예제 #1
0
/* returns
 *  -1 on fatal error (shutdown)
 *  0 on ok
 *  >0 errors encountered
 */
int command(client_conn_t *conn, int *virus)
{
    int desc = conn->sd;
    struct cl_engine *engine = conn->engine;
    unsigned int options = conn->options;
    const struct optstruct *opts = conn->opts;
    int type = -1; /* TODO: make this enum */
    int maxdirrec;
    int ret = 0;
    int flags = CLI_FTW_STD;

    struct scan_cb_data scandata;
    struct cli_ftw_cbdata data;
    unsigned ok, error, total;
    STATBUF sb;
    jobgroup_t *group = NULL;

    if (thrmgr_group_need_terminate(conn->group)) {
	logg("$Client disconnected while command was active\n");
	if (conn->scanfd != -1)
	    close(conn->scanfd);
	return 1;
    }
    thrmgr_setactiveengine(engine);

    data.data = &scandata;
    memset(&scandata, 0, sizeof(scandata));
    scandata.id = conn->id;
    scandata.group = conn->group;
    scandata.odesc = desc;
    scandata.conn = conn;
    scandata.options = options;
    scandata.engine = engine;
    scandata.opts = opts;
    scandata.thr_pool = conn->thrpool;
    scandata.toplevel_path = conn->filename;

    switch (conn->cmdtype) {
	case COMMAND_SCAN:
	    thrmgr_setactivetask(NULL, "SCAN");
	    type = TYPE_SCAN;
	    break;
	case COMMAND_CONTSCAN:
	    thrmgr_setactivetask(NULL, "CONTSCAN");
	    type = TYPE_CONTSCAN;
	    break;
	case COMMAND_MULTISCAN: {
	    int multiscan, max, alive;

	    /* use MULTISCAN only for directories (bb #1869) */
	    if (STAT(conn->filename, &sb) == 0 &&
		!S_ISDIR(sb.st_mode)) {
		thrmgr_setactivetask(NULL, "CONTSCAN");
		type = TYPE_CONTSCAN;
		break;
	    }

