diff options
Diffstat (limited to 'csprotocol.txt')
-rw-r--r-- | csprotocol.txt | 110 |
1 files changed, 110 insertions, 0 deletions
diff --git a/csprotocol.txt b/csprotocol.txt new file mode 100644 index 0000000..7ba09ab --- /dev/null +++ b/csprotocol.txt @@ -0,0 +1,110 @@ +This is kind of informal and may be wrong, but it helped me. It's +basically a summary of clientserver.c and authenticate.c. + + -- Martin Pool <mbp@samba.org> + + +This is the protocol used for rsync --daemon; i.e. connections to port +873 rather than invocations over a remote shell. + +When the server accepts a connection, it prints a newline-terminated +greeting line: + + @RSYNCD: <version>.<subprotocol> <digest1> <digestN> + +The <version> is the numeric version (see PROTOCOL_VERSION in rsync.h) +The <subprotocol> is the numeric subprotocol version (which is 0 for a +final protocol version, as the SUBPROTOCOL_VERSION define discusses). +The <digestN> names are the authentication digest algorithms that the +daemon supports, listed in order of preference. + +An rsync prior to 3.2.7 omits the digest names. An rsync prior to 3.0.0 +also omits the period and the <subprotocol> value. Since a final +protocol has a subprotocol value of 0, a missing subprotocol value is +assumed to be 0 for any protocol prior to 30. It is considered a fatal +error for protocol 30 and above to omit it. It is considered a fatal +error for protocol 32 and above to omit the digest name list (currently +31 is the newest protocol). + +The daemon expects to see a similar greeting line back from the client. +Once received, the daemon follows the opening line with a free-format +text message-of-the-day (if any is defined). + +The server is now in the connected state. The client can either send +the command: + + #list + +(to get a listing of modules) or the name of a module. After this, the +connection is now bound to a particular module. Access per host for +this module is now checked, as is per-module connection limits. + +If authentication is required to use this module, the server will say: + + @RSYNCD: AUTHREQD <challenge> + +where <challenge> is a random string of base64 characters. The client +must respond with: + + <user> <response> + +The <user> is the username they claim to be. The <response> is the +base64 form of the digest hash of the challenge+password string. The +chosen digest method is the most preferred client method that is also in +the server's list. If no digest list was explicitly provided, the side +expecting a list assumes the other side provided either the single name +"md5" (for a negotiated protocol 30 or 31), or the single name "md4" +(for an older protocol). + +At this point the server applies all remaining constraints before +handing control to the client, including switching uid/gid, setting up +include and exclude lists, moving to the root of the module, and doing +chroot. + +If the login is acceptable, then the server will respond with + + @RSYNCD: OK + +The client now writes some rsync options, as if it were remotely +executing the command. The server parses these arguments as if it had +just been invoked with them, but they're added to the existing state. +So if the client specifies a list of files to be included or excluded, +they'll defer to existing limits specified in the server +configuration. + +At this point the client and server both switch to using a +multiplexing layer across the socket. The main point of this is to +allow the server to asynchronously pass errors back, while still +allowing streamed and pipelined data. + +Unfortunately, the multiplex protocol is not used at every stage. We +start up in plain socket mode and then change over by calling +io_start_buffering. Of course both the client and the server have to +do this at the same point. + +The server then talks to the client as normal across the socket, +passing checksums, file lists and so on. For documentation of that, +stay tuned (or write it yourself!). + + + +------------ +Protocol version changes + +31 (2013-09-28, 3.1.0) + + Initial release of protocol 31 had no changes. Rsync 3.2.7 + introduced the suffixed list of digest names on the greeting + line. The presence of the list is allowed even if the greeting + indicates an older protocol version number. + +30 (2007-10-04, 3.0.0pre1) + + The use of a ".<subprotocol>" number was added to + @RSYNCD: <version>.<subprotocol> + +25 (2001-08-20, 2.4.7pre2) + + Send an explicit "@RSYNC EXIT" command at the end of the + module listing. We never intentionally end the transmission + by just closing the socket anymore. |