e3aaff8e |
/* |
d7c59961 |
* Copyright (C) 2002 - 2006 Tomasz Kojm <tkojm@clamav.net> |
e3aaff8e |
* HTTP/1.1 compliance by Arkadiusz Miskiewicz <misiek@pld.org.pl>
* Proxy support by Nigel Horne <njh@bandsman.co.uk>
* Proxy authorization support by Gernot Tenchio <g.tenchio@telco-tech.de>
* (uses fmt_base64() from libowfat (http://www.fefe.de)) |
bb34cb31 |
* CDIFF code (C) 2006 Sensory Networks, Inc. |
e3aaff8e |
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software |
48b7b4a7 |
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA. |
e3aaff8e |
*/ |
17ad1c5b |
#ifdef _MSC_VER
#include <winsock.h> /* only needed in CL_EXPERIMENTAL */
#endif |
e3aaff8e |
|
6d6e8271 |
#if HAVE_CONFIG_H
#include "clamav-config.h"
#endif
|
e3aaff8e |
#include <stdio.h>
#include <stdlib.h> |
17ad1c5b |
#ifdef HAVE_UNISTD_H |
e3aaff8e |
#include <unistd.h> |
17ad1c5b |
#endif |
e3aaff8e |
#include <string.h>
#include <ctype.h> |
17ad1c5b |
#ifndef C_WINDOWS |
e3aaff8e |
#include <netinet/in.h>
#include <netdb.h> |
17ad1c5b |
#endif |
e3aaff8e |
#include <sys/types.h> |
17ad1c5b |
#ifndef C_WINDOWS |
e3aaff8e |
#include <sys/socket.h>
#include <sys/time.h> |
17ad1c5b |
#endif |
e3aaff8e |
#include <time.h>
#include <fcntl.h>
#include <sys/stat.h> |
fc918fb5 |
#include <errno.h> |
e3aaff8e |
#include "manager.h"
#include "notify.h" |
3e92581e |
#include "dns.h" |
7bbd5f7f |
#include "execute.h" |
7d1c492d |
#include "nonblock.h" |
376307a0 |
#include "mirman.h" |
7bbd5f7f |
|
d7c59961 |
#include "shared/options.h"
#include "shared/cfgparser.h"
#include "shared/output.h"
#include "shared/misc.h"
#include "shared/cdiff.h" |
3e92581e |
|
e48dcea9 |
#include "libclamav/clamav.h" |
d7c59961 |
#include "libclamav/others.h"
#include "libclamav/str.h"
#include "libclamav/cvd.h" |
6bada442 |
#include "libclamav/lockdb.h" |
e3aaff8e |
|
d7c59961 |
#ifndef O_BINARY
#define O_BINARY 0 |
e4ae7726 |
#endif
|
17ad1c5b |
#ifndef C_WINDOWS
#define closesocket(s) close(s)
#endif |
e4ae7726 |
|
926d80f0 |
static int getclientsock(const char *localip) |
e3aaff8e |
{ |
926d80f0 |
int socketfd = -1; |
e3aaff8e |
|
c427ea09 |
#ifdef PF_INET
socketfd = socket(PF_INET, SOCK_STREAM, 0);
#else
socketfd = socket(AF_INET, SOCK_STREAM, 0);
#endif
if(socketfd < 0) {
logg("!Can't create new socket\n");
return -1;
}
|
d7c59961 |
if(localip) { |
926d80f0 |
struct hostent *he;
|
d7c59961 |
if((he = gethostbyname(localip)) == NULL) { |
fc83da82 |
const char *herr; |
fc918fb5 |
switch(h_errno) {
case HOST_NOT_FOUND:
herr = "Host not found";
break;
case NO_DATA:
herr = "No IP address";
break;
case NO_RECOVERY:
herr = "Unrecoverable DNS error";
break;
case TRY_AGAIN:
herr = "Temporary DNS error";
break;
default:
herr = "Unknown error";
break;
} |
0ae41a2d |
logg("!Could not resolve local ip address '%s': %s\n", localip, herr);
logg("^Using standard local ip address and port for fetching.\n"); |
fc918fb5 |
} else {
struct sockaddr_in client; |
926d80f0 |
unsigned char *ia;
char ipaddr[16];
|
fc918fb5 |
memset ((char *) &client, 0, sizeof(struct sockaddr_in));
client.sin_family = AF_INET;
client.sin_addr = *(struct in_addr *) he->h_addr_list[0];
if (bind(socketfd, (struct sockaddr *) &client, sizeof(struct sockaddr_in)) != 0) { |
0ae41a2d |
logg("!Could not bind to local ip address '%s': %s\n", localip, strerror(errno));
logg("^Using default client ip.\n"); |
fc918fb5 |
} else {
ia = (unsigned char *) he->h_addr_list[0];
sprintf(ipaddr, "%u.%u.%u.%u", ia[0], ia[1], ia[2], ia[3]); |
0ae41a2d |
logg("*Using ip '%s' for fetching.\n", ipaddr); |
fc918fb5 |
}
}
} |
926d80f0 |
return socketfd;
}
static int wwwconnect(const char *server, const char *proxy, int pport, char *ip, const char *localip, int ctimeout, struct mirdat *mdat)
{
int socketfd = -1, port, i, ret;
struct sockaddr_in name;
struct hostent *host;
char ipaddr[16];
unsigned char *ia;
const char *hostpt;
if(ip)
strcpy(ip, "???");
socketfd = getclientsock(localip);
if(socketfd < 0)
return -1;
name.sin_family = AF_INET;
|
e3aaff8e |
if(proxy) { |
95d401c4 |
hostpt = proxy;
if(!(port = pport)) { |
e3aaff8e |
#ifndef C_CYGWIN
const struct servent *webcache = getservbyname("webcache", "TCP");
if(webcache)
port = ntohs(webcache->s_port);
else
port = 8080;
|
17ad1c5b |
#ifndef C_WINDOWS |
e3aaff8e |
endservent(); |
