1 CAUTION: This patch compiles, but is otherwise totally untested!
3 This patch also implements --times-only.
5 Implementation details for the --source-filter and -dest-filter options:
7 - These options open a *HUGE* security hole in daemon mode unless they
8 are refused in your rsyncd.conf!
10 - Filtering disables rsync alogrithm. (This should be fixed.)
12 - Source filter makes temporary files in /tmp. (Should be overridable.)
14 - If source filter fails, data is send unfiltered. (Should be changed
17 - Failure of destination filter, causes data loss!!! (Should be changed
20 - If filter changes size of file, you should use --times-only option to
21 prevent repeated transfers of unchanged files.
23 - If the COMMAND contains single quotes, option-passing breaks. (Needs
26 To use this patch, run these commands for a successful build:
28 patch -p1 <patches/source-filter_dest-filter.diff
30 ./configure (optional if already run)
33 based-on: a6bdf313f239cabfef445bc3658b79aec8a40c37
34 diff --git a/generator.c b/generator.c
37 @@ -65,6 +65,7 @@ extern int append_mode;
38 extern int make_backups;
39 extern int csum_length;
40 extern int ignore_times;
41 +extern int times_only;
43 extern OFF_T max_size;
44 extern OFF_T min_size;
45 @@ -616,7 +617,7 @@ int quick_check_ok(enum filetype ftype, const char *fn, struct file_struct *file
49 - if (st->st_size != F_LENGTH(file))
50 + if (!times_only && st->st_size != F_LENGTH(file))
53 /* If always_checksum is set then we use the checksum instead
54 diff --git a/main.c b/main.c
57 @@ -187,7 +187,7 @@ int shell_exec(const char *cmd)
60 /* Wait for a process to exit, calling io_flush while waiting. */
61 -static void wait_process_with_flush(pid_t pid, int *exit_code_ptr)
62 +void wait_process_with_flush(pid_t pid, int *exit_code_ptr)
66 diff --git a/options.c b/options.c
69 @@ -110,6 +110,7 @@ int safe_symlinks = 0;
70 int copy_unsafe_links = 0;
71 int munge_symlinks = 0;
74 int daemon_bwlimit = 0;
77 @@ -170,6 +171,8 @@ char *logfile_name = NULL;
78 char *logfile_format = NULL;
79 char *stdout_format = NULL;
80 char *password_file = NULL;
81 +char *source_filter = NULL;
82 +char *dest_filter = NULL;
83 char *early_input_file = NULL;
84 char *rsync_path = RSYNC_PATH;
85 char *backup_dir = NULL;
86 @@ -679,6 +682,7 @@ static struct poptOption long_options[] = {
87 {"chmod", 0, POPT_ARG_STRING, 0, OPT_CHMOD, 0, 0 },
88 {"ignore-times", 'I', POPT_ARG_NONE, &ignore_times, 0, 0, 0 },
89 {"size-only", 0, POPT_ARG_NONE, &size_only, 0, 0, 0 },
90 + {"times-only", 0, POPT_ARG_NONE, ×_only , 0, 0, 0 },
91 {"one-file-system", 'x', POPT_ARG_NONE, 0, 'x', 0, 0 },
92 {"no-one-file-system",0, POPT_ARG_VAL, &one_file_system, 0, 0, 0 },
93 {"no-x", 0, POPT_ARG_VAL, &one_file_system, 0, 0, 0 },
94 @@ -813,6 +817,8 @@ static struct poptOption long_options[] = {
95 {"early-input", 0, POPT_ARG_STRING, &early_input_file, 0, 0, 0 },
96 {"blocking-io", 0, POPT_ARG_VAL, &blocking_io, 1, 0, 0 },
97 {"no-blocking-io", 0, POPT_ARG_VAL, &blocking_io, 0, 0, 0 },
98 + {"source-filter", 0, POPT_ARG_STRING, &source_filter, 0, 0, 0 },
99 + {"dest-filter", 0, POPT_ARG_STRING, &dest_filter, 0, 0, 0 },
100 {"outbuf", 0, POPT_ARG_STRING, &outbuf_mode, 0, 0, 0 },
