GitList

clamav-devel/freshclam/manager.c

e3aaff8e	/* * Copyright (C) 2002, 2003 Tomasz Kojm <zolw@konarski.edu.pl> * HTTP/1.1 compliance by Arkadiusz Miskiewicz <misiek@pld.org.pl> * Proxy support by Nigel Horne <njh@bandsman.co.uk> * Proxy authorization support by Gernot Tenchio <g.tenchio@telco-tech.de> * (uses fmt_base64() from libowfat (http://www.fefe.de)) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. / #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <string.h> #include <ctype.h> #include <netinet/in.h> #include <netdb.h> #include <sys/types.h> #include <sys/socket.h> #include <sys/time.h> #include <time.h> #include <fcntl.h> #include <sys/stat.h> #include <clamav.h> #include "others.h" #include "options.h" #include "defaults.h" #include "manager.h" #include "shared.h" #include "notify.h" int downloadmanager(const struct optstruct opt, const char *hostname) { time_t currtime;
e4ae7726	int ret, updated = 0, signo = 0;
0ee809e8	char ipaddr[16];
e4ae7726
e3aaff8e	time(&currtime);
e4ae7726	mprintf("ClamAV update process started at %s", ctime(&currtime)); logg("ClamAV update process started at %s", ctime(&currtime));
e3aaff8e
e4ae7726	#ifndef HAVE_GMP mprintf("SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES\n"); logg("SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES\n"); #endif
e3aaff8e
448591fc	memset(ipaddr, 0, sizeof(ipaddr));
0ee809e8	if((ret = downloaddb(DB1NAME, "main.cvd", hostname, ipaddr, &signo, opt)) > 50)
e4ae7726	return ret; else if(ret == 0) updated = 1;
e3aaff8e
5ca6034b	/* if ipaddr[0] != 0 it will use it to connect to the web host */
448591fc	if((ret = downloaddb(DB2NAME, "daily.cvd", hostname, ipaddr, &signo, opt)) > 50)
e4ae7726	return ret; else if(ret == 0) updated = 1; if(updated) {
5def21ff	if(optl(opt, "http-proxy")) { mprintf("Database updated (%d signatures) from %s.\n", signo, hostname); logg("Database updated (%d signatures) from %s.\n", signo, hostname); } else { mprintf("Database updated (%d signatures) from %s (%s).\n", signo, hostname, ipaddr); logg("Database updated (%d signatures) from %s (%s).\n", signo, hostname, ipaddr); }
e4ae7726	#ifdef BUILD_CLAMD if(optl(opt, "daemon-notify")) { const char *clamav_conf = getargl(opt, "daemon-notify"); if(!clamav_conf) clamav_conf = DEFAULT_CFG; notify(clamav_conf);
e3aaff8e	}
e4ae7726	#endif if(optl(opt, "on-update-execute")) system(getargl(opt, "on-update-execute")); return 0; } else return 1; }
0ee809e8	int downloaddb(const char localname, const char remotename, const char hostname, char ip, int signo, const struct optstruct opt)
e4ae7726	{ struct cl_cvd current, remote; int hostfd, nodb = 0, ret;
0ee809e8	char *tempname, ipaddr[16];
e4ae7726	const char proxy, user;
e3aaff8e
e4ae7726	if((current = cl_cvdhead(localname)) == NULL) nodb = 1;
e3aaff8e
e4ae7726	if(optl(opt, "proxy-user"))
e3aaff8e	user = getargl(opt, "proxy-user");
e4ae7726	else
e3aaff8e	user = NULL; /* * njh@bandsman.co.uk: added proxy support. Tested using squid 2.4 / if(optl(opt, "http-proxy")) { proxy = getargl(opt, "http-proxy"); if(strncasecmp(proxy, "http://", 7) == 0) proxy += 7; } else if((proxy = getenv("http_proxy"))) { char no_proxy; if(strncasecmp(proxy, "http://", 7) == 0) proxy = &proxy[7]; if((no_proxy = getenv("no_proxy"))) { const char *ptr; for(ptr = strtok(no_proxy, ","); ptr; ptr = strtok(NULL, ",")) if(strcasecmp(ptr, hostname) == 0) { proxy = NULL; break; } } if(proxy && strlen(proxy) == 0) proxy = NULL; } if(proxy)