17ad1c5b |
#endif |
e3aaff8e |
#else
port = 8080;
#endif
} |
95d401c4 |
|
e3aaff8e |
} else {
hostpt = server;
port = 80;
}
if((host = gethostbyname(hostpt)) == NULL) { |
c8e620d2 |
const char *herr; |
fc918fb5 |
switch(h_errno) {
case HOST_NOT_FOUND:
herr = "Host not found";
break;
case NO_DATA:
herr = "No IP address";
break;
case NO_RECOVERY:
herr = "Unrecoverable DNS error";
break;
case TRY_AGAIN:
herr = "Temporary DNS error";
break;
default:
herr = "Unknown error";
break;
} |
80731e47 |
logg("!Can't get information about %s: %s\n", hostpt, herr); |
c427ea09 |
close(socketfd); |
e3aaff8e |
return -1;
}
|
5c80179f |
for(i = 0; host->h_addr_list[i] != 0; i++) {
/* this dirty hack comes from pink - Nosuid TCP/IP ping 1.6 */
ia = (unsigned char *) host->h_addr_list[i];
sprintf(ipaddr, "%u.%u.%u.%u", ia[0], ia[1], ia[2], ia[3]); |
0ee809e8 |
|
376307a0 |
if((ret = mirman_check(((struct in_addr *) ia)->s_addr, mdat))) {
if(ret == 1)
logg("Ignoring mirror %s (due to previous errors)\n", ipaddr);
else
logg("Ignoring mirror %s (too often connections with outdated version)\n", ipaddr);
continue;
}
|
5c80179f |
if(ip)
strcpy(ip, ipaddr);
if(i > 0) |
0ae41a2d |
logg("Trying host %s (%s)...\n", hostpt, ipaddr); |
0ee809e8 |
|
5c80179f |
name.sin_addr = *((struct in_addr *) host->h_addr_list[i]);
name.sin_port = htons(port);
|
22b802b6 |
#ifdef SO_ERROR |
7d1c492d |
if(wait_connect(socketfd, (struct sockaddr *) &name, sizeof(struct sockaddr_in), ctimeout) == -1) { |
22b802b6 |
#else
if(connect(socketfd, (struct sockaddr *) &name, sizeof(struct sockaddr_in)) == -1) {
#endif |
0ae41a2d |
logg("Can't connect to port %d of host %s (IP: %s)\n", port, hostpt, ipaddr); |
926d80f0 |
close(socketfd);
if((socketfd = getclientsock(localip)) == -1)
return -1;
|
5c80179f |
continue; |
e05a72bb |
} else { |
376307a0 |
mdat->currip = ((struct in_addr *) ia)->s_addr; |
e05a72bb |
return socketfd; |
5c80179f |
} |
e3aaff8e |
}
|
e05a72bb |
close(socketfd); |
5c80179f |
return -2; |
e3aaff8e |
}
|
079229d6 |
static int Rfc2822DateTime(char *buf, time_t mtime) |
e780fcb4 |
{ |
c8e620d2 |
struct tm *gmt; |
e780fcb4 |
|
c8e620d2 |
gmt = gmtime(&mtime);
return strftime(buf, 36, "%a, %d %b %Y %X GMT", gmt); |
e780fcb4 |
}
|
d7c59961 |
static unsigned int fmt_base64(char *dest, const char *src, unsigned int len) |
e3aaff8e |
{ |
d7c59961 |
unsigned short bits = 0,temp = 0;
unsigned long written = 0;
unsigned int i;
const char base64[]="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
for(i = 0; i < len; i++) {
temp <<= 8;
temp += src[i];
bits += 8;
while(bits > 6) {
dest[written] = base64[((temp >> (bits - 6)) & 63)];
written++;
bits -= 6;
}
}
if(bits) {
temp <<= (6 - bits);
dest[written] = base64[temp & 63];
written++;
}
while(written & 3) {
dest[written] = '=';
written++;
}
return written;
}
static char *proxyauth(const char *user, const char *pass)
{
int len;
char *buf, *userpass, *auth;
|
8ca8a18e |
userpass = malloc(strlen(user) + strlen(pass) + 2); |
d7c59961 |
if(!userpass) {
logg("!proxyauth: Can't allocate memory for 'userpass'\n");
return NULL;
}
sprintf(userpass, "%s:%s", user, pass);
|
8ca8a18e |
buf = malloc((strlen(pass) + strlen(user)) * 2 + 4); |
d7c59961 |
if(!buf) {
logg("!proxyauth: Can't allocate memory for 'buf'\n");
free(userpass);
return NULL;
}
len = fmt_base64(buf, userpass, strlen(userpass));
free(userpass);
buf[len] = '\0'; |
8ca8a18e |
auth = malloc(strlen(buf) + 30); |
d7c59961 |
if(!auth) {
logg("!proxyauth: Can't allocate memory for 'authorization'\n");
return NULL;
}
sprintf(auth, "Proxy-Authorization: Basic %s\r\n", buf);
free(buf);
return auth;
}
|
f73b211b |
static struct cl_cvd *remote_cvdhead(const char *file, const char *hostname, char *ip, const char *localip, const char *proxy, int port, const char *user, const char *pass, const char *uas, int *ims, int ctimeout, int rtimeout, struct mirdat *mdat) |
d7c59961 |
{
char cmd[512], head[513], buffer[FILEBUFF], ipaddr[16], *ch, *tmp;
int bread, cnt, sd;
unsigned int i, j; |
e3aaff8e |
char *remotename = NULL, *authorization = NULL; |
8246f576 |
const char *agent; |
e4ae7726 |
struct cl_cvd *cvd; |
e780fcb4 |
char last_modified[36];
struct stat sb;
|
e3aaff8e |
if(proxy) { |
8ca8a18e |
remotename = malloc(strlen(hostname) + 8); |
d7c59961 |
if(!remotename) {
