| b151ef55 |
/* |
| ae1f747c |
* Copyright (C) 2002 - 2004 Tomasz Kojm <tkojm@clamav.net> |
| b151ef55 |
* HTTP/1.1 compliance by Arkadiusz Miskiewicz <misiek@pld.org.pl>
* Proxy support by Nigel Horne <njh@bandsman.co.uk>
* Proxy authorization support by Gernot Tenchio <g.tenchio@telco-tech.de>
* (uses fmt_base64() from libowfat (http://www.fefe.de))
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
|
| 8b242bb9 |
#if HAVE_CONFIG_H
#include "clamav-config.h"
#endif
|
| b151ef55 |
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <ctype.h>
#include <netinet/in.h>
#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <time.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <clamav.h>
#include "options.h"
#include "defaults.h"
#include "manager.h"
#include "notify.h" |
| 36f2038b |
#include "memory.h" |
| b151ef55 |
|
| 026ebd88 |
int downloadmanager(const struct cfgstruct *copt, const struct optstruct *opt, const char *hostname) |
| b151ef55 |
{
time_t currtime; |
| 442d8407 |
int ret, updated = 0, signo = 0; |
| 4be012e9 |
char ipaddr[16]; |
| 0d98d74c |
struct cfgstruct *cpt; |
| 442d8407 |
|
| b151ef55 |
time(&currtime); |
| 442d8407 |
mprintf("ClamAV update process started at %s", ctime(&currtime));
logg("ClamAV update process started at %s", ctime(&currtime)); |
| b151ef55 |
|
| 442d8407 |
#ifndef HAVE_GMP
mprintf("SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES\n");
logg("SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES\n");
#endif |
| b151ef55 |
|
| 1f29c033 |
memset(ipaddr, 0, sizeof(ipaddr));
|
| 0d98d74c |
if((ret = downloaddb(DB1NAME, "main.cvd", hostname, ipaddr, &signo, copt)) > 50) |
| 442d8407 |
return ret;
else if(ret == 0)
updated = 1; |
| b151ef55 |
|
| 29ca066f |
/* if ipaddr[0] != 0 it will use it to connect to the web host */ |
| 0d98d74c |
if((ret = downloaddb(DB2NAME, "daily.cvd", hostname, ipaddr, &signo, copt)) > 50) |
| 442d8407 |
return ret;
else if(ret == 0)
updated = 1;
if(updated) { |
| 0d98d74c |
if(cfgopt(copt, "HTTPProxyServer")) { |
| a0faaedf |
mprintf("Database updated (%d signatures) from %s.\n", signo, hostname);
logg("Database updated (%d signatures) from %s.\n", signo, hostname);
} else {
mprintf("Database updated (%d signatures) from %s (%s).\n", signo, hostname, ipaddr);
logg("Database updated (%d signatures) from %s (%s).\n", signo, hostname, ipaddr);
} |
| 442d8407 |
#ifdef BUILD_CLAMD |
| 026ebd88 |
if(optl(opt, "daemon-notify")) {
const char *clamav_conf = getargl(opt, "daemon-notify");
if(!clamav_conf)
clamav_conf = CONFDIR"/clamav.conf";
notify(clamav_conf);
} else if((cpt = cfgopt(copt, "NotifyClamd"))) { |
| 0d98d74c |
const char *clamav_conf = cpt->strarg; |
| 442d8407 |
if(!clamav_conf) |
| 0d98d74c |
clamav_conf = CONFDIR"/clamav.conf"; |
| 442d8407 |
notify(clamav_conf); |
| b151ef55 |
} |
| 442d8407 |
#endif
|
| 026ebd88 |
if(optl(opt, "on-update-execute"))
system(getargl(opt, "on-update-execute"));
else if((cpt = cfgopt(copt, "OnUpdateExecute"))) |
| 0d98d74c |
system(cpt->strarg); |
| 442d8407 |
return 0;
} else
return 1;
}
|
| 0d98d74c |
int downloaddb(const char *localname, const char *remotename, const char *hostname, char *ip, int *signo, const struct cfgstruct *copt) |