101 {"remote-option", 'M', POPT_ARG_STRING, 0, 'M', 0, 0 },
102 {"protocol", 0, POPT_ARG_INT, &protocol_version, 0, 0, 0 },
103 @@ -2390,6 +2396,16 @@ int parse_arguments(int *argc_p, const char ***argv_p)
107 + if (source_filter || dest_filter) {
108 + if (whole_file == 0) {
109 + snprintf(err_buf, sizeof err_buf,
110 + "--no-whole-file cannot be used with --%s-filter\n",
111 + source_filter ? "source" : "dest");
120 @@ -2743,6 +2759,25 @@ void server_options(char **args, int *argc_p)
121 else if (missing_args == 1 && !am_sender)
122 args[ac++] = "--ignore-missing-args";
124 + if (times_only && am_sender)
125 + args[ac++] = "--times-only";
127 + if (source_filter && !am_sender) {
128 + /* Need to single quote the arg to keep the remote shell
129 + * from splitting it. FIXME: breaks if command has single quotes. */
130 + if (asprintf(&arg, "--source-filter='%s'", source_filter) < 0)
135 + if (dest_filter && am_sender) {
136 + /* Need to single quote the arg to keep the remote shell
137 + * from splitting it. FIXME: breaks if command has single quotes. */
138 + if (asprintf(&arg, "--dest-filter='%s'", dest_filter) < 0)
143 if (modify_window_set && am_sender) {
144 char *fmt = modify_window < 0 ? "-@%d" : "--modify-window=%d";
145 if (asprintf(&arg, fmt, modify_window) < 0)
146 diff --git a/pipe.c b/pipe.c
149 @@ -27,6 +27,7 @@ extern int am_server;
150 extern int blocking_io;
151 extern int filesfrom_fd;
152 extern int munge_symlinks;
153 +extern mode_t orig_umask;
154 extern char *logfile_name;
155 extern int remote_option_cnt;
156 extern const char **remote_options;
157 @@ -176,3 +177,77 @@ pid_t local_child(int argc, char **argv, int *f_in, int *f_out,
162 +pid_t run_filter(char *command[], int out, int *pipe_to_filter)
167 + if (DEBUG_GTE(CMD, 1))
168 + print_child_argv("opening connection using:", command);
170 + if (pipe(pipefds) < 0) {
171 + rsyserr(FERROR, errno, "pipe");
172 + exit_cleanup(RERR_IPC);
177 + rsyserr(FERROR, errno, "fork");
178 + exit_cleanup(RERR_IPC);
182 + if (dup2(pipefds[0], STDIN_FILENO) < 0
183 + || close(pipefds[1]) < 0
184 + || dup2(out, STDOUT_FILENO) < 0) {
185 + rsyserr(FERROR, errno, "Failed dup/close");
186 + exit_cleanup(RERR_IPC);
189 + set_blocking(STDIN_FILENO);
191 + set_blocking(STDOUT_FILENO);
192 + execvp(command[0], command);
193 + rsyserr(FERROR, errno, "Failed to exec %s", command[0]);
194 + exit_cleanup(RERR_IPC);
197 + if (close(pipefds[0]) < 0) {
198 + rsyserr(FERROR, errno, "Failed to close");
199 + exit_cleanup(RERR_IPC);
202 + *pipe_to_filter = pipefds[1];
207 +pid_t run_filter_on_file(char *command[], int out, int in)
211 + if (DEBUG_GTE(CMD, 1))
212 + print_child_argv("opening connection using:", command);
216 + rsyserr(FERROR, errno, "fork");
217 + exit_cleanup(RERR_IPC);
221 + if (dup2(in, STDIN_FILENO) < 0
222 + || dup2(out, STDOUT_FILENO) < 0) {
223 + rsyserr(FERROR, errno, "Failed to dup2");
224 + exit_cleanup(RERR_IPC);
227 + set_blocking(STDOUT_FILENO);
228 + execvp(command[0], command);
229 + rsyserr(FERROR, errno, "Failed to exec %s", command[0]);
230 + exit_cleanup(RERR_IPC);
235 diff --git a/receiver.c b/receiver.c
238 @@ -60,6 +60,7 @@ extern BOOL want_progress_now;