e4ae7726	mprintf("Connecting via %s\n", proxy);
e3aaff8e
448591fc	if(ip[0]) hostfd = wwwconnect(ip, proxy, NULL); /* we use ip to connect */ else hostfd = wwwconnect(hostname, proxy, ipaddr);
e3aaff8e	if(hostfd < 0) {
448591fc	mprintf("@Connection with %s (IP: %s) failed.\n", hostname, ipaddr);
e3aaff8e	return 52; } else
0ee809e8	mprintf("*Connected to %s (%s).\n", hostname, ipaddr);
e3aaff8e
448591fc	if(!ip[0])
0ee809e8	strcpy(ip, ipaddr);
e3aaff8e
e4ae7726	if(!(remote = remote_cvdhead(remotename, hostfd, hostname, proxy, user))) {
0ee809e8	mprintf("@Can't read %s header from %s (%s)\n", remotename, hostname, ipaddr);
e3aaff8e	close(hostfd); return 52; }
0ee809e8	signo += remote->sigs; / we need to do it just here */
e3aaff8e
e4ae7726	if(current && (current->version >= remote->version)) { mprintf("%s is up to date (version: %d, sigs: %d, f-level: %d, builder: %s)\n", localname, current->version, current->sigs, current->fl, current->builder); logg("%s is up to date (version: %d, sigs: %d, f-level: %d, builder: %s)\n", localname, current->version, current->sigs, current->fl, current->builder); close(hostfd); cl_cvdfree(current); cl_cvdfree(remote); return 1; } if(current) cl_cvdfree(current); cl_cvdfree(remote);
e3aaff8e
0ee809e8	/* FIXME: We need to reconnect, because we may not be able to download
e3aaff8e	* the database. The problem doesn't exist with my local apache. * Some code change is needed in get_md5_checksum(). / / begin bug work-around */ close(hostfd);
0ee809e8	hostfd = wwwconnect(ipaddr, proxy, NULL); /* we use ipaddr to connect * to the same mirror */
e3aaff8e	if(hostfd < 0) {
0ee809e8	mprintf("@Connection with %s failed.\n", ipaddr);
e3aaff8e	return 52; }; /* end */
e4ae7726	/* temporary file is created in clamav's directory thus we don't need * to create it immediately because race condition is not possible here */ tempname = cl_gentemp("."); if(get_database(remotename, hostfd, tempname, hostname, proxy, user)) {
0ee809e8	mprintf("@Can't download %s from %s\n", remotename, ipaddr);
e4ae7726	unlink(tempname); free(tempname); close(hostfd); return 52;
e3aaff8e	}
e4ae7726	close(hostfd);
e3aaff8e
e4ae7726	if((ret = cl_cvdverify(tempname))) { mprintf("@Verification: %s\n", cl_strerror(ret)); unlink(tempname); free(tempname); return 54;
e3aaff8e	}
e4ae7726	if(!nodb && unlink(localname)) { mprintf("@Can't unlink %s. Please fix it and try again.\n", localname);
e3aaff8e	unlink(tempname); free(tempname);
e4ae7726	return 53; } else rename(tempname, localname);
e3aaff8e
e4ae7726	if((current = cl_cvdhead(localname)) == NULL) { mprintf("@Can't read CVD header of new %s database.\n", localname); return 54;
e3aaff8e	}
e4ae7726	mprintf("%s updated (version: %d, sigs: %d, f-level: %d, builder: %s)\n", localname, current->version, current->sigs, current->fl, current->builder); logg("%s updated (version: %d, sigs: %d, f-level: %d, builder: %s)\n", localname, current->version, current->sigs, current->fl, current->builder);
e3aaff8e
e4ae7726	cl_cvdfree(current); free(tempname);
e3aaff8e	return 0; } /* this function returns socket descriptor / / proxy support finshed by njh@bandsman.co.uk */
0ee809e8	int wwwconnect(const char server, const char proxy, char *ip)