| 442d8407 |
{
struct cl_cvd *current, *remote; |
| 0d98d74c |
struct cfgstruct *cpt; |
| df6c9b74 |
int hostfd, nodb = 0, dbver = 0, ret, port = 0; |
| 4be012e9 |
char *tempname, ipaddr[16]; |
| 0d98d74c |
const char *proxy = NULL, *user = NULL, *pass = NULL; |
| ead674a2 |
int flevel = cl_retflevel(); |
| b151ef55 |
|
| 442d8407 |
if((current = cl_cvdhead(localname)) == NULL)
nodb = 1; |
| b151ef55 |
|
| 0d98d74c |
if((cpt = cfgopt(copt, "HTTPProxyUsername"))) {
user = cpt->strarg;
if((cpt = cfgopt(copt, "HTTPProxyPassword"))) {
pass = cpt->strarg;
} else { |
| c8c761d1 |
mprintf("HTTPProxyUsername requires HTTPProxyPassword\n"); |
| 1f5be3bf |
return 56; |
| 0d98d74c |
}
} |
| b151ef55 |
/*
* njh@bandsman.co.uk: added proxy support. Tested using squid 2.4
*/ |
| 0d98d74c |
if((cpt = cfgopt(copt, "HTTPProxyServer"))) {
proxy = cpt->strarg; |
| b151ef55 |
if(strncasecmp(proxy, "http://", 7) == 0)
proxy += 7; |
| 442d8407 |
mprintf("Connecting via %s\n", proxy); |
| 0d98d74c |
}
if((cpt = cfgopt(copt, "HTTPProxyPort")))
port = cpt->numarg; |
| b151ef55 |
|
| 1f29c033 |
if(ip[0]) |
| 0d98d74c |
hostfd = wwwconnect(ip, proxy, port, ipaddr); /* we use ip to connect */ |
| 1f29c033 |
else |
| 0d98d74c |
hostfd = wwwconnect(hostname, proxy, port, ipaddr); |
| b151ef55 |
if(hostfd < 0) { |
| 1f29c033 |
mprintf("@Connection with %s (IP: %s) failed.\n", hostname, ipaddr); |
| b151ef55 |
return 52;
} else |
| 4be012e9 |
mprintf("*Connected to %s (%s).\n", hostname, ipaddr); |
| b151ef55 |
|
| 1f29c033 |
if(!ip[0]) |
| 4be012e9 |
strcpy(ip, ipaddr); |
| b151ef55 |
|
| 0d98d74c |
if(!(remote = remote_cvdhead(remotename, hostfd, hostname, proxy, user, pass))) { |
| 4be012e9 |
mprintf("@Can't read %s header from %s (%s)\n", remotename, hostname, ipaddr); |
| b151ef55 |
close(hostfd); |
| 1f5be3bf |
return 58; |
| b151ef55 |
}
|
| 4be012e9 |
*signo += remote->sigs; /* we need to do it just here */ |
| b151ef55 |
|
| 442d8407 |
if(current && (current->version >= remote->version)) {
mprintf("%s is up to date (version: %d, sigs: %d, f-level: %d, builder: %s)\n", localname, current->version, current->sigs, current->fl, current->builder);
logg("%s is up to date (version: %d, sigs: %d, f-level: %d, builder: %s)\n", localname, current->version, current->sigs, current->fl, current->builder); |
| ead674a2 |
if(flevel < current->fl) {
/* display warning even for already installed database */
mprintf("WARNING: Your ClamAV installation is OUTDATED - please update immediately !\n");
mprintf("WARNING: Current functionality level = %d, required = %d\n", flevel, current->fl);
logg("WARNING: Your ClamAV installation is OUTDATED - please update immediately !\n");
logg("WARNING: Current functionality level = %d, required = %d\n", flevel, current->fl);
}
|
| 442d8407 |
close(hostfd);
cl_cvdfree(current);
cl_cvdfree(remote);
return 1;
}
|
| df6c9b74 |
dbver = remote->version;
|
| 442d8407 |
if(current)
cl_cvdfree(current);
cl_cvdfree(remote); |
| b151ef55 |
|
| 4be012e9 |
/* FIXME: We need to reconnect, because we may not be able to download |
| b151ef55 |
* the database. The problem doesn't exist with my local apache.
* Some code change is needed in get_md5_checksum().