logg("!remote_cvdhead: Can't allocate memory for 'remotename'\n");
return NULL;
} |
e3aaff8e |
sprintf(remotename, "http://%s", hostname);
|
d7c59961 |
if(user) {
authorization = proxyauth(user, pass);
if(!authorization)
return NULL;
} |
e3aaff8e |
}
|
21a851b5 |
if(stat(file, &sb) != -1 && sb.st_mtime < time(NULL)) { |
e780fcb4 |
Rfc2822DateTime(last_modified, sb.st_mtime);
} else {
time_t mtime = 1104119530; |
d7c59961 |
|
e780fcb4 |
Rfc2822DateTime(last_modified, mtime); |
0ae41a2d |
logg("*Assuming modification time in the past\n"); |
e780fcb4 |
} |
e3aaff8e |
|
0ae41a2d |
logg("*If-Modified-Since: %s\n", last_modified); |
e780fcb4 |
|
0ae41a2d |
logg("Reading CVD header (%s): ", file); |
8246f576 |
if(uas)
agent = uas;
else |
3809f541 |
#ifdef CL_EXPERIMENTAL
agent = PACKAGE"/"VERSION"-exp";
#else |
8246f576 |
agent = PACKAGE"/"VERSION; |
3809f541 |
#endif |
8246f576 |
|
d7c59961 |
snprintf(cmd, sizeof(cmd),
"GET %s/%s HTTP/1.1\r\n" |
12aa8746 |
"Host: %s\r\n%s" |
8246f576 |
"User-Agent: %s\r\n" |
12aa8746 |
"Connection: close\r\n"
"Range: bytes=0-511\r\n" |
e780fcb4 |
"If-Modified-Since: %s\r\n" |
d7c59961 |
"\r\n", (remotename != NULL) ? remotename : "", file, hostname, (authorization != NULL) ? authorization : "", agent, last_modified); |
e3aaff8e |
free(remotename);
free(authorization);
|
d7c59961 |
memset(ipaddr, 0, sizeof(ipaddr));
if(ip[0]) /* use ip to connect */ |
376307a0 |
sd = wwwconnect(ip, proxy, port, ipaddr, localip, ctimeout, mdat); |
d7c59961 |
else |
376307a0 |
sd = wwwconnect(hostname, proxy, port, ipaddr, localip, ctimeout, mdat); |
d7c59961 |
if(sd < 0) {
return NULL;
} else {
logg("*Connected to %s (IP: %s).\n", hostname, ipaddr);
logg("*Trying to retrieve CVD header of http://%s/%s\n", hostname, file);
}
if(!ip[0])
strcpy(ip, ipaddr);
|
17ad1c5b |
if(send(sd, cmd, strlen(cmd), 0) < 0) { |
d7c59961 |
logg("!remote_cvdhead: write failed\n"); |
17ad1c5b |
closesocket(sd); |
d7c59961 |
return NULL;
}
|
e3aaff8e |
tmp = buffer; |
f7148839 |
cnt = FILEBUFF; |
22b802b6 |
#ifdef SO_ERROR |
7d1c492d |
while((bread = wait_recv(sd, tmp, cnt, 0, rtimeout)) > 0) { |
22b802b6 |
#else
while((bread = recv(sd, tmp, cnt, 0)) > 0) {
#endif |
d7c59961 |
tmp += bread;
cnt -= bread;
if(cnt <= 0)
break; |
e3aaff8e |
} |
17ad1c5b |
closesocket(sd); |
e3aaff8e |
if(bread == -1) { |
d7c59961 |
logg("!remote_cvdhead: Error while reading CVD header from %s\n", hostname); |
376307a0 |
mirman_update(mdat->currip, mdat, 1); |
e3aaff8e |
return NULL;
}
|
2ccd4c2f |
if((strstr(buffer, "HTTP/1.1 404")) != NULL || (strstr(buffer, "HTTP/1.0 404")) != NULL) { |
d7c59961 |
logg("!CVD file not found on remote server\n"); |
6a3dfd91 |
/* mirman_update(mdat->currip, mdat, 1); */ |
e780fcb4 |
return NULL;
}
/* check whether the resource is up-to-date */ |
2ccd4c2f |
if((strstr(buffer, "HTTP/1.1 304")) != NULL || (strstr(buffer, "HTTP/1.0 304")) != NULL) { |
e780fcb4 |
*ims = 0; |
0ae41a2d |
logg("OK (IMS)\n"); |
376307a0 |
mirman_update(mdat->currip, mdat, 0); |
e780fcb4 |
return NULL;
} else {
*ims = 1; |
e3aaff8e |
}
|
59e52b2c |
if(!strstr(buffer, "HTTP/1.1 200") && !strstr(buffer, "HTTP/1.0 200") &&
!strstr(buffer, "HTTP/1.1 206") && !strstr(buffer, "HTTP/1.0 206")) {
logg("!Unknown response from remote server\n"); |
376307a0 |
mirman_update(mdat->currip, mdat, 1); |
59e52b2c |
return NULL;
}
|
fe3c5385 |
i = 3;
ch = buffer + i;
while(i < sizeof(buffer)) { |
d7c59961 |
if (*ch == '\n' && *(ch - 1) == '\r' && *(ch - 2) == '\n' && *(ch - 3) == '\r') {
ch++;
i++;
break;
} |
e3aaff8e |
ch++;
i++; |
fe3c5385 |
}
if(sizeof(buffer) - i < 512) { |
d7c59961 |
logg("!remote_cvdhead: Malformed CVD header (too short)\n"); |
376307a0 |
mirman_update(mdat->currip, mdat, 1); |
fe3c5385 |
return NULL;
} |
e3aaff8e |
|
e4ae7726 |
memset(head, 0, sizeof(head));
|
d7c59961 |
for(j = 0; j < 512; j++) {
if(!ch || (ch && !*ch) || (ch && !isprint(ch[j]))) {
logg("!remote_cvdhead: Malformed CVD header (bad chars)\n"); |
376307a0 |
mirman_update(mdat->currip, mdat, 1); |
d7c59961 |
return NULL;
}
head[j] = ch[j]; |
e3aaff8e |
}
|
376307a0 |
if(!(cvd = cl_cvdparse(head))) {
logg("!Malformed CVD header (can't parse)\n");
mirman_update(mdat->currip, mdat, 1);
} else { |
0ae41a2d |
logg("OK\n"); |
376307a0 |
mirman_update(mdat->currip, mdat, 0);
} |
e4ae7726 |
