@@ -1,3 +1,8 @@

+Sat Jan 13 17:55:25 CET 2007 (tk)

+---------------------------------

+  * libclamav, freshclam: add dbdir locking mechanism (closes bb#113, #143)

+			  Patch from Mark Pizzolato

+

 Sat Jan 13 15:37:51 CET 2007 (acab)

 -----------------------------------

   * libclamav: add Upack support from Michal Spadlinski <gim913 * gmail.com>

@@ -55,6 +55,8 @@

 #include "shared/output.h"

 #include "shared/misc.h"

+#include "libclamav/lockdb.h"

+

 #include "execute.h"

 #include "manager.h"

 #include "mirman.h"

@@ -148,7 +150,7 @@ void help(void)

     mprintf("\n");

 }

-int download(const struct cfgstruct *copt, const struct optstruct *opt)

+int download(const struct cfgstruct *copt, const struct optstruct *opt, const char *datadir)

 {

 	int ret = 0, try = 0, maxattempts = 0;

 	struct cfgstruct *cpt;

@@ -161,7 +163,15 @@ int download(const struct cfgstruct *copt, const struct optstruct *opt)

 	logg("^You must specify at least one database mirror.\n");

 	return 56;

     } else {

-

+	while(cli_writelockdb(datadir, 0) == CL_ELOCKDB) {

+            logg("*Waiting to lock database directory: %s\n", datadir);

+	    sleep(5);

+	    if(++try > 12) {

+		logg("!Can't lock database directory: %s\n", datadir);

+		return 61; 

+	    }

+	}

+	try = 0;

 	while(cpt) {

 	    ret = downloadmanager(copt, opt, cpt->strarg);

 	    alarm(0);

@@ -182,9 +192,11 @@ int download(const struct cfgstruct *copt, const struct optstruct *opt)

 		}

 	    } else {

+		cli_unlockdb(datadir);

 		return ret;

 	    }

 	}

+	cli_unlockdb(datadir);

     }

     return ret;

@@ -489,7 +501,7 @@ int main(int argc, char **argv)

 #endif

 	while(!terminate) {

-	    ret = download(copt, opt);

+	    ret = download(copt, opt, newdir);

             if(ret > 1) {

 		    const char *arg = NULL;

@@ -541,7 +553,7 @@ int main(int argc, char **argv)

 	}

     } else

-	ret = download(copt, opt);

+	ret = download(copt, opt, newdir);

     if(opt_check(opt, "on-error-execute")) {

 	if(ret > 1)

@@ -164,6 +164,8 @@ libclamav_la_SOURCES = \

 	hashtab.c \

 	hashtab.h \

 	dconf.c \

-	dconf.h

+	dconf.h \

+	lockdb.c \

+	lockdb.h

 lib_LTLIBRARIES = libclamav.la

@@ -88,7 +88,8 @@ am_libclamav_la_OBJECTS = matcher-ac.lo matcher-bm.lo matcher-ncore.lo \

 	unrarfilter.lo unrarppm.lo unrar20.lo unrarcmd.lo pdf.lo \

 	spin.lo yc.lo elf.lo sis.lo uuencode.lo pst.lo phishcheck.lo \

 	phish_domaincheck_db.lo phish_whitelist.lo regex_list.lo \

-	sha256.lo mspack.lo cab.lo entconv.lo hashtab.lo dconf.lo

+	sha256.lo mspack.lo cab.lo entconv.lo hashtab.lo dconf.lo \

+	lockdb.lo

 libclamav_la_OBJECTS = $(am_libclamav_la_OBJECTS)

 DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)

 depcomp = $(SHELL) $(top_srcdir)/depcomp

@@ -376,7 +377,9 @@ libclamav_la_SOURCES = \

 	hashtab.c \

 	hashtab.h \

 	dconf.c \

-	dconf.h

+	dconf.h \

+	lockdb.c \

+	lockdb.h

 lib_LTLIBRARIES = libclamav.la

 all: all-am

@@ -463,6 +466,7 @@ distclean-compile:

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/htmlnorm.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/is_tar.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/line.Plo@am__quote@

+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lockdb.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/matcher-ac.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/matcher-bm.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/matcher-ncore.Plo@am__quote@

@@ -62,7 +62,7 @@ extern "C"

 #define CL_EIO		-123 /* general I/O error */

 #define CL_EFORMAT	-124 /* bad format or broken file */

 #define CL_ESUPPORT	-125 /* not supported data format */

-#define CL_EFOO		-126 /* fake error code */

+#define CL_ELOCKDB	-126 /* can't lock DB directory */

 /* NodalCore */

 #define CL_ENCINIT	-200 /* NodalCore initialization failed */

new file mode 100644

@@ -0,0 +1,277 @@

+/*

+ *  Copyright (C) 2006 Mark Pizzolato <clamav-devel@subscriptions.pizzolato.net>

+ *

+ *  This program is free software; you can redistribute it and/or modify

+ *  it under the terms of the GNU General Public License as published by

+ *  the Free Software Foundation; either version 2 of the License, or

+ *  (at your option) any later version.

+ *

+ *  This program is distributed in the hope that it will be useful,

+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of

+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ *  GNU General Public License for more details.

+ *

+ *  You should have received a copy of the GNU General Public License

+ *  along with this program; if not, write to the Free Software

+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

+ *  MA 02110-1301, USA.

+ */

+

+/*

+ * This is a problem, which from a purist point of view, best wants an 

+ * RW locking mechanism.

+ * On Posix platforms, we leverage advisory locks provided by fcntl().

+ * Windows doesn't have a native interprocess RW exclusion mechanism, 

+ * one could be constructed from the services available, but it is somewhat

+ * complicated.  Meanwhile, we observe that in ClamAV, it is extremely rare 

+ * that there will ever be an occasion when multiple processes will be 

+ * reading the ClamAV database from a given directory at the same, and in 

+ * none of those possible cases would it matter if they serialized their 

+ * accesses.  So, a simple mutual exclusion mechanism will suffice for both 

+ * the reader and writer locks on Windows.

+ */

+

+#if HAVE_CONFIG_H

+#include "clamav-config.h"

+#endif

+

+#include <stdio.h>

+#include <stdarg.h>

+#include <stdlib.h>

+#include <string.h>

+#include <ctype.h>

+#ifndef C_WINDOWS

+#include <unistd.h>

+#include <fcntl.h>

+#include <sys/stat.h>

+#else

+#include <windows.h>

+#endif

+

+#include "clamav.h"

+#include "others.h"

+

+#ifdef CL_THREAD_SAFE

+#include <pthread.h>

+pthread_mutex_t lock_mutex = PTHREAD_MUTEX_INITIALIZER;

+#else

+#define pthread_mutex_lock(arg)

+#define pthread_mutex_unlock(arg)

+#endif

+

+struct dblock {

+	struct dblock *lock_link;

+	char lock_file[NAME_MAX];

+#ifndef C_WINDOWS

+	int lock_fd;

+#else

+	HANDLE lock_fd;

+#endif

+	int lock_type;

+};

+

+static struct dblock *dblocks = NULL;

+

+static void cli_lockname(char *lock_file, size_t lock_file_size, const char *dbdirpath);

+static int cli_lockdb(const char *dbdirpath, int wait, int writelock);

+

+#ifdef DONT_LOCK_DBDIRS

+

+int cli_readlockdb(const char *dbdirpath, int wait)

+{

+    return CL_SUCCESS;

+}

+

+int cli_writelockdb(const char *dbdirpath, int wait)

+{

+    return CL_SUCCESS;

+}

+

+int cli_unlockdb(const char *dbdirpath)

+{

+    return CL_SUCCESS;

+}

+

+#else /* !DONT_LOCK_DBDIRS */

+

+int cli_readlockdb(const char *dbdirpath, int wait)

+{

+    return cli_lockdb(dbdirpath, wait, 0);