	    pthread_mutex_lock(&conn->thrpool->pool_mutex);
	    multiscan = conn->thrpool->thr_multiscan;
	    max = conn->thrpool->thr_max;
	    if (multiscan+1 < max)
		conn->thrpool->thr_multiscan = multiscan+1;
	    else {
		alive = conn->thrpool->thr_alive;
		ret = -1;
	    }
	    pthread_mutex_unlock(&conn->thrpool->pool_mutex);
	    if (ret) {
		/* multiscan has 1 control thread, so there needs to be at least
		   1 threads that is a non-multiscan controlthread to scan and
		   make progress. */
		logg("^Not enough threads for multiscan. Max: %d, Alive: %d, Multiscan: %d+1\n",
		     max, alive, multiscan);
		conn_reply(conn, conn->filename, "Not enough threads for multiscan. Increase MaxThreads.", "ERROR");
		return 1;
	    }
	    flags &= ~CLI_FTW_NEED_STAT;
	    thrmgr_setactivetask(NULL, "MULTISCAN");
	    type = TYPE_MULTISCAN;
	    scandata.group = group = thrmgr_group_new();
	    if (!group) {
	      if(optget(opts, "ExitOnOOM")->enabled)
		return -1;
	      else
		return 1;
	    }
	    break;
	    }
	case COMMAND_MULTISCANFILE:
	    thrmgr_setactivetask(NULL, "MULTISCANFILE");
	    scandata.group = NULL;
	    scandata.type = TYPE_SCAN;
	    scandata.thr_pool = NULL;
	    /* TODO: check ret value */
	    ret = scan_callback(NULL, conn->filename, conn->filename, visit_file, &data);	    /* callback freed it */
	    conn->filename = NULL;
	    *virus = scandata.infected;
	    if (ret == CL_BREAK) {
		thrmgr_group_terminate(conn->group);
		return 1;
	    }
	    return scandata.errors > 0 ? scandata.errors : 0;
	case COMMAND_FILDES:
	    thrmgr_setactivetask(NULL, "FILDES");
#ifdef HAVE_FD_PASSING
	    if (conn->scanfd == -1) {
		conn_reply_error(conn, "FILDES: didn't receive file descriptor.");
		return 1;
	    }
	    else {
		ret = scanfd(conn, NULL, engine, options, opts, desc, 0);
		if (ret == CL_VIRUS) {
		    *virus = 1;
		    ret = 0;
		} else if (ret == CL_EMEM) {
		    if(optget(opts, "ExitOnOOM")->enabled)
			ret = -1;
		    else
		        ret = 1;
		} else if (ret == CL_ETIMEOUT) {
			thrmgr_group_terminate(conn->group);
			ret = 1;
		} else
		    ret = 0;
		logg("$Closed fd %d\n", conn->scanfd);
		close(conn->scanfd);
	    }
	    return ret;
#else
	    conn_reply_error(conn, "FILDES support not compiled in.");
	    close(conn->scanfd);
	    return 0;
#endif
	case COMMAND_STATS:
	    thrmgr_setactivetask(NULL, "STATS");
	    if (conn->group)
		mdprintf(desc, "%u: ", conn->id);
	    thrmgr_printstats(desc, conn->term);
	    return 0;
	case COMMAND_STREAM:
	    thrmgr_setactivetask(NULL, "STREAM");
	    ret = scanstream(desc, NULL, engine, options, opts, conn->term);
	    if (ret == CL_VIRUS)
		*virus = 1;
	    if (ret == CL_EMEM) {
		if(optget(opts, "ExitOnOOM")->enabled)
		    return -1;
		else
		    return 1;
	    }
	    return 0;
	case COMMAND_INSTREAMSCAN:
	    thrmgr_setactivetask(NULL, "INSTREAM");
	    ret = scanfd(conn, NULL, engine, options, opts, desc, 1);
	    if (ret == CL_VIRUS) {
		*virus = 1;
		ret = 0;
	    } else if (ret == CL_EMEM) {
		if(optget(opts, "ExitOnOOM")->enabled)
		    ret = -1;
		else
 		    ret = 1;
	    } else if (ret == CL_ETIMEOUT) {
		thrmgr_group_terminate(conn->group);
		ret = 1;
	    } else
		ret = 0;
	    if (ftruncate(conn->scanfd, 0) == -1) {
		/* not serious, we're going to close it and unlink it anyway */
		logg("*ftruncate failed: %d\n", errno);
	    }
	    close(conn->scanfd);
	    conn->scanfd = -1;
	    cli_unlink(conn->filename);
	    return ret;
	default:
	    logg("!Invalid command distpached: %d\n", conn->cmdtype);
	    return 1;
    }

    scandata.type = type;
    maxdirrec = optget(opts, "MaxDirectoryRecursion")->numarg;
    if (optget(opts, "FollowDirectorySymlinks")->enabled)
	flags |= CLI_FTW_FOLLOW_DIR_SYMLINK;
    if (optget(opts, "FollowFileSymlinks")->enabled)
	flags |= CLI_FTW_FOLLOW_FILE_SYMLINK;

    if(!optget(opts, "CrossFilesystems")->enabled)
	if(STAT(conn->filename, &sb) == 0)
	    scandata.dev = sb.st_dev;

    ret = cli_ftw(conn->filename, flags,  maxdirrec ? maxdirrec : INT_MAX, scan_callback, &data, scan_pathchk);
    if (ret == CL_EMEM) {
	if(optget(opts, "ExitOnOOM")->enabled)
	    return -1;
	else
	    return 1;
    }
    if (scandata.group && type == TYPE_MULTISCAN) {
	thrmgr_group_waitforall(group, &ok, &error, &total);
	pthread_mutex_lock(&conn->thrpool->pool_mutex);
	conn->thrpool->thr_multiscan--;
	pthread_mutex_unlock(&conn->thrpool->pool_mutex);
    } else {
	error = scandata.errors;
	total = scandata.total;
	ok = total - error - scandata.infected;
    }