return cvd; |
e3aaff8e |
}
|
376307a0 |
static int getfile(const char *srcfile, const char *destfile, const char *hostname, char *ip, const char *localip, const char *proxy, int port, const char *user, const char *pass, const char *uas, int ctimeout, int rtimeout, struct mirdat *mdat) |
e3aaff8e |
{ |
95d401c4 |
char cmd[512], buffer[FILEBUFF], *ch; |
d7c59961 |
int bread, fd, totalsize = 0, rot = 0, totaldownloaded = 0,
percentage = 0, sd;
unsigned int i;
char *remotename = NULL, *authorization = NULL, *headerline, ipaddr[16];
const char *rotation = "|/-\\", *agent; |
e3aaff8e |
if(proxy) { |
8ca8a18e |
remotename = malloc(strlen(hostname) + 8); |
d7c59961 |
if(!remotename) {
logg("!getfile: Can't allocate memory for 'remotename'\n");
return 75; /* FIXME */
} |
e3aaff8e |
sprintf(remotename, "http://%s", hostname);
|
d7c59961 |
if(user) {
authorization = proxyauth(user, pass);
if(!authorization)
return 75; /* FIXME */
} |
e3aaff8e |
}
|
21c59a0d |
if(uas)
agent = uas;
else |
3809f541 |
#ifdef CL_EXPERIMENTAL
agent = PACKAGE"/"VERSION"-exp";
#else |
21c59a0d |
agent = PACKAGE"/"VERSION; |
3809f541 |
#endif |
21c59a0d |
|
d7c59961 |
snprintf(cmd, sizeof(cmd),
"GET %s/%s HTTP/1.1\r\n"
"Host: %s\r\n%s"
"User-Agent: %s\r\n" |
69dfd3de |
#ifdef FRESHCLAM_NO_CACHE |
d7c59961 |
"Cache-Control: no-cache\r\n" |
69dfd3de |
#endif |
d7c59961 |
"Connection: close\r\n"
"\r\n", (remotename != NULL) ? remotename : "", srcfile, hostname, (authorization != NULL) ? authorization : "", agent); |
e3aaff8e |
|
d7c59961 |
memset(ipaddr, 0, sizeof(ipaddr));
if(ip[0]) /* use ip to connect */ |
376307a0 |
sd = wwwconnect(ip, proxy, port, ipaddr, localip, ctimeout, mdat); |
d7c59961 |
else |
376307a0 |
sd = wwwconnect(hostname, proxy, port, ipaddr, localip, ctimeout, mdat); |
e3aaff8e |
|
d7c59961 |
if(sd < 0) {
return 52;
} else {
logg("*Trying to download http://%s/%s (IP: %s)\n", hostname, srcfile, ipaddr);
}
if(!ip[0])
strcpy(ip, ipaddr);
|
17ad1c5b |
if(send(sd, cmd, strlen(cmd), 0) < 0) { |
d7c59961 |
logg("!getfile: Can't write to socket\n");
return 52;
} |
e3aaff8e |
|
d7c59961 |
if(remotename)
free(remotename);
if(authorization)
free(authorization);
/* read http headers */ |
e3aaff8e |
ch = buffer;
i = 0; |
d7c59961 |
while(1) {
/* recv one byte at a time, until we reach \r\n\r\n */ |
22b802b6 |
#ifdef SO_ERROR |
7d1c492d |
if((i >= sizeof(buffer) - 1) || wait_recv(sd, buffer + i, 1, 0, rtimeout) == -1) { |
22b802b6 |
#else
if((i >= sizeof(buffer) - 1) || recv(sd, buffer + i, 1, 0) == -1) {
#endif |
376307a0 |
logg("!getfile: Error while reading database from %s (IP: %s)\n", hostname, ipaddr);
mirman_update(mdat->currip, mdat, 1); |
d7c59961 |
return 52;
} |
f9da20cc |
|
d7c59961 |
if(i > 2 && *ch == '\n' && *(ch - 1) == '\r' && *(ch - 2) == '\n' && *(ch - 3) == '\r') {
i++;
break;
}
ch++; |
e3aaff8e |
i++; |
d6a56e70 |
} |
e3aaff8e |
|
3755dd3f |
buffer[i] = 0;
|
f9da20cc |
/* check whether the resource actually existed or not */ |
18a9b7c5 |
if((strstr(buffer, "HTTP/1.1 404")) != NULL || (strstr(buffer, "HTTP/1.0 404")) != NULL) { |
376307a0 |
logg("!getfile: %s not found on remote server (IP: %s)\n", srcfile, ipaddr); |
6a3dfd91 |
/* mirman_update(mdat->currip, mdat, 1); */ |
17ad1c5b |
closesocket(sd); |
d7c59961 |
return 58; |
f9da20cc |
}
|
59e52b2c |
if(!strstr(buffer, "HTTP/1.1 200") && !strstr(buffer, "HTTP/1.0 200") &&
!strstr(buffer, "HTTP/1.1 206") && !strstr(buffer, "HTTP/1.0 206")) { |
376307a0 |
logg("!getfile: Unknown response from remote server (IP: %s)\n", ipaddr);
mirman_update(mdat->currip, mdat, 1); |
17ad1c5b |
closesocket(sd); |
a889f40e |
return 58; |
59e52b2c |
}
|
b12491c6 |
/* get size of resource */
for(i = 0; (headerline = cli_strtok(buffer, i, "\n")); i++){
if(strstr(headerline, "Content-Length:")) { |
d7c59961 |
if((ch = cli_strtok(headerline, 1, ": "))) {
totalsize = atoi(ch);
free(ch);
} else {
totalsize = 0;
} |
b12491c6 |
} |
d7c59961 |
free(headerline);
}
if((fd = open(destfile, O_WRONLY|O_CREAT|O_EXCL|O_BINARY, 0644)) == -1) {
char currdir[512];
getcwd(currdir, sizeof(currdir));
logg("!getfile: Can't create new file %s in %s\n", destfile, currdir);
logg("Hint: The database directory must be writable for UID %d or GID %d\n", getuid(), getgid()); |
17ad1c5b |
closesocket(sd); |
d7c59961 |
return 57; |