+}

+

+int cli_writelockdb(const char *dbdirpath, int wait)

+{

+    return cli_lockdb(dbdirpath, wait, 1);

+}

+

+int cli_unlockdb(const char *dbdirpath)

+{

+	char lock_file[NAME_MAX];

+	struct dblock *lock;

+#ifndef C_WINDOWS

+	struct flock fl;

+#endif

+

+    cli_lockname(lock_file, sizeof(lock_file), dbdirpath);

+    pthread_mutex_lock(&lock_mutex);

+    for(lock=dblocks; lock; lock=lock->lock_link)

+	if(!strcmp(lock_file, lock->lock_file))

+	    break;

+    if((!lock) || (lock->lock_type == -1)) {

+	cli_errmsg("Database Directory: %s not locked\n", dbdirpath);

+	pthread_mutex_unlock(&lock_mutex);

+	return CL_ELOCKDB;

+    }

+#ifndef C_WINDOWS

+    memset(&fl, 0, sizeof(fl));

+    fl.l_type = F_UNLCK;

+    if(fcntl(lock->lock_fd, F_SETLK, &fl) == -1) {

+#else

+    if(!ReleaseMutex(lock->lock_fd)) {

+#endif

+	cli_errmsg("Error Unlocking Database Directory %s\n", dbdirpath);

+	pthread_mutex_unlock(&lock_mutex);

+	return CL_ELOCKDB;

+    }

+    lock->lock_type = -1;

+    pthread_mutex_unlock(&lock_mutex);

+

+    return CL_SUCCESS;

+}

+

+static int cli_lockdb(const char *dbdirpath, int wait, int writelock)

+{

+	char lock_file[NAME_MAX];

+	struct dblock *lock;

+#ifndef C_WINDOWS

+	struct flock fl;

+	mode_t old_mask;

+#else

+	DWORD LastError;

+	SECURITY_ATTRIBUTES saAttr;

+	SECURITY_DESCRIPTOR sdDesc;

+#endif

+

+    cli_lockname(lock_file, sizeof(lock_file), dbdirpath);

+    pthread_mutex_lock(&lock_mutex);

+    for(lock=dblocks; lock; lock=lock->lock_link)

+	if(!strcmp(lock_file, lock->lock_file))

+	    break;

+    if(!lock) {

+	lock = cli_calloc(1, sizeof(*lock));

+	if(!lock) {

+	    cli_errmsg("cli_lockdb(): Can't allocate lock structure to lock Database Directory: %s\n", dbdirpath);

+	    pthread_mutex_unlock(&lock_mutex);

+	    return CL_ELOCKDB;

+	}

+	lock->lock_link = dblocks;

+	strcpy(lock->lock_file, lock_file);

+	lock->lock_fd = -1;

+	lock->lock_type = -1;

+	dblocks = lock;

+    }

+    if(lock->lock_type != -1) {

+	cli_errmsg("Database Directory: %s already %s locked\n", dbdirpath, (lock->lock_type? "write" : "read"));

+	pthread_mutex_unlock(&lock_mutex);

+	return CL_ELOCKDB;

+    }

+#ifndef C_WINDOWS

+    if(lock->lock_fd == -1) {

+	old_mask = umask(0);

+	if(-1 == (lock->lock_fd = open(lock->lock_file, O_RDWR|O_CREAT|O_TRUNC, S_IRWXU|S_IRWXG|S_IROTH))) {

+	    if((writelock) ||

+	       (-1 == (lock->lock_fd = open(lock->lock_file, O_RDWR, 0)))) {

+		cli_errmsg("Can't %s Lock file for Database Directory: %s\n", (writelock ? "create" : "open"), dbdirpath);

+		umask(old_mask);

+		pthread_mutex_unlock(&lock_mutex);

+		return CL_ELOCKDB;

+	    }

+	}

+	umask(old_mask);

+    }

+#else

+    if(!lock->lock_fd) {

+	/* Create a security descriptor which allows any process to acquire the Mutex */

