static void createImageGroupClassificationHeaders(image_session_t *mySession, image_detected_count_t *count)
{
image_detected_count_t *current;
char header[myMAX_HEADER + 1];
const char *rating = "#########+";
uint16_t current_category;
// modify headers
if (!ci_http_response_headers(mySession->req))
ci_http_response_create(mySession->req, 1, 1);
snprintf(header, myMAX_HEADER, "X-IMAGE-GROUP-CATEGORIES:");
// Loop through categories
for(current_category = 0; current_category < num_image_categories; current_category++) {
current = &count[current_category];
// add each category to header
if(current->count)
{
char *oldHeader = myStrDup(header);
snprintf(header, myMAX_HEADER, "%s %s(%.*s)", oldHeader, current->category->name, (current->count > 10 ? 10 : current->count), rating);
free(oldHeader);
}
mySession->featuresDetected += current->count;
}
// add IMAGE-CATEGORIES header
header[myMAX_HEADER] = '\0';
if(mySession->featuresDetected)
{
ci_http_response_add_header(mySession->req, header);
ci_debug_printf(10, "Added header: %s\n", header);
// Add other headers
addReferrerHeaders(mySession->req, mySession->referrer_fhs_classification, mySession->referrer_fnb_classification);
}
}
void generate_error_page(av_req_data_t * data, ci_request_t * req)
{
int new_size = 0;
ci_membuf_t *error_page;
char buf[128];
snprintf(buf, 128, "X-Infection-Found: Type=0; Resolution=2; Threat=%s;",
data->virus_name);
buf[127] = '\0';
ci_icap_add_xheader(req, buf);
new_size =
strlen(clamav_error_message) + strlen(clamav_tail_message) +
strlen(data->virus_name) + 10;
if ( ci_http_response_headers(req))
ci_http_response_reset_headers(req);
else
ci_http_response_create(req, 1, 1);
ci_http_response_add_header(req, "HTTP/1.0 403 Forbidden");
ci_http_response_add_header(req, "Server: C-ICAP");
ci_http_response_add_header(req, "Connection: close");
ci_http_response_add_header(req, "Content-Type: text/html");
ci_http_response_add_header(req, "Content-Language: en");
error_page = ci_membuf_new_sized(new_size);
((av_req_data_t *) data)->error_page = error_page;
ci_membuf_write(error_page, (char *) clamav_error_message,
strlen(clamav_error_message), 0);
ci_membuf_write(error_page, (char *) data->virus_name,
strlen(data->virus_name), 0);
ci_membuf_write(error_page, (char *) clamav_tail_message, strlen(clamav_tail_message), 1); /*And here is the eof.... */
}
static void addImageErrorHeaders(ci_request_t *req, int error)
{
char header[myMAX_HEADER + 1];
// modify headers
if (!ci_http_response_headers(req))
ci_http_response_create(req, 1, 1);
switch(error)
{
case IMAGE_NO_MEMORY:
snprintf(header, myMAX_HEADER, "X-IMAGE-ERROR: OUT OF MEMORY");
break;
case IMAGE_NO_CATEGORIES:
snprintf(header, myMAX_HEADER, "X-IMAGE-ERROR: NO CATEGORIES PROVIDED, CAN'T PROCESS");
break;
case IMAGE_FAILED_LOAD:
snprintf(header, myMAX_HEADER, "X-IMAGE-ERROR: FAILED TO LOAD IMAGE (Corrupted or Unknown Format)");
break;
default:
snprintf(header, myMAX_HEADER, "X-IMAGE-ERROR: UNKNOWN ERROR");
break;
}
// add IMAGE-CATEGORIES header
header[myMAX_HEADER] = '\0';
ci_http_response_add_header(req, header);
ci_debug_printf(3, "Added error header: %s\n", header);
}
/*
* srv_url_checkからいんよう
*/
void rewriteResponse403(ci_request_t * req) {
ci_http_response_create(req,1,1);
ci_http_response_add_header(req, "HTTP/1.0 403 Forbidden"); /*Send an 403 Forbidden http responce to web client */
ci_http_response_add_header(req, "Server: c-icap-xss");
ci_http_response_add_header(req, "Content-Type: text/html");
ci_http_response_add_header(req, "Connection: close");
