Added "strict modes" option. When set false (default is true), it allows

the secrets file to be readable by other users.  Added to support the Windows
port under cygwin.  Problem reported by Martin Krumpolec krumpo@pobox.sk

authenticate.c

@@ -87,12 +87,14 @@ static int get_secret(int module, char *user, char *secret, int len)
 	if (do_stat(fname, &st) == -1) {
 		rprintf(FERROR,"stat(%s) : %s\n", fname, strerror(errno));
 		ok = 0;
-	} else if ((st.st_mode & 06) != 0) {
-		rprintf(FERROR,"secrets file must not be other-accessible\n");
-		ok = 0;
-	} else if (am_root && (st.st_uid != 0)) {
-		rprintf(FERROR,"secrets file must be owned by root when running as root\n");
-		ok = 0;
+	} else if (lp_strict_modes(module)) {
+		if ((st.st_mode & 06) != 0) {
+			rprintf(FERROR,"secrets file must not be other-accessible (see strict modes option)\n");
+			ok = 0;
+		} else if (am_root && (st.st_uid != 0)) {
+			rprintf(FERROR,"secrets file must be owned by root when running as root (see strict modes)\n");
+			ok = 0;
+		}
 	}
 	if (!ok) {
 		rprintf(FERROR,"continuing without secrets file\n");

loadparm.c

@@ -123,6 +123,7 @@ typedef struct
 	char *hosts_deny;
 	char *auth_users;
 	char *secrets_file;
+	BOOL strict_modes;
 	char *exclude;
 	char *exclude_from;
 	char *include;
@@ -152,6 +153,7 @@ static service sDefault =
 	NULL,    /* hosts deny */
 	NULL,    /* auth users */
 	NULL,    /* secrets file */
+	True,   /* strict modes */
 	NULL,    /* exclude */
 	NULL,    /* exclude from */
 	NULL,    /* include */
@@ -264,6 +266,7 @@ static struct parm_struct parm_table[] =
   {"hosts deny",       P_STRING,  P_LOCAL,  &sDefault.hosts_deny,  NULL,   0},
   {"auth users",       P_STRING,  P_LOCAL,  &sDefault.auth_users,  NULL,   0},
   {"secrets file",     P_STRING,  P_LOCAL,  &sDefault.secrets_file,NULL,   0},
+  {"strict modes",     P_BOOL,    P_LOCAL,  &sDefault.strict_modes,NULL,   0},
   {"exclude",          P_STRING,  P_LOCAL,  &sDefault.exclude,     NULL,   0},
   {"exclude from",     P_STRING,  P_LOCAL,  &sDefault.exclude_from,NULL,   0},
   {"include",          P_STRING,  P_LOCAL,  &sDefault.include,     NULL,   0},
@@ -339,6 +342,7 @@ FN_LOCAL_STRING(lp_hosts_allow, hosts_allow)
 FN_LOCAL_STRING(lp_hosts_deny, hosts_deny)
 FN_LOCAL_STRING(lp_auth_users, auth_users)
 FN_LOCAL_STRING(lp_secrets_file, secrets_file)
+FN_LOCAL_BOOL(lp_strict_modes, strict_modes)
 FN_LOCAL_STRING(lp_exclude, exclude)
 FN_LOCAL_STRING(lp_exclude_from, exclude_from)
 FN_LOCAL_STRING(lp_include, include)

rsyncd.conf.yo

@@ -1,5 +1,5 @@
 mailto(rsync-bugs@samba.org)
-manpage(rsyncd.conf)(5)(21 Jan 1999)()()
+manpage(rsyncd.conf)(5)(9 Feb 1999)()()
 manpagename(rsyncd.conf)(configuration file for rsync server)
 manpagesynopsis()
 
@@ -211,10 +211,15 @@ can contain any characters but be warned that many operating systems
 limit the length of passwords that can be typed at the client end, so
 you may find that passwords longer than 8 characters don't work. 
 
-bf(You should make sure that the secrets file is not readable by anyone
-other than the system administrator.) There is no default for the
-"secrets file" option, you must choose a name (such as
-tt(/etc/rsyncd.secrets)).
+There is no default for the "secrets file" option, you must choose a name
+(such as tt(/etc/rsyncd.secrets)).
+
+dit(bf(strict modes)) The "strict modes" option determines whether or not 
+the permissions on the secrets file will be checked.  If "strict modes" is
+true, then the secrets file must not be readable by any user id other
+than the one that the rsync daemon is running under.  If "strict modes" is
+false, the check is not performed.  The default is true.  This option
+was added to accommodate rsync running on the Windows operating system.
 
 dit(bf(hosts allow)) The "hosts allow" option allows you to specify a
 list of patterns that are matched against a connecting clients