From 418e38a8789fd9b668961f945382c78806f2fb20 Mon Sep 17 00:00:00 2001 From: Wayne Davison Date: Sat, 10 Sep 2022 21:30:46 -0700 Subject: [PATCH] Talk about the new daemon greeting line. --- csprotocol.txt | 52 ++++++++++++++++++++++++++++++++++---------------- 1 file changed, 36 insertions(+), 16 deletions(-) diff --git a/csprotocol.txt b/csprotocol.txt index c8dadd41..4c7ec5b8 100644 --- a/csprotocol.txt +++ b/csprotocol.txt @@ -7,39 +7,54 @@ basically a summary of clientserver.c and authenticate.c. This is the protocol used for rsync --daemon; i.e. connections to port 873 rather than invocations over a remote shell. -When the server accepts a connection, it prints a greeting +When the server accepts a connection, it prints a newline-terminated +greeting line: - @RSYNCD: . + @RSYNCD: . -where is the numeric version (see PROTOCOL_VERSION in rsync.h) -'.' is a literal period, and is the numeric subprotocol -version (see SUBPROTOCOL_VERSION -- it will be 0 for final releases). -Protocols prior to 30 only output alone. The daemon expects -to see a similar greeting back from the client. For protocols prior to -30, an absent "." value is assumed to be 0. For protocol -30, an absent value is a fatal error. The daemon then follows this line -with a free-format text message-of-the-day (if any is defined). +The is the numeric version (see PROTOCOL_VERSION in rsync.h) +The is the numeric subprotocol version (which is 0 for a +final protocol version, as the SUBPROTOCOL_VERSION define discusses). +The names are the authentication digest algorithms that the +daemon supports, listed in order of preference. + +An rsync prior to 3.2.7 omits the digest names. An rsync prior to 3.0.0 +also omits the period and the value. Since a final +protocol has a subprotocol value of 0, a missing subprotocol value is +assumed to be 0 for any protocol prior to 30. It is considered a fatal +error for protocol 30 and above to omit it. It is considered a fatal +error for protocol 32 and above to omit the digest name list (currently +31 is the newest protocol). + +The daemon expects to see a similar greeting line back from the client. +Once received, the daemon follows the opening line with a free-format +text message-of-the-day (if any is defined). The server is now in the connected state. The client can either send -the command +the command: #list -to get a listing of modules, or the name of a module. After this, the +(to get a listing of modules) or the name of a module. After this, the connection is now bound to a particular module. Access per host for this module is now checked, as is per-module connection limits. -If authentication is required to use this module, the server will say +If authentication is required to use this module, the server will say: @RSYNCD: AUTHREQD where is a random string of base64 characters. The client -must respond with +must respond with: -where is the username they claim to be, and is the -base64 form of the MD4 hash of challenge+password. +The is the username they claim to be. The is the +base64 form of the digest hash of the challenge+password string. The +chosen digest method is the most preferred client method that is also in +the server's list. If no digest list was explicitly provided, the side +expecting a list assumes the other side provided either the single name +"md5" (for a negotiated protocol 30), or the single name "md4" (for an +older protocol). At this point the server applies all remaining constraints before handing control to the client, including switching uid/gid, setting up @@ -76,6 +91,11 @@ stay tuned (or write it yourself!). ------------ Protocol version changes +31 (2022-09-10, 3.2.7dev) + + The use of a suffixed list of digest names was added as an + optional suffix to the greeting line. + 30 (2007-10-04, 3.0.0pre1) The use of a "." number was added to -- 2.47.2