b12491c6 |
}
|
22b802b6 |
#ifdef SO_ERROR |
7d1c492d |
while((bread = wait_recv(sd, buffer, FILEBUFF, 0, rtimeout)) > 0) { |
22b802b6 |
#else
while((bread = recv(sd, buffer, FILEBUFF, 0)) > 0) {
#endif |
d7c59961 |
if(write(fd, buffer, bread) != bread) {
logg("getfile: Can't write %d bytes to %s\n", bread, destfile);
unlink(destfile);
close(fd); |
17ad1c5b |
closesocket(sd); |
d7c59961 |
return 57; /* FIXME */
} |
f9da20cc |
|
25a9fc52 |
if(totalsize > 0) {
totaldownloaded += bread;
percentage = (int) (100 * (float) totaldownloaded / totalsize);
}
|
b12491c6 |
if(!mprintf_quiet) {
if(totalsize > 0) { |
d7c59961 |
mprintf("Downloading %s [%3i%%]\r", srcfile, percentage); |
b12491c6 |
} else { |
d7c59961 |
mprintf("Downloading %s [%c]\r", srcfile, rotation[rot]); |
b12491c6 |
rot++;
rot %= 4;
}
fflush(stdout);
} |
e3aaff8e |
} |
17ad1c5b |
closesocket(sd); |
d7c59961 |
close(fd); |
e3aaff8e |
|
b12491c6 |
if(totalsize > 0) |
c8e620d2 |
logg("Downloading %s [%i%%]\n", srcfile, percentage); |
b12491c6 |
else |
d7c59961 |
logg("Downloading %s [*]\n", srcfile);
|
376307a0 |
mirman_update(mdat->currip, mdat, 0); |
d7c59961 |
return 0;
}
|
376307a0 |
static int getcvd(const char *dbfile, const char *hostname, char *ip, const char *localip, const char *proxy, int port, const char *user, const char *pass, const char *uas, int nodb, unsigned int newver, int ctimeout, int rtimeout, struct mirdat *mdat) |
d7c59961 |
{
char *tempname;
struct cl_cvd *cvd;
int ret;
tempname = cli_gentemp(".");
logg("*Retrieving http://%s/%s\n", hostname, dbfile); |
376307a0 |
if((ret = getfile(dbfile, tempname, hostname, ip, localip, proxy, port, user, pass, uas, ctimeout, rtimeout, mdat))) {
logg("!Can't download %s from %s\n", dbfile, hostname); |
d7c59961 |
unlink(tempname);
free(tempname);
return ret;
}
if((ret = cl_cvdverify(tempname))) {
logg("!Verification: %s\n", cl_strerror(ret));
unlink(tempname);
free(tempname);
return 54;
}
if(!(cvd = cl_cvdhead(tempname))) {
logg("!Can't read CVD header of new %s database.\n", dbfile);
unlink(tempname);
free(tempname);
return 54;
}
if(cvd->version < newver) { |
9e8b6be6 |
logg("^Mirror %s is not synchronized.\n", ip); |
d7c59961 |
cl_cvdfree(cvd);
unlink(tempname);
free(tempname);
return 59;
}
if(!nodb && unlink(dbfile)) {
logg("!Can't unlink %s. Please fix it and try again.\n", dbfile);
cl_cvdfree(cvd);
unlink(tempname);
free(tempname);
return 53;
} else {
if(rename(tempname, dbfile) == -1) {
if(errno == EEXIST) {
unlink(dbfile);
if(rename(tempname, dbfile) == -1) {
logg("!All attempts to rename the temporary file failed: %s\n", strerror(errno));
return 57;
}
}
}
} |
b12491c6 |
|
e3aaff8e |
return 0;
}
|
d7c59961 |
static int chdir_inc(const char *dbname)
{
struct stat sb;
char path[32], dbfile[32];
sprintf(path, "%s.inc", dbname);
sprintf(dbfile, "%s.cvd", dbname);
if(stat(path, &sb) == -1) {
if(mkdir(path, 0755) == -1) {
logg("!chdir_inc: Can't create directory %s\n", path);
return -1;
}
if(cvd_unpack(dbfile, path) == -1) { |
40846ea3 |
logg("!chdir_inc: Can't unpack %s into %s\n", dbfile, path); |
66ba1785 |
cli_rmdirs(path); |
d7c59961 |
return -1; |
e3aaff8e |
}
} |
d7c59961 |
if(chdir(path) == -1) {
logg("!chdir_inc: Can't change directory to %s\n", path);
return -1; |
e3aaff8e |
} |
d7c59961 |
return 0;
}
|
376307a0 |
static int getpatch(const char *dbname, int version, const char *hostname, char *ip, const char *localip, const char *proxy, int port, const char *user, const char *pass, const char *uas, int ctimeout, int rtimeout, struct mirdat *mdat) |
d7c59961 |
{
char *tempname, patch[32], olddir[512];
int ret, fd;
if(!getcwd(olddir, sizeof(olddir))) {
logg("!getpatch: Can't get path of current working directory\n");
return 50; /* FIXME */
}
if(chdir_inc(dbname) == -1)
return 50;
tempname = cli_gentemp(".");
snprintf(patch, sizeof(patch), "%s-%d.cdiff", dbname, version);
logg("*Retrieving http://%s/%s\n", hostname, patch); |
376307a0 |
if((ret = getfile(patch, tempname, hostname, ip, localip, proxy, port, user, pass, uas, ctimeout, rtimeout, mdat))) {
logg("!getpatch: Can't download %s from %s\n", patch, hostname); |
d7c59961 |
unlink(tempname);
free(tempname);
chdir(olddir);
return ret;
}
|
12f21945 |
if((fd = open(tempname, O_RDONLY|O_BINARY)) == -1) { |
d7c59961 |