e3aaff8e	{ int socketfd, port; struct sockaddr_in name; struct hostent *host;
0ee809e8	char portpt, proxycpy = NULL, ipaddr[16]; unsigned char *ia;
e3aaff8e	const char *hostpt;
0ee809e8	if(ip) strcpy(ip, "???");
e3aaff8e	/* njh@bandsman.co.uk: for BEOS / #ifdef PF_INET socketfd = socket(PF_INET, SOCK_STREAM, 0); #else socketfd = socket(AF_INET, SOCK_STREAM, 0); #endif name.sin_family = AF_INET; if(proxy) { proxycpy = strdup(proxy); hostpt = proxycpy; portpt = strchr(proxycpy, ':'); if(portpt) { portpt = 0; port = atoi(++portpt); } else { #ifndef C_CYGWIN const struct servent *webcache = getservbyname("webcache", "TCP"); if(webcache) port = ntohs(webcache->s_port); else port = 8080; endservent(); #else port = 8080; #endif } } else { hostpt = server; port = 80; } if((host = gethostbyname(hostpt)) == NULL) { mprintf("@Can't get information about %s host.\n", hostpt); if(proxycpy) free(proxycpy); return -1; }
0ee809e8	/* this dirty hack comes from pink - Nosuid TCP/IP ping 1.6 / ia = (unsigned char ) host->h_addr; sprintf(ipaddr, "%u.%u.%u.%u", ia[0], ia[1], ia[2], ia[3]); if(ip) strcpy(ip, ipaddr);
e3aaff8e	name.sin_addr = ((struct in_addr ) host->h_addr); name.sin_port = htons(port); if(connect(socketfd, (struct sockaddr *) &name, sizeof(struct sockaddr_in)) == -1) {
448591fc	mprintf("@Can't connect to port %d of host %s (%s)\n", port, hostpt, ipaddr);
e3aaff8e	close(socketfd); if(proxycpy) free(proxycpy); return -2; } if(proxycpy) free(proxycpy); return socketfd; } /* njh@bandsman.co.uk: added proxy support / / TODO: use a HEAD instruction to see if the file has been changed */
e4ae7726	struct cl_cvd remote_cvdhead(const char file, int socketfd, const char hostname, const char proxy, const char *user)
e3aaff8e	{
f7148839	char cmd[512], head[513], buffer[FILEBUFF], ch, tmp;
e3aaff8e	int i, j, bread, cnt; char remotename = NULL, authorization = NULL;
e4ae7726	struct cl_cvd *cvd;
e3aaff8e	if(proxy) { remotename = mmalloc(strlen(hostname) + 8); sprintf(remotename, "http://%s", hostname); if(user) { int len; char* buf = mmalloc(strlen(user)*2+4); len=fmt_base64(buf,user,strlen(user)); buf[len]='\0'; authorization = mmalloc(strlen(buf) + 30); sprintf(authorization, "Proxy-Authorization: Basic %s\r\n", buf); free(buf); } }
e4ae7726	mprintf("Reading CVD header (%s): ", file);
e3aaff8e	#ifdef NO_SNPRINTF
e4ae7726	sprintf(cmd, "GET %s/%s HTTP/1.1\r\n"
e3aaff8e	"Host: %s\r\n%s" "User-Agent: "PACKAGE"/"VERSION"\r\n" "Cache-Control: no-cache\r\n" "Connection: close\r\n" "\r\n", (remotename != NULL)?remotename:"", file, hostname, (authorization != NULL)?authorization:""); #else
e4ae7726	snprintf(cmd, sizeof(cmd), "GET %s/%s HTTP/1.1\r\n"
e3aaff8e	"Host: %s\r\n%s" "User-Agent: "PACKAGE"/"VERSION"\r\n" "Cache-Control: no-cache\r\n" "Connection: close\r\n" "\r\n", (remotename != NULL)?remotename:"", file, hostname, (authorization != NULL)?authorization:""); #endif write(socketfd, cmd, strlen(cmd)); free(remotename); free(authorization); tmp = buffer;
f7148839	cnt = FILEBUFF;
e3aaff8e	while ((bread = recv(socketfd, tmp, cnt, 0)) > 0) { tmp+=bread; cnt-=bread; if (cnt <= 0) break; } if(bread == -1) {
e4ae7726	mprintf("@Error while reading CVD header of database from %s\n", hostname);
e3aaff8e	return NULL; } if ((strstr(buffer, "HTTP/1.1 404")) != NULL) {
e4ae7726	mprintf("@CVD file not found on remote server\n");