*/
/* begin bug work-around */
close(hostfd); |
| 0d98d74c |
hostfd = wwwconnect(ipaddr, proxy, port, NULL); /* we use ipaddr to connect |
| 4be012e9 |
* to the same mirror
*/ |
| b151ef55 |
if(hostfd < 0) { |
| 4be012e9 |
mprintf("@Connection with %s failed.\n", ipaddr); |
| b151ef55 |
return 52;
};
/* end */
|
| 442d8407 |
/* temporary file is created in clamav's directory thus we don't need
* to create it immediately because race condition is not possible here
*/
tempname = cl_gentemp(".");
|
| 1f5be3bf |
if((ret = get_database(remotename, hostfd, tempname, hostname, proxy, user, pass))) { |
| 4be012e9 |
mprintf("@Can't download %s from %s\n", remotename, ipaddr); |
| 442d8407 |
unlink(tempname);
free(tempname);
close(hostfd); |
| 1f5be3bf |
return ret; |
| b151ef55 |
}
|
| 442d8407 |
close(hostfd); |
| b151ef55 |
|
| 442d8407 |
if((ret = cl_cvdverify(tempname))) {
mprintf("@Verification: %s\n", cl_strerror(ret));
unlink(tempname);
free(tempname);
return 54; |
| b151ef55 |
}
|
| df6c9b74 |
if((current = cl_cvdhead(tempname)) == NULL) {
mprintf("@Can't read CVD header of new %s database.\n", localname); /* we lie :) */
unlink(tempname);
free(tempname);
return 54;
}
if(current->version < dbver) {
mprintf("@Mirrors are not fully synchronized. Please try again later.\n");
cl_cvdfree(current);
unlink(tempname);
free(tempname); |
| 1f5be3bf |
return 59; |
| df6c9b74 |
}
|
| 442d8407 |
if(!nodb && unlink(localname)) {
mprintf("@Can't unlink %s. Please fix it and try again.\n", localname); |
| df6c9b74 |
cl_cvdfree(current); |
| b151ef55 |
unlink(tempname);
free(tempname); |
| 442d8407 |
return 53;
} else
rename(tempname, localname); |
| b151ef55 |
|
| 442d8407 |
mprintf("%s updated (version: %d, sigs: %d, f-level: %d, builder: %s)\n", localname, current->version, current->sigs, current->fl, current->builder);
logg("%s updated (version: %d, sigs: %d, f-level: %d, builder: %s)\n", localname, current->version, current->sigs, current->fl, current->builder); |
| b151ef55 |
|
| ead674a2 |
if(flevel < current->fl) {
mprintf("WARNING: Your ClamAV installation is OUTDATED - please update immediately !\n");
mprintf("WARNING: Current functionality level = %d, required = %d\n", flevel, current->fl);
logg("WARNING: Your ClamAV installation is OUTDATED - please update immediately !\n");
logg("WARNING: Current functionality level = %d, required = %d\n", flevel, current->fl);
}
|
| 442d8407 |
cl_cvdfree(current);
free(tempname); |
| b151ef55 |
return 0;
}
/* this function returns socket descriptor */
/* proxy support finshed by njh@bandsman.co.uk */ |
| 0d98d74c |
int wwwconnect(const char *server, const char *proxy, int pport, char *ip) |
| b151ef55 |
{
int socketfd, port;
struct sockaddr_in name;
struct hostent *host; |
| 8b1cee14 |
char ipaddr[16]; |
| 4be012e9 |
unsigned char *ia; |
| b151ef55 |
const char *hostpt;
|
| 4be012e9 |
if(ip)
strcpy(ip, "???");
|
| b151ef55 |
/* njh@bandsman.co.uk: for BEOS */
#ifdef PF_INET
socketfd = socket(PF_INET, SOCK_STREAM, 0);
#else
socketfd = socket(AF_INET, SOCK_STREAM, 0);
#endif
name.sin_family = AF_INET;
if(proxy) { |
| 0d98d74c |
hostpt = proxy;
if(!(port = pport)) { |
| b151ef55 |
#ifndef C_CYGWIN
const struct servent *webcache = getservbyname("webcache", "TCP");
if(webcache)
port = ntohs(webcache->s_port);
else
port = 8080;
endservent();
#else
port = 8080;
#endif
} |
| 0d98d74c |
|
| b151ef55 |
} else {
hostpt = server;
port = 80;
}
if((host = gethostbyname(hostpt)) == NULL) {