    if (ok + error == total && (error != total)) {
	if (conn_reply_single(conn, conn->filename, "OK") == -1)
	    ret = CL_ETIMEOUT;
    }
    *virus = total - (ok + error);

    if (ret == CL_ETIMEOUT)
	thrmgr_group_terminate(conn->group);
    return error;
}
예제 #2
0
int command(int desc, const struct cl_node *root, const struct cl_limits *limits, int options, const struct cfgstruct *copt, int timeout)
{
	char buff[1025];
	int bread, opt, retval;
	struct cfgstruct *cpt;


    retval = poll_fd(desc, timeout);
    switch (retval) {
    case 0: /* timeout */
	return -2;
    case -1:
	mdprintf(desc, "ERROR\n");
	logg("!Command: poll_fd failed.\n");
	return -1;
    }

    while((bread = readsock(desc, buff, 1024)) == -1 && errno == EINTR);

    if(bread == 0) {
	/* Connection closed */
	return -1;
    }

    if(bread < 0) {
	logg("!Command parser: read() failed.\n");
	/* at least try to display this error message */
	/* mdprintf(desc, "ERROR: Command parser: read() failed.\n"); */
	return -1;
    }

    buff[bread] = 0;
    cli_chomp(buff);

    if(!strncmp(buff, CMD1, strlen(CMD1))) { /* SCAN */
	if(scan(buff + strlen(CMD1) + 1, NULL, root, limits, options, copt, desc, 0) == -2)
	    if(cfgopt(copt, "ExitOnOOM"))
		return COMMAND_SHUTDOWN;

    } else if(!strncmp(buff, CMD2, strlen(CMD2))) { /* RAWSCAN */
	opt = options & ~CL_SCAN_ARCHIVE;
	if(scan(buff + strlen(CMD2) + 1, NULL, root, NULL, opt, copt, desc, 0) == -2)
	    if(cfgopt(copt, "ExitOnOOM"))
		return COMMAND_SHUTDOWN;

    } else if(!strncmp(buff, CMD3, strlen(CMD3))) { /* QUIT */
	return COMMAND_SHUTDOWN;

    } else if(!strncmp(buff, CMD4, strlen(CMD4))) { /* RELOAD */
	mdprintf(desc, "RELOADING\n");
	return COMMAND_RELOAD;

    } else if(!strncmp(buff, CMD5, strlen(CMD5))) { /* PING */
	mdprintf(desc, "PONG\n");

    } else if(!strncmp(buff, CMD6, strlen(CMD6))) { /* CONTSCAN */
	if(scan(buff + strlen(CMD6) + 1, NULL, root, limits, options, copt, desc, 1) == -2)
	    if(cfgopt(copt, "ExitOnOOM"))
		return COMMAND_SHUTDOWN;

    } else if(!strncmp(buff, CMD7, strlen(CMD7))) { /* VERSION */
	    const char *dbdir;
	    char *path;
	    struct cl_cvd *daily;

	if((cpt = cfgopt(copt, "DatabaseDirectory")) || (cpt = cfgopt(copt, "DataDirectory")))
	    dbdir = cpt->strarg;
	else
	    dbdir = cl_retdbdir();

	if(!(path = mmalloc(strlen(dbdir) + 11))) {
	    mdprintf(desc, "Memory allocation error - SHUTDOWN forced\n");
	    return COMMAND_SHUTDOWN;
	}

	sprintf(path, "%s/daily.cvd", dbdir);

	if((daily = cl_cvdhead(path))) {
		time_t t = (time_t) daily->stime;

	    pthread_mutex_lock(&ctime_mutex);
	    mdprintf(desc, "ClamAV "VERSION"/%d/%s", daily->version, ctime(&t));
	    pthread_mutex_unlock(&ctime_mutex);
	    cl_cvdfree(daily);
	} else {
	    mdprintf(desc, "ClamAV "VERSION"\n");
	}

	free(path);