e3aaff8e	return NULL; } ch = buffer; i = 0; while (1) { if (ch == '\n' && (ch - 1) == '\r' && (ch - 2) == '\n' && (ch - 3) == '\r') { ch++; i++; break; } ch++; i++; }
e4ae7726	memset(head, 0, sizeof(head)); for (j=0; j<512; j++) { if (!ch \|\| (ch && !*ch) \|\| (ch && !isprint(ch[j]))) { mprintf("@Malformed CVD header detected.\n");
e3aaff8e	return NULL; }
e4ae7726	head[j] = ch[j];
e3aaff8e	}
e4ae7726	if((cvd = cl_cvdparse(head)) == NULL) mprintf("@Broken CVD header.\n"); else mprintf("OK\n"); return cvd;
e3aaff8e	} /* njh@bandsman.co.uk: added proxy support / / TODO: use a HEAD instruction to see if the file has been changed / int get_database(const char dbfile, int socketfd, const char file, const char hostname, const char proxy, const char user) {
f7148839	char cmd[512], buffer[FILEBUFF];
e3aaff8e	char *ch;
e4ae7726	int bread, fd, i, rot = 0;
e3aaff8e	char remotename = NULL, authorization = NULL;
e4ae7726	const char *rotation = "\|/-\\";
e3aaff8e	if(proxy) { remotename = mmalloc(strlen(hostname) + 8); sprintf(remotename, "http://%s", hostname); if(user) { int len; char* buf = mmalloc(strlen(user)*2+4); len=fmt_base64(buf,user,strlen(user)); buf[len]='\0'; authorization = mmalloc(strlen(buf) + 30); sprintf(authorization, "Proxy-Authorization: Basic %s\r\n", buf); free(buf); } } if((fd = open(file, O_WRONLY\|O_CREAT\|O_EXCL, 0644)) == -1) { mprintf("@Can't open new file %s to write\n", file); perror("open"); return -1; } #ifdef NO_SNPRINTF
e4ae7726	sprintf(cmd, "GET %s/%s HTTP/1.1\r\n"
e3aaff8e	"Host: %s\r\n%s" "User-Agent: "PACKAGE"/"VERSION"\r\n" "Cache-Control: no-cache\r\n" "Connection: close\r\n" "\r\n", (remotename != NULL)?remotename:"", dbfile, hostname, (authorization != NULL)?authorization:""); #else
e4ae7726	snprintf(cmd, sizeof(cmd), "GET %s/%s HTTP/1.1\r\n"
e3aaff8e	"Host: %s\r\n%s" "User-Agent: "PACKAGE"/"VERSION"\r\n" "Cache-Control: no-cache\r\n" "Connection: close\r\n" "\r\n", (remotename != NULL)?remotename:"", dbfile, hostname, (authorization != NULL)?authorization:""); #endif write(socketfd, cmd, strlen(cmd)); free(remotename); free(authorization);
f7148839	if ((bread = recv(socketfd, buffer, FILEBUFF, 0)) == -1) {
e3aaff8e	mprintf("@Error while reading database from %s\n", hostname); return -1; } if ((strstr(buffer, "HTTP/1.1 404")) != NULL) { mprintf("@%s not found on remote server\n", dbfile); return -1; } ch = buffer; i = 0; while (1) { if (ch == '\n' && (ch - 1) == '\r' && (ch - 2) == '\n' && (ch - 3) == '\r') { ch++; i++; break; } ch++; i++; } write(fd, ch, bread - i);
f7148839	while((bread = read(socketfd, buffer, FILEBUFF))) {
e3aaff8e	write(fd, buffer, bread);
e4ae7726	mprintf("Downloading %s [%c]\r", dbfile, rotation[rot]); fflush(stdout); rot = ++rot % 4;
e3aaff8e	}
e4ae7726	mprintf("Downloading %s [*]\n", dbfile);
e3aaff8e	close(fd); return 0; } const char base64[]="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; unsigned int fmt_base64(char* dest,const char* src,unsigned int len) { register const unsigned char* s=(const unsigned char*) src; unsigned short bits=0,temp=0; unsigned long written=0,i; for (i=0; i< len; ++i) { temp<<=8; temp+=s[i]; bits+=8; while (bits>6) { if (dest) dest[written]=base64[((temp>>(bits-6))&63)]; ++written; bits-=6; } } if (bits) { temp<<=(6-bits); if (dest) dest[written]=base64[temp&63]; ++written; } while (written&3) { if (dest) dest[written]='='; ++written; } return written; }