logg("!getpatch: Can't open %s for reading\n", tempname);
unlink(tempname);
free(tempname);
chdir(olddir);
return 55;
}
|
5b68299b |
if(cdiff_apply(fd, 1) == -1) { |
d7c59961 |
logg("!getpatch: Can't apply patch\n"); |
7a1c7b4e |
close(fd); |
d7c59961 |
unlink(tempname);
free(tempname);
chdir(olddir);
return 70; /* FIXME */
}
|
7a1c7b4e |
close(fd); |
f9467801 |
unlink(tempname);
free(tempname); |
d7c59961 |
chdir(olddir);
return 0;
}
|
6ba48775 |
static struct cl_cvd *currentdb(const char *dbname, unsigned int *inc) |
d7c59961 |
{
struct stat sb;
char path[512];
struct cl_cvd *cvd;
snprintf(path, sizeof(path), "%s.inc", dbname);
if(stat(path, &sb) != -1) {
snprintf(path, sizeof(path), "%s.inc/%s.info", dbname, dbname); |
011b4f29 |
if(inc)
*inc = 1; |
6ba48775 |
} else { |
d7c59961 |
snprintf(path, sizeof(path), "%s.cvd", dbname); |
011b4f29 |
if(inc)
*inc = 0; |
6ba48775 |
} |
d7c59961 |
cvd = cl_cvdhead(path);
return cvd;
}
|
376307a0 |
static int updatedb(const char *dbname, const char *hostname, char *ip, int *signo, const struct cfgstruct *copt, const char *dnsreply, char *localip, int outdated, struct mirdat *mdat) |
d7c59961 |
{
struct cl_cvd *current, *remote; |
c8e620d2 |
const struct cfgstruct *cpt; |
f73b211b |
unsigned int nodb = 0, currver = 0, newver = 0, port = 0, i, j;
int ret, ims = -1; |
80731e47 |
char *pt, dbfile[32], dbinc[32], *bacinc = NULL; |
d7c59961 |
const char *proxy = NULL, *user = NULL, *pass = NULL, *uas = NULL; |
c8e620d2 |
unsigned int flevel = cl_retflevel(), inc, maxattempts; |
d7c59961 |
struct stat sb; |
7d1c492d |
int ctimeout, rtimeout; |
d7c59961 |
snprintf(dbfile, sizeof(dbfile), "%s.cvd", dbname);
snprintf(dbinc, sizeof(dbinc), "%s.inc", dbname);
|
6ba48775 |
if(!(current = currentdb(dbname, &inc))) { |
d7c59961 |
nodb = 1; |
6ba48775 |
inc = 0; |
d7c59961 |
if(stat(dbinc, &sb) != -1) {
logg("^Removing corrupted incremental directory %s\n", dbinc); |
66ba1785 |
if(cli_rmdirs(dbinc)) { |
d7c59961 |
logg("!Can't remove incremental directory\n");
return 53;
}
if(stat(dbfile, &sb) != -1) {
logg("^Removing obsolete %s\n", dbfile);
if(unlink(dbfile)) {
logg("!Can't unlink %s\n", dbfile);
return 53;
}
}
} |
376307a0 |
} else {
mdat->dbflevel = current->fl; |
d7c59961 |
}
if(!nodb && dnsreply) {
int field = 0;
if(!strcmp(dbname, "main")) {
field = 1;
} else if(!strcmp(dbname, "daily")) {
field = 2;
} else {
logg("!updatedb: Unknown database name (%s) passed.\n", dbname);
cl_cvdfree(current);
return 70;
}
if(field && (pt = cli_strtok(dnsreply, field, ":"))) {
if(!isnumb(pt)) {
logg("^Broken database version in TXT record.\n");
} else {
newver = atoi(pt);
logg("*%s version from DNS: %d\n", dbfile, newver);
}
free(pt);
} else {
logg("^Invalid DNS reply. Falling back to HTTP mode.\n");
}
}
/* Initialize proxy settings */
if((cpt = cfgopt(copt, "HTTPProxyServer"))->enabled) {
proxy = cpt->strarg;
if(strncasecmp(proxy, "http://", 7) == 0)
proxy += 7;
if((cpt = cfgopt(copt, "HTTPProxyUsername"))->enabled) {
user = cpt->strarg;
if((cpt = cfgopt(copt, "HTTPProxyPassword"))->enabled) {
pass = cpt->strarg;
} else {
logg("HTTPProxyUsername requires HTTPProxyPassword\n");
if(current)
cl_cvdfree(current);
return 56;
}
}
if((cpt = cfgopt(copt, "HTTPProxyPort"))->enabled)
port = cpt->numarg;
logg("Connecting via %s\n", proxy);
}
if((cpt = cfgopt(copt, "HTTPUserAgent"))->enabled)
uas = cpt->strarg;
|
7d1c492d |
ctimeout = cfgopt(copt, "ConnectTimeout")->numarg;
rtimeout = cfgopt(copt, "ReceiveTimeout")->numarg; |
d7c59961 |
|
14c1c467 |
if(!nodb && !newver) { |
d7c59961 |
|
376307a0 |
remote = remote_cvdhead(dbfile, hostname, ip, localip, proxy, port, user, pass, uas, &ims, ctimeout, rtimeout, mdat); |
d7c59961 |
if(!nodb && !ims) { |
6ba48775 |
logg("%s is up to date (version: %d, sigs: %d, f-level: %d, builder: %s)\n", inc ? dbinc : dbfile, current->version, current->sigs, current->fl, current->builder); |
d7c59961 |
*signo += current->sigs;
cl_cvdfree(current);
return 1;
}
if(!remote) {
logg("^Can't read %s header from %s (IP: %s)\n", dbfile, hostname, ip);
cl_cvdfree(current);
return 58;
}
newver = remote->version;
cl_cvdfree(remote);
}
if(!nodb && (current->version >= newver)) { |
6ba48775 |
logg("%s is up to date (version: %d, sigs: %d, f-level: %d, builder: %s)\n", inc ? dbinc : dbfile, current->version, current->sigs, current->fl, current->builder); |