    } else if(!strncmp(buff, CMD8, strlen(CMD8))) { /* STREAM */
	if(scanstream(desc, NULL, root, limits, options, copt) == CL_EMEM)
	    if(cfgopt(copt, "ExitOnOOM"))
		return COMMAND_SHUTDOWN;

    } else if(!strncmp(buff, CMD9, strlen(CMD9))) { /* SESSION */
	return COMMAND_SESSION;

    } else if(!strncmp(buff, CMD10, strlen(CMD10))) { /* END */
	return COMMAND_END;

    } else if(!strncmp(buff, CMD11, strlen(CMD11))) { /* SHUTDOWN */
	return COMMAND_SHUTDOWN;

    } else if(!strncmp(buff, CMD12, strlen(CMD12))) { /* FD */
	    int fd = atoi(buff + strlen(CMD12) + 1);

	scanfd(fd, NULL, root, limits, options, copt, desc, 0);
	close(fd); /* FIXME: should we close it here? */

    } else {
	mdprintf(desc, "UNKNOWN COMMAND\n");
    }

    return 0; /* no error and no 'special' command executed */
}
예제 #3
0
파일: session.c 프로젝트: OPSF/uClinux
/* returns
 *  -1 on fatal error (shutdown)
 *  0 on ok
 *  >0 errors encountered
 */
int command(client_conn_t *conn, int *virus)
{
    int desc = conn->sd;
    struct cl_engine *engine = conn->engine;
    unsigned int options = conn->options;
    const struct optstruct *opts = conn->opts;
    int type = -1; /* TODO: make this enum */
    int maxdirrec;
    int ret = 0;
    int flags = CLI_FTW_STD;

    struct scan_cb_data scandata;
    struct cli_ftw_cbdata data;
    unsigned ok, error, total;
    jobgroup_t *group = NULL;

    if (thrmgr_group_need_terminate(conn->group)) {
	logg("$Client disconnected while command was active\n");
	if (conn->scanfd != -1)
	    close(conn->scanfd);
	return 1;
    }
    thrmgr_setactiveengine(engine);

    data.data = &scandata;
    memset(&scandata, 0, sizeof(scandata));
    scandata.id = conn->id;
    scandata.group = conn->group;
    scandata.odesc = desc;
    scandata.conn = conn;
    scandata.options = options;
    scandata.engine = engine;
    scandata.opts = opts;
    scandata.thr_pool = conn->thrpool;
    scandata.toplevel_path = conn->filename;

