I would like to suggest a feature that I believe would help out one
usability aspect of rysnc. The patch I am suggesting will allow the
rysnc module to return 1 of multiple secrets from the password file,
essentially allowing you to check ANY user's (whom belong to a team)
secret to see if it matches.
For example: For 2 users (user1 and user2) belonging to team1, it
would check all users passwords when they authenticates to their team
share
- User1 - password '123'
- User2 - password 'abc'
- Team1 - password '890'
When authenticating for team1 (as user1, user2, or team1), either of
the 3 passwords would work since any matching secret is returned. This
allows the admin to create teams where all users can log in using
their own password.
This would allow the following command to succeed
rsync -zavP * user1@servername::team1
So user1 could use his/her own password when transmitting files to the
team1 folder/share.
The patch attached to this email is against the 2.6.6 source. I would
perhaps suggest that another piece be added to have this be
implemented as a command-line switch.
--
Jeff Klink
--- rsync-2.6.6/authenticate.c 2005-04-10 13:09:10.000000000 -0400
+++ rsync-2.6.6.patched/authenticate.c 2005-09-12 14:44:59.091055616
-0400
@@ -76,7 +76,7 @@
/* Return the secret for a user from the secret file, null terminated.
* Maximum length is len (not counting the null). */
-static int get_secret(int module, char *user, char *secret, int len)
+static int get_secret(int module, char *user, char *secret, int len,
int skip_how_many)
{
char *fname = lp_secrets_file(module);
STRUCT_STAT st;
@@ -125,8 +125,13 @@
else if (p) {
if (*p == ch)
p++;
- else if (!*p && ch == ':')
- break;
+ else if (!*p && ch == ':') {
+ if (skip_how_many == 0)
+ break;
+
+ skip_how_many--;
+ p = NULL;
+ }
else
p = NULL;
}
@@ -262,23 +267,29 @@
}
memset(secret, 0, sizeof secret);
- if (!get_secret(module, line, secret, sizeof secret - 1)) {
- memset(secret, 0, sizeof secret);
- rprintf(FLOG, "auth failed on module %s from %s (%s): "
- "missing secret for user \"%s\"\n",
- lp_name(module), host, addr, line);
- return NULL;
- }
-
- generate_hash(secret, challenge, pass2);
- memset(secret, 0, sizeof secret);
- if (strcmp(pass, pass2) != 0) {
- rprintf(FLOG, "auth failed on module %s from %s (%s): "
- "password mismatch\n",
- lp_name(module), host, addr);
- return NULL;
- }
+ {
+ int skip = 0;
+ for (;;) {
+ if (!get_secret(module, line,
+ secret, sizeof(secret)-1, skip)) {
+ memset(secret, 0, sizeof secret);
+ rprintf(FLOG, "auth failed on module %s from
%s (%s): "
+ "password mismatch\n",
+ lp_name(module), host, addr);
+
+ return NULL;
+ }
+
+ generate_hash(secret, challenge, pass2);
+ memset(secret, 0, sizeof(secret));
+
+ if (strcmp(pass, pass2) == 0)
+ break;
+
+ skip++;
+ }
+ }
return strdup(line);
}