d7c59961 |
if(!outdated && flevel < current->fl) {
/* display warning even for already installed database */
logg("^Current functionality level = %d, recommended = %d\n", flevel, current->fl);
logg("Please check if ClamAV tools are linked against proper version of libclamav\n"); |
61409916 |
logg("DON'T PANIC! Read http://www.clamav.net/support/faq\n"); |
d7c59961 |
}
*signo += current->sigs;
cl_cvdfree(current);
return 1;
}
|
28861d8a |
if(current) {
currver = current->version; |
d7c59961 |
cl_cvdfree(current); |
28861d8a |
} |
d7c59961 |
/*
if(ipaddr[0]) {
hostfd = wwwconnect(ipaddr, proxy, port, NULL, localip);
} else {
hostfd = wwwconnect(hostname, proxy, port, ipaddr, localip);
if(!ip[0])
strcpy(ip, ipaddr);
}
if(hostfd < 0) {
if(ipaddr[0])
logg("Connection with %s (IP: %s) failed.\n", hostname, ipaddr);
else
logg("Connection with %s failed.\n", hostname);
return 52;
};
*/
|
011b4f29 |
if(!cfgopt(copt, "ScriptedUpdates")->enabled)
nodb = 1;
|
d7c59961 |
if(nodb) { |
376307a0 |
ret = getcvd(dbfile, hostname, ip, localip, proxy, port, user, pass, uas, nodb, newver, ctimeout, rtimeout, mdat); |
78ad4eff |
if(ret) {
memset(ip, 0, 16); |
d7c59961 |
return ret; |
78ad4eff |
} |
d7c59961 |
} else {
ret = 0;
|
80731e47 |
if(!access(dbinc, X_OK)) {
if((bacinc = cli_gentemp("."))) {
if(dircopy(dbinc, bacinc) == -1) {
free(bacinc);
bacinc = NULL;
}
}
}
|
c8e620d2 |
maxattempts = cfgopt(copt, "MaxAttempts")->numarg; |
d7c59961 |
for(i = currver + 1; i <= newver; i++) { |
c8e620d2 |
for(j = 0; j < maxattempts; j++) { |
80731e47 |
ret = getpatch(dbname, i, hostname, ip, localip, proxy, port, user, pass, uas, ctimeout, rtimeout, mdat);
if(ret == 52 || ret == 58) {
memset(ip, 0, 16);
continue;
} else {
break;
} |
d7c59961 |
} |
80731e47 |
if(ret)
break; |
d7c59961 |
}
if(ret) { |
80731e47 |
logg("^Incremental update failed, trying to download %s\n", dbfile); |
d7c59961 |
|
376307a0 |
ret = getcvd(dbfile, hostname, ip, localip, proxy, port, user, pass, uas, 1, newver, ctimeout, rtimeout, mdat); |
80731e47 |
if(ret) {
if(bacinc) {
logg("*Restoring incremental directory %s from backup\n", dbinc); |
66ba1785 |
cli_rmdirs(dbinc); |
80731e47 |
rename(bacinc, dbinc);
free(bacinc);
} |
d7c59961 |
return ret; |
80731e47 |
} else {
logg("*Removing incremental directory %s\n", dbinc); |
66ba1785 |
cli_rmdirs(dbinc); |
80731e47 |
}
|
7a1c7b4e |
} else {
unlink(dbfile); |
d7c59961 |
} |
80731e47 |
if(bacinc) {
logg("*Removing backup directory %s\n", bacinc); |
66ba1785 |
cli_rmdirs(bacinc); |
80731e47 |
free(bacinc);
} |
d7c59961 |
}
|
011b4f29 |
if(!(current = currentdb(dbname, NULL))) { |
d7c59961 |
/* should never be reached */
logg("!Can't parse new database\n");
return 55; /* FIXME */
}
|
011b4f29 |
if(nodb && inc) |
66ba1785 |
cli_rmdirs(dbinc); |
011b4f29 |
|
6ba48775 |
logg("%s updated (version: %d, sigs: %d, f-level: %d, builder: %s)\n", inc ? dbinc : dbfile, current->version, current->sigs, current->fl, current->builder); |
d7c59961 |
if(flevel < current->fl) {
logg("^Your ClamAV installation is OUTDATED!\n");
logg("^Current functionality level = %d, recommended = %d\n", flevel, current->fl); |
61409916 |
logg("DON'T PANIC! Read http://www.clamav.net/support/faq\n"); |
d7c59961 |
}
*signo += current->sigs;
cl_cvdfree(current);
return 0; |
e3aaff8e |
} |
d7c59961 |
|
6bada442 |
int downloadmanager(const struct cfgstruct *copt, const struct optstruct *opt, const char *hostname, const char *dbdir) |
d7c59961 |
{
time_t currtime;
int ret, updated = 0, outdated = 0, signo = 0; |
6bada442 |
unsigned int ttl, try = 0; |
d7c59961 |
char ipaddr[16], *dnsreply = NULL, *pt, *localip = NULL, *newver = NULL;
const char *arg = NULL; |
c8e620d2 |
const struct cfgstruct *cpt; |
376307a0 |
struct mirdat mdat; |
d7c59961 |
#ifdef HAVE_RESOLV_H
const char *dnsdbinfo;
#endif
time(&currtime);
logg("ClamAV update process started at %s", ctime(&currtime));
#ifndef HAVE_GMP
logg("SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES\n"); |
61409916 |
logg("See the FAQ at http://www.clamav.net/support/faq for an explanation.\n"); |
d7c59961 |
#endif
#ifdef HAVE_RESOLV_H
dnsdbinfo = cfgopt(copt, "DNSDatabaseInfo")->strarg;
if(opt_check(opt, "no-dns")) {
dnsreply = NULL;
} else {
if((dnsreply = txtquery(dnsdbinfo, &ttl))) {