239 extern mode_t orig_umask;
240 extern struct stats stats;
242 +extern char *dest_filter;
243 extern char *partial_dir;
244 extern char *basis_dir[MAX_BASIS_DIRS+1];
245 extern char sender_file_sum[MAX_DIGEST_LEN];
246 @@ -522,6 +523,7 @@ int recv_files(int f_in, int f_out, char *local_name)
247 char *fnametmp, fnametmpbuf[MAXPATHLEN];
248 char *fnamecmp, *partialptr;
249 char fnamecmpbuf[MAXPATHLEN];
250 + char *filter_argv[MAX_FILTER_ARGS + 1];
252 struct file_struct *file;
253 int itemizing = am_server ? logfile_format_has_i : stdout_format_has_i;
254 @@ -532,6 +534,7 @@ int recv_files(int f_in, int f_out, char *local_name)
255 const char *parent_dirname = "";
257 int ndx, recv_ok, one_inplace;
260 if (DEBUG_GTE(RECV, 1))
261 rprintf(FINFO, "recv_files(%d) starting\n", cur_flist->used);
262 @@ -539,6 +542,23 @@ int recv_files(int f_in, int f_out, char *local_name)
264 delayed_bits = bitbag_create(cur_flist->used + 1);
270 + for (p = strtok(dest_filter, sep), i = 0;
271 + p && i < MAX_FILTER_ARGS;
272 + p = strtok(0, sep))
273 + filter_argv[i++] = p;
274 + filter_argv[i] = NULL;
277 + "Too many arguments to dest-filter (> %d)\n",
279 + exit_cleanup(RERR_SYNTAX);
286 @@ -853,6 +873,9 @@ int recv_files(int f_in, int f_out, char *local_name)
287 else if (!am_server && INFO_GTE(NAME, 1) && INFO_EQ(PROGRESS, 1))
288 rprintf(FINFO, "%s\n", fname);
291 + pid = run_filter(filter_argv, fd2, &fd2);
294 recv_ok = receive_data(f_in, fnamecmp, fd1, st.st_size, fname, fd2, file, inplace || one_inplace);
296 @@ -868,6 +891,16 @@ int recv_files(int f_in, int f_out, char *local_name)
297 exit_cleanup(RERR_FILEIO);
302 + wait_process_with_flush(pid, &status);
304 + rprintf(FERROR, "filter %s exited code: %d\n",
305 + dest_filter, status);
310 if ((recv_ok && (!delay_updates || !partialptr)) || inplace) {
311 if (partialptr == fname)
313 diff --git a/rsync.1.md b/rsync.1.md
316 @@ -418,6 +418,7 @@ detailed description below for a complete description.
317 --contimeout=SECONDS set daemon connection timeout in seconds
318 --ignore-times, -I don't skip files that match size and time
319 --size-only skip files that match in size
320 +--times-only skip files that match in mod-time
321 --modify-window=NUM, -@ set the accuracy for mod-time comparisons
322 --temp-dir=DIR, -T create temporary files in directory DIR
323 --fuzzy, -y find similar file for basis if no dest file
324 @@ -464,6 +465,8 @@ detailed description below for a complete description.
325 --write-batch=FILE write a batched update to FILE
326 --only-write-batch=FILE like --write-batch but w/o updating dest
327 --read-batch=FILE read a batched update from FILE
328 +--source-filter=COMMAND filter file through COMMAND at source
329 +--dest-filter=COMMAND filter file through COMMAND at destination
330 --protocol=NUM force an older protocol version to be used
331 --iconv=CONVERT_SPEC request charset conversion of filenames
332 --checksum-seed=NUM set block/file checksum seed (advanced)
333 @@ -3289,6 +3292,36 @@ your home directory (remove the '=' for that).
334 `--write-batch`. If _FILE_ is `-`, the batch data will be read from
335 standard input. See the "BATCH MODE" section for details.