ci_http_response_add_header(req, "Content-Language: en");
}
static void createImageClassificationHeaders(image_session_t *mySession)
{
image_detected_t *current;
char header[myMAX_HEADER + 1];
const char *rating = "#########+";
int i;
uint16_t current_category;
// modify headers
if (!ci_http_response_headers(mySession->req))
ci_http_response_create(mySession->req, 1, 1);
snprintf(header, myMAX_HEADER, "X-IMAGE-CATEGORIES:");
// Loop through categories
for(current_category = 0; current_category < num_image_categories; current_category++) {
current = &mySession->detected[current_category];
if(current->detected)
{
// Loop the number of detected objects
for(i = 0; i < current->detected->total; i++ )
{
// Reset rectangles to original size
CvRect* r = (CvRect*)cvGetSeqElem( current->detected, i );
r->x = (int)(r->x * mySession->scale);
r->y = (int)(r->y * mySession->scale);
r->height = (int)(r->height * mySession->scale);
r->width = (int)(r->width * mySession->scale);
}
// add each category to header
if(current->detected->total)
{
char *oldHeader = myStrDup(header);
snprintf(header, myMAX_HEADER, "%s %s(%.*s)", oldHeader, current->category->name, (current->detected->total > 10 ? 10 : current->detected->total), rating);
free(oldHeader);
}
mySession->featuresDetected += current->detected->total;
}
}
// add IMAGE-CATEGORIES header
header[myMAX_HEADER] = '\0';
if(mySession->featuresDetected)
{
ci_http_response_add_header(mySession->req, header);
ci_debug_printf(10, "Added header: %s\n", header);
// Add other headers
addReferrerHeaders(mySession->req, mySession->referrer_fhs_classification, mySession->referrer_fnb_classification);
}
}
int info_check_preview_handler(char *preview_data, int preview_data_len,
ci_request_t * req)
{
struct info_req_data *info_data = ci_service_data(req);
if (ci_req_hasbody(req))
return CI_MOD_ALLOW204;
ci_req_unlock_data(req);
ci_http_response_create(req, 1, 1); /*Build the responce headers */
ci_http_response_add_header(req, "HTTP/1.0 200 OK");
ci_http_response_add_header(req, "Server: C-ICAP");
ci_http_response_add_header(req, "Content-Type: text/html");
ci_http_response_add_header(req, "Content-Language: en");
ci_http_response_add_header(req, "Connection: close");
if (info_data->body) {
build_statistics (info_data);
}
return CI_MOD_CONTINUE;
}
int ci_client_icapfilter(ci_request_t * req,
int timeout,
ci_headers_list_t * headers,
void *data_source, int (*source_read) (void *, char *,
int),
void *data_dest, int (*dest_write) (void *, char *,
int))
{
int i, ret, v1, v2, remains, pre_eof = 0, preview_status;
char *buf, *val;
if (CI_OK !=
client_create_request(req, req->req_server, req->service,
req->type)) {
ci_debug_printf(1, "Error making respmod request ....\n");
return CI_ERROR;
}
if (!data_source)
req->preview = -1;
if (req->preview > 0) { /*The preview data will be send with headers.... */
ci_buf_mem_alloc(&(req->preview_data), req->preview); /*Alloc mem for preview data */
buf = req->preview_data.buf;
remains = req->preview;
while (remains && !pre_eof) { /*Getting the preview data */
if ((ret = (*source_read) (data_source, buf, remains)) <= 0) {
pre_eof = 1;
break;
}
remains -= ret;
}
req->preview -= remains;
req->preview_data.used = req->preview;
}
if (pre_eof)
req->eof_received = 1;
/*Add the user supplied headers */
if (req->type == ICAP_REQMOD && headers) {
ci_http_request_create(req, (data_source!= NULL));
for (i = 0; i < headers->used; i++) {
ci_http_request_add_header(req, headers->headers[i]);
}
}