+	InitializeSecurityDescriptor(&sdDesc, SECURITY_DESCRIPTOR_REVISION);

+	SetSecurityDescriptorDacl(&sdDesc, TRUE, NULL, FALSE);

+	saAttr.nLength = sizeof(saAttr);

+	saAttr.bInheritHandle = FALSE;

+	saAttr.lpSecurityDescriptor = &sdDesc;

+	if(!(lock->lock_fd = CreateMutexA(&saAttr, TRUE, lock->lock_file))) {

+	    if((GetLastError() != ERROR_ACCESS_DENIED) || 

+	       (!(lock->lock_fd = OpenMutexA(MUTEX_MODIFY_STATE, FALSE, lock->lock_file)))) {

+		cli_errmsg("Can't Create Mutex Lock for Database Directory: %s\n", dbdirpath);

+		pthread_mutex_unlock(&lock_mutex);

+		return CL_ELOCKDB;

+	    }

+	    LastError = ERROR_ALREADY_EXISTS;

+	}

+	LastError = GetLastError();

+    } else {

+	LastError = ERROR_ALREADY_EXISTS;

+    }

+#endif

+    pthread_mutex_unlock(&lock_mutex);

+

+#ifndef C_WINDOWS

+    memset(&fl, 0, sizeof(fl));

+    fl.l_type = (writelock ? F_WRLCK : F_RDLCK);

+    cli_dbgmsg("przed fcntl: %d\n", lock->lock_fd);

+    if(fcntl(lock->lock_fd, ((wait) ? F_SETLKW : F_SETLK), &fl) == -1) {

+	perror("FCNTL");

+	return CL_ELOCKDB;

+    }

+#else

+    if(LastError == ERROR_ALREADY_EXISTS) {

+	if(WAIT_TIMEOUT == WaitForSingleObject(lock->lock_fd, ((wait) ? INFINITE : 0))) {

+	    lock->lock_type = -1;

+	    return CL_ELOCKDB;

+	}

+    }

+#endif

+    lock->lock_type = writelock;

+

+    return CL_SUCCESS;

+}

+

+static void cli_lockname(char *lock_file, size_t lock_file_size, const char *dbdirpath)

+{

+	char *c;

+

+    lock_file[lock_file_size-1] = '\0';

+#ifndef C_WINDOWS

+    snprintf(lock_file, lock_file_size-1, "%s/.dbLock", dbdirpath);

+    for (c=lock_file; *c; ++c) {

+#else

+    snprintf(lock_file, lock_file_size-1, "Global\\ClamAVDB-%s", dbdirpath);

+    for (c=lock_file+16; *c; ++c) {

+#endif

+	switch (*c) {

+#ifdef C_WINDOWS

+	case '\\':

+	    *c = '/';

+#endif

+	case '/':

+	    if(*(c-1) == '/') { /* compress imbedded // */

+		--c;

+		strcpy(c, c+1);

+            } else if((*(c-2) == '/') && (*(c-1) == '.')) { /* compress imbedded /./ */

+		c -= 2;

+		strcpy(c, c+2);

+            }

+	    break;

+#ifdef C_WINDOWS

+	default:

+	    if(islower(*c)) /* Normalize to upper case */

+		*c = toupper(*c);

+	    break;

+#endif

+	}

+    }

+#ifdef C_WINDOWS

+    if('/' == lock_file[strlen(lock_file)-1]) /* Remove trailing / */

+	lock_file[strlen(lock_file)-1] = '\0';

+#endif

+}

+

+#endif /* DONT_LOCK_DBDIRS */

new file mode 100644

@@ -0,0 +1,27 @@

+/*

+ *  Copyright (C) 2006 Mark Pizzolato <clamav-devel@subscriptions.pizzolato.net>

+ *

+ *  This program is free software; you can redistribute it and/or modify

+ *  it under the terms of the GNU General Public License as published by

+ *  the Free Software Foundation; either version 2 of the License, or

+ *  (at your option) any later version.

+ *

+ *  This program is distributed in the hope that it will be useful,

+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of

+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ *  GNU General Public License for more details.

