rsync - Jan 2004 - rsync error using ssh : @ERROR: access denied to server.domain.com from unknown (0.0.0.0) {Scanned By MailScanner}

I use rsync to mirror several servers.

I run RH7.3

My rsyncd.conf file is:

motd file = /etc/rsync.d/rsync.motd
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
hosts allow = 10.1.2.200 10.1.2.201
hosts deny = 0.0.0.0/0.0.0.0
use chroot = yes
max connections = 3
#syslog facility 
[website]
   path = /var/www/website
   comment = Connex Live WWW Server
   uid = nobody
   gid = nobody
   read only = no
   list = yes
   auth users = someone,root
   secrets file = /etc/rsync.d/rsync.secrets


I use the --rsh=ssh option to use a ssh protocol

A typical script contains:

#!/bin/ash
PATH=/usr/local/bin:/bin:/usr/bin
### Setting user
USER=root

echo Synchronizing Website
#echo

rsync --rsh=ssh \
 --password-file=/root/.rsyncpwd  \
 --compress --recursive --times --perms --links --owner --group \
 --include "web_order*" --include "web_user.*" --include
"web_user_c*" --include "web_user_h*" \
 --include "web_user_l*" --include "web_org*" --include
"web_in*" --include
"web_quote*" \
 --include "quick_connect.*" \
 --exclude "*" \
 10.1.2.190::website /var/www/website


Everything worked perfectly.

I am now getting the error
@ERROR: access denied to server.domain.com from unknown (0.0.0.0)

If I changed the script so I do not use a ssh shell, everything works fine.

I have hunted the web for a solution, but no joy.

Please advise how I correct the problem.

On Tue, Jan 27, 2004 at 04:31:53PM -0800, AI Connex
wrote:
> I use rsync to mirror several servers.
> 
> I run RH7.3
> 
> My rsyncd.conf file is:
> 
> motd file = /etc/rsync.d/rsync.motd
> log file = /var/log/rsyncd.log
> pid file = /var/run/rsyncd.pid
> lock file = /var/run/rsync.lock
> hosts allow = 10.1.2.200 10.1.2.201
> hosts deny = 0.0.0.0/0.0.0.0
> use chroot = yes
> max connections = 3
> #syslog facility > 
> [website]
>    path = /var/www/website
>    comment = Connex Live WWW Server
>    uid = nobody
>    gid = nobody
>    read only = no
>    list = yes
>    auth users = someone,root
>    secrets file = /etc/rsync.d/rsync.secrets
> 
> 
> I use the --rsh=ssh option to use a ssh protocol
> 
> A typical script contains:
> 
> #!/bin/ash
> PATH=/usr/local/bin:/bin:/usr/bin
> ### Setting user
> USER=root
> 
> echo Synchronizing Website
> #echo
> 
> rsync --rsh=ssh \
>  --password-file=/root/.rsyncpwd  \
>  --compress --recursive --times --perms --links --owner --group \
>  --include "web_order*" --include "web_user.*"
--include
> "web_user_c*" --include "web_user_h*" \
>  --include "web_user_l*" --include "web_org*" --include
"web_in*" --include
> "web_quote*" \
>  --include "quick_connect.*" \
>  --exclude "*" \
>  10.1.2.190::website /var/www/website
> 
> 
> Everything worked perfectly.
> 
> I am now getting the error
> @ERROR: access denied to server.domain.com from unknown (0.0.0.0)
The question is, what changed?
> If I changed the script so I do not use a ssh shell, everything works fine.
> 
> I have hunted the web for a solution, but no joy.
> 
> Please advise how I correct the problem.
As near as i can tell it never should have worked because
a local connection, via ssh, would never be allowed access with "hosts
allow" clause unless perhaps one of the hosts listed were
0.0.0.0

I've attached an UNTESTED patch (against CVS HEAD but should
be applicable to some older versions) that disables hosts
[allow|deny] for rsync over ssh so that the same config file
may be used for both ssh and direct socket connections.



-- 
________________________________________________________________
	J.W. Schultz            Pegasystems Technologies
	email address:		jw@pegasys.ws

		Remember Cernan and Schmitt
-------------- next part --------------
? ..clientserver.patch
Index: clientserver.c
==================================================================RCS file:
/data/cvs/rsync/clientserver.c,v
retrieving revision 1.115
diff -u -p -r1.115 clientserver.c
--- clientserver.c	27 Jan 2004 07:57:12 -0000	1.115
+++ clientserver.c	28 Jan 2004 01:02:45 -0000
@@ -226,17 +226,16 @@ static int rsync_module(int f_in, int f_
 	int ret;
 	char *request=NULL;
 
-	if (!allow_access(addr, host, lp_hosts_allow(i), lp_hosts_deny(i))) {
+	if (am_daemon && am_server) {
+		rprintf(FINFO, "rsync allowed access on module %s from %s (%s)\n",
+			name, host, addr);
+	}
+	else if (!allow_access(addr, host, lp_hosts_allow(i), lp_hosts_deny(i))) {
 		rprintf(FERROR,"rsync denied on module %s from %s (%s)\n",
 			name, host, addr);
 		io_printf(f_out, "@ERROR: access denied to %s from %s (%s)\n",
 			  name, host, addr);
 		return -1;
-	}
-
-	if (am_daemon && am_server) {
-		rprintf(FINFO, "rsync allowed access on module %s from %s (%s)\n",
-			name, host, addr);
 	}
 
 	if (!claim_connection(lp_lock_file(i), lp_max_connections(i))) {