    switch (conn->cmdtype) {
	case COMMAND_SCAN:
	    thrmgr_setactivetask(NULL, "SCAN");
	    type = TYPE_SCAN;
	    break;
	case COMMAND_CONTSCAN:
	    thrmgr_setactivetask(NULL, "CONTSCAN");
	    type = TYPE_CONTSCAN;
	    break;
	case COMMAND_MULTISCAN:
	    flags &= ~CLI_FTW_NEED_STAT;
	    thrmgr_setactivetask(NULL, "MULTISCAN");
	    type = TYPE_MULTISCAN;
	    scandata.group = group = thrmgr_group_new();
	    if (!group)
		return CL_EMEM;
	    break;
	case COMMAND_MULTISCANFILE:
	    thrmgr_setactivetask(NULL, "MULTISCANFILE");
	    scandata.group = NULL;
	    scandata.type = TYPE_SCAN;
	    scandata.thr_pool = NULL;
	    /* TODO: check ret value */
	    ret = scan_callback(NULL, conn->filename, conn->filename, visit_file, &data);	    /* callback freed it */
	    conn->filename = NULL;
	    *virus = scandata.infected;
	    if (ret == CL_BREAK) {
		thrmgr_group_terminate(conn->group);
		return CL_BREAK;
	    }
	    return scandata.errors > 0 ? scandata.errors : 0;
	case COMMAND_FILDES:
	    thrmgr_setactivetask(NULL, "FILDES");
#ifdef HAVE_FD_PASSING
	    if (conn->scanfd == -1)
		conn_reply_error(conn, "FILDES: didn't receive file descriptor.");
	    else {
		ret = scanfd(conn->scanfd, conn, NULL, engine, options, opts, desc, 0);
		if (ret == CL_VIRUS) {
		    *virus = 1;
		} else if (ret == CL_EMEM) {
		    if(optget(opts, "ExitOnOOM")->enabled)
			ret = -1;
		} else if (ret == CL_ETIMEOUT) {
			thrmgr_group_terminate(conn->group);
			ret = 1;
		} else
		    ret = 0;
	    }
	    logg("$Closed fd %d\n", conn->scanfd);
	    close(conn->scanfd);
	    return ret;
#else
	    conn_reply_error(conn, "FILDES support not compiled in.");
	    close(conn->scanfd);
	    return 0;
#endif
	case COMMAND_STATS:
	    thrmgr_setactivetask(NULL, "STATS");
	    if (conn->group)
		mdprintf(desc, "%u: ", conn->id);
	    thrmgr_printstats(desc);
	    return 0;
	case COMMAND_STREAM:
	    thrmgr_setactivetask(NULL, "STREAM");
	    ret = scanstream(desc, NULL, engine, options, opts, conn->term);
	    if (ret == CL_VIRUS)
		*virus = 1;
	    if (ret == CL_EMEM) {
		if(optget(opts, "ExitOnOOM")->enabled)
		    return -1;
	    }
	    return 0;
	case COMMAND_INSTREAMSCAN:
	    thrmgr_setactivetask(NULL, "INSTREAM");
	    ret = scanfd(conn->scanfd, conn, NULL, engine, options, opts, desc, 1);
	    if (ret == CL_VIRUS) {
		*virus = 1;
	    } else if (ret == CL_EMEM) {
		if(optget(opts, "ExitOnOOM")->enabled)
		    ret = -1;
	    } else if (ret == CL_ETIMEOUT) {
		thrmgr_group_terminate(conn->group);
		ret = 1;
	    } else
		ret = 0;
	    if (ftruncate(conn->scanfd, 0) == -1) {
		/* not serious, we're going to close it and unlink it anyway */
		logg("*ftruncate failed: %d\n", errno);
	    }
	    close(conn->scanfd);
	    conn->scanfd = -1;
	    cli_unlink(conn->filename);
	    return ret;
    }

    scandata.type = type;
    maxdirrec = optget(opts, "MaxDirectoryRecursion")->numarg;
    if (optget(opts, "FollowDirectorySymlinks")->enabled)
	flags |= CLI_FTW_FOLLOW_DIR_SYMLINK;
    if (optget(opts, "FollowFileSymlinks")->enabled)
	flags |= CLI_FTW_FOLLOW_FILE_SYMLINK;
    ret = cli_ftw(conn->filename, flags,  maxdirrec ? maxdirrec : INT_MAX, scan_callback, &data);
    if (ret == CL_EMEM)
	if(optget(opts, "ExitOnOOM")->enabled)
	    return -1;
    if (scandata.group && conn->cmdtype == COMMAND_MULTISCAN) {
	thrmgr_group_waitforall(group, &ok, &error, &total);
    } else {
	error = scandata.errors;
	total = scandata.total;
	ok = total - error - scandata.infected;
    }

    if (ok + error == total && (error != total)) {
	if (conn_reply_single(conn, conn->filename, "OK") == -1)
	    ret = CL_ETIMEOUT;
    }
    *virus = total - (ok + error);

    if (ret == CL_ETIMEOUT)
	thrmgr_group_terminate(conn->group);
    return error;
}