added --password-file patch from Alex Schlessinger <alex@inconnect.com>

(yes, I know I'm not supposed to be doing rsync work at the moment!
only four weeks to go ...)

authenticate.c

@@ -130,6 +130,53 @@ static int get_secret(int module, char *user, char *secret, int len)
 	return 1;
 }
 
+static char *getpassf(char *filename)
+{
+	char buffer[100];
+	int len=0;
+	int fd=0;
+	STRUCT_STAT st;
+	int ok = 1;
+	extern int am_root;
+	char *envpw=getenv("RSYNC_PASSWORD");
+
+	if (!filename) return NULL;
+
+	if ( (fd=open(filename,O_RDONLY)) == -1) {
+		rprintf(FERROR,"could not open password file \"%s\"\n",filename);
+		if (envpw) rprintf(FERROR,"falling back to RSYNC_PASSWORD environment variable.\n");	
+		return NULL;
+	}
+	
+	if (do_stat(filename, &st) == -1) {
+		rprintf(FERROR,"stat(%s) : %s\n", filename, strerror(errno));
+		ok = 0;
+	} else if ((st.st_mode & 06) != 0) {
+		rprintf(FERROR,"password file must not be other-accessible\n");
+		ok = 0;
+	} else if (am_root && (st.st_uid != 0)) {
+		rprintf(FERROR,"password file must be owned by root when running as root\n");
+		ok = 0;
+	}
+	if (!ok) {
+		rprintf(FERROR,"continuing without password file\n");
+		if (envpw) rprintf(FERROR,"using RSYNC_PASSWORD environment variable.\n");
+		close(fd);
+		return NULL;
+	}
+
+	if (envpw) rprintf(FERROR,"RSYNC_PASSWORD environment variable ignored\n");
+
+	buffer[sizeof(buffer)-1]='\0';
+	if ( (len=read(fd,buffer,sizeof(buffer)-1)) > 0)
+	{
+		close(fd);
+		return strdup(strtok(buffer,"\n\r"));
+	}	
+
+	return NULL;
+}
+
 /* generate a 16 byte hash from a password and challenge */
 static void generate_hash(char *in, char *challenge, char *out)
 {
@@ -216,10 +263,11 @@ void auth_client(int fd, char *user, char *challenge)
 {
 	char *pass;
 	char pass2[30];
+	extern char *password_file;
 
 	if (!user || !*user) return;
 
-	if (!(pass=getenv("RSYNC_PASSWORD"))) {
+	if (!(pass=getpassf(password_file)) && !(pass=getenv("RSYNC_PASSWORD"))) {
 		pass = getpass("Password: ");
 	}
 
@@ -228,7 +276,7 @@ void auth_client(int fd, char *user, char *challenge)
 	}
 
 	generate_hash(pass, challenge, pass2);
-	
 	io_printf(fd, "%s %s\n", user, pass2);
 }
 
+

options.c

@@ -59,7 +59,6 @@ int do_stats=0;
 int do_progress=0;
 int keep_partial=0;
 int safe_symlinks=0;
-
 int block_size=BLOCK_SIZE;
 
 char *backup_suffix = BACKUP_SUFFIX;
@@ -68,7 +67,7 @@ char *compare_dest = NULL;
 char *config_file = RSYNCD_CONF;
 char *shell_cmd = NULL;
 char *log_format = NULL;
-
+char *password_file = NULL;
 char *rsync_path = RSYNC_NAME;
 int rsync_port = RSYNC_PORT;
 
@@ -135,6 +134,7 @@ void usage(int F)
   rprintf(F,"     --stats                 give some file transfer stats\n");  
   rprintf(F,"     --progress              show progress during transfer\n");  
   rprintf(F,"     --log-format=FORMAT     log file transfers using specified format\n");  
+  rprintf(F,"     --password-file=FILE    get password from FILE\n");
   rprintf(F," -h, --help                  show this help screen\n");
 
   rprintf(F,"\n");
@@ -149,7 +149,7 @@ enum {OPT_VERSION,OPT_SUFFIX,OPT_SENDER,OPT_SERVER,OPT_EXCLUDE,
       OPT_EXCLUDE_FROM,OPT_DELETE,OPT_NUMERIC_IDS,OPT_RSYNC_PATH,
       OPT_FORCE,OPT_TIMEOUT,OPT_DAEMON,OPT_CONFIG,OPT_PORT,
       OPT_INCLUDE, OPT_INCLUDE_FROM, OPT_STATS, OPT_PARTIAL, OPT_PROGRESS,
-      OPT_SAFE_LINKS, OPT_COMPARE_DEST, OPT_LOG_FORMAT};
+      OPT_SAFE_LINKS, OPT_COMPARE_DEST, OPT_LOG_FORMAT,OPT_PASSWORD_FILE};
 
 static char *short_options = "oblLWHpguDCtcahvrRIxnSe:B:T:z";
 
@@ -165,6 +165,7 @@ static struct option long_options[] = {
   {"include",     1,     0,    OPT_INCLUDE},
   {"include-from",1,     0,    OPT_INCLUDE_FROM},
   {"rsync-path",  1,     0,    OPT_RSYNC_PATH},
+  {"password-file", 1,	0,     OPT_PASSWORD_FILE},
   {"one-file-system",0,  0,    'x'},
   {"ignore-times",0,     0,    'I'},
   {"help",        0,     0,    'h'},
@@ -276,7 +277,10 @@ int parse_arguments(int argc, char *argv[])
 		case OPT_RSYNC_PATH:
 			rsync_path = optarg;
 			break;
-			
+	
+		case OPT_PASSWORD_FILE:
+			password_file =optarg;
+			break;		
 		case 'I':
 			ignore_times = 1;
 			break;

rsync.yo

@@ -159,10 +159,11 @@ itemize(
 Some paths on the remote server may require authentication. If so then
 you will receive a password prompt when you connect. You can avoid the
 password prompt by setting the environment variable RSYNC_PASSWORD to
-the password you want to use. This may be useful when scripting rsync.
+the password you want to use or using the --password-file option. This
+may be useful when scripting rsync.
 
 WARNING: On some systems environment variables are visible to all
-users. 
+users. On those systems using --password-file is recommended.
 
 manpagesection(RUNNING AN RSYNC SERVER)
 
@@ -262,6 +263,7 @@ Options
      --port=PORT             specify alternate rsyncd port number
      --stats                 give some file transfer stats
      --progress              show progress during transfer
+     --password-file=FILE    get password from FILE
      --log-format=FORMAT     log file transfers using specified format
  -h, --help                  show this help screen
 )
@@ -581,6 +583,12 @@ dit(bf(--progress)) This option tells rsync to print information
 showing the progress of the transfer. This gives a bored user
 something to watch.
 
+dit(bf(--password-file)) This option allows you to provide a password
+in a file for accessing a remote rsync server. Note that this option
+is only useful when accessing a rsync server using the built in
+transport, not when using a remote shell as the transport. The file
+must not be world readable.
+
 enddit()
 
 manpagesection(EXCLUDE PATTERNS)