337 +0. `--source-filter=COMMAND`
339 + This option allows the user to specify a filter program that will be
340 + applied to the contents of all transferred regular files before the data is
341 + sent to destination. COMMAND will receive the data on its standard input
342 + and it should write the filtered data to standard output. COMMAND should
343 + exit non-zero if it cannot process the data or if it encounters an error
344 + when writing the data to stdout.
346 + Example: `--source-filter="gzip -9"` will cause remote files to be
347 + compressed. Use of `--source-filter` automatically enables `--whole-file`.
348 + If your filter does not output the same number of bytes that it received on
349 + input, you should use `--times-only` to disable size and content checks on
350 + subsequent rsync runs.
352 +0. `--dest-filter=COMMAND`
354 + This option allows you to specify a filter program that will be applied to
355 + the contents of all transferred regular files before the data is written to
356 + disk. COMMAND will receive the data on its standard input and it should
357 + write the filtered data to standard output. COMMAND should exit non-zero
358 + if it cannot process the data or if it encounters an error when writing the
361 + Example: --dest-filter="gzip -9" will cause remote files to be compressed.
362 + Use of --dest-filter automatically enables --whole-file. If your filter
363 + does not output the same number of bytes that it received on input, you
364 + should use --times-only to disable size and content checks on subsequent
369 Force an older protocol version to be used. This is useful for creating a
370 diff --git a/rsync.h b/rsync.h
374 #define IOERR_DEL_LIMIT (1<<2)
376 #define MAX_ARGS 1000
377 +#define MAX_FILTER_ARGS 100
378 #define MAX_BASIS_DIRS 20
379 #define MAX_SERVER_ARGS (MAX_BASIS_DIRS*2 + 100)
381 diff --git a/sender.c b/sender.c
391 extern int am_server;
392 @@ -47,6 +48,7 @@ extern int batch_fd;
393 extern int write_batch;
394 extern int file_old_total;
395 extern BOOL want_progress_now;
396 +extern char *source_filter;
397 extern struct stats stats;
398 extern struct file_list *cur_flist, *first_flist, *dir_flist;
400 @@ -200,6 +202,26 @@ void send_files(int f_in, int f_out)
401 int f_xfer = write_batch < 0 ? batch_fd : f_out;
402 int save_io_error = io_error;
404 + char *filter_argv[MAX_FILTER_ARGS + 1];
406 + int unlink_tmp = 0;
408 + if (source_filter) {
412 + for (p = strtok(source_filter, sep), i = 0;
413 + p && i < MAX_FILTER_ARGS;
414 + p = strtok(0, sep))
415 + filter_argv[i++] = p;
416 + filter_argv[i] = NULL;
419 + "Too many arguments to source-filter (> %d)\n",
421 + exit_cleanup(RERR_SYNTAX);
425 if (DEBUG_GTE(SEND, 1))
426 rprintf(FINFO, "send_files starting\n");
427 @@ -334,6 +356,7 @@ void send_files(int f_in, int f_out)
428 exit_cleanup(RERR_PROTOCOL);
432 fd = do_open(fname, O_RDONLY, 0);
434 if (errno == ENOENT) {
435 @@ -353,6 +376,33 @@ void send_files(int f_in, int f_out)
439 + if (source_filter) {
441 + char *tmpl = "/tmp/rsync-filtered_sourceXXXXXX";
443 + tmp = strdup(tmpl);
444 + fd2 = mkstemp(tmp);
446 + rprintf(FERROR, "mkstemp %s failed: %s\n",
447 + tmp, strerror(errno));
450 + pid_t pid = run_filter_on_file(filter_argv, fd2, fd);
453 + wait_process_with_flush(pid, &status);
456 + "bypassing source filter %s; exited with code: %d\n",
457 + source_filter, status);
458 + fd = do_open(fname, O_RDONLY, 0);
460 + fd = do_open(tmp, O_RDONLY, 0);
466 /* map the local file */
467 if (do_fstat(fd, &st) != 0) {
468 io_error |= IOERR_GENERAL;
469 @@ -414,6 +464,8 @@ void send_files(int f_in, int f_out)