this is called when a connection is established to a client and we want to start talking. The setup of the system is done from here */
| 1287 | and we want to start talking. The setup of the system is done from |
| 1288 | here */ |
| 1289 | int start_daemon(int f_in, int f_out) |
| 1290 | { |
| 1291 | char line[1024]; |
| 1292 | const char *addr, *host; |
| 1293 | char *p; |
| 1294 | int i; |
| 1295 | |
| 1296 | /* At this point, am_server is only set for a daemon started via rsh. |
| 1297 | * Because am_server gets forced on soon, we'll set am_daemon to -1 as |
| 1298 | * a flag that can be checked later on to distinguish a normal daemon |
| 1299 | * from an rsh-run daemon. */ |
| 1300 | if (am_server) |
| 1301 | am_daemon = -1; |
| 1302 | |
| 1303 | io_set_sock_fds(f_in, f_out); |
| 1304 | |
| 1305 | /* We must load the config file before calling any function that |
| 1306 | * might cause log-file output to occur. This ensures that the |
| 1307 | * "log file" param gets honored for the 2 non-forked use-cases |
| 1308 | * (when rsync is run by init and run by a remote shell). */ |
| 1309 | if (!load_config(0)) |
| 1310 | exit_cleanup(RERR_SYNTAX); |
| 1311 | |
| 1312 | if (lp_proxy_protocol() && !read_proxy_protocol_header(f_in)) |
| 1313 | return -1; |
| 1314 | |
| 1315 | /* Do reverse DNS lookup before chroot/setuid. The result is cached, |
| 1316 | * so the later client_name() call will use this cached value. This |
| 1317 | * ensures hostname-based ACLs work even when DNS is unavailable |
| 1318 | * after chroot. |
| 1319 | * |
| 1320 | * "reverse lookup" can be set globally OR per-module, so we also |
| 1321 | * scan each module: a deployment with "reverse lookup = no" in the |
| 1322 | * global section but "reverse lookup = yes" in a specific module |
| 1323 | * still triggers a post-chroot lookup at access-check time |
| 1324 | * (rsync_module() in this file), which would also fail in the |
| 1325 | * chroot and turn hostname-based deny rules into silent bypasses. */ |
| 1326 | { |
| 1327 | int need_reverse = lp_reverse_lookup(-1); |
| 1328 | int j, num_modules = lp_num_modules(); |
| 1329 | for (j = 0; !need_reverse && j < num_modules; j++) { |
| 1330 | if (lp_reverse_lookup(j)) |
| 1331 | need_reverse = 1; |
| 1332 | } |
| 1333 | if (need_reverse) |
| 1334 | (void)client_name(client_addr(f_in)); |
| 1335 | } |
| 1336 | |
| 1337 | p = lp_daemon_chroot(); |
| 1338 | if (*p) { |
| 1339 | log_init(0); /* Make use we've initialized syslog before chrooting. */ |
| 1340 | tzset(); |
| 1341 | if (chroot(p) < 0) { |
| 1342 | rsyserr(FLOG, errno, "daemon chroot(\"%s\") failed", p); |
| 1343 | return -1; |
| 1344 | } |
| 1345 | /* Deliberately do NOT set am_chrooted here. am_chrooted |
| 1346 | * gates the per-module symlink-race defenses |
no test coverage detected