mprintf("@Can't get information about %s host.\n", hostpt);
return -1;
}
|
| 4be012e9 |
/* this dirty hack comes from pink - Nosuid TCP/IP ping 1.6 */
ia = (unsigned char *) host->h_addr;
sprintf(ipaddr, "%u.%u.%u.%u", ia[0], ia[1], ia[2], ia[3]);
if(ip)
strcpy(ip, ipaddr);
|
| b151ef55 |
name.sin_addr = *((struct in_addr *) host->h_addr);
name.sin_port = htons(port);
if(connect(socketfd, (struct sockaddr *) &name, sizeof(struct sockaddr_in)) == -1) { |
| 1f29c033 |
mprintf("@Can't connect to port %d of host %s (%s)\n", port, hostpt, ipaddr); |
| b151ef55 |
close(socketfd);
return -2;
}
return socketfd;
}
/* njh@bandsman.co.uk: added proxy support */
/* TODO: use a HEAD instruction to see if the file has been changed */ |
| 0d98d74c |
struct cl_cvd *remote_cvdhead(const char *file, int socketfd, const char *hostname, const char *proxy, const char *user, const char *pass) |
| b151ef55 |
{ |
| 8b1cee14 |
char cmd[512], head[513], buffer[FILEBUFF], *ch, *tmp; |
| b151ef55 |
int i, j, bread, cnt;
char *remotename = NULL, *authorization = NULL; |
| 442d8407 |
struct cl_cvd *cvd; |
| b151ef55 |
if(proxy) {
remotename = mmalloc(strlen(hostname) + 8);
sprintf(remotename, "http://%s", hostname);
if(user) {
int len; |
| c8c761d1 |
char *buf = mmalloc((strlen(pass) + strlen(user)) * 2 + 4); |
| 0d98d74c |
char *userpass = mmalloc(strlen(user) + strlen(pass) + 2);
sprintf(userpass, "%s:%s", user, pass);
len=fmt_base64(buf,userpass,strlen(userpass));
free(userpass); |
| b151ef55 |
buf[len]='\0';
authorization = mmalloc(strlen(buf) + 30);
sprintf(authorization, "Proxy-Authorization: Basic %s\r\n", buf);
free(buf); |
| 0d98d74c |
} |
| b151ef55 |
}
|
| 442d8407 |
mprintf("Reading CVD header (%s): ", file); |
| b151ef55 |
#ifdef NO_SNPRINTF |
| 442d8407 |
sprintf(cmd, "GET %s/%s HTTP/1.1\r\n" |
| b151ef55 |
"Host: %s\r\n%s"
"User-Agent: "PACKAGE"/"VERSION"\r\n"
"Cache-Control: no-cache\r\n"
"Connection: close\r\n" |
| 35ea9b81 |
"Range: bytes=0-511\r\n" |
| b151ef55 |
"\r\n", (remotename != NULL)?remotename:"", file, hostname, (authorization != NULL)?authorization:"");
#else |
| 442d8407 |
snprintf(cmd, sizeof(cmd), "GET %s/%s HTTP/1.1\r\n" |
| 35ea9b81 |
"Host: %s\r\n%s"
"User-Agent: "PACKAGE"/"VERSION"\r\n"
"Cache-Control: no-cache\r\n"
"Connection: close\r\n"
"Range: bytes=0-511\r\n"
"\r\n", (remotename != NULL)?remotename:"", file, hostname, (authorization != NULL)?authorization:""); |
| b151ef55 |
#endif
write(socketfd, cmd, strlen(cmd));
free(remotename);
free(authorization);
tmp = buffer; |
| 7b7b3ca5 |
cnt = FILEBUFF; |
| b151ef55 |
while ((bread = recv(socketfd, tmp, cnt, 0)) > 0) {
tmp+=bread;
cnt-=bread;
if (cnt <= 0) break;
}
if(bread == -1) { |
| 442d8407 |
mprintf("@Error while reading CVD header of database from %s\n", hostname); |
| b151ef55 |
return NULL;
}
if ((strstr(buffer, "HTTP/1.1 404")) != NULL) { |
| 442d8407 |
mprintf("@CVD file not found on remote server\n"); |
| b151ef55 |
return NULL;
}
ch = buffer;
i = 0;
while (1) {
if (*ch == '\n' && *(ch - 1) == '\r' && *(ch - 2) == '\n' && *(ch - 3) == '\r') {
ch++;
i++;
break;
}
ch++;
i++;
}
|
| 442d8407 |
memset(head, 0, sizeof(head));
for (j=0; j<512; j++) {
if (!ch || (ch && !*ch) || (ch && !isprint(ch[j]))) {
mprintf("@Malformed CVD header detected.\n"); |
| b151ef55 |
return NULL;
} |
| 442d8407 |
head[j] = ch[j]; |
| b151ef55 |
}
|
| 442d8407 |
if((cvd = cl_cvdparse(head)) == NULL)
mprintf("@Broken CVD header.\n");
else
mprintf("OK\n");
return cvd; |
| b151ef55 |
}
/* njh@bandsman.co.uk: added proxy support */
