Allow --password-file=- for a stdin-supplied password.

diff --git a/authenticate.c b/authenticate.c
index c11db2532ac5805bc33ceec8d5b17ed19359d826..84d78c52a31742408b495db890700f313f8830e9 100644 (file)
--- a/authenticate.c
+++ b/authenticate.c
@@ -170,31 +170,38 @@ static const char *getpassf(const char *filename)
 {
        STRUCT_STAT st;
        char buffer[512], *p;
-       int fd, n;
+       int n;
 
        if (!filename)
                return NULL;
 
-       if ((fd = open(filename,O_RDONLY)) < 0) {
-               rsyserr(FERROR, errno, "could not open password file %s", filename);
-               exit_cleanup(RERR_SYNTAX);
-       }
+       if (strcmp(filename, "-") == 0) {
+               n = fgets(buffer, sizeof buffer, stdin) == NULL ? -1 : (int)strlen(buffer);
+       } else {
+               int fd;
 
-       if (do_stat(filename, &st) == -1) {
-               rsyserr(FERROR, errno, "stat(%s)", filename);
-               exit_cleanup(RERR_SYNTAX);
-       }
-       if ((st.st_mode & 06) != 0) {
-               rprintf(FERROR, "ERROR: password file must not be other-accessible\n");
-               exit_cleanup(RERR_SYNTAX);
-       }
-       if (MY_UID() == 0 && st.st_uid != 0) {
-               rprintf(FERROR, "ERROR: password file must be owned by root when running as root\n");
-               exit_cleanup(RERR_SYNTAX);
+               if ((fd = open(filename,O_RDONLY)) < 0) {
+                       rsyserr(FERROR, errno, "could not open password file %s", filename);
+                       exit_cleanup(RERR_SYNTAX);
+               }
+
+               if (do_stat(filename, &st) == -1) {
+                       rsyserr(FERROR, errno, "stat(%s)", filename);
+                       exit_cleanup(RERR_SYNTAX);
+               }
+               if ((st.st_mode & 06) != 0) {
+                       rprintf(FERROR, "ERROR: password file must not be other-accessible\n");
+                       exit_cleanup(RERR_SYNTAX);
+               }
+               if (MY_UID() == 0 && st.st_uid != 0) {
+                       rprintf(FERROR, "ERROR: password file must be owned by root when running as root\n");
+                       exit_cleanup(RERR_SYNTAX);
+               }
+
+               n = read(fd, buffer, sizeof buffer - 1);
+               close(fd);
        }
 
-       n = read(fd, buffer, sizeof buffer - 1);
-       close(fd);
        if (n > 0) {
                buffer[n] = '\0';
                if ((p = strtok(buffer, "\n\r")) != NULL)

diff --git a/rsync.yo b/rsync.yo
index 3aef0c2dc7e9fb456c3e1f346e81134f698fc961..2f68e47895f4f1bf5da13ab8408ecdc95f42918e 100644 (file)
--- a/rsync.yo
+++ b/rsync.yo
@@ -2416,10 +2416,11 @@ want to see how the transfer is doing without scrolling the screen with a
 lot of names.  (You don't need to specify the bf(--progress) option in
 order to use bf(--info=progress2).)
 
-dit(bf(--password-file)) This option allows you to provide a password in a
-file for accessing an rsync daemon.  The file must not be world readable.
-It should contain just the password as the first line of the file (all
-other lines are ignored).
+dit(bf(--password-file=FILE)) This option allows you to provide a password for
+accessing an rsync daemon via a file or via standard input if bf(FILE) is
+bf(-).  The file should contain just the password on the first line (all other
+lines are ignored).  Rsync will exit with an error if bf(FILE) is world
+readable or if a root-run rsync command finds a non-root-owned file.
 
 This option does not supply a password to a remote shell transport such as
 ssh; to learn how to do that, consult the remote shell's documentation.