Re: Openssl and rsync
Martin, Thanks for your insights. I was able to create an openssl version of rsync for Windows and Linux. It did take more coding as you mentioned, but it seems quite stable and speedy. The reason for this undertaking was to create a version of rsync that could communicate with the Netware port, which doesn't use ssh because of a lack of a ssh on shipping versions. It also could be useful in a embedded environment, but I may be grasping at straws. In any case, thanks for the help. Lee Martin Pool [EMAIL PROTECTED] 6/18/2003 5:17:03 AM On 20 Feb 2003, Lee Wiltbank [EMAIL PROTECTED] wrote: I have been working on a project to Openssl'ify Rsync. I am having problems when Rsync forks two processes to handle a sender and was wondering if anyone else would be able to lend a hand or some pointers. I have posted to mailing.openssl.dev Basically, I have brought up Rsync 2.5.5 on cygwin. It goes through the Openssl init and then waits on accept. When it accepts, it forks itself. The child then communicates with the other side. The problem occurs when Rsync determines that it is the receiver and forks itself again. Then there are two processes with the same SSL object. I am having a lot of trouble getting data from the client once Rsync does this two-fork thing. I know that Openssl is multi-thread capable, but this situation is where two processes have the same SSL object and attached socket and are working with it. This version works fine when Rsync is the sender, that is, the client connects and the server sends the files over. In this case, there is only one process trying to write to the SSL object and socket. There are a few difficult historical facts, as you say - Forking on the receiver is pretty tightly embedded into the application and protocol. - OpenSSL just cannot handle a single socket being used from two different processes. Unlike with threads, it does not have any easy place to keep common state. And in any case the two processes assume they can just do their own thing; I'm not sure they would be able to synchronize in the way required by SSL. Consider that a write operation from the applications point of view may result in several reads and writes in the SSL layer, and vice versa. None of these issues are absolutely insurmountable (it's just code) but they are pretty tough. My recommendation is not to waste your time. Therefore one might look at putting SSL in a separate process that stands between the real socket and rsync. You could fork this off just before starting processing, perhaps in response to a command line parameter. Or you could just use stunnel, which does essentially this only with a bit more manual setup. SSH already works and is at least as easy to set up as SSL. (Key management is far more practical.) Is SSH not available on Netware, or are there issues with it? -- Martin -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Rsync and Openssl
Everyone, I took rsync 2.5.6 and added openssl support to it. I have compiled it for cygwin and Redhat linux. If anyone is interested in playing with it/fixing my mistakes, I would be more than glad to send the code or post it. It currently runs between the linux and windows boxes with no problem and a NetWare version can connect to it as well. Eventually, I would like to make it totally cross platform so that all platforms running openssl can use it. The basics are: Run rsync as an anonymous daemon, but add --ssl --certfile=path to certificate to the command line Then run rsync on the client and add --ssl --certfile=path to certificate to the command line All other parameters work as before, just the traffic is encrypted. I must admit to being somewhat of a newbie with openssl programming, but the non-blocking io seems to be working fine, I really could use help with certificate verification, etc. Thanks. Lee -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html
Openssl and rsync
Hello, I have been working on a project to Openssl'ify Rsync. I am having problems when Rsync forks two processes to handle a sender and was wondering if anyone else would be able to lend a hand or some pointers. I have posted to mailing.openssl.dev Basically, I have brought up Rsync 2.5.5 on cygwin. It goes through the Openssl init and then waits on accept. When it accepts, it forks itself. The child then communicates with the other side. The problem occurs when Rsync determines that it is the receiver and forks itself again. Then there are two processes with the same SSL object. I am having a lot of trouble getting data from the client once Rsync does this two-fork thing. I know that Openssl is multi-thread capable, but this situation is where two processes have the same SSL object and attached socket and are working with it. This version works fine when Rsync is the sender, that is, the client connects and the server sends the files over. In this case, there is only one process trying to write to the SSL object and socket. I would appreciate any help or pointers from anyone. Thanks. Lee Lee -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html
RE: Securing Rsync
On cygwin and Netware, I think that message is coming from the default strict modes in rsyncd.conf. For these, be sure to add strict modes=no in the rsyncd.conf. Lee -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html
Re: RSync on Netware
Rick, Thanks for the kind words. In fact, I do have the source as well, and am being pressured right now to make it available. I can bundle NLM and source together and make it available and would like to have it available from the download page, if that can be arranged. Quoting Lee Wiltbank ([EMAIL PROTECTED]): I have ported rsync 2.5.5 to Netware and would like to, at least, contribute the binary so that people can download it. Being GPLed, the 2.5.5 NLM binary has actually already made it out into public. What would be really nice would be to find and archive the matching source code. Is there someone in Novell who can facilitate that? I realise there's always corporate bureaucracy to work through, in such matters. Thank you very much for your porting work. -- Cheers,Before enlightenment, caffeine. Rick Moen After enlightenment, caffeine. [EMAIL PROTECTED] Lee -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html
RSync on Netware
Hello, I have ported rsync 2.5.5 to Netware and would like to, at least, contribute the binary so that people can download it. It says on the website to use the bug tracking system to do this, but since that isn't working, I thought I would try this. Thanks for any help or direction. Lee -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html