logg("*TTL: %d\n", ttl);
if((pt = cli_strtok(dnsreply, 3, ":"))) {
int rt;
time_t ct;
rt = atoi(pt);
free(pt);
time(&ct);
if((int) ct - rt > 10800) {
logg("^DNS record is older than 3 hours.\n");
free(dnsreply);
dnsreply = NULL;
}
} else {
free(dnsreply);
dnsreply = NULL;
}
if(dnsreply) {
int vwarning = 1;
if((pt = cli_strtok(dnsreply, 4, ":"))) {
if(*pt == '0')
vwarning = 0;
free(pt);
}
if((newver = cli_strtok(dnsreply, 0, ":"))) {
logg("*Software version from DNS: %s\n", newver);
if(vwarning && !strstr(cl_retver(), "devel") && !strstr(cl_retver(), "rc")) {
if(strcmp(cl_retver(), newver)) {
logg("^Your ClamAV installation is OUTDATED!\n"); |
e5d29b15 |
logg("^Local version: %s Recommended version: %s\n", cl_retver(), newver); |
61409916 |
logg("DON'T PANIC! Read http://www.clamav.net/support/faq\n"); |
d7c59961 |
outdated = 1;
}
}
}
} else {
if(dnsreply) {
free(dnsreply);
dnsreply = NULL;
}
}
}
if(!dnsreply) {
logg("^Invalid DNS reply. Falling back to HTTP mode.\n");
}
}
#endif /* HAVE_RESOLV_H */
if(opt_check(opt, "local-address")) {
localip = opt_arg(opt, "local-address");
} else if((cpt = cfgopt(copt, "LocalIPAddress"))->enabled) {
localip = cpt->strarg;
}
|
6bada442 |
while(cli_writelockdb(dbdir, 0) == CL_ELOCKDB) {
logg("*Waiting to lock database directory: %s\n", dbdir);
sleep(5);
if(++try > 12) {
logg("!Can't lock database directory: %s\n", dbdir);
if(dnsreply)
free(dnsreply);
if(newver)
free(newver);
return 61;
}
}
|
a7db63d1 |
if(cfgopt(copt, "HTTPProxyServer")->enabled)
mirman_read("mirrors.dat", &mdat, 0);
else
mirman_read("mirrors.dat", &mdat, 1); |
376307a0 |
|
d7c59961 |
memset(ipaddr, 0, sizeof(ipaddr));
|
376307a0 |
if((ret = updatedb("main", hostname, ipaddr, &signo, copt, dnsreply, localip, outdated, &mdat)) > 50) { |
d7c59961 |
if(dnsreply)
free(dnsreply);
if(newver)
free(newver);
|
376307a0 |
mirman_write("mirrors.dat", &mdat); |
6bada442 |
cli_unlockdb(dbdir); |
d7c59961 |
return ret;
} else if(ret == 0)
updated = 1;
/* if ipaddr[0] != 0 it will use it to connect to the web host */ |
376307a0 |
if((ret = updatedb("daily", hostname, ipaddr, &signo, copt, dnsreply, localip, outdated, &mdat)) > 50) { |
d7c59961 |
if(dnsreply)
free(dnsreply);
if(newver)
free(newver);
|
376307a0 |
mirman_write("mirrors.dat", &mdat); |
6bada442 |
cli_unlockdb(dbdir); |
d7c59961 |
return ret;
} else if(ret == 0)
updated = 1;
if(dnsreply)
free(dnsreply);
|
376307a0 |
mirman_write("mirrors.dat", &mdat); |
6bada442 |
cli_unlockdb(dbdir); |
376307a0 |
|
d7c59961 |
if(updated) {
if(cfgopt(copt, "HTTPProxyServer")->enabled) {
logg("Database updated (%d signatures) from %s\n", signo, hostname);
} else {
logg("Database updated (%d signatures) from %s (IP: %s)\n", signo, hostname, ipaddr);
}
#ifdef BUILD_CLAMD
if(opt_check(opt, "daemon-notify")) {
const char *clamav_conf = opt_arg(opt, "daemon-notify");
if(!clamav_conf)
clamav_conf = CONFDIR"/clamd.conf";
notify(clamav_conf);
} else if((cpt = cfgopt(copt, "NotifyClamd"))->enabled) {
notify(cpt->strarg);
}
#endif
if(opt_check(opt, "on-update-execute"))
arg = opt_arg(opt, "on-update-execute");
else if((cpt = cfgopt(copt, "OnUpdateExecute"))->enabled)
arg = cpt->strarg;
if(arg) {
if(opt_check(opt, "daemon"))
execute("OnUpdateExecute", arg);
else
system(arg);
}
}
if(outdated) {
if(opt_check(opt, "on-outdated-execute"))
arg = opt_arg(opt, "on-outdated-execute");
else if((cpt = cfgopt(copt, "OnOutdatedExecute"))->enabled)
arg = cpt->strarg;
if(arg) {
char *cmd = strdup(arg);
|
dd952d65 |
if((pt = newver)) {
while(*pt) {
if(!strchr("0123456789.", *pt)) {
logg("!downloadmanager: OnOutdatedExecute: Incorrect version number string\n");
free(newver);
newver = NULL;
break;
}
pt++;
}
}
if(newver && (pt = strstr(cmd, "%v"))) { |
8ca8a18e |
char *buffer = (char *) malloc(strlen(cmd) + strlen(newver) + 10); |
d7c59961 |
if(!buffer) {
logg("!downloadmanager: Can't allocate memory for buffer\n");
free(cmd);
if(newver)
free(newver); |
6bada442 |
return 75; |
d7c59961 |
}
*pt = 0; pt += 2;
strcpy(buffer, cmd);
strcat(buffer, newver);
strcat(buffer, pt);
free(cmd);
cmd = strdup(buffer);
free(buffer);
}
|
dd952d65 |
if(newver) {
if(opt_check(opt, "daemon"))
execute("OnOutdatedExecute", cmd);
else
system(cmd);
} |
d7c59961 |
free(cmd);
}
}
if(newver)
free(newver);
return updated ? 0 : 1;
}
|