/* TODO: use a HEAD instruction to see if the file has been changed */ |
| 0d98d74c |
int get_database(const char *dbfile, int socketfd, const char *file, const char *hostname, const char *proxy, const char *user, const char *pass) |
| b151ef55 |
{ |
| 0d98d74c |
char cmd[512], buffer[FILEBUFF], *ch; |
| 442d8407 |
int bread, fd, i, rot = 0; |
| b151ef55 |
char *remotename = NULL, *authorization = NULL; |
| 442d8407 |
const char *rotation = "|/-\\"; |
| b151ef55 |
if(proxy) {
remotename = mmalloc(strlen(hostname) + 8);
sprintf(remotename, "http://%s", hostname);
if(user) {
int len; |
| c8c761d1 |
char *buf = mmalloc((strlen(pass) + strlen(user)) * 2 + 4); |
| 0d98d74c |
char *userpass = mmalloc(strlen(user) + strlen(pass) + 2);
sprintf(userpass, "%s:%s", user, pass);
len=fmt_base64(buf,userpass,strlen(userpass));
free(userpass); |
| b151ef55 |
buf[len]='\0';
authorization = mmalloc(strlen(buf) + 30);
sprintf(authorization, "Proxy-Authorization: Basic %s\r\n", buf);
free(buf);
}
}
|
| bf539ea1 |
#ifdef C_CYGWIN
if((fd = open(file, O_WRONLY|O_CREAT|O_EXCL|O_BINARY, 0644)) == -1) {
#else |
| b151ef55 |
if((fd = open(file, O_WRONLY|O_CREAT|O_EXCL, 0644)) == -1) { |
| bf539ea1 |
#endif |
| b151ef55 |
mprintf("@Can't open new file %s to write\n", file);
perror("open"); |
| 1f5be3bf |
return 57; |
| b151ef55 |
}
#ifdef NO_SNPRINTF |
| 442d8407 |
sprintf(cmd, "GET %s/%s HTTP/1.1\r\n" |
| b151ef55 |
"Host: %s\r\n%s"
"User-Agent: "PACKAGE"/"VERSION"\r\n"
"Cache-Control: no-cache\r\n"
"Connection: close\r\n"
"\r\n", (remotename != NULL)?remotename:"", dbfile, hostname, (authorization != NULL)?authorization:"");
#else |
| 442d8407 |
snprintf(cmd, sizeof(cmd), "GET %s/%s HTTP/1.1\r\n" |
| b151ef55 |
"Host: %s\r\n%s"
"User-Agent: "PACKAGE"/"VERSION"\r\n"
"Cache-Control: no-cache\r\n"
"Connection: close\r\n"
"\r\n", (remotename != NULL)?remotename:"", dbfile, hostname, (authorization != NULL)?authorization:"");
#endif
write(socketfd, cmd, strlen(cmd));
free(remotename);
free(authorization);
|
| 7b7b3ca5 |
if ((bread = recv(socketfd, buffer, FILEBUFF, 0)) == -1) { |
| b151ef55 |
mprintf("@Error while reading database from %s\n", hostname); |
| 1f5be3bf |
return 52; |
| b151ef55 |
}
if ((strstr(buffer, "HTTP/1.1 404")) != NULL) {
mprintf("@%s not found on remote server\n", dbfile); |
| 1f5be3bf |
return 58; |
| b151ef55 |
}
ch = buffer;
i = 0;
while (1) {
if (*ch == '\n' && *(ch - 1) == '\r' && *(ch - 2) == '\n' && *(ch - 3) == '\r') {
ch++;
i++;
break;
}
ch++;
i++; |
| 1f5be3bf |
} |
| b151ef55 |
write(fd, ch, bread - i); |
| 7b7b3ca5 |
while((bread = read(socketfd, buffer, FILEBUFF))) { |
| b151ef55 |
write(fd, buffer, bread); |
| 442d8407 |
mprintf("Downloading %s [%c]\r", dbfile, rotation[rot]);
fflush(stdout); |
| 8b1cee14 |
rot++; |
| 8b242bb9 |
rot %= 4; |
| b151ef55 |
}
|
| 442d8407 |
mprintf("Downloading %s [*]\n", dbfile); |
| b151ef55 |
close(fd);
return 0;
}
const char base64[]="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
unsigned int fmt_base64(char* dest,const char* src,unsigned int len) {
register const unsigned char* s=(const unsigned char*) src;
unsigned short bits=0,temp=0;
unsigned long written=0,i;
for (i=0; i< len; ++i) {
temp<<=8; temp+=s[i]; bits+=8;
while (bits>6) {
if (dest) dest[written]=base64[((temp>>(bits-6))&63)];
++written; bits-=6;
}
}
if (bits) {
temp<<=(6-bits);
if (dest) dest[written]=base64[temp&63];
++written;
}
while (written&3) { if (dest) dest[written]='='; ++written; }
return written;
} |