+ *

+ *  You should have received a copy of the GNU General Public License

+ *  along with this program; if not, write to the Free Software

+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

+ *  MA 02110-1301, USA.

+ */

+

+#ifndef __LOCKDB_H

+#define __LOCKDB_H

+

+int cli_writelockdb(const char *dbdirpath, int wait);

+int cli_readlockdb(const char *dbdirpath, int wait);

+int cli_unlockdb(const char *dbdirpath);

+

+#endif

@@ -223,6 +223,8 @@ const char *cl_strerror(int clerror)

 	    return "Error loading NodalCore database";

 	case CL_ENCIO:

 	    return "NodalCore accelerator Input/Output error";

+	case CL_ELOCKDB:

+	    return "Unable to lock database directory";

 	default:

 	    return "Unknown error code";

     }

@@ -46,6 +46,17 @@

 #define CLI_MAX_ALLOCATION 184549376

+/* Maximum filenames under various systems - njh */

+#ifndef	NAME_MAX	/* e.g. Linux */

+# ifdef	MAXNAMELEN	/* e.g. Solaris */

+#   define	NAME_MAX	MAXNAMELEN

+# else

+#   ifdef	FILENAME_MAX	/* e.g. SCO */

+#     define	NAME_MAX	FILENAME_MAX

+#   endif

+# endif

+#endif

+

 /* internal clamav context */

 typedef struct {

     const char **virname;

@@ -49,6 +49,7 @@

 #include "str.h"

 #include "defaults.h"

 #include "dconf.h"

+#include "lockdb.h"

 #ifdef CL_EXPERIMENTAL

 #include "phish_whitelist.h"

@@ -61,19 +62,6 @@

 #include <stddef.h>

 #endif

-/* Maximum filenames under various systems - njh */

-#ifndef	NAME_MAX	/* e.g. Linux */

-# ifdef	MAXNAMELEN	/* e.g. Solaris */

-#   define	NAME_MAX	MAXNAMELEN

-# else

-#   ifdef	FILENAME_MAX	/* e.g. SCO */

-#     define	NAME_MAX	FILENAME_MAX

-#   else

-#     define	NAME_MAX	256

-#   endif

-# endif

-#endif

-

 #ifdef CL_THREAD_SAFE

 #  include <pthread.h>

 static pthread_mutex_t cli_ref_mutex = PTHREAD_MUTEX_INITIALIZER;

@@ -1210,7 +1198,7 @@ int cl_loaddb(const char *filename, struct cl_engine **engine, unsigned int *sig

     return cli_load(filename, engine, signo, 0);

 }

-static int cli_loaddbdir(const char *dirname, struct cl_engine **engine, unsigned int *signo, unsigned int options)

+static int cli_loaddbdir_l(const char *dirname, struct cl_engine **engine, unsigned int *signo, unsigned int options)

 {

 	DIR *dd;

 	struct dirent *dent;

@@ -1285,6 +1273,25 @@ static int cli_loaddbdir(const char *dirname, struct cl_engine **engine, unsigne

     return CL_SUCCESS;

 }

+static int cli_loaddbdir(const char *dirname, struct cl_engine **engine, unsigned int *signo, unsigned int options)

+{

+	int ret, try;

+

+

+    cli_dbgmsg("cli_loaddbdir: Acquiring dbdir lock\n");

+    while(cli_readlockdb(dirname, 0) == CL_ELOCKDB) {

+	sleep(5);

+	if(try++ > 24) {

+	    cli_errmsg("cl_load(): Unable to lock database directory: %s\n", dirname);

+	    return CL_ELOCKDB;

+	}

+    }

+

+    ret = cli_loaddbdir_l(dirname, engine, signo, options);

+    cli_unlockdb(dirname);

+    return ret;

+}

+

 int cl_loaddbdir(const char *dirname, struct cl_engine **engine, unsigned int *signo) {

     return cli_loaddbdir(dirname, engine, signo, 0);

 }