else if (headers) {
ci_http_response_create(req, 1, 1);
for (i = 0; i < headers->used; i++) {
ci_http_response_add_header(req, headers->headers[i]);
}
}
else
ci_http_response_create(req, 0, 1);
if ((ret = client_send_request_headers(req, pre_eof, timeout)) < 0) {
return CI_ERROR;
}
/*send body */
/* ci_headers_reset(req->head);*/
for (i = 0; req->entities[i] != NULL; i++) {
ci_request_release_entity(req, i);
}
preview_status = 100;
if (req->preview >= 0) { /*we must wait for ICAP responce here..... */
do {
ci_wait_for_incomming_data(req->connection->fd, timeout);
if (net_data_read(req) == CI_ERROR)
return CI_ERROR;
} while (client_parse_icap_header(req, req->response_header) == CI_NEEDS_MORE);
sscanf(req->response_header->buf, "ICAP/%d.%d %d", &v1, &v2, &preview_status);
ci_debug_printf(3, "Preview response was with status: %d \n",
preview_status);
if (req->eof_received && preview_status == 200) {
ci_headers_unpack(req->response_header);
if ((val = ci_headers_search(req->response_header, "Encapsulated")) == NULL) {
ci_debug_printf(1, "No encapsulated entities!\n");
return CI_ERROR;
}
process_encapsulated(req, val);
if (!req->entities[1]) /*Then we have only body */
req->status = GET_BODY;
else
req->status = GET_HEADERS;
}
else
ci_headers_reset(req->response_header);
}
if (preview_status == 204)
return 204;
ret =
client_send_get_data(req, timeout, data_source, source_read, data_dest,
dest_write);
return ret;
}
int url_check_check_preview(char *preview_data, int preview_data_len,
ci_request_t * req)
{
ci_headers_list_t *req_header;
struct url_check_data *uc = ci_service_data(req);
struct http_info httpinf;
struct profile *profile;
int pass = DB_PASS;
if ((req_header = ci_http_request_headers(req)) == NULL) /*It is not possible but who knows ..... */
return CI_ERROR;
if (!get_http_info(req, req_header, &httpinf)) /*Unknown method or something else...*/
return CI_MOD_ALLOW204;
ci_debug_printf(9, "URL to host %s\n", httpinf.site);
ci_debug_printf(9, "URL page %s\n", httpinf.url);
profile = profile_select(req);
if (!profile) {
ci_debug_printf(1, "No Profile configured! Allowing the request...\n");
return CI_MOD_ALLOW204;
}
if ((pass=profile_access(profile, &httpinf)) == DB_ERROR) {
ci_debug_printf(1,"Error searching in profile! Allow the request\n");
return CI_MOD_ALLOW204;;
}
if (pass == DB_BLOCK) {
/*The URL is not a good one so.... */
ci_debug_printf(9, "Oh!!! we are going to deny this site.....\n");
uc->denied = 1;
uc->body = ci_cached_file_new(strlen(error_message) + 10);
ci_http_response_create(req, 1, 1); /*Build the responce headers */
ci_http_response_add_header(req, "HTTP/1.0 403 Forbidden"); /*Send an 403 Forbidden http responce to web client */
ci_http_response_add_header(req, "Server: C-ICAP");
ci_http_response_add_header(req, "Content-Type: text/html");
ci_http_response_add_header(req, "Content-Language: en");
ci_http_response_add_header(req, "Connection: close");
ci_cached_file_write(uc->body, error_message, strlen(error_message),
1);
}
else {
/*if we are inside preview negotiation or client allow204 responces oudsite of preview then */
if (preview_data || ci_req_allow204(req))
return CI_MOD_ALLOW204;
/*
icap client does not support preview of data in reqmod requests neither 204 responces outside preview
so we need to read all the body if exists and send it back to client.
Allocate a new body for it
*/
if (ci_req_hasbody(req)) {
int clen = ci_http_content_length(req) + 100;
uc->body = ci_cached_file_new(clen);
}
}
unlock_data(req);
return CI_MOD_CONTINUE;
}
