286: ERRX1(sess, "io_read_flush");
287: goto out;
1.5 deraadt 288: } else if (sess->mplex_read_remain == 0)
1.1 benno 289: pfd[PFD_SENDER_IN].revents &= ~POLLIN;
290: }
291:
292:
293: /*
294: * We run the uploader if we have files left to examine
295: * (i < flsz) or if we have a file that we've opened and
296: * is read to mmap.
297: */
298:
299: if ((POLLIN & pfd[PFD_UPLOADER_IN].revents) ||
300: (POLLOUT & pfd[PFD_SENDER_OUT].revents)) {
1.2 benno 301: c = rsync_uploader(ul,
302: &pfd[PFD_UPLOADER_IN].fd,
1.1 benno 303: sess, &pfd[PFD_SENDER_OUT].fd);
304: if (c < 0) {
305: ERRX1(sess, "rsync_uploader");
306: goto out;
307: }
308: }
309:
1.2 benno 310: /*
1.1 benno 311: * We need to run the downloader when we either have
312: * read events from the sender or an asynchronous local
313: * open is ready.
314: * XXX: we don't disable PFD_SENDER_IN like with the
315: * uploader because we might stop getting error
316: * messages, which will otherwise clog up the pipes.
317: */
318:
1.2 benno 319: if ((POLLIN & pfd[PFD_SENDER_IN].revents) ||
1.1 benno 320: (POLLIN & pfd[PFD_DOWNLOADER_IN].revents)) {
1.2 benno 321: c = rsync_downloader(dl, sess,
1.1 benno 322: &pfd[PFD_DOWNLOADER_IN].fd);
323: if (c < 0) {
324: ERRX1(sess, "rsync_downloader");
325: goto out;
1.5 deraadt 326: } else if (c == 0) {
327: assert(phase == 0);
1.1 benno 328: phase++;
329: LOG2(sess, "%s: receiver ready "
330: "for phase 2 data", root);
331: break;
332: }
333:
334: /*
335: * FIXME: if we have any errors during the
336: * download, most notably files getting out of
337: * sync between the send and the receiver, then
338: * here we should bump our checksum length and
339: * go into the second phase.
340: */
1.2 benno 341: }
1.1 benno 342: }
343:
344: /* Properly close us out by progressing through the phases. */
345:
1.5 deraadt 346: if (phase == 1) {
1.4 deraadt 347: if (!io_write_int(sess, fdout, -1)) {
1.1 benno 348: ERRX1(sess, "io_write_int");
349: goto out;
1.4 deraadt 350: } else if (!io_read_int(sess, fdin, &ioerror)) {
1.1 benno 351: ERRX1(sess, "io_read_int");
352: goto out;
1.5 deraadt 353: } else if (ioerror != -1) {
1.1 benno 354: ERRX(sess, "expected phase ack");
355: goto out;
356: }
357: }
358:
359: /*
360: * Now all of our transfers are complete, so we can fix up our
361: * directory permissions.
362: */
363:
1.4 deraadt 364: if (!rsync_uploader_tail(ul, sess)) {
1.1 benno 365: ERRX1(sess, "rsync_uploader_tail");
366: goto out;
367: }
368:
369: /* Process server statistics and say good-bye. */
370:
1.4 deraadt 371: if (!sess_stats_recv(sess, fdin)) {
1.1 benno 372: ERRX1(sess, "sess_stats_recv");
373: goto out;
1.4 deraadt 374: } else if (!io_write_int(sess, fdout, -1)) {
1.1 benno 375: ERRX1(sess, "io_write_int");
376: goto out;
377: }
378:
379: LOG2(sess, "receiver finished updating");
380: rc = 1;
381: out:
1.5 deraadt 382: if (dfd != -1)
1.1 benno 383: close(dfd);
384: upload_free(ul);
385: download_free(dl);
386: flist_free(fl, flsz);
387: flist_free(dfl, dflsz);
388: return rc;
389: }